/[smeserver]/rpms/e-smith-base/sme10/e-smith-base-5.8.0-bz9677-suid_wrapper.patch
ViewVC logotype

Annotation of /rpms/e-smith-base/sme10/e-smith-base-5.8.0-bz9677-suid_wrapper.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Sun Jun 6 20:38:44 2021 UTC (3 years, 5 months ago) by jpp
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +0 -0 lines
FILE REMOVED
5.8.1

1 michel 1.1 diff -urN e-smith-base-5.8.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/userpassword e-smith-base-5.8.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/userpassword
2     --- e-smith-base-5.8.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/userpassword 1970-01-01 04:00:00.000000000 +0400
3     +++ e-smith-base-5.8.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/userpassword 2008-08-21 01:17:24.000000000 +0400
4     @@ -0,0 +1,19 @@
5     +<lexicon lang="en-us">
6     +
7     + <entry>
8     + <base>DESCRIPTION</base>
9     + <trans>
10     + <![CDATA[
11     + <P>To change your account password, please fill out the following
12     + form. You will need to provide the name of your account, your
13     + old password, and your desired new password. (You must type the new
14     + password twice.)</P>
15     +
16     + <P>If you cannot change your password because you have forgotten the
17     + old one, your local system administrator can reset your password using
18     + the <EM>server manager</EM>.</P>
19     + ]]>
20     + </trans>
21     + </entry>
22     +
23     +</lexicon>
24     diff -urN e-smith-base-5.8.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/panels/password/cgi-bin/userpassword e-smith-base-5.8.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/panels/password/cgi-bin/userpassword
25     --- e-smith-base-5.8.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/panels/password/cgi-bin/userpassword 2008-08-21 01:17:24.000000000 +0400
26     +++ e-smith-base-5.8.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/panels/password/cgi-bin/userpassword 1970-01-01 04:00:00.000000000 +0400
27     @@ -1,19 +0,0 @@
28     -<lexicon lang="en-us">
29     -
30     - <entry>
31     - <base>DESCRIPTION</base>
32     - <trans>
33     - <![CDATA[
34     - <P>To change your account password, please fill out the following
35     - form. You will need to provide the name of your account, your
36     - old password, and your desired new password. (You must type the new
37     - password twice.)</P>
38     -
39     - <P>If you cannot change your password because you have forgotten the
40     - old one, your local system administrator can reset your password using
41     - the <EM>server manager</EM>.</P>
42     - ]]>
43     - </trans>
44     - </entry>
45     -
46     -</lexicon>
47     diff -urN e-smith-base-5.8.0.old/root/etc/e-smith/web/functions/userpassword e-smith-base-5.8.0/root/etc/e-smith/web/functions/userpassword
48     --- e-smith-base-5.8.0.old/root/etc/e-smith/web/functions/userpassword 1970-01-01 04:00:00.000000000 +0400
49     +++ e-smith-base-5.8.0/root/etc/e-smith/web/functions/userpassword 2008-08-21 01:17:24.000000000 +0400
50     @@ -0,0 +1,151 @@
51     +#!/usr/bin/perl -wT
52     +
53     +#----------------------------------------------------------------------
54     +# e-smith manager functions: userpassword
55     +# copyright (C) 1999, 2000, 2001 e-smith, inc.
56     +#
57     +# This program is free software; you can redistribute it and/or modify
58     +# it under the terms of the GNU General Public License as published by
59     +# the Free Software Foundation; either version 2 of the License, or
60     +# (at your option) any later version.
61     +#
62     +# This program is distributed in the hope that it will be useful,
63     +# but WITHOUT ANY WARRANTY; without even the implied warranty of
64     +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
65     +# GNU General Public License for more details.
66     +#
67     +# You should have received a copy of the GNU General Public License
68     +# along with this program; if not, write to the Free Software
69     +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
70     +#
71     +# Technical support for this program is available from e-smith, inc.
72     +# Please visit our web site www.e-smith.com for details.
73     +#----------------------------------------------------------------------
74     +
75     +use strict;
76     +use esmith::FormMagick;
77     +use esmith::util;
78     +use esmith::ConfigDB;
79     +
80     +our $configdb = esmith::ConfigDB->open();
81     +my $fm = new esmith::FormMagick;
82     +$fm->display();
83     +
84     +sub change_password {
85     + my ($fm) = @_;
86     +
87     + my $q = $fm->{cgi};
88     +
89     + $q->param( -name => 'wherenext', -value => 'Done' );
90     +
91     + my $oldPass = $q->param('oldPass');
92     + my $pass = $q->param('pass');
93     + my $acctName = $q->param('account');
94     +
95     + unless (($oldPass) = ($oldPass =~ /^(\S+)$/ ))
96     + {
97     + $q->param(-name => 'status_message', -value => 'TAINTED_OLDPASS');
98     + return;
99     + }
100     +
101     + unless (($pass) = ($pass =~ /^([ -~]+)$/ ))
102     + {
103     + $q->param(-name => 'status_message', -value => 'TAINTED_PASS');
104     + return;
105     + }
106     +
107     + unless (($acctName) = ($acctName =~ /^([a-z][\-\_\.a-z0-9]*)$/ ))
108     + {
109     + $q->param(-name => 'status_message', -value => 'TAINTED_ACCOUNT');
110     + return;
111     + }
112     +
113     + use esmith::AccountsDB;
114     + my $accountdb = esmith::AccountsDB->open();
115     +
116     + my $acct;
117     + unless ($acct = $accountdb->get($acctName))
118     + {
119     + $q->param(-name => 'status_message', -value => 'YOUR_ACCOUNT_INVALID');
120     + return;
121     + }
122     +
123     + unless ($acct->prop('type') eq 'user')
124     + {
125     + $q->param(-name=>'status_message', -value=>"YOUR_ACCOUNT_INVALID");
126     + return;
127     + }
128     +
129     + unless (esmith::util::setUserPasswordRequirePrevious(
130     + $acctName,
131     + $oldPass,
132     + $pass))
133     + {
134     + $q->param(-name => 'status_message',
135     + -value => 'ERROR_PASSWORD_CHANGE');
136     + return;
137     + }
138     + $acct->set_prop("PasswordSet", "yes");
139     + undef $accountdb;
140     +
141     + system("/sbin/e-smith/signal-event", "password-modify", $acctName) == 0
142     + or die ("Error occurred while modifying password for $acctName.\n");
143     + $accountdb = esmith::AccountsDB->open();
144     +
145     + $q->param(-name => 'status_message', -value => 'PASSWORD_CHANGE_SUCCESS');
146     + return;
147     +}
148     +
149     +sub password_compare {
150     + my $fm = shift;
151     + my $pass2 = shift;
152     +
153     + my $pass1 = $fm->{cgi}->param('pass');
154     + unless ($pass1 eq $pass2) {
155     + $fm->{cgi}->param( -name => 'wherenext', -value => 'Password' );
156     + return "PASSWORD_VERIFY_ERROR";
157     + }
158     + return "OK";
159     +}
160     +
161     +=pod
162     +
163     +=head2 check_password
164     +
165     +Validates the password using the desired strength
166     +
167     +=cut
168     +
169     +sub check_password {
170     + my $fm = shift;
171     + my $pass1 = shift;
172     +
173     + my $check_type;
174     + my $rec = $configdb->get('passwordstrength');
175     + $check_type = ($rec ? ($rec->prop('Users') || 'none') : 'none');
176     +
177     + return $fm->validate_password($check_type,$pass1);
178     +}
179     +
180     +__DATA__
181     +<form title="ACCOUNT_PASSWORD_CHANGE" header="/etc/e-smith/web/common/userpassword_head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl">
182     + <page name="Password" post-event="change_password" pre-event="turn_off_buttons()" header="/etc/e-smith/web/common/head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl">
183     + <description>DESCRIPTION</description>
184     +
185     + <field type="text" id="account" validation="nonblank" value="">
186     + <label>YOUR_ACCOUNT</label>
187     + </field>
188     + <field type="password" id="oldPass" validation="nonblank" value="">
189     + <label>PASSWORD_OLD</label>
190     + </field>
191     + <field type="password" id="pass" validation="nonblank, check_password" value="">
192     + <label>PASSWORD_NEW</label>
193     + </field>
194     + <field type="password" id="passVerify" validation="password_compare" value="">
195     + <label>PASSWORD_VERIFY_NEW</label>
196     + </field>
197     + <subroutine src="print_button('PASSWORD_CHANGE')" />
198     + </page>
199     + <page name="Done" pre-event="print_status_message()">
200     + </page>
201     +</form>
202     diff -urN e-smith-base-5.8.0.old/root/etc/e-smith/web/panels/password/cgi-bin/userpassword e-smith-base-5.8.0/root/etc/e-smith/web/panels/password/cgi-bin/userpassword
203     --- e-smith-base-5.8.0.old/root/etc/e-smith/web/panels/password/cgi-bin/userpassword 2008-08-21 01:17:24.000000000 +0400
204     +++ e-smith-base-5.8.0/root/etc/e-smith/web/panels/password/cgi-bin/userpassword 1970-01-01 04:00:00.000000000 +0400
205     @@ -1,151 +0,0 @@
206     -#!/usr/bin/perl -wT
207     -
208     -#----------------------------------------------------------------------
209     -# e-smith manager functions: userpassword
210     -# copyright (C) 1999, 2000, 2001 e-smith, inc.
211     -#
212     -# This program is free software; you can redistribute it and/or modify
213     -# it under the terms of the GNU General Public License as published by
214     -# the Free Software Foundation; either version 2 of the License, or
215     -# (at your option) any later version.
216     -#
217     -# This program is distributed in the hope that it will be useful,
218     -# but WITHOUT ANY WARRANTY; without even the implied warranty of
219     -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
220     -# GNU General Public License for more details.
