Patch to remove any dependency on perl-suid. AlternC now uses sudo for all those former setuid scripts

2012-11-27 21:32:43 +00:00 · 2012-11-27 21:32:43 +00:00 · e1bf767288
parent 5c1ac6553b
commit e1bf767288
13 changed files with 39 additions and 35 deletions
--- a/bureau/class/m_admin.php
+++ b/bureau/class/m_admin.php
@ -354,7 +354,7 @@ class m_admin {
      $db->query("INSERT INTO membres (uid,login,pass,mail,creator,canpass,type,created, notes) VALUES ('$uid','$login','$pass','$mail','$cuid','$canpass', '$type', NOW(), '$notes');");
      $db->query("INSERT INTO local(uid,nom,prenom) VALUES('$uid','$nom','$prenom');");
      $this->renew_update($uid, $duration);
-      exec("/usr/lib/alternc/mem_add ".$login." ".$uid);
+      exec("sudo /usr/lib/alternc/mem_add ".$login." ".$uid);
      // Triggering hooks
      $mem->su($uid);
      // TODO: old hook method FIXME: when unused remove this
@ -562,7 +562,7 @@ EOF;
    if (($db->query("DELETE FROM membres WHERE uid='$uid';")) &&
 	($db->query("DELETE FROM local WHERE uid='$uid';"))) {
-      exec("/usr/lib/alternc/mem_del ".$tt["login"]);
+      exec("sudo /usr/lib/alternc/mem_del ".$tt["login"]);
      $mem->unsu();
      // If this user was (one day) an administrator one, he may have a list of his own accounts. Let's associate those accounts to nobody as a creator.
      $db->query("UPDATE membres SET creator=2000 WHERE creator='$uid';");
--- a/bureau/class/m_quota.php
+++ b/bureau/class/m_quota.php
@ -182,9 +182,9 @@ class m_quota {
    if (floatval($size)==0) $size="0";
    if (isset($this->disk[$ressource])) {
      // It's a disk resource, update it with shell command
-      exec("/usr/lib/alternc/quota_edit $cuid $size &> /dev/null &");
+      exec("sudo /usr/lib/alternc/quota_edit $cuid $size &> /dev/null &");
      // Now we check that the value has been written properly : 
-      exec("/usr/lib/alternc/quota_get $cuid &> /dev/null &",$a);
+      exec("sudo /usr/lib/alternc/quota_get $cuid &> /dev/null &",$a);
      if ($size!=$a[1]) {
 	$err->raise("quota",_("Error writing the quota entry!"));
 	return false;
--- a/debian/po/de.po
+++ b/debian/po/de.po
@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: AlternC 2.0\n"
 "Report-Msgid-Bugs-To: alternc@packages.debian.org\n"
-"POT-Creation-Date: 2012-10-17 11:21+0200\n"
+"POT-Creation-Date: 2012-11-27 22:31+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: <i18n@alternc.org>\n"
 "Language-Team: <i18n@alternc.org>\n"
@ -502,8 +502,8 @@ msgstr ""
 #. Description
 #: ../alternc.templates:30001
 msgid ""
-"A local MySQL connexion was established on the server. Do you Want to Use "
+"A local MySQL connection was established on the server. Do you Want to Use "
-"it. If not remote MySQL server connexion parameters will be needed."
+"it. If not remote MySQL server connection parameters will be needed."
 msgstr ""
 #. Type: boolean
--- a/debian/po/es.po
+++ b/debian/po/es.po
@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: AlternC-awstats module 2.0\n"
 "Report-Msgid-Bugs-To: alternc@packages.debian.org\n"
-"POT-Creation-Date: 2012-10-17 11:21+0200\n"
+"POT-Creation-Date: 2012-11-27 22:31+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -502,8 +502,8 @@ msgstr ""
 #. Description
 #: ../alternc.templates:30001
 msgid ""
-"A local MySQL connexion was established on the server. Do you Want to Use "
+"A local MySQL connection was established on the server. Do you Want to Use "
-"it. If not remote MySQL server connexion parameters will be needed."
+"it. If not remote MySQL server connection parameters will be needed."
 msgstr ""
 #. Type: boolean
--- a/debian/po/fr.po
+++ b/debian/po/fr.po
@ -15,7 +15,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: 0.3.1\n"
 "Report-Msgid-Bugs-To: alternc@packages.debian.org\n"
-"POT-Creation-Date: 2012-10-17 11:21+0200\n"
+"POT-Creation-Date: 2012-11-27 22:31+0100\n"
 "PO-Revision-Date: 2005-05-15 18:24+0200\n"
 "Last-Translator: Benjamin Sonntag <benjamin@altercn.org>\n"
 "Language-Team: french <dev@alternc.org>\n"
@ -603,8 +603,8 @@ msgstr ""
 #. Description
 #: ../alternc.templates:30001
 msgid ""
-"A local MySQL connexion was established on the server. Do you Want to Use "
+"A local MySQL connection was established on the server. Do you Want to Use "
-"it. If not remote MySQL server connexion parameters will be needed."
+"it. If not remote MySQL server connection parameters will be needed."
 msgstr ""
 #. Type: boolean
--- a/debian/po/it.po
+++ b/debian/po/it.po
@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: alternc@packages.debian.org\n"
-"POT-Creation-Date: 2012-10-17 11:21+0200\n"
+"POT-Creation-Date: 2012-11-27 22:31+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -503,8 +503,8 @@ msgstr ""
 #. Description
 #: ../alternc.templates:30001
 msgid ""
-"A local MySQL connexion was established on the server. Do you Want to Use "
+"A local MySQL connection was established on the server. Do you Want to Use "
-"it. If not remote MySQL server connexion parameters will be needed."
+"it. If not remote MySQL server connection parameters will be needed."
 msgstr ""
 #. Type: boolean
--- a/debian/po/pt.po
+++ b/debian/po/pt.po
@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: AlternC 2.0\n"
 "Report-Msgid-Bugs-To: alternc@packages.debian.org\n"
-"POT-Creation-Date: 2012-10-17 11:21+0200\n"
+"POT-Creation-Date: 2012-11-27 22:31+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: <i18n@alternc.org>\n"
 "Language-Team: <i18n@alternc.org>\n"
@ -502,8 +502,8 @@ msgstr ""
 #. Description
 #: ../alternc.templates:30001
 msgid ""
-"A local MySQL connexion was established on the server. Do you Want to Use "
+"A local MySQL connection was established on the server. Do you Want to Use "
-"it. If not remote MySQL server connexion parameters will be needed."
+"it. If not remote MySQL server connection parameters will be needed."
 msgstr ""
 #. Type: boolean
--- a/debian/po/templates.pot
+++ b/debian/po/templates.pot
@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: alternc@packages.debian.org\n"
-"POT-Creation-Date: 2012-10-17 11:21+0200\n"
+"POT-Creation-Date: 2012-11-27 22:31+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -503,8 +503,8 @@ msgstr ""
 #. Description
 #: ../alternc.templates:30001
 msgid ""
-"A local MySQL connexion was established on the server. Do you Want to Use "
+"A local MySQL connection was established on the server. Do you Want to Use "
-"it. If not remote MySQL server connexion parameters will be needed."
+"it. If not remote MySQL server connection parameters will be needed."
 msgstr ""
 #. Type: boolean
--- a/etc/alternc/alternc-sudoers
+++ b/etc/alternc/alternc-sudoers
@ -1,2 +1,2 @@
-alterncpanel	ALL = NOPASSWD : /usr/bin/quota, /usr/sbin/setquota, /usr/lib/alternc/fixperms.sh
+alterncpanel	ALL = NOPASSWD : /usr/bin/quota, /usr/sbin/setquota, /usr/lib/alternc/fixperms.sh, /usr/lib/alternc/mem_add, /usr/lib/alternc/mem_del, /usr/lib/alternc/quota_edit, /usr/lib/alternc/quota_get, /usr/lib/alternc/du.pl
 vmail		ALL = NOPASSWD : /usr/lib/dovecot/deliver
--- a/src/Makefile
+++ b/src/Makefile
@ -19,8 +19,7 @@
 # ----------------------------------------------------------------------
 # Purpose of file: Makefile des binaires de /usr/lib/alternc
 # ----------------------------------------------------------------------
-SETUID=quota_edit quota_get mem_add mem_del du.pl
+SCRIPTS=sqlbackup.sh quota_init quota_delete update_domains.sh slave_dns sendmail spoolsize.php fixperms.sh alternc-dboptimize export_account.php cron_users_doit.sh cron_users.sh compress_logs.sh delete_logs.sh quota-warning.sh update_mails.sh alternc_add_policy_dovecot rebuild_all_webconf.sh courier-dovecot-migrate.pl popimap-log-login.sh mem_add mem_del quota_edit quota_get du.pl
