File: //scripts.20110531.215904.25158/fpsuexec2
#!/bin/sh
# This is a shell archive (produced by GNU sharutils 4.2.1).
# To extract the files from this archive, save it to some FILE, remove
# everything before the `!/bin/sh' line above, then type `sh FILE'.
#
# Made on 2002-03-07 20:45 EST by <root@kremlin.hostnoc.net>.
# Source directory was `/usr/local/frontpage/version5.0/apache-fp'.
#
# Existing files will *not* be overwritten unless `-c' is specified.
#
# This shar contains:
# length mode name
# ------ ---------- ------------------------------------------
# 7774 -rw-r--r-- /usr/local/frontpage/version5.0/apache-fp/fpexe2.patch
#
save_IFS="${IFS}"
IFS="${IFS}:"
gettext_dir=FAILED
locale_dir=FAILED
first_param="$1"
for dir in $PATH
do
if test "$gettext_dir" = FAILED && test -f $dir/gettext \
&& ($dir/gettext --version >/dev/null 2>&1)
then
set `$dir/gettext --version 2>&1`
if test "$3" = GNU
then
gettext_dir=$dir
fi
fi
if test "$locale_dir" = FAILED && test -f $dir/shar \
&& ($dir/shar --print-text-domain-dir >/dev/null 2>&1)
then
locale_dir=`$dir/shar --print-text-domain-dir`
fi
done
IFS="$save_IFS"
if test "$locale_dir" = FAILED || test "$gettext_dir" = FAILED
then
echo=echo
else
TEXTDOMAINDIR=$locale_dir
export TEXTDOMAINDIR
TEXTDOMAIN=sharutils
export TEXTDOMAIN
echo="$gettext_dir/gettext -s"
fi
if touch -am -t 200112312359.59 $$.touch >/dev/null 2>&1 && test ! -f 200112312359.59 -a -f $$.touch; then
shar_touch='touch -am -t $1$2$3$4$5$6.$7 "$8"'
elif touch -am 123123592001.59 $$.touch >/dev/null 2>&1 && test ! -f 123123592001.59 -a ! -f 123123592001.5 -a -f $$.touch; then
shar_touch='touch -am $3$4$5$6$1$2.$7 "$8"'
elif touch -am 1231235901 $$.touch >/dev/null 2>&1 && test ! -f 1231235901 -a -f $$.touch; then
shar_touch='touch -am $3$4$5$6$2 "$8"'
else
shar_touch=:
echo
$echo 'WARNING: not restoring timestamps. Consider getting and'
$echo "installing GNU \`touch', distributed in GNU File Utilities..."
echo
fi
rm -f 200112312359.59 123123592001.59 123123592001.5 1231235901 $$.touch
#
if mkdir _sh28660; then
$echo 'x -' 'creating lock directory'
else
$echo 'failed to create lock directory'
exit 1
fi
# ============= /usr/local/frontpage/version5.0/apache-fp/fpexe2.patch ==============
if test ! -d '/usr'; then
$echo 'x -' 'creating directory' '/usr'
mkdir '/usr'
fi
if test ! -d '/usr/local'; then
$echo 'x -' 'creating directory' '/usr/local'
mkdir '/usr/local'
fi
if test ! -d '/usr/local/frontpage'; then
$echo 'x -' 'creating directory' '/usr/local/frontpage'
mkdir '/usr/local/frontpage'
fi
if test ! -d '/usr/local/frontpage/version5.0'; then
$echo 'x -' 'creating directory' '/usr/local/frontpage/version5.0'
mkdir '/usr/local/frontpage/version5.0'
fi
if test ! -d '/usr/local/frontpage/version5.0/apache-fp'; then
$echo 'x -' 'creating directory' '/usr/local/frontpage/version5.0/apache-fp'
mkdir '/usr/local/frontpage/version5.0/apache-fp'
fi
if test -f '/usr/local/frontpage/version5.0/apache-fp/fpexe2.patch' && test "$first_param" != -c; then
$echo 'x -' SKIPPING '/usr/local/frontpage/version5.0/apache-fp/fpexe2.patch' '(file already exists)'
else
$echo 'x -' extracting '/usr/local/frontpage/version5.0/apache-fp/fpexe2.patch' '(text)'
sed 's/^X//' << 'SHAR_EOF' > '/usr/local/frontpage/version5.0/apache-fp/fpexe2.patch' &&
--- fpexe.c.orig Thu Mar 7 20:30:45 2002
+++ fpexe.c Thu Mar 7 20:28:41 2002
@@ -29,7 +29,6 @@
X * User configurable items. We will not run the server extensions with any
X * UID/GID less than LOWEST_VALID_UID/LOWEST_VALID_GID.
