File:  [LON-CAPA] / loncom / lcpasswd
Revision 1.4: download - view: text, annotated - select for diffs
Fri Oct 27 23:32:24 2000 UTC (23 years, 5 months ago) by harris41
Branches: MAIN
CVS tags: HEAD
allow for command-line arguments in order to enable use
within other scripts (so they can read exit status);
disable error message printing when command-line arguments
are given

#!/usr/bin/perl
#
# lcpasswd
#
# Scott Harrison
# October 27, 2000

use strict;

# This script is a setuid script that should
# be run by user 'www'.  This script allows
# for synchronous entry of passwords into
# both the /etc/passwd and the /etc/smbpasswd
# files.

# Standard input usage
# First line is USERNAME
# Second line is CURRENT PASSWORD
# Third line is NEW PASSWORD

# Command-line arguments
# Yes, but be very careful here (don't pass shell commands)
# and this is only supported to allow perl-system calls.

# Usage within code
# Note: NEVER run as system("NAME OLDPWD NEWPWD")
#
# $exitcode=system("NAME","OLDPWD","NEWPWD")/256;
# print "uh-oh" if $exitcode;

# These are the exit codes.
# ( (0,"ok"),
#   (1,"User ID mismatch.  This program must be run as user 'www'),
#   (2,"Error. This program does not accept command-line arguments."),
#   (3,"Error. Three lines need to be entered into standard input.\n"),
#   (4,"Error. Too many other simultaneous password change requests being made.\n"),
#   (5,"Error. User $username does not exist.\n"),
#   (6,"Error. Invalid entry of current password.\n"),
#   (7,"Error.  Root was not successfully enabled.\n") )

# Security
$ENV{'PATH'}="/bin:/usr/bin"; # Nullify path information except for what smbpasswd needs
$ENV{'BASH_ENV'}=""; # Nullify shell environment information.

# Do not print error messages if there are command-line arguments
my $noprint=0;
if (@ARGV) {
    $noprint=1;
}

open (IN, "</etc/passwd");
my @lines=<IN>;
close IN;
my $wwwid;
for my $l (@lines) {
    chop $l;
    my @F=split(/\:/,$l);
    if ($F[0] eq 'www') {$wwwid=$F[2];}
}
if ($wwwid!=$<) {
    print("User ID mismatch.  This program must be run as user 'www'\n") unless $noprint;
    exit 1;
}
&disable_root_capability;

# Gather input.  Should only be 3 values.
my @input;
if (@ARGV==3) {
    @input=@ARGV;
}
elsif (@ARGV) {
    print("Error. This program needs 3 command-line arguments (username, old password, new password).\n") unless $noprint;
    exit 2;
}
else {
    @input=<>;
    if (@input!=3) {
	print("Error. Three lines need to be entered into standard input.\n") unless $noprint;
	exit 3;
    }
    map {chop} @input;
}
# Handle case of another lcpasswd process
unless (&try_to_lock("/tmp/lock_lcpasswd")) {
    print "Error. Too many other simultaneous password change requests being made.\n" unless $noprint;
    exit 4;
}

my ($username,$oldpwd,$newpwd)=@input;

# Grab the line corresponding to username
my ($userid,$useroldcryptpwd);
my @F; my @U;
for my $l (@lines) {
    @F=split(/\:/,$l);
    if ($F[0] eq $username) {($userid,$useroldcryptpwd)=($F[2],$F[1]); @U=@F;}
}

# Verify existence of user
if (!defined($userid)) {
    print "Error. User $username does not exist.\n" unless $noprint;
    unlink("/tmp/lock_lcpasswd");
    exit 5;
}

# Verify password entry
if (crypt($oldpwd,$useroldcryptpwd) ne $useroldcryptpwd) {
    print "Error. Invalid entry of current password.\n" unless $noprint;
    unlink("/tmp/lock_lcpasswd");
    exit 6;
}

# Construct new password entry (random salt)
my $newcryptpwd=crypt($newpwd,(join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]));
$U[1]=$newcryptpwd;
my $userline=join(":",@U);
my $rootid=&enable_root_capability;
if ($rootid!=0) {
    print "Error.  Root was not successfully enabled.\n" unless $noprint;
    unlink("/tmp/lock_lcpasswd");
    exit 7;
}
open PASSWORDFILE, ">/etc/passwd" or die("Cannot open /etc/passwd!");
for my $l (@lines) {
    @F=split(/\:/,$l);
    if ($F[0] eq $username) {print PASSWORDFILE "$userline\n";}
    else {print PASSWORDFILE "$l\n";}
}
close PASSWORDFILE;
$username=~/^(\w+)$/;
my $safeusername=$1;
($>,$<)=(0,0); # fool smbpasswd here to think this is not a setuid environment
unless (-e "/etc/smbpasswd") {
    open (OUT,">/etc/smbpasswd"); close OUT;
}
my $smbexist=0;
open (IN, "</etc/smbpasswd");
my @lines=<IN>;
close IN;
for my $l (@lines) {
    chop $l;
    my @F=split(/\:/,$l);
    if ($F[0] eq $username) {$smbexist=1;}
}
unless ($smbexist) {
    open(OUT,">>/etc/smbpasswd");
    print OUT join(":",($safeusername,$userid,'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX','','/home/'.$safeusername,'/bin/bash')) . "\n";
    close OUT;
}
open(OUT,"|/usr/bin/smbpasswd -s $safeusername>/dev/null");
print OUT $newpwd; print OUT "\n";
print OUT $newpwd; print OUT "\n";
close OUT;
$<=$wwwid; # unfool the program
&disable_root_capability;
unlink("/tmp/lock_lcpasswd");
exit 0;

# ----------------------------------------------------------- have setuid script run as root
sub enable_root_capability {
    if ($wwwid==$>) {
	($<,$>)=($>,$<);
	($(,$))=($),$();
    }
    else {
	# root capability is already enabled
    }
    return $>;
}

# ----------------------------------------------------------- have setuid script run as www
sub disable_root_capability {
    if ($wwwid==$<) {
	($<,$>)=($>,$<);
	($(,$))=($),$();
    }
    else {
	# root capability is already disabled
    }
}

# ----------------------------------- make sure that another lcpasswd process isn't running
sub try_to_lock {
    my ($lockfile)=@_;
    my $currentpid;
    my $lastpid;
    for (0..10) {
	if (-e $lockfile) {
	    open(LOCK,"<$lockfile");
	    $currentpid=<LOCK>;
	    close LOCK;
	    if ($currentpid==$lastpid) {
		last;
	    }
	    sleep 3;
	    $lastpid=$currentpid;
	}
	else {
	    last;
	}
	if ($_==10) {
	    return 0;
	}
    }
    open(LOCK,">$lockfile");
    print LOCK $$;
    close LOCK;
    return 1;
}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>