 SCRIPTS=sqlbackup.sh quota_init quota_delete update_domains.sh slave_dns sendmail spoolsize.php fixperms.sh alternc-dboptimize export_account.php cron_users_doit.sh cron_users.sh compress_logs.sh delete_logs.sh quota-warning.sh update_mails.sh alternc_add_policy_dovecot rebuild_all_webconf.sh courier-dovecot-migrate.pl popimap-log-login.sh
 LIBS=functions.sh functions_hosting.sh functions_dns.sh
 BIN=$(DESTDIR)/usr/lib/alternc/
@ -28,6 +27,5 @@ install:
 	# Group 1999 references alterncpanel
 	chown root:1999 $(BIN)
 	chmod 755 $(BIN)
 	install -o root -g 1999 -m4750 $(SETUID) $(BIN)
 	install -o root -g 1999 -m0750 $(SCRIPTS) $(BIN)
 	install -o root -g 1999 -m0644 $(LIBS) $(BIN)
--- a/src/mem_add
+++ b/src/mem_add
@ -5,7 +5,7 @@ use strict;
 my ($name,$uid) = @ARGV;
 if (!$name || !$uid) {
-    print "Usage: mem_add <name> <uid>\n";
+    print "Usage: sudo mem_add <name> <uid>\n";
    print " Create the AlternC account <name> having uid number <uid>\n";
    exit(1);
 }
@ -22,8 +22,11 @@ if (!($uid =~ /^([0-9]+)$/)) {
 }
 $uid=$1;
-$< = $>;
+if ( $< != 0 ) {
-$( = $);
+    die "please launch mem_add as root (or using sudo)";
 }
 #$< = $>;
 #$( = $);
 my $PTH="/var/alternc/html/".substr($name,0,1)."/".$name;
--- a/src/mem_del
+++ b/src/mem_del
@ -18,8 +18,11 @@ if (!($name =~ /^([a-z0-9]+)$/)) {
 }
 $name=$1;
-$< = $>;
+if ( $< != 0 ) {
-$( = $);
+    die "please launch mem_del as root (or using sudo)";
 }
 #$< = $>;
 #$( = $);
 my $PTH="/var/alternc/html/".substr($name,0,1)."/".$name;
--- a/src/spoolsize.php
+++ b/src/spoolsize.php
@ -9,7 +9,7 @@ echo "---------------------------\n Generating size-cache for web accounts\n\n";
 $r=mysql_query("SELECT uid,login FROM membres;");
 while ($c=mysql_fetch_array($r)) {
  echo $c["login"]; flush();
-  $size=exec("/usr/lib/alternc/du.pl /var/alternc/html/".substr($c["login"],0,1)."/".$c["login"]);
+  $size=exec("sudo /usr/lib/alternc/du.pl /var/alternc/html/".substr($c["login"],0,1)."/".$c["login"]);
  mysql_query("REPLACE INTO size_web SET uid='".$c["uid"]."',size='$size';");
  echo " done ($size KB) \n"; flush();
 }
@ -33,9 +33,9 @@ $r=@mysql_query("SELECT uid, name FROM mailman;");
 if ($r) {
  while ($c=mysql_fetch_array($r)) {
    echo $c["uid"]."/".$c["name"]; flush();
-    $size1=exec("/usr/lib/alternc/du.pl /var/lib/mailman/lists/".$c["name"]);
+    $size1=exec("sudo /usr/lib/alternc/du.pl /var/lib/mailman/lists/".$c["name"]);
-    $size2=exec("/usr/lib/alternc/du.pl /var/lib/mailman/archives/private/".$c["name"]);
+    $size2=exec("sudo /usr/lib/alternc/du.pl /var/lib/mailman/archives/private/".$c["name"]);
-    $size3=exec("/usr/lib/alternc/du.pl /var/lib/mailman/archives/private/".$c["name"].".mbox");
+    $size3=exec("sudo /usr/lib/alternc/du.pl /var/lib/mailman/archives/private/".$c["name"].".mbox");
    $size=(intval($size1)+intval($size2)+intval($size3));
    mysql_query("REPLACE INTO size_mailman SET uid='".$c["uid"]."',list='".$c["name"]."', size='$size';");
    echo " done ($size KB) \n"; flush();
`@ -1,2 +1,2 @@`
	`alterncpanel ALL = NOPASSWD : /usr/bin/quota, /usr/sbin/setquota, /usr/lib/alternc/fixperms.sh`	`alterncpanel ALL = NOPASSWD : /usr/bin/quota, /usr/sbin/setquota, /usr/lib/alternc/fixperms.sh, /usr/lib/alternc/mem_add, /usr/lib/alternc/mem_del, /usr/lib/alternc/quota_edit, /usr/lib/alternc/quota_get, /usr/lib/alternc/du.pl`
	`vmail ALL = NOPASSWD : /usr/lib/dovecot/deliver`	`vmail ALL = NOPASSWD : /usr/lib/dovecot/deliver`