loncom/lcpasswd - view

File: [LON-CAPA] / loncom / lcpasswd
Revision 1.8: download - view: text, annotated - select for diffs
Sun Oct 29 23:14:16 2000 UTC (23 years, 6 months ago) by harris41
Branches: MAIN
CVS tags: HEAD

trying to add error-checking to make sure invalid characters are not in the
user name or passwords.  lcuseradd appears to be basically working, but I
still need to implement the addition of passwords.  I cannot do this with
a system call to lcpasswd due to the restrictions of perl setuid scripts.L

1: #!/usr/bin/perl 2: # 3: # lcpasswd 4: # 5: # Scott Harrison 6: # SH: October 27, 2000 7: # SH: October 28, 2000 8: 9: use strict; 10: 11: # This script is a setuid script that should 12: # be run by user 'www'. This script allows 13: # for synchronous entry of passwords into 14: # both the /etc/passwd and the /etc/smbpasswd 15: # files. 16: 17: # This script works under the same process control mechanism 18: # as lcuseradd and lcpasswd, to make sure that only one of these 19: # processes is running at any one time on the system. 20: 21: # Standard input usage 22: # First line is USERNAME 23: # Second line is CURRENT PASSWORD 24: # Third line is NEW PASSWORD 25: 26: # Valid passwords must consist of the 27: # ascii characters within the inclusive 28: # range of 0x20 (32) to 0x7E (126). 29: # These characters are: 30: # SPACE and 31: # !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNO 32: # PQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ 33: 34: # Valid user names must consist of ascii 35: # characters that are alphabetical characters 36: # (A-Z,a-z), numeric (0-9), or the underscore 37: # mark (_). (Essentially, the perl regex \w). 38: 39: # Command-line arguments 40: # Yes, but be very careful here (don't pass shell commands) 41: # and this is only supported to allow perl-system calls. 42: 43: # Usage within code 44: # Note: NEVER run as system("/home/httpd/perl/lcpasswd NAME OLDPWD NEWPWD") 45: # 46: # $exitcode=system("/home/httpd/perl/lcpasswd","NAME","OLDPWD","NEWPWD")/256; 47: # print "uh-oh" if $exitcode; 48: 49: # These are the exit codes. 50: # ( (0,"ok"), 51: # (1,"User ID mismatch. This program must be run as user 'www'"), 52: # (2,"Error. This program does not accept command-line arguments."), 53: # (3,"Error. Three lines need to be entered into standard input."), 54: # (4,"Error. Too many other simultaneous password change requests being made."), 55: # (5,"Error. User $username does not exist."), 56: # (6,"Error. Invalid entry of current password."), 57: # (7,"Error. Root was not successfully enabled."), 58: # (8,"Error. Cannot open /etc/passwd.") ) 59: 60: # Security 61: $ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information except for what smbpasswd needs 62: $ENV{'BASH_ENV'}=''; # Nullify shell environment information. 63: 64: # Do not print error messages if there are command-line arguments 65: my $noprint=0; 66: if (@ARGV) { 67: $noprint=1; 68: } 69: 70: # Read in /etc/passwd, and make sure this process is running from user=www 71: open (IN, '</etc/passwd'); 72: my @lines=<IN>; 73: close IN; 74: my $wwwid; 75: for my $l (@lines) { 76: chop $l; 77: my @F=split(/\:/,$l); 78: if ($F[0] eq 'www') {$wwwid=$F[2];} 79: } 80: if ($wwwid!=$<) { 81: print("User ID mismatch. This program must be run as user 'www'\n") unless $noprint; 82: exit 1; 83: } 84: &disable_root_capability; 85: 86: # Handle case of another lcpasswd process 87: unless (&try_to_lock('/tmp/lock_lcpasswd')) { 88: print "Error. Too many other simultaneous password change requests being made.\n" unless $noprint; 89: exit 4; 90: } 91: 92: # Gather input. Should only be 3 values. 93: my @input; 94: if (@ARGV==3) { 95: @input=@ARGV; 96: } 97: elsif (@ARGV) { 98: print("Error. This program needs 3 command-line arguments (username, old password, new password).\n") unless $noprint; 99: unlink('/tmp/lock_lcpasswd'); 100: exit 2; 101: } 102: else { 103: @input=<>; 104: if (@input!=3) { 105: print("Error. Three lines need to be entered into standard input.