Diff for /loncom/lcnfson between versions 1.1 and 1.6

version 1.1, 2000/11/02 20:48:13 version 1.6, 2010/10/12 10:26:50
Line 1 Line 1
 #!/usr/bin/perl  #!/usr/bin/perl
   
 # Scott Harrison  
 # SH: November 2, 2000  
   
 use strict;  use strict;
   
   # $Id$
   
   # This script is a setuid script (chmod 6755; chown root:root).
   # It enables nfs/portmap services for a specific user at
   # a specific ip address.
   
   # Exit codes.  0=ok.  Higher than 0 means something went wrong.
   # Usage within code
   #
   # $exitcode=system("/home/httpd/perl/lcuseradd","NAME","IPADDRESS")/256;
   # print "uh-oh" if $exitcode;
   
 # Security  # Security
 $ENV{'PATH'}=""; # Nullify path information.  $ENV{'PATH'}=""; # Nullify path information.
 $ENV{'BASH_ENV'}=""; # Nullify shell environment information.  $ENV{'BASH_ENV'}=""; # Nullify shell environment information.
Line 29  if ($wwwid!=$<) { Line 38  if ($wwwid!=$<) {
     print("User ID mismatch.  This program must be run as user 'www'\n") unless $noprint;      print("User ID mismatch.  This program must be run as user 'www'\n") unless $noprint;
     exit 1;      exit 1;
 }  }
 &disable_root_capability;  
   
 # Handle case of another lcnfs process  # Handle case of another lcnfs process
 unless (&try_to_lock("/tmp/lock_lcnfs")) {  unless (&try_to_lock("/tmp/lock_lcnfs")) {
     print "Error. Too many other simultaneous nfs change requests being made.\n" unless $noprint;      print "Error. Too many other simultaneous nfs change requests being made.\n" unless $noprint;
     exit 4;      exit 4;
 }  }
 # Gather input.  Should be 3 values (user name, password 1, password 2).  # Gather input.  Should be 2 values (user name, numeric ip address).
 my @input;  my @input;
 if (@ARGV==3) {  if (@ARGV==3) {
     @input=@ARGV;      @input=@ARGV;
 }  }
 elsif (@ARGV) {  elsif (@ARGV) {
     print("Error. This program needs 3 command-line arguments (username, password 1, password 2).\n") unless $noprint;      print("Error. This program needs 2 command-line arguments (username, numeric ip address).\n") unless $noprint;
     unlink('/tmp/lock_lcpasswd');      unlink('/tmp/lock_lcnfs');
     exit 2;      exit 2;
 }  }
 else {  else {
     @input=<>;      @input=<>;
     if (@input!=3) {      if (@input!=2) {
  print("Error. Three lines should be entered into standard input.\n") unless $noprint;   print("Error. Two lines should be entered into standard input.\n") unless $noprint;
  unlink('/tmp/lock_lcpasswd');   unlink('/tmp/lock_lcnfs');
  exit 3;   exit 3;
     }      }
     map {chop} @input;      map {chop} @input;
Line 61  $username=~/^(\w+)$/; Line 70  $username=~/^(\w+)$/;
 my $safeusername=$1;  my $safeusername=$1;
 if ($username ne $safeusername) {  if ($username ne $safeusername) {
     print "Error. The user name specified has invalid characters.\n";      print "Error. The user name specified has invalid characters.\n";
     unlink('/tmp/lock_nfs');      unlink('/tmp/lock_lcnfs');
     exit 9;      exit 9;
 }  }
   
Line 81  $ipaddress=~/^([\w|\.]*)$/; Line 90  $ipaddress=~/^([\w|\.]*)$/;
 my $safeipaddress=$1;  my $safeipaddress=$1;
 if ($ipaddress ne $safeipaddress) {  if ($ipaddress ne $safeipaddress) {
     print "Error. The IP address must be numeric and of the form ##.##.##.##.\n";      print "Error. The IP address must be numeric and of the form ##.##.##.##.\n";
     unlink('/tmp/lock_nfs');      unlink('/tmp/lock_lcnfs');
     exit 8;      exit 8;
 }  }
   
Line 94  if ($status=~/is stopped/) { Line 103  if ($status=~/is stopped/) {
   
 # Add entry to /etc/exports  # Add entry to /etc/exports
 my $exports=`/bin/cat /etc/exports`; $exports="\n$exports";  my $exports=`/bin/cat /etc/exports`; $exports="\n$exports";
 my $entry="/home/$safeusername     $safeipaddress(rw,all_squash,anonuid=$uid,anongid=$gid\n";  my $entry="/home/$safeusername     $safeipaddress(rw,all_squash,anonuid=$uid,anongid=$gid)\n";
 if ($exports=~/\n\/home\/$safeusername\s+$safeipaddress\(rw,all_squash,anonuid=$uid,anongid=$gid\)/) {  if ($exports=~/\n\/home\/$safeusername\s+$safeipaddress\(rw,all_squash,anonuid=$uid,anongid=$gid\)/) {
     print "Error. /etc/exports already has this entry enabled.\n";      print "Error. /etc/exports already has this entry enabled.\n";
     unlink('/tmp/lock_nfs');      unlink('/tmp/lock_lcnfs');
     exit 7;      exit 7;
 }  }
 open (OUT,">>/etc/exports);  open (OUT,">>/etc/exports");
 print OUT $entry;  print OUT $entry;
 close OUT;  close OUT;
   
Line 109  system('/usr/sbin/exportfs','-r'); Line 118  system('/usr/sbin/exportfs','-r');
   
 # Add entry /etc/hosts.allow  # Add entry /etc/hosts.allow
 my $hostsallow=`/bin/cat /etc/hosts.allow`;  my $hostsallow=`/bin/cat /etc/hosts.allow`;
 my $entry="# $safeusername\nportmap $safeipaddress\n";  my $entry="# $safeusername\nportmap: $safeipaddress\n";
 if ($hostsallow=~/\n\# $safeusername\s*\nportmap $safeipaddress\n/) {  if ($hostsallow=~/\n\# $safeusername\s*\nportmap: $safeipaddress\n/) {
     print "Error. /etc/hosts already has this entry enabled.\n";      print "Error. /etc/hosts already has this entry enabled.\n";
     unlink('/tmp/lock_nfs');      unlink('/tmp/lock_lcnfs');
     exit 6;      exit 6;
 }  }
 open (OUT,">>/etc/hosts.allow");  open (OUT,">>/etc/hosts.allow");
 print OUT $entry;  print OUT $entry;
 close OUT;  close OUT;
   
   &disable_root_capability;
   unlink('/tmp/lock_lcnfs');
   exit 0;
   
 # ----------------------------------------------------------- have setuid script run as root  # ----------------------------------------------------------- have setuid script run as root
 sub enable_root_capability {  sub enable_root_capability {
     if ($wwwid==$>) {      if ($wwwid==$>) {

Removed from v.1.1  
changed lines
  Added in v.1.6


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>