version 1.17, 2005/06/21 11:00:21
|
version 1.21, 2008/05/30 13:37:48
|
Line 2
|
Line 2
|
|
|
# The Learning Online Network with CAPA |
# The Learning Online Network with CAPA |
# |
# |
|
# $Id$ |
|
# |
# Copyright Michigan State University Board of Trustees |
# Copyright Michigan State University Board of Trustees |
# |
# |
# This file is part of the LearningOnline Network with CAPA (LON-CAPA). |
# This file is part of the LearningOnline Network with CAPA (LON-CAPA). |
Line 70 use strict;
|
Line 72 use strict;
|
use Fcntl qw(:mode); |
use Fcntl qw(:mode); |
use DirHandle; |
use DirHandle; |
use POSIX; |
use POSIX; |
|
use lib '/home/httpd/lib/perl/'; |
|
use LONCAPA qw(:match); |
|
|
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; |
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; |
delete @ENV{qw{IFS CDPATH ENV BASH_ENV}}; |
delete @ENV{qw{IFS CDPATH ENV BASH_ENV}}; |
Line 125 if( $authentication ne "unix:" &&
|
Line 129 if( $authentication ne "unix:" &&
|
$authentication ne "localauth:") { |
$authentication ne "localauth:") { |
if($DEBUG) { |
if($DEBUG) { |
print("Invalid authentication parameter: ".$authentication."\n"); |
print("Invalid authentication parameter: ".$authentication."\n"); |
print("Should be one of: unix, internal, krb4, localauth\n"); |
print("Should be one of-- unix: internal: krb4: krb5: localauth:\n"); |
} |
} |
exit 3; |
exit 3; |
} |
} |
|
|
# Untaint the username. |
# Untaint the username. |
|
|
my $match = $username =~ /^(\w+)$/; |
my $match = $username =~ /^($match_username)$/; |
my $patt = $1; |
my $patt = $1; |
|
|
if($DEBUG) { |
if($DEBUG) { |
Line 144 my $safeuser = $patt;
|
Line 148 my $safeuser = $patt;
|
if($DEBUG) { |
if($DEBUG) { |
print("Save username = $safeuser \n"); |
print("Save username = $safeuser \n"); |
} |
} |
if(($username ne $safeuser) or ($safeuser!~/^[A-z]/)) { |
if($username ne $safeuser) { |
if($DEBUG) { |
if($DEBUG) { |
print("User name $username had illegal characters\n"); |
print("User name $username had illegal characters\n"); |
} |
} |
Line 154 if(($username ne $safeuser) or ($safeuse
|
Line 158 if(($username ne $safeuser) or ($safeuse
|
#untaint the base directory require that the dir contain only |
#untaint the base directory require that the dir contain only |
# alphas, / numbers or underscores, and end in /$safeuser |
# alphas, / numbers or underscores, and end in /$safeuser |
|
|
$dir =~ /(^([\w\/]+))/; |
|
|
|
my $dirtry1 = $1; |
|
|
|
$dir =~ /$\/$safeuser/; |
my ($allowed_dir) = ($dir =~ m{(^([/]|$match_username)+)}); |
my $dirtry2 = $1; |
|
|
my $has_correct_end = ($dir =~ m{/\Q$safeuser\E$}); |
|
|
if(($dirtry1 ne $dir) or ($dirtry2 ne $dir)) { |
if(($allowed_dir ne $dir) or (!$has_correct_end)) { |
if ($DEBUG) { |
if ($DEBUG) { |
print("Directory $dir is not a valid home for $safeuser\n"); |
print("Directory $dir is not a valid home for $safeuser\n"); |
} |
} |
exit 5; |
exit 5; |
} |
} |
|
|
|
|
# As root, create the directory. |
# As root, create the directory. |
|
|
my $homedir = $dirtry1; |
my $homedir = $allowed_dir; |
my $fulldir = $homedir."/public_html"; |
my $fulldir = $homedir."/public_html"; |
|
|
if($DEBUG) { |
if($DEBUG) { |
print("Full directory path is: $fulldir \n"); |
print("Full directory path is: $fulldir \n"); |
} |
} |
if(!( -e $dirtry1)) { |
if(!( -e $homedir)) { |
if($DEBUG) { |
if($DEBUG) { |
print("User's home directory $dirtry1 does not exist\n"); |
print("User's home directory $homedir does not exist\n"); |
} |
} |
if ($authentication eq "unix:") { |
if ($authentication eq "unix:") { |
exit 6; |
exit 6; |