/[smeserver]/rpms/e-smith-base/sme10/e-smith-base-5.8.0-bz9677-suid_wrapper.patch
ViewVC logotype

Contents of /rpms/e-smith-base/sme10/e-smith-base-5.8.0-bz9677-suid_wrapper.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (show annotations) (download)
Sun Jun 6 20:38:44 2021 UTC (3 years, 5 months ago) by jpp
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +0 -0 lines
Error occurred while calculating annotation data.
FILE REMOVED
5.8.1

1 diff -urN e-smith-base-5.8.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/userpassword e-smith-base-5.8.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/userpassword
2 --- e-smith-base-5.8.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/userpassword 1970-01-01 04:00:00.000000000 +0400
3 +++ e-smith-base-5.8.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/userpassword 2008-08-21 01:17:24.000000000 +0400
4 @@ -0,0 +1,19 @@
5 +<lexicon lang="en-us">
6 +
7 + <entry>
8 + <base>DESCRIPTION</base>
9 + <trans>
10 + <![CDATA[
11 + <P>To change your account password, please fill out the following
12 + form. You will need to provide the name of your account, your
13 + old password, and your desired new password. (You must type the new
14 + password twice.)</P>
15 +
16 + <P>If you cannot change your password because you have forgotten the
17 + old one, your local system administrator can reset your password using
18 + the <EM>server manager</EM>.</P>
19 + ]]>
20 + </trans>
21 + </entry>
22 +
23 +</lexicon>
24 diff -urN e-smith-base-5.8.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/panels/password/cgi-bin/userpassword e-smith-base-5.8.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/panels/password/cgi-bin/userpassword
25 --- e-smith-base-5.8.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/panels/password/cgi-bin/userpassword 2008-08-21 01:17:24.000000000 +0400
26 +++ e-smith-base-5.8.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/panels/password/cgi-bin/userpassword 1970-01-01 04:00:00.000000000 +0400
27 @@ -1,19 +0,0 @@
28 -<lexicon lang="en-us">
29 -
30 - <entry>
31 - <base>DESCRIPTION</base>
32 - <trans>
33 - <![CDATA[
34 - <P>To change your account password, please fill out the following
35 - form. You will need to provide the name of your account, your
36 - old password, and your desired new password. (You must type the new
37 - password twice.)</P>
38 -
39 - <P>If you cannot change your password because you have forgotten the
40 - old one, your local system administrator can reset your password using
41 - the <EM>server manager</EM>.</P>
42 - ]]>
43 - </trans>
44 - </entry>
45 -
46 -</lexicon>
47 diff -urN e-smith-base-5.8.0.old/root/etc/e-smith/web/functions/userpassword e-smith-base-5.8.0/root/etc/e-smith/web/functions/userpassword
48 --- e-smith-base-5.8.0.old/root/etc/e-smith/web/functions/userpassword 1970-01-01 04:00:00.000000000 +0400
49 +++ e-smith-base-5.8.0/root/etc/e-smith/web/functions/userpassword 2008-08-21 01:17:24.000000000 +0400
50 @@ -0,0 +1,151 @@
51 +#!/usr/bin/perl -wT
52 +
53 +#----------------------------------------------------------------------
54 +# e-smith manager functions: userpassword
55 +# copyright (C) 1999, 2000, 2001 e-smith, inc.
56 +#
57 +# This program is free software; you can redistribute it and/or modify
58 +# it under the terms of the GNU General Public License as published by
59 +# the Free Software Foundation; either version 2 of the License, or
60 +# (at your option) any later version.
61 +#
62 +# This program is distributed in the hope that it will be useful,
63 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
64 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
65 +# GNU General Public License for more details.
66 +#
67 +# You should have received a copy of the GNU General Public License
68 +# along with this program; if not, write to the Free Software
69 +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
70 +#
71 +# Technical support for this program is available from e-smith, inc.
72 +# Please visit our web site www.e-smith.com for details.
