Annotation of loncom/lcpasswd, revision 1.10

1.1       harris41    1: #!/usr/bin/perl
1.3       harris41    2: #
                      3: # lcpasswd
                      4: #
                      5: # Scott Harrison
1.6       harris41    6: # SH: October 27, 2000
                      7: # SH: October 28, 2000
1.1       harris41    8: 
                      9: use strict;
                     10: 
                     11: # This script is a setuid script that should
1.4       harris41   12: # be run by user 'www'.  This script allows
                     13: # for synchronous entry of passwords into
                     14: # both the /etc/passwd and the /etc/smbpasswd
                     15: # files.
1.1       harris41   16: 
1.5       harris41   17: # This script works under the same process control mechanism
                     18: # as lcuseradd and lcpasswd, to make sure that only one of these
                     19: # processes is running at any one time on the system.
                     20: 
1.1       harris41   21: # Standard input usage
                     22: # First line is USERNAME
                     23: # Second line is CURRENT PASSWORD
                     24: # Third line is NEW PASSWORD
                     25: 
1.8       harris41   26: # Valid passwords must consist of the
                     27: # ascii characters within the inclusive
                     28: # range of 0x20 (32) to 0x7E (126).
                     29: # These characters are:
                     30: # SPACE and
                     31: # !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNO
                     32: # PQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
                     33: 
                     34: # Valid user names must consist of ascii
                     35: # characters that are alphabetical characters
                     36: # (A-Z,a-z), numeric (0-9), or the underscore
                     37: # mark (_). (Essentially, the perl regex \w).
                     38: 
1.4       harris41   39: # Command-line arguments
                     40: # Yes, but be very careful here (don't pass shell commands)
                     41: # and this is only supported to allow perl-system calls.
                     42: 
                     43: # Usage within code
1.5       harris41   44: # Note: NEVER run as system("/home/httpd/perl/lcpasswd NAME OLDPWD NEWPWD")
1.4       harris41   45: #
1.5       harris41   46: # $exitcode=system("/home/httpd/perl/lcpasswd","NAME","OLDPWD","NEWPWD")/256;
1.4       harris41   47: # print "uh-oh" if $exitcode;
                     48: 
                     49: # These are the exit codes.
                     50: # ( (0,"ok"),
1.7       harris41   51: #   (1,"User ID mismatch.  This program must be run as user 'www'"),
1.10    ! harris41   52: #   (2,"Error. This program needs 3 command-line arguments (username, old password, new password)."),
1.6       harris41   53: #   (3,"Error. Three lines need to be entered into standard input."),
                     54: #   (4,"Error. Too many other simultaneous password change requests being made."),
                     55: #   (5,"Error. User $username does not exist."),
                     56: #   (6,"Error. Invalid entry of current password."),
1.10    ! harris41   57: #   (7,"Error. Root was not successfully enabled."),
        !            58: #   (8,"Error. Cannot open /etc/passwd."),
        !            59: #   (9,"Error. The user name specified has invalid characters."),
        !            60: #   (10,"Error. A password entry had an invalid character.") )
1.4       harris41   61: 
1.1       harris41   62: # Security
1.6       harris41   63: $ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information except for what smbpasswd needs
                     64: $ENV{'BASH_ENV'}=''; # Nullify shell environment information.
1.1       harris41   65: 
1.4       harris41   66: # Do not print error messages if there are command-line arguments
                     67: my $noprint=0;
                     68: if (@ARGV) {
                     69:     $noprint=1;
                     70: }
                     71: 
1.5       harris41   72: # Read in /etc/passwd, and make sure this process is running from user=www
1.6       harris41   73: open (IN, '</etc/passwd');
1.1       harris41   74: my @lines=<IN>;
                     75: close IN;
                     76: my $wwwid;
                     77: for my $l (@lines) {
                     78:     chop $l;
                     79:     my @F=split(/\:/,$l);
                     80:     if ($F[0] eq 'www') {$wwwid=$F[2];}
                     81: }
                     82: if ($wwwid!=$<) {
1.4       harris41   83:     print("User ID mismatch.  This program must be run as user 'www'\n") unless $noprint;
                     84:     exit 1;
1.1       harris41   85: }
1.2       harris41   86: &disable_root_capability;
1.1       harris41   87: 
1.5       harris41   88: # Handle case of another lcpasswd process
1.6       harris41   89: unless (&try_to_lock('/tmp/lock_lcpasswd')) {
1.5       harris41   90:     print "Error. Too many other simultaneous password change requests being made.\n" unless $noprint;
                     91:     exit 4;
                     92: }
                     93: 
1.4       harris41   94: # Gather input.  Should only be 3 values.
