[LON-CAPA-cvs] cvs: loncom / lcpasswd lcuseradd pwchange
foxr
lon-capa-cvs@mail.lon-capa.org
Thu, 19 Sep 2002 02:02:59 -0000
foxr Wed Sep 18 22:02:59 2002 EDT
Modified files:
/loncom lcuseradd lcpasswd pwchange
Log:
Bug 701 Fixed various little diddly stuff that prevented a new filesystem authenticated user from getting an initial passwd.
Index: loncom/lcuseradd
diff -u loncom/lcuseradd:1.22 loncom/lcuseradd:1.23
--- loncom/lcuseradd:1.22 Mon Sep 16 09:27:40 2002
+++ loncom/lcuseradd Wed Sep 18 22:02:59 2002
@@ -18,7 +18,7 @@
# o LonCapa will add it if/when the user is granted an Author
# role.
#
-# $Id: lcuseradd,v 1.22 2002/09/16 13:27:40 foxr Exp $
+# $Id: lcuseradd,v 1.23 2002/09/19 02:02:59 foxr Exp $
###
###############################################################################
@@ -120,6 +120,8 @@
# Do not print error messages.
my $noprint=1;
+print "In lcuseradd\n" unless $noprint;
+
# ----------------------------- Make sure this process is running from user=www
my $wwwid=getpwnam('www');
&disable_root_capability;
@@ -162,11 +164,11 @@
}
my ($username,$password1,$password2)=@input;
-print "Username = ".$username unless $noprint;
+print "Username = ".$username."\n" unless $noprint;
$username=~/^(\w+)$/;
print "Username after substitution - ".$username unless $noprint;
my $safeusername=$1;
-print "Safe username = $safeusername" unless $noprint;
+print "Safe username = $safeusername \n" unless $noprint;
if (($username ne $safeusername) or ($safeusername!~/^[A-Za-z]/)) {
print "Error. The user name specified $username $safeusername has invalid characters.\n"
@@ -191,30 +193,36 @@
}
# -- Only add user if the two password arguments match.
+
if ($password1 ne $password2) {
print "Error. Password mismatch.\n" unless $noprint;
unlink('/tmp/lock_lcpasswd');
exit 13;
}
-
+print "enabling root\n" unless $noprint;
# ---------------------------------- Start running script with root permissions
&enable_root_capability;
# ------------------- Add user and make www a member of the user-specific group
# -- Add user
-if (system('/usr/sbin/useradd','-c','LON-CAPA user',$safeusername)) {
+
+print "adding user: $safeusername \n" unless $noprint;
+my $status = system('/usr/sbin/useradd','-c','LON-CAPA user',$safeusername);
+if ($status) {
print "Error. Something went wrong with the addition of user ".
"\"$safeusername\".\n" unless $noprint;
+ print "Final status of useradd = $status";
unlink('/tmp/lock_lcpasswd');
exit 12;
}
-
+print "Done adding user\n" unless $noprint;
# Make www a member of that user group.
my $groups=`/usr/bin/groups www` or exit(6);
chomp $groups; $groups=~s/^\S+\s+\:\s+//;
my @grouplist=split(/\s+/,$groups);
my @ugrouplist=grep {!/www|$safeusername/} @grouplist;
my $gl=join(',',(@ugrouplist,$safeusername));
+print "Putting user in its own group\n" unless $noprint;
if (system('/usr/sbin/usermod','-G',$gl,'www')) {
print "Error. Could not make www a member of the group ".
"\"$safeusername\".\n" unless $noprint;
@@ -228,6 +236,7 @@
unlink('/tmp/lock_lcpasswd');
&disable_root_capability;
($>,$<)=($wwwid,$wwwid);
+print "Opening lcpasswd pipeline\n" unless $noprint;
open OUT,"|/home/httpd/perl/lcpasswd";
print OUT $safeusername;
print OUT "\n";
@@ -237,6 +246,7 @@
print OUT "\n";
close OUT;
if ($?) {
+ print "abnormal exit from close lcpasswd\n" unless $noprint;
exit 8;
}
($>,$<)=($wwwid,0);
@@ -276,6 +286,7 @@
END
close OUT;
+print "lcuseradd exiting\n" unless $noprint;
system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername");
# -------------------------------------------------------- Exit script
@@ -285,8 +296,8 @@
# ---------------------------------------------- Have setuid script run as root
sub enable_root_capability {
if ($wwwid==$>) {
- ($<,$>)=($>,$<);
- ($(,$))=($),$();
+ ($<,$>)=($>,0);
+ ($(,$))=($),0);
}
else {
# root capability is already enabled
Index: loncom/lcpasswd
diff -u loncom/lcpasswd:1.17 loncom/lcpasswd:1.18
--- loncom/lcpasswd:1.17 Mon Sep 16 09:27:40 2002
+++ loncom/lcpasswd Wed Sep 18 22:02:59 2002
@@ -1,5 +1,4 @@
#!/usr/bin/perl
-
# The Learning Online Network with CAPA
#
# lcpasswd - LON-CAPA setuid script to synchronously change all
@@ -14,7 +13,7 @@
# YEAR=2002
# 02/19 Matthew Hall
#
-# $Id: lcpasswd,v 1.17 2002/09/16 13:27:40 foxr Exp $
+# $Id: lcpasswd,v 1.18 2002/09/19 02:02:59 foxr Exp $
###
###############################################################################
@@ -95,6 +94,8 @@
# Do not print error messages
my $noprint=1;
+print "In lcpasswd" unless $noprint;
+
# ----------------------------- Make sure this process is running from user=www
my $wwwid=getpwnam('www');
&disable_root_capability;
@@ -155,10 +156,10 @@
unlink('/tmp/lock_lcpasswd');
exit 5;
}
-
&enable_root_capability;
($>,$<)=(0,0);
-print "Now root, -invoking pwchange with $safeusername $password1"
+
+print "Now $> , $< , -invoking pwchange with $safeusername $password1"
unless $noprint;
open OUT,"|pwchange $safeusername";
print OUT $password1;
@@ -202,8 +203,8 @@
# ---------------------------------------------- have setuid script run as root
sub enable_root_capability {
if ($wwwid==$>) {
- ($<,$>)=($>,$<);
- ($(,$))=($),$();
+ ($<,$>)=($>,0);
+ ($(,$))=($),0);
}
else {
# root capability is already enabled
Index: loncom/pwchange
diff -u loncom/pwchange:1.7 loncom/pwchange:1.8
--- loncom/pwchange:1.7 Mon Sep 16 09:27:40 2002
+++ loncom/pwchange Wed Sep 18 22:02:59 2002
@@ -10,20 +10,24 @@
# YEAR=2002
# 02/19 Matthew Hall
#
-# $Id: pwchange,v 1.7 2002/09/16 13:27:40 foxr Exp $
+# $Id: pwchange,v 1.8 2002/09/19 02:02:59 foxr Exp $
###
use strict;
my $noprint = 1;
+
+
+print "In pwchange\n" unless $noprint;
+print "Real uid = $< effective uid = $> \n" unless $noprint;
# ------------------------------------------------------------------ Untainting
$ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information.
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
# ---------------------------- Make sure this process is running from user=root
-my $wwwid=getpwnam('www');
-if (0!=$<) {
- print "Username not www" unless $noprint;
+
+if (0 != $<) {
+ print "Username not root" unless $noprint;
exit 1;
}
# ----------------------------------------------- If not running setuid as root