[BACK]Return to lcuseradd CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom

Diff for /loncom/Attic/lcuseradd between versions 1.7 and 1.14

version 1.7, 2000/10/29 23:14:16 version 1.14, 2000/10/30 03:37:51
Line 3 Line 3
 # lcuseradd  # lcuseradd
 #  #
 # Scott Harrison  # Scott Harrison
 # October 27, 2000  # SH: October 27, 2000
   # SH: October 29, 2000
   
 use strict;  use strict;
   
Line 43  use strict; Line 44  use strict;
 # print "uh-oh" if $exitcode;  # print "uh-oh" if $exitcode;
   
 # These are the exit codes.  # These are the exit codes.
   # ( (0,"ok"),
   # (1,"User ID mismatch.  This program must be run as user 'www'"),
   # (2,"Error. This program needs 3 command-line arguments (username, password 1, password 2)."),
   # (3,"Error. Three lines should be entered into standard input."),
   # (4,"Error. Too many other simultaneous password change requests being made."),
   # (5,"Error. User $username does not exist."),
   # (6,"Error. Could not make www a member of the group \"$safeusername\"."),
   # (7,"Error. Root was not successfully enabled.),
   # (8,"Error. Cannot open /etc/passwd."),
   # (9,"Error. The user name specified has invalid characters."),
   # (10,"Error. A password entry had an invalid character."),
   # (11,"Error. User already exists.),
   # (12,"Error. Something went wrong with the addition of user \"$safeusername\"."),
   # (13,"Error. Password mismatch."),
   
 # Security  # Security
 $ENV{'PATH'}=""; # Nullify path information.  $ENV{'PATH'}=""; # Nullify path information.
Line 99  else { Line 114  else {
 my ($username,$password1,$password2)=@input;  my ($username,$password1,$password2)=@input;
 $username=~/^(\w+)$/;  $username=~/^(\w+)$/;
 my $safeusername=$1;  my $safeusername=$1;
   if ($username ne $safeusername) {
       print "Error. The user name specified has invalid characters.\n";
       unlink('/tmp/lock_lcpasswd');
       exit 9;
   }
   my $pbad=0;
   map {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} (split(//,$password1));
   map {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} (split(//,$password2));
   if ($pbad) {
       print "Error. A password entry had an invalid character.\n";
       unlink('/tmp/lock_lcpasswd');
       exit 10;
   }
   
 # Only add user if we can create a brand new home directory (/home/username).  # Only add user if we can create a brand new home directory (/home/username).
 if (-e "/home/$safeusername") {  if (-e "/home/$safeusername") {
     print "Error. User already exists.\n" unless $noprint;      print "Error. User already exists.\n" unless $noprint;
     unlink('/tmp/lock_lcpasswd');      unlink('/tmp/lock_lcpasswd');
     exit 8;      exit 11;
 }  }
   
 # Only add user if the two password arguments match.  # Only add user if the two password arguments match.
 if ($password1 ne $password2) {  if ($password1 ne $password2) {
     print "Error. Password mismatch.\n" unless $noprint;      print "Error. Password mismatch.\n" unless $noprint;
     unlink('/tmp/lock_lcpasswd');      unlink('/tmp/lock_lcpasswd');
     exit 7;      exit 13;
 }  }
   
 &enable_root_capability;  &enable_root_capability;
Line 122  if ($password1 ne $password2) { Line 150  if ($password1 ne $password2) {
 if (system('/usr/sbin/useradd','-c','LON-CAPA user',$safeusername)) {  if (system('/usr/sbin/useradd','-c','LON-CAPA user',$safeusername)) {
     print "Error.  Something went wrong with the addition of user \"$safeusername\".\n" unless $noprint;      print "Error.  Something went wrong with the addition of user \"$safeusername\".\n" unless $noprint;
     unlink('/tmp/lock_lcpasswd');      unlink('/tmp/lock_lcpasswd');
     exit 5;      exit 12;
 }  }
   
 # Make www a member of that user group.  # Make www a member of that user group.
Line 137  if (system('/usr/sbin/usermod','-G',$saf Line 165  if (system('/usr/sbin/usermod','-G',$saf
 # for crazy characters in the password, and the setuid environment of perl  # for crazy characters in the password, and the setuid environment of perl
 # requires me to make everything safe.  # requires me to make everything safe.
   
