public/ws-vacation Changeset - r33:49ea552911f9

Changeset - r33:49ea552911f9

Parent rev.

Child rev.

[Not reviewed]

v0.9 default

0 4 1

Wolfgang Scherer (ws) - 12 years ago 2013-04-24 19:31:24
wolfgang.scherer@gmx.de

Functions test_readable/cat-file using sudo to allow home directories with permission 700.

5 files changed with 158 insertions and 11 deletions:

index.php

lib/config.php

lib/test_readable.sh

103

lib/util.php

lib/ws-vacation-sudo.in

0 comments (0 inline, 0 general)

index.php

➞

Show inline comments

@@ @@ -98,361 +98,361 @@ hr.sep { @@
     width: 550px;
     margin: 10px auto;
     position:relative;
+}
 #body {
     text-align: left;
+}
 #copyright-notice {
     text-align: center;
     font-size: 8pt;
+}
 h4._more, h4._less {
     cursor: pointer;
+}
 h4._more:after {
     content: "...";
     font-weight: bold;
     padding-left: 4px;
+}
 h4._less:before {
     content: "^";
     font-weight: bold;
     padding-right: 4px;
+}
 ';
 $headers = '<script class="jsbin" src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script>';
 $script ='
 jQuery(document).ready(function(){
     $("#expert-mode").click(function(ev) {
         ev.preventDefault();
         var jthis = $(this);
         var contents = jthis.next();
         if (contents.is(":visible")) {
             jthis.addClass("_more");
             jthis.removeClass("_less");
             contents.hide();
         } else {
             jthis.removeClass("_more");
             jthis.addClass("_less");
             contents.show();
+        }
         return false;
     }).click();
 });
 ';
 echo substitute_elements(
     $HEAD, Array(
         'title' => trim($title),
         'css' => trim($css),
         'headers' => trim($headers),
         'script' => trim($script),
         ));
 hl($title);
 // --------------------------------------------------
 // |||:sec:||| Error handling (User)
 // --------------------------------------------------
 if ($_debug > 2) {
     $user = '';                 // error #1
+}
 if ($_debug > 3) {
     $user = 'unknown';          // error #2
+}
 if (empty($user)) {
     error_msg(get_text('error_no_user'));
     echo $FOOT;
     exit(0);
+}
 if (!$is_admin && !in_array($user, $user_names)) {
     error_msg(sprintf('%s (%s)!', get_text('error_unknown_user'), $user));
     echo $FOOT;
     exit(0);
+}
 // --------------------------------------------------
 // |||:sec:||| Setup HOME/vacation(1)
 // --------------------------------------------------
 $home = $users[$user][1];
 if ($_debug) {
     echo ('<pre>'."\n");            // |:debug:|
     echo ('user: ' . $user . "\n");
     echo ('home: ' . $home . "\n");
     echo ('</pre>'."\n");
+}
 $vacation_msg_file = sprintf('%s/%s', $home, $VACATION_MSG_FILE);
 $vacation_db_file = sprintf('%s/%s', $home, $VACATION_DB_FILE);
 $forward_file = sprintf('%s/%s', $home, $FORWARD_FILE);
-$forward_active = file_exists($forward_file);
+$forward_active = test_readable($forward_file, $user);
 $forward_settings = Array(
     '\\'.$user, '', sprintf($VACATION_FORWARD_ENTRY, $user));
 if ($forward_active)
+{
-    $forward_settings = file_get_contents($forward_file);
+    $forward_settings = cat_file($forward_file, $user);
     $lines = explode("\n", $forward_settings);
     $forward_settings = preg_split('/, */', $lines[0]);
     if (count($forward_settings) < 3) {
         $forward_settings[2] = $forward_settings[1];
         $forward_settings[1] = '';
+    }
+}
 $vacation_setup_raw = isset($_REQUEST["raw"]);
 $vacation_clear = isset($_REQUEST['clear']);
-if ($vacation_clear || !file_exists($vacation_msg_file)) {
+if ($vacation_clear || !test_readable($vacation_msg_file, $user)) {
     // Reset to default
     $vacation_msg = get_text('vacation');
     $vacation_parts = vacation_split($vacation_msg, False);
     $vacation_subject = $vacation_parts[0];
     $vacation_body = $vacation_parts[2];
     $vacation_msg = vacation_join($vacation_subject, $vacation_body);
     $vacation_setup_raw = False;
 } else {
-    $vacation_msg = file_get_contents($vacation_msg_file);
+    $vacation_msg = cat_file($vacation_msg_file, $user);
+}
 $message_parts = message_split($vacation_msg);
