[BACK]Return to lcuserdel CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom
File:  [LON-CAPA] / loncom / lcuserdel
Revision 1.3: download - view: text, annotated - select for diffs
Sat Oct 28 18:25:47 2000 UTC (23 years, 6 months ago) by harris41
Branches: MAIN
CVS tags: HEAD
changing around the initiation of process locking (no longer locking
for just smbpasswd), adding comments, beginning to further implement lcuserdel.
still trying to capture error condition of unsuccessfully opening /etc/passwd
-Scott

    1: #!/usr/bin/perl
    2: #
    3: # lcuserdel
    4: #
    5: # Scott Harrison
    6: # October 27, 2000
    7: # October 28, 2000
    8: 
    9: use strict;
   10: 
   11: # This script is a setuid script (chmod 6755) that should
   12: # be run by user 'www'.  It DOES NOT delete directories.
   13: # All it does is remove a user's entries from
   14: # /etc/passwd, /etc/groups, and /etc/smbpasswd.
   15: 
   16: # This script works under the same process control mechanism
   17: # as lcuseradd and lcpasswd, to make sure that only one of these
   18: # processes is running at any one time on the system.
   19: 
   20: # Standard input usage
   21: # First line is USERNAME
   22: 
   23: # Command-line arguments [USERNAME]
   24: # Yes, but be very careful here (don't pass shell commands)
   25: # and this is only supported to allow perl-system calls.
   26: 
   27: # Usage within code
   28: #
   29: # $exitcode=system("/home/httpd/perl/lcuserdel","NAME")/256;
   30: # print "uh-oh" if $exitcode;
   31: 
   32: # These are the exit codes.
   33: 
   34: # Security
   35: $ENV{'PATH'}=""; # Nullify path information.
   36: $ENV{'BASH_ENV'}=""; # Nullify shell environment information.
   37: 
   38: # Do not print error messages if there are command-line arguments
   39: my $noprint=0;
   40: if (@ARGV) {
   41:     $noprint=1;
   42: }
   43: 
   44: # Read in /etc/passwd, and make sure this process is running from user=www
   45: open (IN, "</etc/passwd");
   46: my @lines=<IN>;
   47: close IN;
   48: my $wwwid;
   49: for my $l (@lines) {
   50:     chop $l;
   51:     my @F=split(/\:/,$l);
   52:     if ($F[0] eq 'www') {$wwwid=$F[2];}
   53: }
   54: if ($wwwid!=$<) {
   55:     print("User ID mismatch.  This program must be run as user 'www'\n") unless $noprint;
   56:     exit 1;
   57: }
   58: &disable_root_capability;
   59: 
   60: # Handle case of another lcpasswd process
   61: unless (&try_to_lock("/tmp/lock_lcpasswd")) {
   62:     print "Error. Too many other simultaneous password change requests being made.\n" unless $noprint;
   63:     exit 4;
   64: }
   65: 
   66: # Gather input.  Should only be 1 value (user name).
   67: my @input;
   68: if (@ARGV==1) {
   69:     @input=@ARGV;
   70: }
   71: elsif (@ARGV) {
   72:     print("Error. This program needs just 1 command-line argument (username).\n") unless $noprint;
   73:     exit 2;
   74: }
   75: else {
   76:     @input=<>;
   77:     if (@input!=1) {
   78: 	print("Error. Only one line should be entered into standard input.\n") unless $noprint;
   79: 	exit 3;
   80:     }
   81:     map {chop} @input;
   82: }
   83: 
   84: &disable_root_capability;
   85: unlink("/tmp/lock_lcpasswd");
   86: exit 0;
   87: 
   88: # ----------------------------------------------------------- have setuid script run as root
   89: sub enable_root_capability {
   90:     if ($wwwid==$>) {
   91: 	($<,$>)=($>,$<);
   92: 	($(,$))=($),$();
   93:     }
   94:     else {
   95: 	# root capability is already enabled
   96:     }
   97:     return $>;
   98: }
   99: 
  100: # ----------------------------------------------------------- have setuid script run as www
  101: sub disable_root_capability {
  102:     if ($wwwid==$<) {
  103: 	($<,$>)=($>,$<);
  104: 	($(,$))=($),$();
  105:     }
  106:     else {
  107: 	# root capability is already disabled
  108:     }
  109: }
  110: 
  111: # ----------------------------------- make sure that another lcpasswd process isn't running
  112: sub try_to_lock {
  113:     my ($lockfile)=@_;
  114:     my $currentpid;
  115:     my $lastpid;
  116:     # Do not manipulate lock file as root
  117:     if ($>==0) {
  118: 	return 0;
  119:     }
  120:     # Try to generate lock file.
  121:     # Wait 3 seconds.  If same process id is in
  122:     # lock file, then assume lock file is stale, and
  123:     # go ahead.  If process id's fluctuate, try
  124:     # for a maximum of 10 times.
  125:     for (0..10) {
  126: 	if (-e $lockfile) {
  127: 	    open(LOCK,"<$lockfile");
  128: 	    $currentpid=<LOCK>;
  129: 	    close LOCK;
  130: 	    if ($currentpid==$lastpid) {
  131: 		last;
  132: 	    }
  133: 	    sleep 3;
  134: 	    $lastpid=$currentpid;
  135: 	}
  136: 	else {
  137: 	    last;
  138: 	}
  139: 	if ($_==10) {
  140: 	    return 0;
  141: 	}
  142:     }
  143:     open(LOCK,">$lockfile");
  144:     print LOCK $$;
  145:     close LOCK;
  146:     return 1;
  147: }
  148: 
  149:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>