--- loncom/Attic/lchtmldir 2002/04/27 12:01:50 1.1 +++ loncom/Attic/lchtmldir 2004/10/18 10:56:50 1.9 @@ -115,10 +115,10 @@ if($DEBUG) { } -if( $authentication ne "unix" && - $authentication ne "internal" && - $authentication ne "krb4" && - $authentication ne "localauth") { +if( $authentication ne "unix:" && + $authentication ne "internal:" && + $authentication !~ /^krb(4|5):(.*)/ && + $authentication ne "localauth:") { if($DEBUG) { print("Invalid authentication parameter: ".$authentication."\n"); print("Should be one of: unix, internal, krb4, localauth\n"); @@ -167,7 +167,9 @@ if(($dirtry1 ne $dir) or ($dirtry2 ne $d # As root, create the directory. -my $fulldir = $dirtry1."/public_html"; +my $homedir = $dirtry1; +my $fulldir = $homedir."/public_html"; + if($DEBUG) { print("Full directory path is: $fulldir \n"); } @@ -175,11 +177,13 @@ if(!( -e $dirtry1)) { if($DEBUG) { print("User's home directory $dirtry1 does not exist\n"); } - exit 6; + if ($authentication eq "unix:") { + exit 6; + } } &EnableRoot; -&System("/bin/mkdir $fulldir") unless (-e $fulldir); +&System("/bin/mkdir -p $fulldir") unless (-e $fulldir); unless(-e $fulldir."/index.html") { open OUT,">".$fulldir."/index.html"; print OUT< $safeuser - -

$safeuser

+ +

$safeuser Construction Space

+

+ The LearningOnline Network with Computer-Assisted Personalized Approach +

- Learning Online Network +This is your construction space within LON-CAPA, where you would construct resources which are meant to be +used across courses and institutions.

- This area provides for: +Material within this area can only be seen and edited by $safeuser and designated co-authors. To make +it available to students and other instructors, the material needs to be published.

- END close OUT; } + &System("/bin/chmod 02775 $fulldir"); &System("/bin/chmod 0775 $fulldir"."/index.html"); # Based on the authentiation mode, set the ownership of the directory. -if($authentication eq "unix") { # Unix mode authentication... - - - &System("/bin/chown -R $username".":".$username." ".$fulldir); - &JoinGroup($username); - - -} -elsif ($authentication eq "internal") { # Internal authentication. +if($authentication eq "unix:") { # Unix mode authentication... + &System("/bin/chown -R $safeuser".":".$safeuser." ".$fulldir); + &JoinGroup($safeuser); +} else { + # Internal, Kerberos, and Local authentication are for users + # who do not have unix accounts on the system. Therefore we + # will give ownership of their public_html directories to www:www + # If the user is an internal auth user, the rest of the directory tree + # gets owned by root. This chown is needed in case what's really happening + # is that a file system user is being demoted to internal user... - &System("/bin/chown -R www:www $fulldir"); -} -elsif ($authentication eq "krb4") { # Kerberos version 4 authentication - &System("/bin/chwon -R $username".':'.$username." ".$fulldir); - &JoinGroup($username); -} -elsif ($authentication eq "localauth") { # Local authentiation - &System("/bin/chown -R $username".':'.$username." $fulldir"); -} -else { - if($DEBUG) { - print("Authentication not legal".$authentication); + if($authentication eq "internal:") { + &System("/bin/chown -R root:root ".$homedir); } - &DisableRoot; - exit 5; - + &System("/bin/chown -R www:www ".$fulldir); } &DisableRoot; @@ -261,7 +255,7 @@ sub EnableRoot { # root capability is already enabled } if($DEBUG) { - print("Enable Root - id = $> \n"); + print("Enable Root - id = $> $<\n"); } return $>; } @@ -283,6 +277,9 @@ sub JoinGroup { my $usergroup = shift; my $groups = `/usr/bin/groups www`; + # untaint + my ($safegroups)=($groups=~/:\s+([\s\w]+)/); + $groups=$safegroups; chomp $groups; $groups=~s/^\S+\s+\:\s+//; my @grouplist=split(/\s+/,$groups); my @ugrouplist=grep {!/www|$usergroup/} @grouplist; @@ -300,11 +297,11 @@ sub JoinGroup { sub System { - my $command = shift; + my ($command,@args) = @_; if($DEBUG) { - print("system: $command \n"); + print("system: $command with args ".join(' ',@args)."\n"); } - system($command); + system($command,@args); }