 $message_headers = $message_parts[0];
 $message_body = $message_parts[1];
 $x_wsv_format = header_field_body($message_headers, 'x-wsv-format');
 if ( $x_wsv_format == 'raw' ) {
     $x_wsv_raw = True;
 } else {
     $x_wsv_raw = False;
+}
 if ( $x_wsv_raw )
+{
     $vacation_headers = $message_headers;
     $vacation_body = $message_body;
     $vacation_subject = header_field_body($vacation_headers, 'subject');
 } else {
     $vacation_parts = vacation_split($vacation_msg, True);
     $vacation_subject = $vacation_parts[0];
     $vacation_headers = $vacation_parts[1];
     $vacation_body = $vacation_parts[2];
+}
 $vacation_refresh = isset($_REQUEST['refresh']);
 $vacation_forward_to = '';
 if ( !$vacation_refresh && !$vacation_clear && isset($_REQUEST['forward']) ) {
     $vacation_forward_to =  $_REQUEST['forward'];
 } else {
     $vacation_forward_to = $forward_settings[1];
     $vacation_forward_to = preg_replace('/^\\\\/', '', $vacation_forward_to);
     if (empty($vacation_forward_to)) {
         $vacation_forward_to = vacation_find_forward($vacation_headers);
+    }
+}
 // --------------------------------------------------
 // |||:sec:||| Set vacation(1) parameters
 // --------------------------------------------------
 $vacation_setup = isset($_REQUEST['save']);
 if ( $vacation_setup ) {
     // |:check:| redundant?
     $vacation_setup_raw = False;
+}
 $vacation_del_log = isset($_REQUEST['delete']);
 if ( $vacation_del_log ) {
     if ( !isset($_REQUEST['subject']) ) {
         $vacation_setup_raw = True;
+    }
+}
 if ($vacation_setup || $vacation_setup_raw || $vacation_del_log) {
     $forward_active = isset($_REQUEST['active']);
     // validate forward to
     if ($vacation_forward_to == $user) {
         $vacation_forward_to = '';
+    }
     $forward_settings = Array(
         '\\'.$user, $vacation_forward_to,
         sprintf($VACATION_FORWARD_ENTRY, $user));
     if ( $vacation_setup_raw ) {
         $vacation_msg = isset($_REQUEST['message']) ? trim($_REQUEST['message']) : '';
         $message_parts = message_split($vacation_msg);
         $vacation_headers = header_clean($message_parts[0]);
         $vacation_body = $message_parts[1];
         $vacation_subject = header_field_body($vacation_headers, 'subject');
         header_set($vacation_headers, 'X-WSV-Format: raw');
         $x_wsv_raw = True;
     } else {
         $vacation_subject = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : '';
         $vacation_body = isset($_REQUEST['body']) ? trim($_REQUEST['body']) : '';
         $vacation_headers = Array();
         $x_wsv_raw = False;
+    }
     while (True) {
         if ($vacation_del_log) {
             system(sprintf(
                        '%s -u %s %s %s -i',
                        $SUDO_CMD, $user, $SUDO_OPT_H, $VACATION_CMD));
             break;
+        }
         if (empty ($vacation_subject)) {
             error_msg(get_text('error_no_subject'));
             break;
+        }
         if (!$is_admin && !empty($vacation_forward_to) && !in_array($vacation_forward_to, $user_names)) {
             error_msg(sprintf('%s (%s)!', get_text('error_unknown_forward'), $vacation_forward_to));
             break;
+        }
         // Actually set it
         // Prepare vacation(1) message
         if (!empty($vacation_forward_to)) {
             header_set($vacation_headers, sprintf('X-WSV-Forward-To: %s', $vacation_forward_to));
+        }
         if ( $vacation_setup_raw ) {
             $vacation_msg = message_join($vacation_headers, $vacation_body);
             // echo "<pre>"; // |:debug:|
             // var_dump($vacation_headers);
             // var_dump($vacation_body);
             // echo $vacation_msg;
             // echo "</pre>";
         } else {
             $vacation_msg = vacation_join($vacation_subject, $vacation_body, $vacation_headers);
+        }
         $vacation_msg_pipe = popen(sprintf(
                   '%s -u %s %s %s %s',
                   $SUDO_CMD, $user, $SUDO_OPT_H, $WRITE_TO_CMD, $vacation_msg_file),
             'w');
         fwrite($vacation_msg_pipe, $vacation_msg);
         pclose($vacation_msg_pipe);
         // Initialize vacation(1) if necessary.