X */
-
X #if defined(RS6000)
X #define _ALL_SOURCE
X #endif
@@ -173,7 +172,13 @@
X #define AUTHOR "/_vti_bin/_vti_aut/author.exe"
X #define ADMIN "/_vti_bin/_vti_adm/admin.exe"
X #define ADMINCGI "/_vti_bin/_vti_adm/fpadmcgi.exe"
+#define MAX_MODULE_NAME_LENGTH 128
X
+#define FP_SHTML 1
+#define FP_FPCOUNT 2
+#define FP_AUTHOR 3
+#define FP_ADMIN 4
+#define FP_ADMINCGI 5
X
X /*
X * Something is not quite right - give up
@@ -226,8 +231,9 @@
X int main(int argc, char **argv)
X {
X struct passwd* pw = 0;
+ const char* patchco = "DarkORBv2";
X const char* szFpUserName;
- const char* szFpExe = getenv("FPEXE");
+ const char* szFpExe = getenv("SCRIPT_NAME");
X const char* szFpUid = getenv("FPUID");
X const char* szFpGid = getenv("FPGID");
X const char* szFpFd = getenv("FPFD");
@@ -240,12 +246,14 @@
X int iFpFd;
X int iKeyFd;
X int iCount;
+ int goodPath = 0;
+ int fpBin = 0;
X char szKeyFile[MAXPATHLEN];
X char szWork[MAXPATHLEN];
X char inpKey[KEYLEN];
X char refKey[KEYLEN];
X struct stat fs;
-
+
X /*
X * Fall back to default location for the real FrontPage executables.
X * if FPEXEDIR is not set in the environment.
@@ -254,15 +262,6 @@
X szFpDir = FPDIR;
X
X /*
- * Assure that this program was actually SUID'd to root
- */
- if (geteuid())
- /*
- * User recovery: Make sure fpexe is setuid to root
- */
- die("FrontPage SUID Error: not running as root");
-
- /*
X * Assure that the user the web server runs as is a valid user
X */
X if (!getpwuid(getuid()))
@@ -274,7 +273,7 @@
X /*
X * Assure that we have the proper arguments (passed in the environment)
X */
- if (!szFpExe || !szFpUid || !szFpGid || !szFpFd || !szFpDir)
+ if (!szFpExe || !szFpDir)
X /*
X * User recovery: Make sure fpexe is run from patched Apache server
X */
@@ -283,123 +282,68 @@
X /*
X * Validate the arguments
X */
- if (strcmp(szFpExe, SHTML) != 0 &&
- strcmp(szFpExe, FPCOUNT) != 0 &&
- strcmp(szFpExe, AUTHOR) != 0 &&
- strcmp(szFpExe, ADMIN) != 0 &&
- strcmp(szFpExe, ADMINCGI) != 0)
+
+ if (strstr(szFpExe, SHTML) != NULL) {
+ if (strcmp(SHTML, strstr(szFpExe, SHTML)) == 0) {
+ fpBin = FP_SHTML;
+ goodPath=1;
+ }
+ }
+ if (strstr(szFpExe, FPCOUNT) != NULL) {
+ if (strcmp(FPCOUNT, strstr(szFpExe, FPCOUNT)) == 0) {
+ fpBin = FP_FPCOUNT;
+ goodPath=1;
+ }
+ }
+ if (strstr(szFpExe, AUTHOR) != NULL) {
+ if (strcmp(AUTHOR, strstr(szFpExe, AUTHOR)) == 0) {
+ fpBin = FP_AUTHOR;
+ goodPath=1;
+ }
+ }
+ if (strstr(szFpExe, ADMIN) != NULL) {
+ if (strcmp(ADMIN, strstr(szFpExe, ADMIN)) == 0) {
+ fpBin = FP_ADMIN;
+ goodPath=1;
+ }
+ }
+ if (strstr(szFpExe, ADMINCGI) != NULL) {
+ if (strcmp(ADMINCGI, strstr(szFpExe, ADMINCGI)) == 0) {
+ fpBin = FP_ADMINCGI;
+ goodPath=1;
+ }
+ }
+
X /*
X * User recovery: Make sure fpexe is only invoked to run FrontPage
X * server extension programs.
- */
+ */
+ if (!goodPath || fpBin == 0)
X die("FrontPage SUID Error: target program violation");
X
- if (strlen(szFpExe) + strlen(szFpDir) + 1 > MAXPATHLEN)
+
+ if (MAX_MODULE_NAME_LENGTH + strlen(szFpDir) + 1 > MAXPATHLEN)
X die("FrontPage SUID Error: path too long");
X strcpy(szWork, szFpDir);
- strcat(szWork, szFpExe);
-
- iFpUid = strtol(szFpUid, &pEnd, 10);
- if (!pEnd || *pEnd)
- iFpUid = 0;
- if (iFpUid < LOWEST_VALID_UID || !(pw = getpwuid(iFpUid)))
- /*
- * User recovery: Make sure FrontPage user ids are above minimum
- */
- die("FrontPage SUID Error: invalid target uid");
- szFpUserName = strdup(pw->pw_name);
-
- iFpGid = strtol(szFpGid, &pEnd, 10);
- if (!pEnd || *pEnd)
- iFpGid = 0;
- if (iFpGid < LOWEST_VALID_GID || !getgrgid(iFpGid))
- /*
- * User recovery: Make sure FrontPage group ids are above minimum
- */
- die("FrontPage SUID Error: invalid target gid");
-
- iFpFd = strtol(szFpFd, &pEnd, 10);
- if (!pEnd || *pEnd)
- iFpFd = -1;
- if (iFpFd < 0)
- /*
- * User recovery: Make sure fpexe is run from patched Apache server
- */
- die("FrontPage SUID Error: invalid key file descriptor");
-
- /*
- * Read the key from our server. And, while we're still root and have
- * access, read the key from the master key file. Verify the key matches.
