[BACK]Return to lcpasswd CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom

Diff for /loncom/lcpasswd between versions 1.12 and 1.21

version 1.12, 2001/10/23 03:42:30 version 1.21, 2005/04/07 22:27:52
Line 1 Line 1
 #!/usr/bin/perl  #!/usr/bin/perl
   # The Learning Online Network with CAPA
 #  #
 # lcpasswd  # lcpasswd - LON-CAPA setuid script to synchronously change all
   #            filesystem-related passwords (samba, unix, etc)
 #  #
 # Scott Harrison  # YEAR=2002
 # SH: October 27, 2000  # 02/19 Matthew Hall
 # SH: October 28, 2000  #
 # SH: October 29, 2000  # $Id$
 # YEAR=2001  ###
 # Scott Harrison 10/22  
   
 ###############################################################################  ###############################################################################
 ##                                                                           ##  ##                                                                           ##
Line 39  use strict; Line 40  use strict;
 #  #
 # Standard input usage  # Standard input usage
 # First line is USERNAME  # First line is USERNAME
 # Second line is CURRENT PASSWORD  # Second line is NEW PASSWORD
 # Third line is NEW PASSWORD  # Third line is NEW PASSWORD
 #  #
 # Valid passwords must consist of the  # Valid passwords must consist of the
Line 82  use strict; Line 83  use strict;
 # Security  # Security
 $ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path  $ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path
                                                                # information                                                                 # information
 $ENV{'BASH_ENV'}=''; # Nullify shell environment information.  delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
   
 # Do not print error messages  # Do not print error messages
 my $noprint=1;  my $noprint=1;
   
   print "In lcpasswd" unless $noprint;
   
 # ----------------------------- Make sure this process is running from user=www  # ----------------------------- Make sure this process is running from user=www
 my $wwwid=getpwnam('www');  my $wwwid=getpwnam('www');
 &disable_root_capability;  &disable_root_capability;
Line 115  if (@input!=3) { Line 118  if (@input!=3) {
     unlink('/tmp/lock_lcpasswd');      unlink('/tmp/lock_lcpasswd');
     exit 3;      exit 3;
 }  }
 map {chomp} @input;  foreach (@input) {chomp;}
   
 my ($username,$password1,$password2)=@input;  my ($username,$password1,$password2)=@input;
 $username=~/^(\w+)$/;  $username=~/^(\w+)$/;
Line 126  if (($username ne $safeusername) or ($sa Line 129  if (($username ne $safeusername) or ($sa
     exit 9;      exit 9;
 }  }
 my $pbad=0;  my $pbad=0;
 map {if (($_<32)&&($_>126)){$pbad=1;}} (split(//,$password1));  foreach (split(//,$password1)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}}
 map {if (($_<32)&&($_>126)){$pbad=1;}} (split(//,$password2));  foreach (split(//,$password2)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}}
 if ($pbad) {  if ($pbad) {
     print "Error. A password entry had an invalid character.\n";      print "Error. A password entry had an invalid character.\n";
     unlink('/tmp/lock_lcpasswd');      unlink('/tmp/lock_lcpasswd');
Line 147  unless(getpwnam($safeusername)) { Line 150  unless(getpwnam($safeusername)) {
     unlink('/tmp/lock_lcpasswd');      unlink('/tmp/lock_lcpasswd');
     exit 5;      exit 5;
 }  }
   
 &enable_root_capability;  &enable_root_capability;
 ($>,$<)=(0,0);  ($>,$<)=(0,0);
   
   print "Now $> , $< , -invoking pwchange with $safeusername $password1"
       unless $noprint;
 open OUT,"|pwchange $safeusername";  open OUT,"|pwchange $safeusername";
 print OUT $password1;  print OUT $password1;
 print OUT "\n";  print OUT "\n";
 close OUT;  close OUT;
 ($>,$<)=(0,500);  ($>,$<)=(0,$wwwid);
   
   print "pwchange done, back to uid $wwwid" unless $noprint;
   
 if ($?) {  if ($?) {
     exit 8;      exit 8;
 }  }
 my $userid=getpwnam($safeusername);  my $userid=getpwnam($safeusername);
   
 unless (-e '/usr/bin/smbpasswd') {  if (-e '/usr/bin/smbpasswd') {
   
     ($>,$<)=(0,0); # fool smbpasswd here to think this is not a setuid      ($>,$<)=(0,0); # fool smbpasswd here to think this is not a setuid
                    # environment                     # environment
     unless (-e '/etc/smbpasswd') {  
  open (OUT,'>/etc/smbpasswd'); close OUT;  
     }  
   
     my $smbexist=0;  #   If the -a switch is put on the smbpasswd
     open (IN, '</etc/smbpasswd');  # command line, either a new entry will be created or the old one
     my @lines=<IN>;  # will be used. 
     close IN;  # Therefore the old strategy of looking for and adding a dummy entry is 
     for my $l (@lines) {  # not needed... Finally, the smbpasswd file is in /etc/samba not 
  chop $l;  # /etc/smbpasswd as older versions of the script implied.
  my @F=split(/\:/,$l);  
  if ($F[0] eq $username) {$smbexist=1;}      print "Running smbpasswd" unless $noprint;
     }      open(OUT,"|/usr/bin/smbpasswd -s -a $safeusername>/dev/null") or
     unless ($smbexist) {   die('cannot run smbpasswd');
  open(OUT,'>>/etc/smbpasswd');  
  print OUT join(':',($safeusername,$userid,  
     'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXX'.  
     'XXXXXXXXXXXXXXXXXX','','/home/'.$safeusername,  
     '/bin/bash')) . "\n";  
  close OUT;  
     }  
   
     open(OUT,"|/usr/bin/smbpasswd -s $safeusername>/dev/null");  
     print OUT $password2; print OUT "\n";      print OUT $password2; print OUT "\n";
     print OUT $password2; print OUT "\n";      print OUT $password2; print OUT "\n";
     close OUT;      close OUT;
     $<=$wwwid; # unfool the program      $<=$wwwid; # unfool the program
       print "smbpasswd done" unless $noprint;
 }  }
   
 &disable_root_capability;  &disable_root_capability;
Line 201  exit 0; Line 197  exit 0;
 # ---------------------------------------------- have setuid script run as root  # ---------------------------------------------- have setuid script run as root
 sub enable_root_capability {  sub enable_root_capability {
     if ($wwwid==$>) {      if ($wwwid==$>) {
  ($<,$>)=($>,$<);   ($<,$>)=($>,0);
  ($(,$))=($),$();   ($(,$))=($),0);
     }      }
     else {      else {
  # root capability is already enabled   # root capability is already enabled
Line 258  sub try_to_lock { Line 254  sub try_to_lock {
     close LOCK;      close LOCK;
     return 1;      return 1;
 }  }
   
   =head1 NAME
   
   lcpasswd - LON-CAPA setuid script to synchronously change all
              filesystem-related passwords (samba, unix, etc)
   
   =head1 DESCRIPTION
   
   LON-CAPA setuid script to synchronously change all
   filesystem-related passwords (samba, unix, etc)
   
   =head1 README
   
   LON-CAPA setuid script to synchronously change all
   filesystem-related passwords (samba, unix, etc)
   
   =head1 PREREQUISITES
   
   =head1 COREQUISITES
   
   =pod OSNAMES
   
   linux
   
   =pod SCRIPT CATEGORIES
   
   LONCAPA/Administrative
   
   =cut
Removed from v.1.12  
changed lines
  Added in v.1.21

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.