diff options
author | Christian Pointner <equinox@spreadspace.org> | 2015-07-30 14:52:23 (GMT) |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2015-07-30 14:52:23 (GMT) |
commit | d1dd85bddc09b38c01404b847b9dc1985152b3fb (patch) | |
tree | a8b15e272ef9e5bb7aa707f12f4663b62ae2ffc9 /utils | |
parent | 2b3d623828f84a01afa7a07cb240f73095e85941 (diff) |
improved priv check for get-rd-token
Diffstat (limited to 'utils')
-rwxr-xr-x | utils/get-rd-token | 25 | ||||
-rwxr-xr-x | utils/get-rd-week | 2 |
2 files changed, 17 insertions, 10 deletions
diff --git a/utils/get-rd-token b/utils/get-rd-token index 1a59f21..ff014c0 100755 --- a/utils/get-rd-token +++ b/utils/get-rd-token @@ -23,24 +23,31 @@ use strict; use RHRD::rddb; -# this is ridiculous but makes it a little harder to find user passwords... -if ($> != 0 ) { - print STDERR "this must be run as root!\n"; - exit 1; -} - my $num_args = $#ARGV + 1; -if ($num_args != 1) { + +if($num_args > 1) { print STDERR "Usage: get-rd-token <username>\n"; exit 1; } -my $username=$ARGV[0]; +my $requsername=$ARGV[0]; +my $pwusername = getpwuid($>); + +# this is ridiculous but makes it a little harder to find user passwords... +if($num_args == 1) { + unless($> == 0 || $pwusername eq $requsername) { + print STDERR "this must be run as root or as the user whos token is requested!\n"; + exit 1; + } +} else { + $requsername = $pwusername; +} + my $token=''; my ($dbh, undef, $errorstring) = RHRD::rddb::opendb(); if(defined $dbh) { - ($token, undef, $errorstring) = RHRD::rddb::get_token($dbh, $username); + ($token, undef, $errorstring) = RHRD::rddb::get_token($dbh, $requsername); unless($token) { print STDERR "$errorstring\n"; exit 1; diff --git a/utils/get-rd-week b/utils/get-rd-week index 041e822..c6dd0ab 100755 --- a/utils/get-rd-week +++ b/utils/get-rd-week @@ -23,4 +23,4 @@ use strict; use RHRD::utils; -print RHRD::utils::get_rd_week() . "\n";
\ No newline at end of file +print RHRD::utils::get_rd_week() . "\n"; |