|
version 1.14, 2002/02/14 22:09:14
|
version 1.18, 2002/09/19 02:02:59
|
|
Line 1
|
Line 1
|
| #!/usr/bin/perl |
#!/usr/bin/perl |
| |
|
| # The Learning Online Network with CAPA |
# The Learning Online Network with CAPA |
| # |
# |
| # lcpasswd - LON-CAPA setuid script to synchronously change all |
# lcpasswd - LON-CAPA setuid script to synchronously change all |
|
Line 10
|
Line 9
|
| # |
# |
| # YEAR=2001 |
# YEAR=2001 |
| # 10/22,10/23,11/13,11/15 Scott Harrison |
# 10/22,10/23,11/13,11/15 Scott Harrison |
| |
# |
| |
# YEAR=2002 |
| |
# 02/19 Matthew Hall |
| # |
# |
| # $Id$ |
# $Id$ |
| ### |
### |
|
Line 44 use strict;
|
Line 46 use strict;
|
| # |
# |
| # Standard input usage |
# Standard input usage |
| # First line is USERNAME |
# First line is USERNAME |
| # Second line is CURRENT PASSWORD |
# Second line is NEW PASSWORD |
| # Third line is NEW PASSWORD |
# Third line is NEW PASSWORD |
| # |
# |
| # Valid passwords must consist of the |
# Valid passwords must consist of the |
|
Line 92 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}
|
Line 94 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}
|
| # Do not print error messages |
# Do not print error messages |
| my $noprint=1; |
my $noprint=1; |
| |
|
| |
print "In lcpasswd" unless $noprint; |
| |
|
| # ----------------------------- Make sure this process is running from user=www |
# ----------------------------- Make sure this process is running from user=www |
| my $wwwid=getpwnam('www'); |
my $wwwid=getpwnam('www'); |
| &disable_root_capability; |
&disable_root_capability; |
|
Line 131 if (($username ne $safeusername) or ($sa
|
Line 135 if (($username ne $safeusername) or ($sa
|
| exit 9; |
exit 9; |
| } |
} |
| my $pbad=0; |
my $pbad=0; |
| foreach (split(//,$password1)) {if (($_<32)&&($_>126)){$pbad=1;}} |
foreach (split(//,$password1)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
| foreach (split(//,$password2)) {if (($_<32)&&($_>126)){$pbad=1;}} |
foreach (split(//,$password2)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
| if ($pbad) { |
if ($pbad) { |
| print "Error. A password entry had an invalid character.\n"; |
print "Error. A password entry had an invalid character.\n"; |
| unlink('/tmp/lock_lcpasswd'); |
unlink('/tmp/lock_lcpasswd'); |
|
Line 152 unless(getpwnam($safeusername)) {
|
Line 156 unless(getpwnam($safeusername)) {
|
| unlink('/tmp/lock_lcpasswd'); |
unlink('/tmp/lock_lcpasswd'); |
| exit 5; |
exit 5; |
| } |
} |
| |
|
| &enable_root_capability; |
&enable_root_capability; |
| ($>,$<)=(0,0); |
($>,$<)=(0,0); |
| |
|
| |
print "Now $> , $< , -invoking pwchange with $safeusername $password1" |
| |
unless $noprint; |
| open OUT,"|pwchange $safeusername"; |
open OUT,"|pwchange $safeusername"; |
| print OUT $password1; |
print OUT $password1; |
| print OUT "\n"; |
print OUT "\n"; |
| close OUT; |
close OUT; |
| ($>,$<)=(0,500); |
($>,$<)=(0,500); |
| |
|
| |
print "pwchange done, back to uid 500" unless $noprint; |
| |
|
| if ($?) { |
if ($?) { |
| exit 8; |
exit 8; |
| } |
} |
|
Line 170 if (-e '/usr/bin/smbpasswd') {
|
Line 178 if (-e '/usr/bin/smbpasswd') {
|
| |
|
| ($>,$<)=(0,0); # fool smbpasswd here to think this is not a setuid |
($>,$<)=(0,0); # fool smbpasswd here to think this is not a setuid |
| # environment |
# environment |
| unless (-e '/etc/smbpasswd') { |
|
| open (OUT,'>/etc/smbpasswd'); close OUT; |
|
| } |
|
| |
|
| my $smbexist=0; |
# If the -a swithc is put on the smbpasswd |
| open (IN, '</etc/smbpasswd'); |
# command line, either a new entry will be created or the old one |
| my @lines=<IN>; |
# will be used. |
| close IN; |
# Therefore the old strategy of looking for and adding a dummy entry is |
| for my $l (@lines) { |
# not needed... Finally, the smbpasswd file is in /etc/samba not |
| chop $l; |
# /etc/smbpasswd as older versions of the script implied. |
| my @F=split(/\:/,$l); |
|
| if ($F[0] eq $username) {$smbexist=1;} |
|
| } |
|
| unless ($smbexist) { |
|
| open(OUT,'>>/etc/smbpasswd'); |
|
| print OUT join(':',($safeusername,$userid, |
|
| 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXX'. |
|
| 'XXXXXXXXXXXXXXXXXX','','/home/'.$safeusername, |
|
| '/bin/bash')) . "\n"; |
|
| close OUT; |
|
| } |
|
| |
|
| open(OUT,"|/usr/bin/smbpasswd -s $safeusername>/dev/null") or |
print "Running smbpasswd" unless $noprint; |
| |
open(OUT,"|/usr/bin/smbpasswd -s -a $safeusername>/dev/null") or |
| die('cannot run smbpasswd'); |
die('cannot run smbpasswd'); |
| print OUT $password2; print OUT "\n"; |
print OUT $password2; print OUT "\n"; |
| print OUT $password2; print OUT "\n"; |
print OUT $password2; print OUT "\n"; |
| close OUT; |
close OUT; |
| $<=$wwwid; # unfool the program |
$<=$wwwid; # unfool the program |
| |
print "smbpasswd done" unless $noprint; |
| } |
} |
| |
|
| &disable_root_capability; |
&disable_root_capability; |
|
Line 207 exit 0;
|
Line 203 exit 0;
|
| # ---------------------------------------------- have setuid script run as root |
# ---------------------------------------------- have setuid script run as root |
| sub enable_root_capability { |
sub enable_root_capability { |
| if ($wwwid==$>) { |
if ($wwwid==$>) { |
| ($<,$>)=($>,$<); |
($<,$>)=($>,0); |
| ($(,$))=($),$(); |
($(,$))=($),0); |
| } |
} |
| else { |
else { |
| # root capability is already enabled |
# root capability is already enabled |
![[BACK]](/icons/back.gif){kind=icon}
Return to lcpasswd CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom