version 1.6, 2004/08/05 20:33:50
|
version 1.21, 2008/05/30 13:37:48
|
Line 1
|
Line 1
|
#!/usr/bin/perl -w |
#!/usr/bin/perl |
|
|
# The Learning Online Network with CAPA |
# The Learning Online Network with CAPA |
# |
# |
|
# $Id$ |
|
# |
# Copyright Michigan State University Board of Trustees |
# Copyright Michigan State University Board of Trustees |
# |
# |
# This file is part of the LearningOnline Network with CAPA (LON-CAPA). |
# This file is part of the LearningOnline Network with CAPA (LON-CAPA). |
Line 41
|
Line 43
|
# NSCL |
# NSCL |
# Michigan State University8 |
# Michigan State University8 |
# East Lansing, MI 48824-1321 |
# East Lansing, MI 48824-1321 |
|
# |
# General flow of control: |
# General flow of control: |
# 1. Validate process state (must be run as www). |
# 1. Validate process state (must be run as www). |
# 2. Validate parameters: Need two parameters: |
# 2. Validate parameters: Need two parameters: |
Line 61
|
Line 63
|
# - internal - www:www/2775 |
# - internal - www:www/2775 |
# - local - www:www/2775 |
# - local - www:www/2775 |
# |
# |
|
# |
# |
# |
# Take a few precautions to be sure that we're not vulnerable to trojan |
# Take a few precautions to be sure that we're not vulnerable to trojan |
# horses and other fine issues: |
# horses and other fine issues: |
# |
# |
use strict; |
use strict; |
|
use Fcntl qw(:mode); |
|
use DirHandle; |
|
use POSIX; |
|
use lib '/home/httpd/lib/perl/'; |
|
use LONCAPA qw(:match); |
|
|
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; |
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; |
delete @ENV{qw{IFS CDPATH ENV BASH_ENV}}; |
delete @ENV{qw{IFS CDPATH ENV BASH_ENV}}; |
|
|
my $DEBUG = 0; # .nonzero -> Debug printing enabled. |
my $DEBUG = 1; # .nonzero -> Debug printing enabled. |
|
my $path_sep = "/"; # Unix like operating systems. |
|
|
|
|
# If the UID of the running process is not www exit with error. |
# If the UID of the running process is not www exit with error. |
Line 121 if( $authentication ne "unix:" &&
|
Line 129 if( $authentication ne "unix:" &&
|
$authentication ne "localauth:") { |
$authentication ne "localauth:") { |
if($DEBUG) { |
if($DEBUG) { |
print("Invalid authentication parameter: ".$authentication."\n"); |
print("Invalid authentication parameter: ".$authentication."\n"); |
print("Should be one of: unix, internal, krb4, localauth\n"); |
print("Should be one of-- unix: internal: krb4: krb5: localauth:\n"); |
} |
} |
exit 3; |
exit 3; |
} |
} |
|
|
# Untaint the username. |
# Untaint the username. |
|
|
my $match = $username =~ /^(\w+)$/; |
my $match = $username =~ /^($match_username)$/; |
my $patt = $1; |
my $patt = $1; |
|
|
if($DEBUG) { |
if($DEBUG) { |
Line 140 my $safeuser = $patt;
|
Line 148 my $safeuser = $patt;
|
if($DEBUG) { |
if($DEBUG) { |
print("Save username = $safeuser \n"); |
print("Save username = $safeuser \n"); |
} |
} |
if(($username ne $safeuser) or ($safeuser!~/^[A-za-z]/)) { |
if($username ne $safeuser) { |
if($DEBUG) { |
if($DEBUG) { |
print("User name $username had illegal characters\n"); |
print("User name $username had illegal characters\n"); |
} |
} |
Line 150 if(($username ne $safeuser) or ($safeuse
|
Line 158 if(($username ne $safeuser) or ($safeuse
|
#untaint the base directory require that the dir contain only |
#untaint the base directory require that the dir contain only |
