From d1dd85bddc09b38c01404b847b9dc1985152b3fb Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 30 Jul 2015 16:52:23 +0200
Subject: improved priv check for get-rd-token


diff --git a/utils/get-rd-token b/utils/get-rd-token
index 1a59f21..ff014c0 100755
--- a/utils/get-rd-token
+++ b/utils/get-rd-token
@@ -23,24 +23,31 @@
 use strict;
 use RHRD::rddb;
 
-# this is ridiculous but makes it a little harder to find user passwords...
-if ($> != 0 ) {
-  print STDERR "this must be run as root!\n";
-  exit 1;
-}
-
 my $num_args = $#ARGV + 1;
-if ($num_args != 1) {
+
+if($num_args > 1) {
   print STDERR "Usage: get-rd-token <username>\n";
   exit 1;
 }
 
-my $username=$ARGV[0];
+my $requsername=$ARGV[0];
+my $pwusername = getpwuid($>);
+
+# this is ridiculous but makes it a little harder to find user passwords...
+if($num_args == 1) {
+  unless($> == 0 || $pwusername eq $requsername) {
+    print STDERR "this must be run as root or as the user whos token is requested!\n";
+    exit 1;
+  }
+} else {
+  $requsername = $pwusername;
+}
+
 my $token='';
 
 my ($dbh, undef, $errorstring) = RHRD::rddb::opendb();
 if(defined $dbh) {
-  ($token, undef, $errorstring) = RHRD::rddb::get_token($dbh, $username);
+  ($token, undef, $errorstring) = RHRD::rddb::get_token($dbh, $requsername);
   unless($token) {
     print STDERR "$errorstring\n";
     exit 1;
diff --git a/utils/get-rd-week b/utils/get-rd-week
index 041e822..c6dd0ab 100755
--- a/utils/get-rd-week
+++ b/utils/get-rd-week
@@ -23,4 +23,4 @@
 use strict;
 use RHRD::utils;
 
-print RHRD::utils::get_rd_week() . "\n";
\ No newline at end of file
+print RHRD::utils::get_rd_week() . "\n";
-- 
cgit v0.10.2