loncom/lcpasswd - diff

Return to lcpasswd CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lcpasswd between versions 1.1 and 1.3

version 1.1, 2000/10/27 19:50:24	version 1.3, 2000/10/27 22:13:40
Line 1	Line 1
#!/usr/bin/perl	#!/usr/bin/perl
	#
use strict;	# lcpasswd
	#
# Scott Harrison	# Scott Harrison
# October 27, 2000	# October 27, 2000

	use strict;

# This script is a setuid script that should	# This script is a setuid script that should
# be run by user 'www'.	# be run by user 'www'.

Line 14 use strict;	Line 16 use strict;
# Third line is NEW PASSWORD	# Third line is NEW PASSWORD

# Security	# Security
$ENV{'PATH'}=""; # Nullify path information.	$ENV{'PATH'}="/bin:/usr/bin"; # Nullify path information except for what smbpasswd needs
$ENV{'BASH_ENV'}=""; # Nullify shell environment information.	$ENV{'BASH_ENV'}=""; # Nullify shell environment information.

open (IN, "</etc/passwd");	open (IN, "</etc/passwd");
Line 30 if ($wwwid!=$<) {	Line 32 if ($wwwid!=$<) {
print("User ID mismatch. This program must be run as user 'www'\n");	print("User ID mismatch. This program must be run as user 'www'\n");
exit 0;	exit 0;
}	}
	&disable_root_capability;
if (@ARGV) {	if (@ARGV) {
print("Error. This program does not accept command-line arguments.\n");	print("Error. This program does not accept command-line arguments.\n");
exit 0;	exit 0;
Line 70 if (crypt($oldpwd,$useroldcryptpwd) ne $	Line 73 if (crypt($oldpwd,$useroldcryptpwd) ne $
exit 0;	exit 0;
}	}

# Construct new password entry	# Construct new password entry (random salt)
my $newcryptpwd=crypt($newpwd,$newpwd);	my $newcryptpwd=crypt($newpwd,(join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]));
$U[1]=$newcryptpwd;	$U[1]=$newcryptpwd;
my $userline=join(":",@U);	my $userline=join(":",@U);
print $newcryptpwd;	my $rootid=&enable_root_capability;
print $userline;	if ($rootid!=0) {
#my $rootid=&enable_root_capability;	print "Error. Root was not successfully enabled.\n";
#if ($rootid!=0) {	exit 0;
# print "Error. Root was not successfully enabled.\n";	}
# exit 0;	open PASSWORDFILE, ">/etc/passwd" or die("Cannot open /etc/passwd!");
#}
# open SAMBAPASSWORDFILE, ">/etc/smbpasswd";
($<,$>)=($>,$<);
($(,$))=($),$();
open PASSWORDFILE, "/tmp/passwd2" or die("Cannot open /etc/passwd!");
for my $l (@lines) {	for my $l (@lines) {
@F=split(/\:/,$l);	@F=split(/\:/,$l);
if ($F[0] eq $username) {print PASSWORDFILE "$userline\n";}	if ($F[0] eq $username) {print PASSWORDFILE "$userline\n";}
else {print PASSWORDFILE "$l\n";}	else {print PASSWORDFILE "$l\n";}
}	}
close PASSWORDFILE;	close PASSWORDFILE;
# close SAMBAPASSWORDFILE;	$username=~/^(\w+)$/;
	my $safeusername=$1;
	($>,$<)=(0,0); # fool smbpasswd here to think this is not a setuid environment
	unless (-e "/etc/smbpasswd") {
	open (OUT,">/etc/smbpasswd"); close OUT;
	}
	my $smbexist=0;
	open (IN, "</etc/smbpasswd");
	my @lines=<IN>;
	close IN;
	for my $l (@lines) {
	chop $l;
	my @F=split(/\:/,$l);
	if ($F[0] eq $username) {$smbexist=1;}
	}
	unless ($smbexist) {
	open(OUT,">>/etc/smbpasswd");
	print OUT join(":",($safeusername,$userid,'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX','','/home/'.$safeusername,'/bin/bash')) . "\n";
	close OUT;
	}
	open(OUT,"\|/usr/bin/smbpasswd -s $safeusername>/dev/null");
	print OUT $newpwd; print OUT "\n";
	print OUT $newpwd; print OUT "\n";
	close OUT;
	$<=$wwwid; # unfool the program
&disable_root_capability;	&disable_root_capability;
unlink("/tmp/lock_lcpasswd");	unlink("/tmp/lock_lcpasswd");

sub enable_root_capability {	sub enable_root_capability {
if ($wwwid==$<) {	if ($wwwid==$>) {
($<,$>)=($>,$<);	($<,$>)=($>,$<);
($(,$))=($),$();	($(,$))=($),$();
}	}
else {	else {
# root capability is already enabled	# root capability is already enabled
}	}
return $<;	return $>;
}	}

sub disable_root_capability {	sub disable_root_capability {
if ($wwwid==$>) {	if ($wwwid==$<) {
($<,$>)=($>,$<);	($<,$>)=($>,$<);
($(,$))=($),$();	($(,$))=($),$();
}	}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.1
changed lines
	Added in v.1.3