X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/c00890a2f033aa36dd5d88f8d3bdd5b7a927a687..40f56033aeb788a31838632e240665916c2ed905:/ikiwiki-mass-rebuild?ds=inline

diff --git a/ikiwiki-mass-rebuild b/ikiwiki-mass-rebuild
index 0057beb4f..9b57532bc 100755
--- a/ikiwiki-mass-rebuild
+++ b/ikiwiki-mass-rebuild
@@ -2,65 +2,45 @@
 use warnings;
 use strict;
 
-sub supplemental_groups {
-	my $user=shift;
+my $etcfile="/etc/ikiwiki/wikilist";
 
-	my @list;
-	while (my @fields=getgrent()) {
-		if (grep { $_ eq $user } split(' ', $fields[3])) {
-			push @list, $fields[2];
-		}
-	}
+sub root {
+	$> == 0;
+}
 
-	return @list;
+sub username {
+	(getpwuid($>))[0];
 }
 
 sub processline {
-	my $user=shift;
 	my $setup=shift;
 	
-	if (! getpwnam("$user")) {
-		print STDERR "warning: user $user does not exist\n";
-		return
-	}
 	if (! -f "$setup") {
 		print STDERR "warning: $setup does not exist, skipping\n";
 		return;
 	}
-	print "Processing $setup as user $user ...\n";
-	# su is not used because it passes arguments through the shell,
-	# which is not safe for untrusted setup file names.
-	defined(my $pid = fork) or die "Can’t fork: $!";
-	if (! $pid) {
-		my ($uuid, $ugid) = (getpwnam($user))[2, 3];
-		my $grouplist=join(" ", $ugid, $ugid, supplemental_groups($user));
-		undef $!;
-		$)=$grouplist;
-		if ($!) {
-			die "failed to set egid $grouplist: $!";
-		}
-		$(=$ugid;
-		$<=$uuid;
-		$>=$uuid;
-		if ($< != $uuid || $> != $uuid || $( != $ugid) {
-			die "failed to drop permissions to $user";
-		}
-		%ENV=(
-			PATH => $ENV{PATH},
-			HOME => (getpwnam($user))[7],
-		);
-		exec("ikiwiki", "-setup", $setup, @ARGV);
-		die "failed to run ikiwiki: $!";
+	print "Processing $setup as user ".username()." ...\n";
+	my $ret=system("ikiwiki", "-setup", $setup, @ARGV);
+	if ($ret != 0) {
+		print STDERR "warning: processing $setup failed with code $ret\n";
 	}
-	waitpid($pid,0);
-	if ($?) {
-		print STDERR "Processing $setup as user $user failed with code $?\n";
+}
+
+my %users;
+sub processuser {
+	my $user=shift;
+	return if $user=~/^-/ || $users{$user};
+	$users{$user}=1;
+	my $ret=system("su", $user, "-s", "/bin/sh", "-c", "--", "$0 --nonglobal @ARGV");
+	if ($ret != 0) {
+		print STDERR "warning: processing for $user failed with code $ret\n";
 	}
 }
 
 sub processlist {
 	my $file=shift;
-	my $forceuser=shift;
+
+	return unless -e $file;
 
 	my $list;
 	open ($list, "<$file") || die "$file: $!";
@@ -69,22 +49,28 @@ sub processlist {
 		s/^\s+//;
 		s/\s+$//;
 		next if /^#/ || ! length;
-
-		if (/^([^\s]+)\s+([^\s]+)$/) {
+		if (/^([-\w]+)\s+([^\s]+)$/) {
 			my $user=$1;
 			my $setup=$2;
-			if (defined $forceuser && $forceuser ne $user) {
-				print STDERR "warning: in $file line $., attempt to set user to $user, but user forced to $forceuser. Skipping\n";
+			if (root()) {
+				processuser($user);
+			}
+			else {
+		       		if (username() eq $user) {
+					processline($setup);
+				}
 			}
-			processline($user, $setup);
 		}
-		elsif (/^([^\s]+)$/) {
+		elsif (/^([-\w]+)$/) {
 			my $user=$1;
-			my $home=(getpwnam($user))[7];
-			if (defined $home && -d $home) {
-				my $dotfile="$home/.ikiwiki/wikilist";
-				if (-e $dotfile) {
-					processlist($dotfile, $user);
+			if (root()) {
+				processuser($user);
+			}
+			else {
+				my $home=(getpwnam($user))[7];
+				if (defined $home && -d $home) {
+					my $dotfile="$home/.ikiwiki/wikilist";
+					processlist($dotfile);
 				}
 			}
 		}
@@ -92,9 +78,13 @@ sub processlist {
 	close $list;
 }
 
-my $wikilist="/etc/ikiwiki/wikilist";
-
-if (-e $wikilist) {
-	processlist($wikilist);
+if (@ARGV && $ARGV[0] eq "--nonglobal") {
+	shift;
+	# avoid recursively processing if the wikilist file has a root
+	# user in it
+	if (root()) {
+		exit 1;
+	}
 }
 
+processlist($etcfile);