From a7c3c8dc14e19dcf6fb56495b3c09bc41a66acf9 Mon Sep 17 00:00:00 2001 From: alec Date: Wed, 7 Mar 2012 11:19:06 +0000 Subject: - Helper files moved to helpers/ directory from drivers/ git-svn-id: https://svn.roundcube.net/trunk@5977 208e9e7b-5314-0410-a742-e7e81cd9613c --- plugins/password/README | 6 ++-- plugins/password/drivers/chgdbmailusers.c | 48 -------------------------- plugins/password/drivers/chgsaslpasswd.c | 29 ---------------- plugins/password/drivers/chgvirtualminpasswd.c | 28 --------------- plugins/password/drivers/chpass-wrapper.py | 32 ----------------- plugins/password/drivers/dbmail.php | 4 +-- plugins/password/drivers/pw_usermod.php | 2 +- plugins/password/drivers/sasl.php | 4 +-- plugins/password/drivers/virtualmin.php | 2 +- plugins/password/helpers/chgdbmailusers.c | 48 ++++++++++++++++++++++++++ plugins/password/helpers/chgsaslpasswd.c | 29 ++++++++++++++++ plugins/password/helpers/chgvirtualminpasswd.c | 28 +++++++++++++++ plugins/password/helpers/chpass-wrapper.py | 32 +++++++++++++++++ plugins/password/package.xml | 11 ++++-- 14 files changed, 154 insertions(+), 149 deletions(-) delete mode 100644 plugins/password/drivers/chgdbmailusers.c delete mode 100644 plugins/password/drivers/chgsaslpasswd.c delete mode 100644 plugins/password/drivers/chgvirtualminpasswd.c delete mode 100644 plugins/password/drivers/chpass-wrapper.py create mode 100644 plugins/password/helpers/chgdbmailusers.c create mode 100644 plugins/password/helpers/chgsaslpasswd.c create mode 100644 plugins/password/helpers/chgvirtualminpasswd.c create mode 100644 plugins/password/helpers/chpass-wrapper.py diff --git a/plugins/password/README b/plugins/password/README index 4fcbc4b21..eadf10742 100644 --- a/plugins/password/README +++ b/plugins/password/README @@ -136,7 +136,7 @@ Installation: - Change into the drivers directory. Edit the chgsaslpasswd.c file as is + Change into the helpers directory. Edit the chgsaslpasswd.c file as is documented within it. Compile the wrapper program: @@ -205,7 +205,7 @@ ---------------------------- As in sasl driver this one allows to change password using shell - utility called "virtualmin". See drivers/chgvirtualminpasswd.c for + utility called "virtualmin". See helpers/chgvirtualminpasswd.c for installation instructions. See also config.inc.php.dist file. @@ -230,7 +230,7 @@ Driver that adds functionality to change the systems user password via the 'chpasswd' command. See config.inc.php.dist file. - Attached wrapper script (chpass-wrapper.py) restricts password changes + Attached wrapper script (helpers/chpass-wrapper.py) restricts password changes to uids >= 1000 and can deny requests based on a blacklist. diff --git a/plugins/password/drivers/chgdbmailusers.c b/plugins/password/drivers/chgdbmailusers.c deleted file mode 100644 index 28f79c100..000000000 --- a/plugins/password/drivers/chgdbmailusers.c +++ /dev/null @@ -1,48 +0,0 @@ -#include -#include -#include - -// set the UID this script will run as (root user) -#define UID 0 -#define CMD "/usr/sbin/dbmail-users" -#define RCOK 0x100 - -/* INSTALLING: - gcc -o chgdbmailusers chgdbmailusers.c - chown root.apache chgdbmailusers - strip chgdbmailusers - chmod 4550 chgdbmailusers -*/ - -main(int argc, char *argv[]) -{ - int cnt,rc,cc; - char cmnd[255]; - - strcpy(cmnd, CMD); - - if (argc > 1) - { - for (cnt = 1; cnt < argc; cnt++) - { - strcat(cmnd, " "); - strcat(cmnd, argv[cnt]); - } - } - else - { - fprintf(stderr, "__ %s: failed %d %d\n", argv[0], rc, cc); - return 255; - } - - cc = setuid(UID); - rc = system(cmnd); - - if ((rc != RCOK) || (cc != 0)) - { - fprintf(stderr, "__ %s: failed %d %d\n", argv[0], rc, cc); - return 1; - } - - return 0; -} diff --git a/plugins/password/drivers/chgsaslpasswd.c b/plugins/password/drivers/chgsaslpasswd.c deleted file mode 100644 index bcdcb2e0d..000000000 --- a/plugins/password/drivers/chgsaslpasswd.c +++ /dev/null @@ -1,29 +0,0 @@ -#include -#include - -// set the UID this script will run as (cyrus user) -#define UID 96 -// set the path to saslpasswd or saslpasswd2 -#define CMD "/usr/sbin/saslpasswd2" - -/* INSTALLING: - gcc -o chgsaslpasswd chgsaslpasswd.c - chown cyrus.apache chgsaslpasswd - strip chgsaslpasswd - chmod 4550 chgsaslpasswd -*/ - -main(int argc, char *argv[]) -{ - int rc,cc; - - cc = setuid(UID); - rc = execvp(CMD, argv); - if ((rc != 0) || (cc != 0)) - { - fprintf(stderr, "__ %s: failed %d %d\n", argv[0], rc, cc); - return 1; - } - - return 0; -} diff --git a/plugins/password/drivers/chgvirtualminpasswd.c b/plugins/password/drivers/chgvirtualminpasswd.c deleted file mode 100644 index 4e2299c66..000000000 --- a/plugins/password/drivers/chgvirtualminpasswd.c +++ /dev/null @@ -1,28 +0,0 @@ -#include -#include - -// set the UID this script will run as (root user) -#define UID 0 -#define CMD "/usr/sbin/virtualmin" - -/* INSTALLING: - gcc -o chgvirtualminpasswd chgvirtualminpasswd.c - chown root.apache chgvirtualminpasswd - strip chgvirtualminpasswd - chmod 4550 chgvirtualminpasswd -*/ - -main(int argc, char *argv[]) -{ - int rc,cc; - - cc = setuid(UID); - rc = execvp(CMD, argv); - if ((rc != 0) || (cc != 0)) - { - fprintf(stderr, "__ %s: failed %d %d\n", argv[0], rc, cc); - return 1; - } - - return 0; -} diff --git a/plugins/password/drivers/chpass-wrapper.py b/plugins/password/drivers/chpass-wrapper.py deleted file mode 100644 index 61bba849e..000000000 --- a/plugins/password/drivers/chpass-wrapper.py +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/env python - -import sys -import pwd -import subprocess - -BLACKLIST = ( - # add blacklisted users here - #'user1', -) - -try: - username, password = sys.stdin.readline().split(':', 1) -except ValueError, e: - sys.exit('Malformed input') - -try: - user = pwd.getpwnam(username) -except KeyError, e: - sys.exit('No such user: %s' % username) - -if user.pw_uid < 1000: - sys.exit('Changing the password for user id < 1000 is forbidden') - -if username in BLACKLIST: - sys.exit('Changing password for user %s is forbidden (user blacklisted)' % - username) - -handle = subprocess.Popen('/usr/sbin/chpasswd', stdin = subprocess.PIPE) -handle.communicate('%s:%s' % (username, password)) - -sys.exit(handle.returncode) diff --git a/plugins/password/drivers/dbmail.php b/plugins/password/drivers/dbmail.php index a457fc27b..a7c2f46a3 100644 --- a/plugins/password/drivers/dbmail.php +++ b/plugins/password/drivers/dbmail.php @@ -19,9 +19,9 @@ class rcube_dbmail_password { function password_save($currpass, $newpass) { - $curdir = realpath(dirname(__FILE__)); + $curdir = INSTALL_PATH . 'plugins/password/helpers'; $username = escapeshellcmd($_SESSION['username']); - $args = rcmail::get_instance()->config->get('password_dbmail_args', ''); + $args = rcmail::get_instance()->config->get('password_dbmail_args', ''); exec("$curdir/chgdbmailusers -c $username -w $newpass $args", $output, $returnvalue); diff --git a/plugins/password/drivers/pw_usermod.php b/plugins/password/drivers/pw_usermod.php index ca3d068a7..5b92fcbfb 100644 --- a/plugins/password/drivers/pw_usermod.php +++ b/plugins/password/drivers/pw_usermod.php @@ -17,8 +17,8 @@ class rcube_pw_usermod_password { public function save($currpass, $newpass) { - $cmd = rcmail::get_instance()->config->get('password_pw_usermod_cmd'); $username = $_SESSION['username']; + $cmd = rcmail::get_instance()->config->get('password_pw_usermod_cmd'); $cmd .= " $username > /dev/null"; $handle = popen($cmd, "w"); diff --git a/plugins/password/drivers/sasl.php b/plugins/password/drivers/sasl.php index 3e6fe1c8b..957c1196c 100644 --- a/plugins/password/drivers/sasl.php +++ b/plugins/password/drivers/sasl.php @@ -20,9 +20,9 @@ class rcube_sasl_password { function save($currpass, $newpass) { - $curdir = realpath(dirname(__FILE__)); + $curdir = INSTALL_PATH . 'plugins/password/helpers'; $username = escapeshellcmd($_SESSION['username']); - $args = rcmail::get_instance()->config->get('password_saslpasswd_args', ''); + $args = rcmail::get_instance()->config->get('password_saslpasswd_args', ''); if ($fh = popen("$curdir/chgsaslpasswd -p $args $username", 'w')) { fwrite($fh, $newpass."\n"); diff --git a/plugins/password/drivers/virtualmin.php b/plugins/password/drivers/virtualmin.php index 5a9d9c0ca..b2547e07f 100644 --- a/plugins/password/drivers/virtualmin.php +++ b/plugins/password/drivers/virtualmin.php @@ -55,7 +55,7 @@ class rcube_virtualmin_password $username = escapeshellcmd($username); $domain = escapeshellcmd($domain); $newpass = escapeshellcmd($newpass); - $curdir = realpath(dirname(__FILE__)); + $curdir = INSTALL_PATH . 'plugins/password/helpers'; exec("$curdir/chgvirtualminpasswd modify-user --domain $domain --user $username --pass $newpass", $output, $returnvalue); diff --git a/plugins/password/helpers/chgdbmailusers.c b/plugins/password/helpers/chgdbmailusers.c new file mode 100644 index 000000000..28f79c100 --- /dev/null +++ b/plugins/password/helpers/chgdbmailusers.c @@ -0,0 +1,48 @@ +#include +#include +#include + +// set the UID this script will run as (root user) +#define UID 0 +#define CMD "/usr/sbin/dbmail-users" +#define RCOK 0x100 + +/* INSTALLING: + gcc -o chgdbmailusers chgdbmailusers.c + chown root.apache chgdbmailusers + strip chgdbmailusers + chmod 4550 chgdbmailusers +*/ + +main(int argc, char *argv[]) +{ + int cnt,rc,cc; + char cmnd[255]; + + strcpy(cmnd, CMD); + + if (argc > 1) + { + for (cnt = 1; cnt < argc; cnt++) + { + strcat(cmnd, " "); + strcat(cmnd, argv[cnt]); + } + } + else + { + fprintf(stderr, "__ %s: failed %d %d\n", argv[0], rc, cc); + return 255; + } + + cc = setuid(UID); + rc = system(cmnd); + + if ((rc != RCOK) || (cc != 0)) + { + fprintf(stderr, "__ %s: failed %d %d\n", argv[0], rc, cc); + return 1; + } + + return 0; +} diff --git a/plugins/password/helpers/chgsaslpasswd.c b/plugins/password/helpers/chgsaslpasswd.c new file mode 100644 index 000000000..bcdcb2e0d --- /dev/null +++ b/plugins/password/helpers/chgsaslpasswd.c @@ -0,0 +1,29 @@ +#include +#include + +// set the UID this script will run as (cyrus user) +#define UID 96 +// set the path to saslpasswd or saslpasswd2 +#define CMD "/usr/sbin/saslpasswd2" + +/* INSTALLING: + gcc -o chgsaslpasswd chgsaslpasswd.c + chown cyrus.apache chgsaslpasswd + strip chgsaslpasswd + chmod 4550 chgsaslpasswd +*/ + +main(int argc, char *argv[]) +{ + int rc,cc; + + cc = setuid(UID); + rc = execvp(CMD, argv); + if ((rc != 0) || (cc != 0)) + { + fprintf(stderr, "__ %s: failed %d %d\n", argv[0], rc, cc); + return 1; + } + + return 0; +} diff --git a/plugins/password/helpers/chgvirtualminpasswd.c b/plugins/password/helpers/chgvirtualminpasswd.c new file mode 100644 index 000000000..4e2299c66 --- /dev/null +++ b/plugins/password/helpers/chgvirtualminpasswd.c @@ -0,0 +1,28 @@ +#include +#include + +// set the UID this script will run as (root user) +#define UID 0 +#define CMD "/usr/sbin/virtualmin" + +/* INSTALLING: + gcc -o chgvirtualminpasswd chgvirtualminpasswd.c + chown root.apache chgvirtualminpasswd + strip chgvirtualminpasswd + chmod 4550 chgvirtualminpasswd +*/ + +main(int argc, char *argv[]) +{ + int rc,cc; + + cc = setuid(UID); + rc = execvp(CMD, argv); + if ((rc != 0) || (cc != 0)) + { + fprintf(stderr, "__ %s: failed %d %d\n", argv[0], rc, cc); + return 1; + } + + return 0; +} diff --git a/plugins/password/helpers/chpass-wrapper.py b/plugins/password/helpers/chpass-wrapper.py new file mode 100644 index 000000000..61bba849e --- /dev/null +++ b/plugins/password/helpers/chpass-wrapper.py @@ -0,0 +1,32 @@ +#!/usr/bin/env python + +import sys +import pwd +import subprocess + +BLACKLIST = ( + # add blacklisted users here + #'user1', +) + +try: + username, password = sys.stdin.readline().split(':', 1) +except ValueError, e: + sys.exit('Malformed input') + +try: + user = pwd.getpwnam(username) +except KeyError, e: + sys.exit('No such user: %s' % username) + +if user.pw_uid < 1000: + sys.exit('Changing the password for user id < 1000 is forbidden') + +if username in BLACKLIST: + sys.exit('Changing password for user %s is forbidden (user blacklisted)' % + username) + +handle = subprocess.Popen('/usr/sbin/chpasswd', stdin = subprocess.PIPE) +handle.communicate('%s:%s' % (username, password)) + +sys.exit(handle.returncode) diff --git a/plugins/password/package.xml b/plugins/password/package.xml index ddab35d7d..4b8652168 100644 --- a/plugins/password/package.xml +++ b/plugins/password/package.xml @@ -30,6 +30,7 @@ - Added option password_login_exceptions (#1487826) - Added domainfactory driver (#1487882) - Added DBMail driver (#1488281) +- Helper files moved to helpers/ directory from drivers/ @@ -76,10 +77,10 @@ - - + + @@ -93,7 +94,11 @@ - + + + + + -- cgit v1.2.3