-        if (!file_exists($vacation_db_file)) {
+        if (!test_readable($vacation_db_file, $user)) {
             system(sprintf(
                        '%s -u %s %s %s -i',
                        $SUDO_CMD, $user, $SUDO_OPT_H, $VACATION_CMD));
+        }
         // Write or remove .forward file
         if ($forward_active) {
             $use_fs = Array();
             foreach ($forward_settings as $fs) {
                 if (empty($fs)) {
                     continue;
+                }
                 $use_fs[] = $fs;
+            }
             $forward_file_pipe = popen(sprintf(
                       '%s -u %s %s %s %s',
                       $SUDO_CMD, $user, $SUDO_OPT_H, $WRITE_TO_CMD, $forward_file),
                 'w');
             fwrite($forward_file_pipe, implode(", ", $use_fs)."\n");
             pclose($forward_file_pipe);
         } else {
             system(sprintf(
                        '%s -u %s %s /bin/rm -f %s',
                        $SUDO_CMD, $user, $SUDO_OPT_H, $forward_file));
                        '%s -u %s %s %s %s',
                        $SUDO_CMD, $user, $SUDO_OPT_H, $RM_CMD, $forward_file));
+        }
         break;
+    }
+}
 // echo ('<pre>'."\n");            // |:debug:|
 // echo ($vacation_forward_to);
 // var_dump($forward_settings);
 // echo ('</pre>'."\n");
 // --------------------------------------------------
 // |||:sec:||| User Interface
 // --------------------------------------------------
 $form = Array();
 //$form[] = '<hr class="sep"/>';
 $form[] = '<form action="index.php" method="post">';
 $form[] = '<div>';
 if ($_debug) {
     $form[] = sprintf(
         '<input type="hidden" name="_DEBUG_" value="%s" />', $_debug);
+}
 // Retrieval
 $form[] = '<span class="label">';
 $form[] = sprintf('<input type="submit" name="refresh" value="%s" />', get_text('refresh'));
 $form[] = sprintf('<br /><input type="submit" name="clear" value="%s" />', get_text('clear'));
 $form[] = '</span>';
 // column names
 $form[] = '<div style="display: inline-block; padding: 0; margin: 0;"><table border="0" cellspacing="0" cellpadding="2" style="width: 445px; vertical-align: top;">';
 $trow = Array();
 $trow[] = get_text('user');
 $trow[] = get_text('forward_to');
 $trow[] = get_text('active');
 $form[] = sprintf('<tr><th style="text-align: center;">&nbsp;%s&nbsp;</th></tr>', implode($trow, '&nbsp;</th><th style="text-align: center;">&nbsp;'));
 $trow = Array();
 // user
 $user_control = Array();
 if ($is_admin) {
     $user_control[] = '<select name="user">';
     foreach ($user_names as $sel_user) {
         if ($sel_user == $user) {
             $selected = ' selected="selected"';
         } else {
             $selected = '';
+        }
         $user_control[] = sprintf('<option%s>%s</option>', $selected, $sel_user);
+    }
     $user_control[] = '</select>';
     $user_control = implode($user_control, "\n");
 } else {
     $user_control = sprintf(
         '<input type="hidden" name="user" value="%s" />%s', $user, $user);
+}
 $trow[] = $user_control;
 // forward
 $user_control = Array();
 $user_control[] = '<select name="forward">';
 $user_control[] = sprintf('<option value="">%s</option>', get_text('none'));
 $selected = '';
 foreach ($user_names as $sel_user) {
     if (!$is_admin && $sel_user == $user) {
         continue;
+    }
     if ($sel_user == $vacation_forward_to) {
         $selected = ' selected="selected"';
     } else {
         $selected = '';
+    }
     $user_control[] = sprintf('<option%s>%s</option>', $selected, $sel_user);
+}
 $user_control[] = '</select>';
 $user_control = implode($user_control, "\n");
 $trow[] = $user_control;
 // active checkbox
 $user_control = Array();
 if ($forward_active) {
     $active_checked = ' checked="checked"';
 } else {
     $active_checked = '';
+}
 $user_control[] = sprintf('<input type="checkbox" name="active" value="active"%s /><br />',
                           $active_checked);
 $user_control = implode($user_control, "\n");
 $trow[] = $user_control;
 $form[] = sprintf('<tr><td style="text-align: center;">%s</td></tr>', implode($trow, '</td><td style="text-align: center;">'));
 $form[] = '</table></div><br />';
 $text_rows = 10;

