File:  [LON-CAPA] / loncom / pwchange
Revision 1.10: download - view: text, annotated - select for diffs
Fri Jul 17 02:20:59 2009 UTC (15 years, 5 months ago) by raeburn
Branches: MAIN
CVS tags: version_2_9_X, version_2_9_99_0, version_2_9_1, version_2_9_0, version_2_8_99_1, version_2_8_99_0, version_2_12_X, version_2_11_X, version_2_11_5_msu, version_2_11_5, version_2_11_4_uiuc, version_2_11_4_msu, version_2_11_4, version_2_11_3_uiuc, version_2_11_3_msu, version_2_11_3, version_2_11_2_uiuc, version_2_11_2_msu, version_2_11_2_educog, version_2_11_2, version_2_11_1, version_2_11_0_RC3, version_2_11_0_RC2, version_2_11_0_RC1, version_2_11_0, version_2_10_X, version_2_10_1, version_2_10_0_RC2, version_2_10_0_RC1, version_2_10_0, loncapaMITrelate_1, language_hyphenation_merge, language_hyphenation, bz6209-base, bz6209, bz2851, PRINT_INCOMPLETE_base, PRINT_INCOMPLETE, HEAD, GCI_3, GCI_2, BZ4492-merge, BZ4492-feature_horizontal_radioresponse, BZ4492-feature_Support_horizontal_radioresponse, BZ4492-Support_horizontal_radioresponse
--stdin option not available with system passwd command in debian/ubuntu
 - use system call to usermod instead.

#!/usr/bin/perl

# The Learning Online Network with CAPA
#
# pwchange - setuid script to change unix passwords
#
# YEAR=2001
#
# YEAR=2002
# 02/19 Matthew Hall
#
# $Id: pwchange,v 1.10 2009/07/17 02:20:59 raeburn Exp $
###

use strict;
my $noprint = 1;



print "In pwchange\n" unless $noprint;
print "Real uid = $< effective uid = $> \n" unless $noprint;
# ------------------------------------------------------------------ Untainting
$ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information.
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints

# ---------------------------- Make sure this process is running from user=root

if (0 != $<) {
    print "Username not root" unless $noprint;
   exit 1;
}
# ----------------------------------------------- If not running setuid as root
if ($>!=0) {
    print "Not setuid to root" unless $noprint;
    exit 1;
}

# ----------------------------------------------- Make sure arguments are valid
my $user=shift @ARGV;
$user=~/^(\w+)$/;
my $safe=$1;
print "Save user = $safe" unless $noprint;

my $pword=<>;
chomp $pword;
unless (length($safe) and ($user eq $safe) and ($safe=~/^[A-Za-z]/)) {
    exit 2;
}
print "Password = $pword" unless $noprint;
my $pbad=0;
foreach (split(//,$pword)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} 
exit 3 if $pbad;

# --------------------------------------------------------- Call system command
my $distro;
if (open(PIPE,"perl distprobe|")) {
    $distro = <PIPE>;
    close(PIPE);
}
if ($distro =~ /^ubuntu|debian/) {
    open(OUT,"|/usr/sbin/usermod -p `mkpasswd $pword` $safe");
    close(OUT);
} else {
    open(OUT,"|passwd --stdin $safe >/dev/null");
    print OUT $pword;
    print OUT "\n";
    close(OUT);
}

# --------------------------------------- exit with status of command execution
exit $?/256;

=head1 NAME

pwchange - setuid script to change unix passwords

=head1 DESCRIPTION

Setuid script to change unix passwords.

=head1 README

Setuid script to change unix passwords.

=head1 PREREQUISITES

=head1 COREQUISITES

=pod OSNAMES

linux

=pod SCRIPT CATEGORIES

LONCAPA/Administrative

=cut

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>