loncom/lchtmldir - diff

Return to lchtmldir CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/Attic/lchtmldir between versions 1.15 and 1.22

version 1.15, 2005/01/26 12:13:58	version 1.22, 2010/10/12 09:53:45
Line 2	Line 2

# The Learning Online Network with CAPA	# The Learning Online Network with CAPA
#	#
	# $Id$
	#
# Copyright Michigan State University Board of Trustees	# Copyright Michigan State University Board of Trustees
#	#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).	# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
Line 41	Line 43
# NSCL	# NSCL
# Michigan State University8	# Michigan State University8
# East Lansing, MI 48824-1321	# East Lansing, MI 48824-1321
	#
# General flow of control:	# General flow of control:
# 1. Validate process state (must be run as www).	# 1. Validate process state (must be run as www).
# 2. Validate parameters: Need two parameters:	# 2. Validate parameters: Need two parameters:
Line 61	Line 63
# - internal - www:www/2775	# - internal - www:www/2775
# - local - www:www/2775	# - local - www:www/2775
#	#
	#
#	#
# Take a few precautions to be sure that we're not vulnerable to trojan	# Take a few precautions to be sure that we're not vulnerable to trojan
# horses and other fine issues:	# horses and other fine issues:
Line 70 use strict;	Line 72 use strict;
use Fcntl qw(:mode);	use Fcntl qw(:mode);
use DirHandle;	use DirHandle;
use POSIX;	use POSIX;
	use lib '/home/httpd/lib/perl/';
	use LONCAPA qw(:match);

$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl';	$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl';
delete @ENV{qw{IFS CDPATH ENV BASH_ENV}};	delete @ENV{qw{IFS CDPATH ENV BASH_ENV}};

my $DEBUG = 1; # .nonzero -> Debug printing enabled.	my $DEBUG = 0; # .nonzero -> Debug printing enabled.
my $path_sep = "/"; # Unix like operating systems.	my $path_sep = "/"; # Unix like operating systems.


Line 84 if ($DEBUG) {	Line 88 if ($DEBUG) {
print("Checking uid...\n");	print("Checking uid...\n");
}	}
my $wwwid = getpwnam('www');	my $wwwid = getpwnam('www');
&DisableRoot;
if($wwwid != $>) {	if($wwwid != $<) {
if ($DEBUG) {	if ($DEBUG) {
print("User ID incorrect. This program must be run as user 'www'\n");	print("User ID incorrect. This program must be run as user 'www'\n");
}	}
Line 125 if( $authentication ne "unix:" &&	Line 129 if( $authentication ne "unix:" &&
$authentication ne "localauth:") {	$authentication ne "localauth:") {
if($DEBUG) {	if($DEBUG) {
print("Invalid authentication parameter: ".$authentication."\n");	print("Invalid authentication parameter: ".$authentication."\n");
print("Should be one of: unix, internal, krb4, localauth\n");	print("Should be one of-- unix: internal: krb4: krb5: localauth:\n");
}	}
exit 3;	exit 3;
}	}

# Untaint the username.	# Untaint the username.

my $match = $username =~ /^(\w+)$/;	my $match = $username =~ /^($match_username)$/;
my $patt = $1;	my $patt = $1;

if($DEBUG) {	if($DEBUG) {
Line 144 my $safeuser = $patt;	Line 148 my $safeuser = $patt;
if($DEBUG) {	if($DEBUG) {
print("Save username = $safeuser \n");	print("Save username = $safeuser \n");
}	}
if(($username ne $safeuser) or ($safeuser!~/^[A-za-z]/)) {	if($username ne $safeuser) {
if($DEBUG) {	if($DEBUG) {
print("User name $username had illegal characters\n");	print("User name $username had illegal characters\n");
}	}
Line 154 if(($username ne $safeuser) or ($safeuse	Line 158 if(($username ne $safeuser) or ($safeuse
#untaint the base directory require that the dir contain only	#untaint the base directory require that the dir contain only
# alphas, / numbers or underscores, and end in /$safeuser	# alphas, / numbers or underscores, and end in /$safeuser

$dir =~ /(^([\w\/]+))/;

my $dirtry1 = $1;

$dir =~ /$\/$safeuser/;	my ($allowed_dir) = ($dir =~ m{(^([/]\|$match_username)+)});
my $dirtry2 = $1;

if(($dirtry1 ne $dir) or ($dirtry2 ne $dir)) {	my $has_correct_end = ($dir =~ m{/\Q$safeuser\E$});

	if(($allowed_dir ne $dir) or (!$has_correct_end)) {
if ($DEBUG) {	if ($DEBUG) {
print("Directory $dir is not a valid home for $safeuser\n");	print("Directory $dir is not a valid home for $safeuser\n");
}	}
exit 5;	exit 5;
}	}


# As root, create the directory.	# As root, create the directory.

my $homedir = $dirtry1;	my $homedir = $allowed_dir;
my $fulldir = $homedir."/public_html";	my $fulldir = $homedir."/public_html";

if($DEBUG) {	if($DEBUG) {
print("Full directory path is: $fulldir \n");	print("Full directory path is: $fulldir \n");
}	}
if(!( -e $dirtry1)) {	if(!( -e $homedir)) {
if($DEBUG) {	if($DEBUG) {
print("User's home directory $dirtry1 does not exist\n");	print("User's home directory $homedir does not exist\n");
}	}
if ($authentication eq "unix:") {	if ($authentication eq "unix:") {
exit 6;	exit 6;
}	}
}	}
	if ($authentication eq "unix:") {
	# check whether group $safeuser exists.
	my $usergroups = `id -nG $safeuser`;
	if (! grep /^$safeuser$/, split(/\s+/,$usergroups)) {
	if($DEBUG) {
	print("Group \"$safeuser\" does not exist or $safeuser is not a member of that group.\n");
	}
	exit 7;
	}
	}



&EnableRoot;	&EnableRoot;

	# If authentication is internal and the top level directory exists
	# give it the right permissions (in case this is a modification.

	if ($authentication eq "internal:") {
	chmod(0711, $homedir); # so www can enter ~/public_html.
	}

&System("/bin/mkdir -p $fulldir") unless (-e $fulldir);	&System("/bin/mkdir -p $fulldir") unless (-e $fulldir);
unless(-e $fulldir."/index.html") {	unless(-e $fulldir."/index.html") {
open OUT,">".$fulldir."/index.html";	open OUT,">".$fulldir."/index.html";

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.15
changed lines
	Added in v.1.22