lib/config.php

➞

Show inline comments

 <?php // -*- php -*-
 // Copyright (C) 2012, Wolfgang Scherer, <Wolfgang.Scherer at gmx.de>
 // Sponsored by WIEDENMANN SEILE GMBH, http://www.wiedenmannseile.de
 //
 // This file is part of Wiedenmann Vacation.
 //
 // This program is free software; you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published
 // by the Free Software Foundation; either version 3 of the License, or
 // (at your option) any later version.
 //
 // This program is distributed in the hope that it will be useful, but
 // WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 // General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with this program. If not, see <http://www.gnu.org/licenses/>,
 // or write to <Wolfgang.Scherer at gmx.de>
 // $_REQUEST['_DEBUG_'] = 1;
 // --------------------------------------------------
 // |||:sec:||| CONFIGURATION
 // --------------------------------------------------
 // All users in $PASSWD_FILE, whose user ID >= $USER_ID_MIN and <=
 // $USER_ID_MAX are considered:
 // 1. If the user appears in $ALLOWED_USERS, he is always included
 // 2. If the HOME directory does not start with $HOME_PFX, the user is ignored
 // 3. If the user appears in $INVALID_USERS, he is ignored
 // 4. The user is authorized.
 // Alle Benutzer in $PASSWD_FILE, deren User ID >= $USER_ID_MIN und <=
 // $USER_ID_MAX werden in Betracht gezogen:
 // 1. Falls der Benutzer in $ALLOWED_USERS angegeben ist, wird er immer zugelassen.
 // 2. Wenn das HOME-Verzeichnis nicht mit $HOME_PFX beginnnt, wird der Benutzer nicht zugelasssen.
 // 3. Wenn der Benutzer in $INVALID_USERS angegeben ist, wird er nicht zugelasssen.
 // 4. Der Benutzer wird zugelassen.
 // User which are always allowed.
 // If the user appears in $PASSWD_FILE, he is always enabled.
 $ALLOWED_USERS = Array(
     );
 // Invalid users.
 // These users are always ignored.
 $INVALID_USERS = Array(
     'clamav',
     'elektriker',
     'info',
     'postman',
     'vmail',
     );
 // Administrators can modify the settings of all users.
 $ADMIN_USERS = Array(
     'js',
     'sw',
     'ws',
     );
 $LANGUAGE = 'en';
 $LANGUAGE = 'de';
 $PASSWD_FILE = '/etc/passwd';
 $SHADOW_FILE = '/etc/shadow';
 $HTPASSWD_FILE = '.htpasswd';
 $HOME_PFX = '/home/';
 $USER_ID_MIN = 1000;
 $USER_ID_MAX = 60000;
 $SUDO_CMD = '/usr/bin/sudo';
 $SUDO_OPT_H = ' -H';
 $TEST_CMD = dirname(__FILE__) . '/test_readable.sh';
 $RM_CMD = '/bin/rm -f';
 $CAT_CMD = '/bin/cat';
 $WRITE_TO_CMD = dirname(__FILE__) . '/write_to.sh';
 $FORMAIL_CMD = '/usr/bin/formail';
 $VACATION_CMD = '/usr/bin/vacation';
 $VACATION_MSG_FILE = '.vacation.msg';
 $VACATION_DB_FILE = '.vacation.db';
 $VACATION_FORWARD_ENTRY = sprintf('"| %s -c | %s %%s"', $FORMAIL_CMD, $VACATION_CMD); // use sprintf($VFE, $user);
 $FORWARD_FILE = '.forward';
 $EXPERT_ENABLED = True;
 $HEADER_REMOVE = Array(
     'bcc',
     'cc',
     'date',
     'delivered-to',
     'message-id',
     'received',
     'return-path',
     'to',
     'user-agent',
     'references',
     'in-reply-to',
     );
 //
 // :ide-menu: Emacs IDE Menu - Buffer @BUFFER@
 // . M-x `eIDE-menu' ()(eIDE-menu "z")
 // :ide: COMPILE: PHP _DEBUG_=2 _DEBUG_TEST_=2
 // . (compile (concat "php " (file-name-nondirectory (buffer-file-name)) " _DEBUG_=2 _DEBUG_TEST_=2"))
 // :ide: QUO: $this->
 // . (insert "$this->" )
 // :ide: COMPILE: PHP w/o args
 // . (compile (concat "php " (file-name-nondirectory (buffer-file-name)) ""))
 // :ide: COMPILE: PHP _DEBUG_=1 _DEBUG_TEST_=1
 // . (compile (concat "php " (file-name-nondirectory (buffer-file-name)) " _DEBUG_=1 _DEBUG_TEST_=1"))
 //
 // Local Variables:
 // mode: php
 // End:
 ?>

