Annotation of loncom/pwchange, revision 1.10

1.1       harris41    1: #!/usr/bin/perl
                      2: 
1.4       harris41    3: # The Learning Online Network with CAPA
1.2       harris41    4: #
                      5: # pwchange - setuid script to change unix passwords
                      6: #
                      7: # YEAR=2001
                      8: #
1.6       matthew     9: # YEAR=2002
                     10: # 02/19 Matthew Hall
                     11: #
1.10    ! raeburn    12: # $Id: pwchange,v 1.9 2003/02/03 18:03:52 harris41 Exp $
1.2       harris41   13: ###
                     14: 
1.1       harris41   15: use strict;
1.7       foxr       16: my $noprint = 1;
1.2       harris41   17: 
1.8       foxr       18: 
                     19: 
                     20: print "In pwchange\n" unless $noprint;
                     21: print "Real uid = $< effective uid = $> \n" unless $noprint;
1.2       harris41   22: # ------------------------------------------------------------------ Untainting
1.1       harris41   23: $ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information.
1.2       harris41   24: delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
1.1       harris41   25: 
1.5       harris41   26: # ---------------------------- Make sure this process is running from user=root
1.8       foxr       27: 
                     28: if (0 != $<) {
                     29:     print "Username not root" unless $noprint;
1.2       harris41   30:    exit 1;
                     31: }
                     32: # ----------------------------------------------- If not running setuid as root
1.1       harris41   33: if ($>!=0) {
1.7       foxr       34:     print "Not setuid to root" unless $noprint;
1.1       harris41   35:     exit 1;
                     36: }
                     37: 
1.2       harris41   38: # ----------------------------------------------- Make sure arguments are valid
1.1       harris41   39: my $user=shift @ARGV;
                     40: $user=~/^(\w+)$/;
                     41: my $safe=$1;
1.7       foxr       42: print "Save user = $safe" unless $noprint;
                     43: 
1.1       harris41   44: my $pword=<>;
                     45: chomp $pword;
                     46: unless (length($safe) and ($user eq $safe) and ($safe=~/^[A-Za-z]/)) {
                     47:     exit 2;
                     48: }
1.7       foxr       49: print "Password = $pword" unless $noprint;
1.1       harris41   50: my $pbad=0;
1.6       matthew    51: foreach (split(//,$pword)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} 
1.1       harris41   52: exit 3 if $pbad;
                     53: 
1.2       harris41   54: # --------------------------------------------------------- Call system command
1.10    ! raeburn    55: my $distro;
        !            56: if (open(PIPE,"perl distprobe|")) {
        !            57:     $distro = <PIPE>;
        !            58:     close(PIPE);
        !            59: }
        !            60: if ($distro =~ /^ubuntu|debian/) {
        !            61:     open(OUT,"|/usr/sbin/usermod -p `mkpasswd $pword` $safe");
        !            62:     close(OUT);
        !            63: } else {
        !            64:     open(OUT,"|passwd --stdin $safe >/dev/null");
        !            65:     print OUT $pword;
        !            66:     print OUT "\n";
        !            67:     close(OUT);
        !            68: }
1.1       harris41   69: 
1.2       harris41   70: # --------------------------------------- exit with status of command execution
1.1       harris41   71: exit $?/256;
1.2       harris41   72: 
                     73: =head1 NAME
                     74: 
                     75: pwchange - setuid script to change unix passwords
                     76: 
                     77: =head1 DESCRIPTION
                     78: 
                     79: Setuid script to change unix passwords.
                     80: 
                     81: =head1 README
                     82: 
                     83: Setuid script to change unix passwords.
                     84: 
                     85: =head1 PREREQUISITES
                     86: 
                     87: =head1 COREQUISITES
                     88: 
                     89: =pod OSNAMES
                     90: 
                     91: linux
                     92: 
                     93: =pod SCRIPT CATEGORIES
                     94: 
                     95: LONCAPA/Administrative
                     96: 
                     97: =cut

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>