Diff for /loncom/lcpasswd between versions 1.1 and 1.2

version 1.1, 2000/10/27 19:50:24 version 1.2, 2000/10/27 22:02:23
Line 14  use strict; Line 14  use strict;
 # Third line is NEW PASSWORD  # Third line is NEW PASSWORD
   
 # Security  # Security
 $ENV{'PATH'}=""; # Nullify path information.  $ENV{'PATH'}="/bin:/usr/bin"; # Nullify path information except for what smbpasswd needs
 $ENV{'BASH_ENV'}=""; # Nullify shell environment information.  $ENV{'BASH_ENV'}=""; # Nullify shell environment information.
   
 open (IN, "</etc/passwd");  open (IN, "</etc/passwd");
Line 30  if ($wwwid!=$<) { Line 30  if ($wwwid!=$<) {
     print("User ID mismatch.  This program must be run as user 'www'\n");      print("User ID mismatch.  This program must be run as user 'www'\n");
     exit 0;      exit 0;
 }  }
   &disable_root_capability;
 if (@ARGV) {  if (@ARGV) {
     print("Error. This program does not accept command-line arguments.\n");      print("Error. This program does not accept command-line arguments.\n");
     exit 0;      exit 0;
Line 70  if (crypt($oldpwd,$useroldcryptpwd) ne $ Line 71  if (crypt($oldpwd,$useroldcryptpwd) ne $
     exit 0;      exit 0;
 }  }
   
 # Construct new password entry  # Construct new password entry (random salt)
 my $newcryptpwd=crypt($newpwd,$newpwd);  my $newcryptpwd=crypt($newpwd,(join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]));
 $U[1]=$newcryptpwd;  $U[1]=$newcryptpwd;
 my $userline=join(":",@U);  my $userline=join(":",@U);
 print $newcryptpwd;  my $rootid=&enable_root_capability;
 print $userline;  if ($rootid!=0) {
 #my $rootid=&enable_root_capability;      print "Error.  Root was not successfully enabled.\n";
 #if ($rootid!=0) {      exit 0;
 #    print "Error.  Root was not successfully enabled.\n";  }
 #    exit 0;  open PASSWORDFILE, ">/etc/passwd" or die("Cannot open /etc/passwd!");
 #}  
 # open SAMBAPASSWORDFILE, ">/etc/smbpasswd";  
  ($<,$>)=($>,$<);  
  ($(,$))=($),$();  
 open PASSWORDFILE, "/tmp/passwd2" or die("Cannot open /etc/passwd!");  
 for my $l (@lines) {  for my $l (@lines) {
     @F=split(/\:/,$l);      @F=split(/\:/,$l);
     if ($F[0] eq $username) {print PASSWORDFILE "$userline\n";}      if ($F[0] eq $username) {print PASSWORDFILE "$userline\n";}
     else {print PASSWORDFILE "$l\n";}      else {print PASSWORDFILE "$l\n";}
 }  }
 close PASSWORDFILE;  close PASSWORDFILE;
 # close SAMBAPASSWORDFILE;  $username=~/^(\w+)$/;
   my $safeusername=$1;
   ($>,$<)=(0,0); # fool smbpasswd here to think this is not a setuid environment
   unless (-e "/etc/smbpasswd") {
       open (OUT,">/etc/smbpasswd"); close OUT;
   }
   my $smbexist=0;
   open (IN, "</etc/smbpasswd");
   my @lines=<IN>;
   close IN;
   for my $l (@lines) {
       chop $l;
       my @F=split(/\:/,$l);
       if ($F[0] eq $username) {$smbexist=1;}
   }
   unless ($smbexist) {
       open(OUT,">>/etc/smbpasswd");
       print OUT join(":",($safeusername,$userid,'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX','','/home/'.$safeusername,'/bin/bash')) . "\n";
       close OUT;
   }
   open(OUT,"|/usr/bin/smbpasswd -s $safeusername>/dev/null");
   print OUT $newpwd; print OUT "\n";
   print OUT $newpwd; print OUT "\n";
   close OUT;
   $<=$wwwid; # unfool the program
 &disable_root_capability;  &disable_root_capability;
 unlink("/tmp/lock_lcpasswd");  unlink("/tmp/lock_lcpasswd");
   
 sub enable_root_capability {  sub enable_root_capability {
     if ($wwwid==$<) {      if ($wwwid==$>) {
  ($<,$>)=($>,$<);   ($<,$>)=($>,$<);
  ($(,$))=($),$();   ($(,$))=($),$();
     }      }
     else {      else {
  # root capability is already enabled   # root capability is already enabled
     }      }
     return $<;      return $>;
 }  }
   
 sub disable_root_capability {  sub disable_root_capability {
     if ($wwwid==$>) {      if ($wwwid==$<) {
  ($<,$>)=($>,$<);   ($<,$>)=($>,$<);
  ($(,$))=($),$();   ($(,$))=($),$();
     }      }

Removed from v.1.1  
changed lines
  Added in v.1.2


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>