lib/test_readable.sh

➞

Show inline comments

@@ new file 100755 @@
 #!/bin/sh
 # test_readable.sh - check whether file exists and is readable
 # usage: test_readable.sh file
 # Copyright (C) 2013, Wolfgang Scherer, <Wolfgang.Scherer at gmx.de>
 # Sponsored by WIEDENMANN SEILE GMBH, http://www.wiedenmannseile.de
+#
 # This file is part of Wiedenmann Vacation.
+#
 :  # script help
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful, but
 # WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 # General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>,
 # or write to Wolfgang Scherer, <Wolfgang.Scherer at gmx.de>
 # (progn (forward-line 1) (snip-insert "gen_hd-configuration" t t "sh") (insert ""))
 ## (progn (forward-line 1) (snip-insert "sh_b.prog-path" t t "sh") (insert ""))
 ## (progn (forward-line 1) (snip-insert "sh_b.config.sh" t t "sh") (insert ""))
 # --------------------------------------------------
 # |||:sec:||| FUNCTIONS
 # --------------------------------------------------
 usage ()
+{
     script_help="script-help"
     ( "${script_help}" ${1+"$@"} "${0}" ) 2>/dev/null \
     || ${SED__PROG-sed} -n '3,/^[^#]/{;/^[^#]/d;p;}' "${0}";
+}
 ## (progn (forward-line 1) (snip-insert "sh_f.hl" t t "sh") (insert ""))
 ## (progn (forward-line 1) (snip-insert "sh_f.vexec" t t "sh") (insert ""))
 ## (progn (forward-line 1) (snip-insert "sh_wsrfid.f.config_dump" t t "sh") (insert ""))
 ## (progn (forward-line 1) (snip-insert "sh.scr.sed" t t "sh") (insert "\n"))
 ## (progn (forward-line 1) (snip-insert "sh.scr.awk" t t "sh") (insert "\n"))
 ## (progn (forward-line 1) (snip-insert "sh.scr.perl" t t "sh") (insert "\n"))
 ## (progn (forward-line 1) (snip-insert "sh.scr.python" t t "sh") (insert "\n"))
 # (progn (forward-line 1) (snip-insert "sh_b.opt-loop" t t "sh") (insert "\n"))
 test x"${1+set}" = xset && \
 case "${1}" in
 -\?|-h|--help) usage; exit 0;;
 --docu) usage --full; exit 0;;
 esac
 # --------------------------------------------------
 # |||:sec:||| MAIN
 # --------------------------------------------------
 # |:here:|
 ## (progn (forward-line 1) (snip-insert-mode "sh.b.wrf.loop" t t) (insert "\n"))
 if test -r "${1}"
 then
     printf "yes\n"
 else
     printf "no\n"
 fi
 exit # |||:here:|||
+#
 # :ide-menu: Emacs IDE Main Menu - Buffer @BUFFER@
 # . M-x `eIDE-menu' (eIDE-menu "z")
 # :ide: OCCUR-OUTLINE: Sections: `||: sec :||'
 # . (x-symbol-tag-occur-outline "sec" '("||:" ":||") '("|:" ":|"))
 # :ide: MENU-OUTLINE:  Sections `||: sec :||'
 # . (x-eIDE-menu-outline "sec" '("||:" ":||") '("|:" ":|"))
 # :ide: +-#+
 # . Buffer Outline Sections ()
 # :ide: SHELL: Run with --docu
 # . (progn (save-buffer) (shell-command (concat "sh " (file-name-nondirectory (buffer-file-name)) " --docu")))
 # :ide: SHELL: Run with --help
 # . (progn (save-buffer) (shell-command (concat "sh " (file-name-nondirectory (buffer-file-name)) " --help")))
 # :ide: SHELL: Run w/o args
 # . (progn (save-buffer) (shell-command (concat "sh " (file-name-nondirectory (buffer-file-name)) " ")))
+#
 # Local Variables:
 # mode: sh
 # comment-start: "#"
 # comment-start-skip: "#+"
 # comment-column: 0
 # End:
 # mmm-classes: (here-doc ide-entries)