# alphas, / numbers or underscores, and end in /$safeuser |
# alphas, / numbers or underscores, and end in /$safeuser |
|
|
$dir =~ /(^([\w\/]+))/; |
|
|
|
my $dirtry1 = $1; |
|
|
|
$dir =~ /$\/$safeuser/; |
my ($allowed_dir) = ($dir =~ m{(^([/]|$match_username)+)}); |
my $dirtry2 = $1; |
|
|
my $has_correct_end = ($dir =~ m{/\Q$safeuser\E$}); |
|
|
if(($dirtry1 ne $dir) or ($dirtry2 ne $dir)) { |
if(($allowed_dir ne $dir) or (!$has_correct_end)) { |
if ($DEBUG) { |
if ($DEBUG) { |
print("Directory $dir is not a valid home for $safeuser\n"); |
print("Directory $dir is not a valid home for $safeuser\n"); |
} |
} |
exit 5; |
exit 5; |
} |
} |
|
|
|
|
# As root, create the directory. |
# As root, create the directory. |
|
|
my $fulldir = $dirtry1."/public_html"; |
my $homedir = $allowed_dir; |
|
my $fulldir = $homedir."/public_html"; |
|
|
if($DEBUG) { |
if($DEBUG) { |
print("Full directory path is: $fulldir \n"); |
print("Full directory path is: $fulldir \n"); |
} |
} |
if(!( -e $dirtry1)) { |
if(!( -e $homedir)) { |
if($DEBUG) { |
if($DEBUG) { |
print("User's home directory $dirtry1 does not exist\n"); |
print("User's home directory $homedir does not exist\n"); |
} |
} |
if ($authentication eq "unix:") { |
if ($authentication eq "unix:") { |
exit 6; |
exit 6; |
} |
} |
} |
} |
|
if ($authentication eq "unix:") { |
|
# check whether group $safeuser exists. |
|
my $usergroups = `id -nG $safeuser`; |
|
if (! grep /^$safeuser$/, split(/\s+/,$usergroups)) { |
|
if($DEBUG) { |
|
print("Group \"$safeuser\" does not exist or $safeuser is not a member of that group.\n"); |
|
} |
|
exit 7; |
|
} |
|
} |
|
|
|
|
|
|
&EnableRoot; |
&EnableRoot; |
|
|
|
# If authentication is internal and the top level directory exists |
|
# give it the right permissions (in case this is a modification. |
|
|
|
if ($authentication eq "internal:") { |
|
chmod(0711, $homedir); # so www can enter ~/public_html. |
|
} |
|
|
&System("/bin/mkdir -p $fulldir") unless (-e $fulldir); |
&System("/bin/mkdir -p $fulldir") unless (-e $fulldir); |
unless(-e $fulldir."/index.html") { |
unless(-e $fulldir."/index.html") { |
open OUT,">".$fulldir."/index.html"; |
open OUT,">".$fulldir."/index.html"; |
Line 207 it available to students and other instr
|
Line 235 it available to students and other instr
|
END |
END |
close OUT; |
close OUT; |
} |
} |
&System("/bin/chmod 02775 $fulldir"); |
|
&System("/bin/chmod 0775 $fulldir"."/index.html"); |
&System("/bin/chmod 02770 $fulldir"); |
|
&System("/bin/chmod 0770 $fulldir"."/index.html"); |
|
|
|
|
# Based on the authentiation mode, set the ownership of the directory. |
# Based on the authentiation mode, set the ownership of the directory. |
|
|
if($authentication eq "unix:") { # Unix mode authentication... |
if($authentication eq "unix:") { # Unix mode authentication... |
&System("/bin/chown -R $safeuser".":".$safeuser." ".$fulldir); |
print "Unix auth\n"; |
|
&System("/bin/chown -R $safeuser:$safeuser"." ".$fulldir); |
&JoinGroup($safeuser); |
&JoinGroup($safeuser); |
} else { |
} else { |
# Internal, Kerberos, and Local authentication are for users |
# Internal, Kerberos, and Local authentication are for users |
# who do not have unix accounts on the system. Therefore we |
# who do not have unix accounts on the system. Therefore we |
# will give ownership of their public_html directories to www:www |
# will give ownership of their public_html directories to www:www |
&System("/bin/chown -R www:www ".$fulldir); |
# If the user is an internal auth user, the rest of the directory tree |
|
# gets owned by root. This chown is needed in case what's really happening |
|
# is that a file system user is being demoted to internal user... |
|
|
|
if($authentication eq "internal:") { |
|
# In case the user was a unix/filesystem authenticated user, |
|
# we'll take a bit of time here to write a script in the |
|
# user's home directory that can reset ownerships and permissions |
|
# back the way the used to be. |
|
|
|
# This can take long enough for lond to time out, so we'll do it |
|
# in a separate process that we'll not wait for. |
|
# |
|
my $fpid = fork; |
|
if($fpid) { |
|
&DisableRoot; |
|
exit 0; |
|
} else { |
|
print "Forked\n"; |
|
POSIX::setsid(); # Disassociate from parent. |
|
print "Separate session\n"; |
|
&write_restore_script($homedir); |
|
print "Restore script written\n"; |
|
&System("/bin/chown -R root:root ".$homedir); |
|
&System("/bin/chown -R www:www ".$fulldir); |
|
print "Exiting\n"; |
|
exit 0; |
|
} |
|
} else { |
|
&System("/bin/chown -R www:www ".$fulldir); |
|
} |
|
|
} |
} |
&DisableRoot; |
&DisableRoot; |
|
|
Line 238 exit 0;
|
Line 299 exit 0;
|
|
|
sub EnableRoot { |
sub EnableRoot { |
if ($wwwid==$>) { |
if ($wwwid==$>) { |
print ("EnableRoot $< $>\n"); |
|
($<,$>)=($>,$<); |
($<,$>)=($>,$<); |
($(,$))=($),$(); |
($(,$))=($),$(); |
} |
} |
Line 263 sub DisableRoot {
|
Line 323 sub DisableRoot {
|
print("Disable root: id = ".$>."\n"); |
print("Disable root: id = ".$>."\n"); |
} |
} |
} |
} |
|
# |
|
# Join the www user to the user's group. |
|
# we must be running with euid as root at this time. |
|
# |
sub JoinGroup { |
sub JoinGroup { |
my $usergroup = shift; |
my $usergroup = shift; |
|
|
my $groups = `/usr/bin/groups www`; |
my $groups = `/usr/bin/groups www`; |
# untaint |
# untaint |
my ($safegroups)=($groups=~/([\s\w]+)/); |
my ($safegroups)=($groups=~/:\s+([\s\w]+)/); |
$groups=$safegroups; |
$groups=$safegroups; |
chomp $groups; $groups=~s/^\S+\s+\:\s+//; |
chomp $groups; $groups=~s/^\S+\s+\:\s+//; |
my @grouplist=split(/\s+/,$groups); |
my @grouplist=split(/\s+/,$groups); |
Line 282 sub JoinGroup {
|
Line 345 sub JoinGroup {
|
} |
} |
exit 6; |
exit 6; |
} |
} |
|
if (-e '/var/run/httpd.pid') { |
|
open(PID,'/var/run/httpd.pid'); |
|
my $pid=<PID>; |
|
close(PID); |
|
my ($safepid) = $pid=~ /(\d+)/; |
|
$pid = $safepid; |
|
if ($pid) { |
|
my $status = system("kill -USR1 $safepid"); |
|
} |
|
} |
} |
} |
|
|
|
|
Line 296 sub System {
|
Line 368 sub System {
|
} |
} |
|
|
|
|
|
|
|
|
|
|
|
# |
|
# This file contains code to recursively process |
|
# a Directory. This is a bit more powerful |
|
# than File::Find in that we pass the full |
|
# stat info to the processing function. |
|
# For each file in the specified directory subtree, |
|
# The user's Code reference is invoked for all files, regular and otherwise |
|
# except: |
|
# ., .. |
|
# |
|
# Parameters: |
|
# code_ref - Code reference, invoked for each file in the tree. |
|
# as follows: CodeRef(directory, name, statinfo) |
|
# directory the path to the directory holding the file. |
|
# name the name of the file within Directory. |
|
# statinfo a reference to the stat of the file. |
|
# start_dir - The starting point of the directory walk. |
|
# |
|
# NOTE: |
|
# Yes, we could have just used File::Find, but since we have to get the |
|
# stat anyway, this is actually simpler, as File::Find would have gotten |
|
# the stat to figure out the file type and then we would have gotten it |
|
# again. |
|
# |
|
|
|
sub process_tree { |
|
my ($code_ref, $start_dir) = @_; |
|
|
|
my $dir = new DirHandle $start_dir; |
|
if (!defined($dir)) { |
|
print "Failed to open dirhandle: $start_dir\n"; |
|
} |
|
|
|
# Now iterate through this level of the tree: |
|
|
|
while (defined (my $name = $dir->read)) { |
|
next if $name =~/^\.\.?$/; # Skip ., .. (see cookbook pg 319) |
|
|
|
my $full_name = $start_dir.$path_sep.$name; # Full filename path. |
|
my @stat_info = lstat($full_name); |
|
my $mode = $stat_info[2]; |
|
my $type = $mode & 0170000; # File type. |
|
|
|
# Unless the file type is a symlink, call the user code: |
|
|
|
unless ($type == S_IFLNK) { |
|
&$code_ref($start_dir, $name, \@stat_info); |
|
} |
|
|
|
# If the entry is a directory, we need to recurse: |
|
|
|
|
|
if (($type == S_IFDIR) != 0) { |
|
&process_tree($code_ref, $full_name); |
|
} |
|
} |
|
|
|
} |
|
# |
|
# Callback from process_tree to write the script lines |
|
# requried to restore files to current ownership and permission. |
|
# Parameters: |
|
# dir - Name of the directory the file lives in. |
|
# name - Name of the file itself. |
|
# statinfo - Array from lstat called on the file. |
|
# |
|
# |
|
sub write_script { |
|
my ($dir, $name, $statinfo) = @_; |
|
|
|
my $fullname = $dir.$path_sep.$name; |
|
|
|
# We're going to '' the name, but we need to deal with embedded |
|
# ' characters. Using " is much worse as we'd then have to |
|
# escape all the shell escapes too. This way all we need |
|
# to do is replace ' with '\'' |
|
|
|
$fullname =~ s/\'/\'\\\'\'/g; |
|
|
|
my $perms = $statinfo->[2] & 0777; # Just permissions. |
|
printf CHMODSCRIPT "chmod 0%o '%s'\n", $perms, $fullname; |
|
printf CHMODSCRIPT "chown %d:%d '%s'\n", $statinfo->[4], $statinfo->[5], |
|
$fullname |
|
|
|
|
|
} |
|
# |
|
# Write a script in the user's home directory that can restore |
|
# the permissions and ownerhips of all the files in the directory |
|
# tree to their current ownerships and permissions. This is done |
|
# prior to making the user into an internally authenticated user |
|
# in case they were previously file system authenticated and |
|
# need to go back. |
|
# The file we will create will be of the form |
|
# restore_n.sh Where n is a number that we will keep |
|
# incrementing as needed until there isn't a file by that name. |
|
# |
|
# Parameters: |
|
# dir - Path to the user's home directory. |
|
# |
|
sub write_restore_script { |
|
my ($dir) = @_; |
|
|
|
# Create a unique file: |
|
|
|
my $version_number = 0; |
|
my $filename = 'restore_'.$version_number.'.sh'; |
|
my $full_name = $dir.$path_sep.$filename; |
|
|
|
while(-e $full_name) { |
|
$version_number++; |
|
$filename = 'restore_'.$version_number.'.sh'; |
|
$full_name = $dir.$path_sep.$filename; |
|
} |
|
# $full_name is the full path of a file that does not yet exist |
|
# of the form we want: |
|
|
|
open(CHMODSCRIPT, "> $full_name"); |
|
|
|
&process_tree(\&write_script, $dir); |
|
|
|
close(CHMODSCRIPT); |
|
|
|
chmod(0750, $full_name); |
|
|
|
} |
|
|
|
|
|
|
|
|