- */
- if (Vlstat(FPKEYDIR, &fs) == -1 ||
- (fs.st_mode & (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH)) || fs.st_uid ||
- !(S_ISDIR(fs.st_mode)))
- /*
- * User recovery is: set directory to be owned by by root with
- * permissions rwx--x--x.
- */
- die("FrontPage SUID Error: key file directory is insecure");
-
-#if defined(sun) && !defined(__SVR4)
- sprintf(szKeyFile, KEYFILE, (int)getpgrp(0));
-#else
- sprintf(szKeyFile, KEYFILE, (int)getpgrp());
-#endif
- if (Vstat(szKeyFile, &fs) == -1 ||
- (fs.st_mode & (S_IRWXG | S_IRWXO)) || fs.st_uid)
- /*
- * User recovery is: Make sure the key file is properly protected
- * (owned by root, permissions r**------), restart patched Apache
- * server.
- */
- die("FrontPage SUID Error: key file security violation");
-
- iKeyFd = open(szKeyFile, O_RDONLY);
- if (iKeyFd < 0)
- /*
- * User recovery is: Make sure fpexe is run from patched Apache
- * server, restart the patched Apache server.
- */
- die("FrontPage SUID Error: could not open key file" );
- iCount = read(iKeyFd, refKey, sizeof(refKey));
- close(iKeyFd);
- if (iCount != sizeof(refKey))
- /*
- * User recovery is: Make sure fpexe is run from patched Apache
- * server, restart the patched Apache server.
- */
- die("FrontPage SUID Error: could not read valid key from key file");
-
- iCount = read(iFpFd, inpKey, sizeof(inpKey));
- close(iFpFd);
- if (iCount != sizeof(inpKey))
- /*
- * User recovery is: Make sure fpexe is run from patched Apache server
- */
- die("FrontPage SUID Error: could not read valid input key");
-
- if (memcmp(inpKey, refKey, sizeof(refKey)) != 0)
- /*
- * User recovery is: Make sure fpexe is run from patched Apache server
- */
- die("FrontPage SUID Error: key security violation");
-
- /*
- * Change user and group IDs to be the indicated user
- */
- if (setgid(iFpGid) == -1 || initgroups(szFpUserName, iFpGid) == -1)
- /*
- * User recovery: Make sure user is properly registered in
- * /etc/passwd and /etc/group.
- */
- die("FrontPage SUID Error: setgid() failed");
-
- if (setuid(iFpUid) == -1)
- /*
- * User recovery: Make sure user is properly registered in
- * /etc/passwd.
- */
- die("FrontPage SUID Error: setuid() failed");
+ switch(fpBin) {
+ case FP_SHTML:
+ strcat(szWork, SHTML);
+ break;
+ case FP_FPCOUNT:
+ strcat(szWork, FPCOUNT);
+ break;
+ case FP_AUTHOR:
+ strcat(szWork, AUTHOR);
+ break;
+ case FP_ADMIN:
+ strcat(szWork, ADMIN);
+ break;
+ case FP_ADMINCGI:
+ strcat(szWork, ADMINCGI);
+ break;
+ default:
+ die("FrontPage SUID Error: target program violation");
+ }
X
X /*
X * Validate the target directory.
SHAR_EOF
(set 20 02 03 07 20 44 54 '/usr/local/frontpage/version5.0/apache-fp/fpexe2.patch'; eval "$shar_touch") &&
chmod 0644 '/usr/local/frontpage/version5.0/apache-fp/fpexe2.patch' ||
$echo 'restore of' '/usr/local/frontpage/version5.0/apache-fp/fpexe2.patch' 'failed'
if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
&& ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
md5sum -c << SHAR_EOF >/dev/null 2>&1 \
|| $echo '/usr/local/frontpage/version5.0/apache-fp/fpexe2.patch:' 'MD5 check failed'
3c8748f5bfde5e1aec29878cf7a0ec98 /usr/local/frontpage/version5.0/apache-fp/fpexe2.patch
SHAR_EOF
else
shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < '/usr/local/frontpage/version5.0/apache-fp/fpexe2.patch'`"
test 7774 -eq "$shar_count" ||
$echo '/usr/local/frontpage/version5.0/apache-fp/fpexe2.patch:' 'original size' '7774,' 'current size' "$shar_count!"
fi
fi
rm -fr _sh28660
exit 0