                     95: my @input;
                     96: if (@ARGV==3) {
                     97:     @input=@ARGV;
                     98: }
                     99: elsif (@ARGV) {
                    100:     print("Error. This program needs 3 command-line arguments (username, old password, new password).\n") unless $noprint;
1.6       harris41  101:     unlink('/tmp/lock_lcpasswd');
1.4       harris41  102:     exit 2;
                    103: }
                    104: else {
                    105:     @input=<>;
                    106:     if (@input!=3) {
                    107: 	print("Error. Three lines need to be entered into standard input.\n") unless $noprint;
1.6       harris41  108: 	unlink('/tmp/lock_lcpasswd');
1.4       harris41  109: 	exit 3;
                    110:     }
                    111:     map {chop} @input;
1.1       harris41  112: }
                    113: 
1.4       harris41  114: my ($username,$oldpwd,$newpwd)=@input;
1.8       harris41  115: $username=~/^(\w+)$/;
                    116: my $safeusername=$1;
                    117: if ($username ne $safeusername) {
                    118:     print "Error. The user name specified has invalid characters.\n";
                    119:     unlink('/tmp/lock_lcpasswd');
                    120:     exit 9;
                    121: }
1.9       harris41  122: my $pbad=0;
                    123: map {if (($_<32)&&($_>126)){$pbad=1;}} (split(//,$oldpwd));
                    124: map {if (($_<32)&&($_>126)){$pbad=1;}} (split(//,$newpwd));
                    125: if ($pbad) {
                    126:     print "Error. A password entry had an invalid character.\n";
                    127:     unlink('/tmp/lock_lcpasswd');
                    128:     exit 10;
                    129: }
1.1       harris41  130: 
                    131: # Grab the line corresponding to username
                    132: my ($userid,$useroldcryptpwd);
                    133: my @F; my @U;
                    134: for my $l (@lines) {
                    135:     @F=split(/\:/,$l);
                    136:     if ($F[0] eq $username) {($userid,$useroldcryptpwd)=($F[2],$F[1]); @U=@F;}
                    137: }
                    138: 
                    139: # Verify existence of user
                    140: if (!defined($userid)) {
1.4       harris41  141:     print "Error. User $username does not exist.\n" unless $noprint;
1.6       harris41  142:     unlink('/tmp/lock_lcpasswd');
1.4       harris41  143:     exit 5;
1.1       harris41  144: }
                    145: 
                    146: # Verify password entry
                    147: if (crypt($oldpwd,$useroldcryptpwd) ne $useroldcryptpwd) {
1.4       harris41  148:     print "Error. Invalid entry of current password.\n" unless $noprint;
1.6       harris41  149:     unlink('/tmp/lock_lcpasswd');
1.4       harris41  150:     exit 6;
1.1       harris41  151: }
                    152: 
1.2       harris41  153: # Construct new password entry (random salt)
                    154: my $newcryptpwd=crypt($newpwd,(join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]));
1.1       harris41  155: $U[1]=$newcryptpwd;
1.6       harris41  156: my $userline=join(':',@U);
1.2       harris41  157: my $rootid=&enable_root_capability;
                    158: if ($rootid!=0) {
1.4       harris41  159:     print "Error.  Root was not successfully enabled.\n" unless $noprint;
1.6       harris41  160:     unlink('/tmp/lock_lcpasswd');
1.4       harris41  161:     exit 7;
1.2       harris41  162: }
1.6       harris41  163: open PASSWORDFILE, '>/etc/passwd' or (print("Error.  Cannot open /etc/passwd.\n") && unlink('/tmp/lock_lcpasswd') && exit(8));
1.1       harris41  164: for my $l (@lines) {
                    165:     @F=split(/\:/,$l);
                    166:     if ($F[0] eq $username) {print PASSWORDFILE "$userline\n";}
                    167:     else {print PASSWORDFILE "$l\n";}
                    168: }
                    169: close PASSWORDFILE;
1.8       harris41  170: 
1.2       harris41  171: ($>,$<)=(0,0); # fool smbpasswd here to think this is not a setuid environment
