File:  [LON-CAPA] / loncom / lcnfson
Revision 1.6: download - view: text, annotated - select for diffs
Tue Oct 12 10:26:50 2010 UTC (13 years, 8 months ago) by foxr
Branches: MAIN
CVS tags: version_2_12_X, version_2_11_X, version_2_11_4_uiuc, version_2_11_4_msu, version_2_11_4, version_2_11_3_uiuc, version_2_11_3_msu, version_2_11_3, version_2_11_2_uiuc, version_2_11_2_msu, version_2_11_2_educog, version_2_11_2, version_2_11_1, version_2_11_0_RC3, version_2_11_0_RC2, version_2_11_0_RC1, version_2_11_0, version_2_10_X, version_2_10_1, version_2_10_0_RC2, version_2_10_0, loncapaMITrelate_1, language_hyphenation_merge, language_hyphenation, HEAD, BZ4492-merge, BZ4492-feature_horizontal_radioresponse, BZ4492-feature_Support_horizontal_radioresponse, BZ4492-Support_horizontal_radioresponse
Hopefully make thsi work right on fc13

    1: #!/usr/bin/perl
    2: 
    3: use strict;
    4: 
    5: # $Id: lcnfson,v 1.6 2010/10/12 10:26:50 foxr Exp $
    6: 
    7: # This script is a setuid script (chmod 6755; chown root:root).
    8: # It enables nfs/portmap services for a specific user at
    9: # a specific ip address.
   10: 
   11: # Exit codes.  0=ok.  Higher than 0 means something went wrong.
   12: # Usage within code
   13: #
   14: # $exitcode=system("/home/httpd/perl/lcuseradd","NAME","IPADDRESS")/256;
   15: # print "uh-oh" if $exitcode;
   16: 
   17: # Security
   18: $ENV{'PATH'}=""; # Nullify path information.
   19: $ENV{'BASH_ENV'}=""; # Nullify shell environment information.
   20: 
   21: # Do not print error messages if there are command-line arguments
   22: my $noprint=0;
   23: if (@ARGV) {
   24:     $noprint=1;
   25: }
   26: 
   27: # Read in /etc/passwd, and make sure this process is running from user=www
   28: open (IN, "</etc/passwd");
   29: my @lines=<IN>;
   30: close IN;
   31: my $wwwid;
   32: for my $l (@lines) {
   33:     chop $l;
   34:     my @F=split(/\:/,$l);
   35:     if ($F[0] eq 'www') {$wwwid=$F[2];}
   36: }
   37: if ($wwwid!=$<) {
   38:     print("User ID mismatch.  This program must be run as user 'www'\n") unless $noprint;
   39:     exit 1;
   40: }
   41: 
   42: 
   43: # Handle case of another lcnfs process
   44: unless (&try_to_lock("/tmp/lock_lcnfs")) {
   45:     print "Error. Too many other simultaneous nfs change requests being made.\n" unless $noprint;
   46:     exit 4;
   47: }
   48: # Gather input.  Should be 2 values (user name, numeric ip address).
   49: my @input;
   50: if (@ARGV==3) {
   51:     @input=@ARGV;
   52: }
   53: elsif (@ARGV) {
   54:     print("Error. This program needs 2 command-line arguments (username, numeric ip address).\n") unless $noprint;
   55:     unlink('/tmp/lock_lcnfs');
   56:     exit 2;
   57: }
   58: else {
   59:     @input=<>;
   60:     if (@input!=2) {
   61: 	print("Error. Two lines should be entered into standard input.\n") unless $noprint;
   62: 	unlink('/tmp/lock_lcnfs');
   63: 	exit 3;
   64:     }
   65:     map {chop} @input;
   66: }
   67: 
   68: my ($username,$ipaddress)=@input;
   69: $username=~/^(\w+)$/;
   70: my $safeusername=$1;
   71: if ($username ne $safeusername) {
   72:     print "Error. The user name specified has invalid characters.\n";
   73:     unlink('/tmp/lock_lcnfs');
   74:     exit 9;
   75: }
   76: 
   77: # Read in /etc/passwd, and make sure this process is running from user=www
   78: open (IN, "</etc/passwd");
   79: my @lines=<IN>;
   80: close IN;
   81: my $uid;
   82: my $gid;
   83: for my $l (@lines) {
   84:     chop $l;
   85:     my @F=split(/\:/,$l);