lib/util.php

➞

Show inline comments

 <?php // -*- php -*-
 // Copyright (C) 2012, Wolfgang Scherer, <Wolfgang.Scherer at gmx.de>
 // Sponsored by WIEDENMANN SEILE GMBH, http://www.wiedenmannseile.de
 //
 // This file is part of Wiedenmann Vacation.
 //
 // This program is free software; you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published
 // by the Free Software Foundation; either version 3 of the License, or
 // (at your option) any later version.
 //
 // This program is distributed in the hope that it will be useful, but
 // WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 // General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with this program. If not, see <http://www.gnu.org/licenses/>,
 // or write to <Wolfgang.Scherer at gmx.de>
 // $_REQUEST['_DEBUG_'] = 1;
 // $_REQUEST['_DEBUG_TEST_'] = 1;
 require_once(dirname(__FILE__) . '/../lib/config.php');
 require_once(dirname(__FILE__) . '/../lib/language.php');
 // --------------------------------------------------
 // |||:sec:||| Files
 // --------------------------------------------------
 function test_readable($file, $user)
+{
     global $SUDO_CMD, $SUDO_OPT_H, $TEST_CMD;
     $test_cmd = sprintf(
         "%s -u %s %s %s '%s'",
         $SUDO_CMD, $user, $SUDO_OPT_H, $TEST_CMD, $file);
     $test_ausgabe = popen ($test_cmd, 'r');
     $result = stream_get_contents($test_ausgabe);
     pclose($test_ausgabe);
     return (trim($result) == 'yes');
+}
 function cat_file($file, $user)
+{
     global $SUDO_CMD, $SUDO_OPT_H, $CAT_CMD;
     $cat_cmd = sprintf(
         "%s -u %s %s %s '%s'",
         $SUDO_CMD, $user, $SUDO_OPT_H, $CAT_CMD, $file);
     $cat_ausgabe = popen ($cat_cmd, 'r');
     $result = stream_get_contents($cat_ausgabe);
     pclose($cat_ausgabe);
     return $result;
+}
 // --------------------------------------------------
 // |||:sec:||| Benutzer
 // --------------------------------------------------
 function get_users()
+{
     global $PASSWD_FILE;
     global $USER_ID_MIN;
     global $USER_ID_MAX;
     global $ALLOWED_USERS;
     global $INVALID_USERS;
     global $HOME_PFX;
     $passwd = file_get_contents($PASSWD_FILE);
     $lines = explode("\n", $passwd);
     $users = Array();
     //var_dump($lines);
     foreach ($lines as $line) {
         if (empty($line)) {
             continue;
+        }
         $fields = explode(':', $line);
         $user = $fields[0];
         $uid = $fields[2];
         $home = $fields[5];
         // uncoditionally accept allowed users
         if (!in_array($user, $ALLOWED_USERS)) {
             if ($uid < $USER_ID_MIN || $uid > $USER_ID_MAX) {
                 // skip users with a user id outside the allowed range
                 continue;
+            }
             $home_pos = strpos($home, $HOME_PFX);
             if ($home_pos === false || $home_pos > 0) {
                 // skip users without a HOME directory
                 continue;
+            }
             if (in_array($user, $INVALID_USERS)) {
                 // skip invalid users
                 continue;
+            }
+        }
         $users[$user] = Array($user, $home);
+    }
     ksort($users);
     return $users;
+}
 function make_htpasswd()
+{
     global $SHADOW_FILE;
     global $HTPASSWD_FILE;
     $users = get_users();
     $user_names = array_keys($users);
     $shadow = file_get_contents($SHADOW_FILE);
     $lines = explode("\n", $shadow);
     $pw_ent = Array();
     //var_dump($lines);
     foreach ($lines as $line) {
         if (empty($line)) {
             continue;
+        }
         $fields = explode(':', $line);
         $user = $fields[0];
         $pass = $fields[1];
         if (in_array($user, $user_names)) {
             $pw_ent[] = sprintf('%s:%s', $user, $pass);
+        }
+    }
     $htpwd = fopen($HTPASSWD_FILE, 'w');
     fwrite($htpwd, implode($pw_ent, "\n"));
     fclose($htpwd);
+}
 // --------------------------------------------------
 // |||:sec:||| substitute_elements
 // --------------------------------------------------
 // |:check:| syntax error on PHP 5.2.x (mecki)
 // class substitute_elements_check
 // {
 //     const _doc_ = <<<'DOC'
 // Markierungen in String ersetzen.
 // function substitute_elements ($string, $substitutions=array(), $keep_unknown=NULL, $pfx='@', $sfx=NULL)
 // Falls eine Markierung gefunden wurde, die nicht in $substitutions
 // enthalten ist, wird sie durch einen leeren String ersetzt, falls
 // $keep_unknown == false, andernfalls wird die Markierung
 // unverändert beibehalten.
 // Ist $keep_unknown == NULL (Standardwert), dann wird es auf
 // isset($_REQUEST['_DEBUG_']) gesetzt. Im Debug-Modus werden die
 // Markierungen also beibehalten im Normal-Modus nicht.
 // DOC;
 //     const _check_ = <<<'CHECK'
 // global $BRNL;