73 +#----------------------------------------------------------------------
74 +
75 +use strict;
76 +use esmith::FormMagick;
77 +use esmith::util;
78 +use esmith::ConfigDB;
79 +
80 +our $configdb = esmith::ConfigDB->open();
81 +my $fm = new esmith::FormMagick;
82 +$fm->display();
83 +
84 +sub change_password {
85 + my ($fm) = @_;
86 +
87 + my $q = $fm->{cgi};
88 +
89 + $q->param( -name => 'wherenext', -value => 'Done' );
90 +
91 + my $oldPass = $q->param('oldPass');
92 + my $pass = $q->param('pass');
93 + my $acctName = $q->param('account');
94 +
95 + unless (($oldPass) = ($oldPass =~ /^(\S+)$/ ))
96 + {
97 + $q->param(-name => 'status_message', -value => 'TAINTED_OLDPASS');
98 + return;
99 + }
100 +
101 + unless (($pass) = ($pass =~ /^([ -~]+)$/ ))
102 + {
103 + $q->param(-name => 'status_message', -value => 'TAINTED_PASS');
104 + return;
105 + }
106 +
107 + unless (($acctName) = ($acctName =~ /^([a-z][\-\_\.a-z0-9]*)$/ ))
108 + {
109 + $q->param(-name => 'status_message', -value => 'TAINTED_ACCOUNT');
110 + return;
111 + }
112 +
113 + use esmith::AccountsDB;
114 + my $accountdb = esmith::AccountsDB->open();
115 +
116 + my $acct;
117 + unless ($acct = $accountdb->get($acctName))
118 + {
119 + $q->param(-name => 'status_message', -value => 'YOUR_ACCOUNT_INVALID');
120 + return;
121 + }
122 +
123 + unless ($acct->prop('type') eq 'user')
124 + {
125 + $q->param(-name=>'status_message', -value=>"YOUR_ACCOUNT_INVALID");
126 + return;
127 + }
128 +
129 + unless (esmith::util::setUserPasswordRequirePrevious(
130 + $acctName,
131 + $oldPass,
132 + $pass))
133 + {
134 + $q->param(-name => 'status_message',
135 + -value => 'ERROR_PASSWORD_CHANGE');
136 + return;
137 + }
138 + $acct->set_prop("PasswordSet", "yes");
139 + undef $accountdb;
140 +
141 + system("/sbin/e-smith/signal-event", "password-modify", $acctName) == 0
142 + or die ("Error occurred while modifying password for $acctName.\n");
143 + $accountdb = esmith::AccountsDB->open();
144 +
145 + $q->param(-name => 'status_message', -value => 'PASSWORD_CHANGE_SUCCESS');
146 + return;
147 +}
148 +
149 +sub password_compare {
150 + my $fm = shift;
151 + my $pass2 = shift;
152 +
153 + my $pass1 = $fm->{cgi}->param('pass');
154 + unless ($pass1 eq $pass2) {
155 + $fm->{cgi}->param( -name => 'wherenext', -value => 'Password' );
156 + return "PASSWORD_VERIFY_ERROR";
157 + }
158 + return "OK";
159 +}
160 +
161 +=pod
162 +
163 +=head2 check_password
164 +
165 +Validates the password using the desired strength
166 +
167 +=cut
168 +
169 +sub check_password {
170 + my $fm = shift;
171 + my $pass1 = shift;
172 +
173 + my $check_type;
174 + my $rec = $configdb->get('passwordstrength');
175 + $check_type = ($rec ? ($rec->prop('Users') || 'none') : 'none');
176 +
177 + return $fm->validate_password($check_type,$pass1);
178 +}
179 +
180 +__DATA__
181 +<form title="ACCOUNT_PASSWORD_CHANGE" header="/etc/e-smith/web/common/userpassword_head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl">
182 + <page name="Password" post-event="change_password" pre-event="turn_off_buttons()" header="/etc/e-smith/web/common/head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl">
183 + <description>DESCRIPTION</description>
184 +
185 + <field type="text" id="account" validation="nonblank" value="">
186 + <label>YOUR_ACCOUNT</label>
187 + </field>
188 + <field type="password" id="oldPass" validation="nonblank" value="">
189 + <label>PASSWORD_OLD</label>
190 + </field>
191 + <field type="password" id="pass" validation="nonblank, check_password" value="">
192 + <label>PASSWORD_NEW</label>
193 + </field>
194 + <field type="password" id="passVerify" validation="password_compare" value="">
195 + <label>PASSWORD_VERIFY_NEW</label>
196 + </field>
197 + <subroutine src="print_button('PASSWORD_CHANGE')" />
198 + </page>
199 + <page name="Done" pre-event="print_status_message()">
200 + </page>
201 +</form>
202 diff -urN e-smith-base-5.8.0.old/root/etc/e-smith/web/panels/password/cgi-bin/userpassword e-smith-base-5.8.0/root/etc/e-smith/web/panels/password/cgi-bin/userpassword
203 --- e-smith-base-5.8.0.old/root/etc/e-smith/web/panels/password/cgi-bin/userpassword 2008-08-21 01:17:24.000000000 +0400
204 +++ e-smith-base-5.8.0/root/etc/e-smith/web/panels/password/cgi-bin/userpassword 1970-01-01 04:00:00.000000000 +0400
205 @@ -1,151 +0,0 @@
206 -#!/usr/bin/perl -wT
207 -
208 -#----------------------------------------------------------------------
209 -# e-smith manager functions: userpassword
210 -# copyright (C) 1999, 2000, 2001 e-smith, inc.
211 -#
212 -# This program is free software; you can redistribute it and/or modify
213 -# it under the terms of the GNU General Public License as published by
214 -# the Free Software Foundation; either version 2 of the License, or
215 -# (at your option) any later version.
216 -#
217 -# This program is distributed in the hope that it will be useful,
218 -# but WITHOUT ANY WARRANTY; without even the implied warranty of
219 -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
220 -# GNU General Public License for more details.
221 -#
222 -# You should have received a copy of the GNU General Public License
223 -# along with this program; if not, write to the Free Software
224 -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
225 -#
226 -# Technical support for this program is available from e-smith, inc.
227 -# Please visit our web site www.e-smith.com for details.
228 -#----------------------------------------------------------------------
229 -
230 -use strict;
231 -use esmith::FormMagick;
232 -use esmith::util;
233 -use esmith::ConfigDB;
234 -
235 -our $configdb = esmith::ConfigDB->open();
236 -my $fm = new esmith::FormMagick;
237 -$fm->display();
238 -
239 -sub change_password {
240 - my ($fm) = @_;
241 -
242 - my $q = $fm->{cgi};
243 -
244 - $q->param( -name => 'wherenext', -value => 'Done' );
245 -
246 - my $oldPass = $q->param('oldPass');
247 - my $pass = $q->param('pass');
248 - my $acctName = $q->param('account');
249 -
250 - unless (($oldPass) = ($oldPass =~ /^(\S+)$/ ))
251 - {
252 - $q->param(-name => 'status_message', -value => 'TAINTED_OLDPASS');
253 - return;
254 - }
255 -
256 - unless (($pass) = ($pass =~ /^([ -~]+)$/ ))
257 - {
258 - $q->param(-name => 'status_message', -value => 'TAINTED_PASS');
259 - return;
260 - }
261 -
262 - unless (($acctName) = ($acctName =~ /^([a-z][\-\_\.a-z0-9]*)$/ ))
263 - {
264 - $q->param(-name => 'status_message', -value => 'TAINTED_ACCOUNT');
265 - return;
266 - }
267 -
268 - use esmith::AccountsDB;
269 - my $accountdb = esmith::AccountsDB->open();
270 -
271 - my $acct;
272 - unless ($acct = $accountdb->get($acctName))
273 - {
274 - $q->param(-name => 'status_message', -value => 'YOUR_ACCOUNT_INVALID');
275 - return;
276 - }
277 -
278 - unless ($acct->prop('type') eq 'user')
279 - {
280 - $q->param(-name=>'status_message', -value=>"YOUR_ACCOUNT_INVALID");
281 - return;
282 - }
283 -
284 - unless (esmith::util::setUserPasswordRequirePrevious(
285 - $acctName,
286 - $oldPass,
287 - $pass))
288 - {
289 - $q->param(-name => 'status_message',
290 - -value => 'ERROR_PASSWORD_CHANGE');
291 - return;
292 - }
293 - $acct->set_prop("PasswordSet", "yes");
294 - undef $accountdb;
295 -
296 - system("/sbin/e-smith/signal-event", "password-modify", $acctName) == 0
297 - or die ("Error occurred while modifying password for $acctName.\n");
298 - $accountdb = esmith::AccountsDB->open();
299 -
300 - $q->param(-name => 'status_message', -value => 'PASSWORD_CHANGE_SUCCESS');
301 - return;
302 -}
303 -
304 -sub password_compare {
305 - my $fm = shift;
306 - my $pass2 = shift;
307 -
308 - my $pass1 = $fm->{cgi}->param('pass');
309 - unless ($pass1 eq $pass2) {
310 - $fm->{cgi}->param( -name => 'wherenext', -value => 'Password' );
311 - return "PASSWORD_VERIFY_ERROR";
312 - }
313 - return "OK";
314 -}
315 -
316 -=pod
317 -
318 -=head2 check_password
319 -
320 -Validates the password using the desired strength
321 -
322 -=cut
323 -
324 -sub check_password {
325 - my $fm = shift;
326 - my $pass1 = shift;
327 -
328 - my $check_type;
329 - my $rec = $configdb->get('passwordstrength');
330 - $check_type = ($rec ? ($rec->prop('Users') || 'none') : 'none');
331 -
332 - return $fm->validate_password($check_type,$pass1);
333 -}
334 -
335 -__DATA__
336 -<form title="ACCOUNT_PASSWORD_CHANGE" header="/etc/e-smith/web/common/userpassword_head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl">
337 - <page name="Password" post-event="change_password" pre-event="turn_off_buttons()" header="/etc/e-smith/web/common/head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl">
338 - <description>DESCRIPTION</description>
339 -
340 - <field type="text" id="account" validation="nonblank" value="">
341 - <label>YOUR_ACCOUNT</label>
342 - </field>
343 - <field type="password" id="oldPass" validation="nonblank" value="">
344 - <label>PASSWORD_OLD</label>
345 - </field>
346 - <field type="password" id="pass" validation="nonblank, check_password" value="">
347 - <label>PASSWORD_NEW</label>
348 - </field>
349 - <field type="password" id="passVerify" validation="password_compare" value="">
350 - <label>PASSWORD_VERIFY_NEW</label>
351 - </field>
352 - <subroutine src="print_button('PASSWORD_CHANGE')" />
353 - </page>
354 - <page name="Done" pre-event="print_status_message()">
355 - </page>
356 -</form>

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed