[LON-CAPA-cvs] cvs: loncom / lcpasswd lcuseradd pwchange

foxr lon-capa-cvs@mail.lon-capa.org
Thu, 19 Sep 2002 02:02:59 -0000


foxr		Wed Sep 18 22:02:59 2002 EDT

  Modified files:              
    /loncom	lcuseradd lcpasswd pwchange 
  Log:
  Bug 701 Fixed various little diddly stuff that prevented a new filesystem authenticated user from getting an initial passwd.
  
  
  
Index: loncom/lcuseradd
diff -u loncom/lcuseradd:1.22 loncom/lcuseradd:1.23
--- loncom/lcuseradd:1.22	Mon Sep 16 09:27:40 2002
+++ loncom/lcuseradd	Wed Sep 18 22:02:59 2002
@@ -18,7 +18,7 @@
 #        o LonCapa will add it if/when the user is granted an Author
 #          role.
 #
-# $Id: lcuseradd,v 1.22 2002/09/16 13:27:40 foxr Exp $
+# $Id: lcuseradd,v 1.23 2002/09/19 02:02:59 foxr Exp $
 ###
 
 ###############################################################################
@@ -120,6 +120,8 @@
 # Do not print error messages.
 my $noprint=1;
 
+print "In lcuseradd\n" unless $noprint;
+
 # ----------------------------- Make sure this process is running from user=www
 my $wwwid=getpwnam('www');
 &disable_root_capability;
@@ -162,11 +164,11 @@
 }
 
 my ($username,$password1,$password2)=@input;
-print "Username = ".$username unless $noprint;
+print "Username = ".$username."\n" unless $noprint;
 $username=~/^(\w+)$/;
 print "Username after substitution - ".$username unless $noprint;
 my $safeusername=$1;
-print "Safe username = $safeusername" unless $noprint;
+print "Safe username = $safeusername \n" unless $noprint;
 
 if (($username ne $safeusername) or ($safeusername!~/^[A-Za-z]/)) {
     print "Error. The user name specified $username $safeusername  has invalid characters.\n"
@@ -191,30 +193,36 @@
 }
 
 # -- Only add user if the two password arguments match.
+
 if ($password1 ne $password2) {
     print "Error. Password mismatch.\n" unless $noprint;
     unlink('/tmp/lock_lcpasswd');
     exit 13;
 }
-
+print "enabling root\n" unless $noprint;
 # ---------------------------------- Start running script with root permissions
 &enable_root_capability;
 
 # ------------------- Add user and make www a member of the user-specific group
 # -- Add user
-if (system('/usr/sbin/useradd','-c','LON-CAPA user',$safeusername)) {
+
+print "adding user: $safeusername \n" unless $noprint;
+my $status = system('/usr/sbin/useradd','-c','LON-CAPA user',$safeusername);
+if ($status) {
     print "Error.  Something went wrong with the addition of user ".
 	  "\"$safeusername\".\n" unless $noprint;
+    print "Final status of useradd = $status";
     unlink('/tmp/lock_lcpasswd');
     exit 12;
 }
-
+print "Done adding user\n" unless $noprint;
 # Make www a member of that user group.
 my $groups=`/usr/bin/groups www` or exit(6);
 chomp $groups; $groups=~s/^\S+\s+\:\s+//;
 my @grouplist=split(/\s+/,$groups);
 my @ugrouplist=grep {!/www|$safeusername/} @grouplist;
 my $gl=join(',',(@ugrouplist,$safeusername));
+print "Putting user in its own group\n" unless $noprint;
 if (system('/usr/sbin/usermod','-G',$gl,'www')) {
     print "Error. Could not make www a member of the group ".
 	  "\"$safeusername\".\n" unless $noprint;
@@ -228,6 +236,7 @@
 unlink('/tmp/lock_lcpasswd');
 &disable_root_capability;
 ($>,$<)=($wwwid,$wwwid);
+print "Opening lcpasswd pipeline\n" unless $noprint;
 open OUT,"|/home/httpd/perl/lcpasswd";
 print OUT $safeusername;
 print OUT "\n";
@@ -237,6 +246,7 @@
 print OUT "\n";
 close OUT;
 if ($?) {
+    print "abnormal exit from close lcpasswd\n" unless $noprint;
     exit 8;
 }
 ($>,$<)=($wwwid,0);
@@ -276,6 +286,7 @@
 END
 close OUT;
 
+print "lcuseradd exiting\n" unless $noprint;
 system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername");
 
 # -------------------------------------------------------- Exit script
@@ -285,8 +296,8 @@
 # ---------------------------------------------- Have setuid script run as root
 sub enable_root_capability {
     if ($wwwid==$>) {
-	($<,$>)=($>,$<);
-	($(,$))=($),$();
+	($<,$>)=($>,0);
+	($(,$))=($),0);
     }
     else {
 	# root capability is already enabled
Index: loncom/lcpasswd
diff -u loncom/lcpasswd:1.17 loncom/lcpasswd:1.18
--- loncom/lcpasswd:1.17	Mon Sep 16 09:27:40 2002
+++ loncom/lcpasswd	Wed Sep 18 22:02:59 2002
@@ -1,5 +1,4 @@
 #!/usr/bin/perl
-
 # The Learning Online Network with CAPA
 #
 # lcpasswd - LON-CAPA setuid script to synchronously change all
@@ -14,7 +13,7 @@
 # YEAR=2002
 # 02/19 Matthew Hall
 #
-# $Id: lcpasswd,v 1.17 2002/09/16 13:27:40 foxr Exp $
+# $Id: lcpasswd,v 1.18 2002/09/19 02:02:59 foxr Exp $
 ###
 
 ###############################################################################
@@ -95,6 +94,8 @@
 # Do not print error messages
 my $noprint=1;
 
+print "In lcpasswd" unless $noprint;
+
 # ----------------------------- Make sure this process is running from user=www
 my $wwwid=getpwnam('www');
 &disable_root_capability;
@@ -155,10 +156,10 @@
     unlink('/tmp/lock_lcpasswd');
     exit 5;
 }
-
 &enable_root_capability;
 ($>,$<)=(0,0);
-print "Now root, -invoking pwchange with $safeusername $password1"
+
+print "Now $> , $< , -invoking pwchange with $safeusername $password1"
     unless $noprint;
 open OUT,"|pwchange $safeusername";
 print OUT $password1;
@@ -202,8 +203,8 @@
 # ---------------------------------------------- have setuid script run as root
 sub enable_root_capability {
     if ($wwwid==$>) {
-	($<,$>)=($>,$<);
-	($(,$))=($),$();
+	($<,$>)=($>,0);
+	($(,$))=($),0);
     }
     else {
 	# root capability is already enabled
Index: loncom/pwchange
diff -u loncom/pwchange:1.7 loncom/pwchange:1.8
--- loncom/pwchange:1.7	Mon Sep 16 09:27:40 2002
+++ loncom/pwchange	Wed Sep 18 22:02:59 2002
@@ -10,20 +10,24 @@
 # YEAR=2002
 # 02/19 Matthew Hall
 #
-# $Id: pwchange,v 1.7 2002/09/16 13:27:40 foxr Exp $
+# $Id: pwchange,v 1.8 2002/09/19 02:02:59 foxr Exp $
 ###
 
 use strict;
 my $noprint = 1;
 
+
+
+print "In pwchange\n" unless $noprint;
+print "Real uid = $< effective uid = $> \n" unless $noprint;
 # ------------------------------------------------------------------ Untainting
 $ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information.
 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
 
 # ---------------------------- Make sure this process is running from user=root
-my $wwwid=getpwnam('www');
-if (0!=$<) {
-    print "Username not www" unless $noprint;
+
+if (0 != $<) {
+    print "Username not root" unless $noprint;
    exit 1;
 }
 # ----------------------------------------------- If not running setuid as root