version 1.25.2.2, 2004/09/02 19:04:53
|
version 1.33, 2005/01/26 10:38:13
|
Line 5
|
Line 5
|
# lcuseradd - LON-CAPA setuid script to coordinate all actions |
# lcuseradd - LON-CAPA setuid script to coordinate all actions |
# with adding a user with filesystem privileges (e.g. author) |
# with adding a user with filesystem privileges (e.g. author) |
# |
# |
# YEAR=2002 |
|
# May 19, 2002 Ron Fox |
|
# - Removed creation of the pulic_html directory. This directory |
|
# can now be added in two ways: |
|
# o The user can add it themselves if they want some local web |
|
# space which may or may not contain construction items. |
|
# o LonCapa will add it if/when the user is granted an Author |
|
# role. |
|
# |
# |
# $Id$ |
# $Id$ |
### |
### |
Line 50 use strict;
|
Line 42 use strict;
|
# www becomes a member of this user group. |
# www becomes a member of this user group. |
|
|
# -------------- Invoking script (standard input versus command-line arguments) |
# -------------- Invoking script (standard input versus command-line arguments) |
|
# Otherwise sensitive information will be available to ps-ers for |
|
# a small but exploitable time window. |
# |
# |
# Standard input (STDIN) usage |
# Standard input (STDIN) usage |
# First line is USERNAME |
# First line is USERNAME |
# Second line is PASSWORD |
# Second line is PASSWORD |
# Third line is PASSWORD |
# Third line is PASSWORD |
|
# Fouth line is the name of a file to which an error code will be written. |
|
# If the fourth line is omitted, no error file will be written. |
|
# In either case, the program Exits with the code as its Exit status. |
|
# The error file will just be a single line containing an |
|
# error code. |
|
# |
|
# |
# |
# |
# Command-line arguments [USERNAME] [PASSWORD] [PASSWORD] |
# Command-line arguments [USERNAME] [PASSWORD] [PASSWORD] |
# Yes, but be very careful here (don't pass shell commands) |
# Yes, but be very careful here (don't pass shell commands) |
Line 78 use strict;
|
Line 79 use strict;
|
# ---------------------------------- Example usage inside another piece of code |
# ---------------------------------- Example usage inside another piece of code |
# Usage within code |
# Usage within code |
# |
# |
# $exitcode= |
# $Exitcode= |
# system("/home/httpd/perl/lcuseradd","NAME","PASSWORD1","PASSWORD2")/256; |
# system("/home/httpd/perl/lcuseradd","NAME","PASSWORD1","PASSWORD2")/256; |
# print "uh-oh" if $exitcode; |
# print "uh-oh" if $Exitcode; |
|
|
# ---------------------------------------------------- Description of functions |
# ---------------------------------------------------- Description of functions |
# enable_root_capability() : have setuid script run as root |
# enable_root_capability() : have setuid script run as root |
Line 88 use strict;
|
Line 89 use strict;
|
# try_to_lock() : make sure that another lcpasswd process isn't running |
# try_to_lock() : make sure that another lcpasswd process isn't running |
|
|
# ------------------------------------------------------------------ Exit codes |
# ------------------------------------------------------------------ Exit codes |
# These are the exit codes. |
# These are the Exit codes. |
# ( (0,"ok"), |
# ( (0,"ok"), |
# (1,"User ID mismatch. This program must be run as user 'www'"), |
# (1,"User ID mismatch. This program must be run as user 'www'"), |
# (2,"Error. This program needs 3 command-line arguments (username, ". |
# (2,"Error. This program needs 3 command-line arguments (username, ". |
Line 106 use strict;
|
Line 107 use strict;
|
# (12,"Error. Something went wrong with the addition of user ". |
# (12,"Error. Something went wrong with the addition of user ". |
# "\"$safeusername\"."), |
# "\"$safeusername\"."), |
# (13,"Error. Password mismatch."), |
# (13,"Error. Password mismatch."), |
|
# (14, "Error filename is invalid") |
|
|
# ------------------------------------------------------------- Initializations |
# ------------------------------------------------------------- Initializations |
# Security |
# Security |
Line 116 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}
|
Line 118 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}
|
# Do not print error messages. |
# Do not print error messages. |
my $noprint=1; |
my $noprint=1; |
|
|
|
# Error file: |
|
|
|
my $error_file; # This is either the error file name or undef. |
|
|
print "In lcuseradd\n" unless $noprint; |
print "In lcuseradd\n" unless $noprint; |
|
|
# ----------------------------- Make sure this process is running from user=www |
# ----------------------------- Make sure this process is running from user=www |
Line 124 my $wwwid=getpwnam('www');
|
Line 130 my $wwwid=getpwnam('www');
|
if ($wwwid!=$>) { |
if ($wwwid!=$>) { |
print("User ID mismatch. This program must be run as user 'www'\n") |
print("User ID mismatch. This program must be run as user 'www'\n") |
unless $noprint; |
unless $noprint; |
exit 1; |
&Exit(1); |
} |
} |
|
|
# ----------------------------------- Start running script with www permissions |
# ----------------------------------- Start running script with www permissions |
Line 134 if ($wwwid!=$>) {
|
Line 140 if ($wwwid!=$>) {
|
unless (&try_to_lock("/tmp/lock_lcpasswd")) { |
unless (&try_to_lock("/tmp/lock_lcpasswd")) { |
print "Error. Too many other simultaneous password change requests being ". |
print "Error. Too many other simultaneous password change requests being ". |
"made.\n" unless $noprint; |
"made.\n" unless $noprint; |
exit 4; |
&Exit(4); |
} |
} |
|
|
# ------- Error-check input, need 3 values (user name, password 1, password 2). |
# ------- Error-check input, need 3 values (user name, password 1, password 2). |
my @input; |
my @input; |
if (@ARGV==3) { |
if (@ARGV>=3) { |
@input=@ARGV; |
@input=@ARGV; |
} |
} elsif (@ARGV) { |
elsif (@ARGV) { |
print("Error. This program needs at least 3 command-line arguments (username, ". |
print("Error. This program needs 3 command-line arguments (username, ". |
"password 1, password 2 [errorfile]).\n") unless $noprint; |
"password 1, password 2).\n") unless $noprint; |
|
unlink('/tmp/lock_lcpasswd'); |
unlink('/tmp/lock_lcpasswd'); |
exit 2; |
&Exit(2); |
} |
} else { |
else { |
|
@input=<>; |
@input=<>; |
if (@input!=3) { |
if (@input < 3) { |
print("Error. Three lines should be entered into standard input.\n") |
print("Error. At least three lines should be entered into standard input.\n") |
unless $noprint; |
unless $noprint; |
unlink('/tmp/lock_lcpasswd'); |
unlink('/tmp/lock_lcpasswd'); |
exit 3; |
&Exit(3); |
} |
} |
foreach (@input) {chomp;} |
foreach (@input) {chomp;} |
} |
} |
|
|
my ($username,$password1,$password2)=@input; |
my ($username,$password1,$password2, $error_file)=@input; |
print "Username = ".$username."\n" unless $noprint; |
print "Username = ".$username."\n" unless $noprint; |
$username=~/^(\w+)$/; |
$username=~/^(\w+)$/; |
print "Username after substitution - ".$username unless $noprint; |
print "Username after substitution - ".$username unless $noprint; |
Line 170 if (($username ne $safeusername) or ($sa
|
Line 174 if (($username ne $safeusername) or ($sa
|
print "Error. The user name specified $username $safeusername has invalid characters.\n" |
print "Error. The user name specified $username $safeusername has invalid characters.\n" |
unless $noprint; |
unless $noprint; |
unlink('/tmp/lock_lcpasswd'); |
unlink('/tmp/lock_lcpasswd'); |
exit 9; |
&Exit(9); |
} |
} |
my $pbad=0; |
my $pbad=0; |
foreach (split(//,$password1)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
foreach (split(//,$password1)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
foreach (split(//,$password2)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
foreach (split(//,$password2)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
if ($pbad) { |
if ($pbad) { |
print "Error. A password entry had an invalid character.\n"; |
print "Error. A password entry had an invalid character.\n" unless $noprint; |
unlink('/tmp/lock_lcpasswd'); |
unlink('/tmp/lock_lcpasswd'); |
exit 10; |
&Exit(10); |
|
} |
|
|
|
# |
|
# Safe the filename. For our case, it must only have alpha, numeric, period |
|
# and path sparators.. |
|
# |
|
|
|
print "Error file is $error_file \n" unless $noprint; |
|
|
|
if($error_file) { |
|
if($error_file =~ /^([(\w)(\d)\.\/]+)$/) { |
|
print "Error file matched pattern $error_file : $1\n" unless $noprint; |
|
my $safe_error_file = $1; # Untainted I think. |
|
print "Error file after transform $safe_error_file\n" |
|
unless $noprint; |
|
if($error_file == $safe_error_file) { |
|
$error_file = $safe_error_file; # untainted error_file. |
|
} else { |
|
$error_file =""; |
|
print "Invalid error filename\n" unless $noprint; |
|
Exit(14); |
|
} |
|
|
|
} else { |
|
$error_file=""; |
|
print "Invalid error filename\n" unless $noprint; |
|
Exit(14); |
|
} |
} |
} |
|
|
# -- Only add user if we can create a brand new home directory (/home/username) |
|
if (-e "/home/$safeusername") { |
# -- Only add the user if they are >not< in /etc/passwd. |
print "Error. User already exists.\n" unless $noprint; |
# Used to look for the ability to create a new directory for the |
|
# user, however that disallows authentication changes from i |
|
# internal->fs.. so just check the passwd file instead. |
|
# |
|
my $not_found = system("grep -q $safeusername: /etc/passwd"); |
|
if (!$not_found) { |
|
print "Error user already exists\n" unless $noprint; |
unlink('/tmp/lock_lcpasswd'); |
unlink('/tmp/lock_lcpasswd'); |
exit 11; |
&Exit(11); |
} |
} |
|
|
|
|
|
|
# -- Only add user if the two password arguments match. |
# -- Only add user if the two password arguments match. |
|
|
if ($password1 ne $password2) { |
if ($password1 ne $password2) { |
print "Error. Password mismatch.\n" unless $noprint; |
print "Error. Password mismatch.\n" unless $noprint; |
unlink('/tmp/lock_lcpasswd'); |
unlink('/tmp/lock_lcpasswd'); |
exit 13; |
&Exit(13); |
} |
} |
print "enabling root\n" unless $noprint; |
print "enabling root\n" unless $noprint; |
# ---------------------------------- Start running script with root permissions |
# ---------------------------------- Start running script with root permissions |
Line 209 if ($status) {
|
Line 249 if ($status) {
|
"\"$safeusername\".\n" unless $noprint; |
"\"$safeusername\".\n" unless $noprint; |
print "Final status of useradd = $status"; |
print "Final status of useradd = $status"; |
unlink('/tmp/lock_lcpasswd'); |
unlink('/tmp/lock_lcpasswd'); |
exit 12; |
&Exit(12); |
} |
} |
print "Done adding user\n" unless $noprint; |
print "Done adding user\n" unless $noprint; |
# Make www a member of that user group. |
# Make www a member of that user group. |
my $groups=`/usr/bin/groups www` or exit(6); |
my $groups=`/usr/bin/groups www` or &Exit(6); |
# untaint |
# untaint |
my ($safegroups)=($groups=~/:\s*([\s\w]+)/); |
my ($safegroups)=($groups=~/:\s*([\s\w]+)/); |
$groups=$safegroups; |
$groups=$safegroups; |
Line 226 if (system('/usr/sbin/usermod','-G',$gl,
|
Line 266 if (system('/usr/sbin/usermod','-G',$gl,
|
print "Error. Could not make www a member of the group ". |
print "Error. Could not make www a member of the group ". |
"\"$safeusername\".\n" unless $noprint; |
"\"$safeusername\".\n" unless $noprint; |
unlink('/tmp/lock_lcpasswd'); |
unlink('/tmp/lock_lcpasswd'); |
exit 6; |
&Exit(6); |
} |
} |
|
|
# ---------------------------------------------------------------- Set password |
# ---------------------------------------------------------------- Set password |
Line 245 print OUT $password1;
|
Line 285 print OUT $password1;
|
print OUT "\n"; |
print OUT "\n"; |
close OUT; |
close OUT; |
if ($?) { |
if ($?) { |
print "abnormal exit from close lcpasswd\n" unless $noprint; |
print "abnormal Exit from close lcpasswd\n" unless $noprint; |
exit 8; |
&Exit(8); |
} |
} |
($>,$<)=($wwwid,0); |
($>,$<)=($wwwid,0); |
&enable_root_capability; |
&enable_root_capability; |
Line 274 print OUT<<END;
|
Line 314 print OUT<<END;
|
</html> |
</html> |
END |
END |
close OUT; |
close OUT; |
|
system('/bin/chmod','0660', "/home/$safeusername/public_html/index.html"); |
|
# |
|
# In order to allow the loncapa daemons appropriate access |
|
# to public_html, Top level and public_html directories should |
|
# be owned by safeusername:www as should the smaple index.html.. |
print "lcuseradd ownership\n" unless $noprint; |
print "lcuseradd ownership\n" unless $noprint; |
system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername"); |
system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername"); # First set std ownership on everything. |
|
# system('/bin/chown',"$safeusername:www","/home/$safeusername"); # Now adust top level... |
|
# system('/bin/chown','-R',"$safeusername:www","/home/$safeusername/public_html"); # And web dir. |
# ---------------------------------------------------- Gracefull Apache Restart |
# ---------------------------------------------------- Gracefull Apache Restart |
if (-e '/var/run/httpd.pid') { |
if (-e '/var/run/httpd.pid') { |
print "lcuseradd Apache restart\n" unless $noprint; |
print "lcuseradd Apache restart\n" unless $noprint; |
Line 289 if (-e '/var/run/httpd.pid') {
|
Line 335 if (-e '/var/run/httpd.pid') {
|
} |
} |
} |
} |
# -------------------------------------------------------- Exit script |
# -------------------------------------------------------- Exit script |
print "lcuseradd exiting\n" unless $noprint; |
print "lcuseradd Exiting\n" unless $noprint; |
&disable_root_capability; |
&disable_root_capability; |
exit 0; |
&Exit(0); |
|
|
# ---------------------------------------------- Have setuid script run as root |
# ---------------------------------------------- Have setuid script run as root |
sub enable_root_capability { |
sub enable_root_capability { |
if ($wwwid==$>) { |
if ($wwwid==$>) { |
($<,$>)=($>,0); |
($<,$>)=($>,0); |
($(,$))=($),0); |
($(,$))=($),0); |
} |
} else { |
else { |
|
# root capability is already enabled |
# root capability is already enabled |
} |
} |
return $>; |
return $>; |
Line 310 sub disable_root_capability {
|
Line 355 sub disable_root_capability {
|
if ($wwwid==$<) { |
if ($wwwid==$<) { |
($<,$>)=($>,$<); |
($<,$>)=($>,$<); |
($(,$))=($),$(); |
($(,$))=($),$(); |
} |
} else { |
else { |
|
# root capability is already disabled |
# root capability is already disabled |
} |
} |
} |
} |
Line 340 sub try_to_lock {
|
Line 384 sub try_to_lock {
|
} |
} |
sleep 3; |
sleep 3; |
$lastpid=$currentpid; |
$lastpid=$currentpid; |
} |
} else { |
else { |
|
last; |
last; |
} |
} |
if ($_==10) { |
if ($_==10) { |
Line 353 sub try_to_lock {
|
Line 396 sub try_to_lock {
|
close LOCK; |
close LOCK; |
return 1; |
return 1; |
} |
} |
|
#-------------------------- Exit... |
|
# |
|
# Write the file if the error_file is defined. Regardless |
|
# Exit with the status code. |
|
# |
|
sub Exit { |
|
my ($code) = @_; # Status code. |
|
|
|
print "Exiting with status $code error file is $error_file\n" unless $noprint; |
|
if($error_file) { |
|
open(FH, ">$error_file"); |
|
print FH "$code\n"; |
|
close(FH); |
|
} |
|
exit $code; |
|
} |
|
|
=head1 NAME |
=head1 NAME |
|
|