221     -#
222     -# You should have received a copy of the GNU General Public License
223     -# along with this program; if not, write to the Free Software
224     -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
225     -#
226     -# Technical support for this program is available from e-smith, inc.
227     -# Please visit our web site www.e-smith.com for details.
228     -#----------------------------------------------------------------------
229     -
230     -use strict;
231     -use esmith::FormMagick;
232     -use esmith::util;
233     -use esmith::ConfigDB;
234     -
235     -our $configdb = esmith::ConfigDB->open();
236     -my $fm = new esmith::FormMagick;
237     -$fm->display();
238     -
239     -sub change_password {
240     - my ($fm) = @_;
241     -
242     - my $q = $fm->{cgi};
243     -
244     - $q->param( -name => 'wherenext', -value => 'Done' );
245     -
246     - my $oldPass = $q->param('oldPass');
247     - my $pass = $q->param('pass');
248     - my $acctName = $q->param('account');
249     -
250     - unless (($oldPass) = ($oldPass =~ /^(\S+)$/ ))
251     - {
252     - $q->param(-name => 'status_message', -value => 'TAINTED_OLDPASS');
253     - return;
254     - }
255     -
256     - unless (($pass) = ($pass =~ /^([ -~]+)$/ ))
257     - {
258     - $q->param(-name => 'status_message', -value => 'TAINTED_PASS');
259     - return;
260     - }
261     -
262     - unless (($acctName) = ($acctName =~ /^([a-z][\-\_\.a-z0-9]*)$/ ))
263     - {
264     - $q->param(-name => 'status_message', -value => 'TAINTED_ACCOUNT');
265     - return;
266     - }
267     -
268     - use esmith::AccountsDB;
269     - my $accountdb = esmith::AccountsDB->open();
270     -
271     - my $acct;
272     - unless ($acct = $accountdb->get($acctName))
273     - {
274     - $q->param(-name => 'status_message', -value => 'YOUR_ACCOUNT_INVALID');
275     - return;
276     - }
277     -
278     - unless ($acct->prop('type') eq 'user')
279     - {
280     - $q->param(-name=>'status_message', -value=>"YOUR_ACCOUNT_INVALID");
281     - return;
282     - }
283     -
284     - unless (esmith::util::setUserPasswordRequirePrevious(
285     - $acctName,
286     - $oldPass,
287     - $pass))
288     - {
289     - $q->param(-name => 'status_message',
290     - -value => 'ERROR_PASSWORD_CHANGE');
291     - return;
292     - }
293     - $acct->set_prop("PasswordSet", "yes");
294     - undef $accountdb;
295     -
296     - system("/sbin/e-smith/signal-event", "password-modify", $acctName) == 0
297     - or die ("Error occurred while modifying password for $acctName.\n");
298     - $accountdb = esmith::AccountsDB->open();
299     -
300     - $q->param(-name => 'status_message', -value => 'PASSWORD_CHANGE_SUCCESS');
301     - return;
302     -}
303     -
304     -sub password_compare {
305     - my $fm = shift;
306     - my $pass2 = shift;
307     -
308     - my $pass1 = $fm->{cgi}->param('pass');
309     - unless ($pass1 eq $pass2) {
310     - $fm->{cgi}->param( -name => 'wherenext', -value => 'Password' );
311     - return "PASSWORD_VERIFY_ERROR";
312     - }
313     - return "OK";
314     -}
315     -
316     -=pod
317     -
318     -=head2 check_password
319     -
320     -Validates the password using the desired strength
321     -
322     -=cut
323     -
324     -sub check_password {
325     - my $fm = shift;
326     - my $pass1 = shift;
327     -
328     - my $check_type;
329     - my $rec = $configdb->get('passwordstrength');
330     - $check_type = ($rec ? ($rec->prop('Users') || 'none') : 'none');
331     -
332     - return $fm->validate_password($check_type,$pass1);
333     -}
334     -
335     -__DATA__
336     -<form title="ACCOUNT_PASSWORD_CHANGE" header="/etc/e-smith/web/common/userpassword_head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl">
337     - <page name="Password" post-event="change_password" pre-event="turn_off_buttons()" header="/etc/e-smith/web/common/head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl">
338     - <description>DESCRIPTION</description>
339     -
340     - <field type="text" id="account" validation="nonblank" value="">
341     - <label>YOUR_ACCOUNT</label>
342     - </field>
343     - <field type="password" id="oldPass" validation="nonblank" value="">
344     - <label>PASSWORD_OLD</label>
345     - </field>
346     - <field type="password" id="pass" validation="nonblank, check_password" value="">
347     - <label>PASSWORD_NEW</label>
348     - </field>
349     - <field type="password" id="passVerify" validation="password_compare" value="">
350     - <label>PASSWORD_VERIFY_NEW</label>
351     - </field>
352     - <subroutine src="print_button('PASSWORD_CHANGE')" />
353     - </page>
354     - <page name="Done" pre-event="print_status_message()">
355     - </page>
356     -</form>

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed