--- loncom/Attic/lcuseradd 2000/10/29 23:14:16 1.7 +++ loncom/Attic/lcuseradd 2000/10/30 03:30:26 1.13 @@ -3,7 +3,8 @@ # lcuseradd # # Scott Harrison -# October 27, 2000 +# SH: October 27, 2000 +# SH: October 29, 2000 use strict; @@ -43,6 +44,20 @@ use strict; # print "uh-oh" if $exitcode; # These are the exit codes. +# ( (0,"ok"), +# (1,"User ID mismatch. This program must be run as user 'www'"), +# (2,"Error. This program needs 3 command-line arguments (username, password 1, password 2)."), +# (3,"Error. Three lines should be entered into standard input."), +# (4,"Error. Too many other simultaneous password change requests being made."), +# (5,"Error. User $username does not exist."), +# (6,"Error. Could not make www a member of the group \"$safeusername\"."), +# (7,"Error. Root was not successfully enabled.), +# (8,"Error. Cannot open /etc/passwd."), +# (9,"Error. The user name specified has invalid characters."), +# (10,"Error. A password entry had an invalid character."), +# (11,"Error. User already exists.), +# (12,"Error. Something went wrong with the addition of user \"$safeusername\"."), +# (13,"Error. Password mismatch."), # Security $ENV{'PATH'}=""; # Nullify path information. @@ -99,19 +114,32 @@ else { my ($username,$password1,$password2)=@input; $username=~/^(\w+)$/; my $safeusername=$1; +if ($username ne $safeusername) { + print "Error. The user name specified has invalid characters.\n"; + unlink('/tmp/lock_lcpasswd'); + exit 9; +} +my $pbad=0; +map {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} (split(//,$password1)); +map {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} (split(//,$password2)); +if ($pbad) { + print "Error. A password entry had an invalid character.\n"; + unlink('/tmp/lock_lcpasswd'); + exit 10; +} # Only add user if we can create a brand new home directory (/home/username). if (-e "/home/$safeusername") { print "Error. User already exists.\n" unless $noprint; unlink('/tmp/lock_lcpasswd'); - exit 8; + exit 11; } # Only add user if the two password arguments match. if ($password1 ne $password2) { print "Error. Password mismatch.\n" unless $noprint; unlink('/tmp/lock_lcpasswd'); - exit 7; + exit 13; } &enable_root_capability; @@ -122,7 +150,7 @@ if ($password1 ne $password2) { if (system('/usr/sbin/useradd','-c','LON-CAPA user',$safeusername)) { print "Error. Something went wrong with the addition of user \"$safeusername\".\n" unless $noprint; unlink('/tmp/lock_lcpasswd'); - exit 5; + exit 12; } # Make www a member of that user group. @@ -137,8 +165,100 @@ if (system('/usr/sbin/usermod','-G',$saf # for crazy characters in the password, and the setuid environment of perl # requires me to make everything safe. +# Grab the line corresponding to username +open (IN, "; +close IN; +my ($userid,$useroldcryptpwd); +my @F; my @U; +for my $l (@lines) { + chop $l; + @F=split(/\:/,$l); + if ($F[0] eq $username) {($userid,$useroldcryptpwd)=($F[2],$F[1]); @U=@F;} +} +# Verify existence of user +if (!defined($userid)) { + print "Error. User $username does not exist.\n" unless $noprint; + unlink('/tmp/lock_lcpasswd'); + exit 5; +} +# Construct new password entry (random salt) +my $newcryptpwd=crypt($password1,(join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64])); +$U[1]=$newcryptpwd; +my $userline=join(':',@U); +my $rootid=&enable_root_capability; +if ($rootid!=0) { + print "Error. Root was not successfully enabled.\n" unless $noprint; + unlink('/tmp/lock_lcpasswd'); + exit 7; +} +open PASSWORDFILE, '>/etc/passwd' or (print("Error. Cannot open /etc/passwd.\n") && unlink('/tmp/lock_lcpasswd') && exit(8)); +for my $l (@lines) { + @F=split(/\:/,$l); + if ($F[0] eq $username) {print PASSWORDFILE "$userline\n";} + else {print PASSWORDFILE "$l\n";} +} +close PASSWORDFILE; + +($>,$<)=(0,0); # fool smbpasswd here to think this is not a setuid environment +unless (-e '/etc/smbpasswd') { + open (OUT,'>/etc/smbpasswd'); close OUT; +} +my $smbexist=0; +open (IN, '; +close IN; +for my $l (@lines) { + chop $l; + my @F=split(/\:/,$l); + if ($F[0] eq $username) {$smbexist=1;} +} +unless ($smbexist) { + open(OUT,'>>/etc/smbpasswd'); + print OUT join(':',($safeusername,$userid,'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX','','/home/'.$safeusername,'/bin/bash')) . "\n"; + close OUT; +} +open(OUT,"|/usr/bin/smbpasswd -s $safeusername>/dev/null"); +print OUT $password1; print OUT "\n"; +print OUT $password1; print OUT "\n"; +close OUT; +$<=$wwwid; # unfool the program + +# Make final modifications to the user directory. +# Add a public_html file with a stand-in index.html file. + +system('/bin/chmod','-R','0660',"/home/$safeusername"); +system('/bin/chmod','0770',"/home/$safeusername"); +mkdir "/home/$safeusername/public_html",0770; +open OUT,">/home/$safeusername/public_html/index.html"; +print OUT< + +$safeusername + + +

$safeusername

+

+Learning Online Network +

+

+This area provides for: +

+ + + +END +close OUT; +system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername"); +&disable_root_capability; +unlink('/tmp/lock_lcpasswd'); +exit 0; # ----------------------------------------------------------- have setuid script run as root sub enable_root_capability {