summaryrefslogtreecommitdiff
path: root/source3/web
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>1998-11-12 07:06:48 +0000
committerAndrew Tridgell <tridge@samba.org>1998-11-12 07:06:48 +0000
commit29e36b713468d7e7de301c483fc340ef42b4a9fb (patch)
treefd97dcedea842356595ce290c2fb1f95d8448285 /source3/web
parent4f368d8b924b76007809e967ac1f37f6a1ebdd68 (diff)
downloadsamba-29e36b713468d7e7de301c483fc340ef42b4a9fb.tar.gz
samba-29e36b713468d7e7de301c483fc340ef42b4a9fb.tar.bz2
samba-29e36b713468d7e7de301c483fc340ef42b4a9fb.zip
extracted the password change code from smbpasswd and used it in swat
instead of opening pipes and other horrible stuff. (This used to be commit 49bf19710345a59a2d17cd449be1a132885ed821)
Diffstat (limited to 'source3/web')
-rw-r--r--source3/web/swat.c353
1 files changed, 54 insertions, 299 deletions
diff --git a/source3/web/swat.c b/source3/web/swat.c
index 1ab90a3a3d..67582bc116 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -33,20 +33,18 @@ static pstring servicesf = CONFIGFILE;
/*
* Password Management Globals
*/
-char user[] = "username";
-char old_pswd[] = "old_passwd";
-char new_pswd[] = "new_passwd";
-char new2_pswd[] = "new2_passwd";
-char chg_passwd_flag[] = "chg_passwd_flag";
-char add_user_flag[] = "add_user_flag";
-char disable_user_flag[] = "disable_user_flag";
-char enable_user_flag[] = "enable_user_flag";
+#define USER "username"
+#define OLD_PSWD "old_passwd"
+#define NEW_PSWD "new_passwd"
+#define NEW2_PSWD "new2_passwd"
+#define CHG_PASSWD_FLAG "chg_passwd_flag"
+#define ADD_USER_FLAG "add_user_flag"
+#define DISABLE_USER_FLAG "disable_user_flag"
+#define ENABLE_USER_FLAG "enable_user_flag"
/* we need these because we link to locking*.o */
void become_root(BOOL save_dir) {}
void unbecome_root(BOOL restore_dir) {}
-/* We need this because we link to password.o */
-BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, BOOL override) {return False;}
/****************************************************************************
****************************************************************************/
@@ -87,8 +85,8 @@ char *p = newstring;
static char *make_parm_name(char *label)
{
-static char parmname[1024];
-char *p = parmname;
+ static char parmname[1024];
+ char *p = parmname;
while (*label) {
if (*label == ' ') *p++ = '_';
@@ -576,257 +574,24 @@ static void shares_page(void)
printf("</FORM>\n");
}
-/****************************************************************************
-****************************************************************************/
-static void sig_pipe ( int signo)
+/*************************************************************
+change a password either locally or remotely
+*************************************************************/
+static BOOL change_password(const char *remote_machine, char *user_name,
+ char *old_passwd, char *new_passwd,
+ BOOL add_user, BOOL enable_user, BOOL disable_user)
{
- printf("<p> SIGPIPE caught\n");
-}
-
-/****************************************************************************
- create 2 pipes and use them to feed the smbpasswd program
-****************************************************************************/
-static BOOL talk_to_smbpasswd(char *old, char *new)
-{
- int i, n, fd1[2], fd2[2];
- pid_t pid;
- BOOL rslt;
- char line[MAX_STRINGLEN + 2]; /* one for newline, one for null */
-
- if (signal(SIGPIPE, sig_pipe) == SIG_ERR) {
- printf("<p> signal error");
+ if (remote_machine != NULL) {
+ return remote_password_change(remote_machine, user_name, old_passwd, new_passwd);
}
- if ((pipe(fd1) < 0) || (pipe(fd2) < 0)) {
- printf("<p> pipe error");
+ if(!initialize_password_db()) {
+ printf("Can't setup password database vectors.\n");
+ return False;
}
-
- if ((pid = fork()) < 0) {
- printf("<p> fork error");
- }
-
- /*
- * Create this relationship with the pipes between the parent and
- * the child as detailed below.
- *
- * parent -> fd1[1] -- fd1[0] -> child
- * parent <- fd2[0] -- fd2[1] <- child
- *
- * fd1[0] is turned into child's stdin
- * fd2[1] is turned into child's stdout
- * fd2[1] is also turned into child's stderr
- *
- */
- else if (pid > 0) { /* parent */
-
- int to_child = fd1[1];
- int from_child = fd2[0];
- int wstat;
-
- close(fd1[0]); /* parent doesn't need input side of pipe fd1 */
- close(fd2[1]); /* parent doesn't need output side of pipe fd2 */
-
- /*
- * smbpasswd doesn't require any input to disable or enable a user
- */
- if (!cgi_variable(disable_user_flag) && !cgi_variable(enable_user_flag)) {
- /*
- * smbpasswd requires a regular old user to send their old password
- */
- if (am_root() == False) {
- n = (strlen(old) <= (MAX_STRINGLEN)) ? strlen(old) : (MAX_STRINGLEN);
- strncpy( line, old, n);
- line[n] = '\n'; n++; /* add carriage return */
- line[n] = 0; /* add null terminator, for debug */
- if (write( to_child, line, n) != n) {
- printf("<p> error on write to child");
- }
- }
-
- /*
- * smbpasswd requires that the new password be sent to it twice
- */
- for( i=0; i<2; i++) {
- n = (strlen(new) <= (MAX_STRINGLEN)) ? strlen(new) : (MAX_STRINGLEN);
- strncpy( line, new, n);
- line[n] = '\n'; n++; /* add carriage return */
- line[n] = 0; /* add null terminator, for debug */
- if (write( to_child, line, n) != n) {
- printf("<p> error on write to child");
- break;
- }
- }
- }
-
- /*
- * Wait for smbpasswd to finish
- */
- if (sys_waitpid(pid, &wstat, 0) < 0) {
- printf("<p> problem waiting");
- }
-
- /*
- * Read the answer from the add program
- */
- memset( line, '\0', sizeof(line));
- if ((n = read( from_child, line, MAX_STRINGLEN)) < 0) {
- printf("<p> error on read from child");
- }
-
- /*
- * Write the response from smbpasswd to user, if all is well
- * line[] should be just a null terminated line. We could
- * check for the null line and not print anything, but we
- * really should be checking the exit code if we want to be
- * sure.
- */
- line[n] = 0; /* null terminate */
- printf("<p> %s\n",line);
-
- close(to_child);
- close(from_child);
- if (line[0] == '\0') {
- rslt = True; /* All ok */
- } else {
- rslt = False; /* Something didn't work */
- }
-
- } else { /* child */
-
- int from_parent = fd1[0];
- int to_parent = fd2[1];
-
- close(fd1[1]); /* child doesn't need output side of pipe fd1 */
- close(fd2[0]); /* child doesn't need input side of pipe fd2 */
-
- /*
- * Turn the from_parent pipe into the childs stdin
- */
- if (from_parent != STDIN_FILENO) {
- if (dup2( from_parent, STDIN_FILENO) != STDIN_FILENO) {
- printf("<p> dup2 error of stdin");
- }
- close( from_parent);
- }
-
- /*
- * Turn the to_parent pipe into the childs stdout
- */
- if (to_parent != STDOUT_FILENO) {
- if (dup2( to_parent, STDOUT_FILENO) != STDOUT_FILENO) {
- printf("<p> dup2 error of stdout");
- }
- close( to_parent);
- }
- /*
- * Make the childs stderr the to_parent pipe also
- */
- if (dup2( STDOUT_FILENO, STDERR_FILENO) != STDERR_FILENO) {
- printf("<p> dup2 error of stdout");
- }
-
-
- /* Root can do more */
- if (am_root() == True) {
- if (cgi_variable(add_user_flag)) {
- /*
- * Add a user
- */
- if (execl(SMB_PASSWD_PROGRAM, "smbpasswd", "-s", "-a", cgi_variable(user), (char *) 0) < 0) {
- printf("<p> execl error of smbpasswd");
- }
- } else if (cgi_variable(disable_user_flag)) {
- /*
- * Disable a user
- */
- if (execl(SMB_PASSWD_PROGRAM, "smbpasswd", "-s", "-d", cgi_variable(user), (char *) 0) < 0) {
- printf("<p> execl error of smbpasswd");
- }
- } else if (cgi_variable(enable_user_flag)) {
- /*
- * Enable a user
- */
- if (execl(SMB_PASSWD_PROGRAM, "smbpasswd", "-s", "-e", cgi_variable(user), (char *) 0) < 0) {
- printf("<p> execl error of smbpasswd");
- }
- } else {
- /*
- * Change a users password
- */
- if (execl(SMB_PASSWD_PROGRAM, "smbpasswd", "-s", cgi_variable(user), (char *) 0) < 0) {
- printf("<p> execl error of smbpasswd");
- }
- }
- } else {
- /*
- * Ordinary users can change any users passwd if they know the old passwd
- */
- if (execl(SMB_PASSWD_PROGRAM, "smbpasswd", "-s", (char *) 0) < 0) {
- printf("<p> execl error of smbpasswd");
- }
- }
- }
- return(rslt);
-}
-
-/****************************************************************************
- become the specified uid - permanently !