   # Grab the line corresponding to username
   open (IN, "</etc/passwd");
   @lines=<IN>;
   close IN;
   my ($userid,$useroldcryptpwd);
   my @F; my @U;
   for my $l (@lines) {
       chop $l;
       @F=split(/\:/,$l);
       if ($F[0] eq $username) {($userid,$useroldcryptpwd)=($F[2],$F[1]); @U=@F;}
   }
   
   # Verify existence of user
   if (!defined($userid)) {
       print "Error. User $username does not exist.\n" unless $noprint;
       unlink('/tmp/lock_lcpasswd');
       exit 5;
   }
   
   # Construct new password entry (random salt)
   my $newcryptpwd=crypt($password1,(join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]));
   $U[1]=$newcryptpwd;
   my $userline=join(':',@U);
   my $rootid=&enable_root_capability;
   if ($rootid!=0) {
       print "Error.  Root was not successfully enabled.\n" unless $noprint;
       unlink('/tmp/lock_lcpasswd');
       exit 7;
   }
   open PASSWORDFILE, '>/etc/passwd' or (print("Error.  Cannot open /etc/passwd.\n") && unlink('/tmp/lock_lcpasswd') && exit(8));
   for my $l (@lines) {
       @F=split(/\:/,$l);
       if ($F[0] eq $username) {print PASSWORDFILE "$userline\n";}
       else {print PASSWORDFILE "$l\n";}
   }
   close PASSWORDFILE;
   
   ($>,$<)=(0,0); # fool smbpasswd here to think this is not a setuid environment
   unless (-e '/etc/smbpasswd') {
       open (OUT,'>/etc/smbpasswd'); close OUT;
   }
   my $smbexist=0;
   open (IN, '</etc/smbpasswd');
   my @lines=<IN>;
   close IN;
   for my $l (@lines) {
       chop $l;
       my @F=split(/\:/,$l);
       if ($F[0] eq $username) {$smbexist=1;}
   }
   unless ($smbexist) {
       open(OUT,'>>/etc/smbpasswd');
       print OUT join(':',($safeusername,$userid,'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX','','/home/'.$safeusername,'/bin/bash')) . "\n";
       close OUT;
   }
   open(OUT,"|/usr/bin/smbpasswd -s $safeusername>/dev/null");
   print OUT $password1; print OUT "\n";
   print OUT $password1; print OUT "\n";
   close OUT;
   $<=$wwwid; # unfool the program
   
   # Make final modifications to the user directory.
   # Add a public_html file with a stand-in index.html file.
   
   system('/bin/chmod','-R','0660',"/home/$safeusername");
   system('/bin/chmod','0770',"/home/$safeusername");
   mkdir "/home/$safeusername/public_html",0770;
   open OUT,">/home/$safeusername/public_html/index.html";
   print OUT<<END;
   <HTML>
   <HEAD>
   <TITLE>$safeusername</TITLE>
   </HEAD>
   <BODY>
   <H1>$safeusername</H1>
   <P>
   Learning Online Network
   </P>
   <P>
   This area provides for:
   </P>
   <UL>
   <LI>resource construction
   <LI>resource publication
   <LI>record-keeping
   </UL>
   </BODY>
   </HTML>
   END
   close OUT;
   system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername");
   system('/bin/chmod','-R','0660',"/home/$safeusername");
   system('/bin/chmod','0770',"/home/$safeusername");
   system('/bin/chmod','0770',"/home/$safeusername/public_html");
   &disable_root_capability;
   unlink('/tmp/lock_lcpasswd');
   exit 0;
   
 # ----------------------------------------------------------- have setuid script run as root  # ----------------------------------------------------------- have setuid script run as root
 sub enable_root_capability {  sub enable_root_capability {
Removed from v.1.7  
changed lines
  Added in v.1.14

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>