#!/usr/bin/perl

# @(#)$Id: munchies_admin 780 2009-06-26 15:57:01Z pjf $

use strict;
use warnings;
use version; our $VERSION = qv( sprintf '0.3.%d', q$Rev: 780 $ =~ /\d+/gmx );
# Using FindBin is incompatible with taint mode and suid programs
# This path is edited by Bob the Module::Builder on installation
use lib q(/opt/app-munchies/default/lib);

use Carp;
use App::Munchies::Admin;
use English qw(-no_match_vars);

$ENV{ENV}  = q();
$ENV{PATH} = q(/usr/local/bin:/usr/bin:/bin); # For taint mode

my $prog = App::Munchies::Admin->new( appclass => q(App::Munchies),
                                      arglist  => q(e) );

if (exists $prog->args->{h} or exists $prog->args->{H} or not $prog->method) {
   $prog->method( undef );
   exit $prog->dispatch;
}

$ENV{USER} = $ENV{LOGNAME} = getpwuid $REAL_USER_ID if ($REAL_USER_ID != 0);

$EFFECTIVE_USER_ID  = 0; $REAL_USER_ID  = 0;
$EFFECTIVE_GROUP_ID = 0; $REAL_GROUP_ID = 0;

# Taint mode workaround
unless (exists $prog->args->{e}) {
   my $cmd = $prog->pathname.($prog->debug ? ' -D' : ' -n');

   $cmd   .= ' -e -c "'.$prog->method.'"';
   $cmd   .= ' -L '.$prog->language if ($prog->language);
   $cmd   .= ' -o "'.$_.q(=).$prog->vars->{$_}.'"' for (keys %{$prog->vars});
   $cmd   .= ' -- '.(join q( ), map { '"'.$_.'"' } @ARGV);

   ($cmd)  = $cmd =~ m{ \A ([[:print:]]+) \z }msx; # Untaint

   $prog->log_debug( $cmd ) if ($prog->debug);

   exec $cmd or croak "Exec failed $cmd\n";
}
# End of workaround

# Running as root not suid root during install
if ((stat $prog->pathname)[2] & oct q(04000) and not $prog->is_authorised) {
   my $text = 'Permission denied to '.$prog->method.' for '.$prog->logname;

   $prog->error( $text );
   exit 1;
}

$prog->mode( oct q(022) );

exit $prog->dispatch;

__END__

=pod

=head1 NAME

munchies_admin - Run subroutines as the super user

=head1 SYNOPSIS

=over 3

=item B<munchies_admin> B<-c> I<subroutine> [B<-o> I<var=value,...>]

Run subroutine as the super user only if the excuting user is permitted

=item B<munchies_admin> B<-H>|B<-h>

Display man page/usage string

=back

=head1 VERSION

$Revision: 780 $

=head1 DESCRIPTION

This program exposes the subroutines in the L<App::Munchies::Admin>
module. Runs suid root. Only executes the subroutine as the super user
if the subroutine name appears in a secure list belonging to one of the
user's groups

=head1 REQUIRED ARGUMENTS

=over 3

=item B<-c> I<subroutine>

=back

=head1 OPTIONS

=over 3

=item B<-D>

Turn debugging on

=item B<-m> I<path>

Append to logfile on completion

=item B<-n>

Do not prompt for debugging

=back

=head1 DIAGNOSTICS

Prints errors to stderr

=head1 EXIT STATUS

Returns zero on success, non zero on failure

=head1 CONFIGURATION

Uses the constructor's I<appclass> attribute to locate a configuration file

=head1 DEPENDENCIES

=over 3

=item L<App::Munchies::Admin>

=back

=head1 INCOMPATIBILITIES

None

=head1 BUGS AND LIMITATIONS

Send reports to Support at RoxSoft.co.uk

=head1 AUTHOR

Peter Flanigan

=head1 LICENSE AND COPYRIGHT

Copyright (c) 2009 Peter Flanigan

This is free software; you can redistribute it and/or modify
it under the same terms as Perl itself

=cut

# Local Variables:
# mode: perl
# tab-width: 3
# End:
