--- loncom/lcnfson 2000/11/02 20:48:13 1.1 +++ loncom/lcnfson 2007/08/22 19:53:22 1.5 @@ -1,10 +1,19 @@ #!/usr/bin/perl -# Scott Harrison -# SH: November 2, 2000 - use strict; +# $Id: lcnfson,v 1.5 2007/08/22 19:53:22 albertel Exp $ + +# This script is a setuid script (chmod 6755; chown root:root). +# It enables nfs/portmap services for a specific user at +# a specific ip address. + +# Exit codes. 0=ok. Higher than 0 means something went wrong. +# Usage within code +# +# $exitcode=system("/home/httpd/perl/lcuseradd","NAME","IPADDRESS")/256; +# print "uh-oh" if $exitcode; + # Security $ENV{'PATH'}=""; # Nullify path information. $ENV{'BASH_ENV'}=""; # Nullify shell environment information. @@ -36,21 +45,21 @@ unless (&try_to_lock("/tmp/lock_lcnfs")) print "Error. Too many other simultaneous nfs change requests being made.\n" unless $noprint; exit 4; } -# Gather input. Should be 3 values (user name, password 1, password 2). +# Gather input. Should be 2 values (user name, numeric ip address). my @input; if (@ARGV==3) { @input=@ARGV; } elsif (@ARGV) { - print("Error. This program needs 3 command-line arguments (username, password 1, password 2).\n") unless $noprint; - unlink('/tmp/lock_lcpasswd'); + print("Error. This program needs 2 command-line arguments (username, numeric ip address).\n") unless $noprint; + unlink('/tmp/lock_lcnfs'); exit 2; } else { @input=<>; - if (@input!=3) { - print("Error. Three lines should be entered into standard input.\n") unless $noprint; - unlink('/tmp/lock_lcpasswd'); + if (@input!=2) { + print("Error. Two lines should be entered into standard input.\n") unless $noprint; + unlink('/tmp/lock_lcnfs'); exit 3; } map {chop} @input; @@ -61,7 +70,7 @@ $username=~/^(\w+)$/; my $safeusername=$1; if ($username ne $safeusername) { print "Error. The user name specified has invalid characters.\n"; - unlink('/tmp/lock_nfs'); + unlink('/tmp/lock_lcnfs'); exit 9; } @@ -81,7 +90,7 @@ $ipaddress=~/^([\w|\.]*)$/; my $safeipaddress=$1; if ($ipaddress ne $safeipaddress) { print "Error. The IP address must be numeric and of the form ##.##.##.##.\n"; - unlink('/tmp/lock_nfs'); + unlink('/tmp/lock_lcnfs'); exit 8; } @@ -94,13 +103,13 @@ if ($status=~/is stopped/) { # Add entry to /etc/exports my $exports=`/bin/cat /etc/exports`; $exports="\n$exports"; -my $entry="/home/$safeusername $safeipaddress(rw,all_squash,anonuid=$uid,anongid=$gid\n"; +my $entry="/home/$safeusername $safeipaddress(rw,all_squash,anonuid=$uid,anongid=$gid)\n"; if ($exports=~/\n\/home\/$safeusername\s+$safeipaddress\(rw,all_squash,anonuid=$uid,anongid=$gid\)/) { print "Error. /etc/exports already has this entry enabled.\n"; - unlink('/tmp/lock_nfs'); + unlink('/tmp/lock_lcnfs'); exit 7; } -open (OUT,">>/etc/exports); +open (OUT,">>/etc/exports"); print OUT $entry; close OUT; @@ -109,16 +118,20 @@ system('/usr/sbin/exportfs','-r'); # Add entry /etc/hosts.allow my $hostsallow=`/bin/cat /etc/hosts.allow`; -my $entry="# $safeusername\nportmap $safeipaddress\n"; -if ($hostsallow=~/\n\# $safeusername\s*\nportmap $safeipaddress\n/) { +my $entry="# $safeusername\nportmap: $safeipaddress\n"; +if ($hostsallow=~/\n\# $safeusername\s*\nportmap: $safeipaddress\n/) { print "Error. /etc/hosts already has this entry enabled.\n"; - unlink('/tmp/lock_nfs'); + unlink('/tmp/lock_lcnfs'); exit 6; } open (OUT,">>/etc/hosts.allow"); print OUT $entry; close OUT; +&disable_root_capability; +unlink('/tmp/lock_lcnfs'); +exit 0; + # ----------------------------------------------------------- have setuid script run as root sub enable_root_capability { if ($wwwid==$>) {