Diff for /loncom/lcuserdel between versions 1.2 and 1.5

version 1.2, 2000/10/28 17:53:01 version 1.5, 2000/10/29 17:57:26
Line 3 Line 3
 # lcuserdel  # lcuserdel
 #  #
 # Scott Harrison  # Scott Harrison
 # October 27, 2000  # SH: October 27, 2000
   # SH: October 28, 2000
   # SH: October 29, 2000
   
 use strict;  use strict;
   
Line 11  use strict; Line 13  use strict;
 # be run by user 'www'.  It DOES NOT delete directories.  # be run by user 'www'.  It DOES NOT delete directories.
 # All it does is remove a user's entries from  # All it does is remove a user's entries from
 # /etc/passwd, /etc/groups, and /etc/smbpasswd.  # /etc/passwd, /etc/groups, and /etc/smbpasswd.
   # It also disables user directory access by making the directory
   # to be owned by user=www (as opposed to the former "username").
   # This command only returns an error if it is
   # invoked incorrectly (by passing bad command-line arguments, etc).
   
   # This script works under the same process control mechanism
   # as lcuseradd and lcpasswd, to make sure that only one of these
   # processes is running at any one time on the system.
   
 # Standard input usage  # Standard input usage
 # First line is USERNAME  # First line is USERNAME
Line 23  use strict; Line 31  use strict;
   
 # Usage within code  # Usage within code
 #  #
 # $exitcode=system("NAME")/256;  # $exitcode=system("/home/httpd/perl/lcuserdel","NAME")/256;
 # print "uh-oh" if $exitcode;  # print "uh-oh" if $exitcode;
   
 # These are the exit codes.  # These are the exit codes.
Line 38  if (@ARGV) { Line 46  if (@ARGV) {
     $noprint=1;      $noprint=1;
 }  }
   
   # Read in /etc/passwd, and make sure this process is running from user=www
 open (IN, "</etc/passwd");  open (IN, "</etc/passwd");
 my @lines=<IN>;  my @lines=<IN>;
 close IN;  close IN;
Line 53  if ($wwwid!=$<) { Line 62  if ($wwwid!=$<) {
 }  }
 &disable_root_capability;  &disable_root_capability;
   
 # Gather input.  Should only be 3 values.  # Handle case of another lcpasswd process
   unless (&try_to_lock("/tmp/lock_lcpasswd")) {
       print "Error. Too many other simultaneous password change requests being made.\n" unless $noprint;
       exit 4;
   }
   
   # Gather input.  Should only be 1 value (user name).
 my @input;  my @input;
 if (@ARGV==3) {  if (@ARGV==1) {
     @input=@ARGV;      @input=@ARGV;
 }  }
 elsif (@ARGV) {  elsif (@ARGV) {
     print("Error. This program needs 3 command-line arguments (username, old password, new password).\n") unless $noprint;      print("Error. This program needs just 1 command-line argument (username).\n") unless $noprint;
     exit 2;      exit 2;
 }  }
 else {  else {
     @input=<>;      @input=<>;
     if (@input!=3) {      if (@input!=1) {
  print("Error. Three lines need to be entered into standard input.\n") unless $noprint;   print("Error. Only one line should be entered into standard input.\n") unless $noprint;
  exit 3;   exit 3;
     }      }
     map {chop} @input;      map {chop} @input;
 }  }
 # Handle case of another lcpasswd process  
 unless (&try_to_lock("/tmp/lock_lcpasswd")) {  my ($username)=@input;
     print "Error. Too many other simultaneous password change requests being made.\n" unless $noprint;  $username=~/^(\w+)$/;
     exit 4;  my $safeusername=$1;
   
   &enable_root_capability;
   
   # By using the system userdel command:
   # Remove entry from /etc/passwd if it exists
   # Remove entry from /etc/groups if it exists
   system('/usr/sbin/userdel',$safeusername); # ignore error message
   system('/usr/sbin/groupdel',$safeusername); # ignore error message
   
   # Remove entry from /etc/smbpasswd if it exists
   my $oldsmbpasswd=`/bin/cat /etc/smbpasswd`;
   my $newsmbpasswd=`/bin/grep -v '^${safeusername}:' /etc/smbpasswd`;
   
   if ($oldsmbpasswd ne $newsmbpasswd) {
   open OUT,">/etc/smbpasswd";
   print OUT $newsmbpasswd;
   close OUT;
   
   # Change ownership on directory from username:username to www:www
   # This prevents subsequently added users from having access.
   
   system('/bin/chown','-R','www:www',"/home/$safeusername");
   
   &disable_root_capability;
   unlink("/tmp/lock_lcpasswd");
   exit 0;
   
   # ----------------------------------------------------------- have setuid script run as root
   sub enable_root_capability {
       if ($wwwid==$>) {
    ($<,$>)=($>,$<);
    ($(,$))=($),$();
       }
       else {
    # root capability is already enabled
       }
       return $>;
 }  }
   
   # ----------------------------------------------------------- have setuid script run as www
   sub disable_root_capability {
       if ($wwwid==$<) {
    ($<,$>)=($>,$<);
    ($(,$))=($),$();
       }
       else {
    # root capability is already disabled
       }
   }
   
   # ----------------------------------- make sure that another lcpasswd process isn't running
   sub try_to_lock {
       my ($lockfile)=@_;
       my $currentpid;
       my $lastpid;
       # Do not manipulate lock file as root
       if ($>==0) {
    return 0;
       }
       # Try to generate lock file.
       # Wait 3 seconds.  If same process id is in
       # lock file, then assume lock file is stale, and
       # go ahead.  If process id's fluctuate, try
       # for a maximum of 10 times.
       for (0..10) {
    if (-e $lockfile) {
       open(LOCK,"<$lockfile");
       $currentpid=<LOCK>;
       close LOCK;
       if ($currentpid==$lastpid) {
    last;
       }
       sleep 3;
       $lastpid=$currentpid;
    }
    else {
       last;
    }
    if ($_==10) {
       return 0;
    }
       }
       open(LOCK,">$lockfile");
       print LOCK $$;
       close LOCK;
       return 1;
   }
   
   

Removed from v.1.2  
changed lines
  Added in v.1.5


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>