\n") unless $noprint; 106: unlink('/tmp/lock_lcpasswd'); 107: exit 3; 108: } 109: map {chop} @input; 110: } 111: 112: my ($username,$oldpwd,$newpwd)=@input; 113: $username=~/^(\w+)$/; 114: my $safeusername=$1; 115: if ($username ne $safeusername) { 116: print "Error. The user name specified has invalid characters.\n"; 117: unlink('/tmp/lock_lcpasswd'); 118: exit 9; 119: } 120: 121: 122: # Grab the line corresponding to username 123: my ($userid,$useroldcryptpwd); 124: my @F; my @U; 125: for my $l (@lines) { 126: @F=split(/\:/,$l); 127: if ($F[0] eq $username) {($userid,$useroldcryptpwd)=($F[2],$F[1]); @U=@F;} 128: } 129: 130: # Verify existence of user 131: if (!defined($userid)) { 132: print "Error. User $username does not exist.\n" unless $noprint; 133: unlink('/tmp/lock_lcpasswd'); 134: exit 5; 135: } 136: 137: # Verify password entry 138: if (crypt($oldpwd,$useroldcryptpwd) ne $useroldcryptpwd) { 139: print "Error. Invalid entry of current password.\n" unless $noprint; 140: unlink('/tmp/lock_lcpasswd'); 141: exit 6; 142: } 143: 144: # Construct new password entry (random salt) 145: my $newcryptpwd=crypt($newpwd,(join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64])); 146: $U[1]=$newcryptpwd; 147: my $userline=join(':',@U); 148: my $rootid=&enable_root_capability; 149: if ($rootid!=0) { 150: print "Error. Root was not successfully enabled.\n" unless $noprint; 151: unlink('/tmp/lock_lcpasswd'); 152: exit 7; 153: } 154: open PASSWORDFILE, '>/etc/passwd' or (print("Error. Cannot open /etc/passwd.\n") && unlink('/tmp/lock_lcpasswd') && exit(8)); 155: for my $l (@lines) { 156: @F=split(/\:/,$l); 157: if ($F[0] eq $username) {print PASSWORDFILE "$userline\n";} 158: else {print PASSWORDFILE "$l\n";} 159: } 160: close PASSWORDFILE; 161: 162: ($>,$<)=(0,0); # fool smbpasswd here to think this is not a setuid environment 163: unless (-e '/etc/smbpasswd') { 164: open (OUT,'>/etc/smbpasswd'); close OUT; 165: } 166: my $smbexist=0; 167: open (IN, '</etc/smbpasswd'); 168: my @lines=<IN>; 169: close IN; 170: for my $l (@lines) { 171: chop $l; 172: my @F=split(/\:/,$l); 173: if ($F[0] eq $username) {$smbexist=1;} 174: } 175: unless ($smbexist) { 176: open(OUT,'>>/etc/smbpasswd'); 177: print OUT join(':',($safeusername,$userid,'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX','','/home/'.$safeusername,'/bin/bash')) . "\n"; 178: close OUT; 179: } 180: open(OUT,"|/usr/bin/smbpasswd -s $safeusername>/dev/null"); 181: print OUT $newpwd; print OUT "\n"; 182: print OUT $newpwd; print OUT "\n"; 183: close OUT; 184: $<=$wwwid; # unfool the program 185: &disable_root_capability; 186: unlink('/tmp/lock_lcpasswd'); 187: exit 0; 188: 189: # ----------------------------------------------------------- have setuid script run as root 190: sub enable_root_capability { 191: if ($wwwid==$>) { 192: ($<,$>)=($>,$<); 193: ($(,$))=($),$(); 194: } 195: else { 196: # root capability is already enabled 197: } 198: return $>; 199: } 200: 201: # ----------------------------------------------------------- have setuid script run as www 202: sub disable_root_capability { 203: if ($wwwid==$<) { 204: ($<,$>)=($>,$<); 205: ($(,$))=($),$(); 206: } 207: else { 208: # root capability is already disabled 209: } 210: } 211: 212: # ----------------------------------- make sure that another lcpasswd process isn't running 213: sub try_to_lock { 214: my ($lockfile)=@_; 215: my $currentpid; 216: my $lastpid; 217: # Do not manipulate lock file as root 218: if ($>==0) { 219: return 0; 220: } 221: # Try to generate lock file. 222: # Wait 3 seconds. If same process id is in 223: # lock file, then assume lock file is stale, and 224: # go ahead. If process id's fluctuate, try 225: # for a maximum of 10 times. 226: for (0..10) { 227: if (-e $lockfile) { 228: open(LOCK,"<$lockfile"); 229: $currentpid=<LOCK>; 230: close LOCK; 231: if ($currentpid==$lastpid) { 232: last; 233: } 234: sleep 3; 235: $lastpid=$currentpid; 236: } 237: else { 238: last; 239: } 240: if ($_==10) { 241: return 0; 242: } 243: } 244: open(LOCK,">$lockfile"); 245: print LOCK $$; 246: close LOCK; 247: return 1; 248: }