-****************************************************************************/
-
-BOOL become_user_permanently(uid_t uid, gid_t gid)
-{
-
- if (geteuid() != 0) {
- return(True);
- }
-
- /* now completely lose our privilages. This is a fairly paranoid
- way of doing it, but it does work on all systems that I know of */
-
-#ifdef HAVE_SETRESUID
- /*
- * Firstly ensure all our uids are set to root.
- */
- setresgid(0,0,0);
- setresuid(0,0,0);
-
- /*
- * Now ensure we change all our gids.
- */
- setresgid(gid,gid,gid);
-
- /*
- * Now ensure all the uids are the user.
- */
- setresuid(uid,uid,uid);
-#else
- /*
- * Firstly ensure all our uids are set to root.
- */
- setuid(0);
- seteuid(0);
-
- /*
- * Now ensure we change all our gids.
- */
- setgid(gid);
- setegid(gid);
-
- /*
- * Now ensure all the uids are the user.
- */
- setuid(uid);
- seteuid(uid);
-#endif
-
- if (getuid() != uid || geteuid() != uid ||
- getgid() != gid || getegid() != gid) {
- /* We failed to lose our privilages. */
- return False;
- }
-
- return(True);
+ return local_password_change(user_name, False, add_user, enable_user,
+ disable_user, False, new_passwd);
}
/****************************************************************************
@@ -834,11 +599,10 @@ BOOL become_user_permanently(uid_t uid, gid_t gid)
****************************************************************************/
static void chg_passwd(void)
{
- struct passwd *pass = NULL;
BOOL rslt;
/* Make sure users name has been specified */
- if (strlen(cgi_variable(user)) == 0) {
+ if (strlen(cgi_variable(USER)) == 0) {
printf("<p> Must specify \"User Name\" \n");
return;
}
@@ -847,50 +611,40 @@ static void chg_passwd(void)
* smbpasswd doesn't require anything but the users name to disable or enable the user,
* so if that's what we're doing, skip the rest of the checks
*/
- if (!cgi_variable(disable_user_flag) && !cgi_variable(enable_user_flag)) {
+ if (!cgi_variable(DISABLE_USER_FLAG) && !cgi_variable(ENABLE_USER_FLAG)) {
/* If current user is not root, make sure old password has been specified */
- if ((am_root() == False) && (strlen( cgi_variable(old_pswd)) <= 0)) {
+ if ((am_root() == False) && (strlen( cgi_variable(OLD_PSWD)) <= 0)) {
printf("<p> Must specify \"Old Password\" \n");
return;
}
/* Make sure new passwords have been specified */
- if ((strlen( cgi_variable(new_pswd )) <= 0) ||
- (strlen( cgi_variable(new2_pswd)) <= 0)) {
+ if ((strlen( cgi_variable(NEW_PSWD)) <= 0) ||
+ (strlen( cgi_variable(NEW2_PSWD)) <= 0)) {
printf("<p> Must specify \"New, and Re-typed Passwords\" \n");
return;
}
/* Make sure new passwords was typed correctly twice */
- if (strcmp(cgi_variable(new_pswd), cgi_variable(new2_pswd)) != 0) {
+ if (strcmp(cgi_variable(NEW_PSWD), cgi_variable(NEW2_PSWD)) != 0) {
printf("<p> Re-typed password didn't match new password\n");
return;
}
}
-#ifdef SWAT_DEBUG
- if (pass) printf("<p> User uid %d gid %d \n", pass->pw_uid, pass->pw_gid);
- printf("<p> Processes uid %d, euid %d, gid %d, egid %d \n",getuid(),geteuid(),getgid(),getegid());
- printf("<p> User Name %s \n", cgi_variable(user));
- printf("<p> Old passwd %s \n", cgi_variable(old_pswd) ? cgi_variable(old_pswd):"");
- printf("<p> New passwd %s \n", cgi_variable(new_pswd));
- printf("<p> Re-typed New passwd %s \n", cgi_variable(new2_pswd));
- printf("<p> flags '%s', '%s', '%s' \n",