lib/ws-vacation-sudo.in

➞

Show inline comments

 # Allow www user to run the vacation command as a user, but not as root
 User_Alias WWWRUN = wwwrun,www-data
 Runas_Alias NOTROOT = ALL,!root
 Cmnd_Alias VACATION=/usr/bin/vacation *
 Cmnd_Alias RM_FORWARD=/bin/rm -f /home/*/.forward
 Cmnd_Alias CAT_FORWARD=@base_dir@/lib/write_to.sh /home/*/.forward
 Cmnd_Alias CAT_VACATION_MSG=@base_dir@/lib/write_to.sh /home/*/.vacation.msg
 Cmnd_Alias TEST_FORWARD=@base_dir@/lib/test_readable.sh /home/*/.forward
 Cmnd_Alias TEST_VACATION_MSG=@base_dir@/lib/test_readable.sh /home/*/.vacation.msg
 Cmnd_Alias TEST_VACATION_DB=@base_dir@/lib/test_readable.sh /home/*/.vacation.db
 Cmnd_Alias GET_FORWARD=/bin/cat /home/*/.forward
 Cmnd_Alias GET_VACATION_MSG=/bin/cat /home/*/.vacation.msg
 Cmnd_Alias PUT_FORWARD=@base_dir@/lib/write_to.sh /home/*/.forward
 Cmnd_Alias PUT_VACATION_MSG=@base_dir@/lib/write_to.sh /home/*/.vacation.msg
 WWWRUN ALL=(NOTROOT) NOPASSWD: VACATION
 WWWRUN ALL=(NOTROOT) NOPASSWD: RM_FORWARD
 WWWRUN ALL=(NOTROOT) NOPASSWD: CAT_FORWARD
 WWWRUN ALL=(NOTROOT) NOPASSWD: CAT_VACATION_MSG
 WWWRUN ALL=(NOTROOT) NOPASSWD: TEST_FORWARD
 WWWRUN ALL=(NOTROOT) NOPASSWD: TEST_VACATION_MSG
 WWWRUN ALL=(NOTROOT) NOPASSWD: TEST_VACATION_DB
 WWWRUN ALL=(NOTROOT) NOPASSWD: GET_FORWARD
 WWWRUN ALL=(NOTROOT) NOPASSWD: GET_VACATION_MSG
 WWWRUN ALL=(NOTROOT) NOPASSWD: PUT_FORWARD
 WWWRUN ALL=(NOTROOT) NOPASSWD: PUT_VACATION_MSG

0 comments (0 inline, 0 general)