[BACK]Return to lcuseradd CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom

Diff for /loncom/Attic/lcuseradd between versions 1.4 and 1.7

version 1.4, 2000/10/29 22:38:21 version 1.7, 2000/10/29 23:14:16
Line 20  use strict; Line 20  use strict;
 # Second line is PASSWORD  # Second line is PASSWORD
 # Third line is PASSWORD  # Third line is PASSWORD
   
   # Valid passwords must consist of the
   # ascii characters within the inclusive
   # range of 0x20 (32) to 0x7E (126).
   # These characters are:
   # SPACE and
   # !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNO
   # PQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
   
   # Valid user names must consist of ascii
   # characters that are alphabetical characters
   # (A-Z,a-z), numeric (0-9), or the underscore
   # mark (_). (Essentially, the perl regex \w).
   
 # Command-line arguments [USERNAME] [PASSWORD] [PASSWORD]  # Command-line arguments [USERNAME] [PASSWORD] [PASSWORD]
 # Yes, but be very careful here (don't pass shell commands)  # Yes, but be very careful here (don't pass shell commands)
 # and this is only supported to allow perl-system calls.  # and this is only supported to allow perl-system calls.
Line 65  unless (&try_to_lock("/tmp/lock_lcpasswd Line 78  unless (&try_to_lock("/tmp/lock_lcpasswd
   
 # Gather input.  Should be 3 values (user name, password 1, password 2).  # Gather input.  Should be 3 values (user name, password 1, password 2).
 my @input;  my @input;
 if (@ARGV==1) {  if (@ARGV==3) {
     @input=@ARGV;      @input=@ARGV;
 }  }
 elsif (@ARGV) {  elsif (@ARGV) {
Line 75  elsif (@ARGV) { Line 88  elsif (@ARGV) {
 }  }
 else {  else {
     @input=<>;      @input=<>;
     if (@input!=1) {      if (@input!=3) {
  print("Error. Three lines should be entered into standard input.\n") unless $noprint;   print("Error. Three lines should be entered into standard input.\n") unless $noprint;
  unlink('/tmp/lock_lcpasswd');   unlink('/tmp/lock_lcpasswd');
  exit 3;   exit 3;
Line 86  else { Line 99  else {
 my ($username,$password1,$password2)=@input;  my ($username,$password1,$password2)=@input;
 $username=~/^(\w+)$/;  $username=~/^(\w+)$/;
 my $safeusername=$1;  my $safeusername=$1;
 $password1=~/^(\w+)$/;  
 my $password1=$1;  # Only add user if we can create a brand new home directory (/home/username).
 $password2=~/^(\w+)$/;  if (-e "/home/$safeusername") {
 my $safepassword2=$1;      print "Error. User already exists.\n" unless $noprint;
       unlink('/tmp/lock_lcpasswd');
       exit 8;
   }
   
   # Only add user if the two password arguments match.
   if ($password1 ne $password2) {
       print "Error. Password mismatch.\n" unless $noprint;
       unlink('/tmp/lock_lcpasswd');
       exit 7;
   }
   
 &enable_root_capability;  &enable_root_capability;
   
 # Add user entry to /etc/passwd and /etc/groups in such  # Add user entry to /etc/passwd and /etc/groups in such
 # a way that www is a member of the user-specific group  # a way that www is a member of the user-specific group
   
 # This command 'should' make the user be a member of just  if (system('/usr/sbin/useradd','-c','LON-CAPA user',$safeusername)) {
       print "Error.  Something went wrong with the addition of user \"$safeusername\".\n" unless $noprint;
 if (system('/usr/sbin/useradd','-c','LON-CAPA user','-G','www',$safeusername)) {  
     print "Error.  Something went wrong with the addition of user \"$safeusername\".\n";  
     unlink('/tmp/lock_lcpasswd');      unlink('/tmp/lock_lcpasswd');
     exit 5;      exit 5;
 }  }
   
 # Set password with lcpasswd (which creates smbpasswd entry).  # Make www a member of that user group.
   if (system('/usr/sbin/usermod','-G',$safeusername,'www')) {
       print "Error. Could not make www a member of the group \"$safeusername\".\n" unless $noprint;
       unlink('/tmp/lock_lcpasswd');
       exit 6;
   }
   
   # Set password with lcpasswd-style algorithm (which creates smbpasswd entry).
   # I cannot place a direct shell call to lcpasswd since I have to allow
   # for crazy characters in the password, and the setuid environment of perl
   # requires me to make everything safe.
   
   
   
   
   # ----------------------------------------------------------- have setuid script run as root
   sub enable_root_capability {
       if ($wwwid==$>) {
    ($<,$>)=($>,$<);
    ($(,$))=($),$();
       }
       else {
    # root capability is already enabled
       }
       return $>;
   }
   
   # ----------------------------------------------------------- have setuid script run as www
   sub disable_root_capability {
       if ($wwwid==$<) {
    ($<,$>)=($>,$<);
    ($(,$))=($),$();
       }
       else {
    # root capability is already disabled
       }
   }
   
   # ----------------------------------- make sure that another lcpasswd process isn't running
   sub try_to_lock {
       my ($lockfile)=@_;
       my $currentpid;
       my $lastpid;
       # Do not manipulate lock file as root
       if ($>==0) {
    return 0;
       }
       # Try to generate lock file.
       # Wait 3 seconds.  If same process id is in
       # lock file, then assume lock file is stale, and
       # go ahead.  If process id's fluctuate, try
       # for a maximum of 10 times.
       for (0..10) {
    if (-e $lockfile) {
       open(LOCK,"<$lockfile");
       $currentpid=<LOCK>;
       close LOCK;
       if ($currentpid==$lastpid) {
    last;
       }
       sleep 3;
       $lastpid=$currentpid;
    }
    else {
       last;
    }
    if ($_==10) {
       return 0;
    }
       }
       open(LOCK,">$lockfile");
       print LOCK $$;
       close LOCK;
       return 1;
   }
Removed from v.1.4  
changed lines
  Added in v.1.7

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>