version 1.10, 2004/10/19 11:11:34
|
version 1.15, 2005/01/26 12:13:58
|
Line 69
|
Line 69
|
use strict; |
use strict; |
use Fcntl qw(:mode); |
use Fcntl qw(:mode); |
use DirHandle; |
use DirHandle; |
|
use POSIX; |
|
|
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; |
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; |
delete @ENV{qw{IFS CDPATH ENV BASH_ENV}}; |
delete @ENV{qw{IFS CDPATH ENV BASH_ENV}}; |
|
|
my $DEBUG = 0; # .nonzero -> Debug printing enabled. |
my $DEBUG = 1; # .nonzero -> Debug printing enabled. |
my $path_sep = "/"; # Unix like operating systems. |
my $path_sep = "/"; # Unix like operating systems. |
|
|
|
|
Line 214 END
|
Line 214 END
|
close OUT; |
close OUT; |
} |
} |
|
|
&System("/bin/chmod 02775 $fulldir"); |
&System("/bin/chmod 02770 $fulldir"); |
&System("/bin/chmod 0775 $fulldir"."/index.html"); |
&System("/bin/chmod 0770 $fulldir"."/index.html"); |
|
|
|
|
# Based on the authentiation mode, set the ownership of the directory. |
# Based on the authentiation mode, set the ownership of the directory. |
|
|
if($authentication eq "unix:") { # Unix mode authentication... |
if($authentication eq "unix:") { # Unix mode authentication... |
&System("/bin/chown -R $safeuser".":".$safeuser." ".$fulldir); |
print "Unix auth\n"; |
|
&System("/bin/chown -R $safeuser:$safeuser"." ".$fulldir); |
&JoinGroup($safeuser); |
&JoinGroup($safeuser); |
} else { |
} else { |
# Internal, Kerberos, and Local authentication are for users |
# Internal, Kerberos, and Local authentication are for users |
Line 232 if($authentication eq "unix:") { # Unix
|
Line 233 if($authentication eq "unix:") { # Unix
|
# is that a file system user is being demoted to internal user... |
# is that a file system user is being demoted to internal user... |
|
|
if($authentication eq "internal:") { |
if($authentication eq "internal:") { |
&System("/bin/chown -R root:root ".$homedir); |
# In case the user was a unix/filesystem authenticated user, |
|
# we'll take a bit of time here to write a script in the |
|
# user's home directory that can reset ownerships and permissions |
|
# back the way the used to be. |
|
|
|
# This can take long enough for lond to time out, so we'll do it |
|
# in a separate process that we'll not wait for. |
|
# |
|
my $fpid = fork; |
|
if($fpid) { |
|
&DisableRoot; |
|
exit 0; |
|
} else { |
|
print "Forked\n"; |
|
POSIX::setsid(); # Disassociate from parent. |
|
print "Separate session\n"; |
|
&write_restore_script($homedir); |
|
print "Restore script written\n"; |
|
&System("/bin/chown -R root:root ".$homedir); |
|
&System("/bin/chown -R www:www ".$fulldir); |
|
print "Exiting\n"; |
|
exit 0; |
|
} |
|
} else { |
|
&System("/bin/chown -R www:www ".$fulldir); |
} |
} |
&System("/bin/chown -R www:www ".$fulldir); |
|
} |
} |
&DisableRoot; |
&DisableRoot; |
|
|
Line 276 sub DisableRoot {
|
Line 301 sub DisableRoot {
|
print("Disable root: id = ".$>."\n"); |
print("Disable root: id = ".$>."\n"); |
} |
} |
} |
} |
|
# |
|
# Join the www user to the user's group. |
|
# we must be running with euid as root at this time. |
|
# |
sub JoinGroup { |
sub JoinGroup { |
my $usergroup = shift; |
my $usergroup = shift; |
|
|
Line 295 sub JoinGroup {
|
Line 323 sub JoinGroup {
|
} |
} |
exit 6; |
exit 6; |
} |
} |
|
if (-e '/var/run/httpd.pid') { |
|
open(PID,'/var/run/httpd.pid'); |
|
my $pid=<PID>; |
|
close(PID); |
|
my ($safepid) = $pid=~ /(\d+)/; |
|
$pid = $safepid; |
|
if ($pid) { |
|
my $status = system("kill -USR1 $safepid"); |
|
} |
|
} |
} |
} |
|
|
|
|
Line 371 sub process_tree {
|
Line 408 sub process_tree {
|
|
|
} |
} |
# |
# |
# Simple test of process_tree: |
# Callback from process_tree to write the script lines |
|
# requried to restore files to current ownership and permission. |
|
# Parameters: |
|
# dir - Name of the directory the file lives in. |
|
# name - Name of the file itself. |
|
# statinfo - Array from lstat called on the file. |
|
# |
# |
# |
sub write_script { |
sub write_script { |
my ($dir, $name, $statinfo) = @_; |
my ($dir, $name, $statinfo) = @_; |
Line 392 sub write_script {
|
Line 435 sub write_script {
|
|
|
|
|
} |
} |
|
# |
|
# Write a script in the user's home directory that can restore |
|
# the permissions and ownerhips of all the files in the directory |
|
# tree to their current ownerships and permissions. This is done |
|
# prior to making the user into an internally authenticated user |
|
# in case they were previously file system authenticated and |
|
# need to go back. |
|
# The file we will create will be of the form |
|
# restore_n.sh Where n is a number that we will keep |
|
# incrementing as needed until there isn't a file by that name. |
|
# |
|
# Parameters: |
|
# dir - Path to the user's home directory. |
|
# |
|
sub write_restore_script { |
|
my ($dir) = @_; |
|
|
|
# Create a unique file: |
|
|
|
my $version_number = 0; |
|
my $filename = 'restore_'.$version_number.'.sh'; |
|
my $full_name = $dir.$path_sep.$filename; |
|
|
|
while(-e $full_name) { |
|
$version_number++; |
|
$filename = 'restore_'.$version_number.'.sh'; |
|
$full_name = $dir.$path_sep.$filename; |
|
} |
|
# $full_name is the full path of a file that does not yet exist |
|
# of the form we want: |
|
|
|
open(CHMODSCRIPT, "> $full_name"); |
|
|
|
&process_tree(\&write_script, $dir); |
|
|
|
close(CHMODSCRIPT); |
|
|
|
chmod(0750, $full_name); |
|
|
|
} |
|
|
|
|
|
|