loncom/lcnfsoff - view

File: [LON-CAPA] / loncom / lcnfsoff
Revision 1.2: download - view: text, annotated - select for diffs
Mon Feb 3 18:03:52 2003 UTC (21 years, 3 months ago) by harris41
Branches: MAIN
CVS tags: version_2_5_X, version_2_5_2, version_2_5_1, version_2_5_0, version_2_4_X, version_2_4_99_0, version_2_4_2, version_2_4_1, version_2_4_0, version_2_3_X, version_2_3_99_0, version_2_3_2, version_2_3_1, version_2_3_0, version_2_2_X, version_2_2_99_1, version_2_2_99_0, version_2_2_2, version_2_2_1, version_2_2_0, version_2_1_X, version_2_1_99_3, version_2_1_99_2, version_2_1_99_1, version_2_1_99_0, version_2_1_3, version_2_1_2, version_2_1_1, version_2_1_0, version_2_0_X, version_2_0_99_1, version_2_0_2, version_2_0_1, version_2_0_0, version_1_99_3, version_1_99_2, version_1_99_1_tmcc, version_1_99_1, version_1_99_0_tmcc, version_1_99_0, version_1_3_X, version_1_3_3, version_1_3_2, version_1_3_1, version_1_3_0, version_1_2_X, version_1_2_99_1, version_1_2_99_0, version_1_2_1, version_1_2_0, version_1_1_X, version_1_1_99_5, version_1_1_99_4, version_1_1_99_3, version_1_1_99_2, version_1_1_99_1, version_1_1_99_0, version_1_1_3, version_1_1_2, version_1_1_1, version_1_1_0, version_1_0_99_3, version_1_0_99_2, version_1_0_99_1, version_1_0_99, version_1_0_3, version_1_0_2, version_1_0_1, version_1_0_0, version_0_99_5, version_0_99_4, version_0_99_3, version_0_99_2, version_0_99_1, version_0_99_0, conference_2003, HEAD

best wishes to all.

#!/usr/bin/perl use strict; # This script is a setuid script (chmod 6755; chown root:root). # It disables nfs/portmap services for a specific user at # a specific ip address. # Exit codes. 0=ok. Higher than 0 means something went wrong. # Usage within code # # $exitcode=system("/home/httpd/perl/lcnfsoff","NAME","IPADDRESS")/256; # print "uh-oh" if $exitcode; # Security $ENV{'PATH'}=""; # Nullify path information. $ENV{'BASH_ENV'}=""; # Nullify shell environment information. # Do not print error messages if there are command-line arguments my $noprint=0; if (@ARGV) { $noprint=1; } # Read in /etc/passwd, and make sure this process is running from user=www open (IN, "</etc/passwd"); my @lines=<IN>; close IN; my $wwwid; for my $l (@lines) { chop $l; my @F=split(/\:/,$l); if ($F[0] eq 'www') {$wwwid=$F[2];} } if ($wwwid!=$<) { print("User ID mismatch. This program must be run as user 'www'\n") unless $noprint; exit 1; } &disable_root_capability; # Handle case of another lcnfs process unless (&try_to_lock("/tmp/lock_lcnfs")) { print "Error. Too many other simultaneous nfs change requests being made.\n" unless $noprint; exit 4; } # Gather input. Should be 2 values (user name, numeric ip address). my @input; if (@ARGV==3) { @input=@ARGV; } elsif (@ARGV) { print("Error. This program needs 2 command-line arguments (username, numeric ip address).\n") unless $noprint; unlink('/tmp/lock_lcnfs'); exit 2; } else { @input=<>; if (@input!=2) { print("Error. Two lines should be entered into standard input.\n") unless $noprint; unlink('/tmp/lock_lcnfs'); exit 3; } map {chop} @input; } my ($username,$ipaddress)=@input; $username=~/^(\w+)$/; my $safeusername=$1; if ($username ne $safeusername) { print "Error. The user name specified has invalid characters.\n"; unlink('/tmp/lock_lcnfs'); exit 9; } $ipaddress=~/^([\w|\.]*)$/; my $safeipaddress=$1; if ($ipaddress ne $safeipaddress) { print "Error. The IP address must be numeric and of the form ##.##.##.##.\n"; unlink('/tmp/lock_lcnfs'); exit 8; } &enable_root_capability; # Remove entry from /etc/exports my $exports=`/bin/cat /etc/exports`; $exports=~s/\/home\/${safeusername}\s*${safeipaddress}.*?\n//g; # Resynchronize /etc/exports file open (OUT,">/etc/exports"); print OUT $exports; close OUT; system('/usr/sbin/exportfs','-r'); # Remove entry from /etc/hosts.allow my $hostsallow=`/bin/cat /etc/hosts.allow`; $hostsallow=~s/\# $safeusername\nportmap: $safeipaddress\n//g; open (OUT,">/etc/hosts.allow"); print OUT $hostsallow; close OUT; &disable_root_capability; unlink('/tmp/lock_lcnfs'); exit 0; # ----------------------------------------------------------- have setuid script run as root sub enable_root_capability { if ($wwwid==$>) { ($<,$>)=($>,$<); ($(,$))=($),$(); } else { # root capability is already enabled } return $>; } # ----------------------------------------------------------- have setuid script run as www sub disable_root_capability { if ($wwwid==$<) { ($<,$>)=($>,$<); ($(,$))=($),$(); } else { # root capability is already disabled } } # ----------------------------------- make sure that another lcnfs process isn't running sub try_to_lock { my ($lockfile)=@_; my $currentpid; my $lastpid; # Do not manipulate lock file as root if ($>==0) { return 0; } # Try to generate lock file. # Wait 3 seconds. If same process id is in # lock file, then assume lock file is stale, and # go ahead. If process id's fluctuate, try # for a maximum of 10 times. for (0..10) { if (-e $lockfile) { open(LOCK,"<$lockfile"); $currentpid=<LOCK>; close LOCK; if ($currentpid==$lastpid) { last; } sleep 3; $lastpid=$currentpid; } else { last; } if ($_==10) { return 0; } } open(LOCK,">$lockfile"); print LOCK $$; close LOCK; return 1; }

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.