   86:     if ($F[0] eq $safeusername) {$uid=$F[2]; $gid=$F[3];}
   87: }
   88: 
   89: $ipaddress=~/^([\w|\.]*)$/;
   90: my $safeipaddress=$1;
   91: if ($ipaddress ne $safeipaddress) {
   92:     print "Error. The IP address must be numeric and of the form ##.##.##.##.\n";
   93:     unlink('/tmp/lock_lcnfs');
   94:     exit 8;
   95: }
   96: 
   97: &enable_root_capability;
   98: # Make sure nfs is running, if not, start it
   99: my $status=`/etc/rc.d/init.d/nfs status`;
  100: if ($status=~/is stopped/) {
  101:     system('/etc/rc.d/init.d/nfs start','start');
  102: }
  103: 
  104: # Add entry to /etc/exports
  105: my $exports=`/bin/cat /etc/exports`; $exports="\n$exports";
  106: my $entry="/home/$safeusername     $safeipaddress(rw,all_squash,anonuid=$uid,anongid=$gid)\n";
  107: if ($exports=~/\n\/home\/$safeusername\s+$safeipaddress\(rw,all_squash,anonuid=$uid,anongid=$gid\)/) {
  108:     print "Error. /etc/exports already has this entry enabled.\n";
  109:     unlink('/tmp/lock_lcnfs');
  110:     exit 7;
  111: }
  112: open (OUT,">>/etc/exports");
  113: print OUT $entry;
  114: close OUT;
  115: 
  116: # Resynchronize /etc/exports file
  117: system('/usr/sbin/exportfs','-r');
  118: 
  119: # Add entry /etc/hosts.allow
  120: my $hostsallow=`/bin/cat /etc/hosts.allow`;
  121: my $entry="# $safeusername\nportmap: $safeipaddress\n";
  122: if ($hostsallow=~/\n\# $safeusername\s*\nportmap: $safeipaddress\n/) {
  123:     print "Error. /etc/hosts already has this entry enabled.\n";
  124:     unlink('/tmp/lock_lcnfs');
  125:     exit 6;
  126: }
  127: open (OUT,">>/etc/hosts.allow");
  128: print OUT $entry;
  129: close OUT;
  130: 
  131: &disable_root_capability;
  132: unlink('/tmp/lock_lcnfs');
  133: exit 0;
  134: 
  135: # ----------------------------------------------------------- have setuid script run as root
  136: sub enable_root_capability {
  137:     if ($wwwid==$>) {
  138: 	($<,$>)=($>,$<);
  139: 	($(,$))=($),$();
  140:     }
  141:     else {
  142: 	# root capability is already enabled
  143:     }
  144:     return $>;
  145: }
  146: 
  147: # ----------------------------------------------------------- have setuid script run as www
  148: sub disable_root_capability {
  149:     if ($wwwid==$<) {
  150: 	($<,$>)=($>,$<);
  151: 	($(,$))=($),$();
  152:     }
  153:     else {
  154: 	# root capability is already disabled
  155:     }
  156: }
  157: 
  158: # ----------------------------------- make sure that another lcnfs process isn't running
  159: sub try_to_lock {
  160:     my ($lockfile)=@_;
  161:     my $currentpid;
  162:     my $lastpid;
  163:     # Do not manipulate lock file as root
  164:     if ($>==0) {
  165: 	return 0;
  166:     }
  167:     # Try to generate lock file.
  168:     # Wait 3 seconds.  If same process id is in
  169:     # lock file, then assume lock file is stale, and
  170:     # go ahead.  If process id's fluctuate, try
  171:     # for a maximum of 10 times.
  172:     for (0..10) {
  173: 	if (-e $lockfile) {
  174: 	    open(LOCK,"<$lockfile");
  175: 	    $currentpid=<LOCK>;
  176: 	    close LOCK;
  177: 	    if ($currentpid==$lastpid) {
  178: 		last;
  179: 	    }
  180: 	    sleep 3;
  181: 	    $lastpid=$currentpid;
  182: 	}
  183: 	else {
  184: 	    last;
  185: 	}
  186: 	if ($_==10) {
  187: 	    return 0;
  188: 	}
  189:     }
  190:     open(LOCK,">$lockfile");
  191:     print LOCK $$;
  192:     close LOCK;
  193:     return 1;
  194: }

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.