WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

implemented user+passwd in STDIN

This commit is contained in:
Roland Gruber 2005-03-05 13:23:59 +00:00
parent 3fe5a3a924
commit 1888ebc53c
3 changed files with 41 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lam/docs/README.lamdaemon.txt
View File

@ -58,7 +58,7 @@ things to get it to work:
You have to run the command as the user your webserver is running, e.g. You have to run the command as the user your webserver is running, e.g.
wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \ wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \
127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl root secret *test 127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl adminuser secret *test
You should get the following response: You should get the following response:
@ -74,4 +74,12 @@ things to get it to work:
Now everything should work fine. Now everything should work fine.
Security warning:
-----------------
If you use PHP < 4.3 your admin user and password are passed as commandline argument.
This can be a security risk. Upgrade your PHP version for productive use.
Please send a mail to TiloLutz@gmx.de if you have any suggestions. Please send a mail to TiloLutz@gmx.de if you have any suggestions.

22
lam/lib/lamdaemon.inc
View File

@ -40,16 +40,12 @@ $Id$
function lamdaemon($commands) { function lamdaemon($commands) {
// get username and password of the current lam-admin // get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt_login(); $ldap_q = $_SESSION['ldap']->decrypt_login();
/* $towrite has the following syntax:
* admin-username, admin-password, owner of homedir, 'home', operation='add'
* use escapeshellarg to make exec() shell-safe
*/
$towrite = escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".
escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]);
$userstring = implode ("\n", $commands); $userstring = implode ("\n", $commands);
if (function_exists(proc_open)) { $output_array = array();
if (function_exists('proc_open')) {
// New Code, requires PHP 4.3 // New Code, requires PHP 4.3
$towrite = escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." - -";
$descriptorspec = array( $descriptorspec = array(
0 => array("pipe", "r"), // stdin 0 => array("pipe", "r"), // stdin
1 => array("pipe", "w"), // stout 1 => array("pipe", "w"), // stout
@ -64,6 +60,9 @@ function lamdaemon($commands) {
* $pipes[1] is readable handle to child stdout * $pipes[1] is readable handle to child stdout
* any error is send to /dev/null * any error is send to /dev/null
*/ */
// user+passwd
fwrite($pipes[0], $ldap_q[0] . "\n");
fwrite($pipes[0], $ldap_q[1] . "\n");
// Write to stdin // Write to stdin
fwrite($pipes[0], $userstring); fwrite($pipes[0], $userstring);
} }
@ -76,6 +75,8 @@ function lamdaemon($commands) {
proc_close($process); proc_close($process);
} }
else { // PHP 4.3> else { // PHP 4.3>
$towrite = escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".
escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]);
$command = escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".$towrite; $command = escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".$towrite;
$pipe = popen("echo \"$userstring\"|$command" , 'r'); $pipe = popen("echo \"$userstring\"|$command" , 'r');
while(!feof($pipe)) { while(!feof($pipe)) {
@ -85,7 +86,12 @@ function lamdaemon($commands) {
} }
pclose($pipe); pclose($pipe);
} }
return $output_array; if (sizeof($output_array) > 0) {
return $output_array;
}
else {
return false;
}
} }
?> ?>

22
lam/lib/lamdaemon.pl
View File

@ -205,9 +205,23 @@ else {
$remotepath = shift @ARGV; $remotepath = shift @ARGV;
use Net::SSH::Perl; use Net::SSH::Perl;
if ($ARGV[2] eq "*test") { print "Net::SSH::Perl successfully installed.\n"; } if ($ARGV[2] eq "*test") { print "Net::SSH::Perl successfully installed.\n"; }
@username = split (',', $ARGV[0]); if (($ARGV[0] eq "-") and ($ARGV[1] eq "-")) { # user+passwd are in STDIN
$username[0] =~ s/uid=//; $username = <STDIN>;
$password = $ARGV[1]; chop($username);
@username = split (',', $username);
$username[0] =~ s/uid=//;
$username[0] =~ s/cn=//;
$username = $username[0];
$password = <STDIN>;
chop($password);
}
else {
@username = split (',', $ARGV[0]);
$username[0] =~ s/uid=//;
$username[0] =~ s/cn=//;
$username = $username[0];
$password = $ARGV[1];
}
# Put all transfered lines in one string # Put all transfered lines in one string
if ($ARGV[2] ne "*test") { if ($ARGV[2] ne "*test") {
$string = do {local $/;<STDIN>}; $string = do {local $/;<STDIN>};
@ -216,7 +230,7 @@ else {
my $ssh = Net::SSH::Perl->new($hostname, options=>[ my $ssh = Net::SSH::Perl->new($hostname, options=>[
"UserKnownHostsFile /dev/null"], "UserKnownHostsFile /dev/null"],
protocol => "2,1" ); protocol => "2,1" );
$ssh->login($username[0], $password); $ssh->login($username, $password);
# Change needed to prevent buffer overrun # Change needed to prevent buffer overrun
@string2 = split ("\n", $string); @string2 = split ("\n", $string);
for ($i=0; $i<=$#string2; $i++) { for ($i=0; $i<=$#string2; $i++) {