Annotation of loncom/pwchange, revision 1.9

1.1       harris41    1: #!/usr/bin/perl
                      2: 
1.4       harris41    3: # The Learning Online Network with CAPA
1.2       harris41    4: #
                      5: # pwchange - setuid script to change unix passwords
                      6: #
                      7: # YEAR=2001
                      8: #
1.6       matthew     9: # YEAR=2002
                     10: # 02/19 Matthew Hall
                     11: #
1.9     ! harris41   12: # $Id: pwchange,v 1.8 2002/09/19 02:02:59 foxr Exp $
1.2       harris41   13: ###
                     14: 
1.1       harris41   15: use strict;
1.7       foxr       16: my $noprint = 1;
1.2       harris41   17: 
1.8       foxr       18: 
                     19: 
                     20: print "In pwchange\n" unless $noprint;
                     21: print "Real uid = $< effective uid = $> \n" unless $noprint;
1.2       harris41   22: # ------------------------------------------------------------------ Untainting
1.1       harris41   23: $ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information.
1.2       harris41   24: delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
1.1       harris41   25: 
1.5       harris41   26: # ---------------------------- Make sure this process is running from user=root
1.8       foxr       27: 
                     28: if (0 != $<) {
                     29:     print "Username not root" unless $noprint;
1.2       harris41   30:    exit 1;
                     31: }
                     32: # ----------------------------------------------- If not running setuid as root
1.1       harris41   33: if ($>!=0) {
1.7       foxr       34:     print "Not setuid to root" unless $noprint;
1.1       harris41   35:     exit 1;
                     36: }
                     37: 
1.2       harris41   38: # ----------------------------------------------- Make sure arguments are valid
1.1       harris41   39: my $user=shift @ARGV;
                     40: $user=~/^(\w+)$/;
                     41: my $safe=$1;
1.7       foxr       42: print "Save user = $safe" unless $noprint;
                     43: 
1.1       harris41   44: my $pword=<>;
                     45: chomp $pword;
                     46: unless (length($safe) and ($user eq $safe) and ($safe=~/^[A-Za-z]/)) {
                     47:     exit 2;
                     48: }
1.7       foxr       49: print "Password = $pword" unless $noprint;
1.1       harris41   50: my $pbad=0;
1.6       matthew    51: foreach (split(//,$pword)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} 
1.1       harris41   52: exit 3 if $pbad;
                     53: 
1.2       harris41   54: # --------------------------------------------------------- Call system command
1.1       harris41   55: open OUT,"|passwd --stdin $safe >/dev/null";
                     56: print OUT $pword;
                     57: print OUT "\n";
                     58: close OUT;
                     59: 
1.2       harris41   60: # --------------------------------------- exit with status of command execution
1.1       harris41   61: exit $?/256;
1.2       harris41   62: 
                     63: =head1 NAME
                     64: 
                     65: pwchange - setuid script to change unix passwords
                     66: 
                     67: =head1 DESCRIPTION
                     68: 
                     69: Setuid script to change unix passwords.
                     70: 
                     71: =head1 README
                     72: 
                     73: Setuid script to change unix passwords.
                     74: 
                     75: =head1 PREREQUISITES
                     76: 
                     77: =head1 COREQUISITES
                     78: 
                     79: =pod OSNAMES
                     80: 
                     81: linux
                     82: 
                     83: =pod SCRIPT CATEGORIES
                     84: 
                     85: LONCAPA/Administrative
                     86: 
                     87: =cut

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>