version 1.5, 2001/11/16 06:10:41
|
version 1.10, 2009/07/17 02:20:59
|
Line 5
|
Line 5
|
# pwchange - setuid script to change unix passwords |
# pwchange - setuid script to change unix passwords |
# |
# |
# YEAR=2001 |
# YEAR=2001 |
# 10/23,11/13,11/15 Scott Harrison |
# |
|
# YEAR=2002 |
|
# 02/19 Matthew Hall |
# |
# |
# $Id$ |
# $Id$ |
### |
### |
|
|
use strict; |
use strict; |
|
my $noprint = 1; |
|
|
|
|
|
|
|
print "In pwchange\n" unless $noprint; |
|
print "Real uid = $< effective uid = $> \n" unless $noprint; |
# ------------------------------------------------------------------ Untainting |
# ------------------------------------------------------------------ Untainting |
$ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information. |
$ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information. |
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints |
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints |
|
|
# ---------------------------- Make sure this process is running from user=root |
# ---------------------------- Make sure this process is running from user=root |
my $wwwid=getpwnam('www'); |
|
if (0!=$<) { |
if (0 != $<) { |
|
print "Username not root" unless $noprint; |
exit 1; |
exit 1; |
} |
} |
# ----------------------------------------------- If not running setuid as root |
# ----------------------------------------------- If not running setuid as root |
if ($>!=0) { |
if ($>!=0) { |
|
print "Not setuid to root" unless $noprint; |
exit 1; |
exit 1; |
} |
} |
|
|
Line 30 if ($>!=0) {
|
Line 39 if ($>!=0) {
|
my $user=shift @ARGV; |
my $user=shift @ARGV; |
$user=~/^(\w+)$/; |
$user=~/^(\w+)$/; |
my $safe=$1; |
my $safe=$1; |
|
print "Save user = $safe" unless $noprint; |
|
|
my $pword=<>; |
my $pword=<>; |
chomp $pword; |
chomp $pword; |
unless (length($safe) and ($user eq $safe) and ($safe=~/^[A-Za-z]/)) { |
unless (length($safe) and ($user eq $safe) and ($safe=~/^[A-Za-z]/)) { |
exit 2; |
exit 2; |
} |
} |
|
print "Password = $pword" unless $noprint; |
my $pbad=0; |
my $pbad=0; |
map {if (($_<32)&&($_>126)){$pbad=1;}} (split(//,$pword)); |
foreach (split(//,$pword)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
exit 3 if $pbad; |
exit 3 if $pbad; |
|
|
# --------------------------------------------------------- Call system command |
# --------------------------------------------------------- Call system command |
open OUT,"|passwd --stdin $safe >/dev/null"; |
my $distro; |
print OUT $pword; |
if (open(PIPE,"perl distprobe|")) { |
print OUT "\n"; |
$distro = <PIPE>; |
close OUT; |
close(PIPE); |
|
} |
|
if ($distro =~ /^ubuntu|debian/) { |
|
open(OUT,"|/usr/sbin/usermod -p `mkpasswd $pword` $safe"); |
|
close(OUT); |
|
} else { |
|
open(OUT,"|passwd --stdin $safe >/dev/null"); |
|
print OUT $pword; |
|
print OUT "\n"; |
|
close(OUT); |
|
} |
|
|
# --------------------------------------- exit with status of command execution |
# --------------------------------------- exit with status of command execution |
exit $?/256; |
exit $?/256; |