Re: (hopefully perl) API to /etc/network/interfaces?
On 05/30/11 21:24, Mike Mestnik wrote:
> On 05/26/11 18:13, William Hopkins wrote:
>> On 05/26/11 at 05:16pm, Mike Mestnik wrote:
>>> In-Reply-To: <20080412023656.GR14599@yi.org>
>>>
>>> Hello,
>>> This is an old thread, but I find myself in a similar situation. I'd
>>> like to edit a 4in6 tunnel endpoint and reconfigure the interface.
>>> While I can handle the Apache/sudo parts of this I'm stuck with... OK
>>> now how and I going to change this one value out of this whole file?
>>>
>>> My current plan is to convert the file to XML storing away comments and
>>> partial white space as well as the settings. Then I should be able to
>>> edit the setting a write the file back out.
>>>
>>> Any better ideas? For this project Perl seams to be the ideal language.
>>>
>>> I may contact the ifupdown maintainer to include this in his package, so
>>> I'm looking to get it done right.
>> Generally, there's no desire for added abstractions to configuration files.
>> If you need to have network things done automatically which can't be handled by the file itself, add post-ups and write some scripts. Or write scripts which parse current network info from ifconfig/ip. /etc/network/interfaces is a file used by the debian networking scripts to set up your default interfaces, not the be-all end-all of networking configuration.
>>
> <SNIP>
> I believe you have slightly misunderstood me. I need(would like to) to
> alter network settings based on CGI scripts from Apache. Can these
> variables be abstracted? I don't see how a pre-up script can
> effect/alter configuration settings. As an example the address or
> gateway settings for a static method. In my experience I'm specifically
> trying to alter the "endpoint" setting for a "v4tunnel" method.
>
> I'm just as confused trying to accomplish this as I was when I started.
> It's something a user can do simple with an editor, but trying to do it
> programing and correctly is my stumbling block. "IF" I could store the
> value of this setting in a file that would solve my issue, I can replace
> the contents of the file and then proceed as usual.
>
Here is what I've come up with thus far.
sudoers:
www-data ALL=(root) SETENV: NOPASSWD: /usr/local/sbin/6in4cfg.pl
Current perl run as root:
#!/usr/bin/perl -wT
use strict;
use warnings;
use CGI qw/:standard/;
use CGI::Carp qw(fatalsToBrowser warningsToBrowser);
use Data::Dumper;
print header;
warningsToBrowser(1);
print start_html('Me.'), pre(escapeHTML(Dumper(\%ENV))),end_html();
Calling CGI:
/* me.c */
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#define ERRORSTR "%sContent-Type: text/html;
charset=ISO-8859-1\n\n<!DOCTYPE html\n/html;PUBLIC \"-//W3C//DTD XHTML
1.0 Transitional//EN\"\n
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n<html
xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en-US\"
xml:lang=\"en-US\">\n<head>\n<title>%s</title>\n<meta
http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"
/>\n</head>\n<body>\n<pre>%s</pre>\n</body>\n</html>"
int main(int argc, char *argv[]) /* , char *envp[]) */
{
char * env;
struct in_addr *n;
env=getenv ("AUTH_TYPE");
if (!env) {
printf(ERRORSTR, "Status: 403 No Authoriz\n", "Me.", "No
Authoriz.");
return 0; }
if (strncmp(env,"Negotiate",8)) {
printf(ERRORSTR, "Status: 403 Not Authorized\n", env,
"Not Authorized.");
return 0; }
env=getenv ("REMOTE_USER");
if (!env) {
printf(ERRORSTR, "Status: 403 No User\n", "Me.", "No User.");
return 0; }
if (strncmp(env,"host/purgatory.mikemestnik.net",30)) {
printf(ERRORSTR, "Status: 403 Wrong User\n", env, "Wrong User.");
return 0; }
env=getenv ("REMOTE_ADDR");
if (!env) {
printf(ERRORSTR, "Status: 400 Bad request", "Me.", "Bad request.");
return 0; }
if (inet_aton(env,n)) {
/* printf(ERRORSTR, "", env, "Good."); */
execlp("sudo","sudo","-En","/usr/local/sbin/6in4cfg.pl");
return 0; }
printf(ERRORSTR, "Status: 400 Request Failed\n", "Me.", "Request
Failed.");
return 0;
}
Reply to: