Diff for /loncom/lcinstallfile between versions 1.1 and 1.2

version 1.1, 2009/02/20 11:26:34 version 1.2, 2009/02/24 11:52:03
Line 24 Line 24
 #  #
 # 2/17/2009 - Ron FOx  # 2/17/2009 - Ron FOx
 #   # 
   #
 http://www.lon-capa.org/  # http://www.lon-capa.org/
 #  #
 #  This file is a setuid script that allows lond or other www programs to install  #  This file is a setuid script that allows lond or other www programs to install
 #  a file in the lon capa table directory.  #  a file in the lon capa table directory.
Line 41  http://www.lon-capa.org/ Line 41  http://www.lon-capa.org/
   
 use strict;  use strict;
   
 my $LONCAPAHOME = '/home/httpd;     # Adjust if loncapa isn't installed here.  my $LONCAPAHOME = '/home/httpd';     # Adjust if loncapa isn't installed here.
   
 use lib "$LONCAPAHOME/perl/lib";  use lib "/home/httpd/lib/perl";
 use LONCAPA;  use LONCAPA;
 use LONCAPA::Configuration;  use LONCAPA::Configuration;
 use IO::File;  use IO::File;
   use File::Copy;
   
   
   
 #  #
 # Exit codes:  # Exit codes:
Line 57  use IO::File; Line 60  use IO::File;
 # 4    - source_file_name does not exist.  # 4    - source_file_name does not exist.
 # 5    - destination file does not exist (not allowed to create new files).  # 5    - destination file does not exist (not allowed to create new files).
 # 6    - Some file operation failed.  # 6    - Some file operation failed.
   # 7    - Invalid table filename.
 #  #
 $noprint = 0;  my $noprint = 0;
 #  #
 #   Ensure we are www:  #   Ensure we are www:
 #  #
Line 76  if ($wwwid!=$>) { Line 80  if ($wwwid!=$>) {
 #  #
 my $argc = scalar(@ARGV);  my $argc = scalar(@ARGV);
 if ($argc != 2) {  if ($argc != 2) {
     print("Usage: lcinstallfile sourcepath destfile\n") unlesss $noprint;      print("Usage: lcinstallfile sourcepath destfile\n") unless $noprint;
     exit 2;      exit 2;
 }  }
 my $sorcepath = $ARGV[0];  my $sourcepath = $ARGV[0];
 my $destfile  = $ARGV[1];  my $destfile  = $ARGV[1];
   
   
   
 # Ensure the source file exists, and root can write it.:  # Ensure the source file exists, and root can write it.:
   
 &enable_root_capability;  # since this is a setuid program, the sourcepath and destfile
   # must be pattern extracted else they are considered insecure and
   # therefore not validated.  
   # loncapa table files are all of the form.
   #  something.tab where something is all letters and _'s.
   #
   if ($sourcepath =~ /^(\w+\.tab)$/) {
       $sourcepath = $1;
   } else {
       print ("Invalid characters in filename $sourcepath \n") unless $noprint;
       exit 7;
   }
   
   
 if (! -r $sourcepath) {  if (! -r $sourcepath) {
     &disable_root_capability;  
     print("File $sourcepath either does not exist or cannot be read") unless $noprint;      print("File $sourcepath either does not exist or cannot be read") unless $noprint;
     exit 4;      exit 4;
           
 }  }
   &enable_root_capability;
   
 #  #
 #  Figure out where the lontab directory is and create the destinationfile name:  #  Figure out where the lontab directory is and create the destinationfile name:
 #  #
Line 98  if (! -r $sourcepath) { Line 118  if (! -r $sourcepath) {
 #  so ensure that the final destination file actually exists.  #  so ensure that the final destination file actually exists.
 #  #
 my $config_vars = LONCAPA::Configuration::read_conf('loncapa.conf');  my $config_vars = LONCAPA::Configuration::read_conf('loncapa.conf');
 my %config      = %{$configvars};  my %config      = %{$config_vars};
 my $tab_dir     = $config{'lonTabDir'};  my $tab_dir     = $config{'lonTabDir'};
   
 my $final_file  = $tabdir.'/'.$destfile;  my $final_file  = $tab_dir.'/'.$destfile;
   
   #
   # Now sanitize the final file:
   
   if ($final_file =~ /^([\w\/]+\.tab)$/) {
       $final_file = $1;
   } else {
       print ("$final_file failed regexp match\n") unless $noprint;
       exit 7;
   }
   
 if (! -w $final_file) {  if (! -w $final_file) {
     &disable_root_capability;      &disable_root_capability;
Line 111  if (! -w $final_file) { Line 141  if (! -w $final_file) {
 #  #
 # Copy the destination file to a backup:  # Copy the destination file to a backup:
 #  #
 if (!File::Copy($final_file, $final_file.'.backup')) {  if (!copy($final_file, $final_file.'.backup')) {
     &disable_root_capability;      &disable_root_capability;
     print ("Failed to create backup copy of $final_file\n") unless $noprint;      print ("Failed to create backup copy of $final_file\n") unless $noprint;
     exit 6;      exit 6;
 }  }
   &enable_root_capability;
   
 #  Install the new file to a temp file in the same dir so it can be mv'd in place  #  Install the new file to a temp file in the same dir so it can be mv'd in place
 #  this prevents the possibility we wind up with a partial file.:  #  this prevents the possibility we wind up with a partial file.:
   
 if (!File::Copy($sourcepath, $final_file.'.new')) {  if (!copy($sourcepath, $final_file.'.new')) {
     &disable_root_capability;      &disable_root_capability;
     print("Failed to copy $sourcepath to a tempfile\n") unless $noprint;      print("Failed to copy $sourcepath to a tempfile\n") unless $noprint;
     exit 6;      exit 6;
Line 128  if (!File::Copy($sourcepath, $final_file Line 159  if (!File::Copy($sourcepath, $final_file
 #  #
 #  Move the temp file to the final file  #  Move the temp file to the final file
 #  #
 if (!rename($final_path.'.new', $final_path)) {  if (!rename($final_file.'.new', $final_file)) {
     &disable_root_capability;      &disable_root_capability;
     print ("Failed to move installed file $final_path.new to final resting place\n")      print ("Failed to move installed file $final_file.new to final resting place\n")
  unless $noprint;   unless $noprint;
     exit 6;      exit 6;
 }  }
   
 #  Ready to exit with success  #  Ready to exit with success
   
 &disble_root_capability;  &disable_root_capability;
 print ("$sourcepaht installed to $final_file\n") unless $noprint;  print ("$sourcepath installed to $final_file\n") unless $noprint;
 exit 0;  exit 0;
   
   
 #-------------------------------------------------------------------------  #-------------------------------------------------------------------------
 #  #
 #  subs that control the setuid-edness of the program.  #  subs that control the setuid-edness of the program.
   
 # ---------------------------------------------- have setuid script run as root  #  have setuid script run as root
 sub enable_root_capability {  sub enable_root_capability {
     if ($wwwid==$>) {      if ($wwwid==$>) {
  ($<,$>)=($>,0);   ($<,$>)=($>,0);
Line 157  sub enable_root_capability { Line 189  sub enable_root_capability {
     return $>;      return $>;
 }  }
   
 # ----------------------------------------------- have setuid script run as www  #  have setuid script run as www
 sub disable_root_capability {  sub disable_root_capability {
     if ($wwwid==$<) {      if ($wwwid==$<) {
  ($<,$>)=($>,$<);   ($<,$>)=($>,$<);

Removed from v.1.1  
changed lines
  Added in v.1.2


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>