--- loncom/lcpasswd 2002/09/16 13:27:40 1.17 +++ loncom/lcpasswd 2010/10/12 10:33:47 1.22 @@ -1,20 +1,13 @@ #!/usr/bin/perl - # The Learning Online Network with CAPA # # lcpasswd - LON-CAPA setuid script to synchronously change all # filesystem-related passwords (samba, unix, etc) # -# YEAR=2000 -# 10/27,10/28,10/29,10/30 Scott Harrison -# -# YEAR=2001 -# 10/22,10/23,11/13,11/15 Scott Harrison -# # YEAR=2002 # 02/19 Matthew Hall # -# $Id: lcpasswd,v 1.17 2002/09/16 13:27:40 foxr Exp $ +# $Id: lcpasswd,v 1.22 2010/10/12 10:33:47 foxr Exp $ ### ############################################################################### @@ -95,17 +88,19 @@ delete @ENV{qw(IFS CDPATH ENV BASH_ENV)} # Do not print error messages my $noprint=1; +print "In lcpasswd" unless $noprint; + # ----------------------------- Make sure this process is running from user=www my $wwwid=getpwnam('www'); -&disable_root_capability; -if ($wwwid!=$>) { + +if ($wwwid!=$<) { print("User ID mismatch. This program must be run as user 'www'\n") unless $noprint; exit 1; } # ----------------------------------- Start running script with www permissions -&disable_root_capability; + # --------------------------- Handle case of another lcpasswd process (locking) unless (&try_to_lock('/tmp/lock_lcpasswd')) { @@ -155,18 +150,18 @@ unless(getpwnam($safeusername)) { unlink('/tmp/lock_lcpasswd'); exit 5; } - &enable_root_capability; ($>,$<)=(0,0); -print "Now root, -invoking pwchange with $safeusername $password1" + +print "Now $> , $< , -invoking pwchange with $safeusername $password1" unless $noprint; open OUT,"|pwchange $safeusername"; print OUT $password1; print OUT "\n"; close OUT; -($>,$<)=(0,500); +($>,$<)=(0,$wwwid); -print "pwchange done, back to uid 500" unless $noprint; +print "pwchange done, back to uid $wwwid" unless $noprint; if ($?) { exit 8; @@ -178,7 +173,7 @@ if (-e '/usr/bin/smbpasswd') { ($>,$<)=(0,0); # fool smbpasswd here to think this is not a setuid # environment -# If the -a swithc is put on the smbpasswd +# If the -a switch is put on the smbpasswd # command line, either a new entry will be created or the old one # will be used. # Therefore the old strategy of looking for and adding a dummy entry is @@ -195,15 +190,15 @@ if (-e '/usr/bin/smbpasswd') { print "smbpasswd done" unless $noprint; } -&disable_root_capability; + unlink('/tmp/lock_lcpasswd'); exit 0; # ---------------------------------------------- have setuid script run as root sub enable_root_capability { if ($wwwid==$>) { - ($<,$>)=($>,$<); - ($(,$))=($),$(); + ($<,$>)=($>,0); + ($(,$))=($),0); } else { # root capability is already enabled @@ -227,10 +222,7 @@ sub try_to_lock { my ($lockfile)=@_; my $currentpid; my $lastpid; - # Do not manipulate lock file as root - if ($>==0) { - return 0; - } + # Try to generate lock file. # Wait 3 seconds. If same process id is in # lock file, then assume lock file is stale, and