version 1.249, 2004/09/07 10:05:23
|
version 1.251, 2004/09/08 10:19:52
|
Line 331 sub InsecureConnection {
|
Line 331 sub InsecureConnection {
|
|
|
|
|
} |
} |
|
|
# |
# |
|
# Safely execute a command (as long as it's not a shel command and doesn |
|
# not require/rely on shell escapes. The function operates by doing a |
|
# a pipe based fork and capturing stdout and stderr from the pipe. |
|
# |
|
# Formal Parameters: |
|
# $line - A line of text to be executed as a command. |
|
# Returns: |
|
# The output from that command. If the output is multiline the caller |
|
# must know how to split up the output. |
|
# |
|
# |
|
sub execute_command { |
|
my ($line) = @_; |
|
my @words = split(/\s/, $line); # Bust the command up into words. |
|
my $output = ""; |
|
|
|
my $pid = open(CHILD, "-|"); |
|
|
|
if($pid) { # Parent process |
|
Debug("In parent process for execute_command"); |
|
my @data = <CHILD>; # Read the child's outupt... |
|
close CHILD; |
|
foreach my $output_line (@data) { |
|
Debug("Adding $output_line"); |
|
$output .= $output_line; # Presumably has a \n on it. |
|
} |
|
|
|
} else { # Child process |
|
close (STDERR); |
|
open (STDERR, ">&STDOUT");# Combine stderr, and stdout... |
|
exec(@words); # won't return. |
|
} |
|
return $output; |
|
} |
|
|
|
|
# GetCertificate: Given a transaction that requires a certificate, |
# GetCertificate: Given a transaction that requires a certificate, |
# this function will extract the certificate from the transaction |
# this function will extract the certificate from the transaction |
# request. Note that at this point, the only concept of a certificate |
# request. Note that at this point, the only concept of a certificate |
Line 1302 sub push_file_handler {
|
Line 1337 sub push_file_handler {
|
|
|
sub du_handler { |
sub du_handler { |
my ($cmd, $ududir, $client) = @_; |
my ($cmd, $ududir, $client) = @_; |
|
my ($ududir) = split(/:/,$ududir); # Make 'telnet' testing easier. |
|
my $userinput = "$cmd:$ududir"; |
|
|
if ($ududir=~/\.\./ || $ududir!~m|^/home/httpd/|) { |
if ($ududir=~/\.\./ || $ududir!~m|^/home/httpd/|) { |
&Failure($client,"refused\n","$cmd:$ududir"); |
&Failure($client,"refused\n","$cmd:$ududir"); |
return 1; |
return 1; |
Line 1314 sub du_handler {
|
Line 1352 sub du_handler {
|
# |
# |
if (-d $ududir) { |
if (-d $ududir) { |
# And as Shakespeare would say to make |
# And as Shakespeare would say to make |
# assurance double sure, quote the $ududir |
# assurance double sure, |
# This is in case someone manages to first |
# use execute_command to ensure that the command is not executed in |
# e.g. fabricate a valid directory with a ';' |
# a shell that can screw us up. |
# in it. Quoting the dir will help |
|
# keep $ududir completely interpreted as a |
my $duout = execute_command("du -ks $ududir"); |
# directory. |
|
# |
|
my $duout = `du -ks "$ududir" 2>/dev/null`; |
|
$duout=~s/[^\d]//g; #preserve only the numbers |
$duout=~s/[^\d]//g; #preserve only the numbers |
&Reply($client,"$duout\n","$cmd:$ududir"); |
&Reply($client,"$duout\n","$cmd:$ududir"); |
} else { |
} else { |
&Failure($client, "bad_directory:$ududir", $userinput); |
|
|
&Failure($client, "bad_directory:$ududir\n","$cmd:$ududir"); |
|
|
} |
} |
return 1; |
return 1; |
} |
} |
Line 1730 sub change_authentication_handler {
|
Line 1767 sub change_authentication_handler {
|
my $result=&make_passwd_file($uname, $umode,$npass,$passfilename); |
my $result=&make_passwd_file($uname, $umode,$npass,$passfilename); |
&Reply($client, $result, $userinput); |
&Reply($client, $result, $userinput); |
} else { |
} else { |
&Failure($client, "non_authorized", $userinput); # Fail the user now. |
&Failure($client, "non_authorized\n", $userinput); # Fail the user now. |
} |
} |
} |
} |
return 1; |
return 1; |
Line 2081 sub token_auth_user_file_handler {
|
Line 2118 sub token_auth_user_file_handler {
|
my ($fname, $session) = split(/:/, $tail); |
my ($fname, $session) = split(/:/, $tail); |
|
|
chomp($session); |
chomp($session); |
my $reply='non_auth'; |
my $reply="non_auth\n"; |
if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'. |
if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'. |
$session.'.id')) { |
$session.'.id')) { |
while (my $line=<ENVIN>) { |
while (my $line=<ENVIN>) { |
if ($line=~ m|userfile\.\Q$fname\E\=|) { $reply='ok'; } |
if ($line=~ m|userfile\.\Q$fname\E\=|) { $reply="ok\n"; } |
} |
} |
close(ENVIN); |
close(ENVIN); |
&Reply($client, $reply); |
&Reply($client, $reply, "$cmd:$tail"); |
} else { |
} else { |
&Failure($client, "invalid_token\n", "$cmd:$tail"); |
&Failure($client, "invalid_token\n", "$cmd:$tail"); |
} |
} |
Line 3799 sub process_request {
|
Line 3836 sub process_request {
|
$userinput = decipher($userinput); |
$userinput = decipher($userinput); |
$wasenc=1; |
$wasenc=1; |
if(!$userinput) { # Cipher not defined. |
if(!$userinput) { # Cipher not defined. |
&Failure($client, "error: Encrypted data without negotated key"); |
&Failure($client, "error: Encrypted data without negotated key\n"); |
return 0; |
return 0; |
} |
} |
} |
} |