Annotation of loncom/lcuseradd, revision 1.4

1.1       harris41    1: #!/usr/bin/perl
                      2: #
                      3: # lcuseradd
                      4: #
                      5: # Scott Harrison
                      6: # October 27, 2000
                      7: 
                      8: use strict;
                      9: 
                     10: # This script is a setuid script that should
                     11: # be run by user 'www'.  It creates a /home/USERNAME directory
                     12: # as well as a /home/USERNAME/public_html directory.
                     13: # It adds user entries to
                     14: # /etc/passwd and /etc/groups.
1.2       harris41   15: # Passwords are set with lcpasswd.
                     16: # www becomes a member of this user group.
1.1       harris41   17: 
                     18: # Standard input usage
                     19: # First line is USERNAME
                     20: # Second line is PASSWORD
1.3       harris41   21: # Third line is PASSWORD
1.1       harris41   22: 
1.3       harris41   23: # Command-line arguments [USERNAME] [PASSWORD] [PASSWORD]
1.1       harris41   24: # Yes, but be very careful here (don't pass shell commands)
                     25: # and this is only supported to allow perl-system calls.
                     26: 
1.4     ! harris41   27: # Usage within code
        !            28: #
        !            29: # $exitcode=system("/home/httpd/perl/lcuseradd","NAME","PASSWORD1","PASSWORD2")/256;
        !            30: # print "uh-oh" if $exitcode;
        !            31: 
        !            32: # These are the exit codes.
        !            33: 
1.1       harris41   34: # Security
                     35: $ENV{'PATH'}=""; # Nullify path information.
                     36: $ENV{'BASH_ENV'}=""; # Nullify shell environment information.
1.2       harris41   37: 
1.4     ! harris41   38: # Do not print error messages if there are command-line arguments
        !            39: my $noprint=0;
        !            40: if (@ARGV) {
        !            41:     $noprint=1;
        !            42: }
        !            43: 
        !            44: # Read in /etc/passwd, and make sure this process is running from user=www
        !            45: open (IN, "</etc/passwd");
        !            46: my @lines=<IN>;
        !            47: close IN;
        !            48: my $wwwid;
        !            49: for my $l (@lines) {
        !            50:     chop $l;
        !            51:     my @F=split(/\:/,$l);
        !            52:     if ($F[0] eq 'www') {$wwwid=$F[2];}
        !            53: }
        !            54: if ($wwwid!=$<) {
        !            55:     print("User ID mismatch.  This program must be run as user 'www'\n") unless $noprint;
        !            56:     exit 1;
        !            57: }
        !            58: &disable_root_capability;
        !            59: 
        !            60: # Handle case of another lcpasswd process
        !            61: unless (&try_to_lock("/tmp/lock_lcpasswd")) {
        !            62:     print "Error. Too many other simultaneous password change requests being made.\n" unless $noprint;
        !            63:     exit 4;
        !            64: }
        !            65: 
        !            66: # Gather input.  Should be 3 values (user name, password 1, password 2).
        !            67: my @input;
        !            68: if (@ARGV==1) {
        !            69:     @input=@ARGV;
        !            70: }
        !            71: elsif (@ARGV) {
        !            72:     print("Error. This program needs 3 command-line arguments (username, password 1, password 2).\n") unless $noprint;
        !            73:     unlink('/tmp/lock_lcpasswd');
        !            74:     exit 2;
        !            75: }
        !            76: else {
        !            77:     @input=<>;
        !            78:     if (@input!=1) {
        !            79: 	print("Error. Three lines should be entered into standard input.\n") unless $noprint;
        !            80: 	unlink('/tmp/lock_lcpasswd');
        !            81: 	exit 3;
        !            82:     }
        !            83:     map {chop} @input;
        !            84: }
        !            85: 
        !            86: my ($username,$password1,$password2)=@input;
        !            87: $username=~/^(\w+)$/;
        !            88: my $safeusername=$1;
        !            89: $password1=~/^(\w+)$/;
        !            90: my $password1=$1;
        !            91: $password2=~/^(\w+)$/;
        !            92: my $safepassword2=$1;
        !            93: 
        !            94: &enable_root_capability;
        !            95: 
1.3       harris41   96: # Add user entry to /etc/passwd and /etc/groups in such
                     97: # a way that www is a member of the user-specific group
                     98: 
1.4     ! harris41   99: # This command 'should' make the user be a member of just
        !           100: 
        !           101: if (system('/usr/sbin/useradd','-c','LON-CAPA user','-G','www',$safeusername)) {
        !           102:     print "Error.  Something went wrong with the addition of user \"$safeusername\".\n";
        !           103:     unlink('/tmp/lock_lcpasswd');
        !           104:     exit 5;
        !           105: }
1.2       harris41  106: 
                    107: # Set password with lcpasswd (which creates smbpasswd entry).
1.1       harris41  108: 

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>