--- loncom/Attic/lchtmldir 2004/12/06 12:07:59 1.12
+++ loncom/Attic/lchtmldir 2007/04/10 20:32:13 1.18
@@ -41,7 +41,7 @@
# NSCL
# Michigan State University8
# East Lansing, MI 48824-1321
-
+#
# General flow of control:
# 1. Validate process state (must be run as www).
# 2. Validate parameters: Need two parameters:
@@ -61,7 +61,7 @@
# - internal - www:www/2775
# - local - www:www/2775
#
-
+#
#
# Take a few precautions to be sure that we're not vulnerable to trojan
# horses and other fine issues:
@@ -70,6 +70,8 @@ use strict;
use Fcntl qw(:mode);
use DirHandle;
use POSIX;
+use lib '/home/httpd/lib/perl/';
+use LONCAPA qw(:match);
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl';
delete @ENV{qw{IFS CDPATH ENV BASH_ENV}};
@@ -132,7 +134,7 @@ if( $authentication ne "unix:" &&
# Untaint the username.
-my $match = $username =~ /^(\w+)$/;
+my $match = $username =~ /^($match_username)$/;
my $patt = $1;
if($DEBUG) {
@@ -144,7 +146,7 @@ my $safeuser = $patt;
if($DEBUG) {
print("Save username = $safeuser \n");
}
-if(($username ne $safeuser) or ($safeuser!~/^[A-za-z]/)) {
+if($username ne $safeuser) {
if($DEBUG) {
print("User name $username had illegal characters\n");
}
@@ -154,7 +156,7 @@ if(($username ne $safeuser) or ($safeuse
#untaint the base directory require that the dir contain only
# alphas, / numbers or underscores, and end in /$safeuser
-$dir =~ /(^([\w\/]+))/;
+$dir =~ /(^([\w\/\.\-]+))/;
my $dirtry1 = $1;
@@ -185,8 +187,28 @@ if(!( -e $dirtry1)) {
exit 6;
}
}
+if ($authentication eq "unix:") {
+ # check whether group $safeuser exists.
+ my $usergroups = `id -nG $safeuser`;
+ if (! grep /^$safeuser$/, split(/\s+/,$usergroups)) {
+ if($DEBUG) {
+ print("Group \"$safeuser\" does not exist or $safeuser is not a member of that group.\n");
+ }
+ exit 7;
+ }
+}
+
+
+
&EnableRoot;
+# If authentication is internal and the top level directory exists
+# give it the right permissions (in case this is a modification.
+
+if ($authentication eq "internal:") {
+ chmod(0711, $homedir); # so www can enter ~/public_html.
+}
+
&System("/bin/mkdir -p $fulldir") unless (-e $fulldir);
unless(-e $fulldir."/index.html") {
open OUT,">".$fulldir."/index.html";
@@ -214,14 +236,15 @@ END
close OUT;
}
-&System("/bin/chmod 02775 $fulldir");
-&System("/bin/chmod 0775 $fulldir"."/index.html");
+&System("/bin/chmod 02770 $fulldir");
+&System("/bin/chmod 0770 $fulldir"."/index.html");
# Based on the authentiation mode, set the ownership of the directory.
if($authentication eq "unix:") { # Unix mode authentication...
- &System("/bin/chown -R $safeuser".":".$safeuser." ".$fulldir);
+ print "Unix auth\n";
+ &System("/bin/chown -R $safeuser:$safeuser"." ".$fulldir);
&JoinGroup($safeuser);
} else {
# Internal, Kerberos, and Local authentication are for users
@@ -300,7 +323,10 @@ sub DisableRoot {
print("Disable root: id = ".$>."\n");
}
}
-
+#
+# Join the www user to the user's group.
+# we must be running with euid as root at this time.
+#
sub JoinGroup {
my $usergroup = shift;
@@ -319,7 +345,16 @@ sub JoinGroup {
}
exit 6;
}
-
+ if (-e '/var/run/httpd.pid') {
+ open(PID,'/var/run/httpd.pid');
+ my $pid=;
+ close(PID);
+ my ($safepid) = $pid=~ /(\d+)/;
+ $pid = $safepid;
+ if ($pid) {
+ my $status = system("kill -USR1 $safepid");
+ }
+ }
}