#!/usr/bin/perl

# @(#)$Id: munchies_suid 635 2009-04-01 11:19:06Z pjf $

use strict;
use warnings;
use Carp;
use English qw(-no_match_vars);

# Using FindBin is incompatible with taint mode and suid programs
# This path is edited by Bob the Module::Builder on installation
use lib q(/opt/app-munchies/default/lib);

use App::Munchies::Programs::Suid;

use version; our $VERSION = qv( sprintf '0.1.%d', q$Rev: 635 $ =~ /\d+/gmx );

my ($cmd, $prog, $ref, $text);

$ENV{ENV}  = q();
$ENV{PATH} = q(/usr/local/bin:/usr/bin:/bin); # For taint mode

$prog = App::Munchies::Programs::Suid->new( appclass => q(App::Munchies),
                                            arglist  => q(e) );

if (exists $prog->args->{h} || exists $prog->args->{H} || !$prog->method) {
   $prog->method( undef );
   exit $prog->dispatch;
}

$ENV{USER} = $ENV{LOGNAME} = getpwuid $REAL_USER_ID if ($REAL_USER_ID != 0);

$EFFECTIVE_USER_ID  = 0; $REAL_USER_ID  = 0;
$EFFECTIVE_GROUP_ID = 0; $REAL_GROUP_ID = 0;

# Taint mode workaround

unless (exists $prog->args->{e}) {
   $cmd   = $prog->pathname.($prog->debug ? ' -D' : ' -n');
   $cmd  .= ' -e -c "'.$prog->method.'"';

   $cmd  .= ' -L '.$prog->language if ($prog->language);

   $cmd  .= ' -o "'.$_.q(=).$prog->vars->{$_}.'"' for (keys %{$prog->vars});

   $cmd  .= ' -- '.(join q( ), map { '"'.$_.'"' } @ARGV);
   ($cmd) = $cmd =~ m{ \A ([[:print:]]+) \z }msx; # Untaint

   $prog->log_debug( $cmd ) if ($prog->debug);

   exec $cmd or croak "Exec failed: $cmd\n";
}

# End of workaround
# Running as root not suid root during install

if ((stat $prog->pathname)[2] & oct q(04000)) {
   $ref = { method => $prog->method, user => $ENV{USER} };

   unless ($prog->authorise( $ref )) {
      $text = 'Permission denied to '.$prog->method.' for '.$prog->logname;
      $prog->error( $text );
      exit 1;
   }
}

$prog->mode( oct q(022) );

exit $prog->dispatch;

__END__

=pod

=head1 NAME

munchies_suid - Run subroutines as the super user

=head1 SYNOPSIS

=over 3

=item B<munchies_suid> B<-c> I<subroutine> [B<-o> I<var=value,...>]

Run subroutine as the super user only if the excuting user is permitted

=item B<munchies_misc> B<-H>|B<-h>

Display man page/usage string

=back

=head1 VERSION

$Revision: 635 $

=head1 DESCRIPTION

This program exposes the subroutines in the
App::Munchies::Programs::Suid module.  Runs suid root. Only executes
the subroutine as the super user if the subroutine name appears in
secure list belonging to one of the user's groups

=head1 REQUIRED ARGUMENTS

=over 3

=item B<-c> I<subroutine>

=back

=head1 OPTIONS

=over 3

=item B<-D>

Turn debugging on

=item B<-m> I<path>

Append to logfile on completion

=item B<-n>

Do not prompt for debugging

=back

=head1 DIAGNOSTICS

Prints errors to stderr

=head1 EXIT STATUS

Returns zero on success, non zero on failure

=head1 CONFIGURATION

Uses the constructor's I<appl> attribute to locate a configuration file

=head1 DEPENDENCIES

=over 3

=item L<App::Munchies::Programs::Suid>

=back

=head1 INCOMPATIBILITIES

Perl::Critic is not compatible with Pod::Usage

=head1 BUGS AND LIMITATIONS

Send reports to Support at RoxSoft.co.uk

=head1 AUTHOR

Peter Flanigan

=head1 LICENSE AND COPYRIGHT

Copyright (c) 2001-2006 RoxSoft Limited

This is free software; you can redistribute it and/or modify
it under the same terms as Perl itself

=cut

# Local Variables:
# mode: perl
# tab-width: 3
# End:

