diff --git a/lam/docs/README.lamdaemon.txt b/lam/docs/README.lamdaemon.txt index 1efc6eef..14261dac 100644 --- a/lam/docs/README.lamdaemon.txt +++ b/lam/docs/README.lamdaemon.txt @@ -58,7 +58,7 @@ things to get it to work: You have to run the command as the user your webserver is running, e.g. wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \ - 127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl root secret *test + 127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl adminuser secret *test You should get the following response: @@ -74,4 +74,12 @@ things to get it to work: Now everything should work fine. + +Security warning: +----------------- + + If you use PHP < 4.3 your admin user and password are passed as commandline argument. + This can be a security risk. Upgrade your PHP version for productive use. + + Please send a mail to TiloLutz@gmx.de if you have any suggestions. diff --git a/lam/lib/lamdaemon.inc b/lam/lib/lamdaemon.inc index 88497abb..3dda3fbb 100644 --- a/lam/lib/lamdaemon.inc +++ b/lam/lib/lamdaemon.inc @@ -40,16 +40,12 @@ $Id$ function lamdaemon($commands) { // get username and password of the current lam-admin $ldap_q = $_SESSION['ldap']->decrypt_login(); - /* $towrite has the following syntax: - * admin-username, admin-password, owner of homedir, 'home', operation='add' - * use escapeshellarg to make exec() shell-safe - */ - $towrite = escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ". - escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]); $userstring = implode ("\n", $commands); - if (function_exists(proc_open)) { + $output_array = array(); + if (function_exists('proc_open')) { // New Code, requires PHP 4.3 + $towrite = escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." - -"; $descriptorspec = array( 0 => array("pipe", "r"), // stdin 1 => array("pipe", "w"), // stout @@ -64,6 +60,9 @@ function lamdaemon($commands) { * $pipes[1] is readable handle to child stdout * any error is send to /dev/null */ + // user+passwd + fwrite($pipes[0], $ldap_q[0] . "\n"); + fwrite($pipes[0], $ldap_q[1] . "\n"); // Write to stdin fwrite($pipes[0], $userstring); } @@ -76,6 +75,8 @@ function lamdaemon($commands) { proc_close($process); } else { // PHP 4.3> + $towrite = escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ". + escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]); $command = escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".$towrite; $pipe = popen("echo \"$userstring\"|$command" , 'r'); while(!feof($pipe)) { @@ -85,7 +86,12 @@ function lamdaemon($commands) { } pclose($pipe); } - return $output_array; + if (sizeof($output_array) > 0) { + return $output_array; + } + else { + return false; + } } ?> diff --git a/lam/lib/lamdaemon.pl b/lam/lib/lamdaemon.pl index 6cff64f6..3273707c 100755 --- a/lam/lib/lamdaemon.pl +++ b/lam/lib/lamdaemon.pl @@ -205,9 +205,23 @@ else { $remotepath = shift @ARGV; use Net::SSH::Perl; if ($ARGV[2] eq "*test") { print "Net::SSH::Perl successfully installed.\n"; } - @username = split (',', $ARGV[0]); - $username[0] =~ s/uid=//; - $password = $ARGV[1]; + if (($ARGV[0] eq "-") and ($ARGV[1] eq "-")) { # user+passwd are in STDIN + $username = ; + chop($username); + @username = split (',', $username); + $username[0] =~ s/uid=//; + $username[0] =~ s/cn=//; + $username = $username[0]; + $password = ; + chop($password); + } + else { + @username = split (',', $ARGV[0]); + $username[0] =~ s/uid=//; + $username[0] =~ s/cn=//; + $username = $username[0]; + $password = $ARGV[1]; + } # Put all transfered lines in one string if ($ARGV[2] ne "*test") { $string = do {local $/;}; @@ -216,7 +230,7 @@ else { my $ssh = Net::SSH::Perl->new($hostname, options=>[ "UserKnownHostsFile /dev/null"], protocol => "2,1" ); - $ssh->login($username[0], $password); + $ssh->login($username, $password); # Change needed to prevent buffer overrun @string2 = split ("\n", $string); for ($i=0; $i<=$#string2; $i++) {