- (cgi_variable( chg_passwd_flag) ? cgi_variable( chg_passwd_flag) : ""),
- (cgi_variable( add_user_flag) ? cgi_variable( add_user_flag) : ""),
- (cgi_variable( disable_user_flag) ? cgi_variable( disable_user_flag) : ""));
- (cgi_variable( enable_user_flag) ? cgi_variable( enable_user_flag) : ""));
-#endif /* SWAT_DEBUG */
-
-
- rslt = talk_to_smbpasswd( cgi_variable(old_pswd), cgi_variable(new_pswd));
- if (am_root() == False) {
- if (rslt == True) {
- printf("<p> The passwd for '%s' has been changed. \n",cgi_variable(user));
- } else {
- printf("<p> The passwd for '%s' has NOT been changed. \n",cgi_variable(user));
- }
+ rslt = change_password(am_root() ? NULL : "127.0.0.1",
+ cgi_variable(USER),
+ cgi_variable(OLD_PSWD), cgi_variable(NEW_PSWD),
+ cgi_variable(ADD_USER_FLAG)? True : False,
+ cgi_variable(ENABLE_USER_FLAG)? True : False,
+ cgi_variable(DISABLE_USER_FLAG)? True : False);
+
+
+ if (rslt == True) {
+ printf("<p> The passwd for '%s' has been changed. \n", cgi_variable(USER));
+ } else {
+ printf("<p> The passwd for '%s' has NOT been changed. \n",cgi_variable(USER));
}
return;
@@ -913,29 +667,30 @@ static void passwd_page(void)
* After the first time through here be nice. If the user
* changed the User box text to another users name, remember it.
*/
- if ( cgi_variable(user) &&
- (strcmp(cgi_variable(user), get_user_name()))) {
+ if (cgi_variable(USER) &&
+ (strcmp(cgi_variable(USER), get_user_name()))) {
/* User is changing another accounts passwd */
- new_name = cgi_variable(user);
+ new_name = cgi_variable(USER);
} else {
/* User is changing there own passwd */
new_name = get_user_name();
}
- printf("<p> User Name : <input type=text size=30 name=%s value=%s> \n", user, new_name);
+ printf("<p> User Name : <input type=text size=30 name=%s value=%s> \n",
+ USER, new_name);
if (am_root() == False) {
- printf("<p> Old Password: <input type=password size=30 name=%s>\n",old_pswd);
+ printf("<p> Old Password: <input type=password size=30 name=%s>\n",OLD_PSWD);
}
- printf("<p> New Password: <input type=password size=30 name=%s>\n",new_pswd);
- printf("<p> Re-type New Password: <input type=password size=30 name=%s>\n",new2_pswd);
+ printf("<p> New Password: <input type=password size=30 name=%s>\n",NEW_PSWD);
+ printf("<p> Re-type New Password: <input type=password size=30 name=%s>\n",NEW2_PSWD);
printf("</select></td></tr><p>");
printf("<tr><td>");
- printf("<input type=submit name=%s value=\"Change Password\">", chg_passwd_flag);
+ printf("<input type=submit name=%s value=\"Change Password\">", CHG_PASSWD_FLAG);
if (am_root() == True) {
- printf("<input type=submit name=%s value=\"Add New User\">", add_user_flag);
- printf("<input type=submit name=%s value=\"Disable User\">", disable_user_flag);
- printf("<input type=submit name=%s value=\"Enable User\">", enable_user_flag);
+ printf("<input type=submit name=%s value=\"Add New User\">", ADD_USER_FLAG);
+ printf("<input type=submit name=%s value=\"Disable User\">", DISABLE_USER_FLAG);
+ printf("<input type=submit name=%s value=\"Enable User\">", ENABLE_USER_FLAG);
}
printf("</td>\n");
@@ -943,7 +698,7 @@ static void passwd_page(void)
* If we don't have user information then there's nothing to do. It's probably
* the first time through this code.
*/
- if (cgi_variable(user)) {
+ if (cgi_variable(USER)) {
chg_passwd();
}