--- loncom/pwchange 2001/11/15 18:15:06 1.3 +++ loncom/pwchange 2009/07/17 02:20:59 1.10 @@ -1,28 +1,37 @@ #!/usr/bin/perl -# The Learning Online Network +# The Learning Online Network with CAPA # # pwchange - setuid script to change unix passwords # # YEAR=2001 -# 10/23,11/13,11/15 Scott Harrison # -# $Id: pwchange,v 1.3 2001/11/15 18:15:06 harris41 Exp $ +# YEAR=2002 +# 02/19 Matthew Hall +# +# $Id: pwchange,v 1.10 2009/07/17 02:20:59 raeburn Exp $ ### use strict; +my $noprint = 1; + + +print "In pwchange\n" unless $noprint; +print "Real uid = $< effective uid = $> \n" unless $noprint; # ------------------------------------------------------------------ Untainting $ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information. delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints -# ----------------------------- Make sure this process is running from user=www -my $wwwid=getpwnam('www'); -if ($wwwid!=$<) { +# ---------------------------- Make sure this process is running from user=root + +if (0 != $<) { + print "Username not root" unless $noprint; exit 1; } # ----------------------------------------------- If not running setuid as root if ($>!=0) { + print "Not setuid to root" unless $noprint; exit 1; } @@ -30,21 +39,33 @@ if ($>!=0) { my $user=shift @ARGV; $user=~/^(\w+)$/; my $safe=$1; +print "Save user = $safe" unless $noprint; + my $pword=<>; chomp $pword; unless (length($safe) and ($user eq $safe) and ($safe=~/^[A-Za-z]/)) { exit 2; } - +print "Password = $pword" unless $noprint; my $pbad=0; -map {if (($_<32)&&($_>126)){$pbad=1;}} (split(//,$pword)); +foreach (split(//,$pword)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} exit 3 if $pbad; # --------------------------------------------------------- Call system command -open OUT,"|passwd --stdin $safe >/dev/null"; -print OUT $pword; -print OUT "\n"; -close OUT; +my $distro; +if (open(PIPE,"perl distprobe|")) { + $distro = ; + close(PIPE); +} +if ($distro =~ /^ubuntu|debian/) { + open(OUT,"|/usr/sbin/usermod -p `mkpasswd $pword` $safe"); + close(OUT); +} else { + open(OUT,"|passwd --stdin $safe >/dev/null"); + print OUT $pword; + print OUT "\n"; + close(OUT); +} # --------------------------------------- exit with status of command execution exit $?/256;