1.6       harris41  172: unless (-e '/etc/smbpasswd') {
                    173:     open (OUT,'>/etc/smbpasswd'); close OUT;
1.2       harris41  174: }
                    175: my $smbexist=0;
1.6       harris41  176: open (IN, '</etc/smbpasswd');
1.2       harris41  177: my @lines=<IN>;
                    178: close IN;
                    179: for my $l (@lines) {
                    180:     chop $l;
                    181:     my @F=split(/\:/,$l);
                    182:     if ($F[0] eq $username) {$smbexist=1;}
                    183: }
                    184: unless ($smbexist) {
1.6       harris41  185:     open(OUT,'>>/etc/smbpasswd');
                    186:     print OUT join(':',($safeusername,$userid,'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX','','/home/'.$safeusername,'/bin/bash')) . "\n";
1.2       harris41  187:     close OUT;
                    188: }
                    189: open(OUT,"|/usr/bin/smbpasswd -s $safeusername>/dev/null");
                    190: print OUT $newpwd; print OUT "\n";
                    191: print OUT $newpwd; print OUT "\n";
                    192: close OUT;
                    193: $<=$wwwid; # unfool the program
1.1       harris41  194: &disable_root_capability;
1.6       harris41  195: unlink('/tmp/lock_lcpasswd');
1.4       harris41  196: exit 0;
1.1       harris41  197: 
1.4       harris41  198: # ----------------------------------------------------------- have setuid script run as root
1.1       harris41  199: sub enable_root_capability {
1.2       harris41  200:     if ($wwwid==$>) {
1.1       harris41  201: 	($<,$>)=($>,$<);
                    202: 	($(,$))=($),$();
                    203:     }
                    204:     else {
                    205: 	# root capability is already enabled
                    206:     }
1.2       harris41  207:     return $>;
1.1       harris41  208: }
                    209: 
1.4       harris41  210: # ----------------------------------------------------------- have setuid script run as www
1.1       harris41  211: sub disable_root_capability {
1.2       harris41  212:     if ($wwwid==$<) {
1.1       harris41  213: 	($<,$>)=($>,$<);
                    214: 	($(,$))=($),$();
                    215:     }
                    216:     else {
                    217: 	# root capability is already disabled
                    218:     }
                    219: }
                    220: 
1.4       harris41  221: # ----------------------------------- make sure that another lcpasswd process isn't running
1.1       harris41  222: sub try_to_lock {
                    223:     my ($lockfile)=@_;
                    224:     my $currentpid;
                    225:     my $lastpid;
1.5       harris41  226:     # Do not manipulate lock file as root
                    227:     if ($>==0) {
                    228: 	return 0;
                    229:     }
                    230:     # Try to generate lock file.
                    231:     # Wait 3 seconds.  If same process id is in
                    232:     # lock file, then assume lock file is stale, and
                    233:     # go ahead.  If process id's fluctuate, try
                    234:     # for a maximum of 10 times.
1.1       harris41  235:     for (0..10) {
                    236: 	if (-e $lockfile) {
                    237: 	    open(LOCK,"<$lockfile");
                    238: 	    $currentpid=<LOCK>;
                    239: 	    close LOCK;
                    240: 	    if ($currentpid==$lastpid) {
                    241: 		last;
                    242: 	    }
                    243: 	    sleep 3;
                    244: 	    $lastpid=$currentpid;
                    245: 	}
                    246: 	else {
                    247: 	    last;
                    248: 	}
                    249: 	if ($_==10) {
                    250: 	    return 0;
                    251: 	}
                    252:     }
                    253:     open(LOCK,">$lockfile");
                    254:     print LOCK $$;
                    255:     close LOCK;
                    256:     return 1;
                    257: }

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>