Hello
Probebly this isn't the right way to ask something, but sins this is the
beginners group I'am trying it.
##
I've downloaded an existing perl script wich downloads a file after
sending the link via email and sends the download back via email.
I adapted it (I'am not an coder and my IQ isn't very high (my
enthousiasm is) so it wasn't that easy) so it places the download on my
servers harddisk.
The meaning is that I sent a mail to "mister download" with the link of
the very large download and the next day it wil be placed in my personal
samba share. (the server is going to share a cable connection between 4
clients (neigbours, 3x windblows and me), luckely it's not yet online)
The main problem is that postfix acesses the script as user nobody, so
all downloads have owner nobody.
It writes the downloads in /tmp/$username, wich is an symlink to
/home/$username/download, wich is chmod 777.
All of that is a big security risk (exept running as nobody), so I need
some help. (please)
##
First thing to do is trying to encrypt the email contens, and adapt the
script so it reads the encrypted mail.
This will also need an additional script (sendkey.pl) to send the
encryption key to the user who requests it, preferrebly as root via ssh
as ./sendkey.pl [EMAIL PROTECTED]
##
The moment encryption is used it will be possible to safely send the
real unix username/password combination via mail so the next step is to
check that in the normal unix way exept of using an additional plain
text password script.
##
If all of this is possible the last step is to run the wget commant as
the requesting user so downloads have HIS rights and thus have write
access to the users homedir.
##
I know this is alot of work, so if there are some coders who want to
give me hand please do.
Sinds the script adapted is all I could do I really need some help.
If anyone has some tips or code please help me.
--
Groetjes Japie
http://www.japie.scarlet.nl
Linux 2.4.18 i686
LFS-3.3
Win98 error 001: Unexpected condition: booted without crashing.
;^)
#!/usr/bin/perl
############################################################################
# Download Script for use as an mail alias
# Originaly written 1999,2000 by Christian Ordig <[EMAIL PROTECTED]>
# Adapted for own use by Japie <[EMAIL PROTECTED]> in 2002
#
# Rel.: 12052002
#
# Copyrights:
# -----------
#
# This script can be freely distributed unchanged. If you have changed something
# you are not allowed to distribute this modified version without contacting
# me, so I may declare it as an official version. Furthermore I would ask you
# to tell me about things you are planning to add to the script, in order to
# make sure there are not working several people on the same function.
# This is only to avoid dozens of different versions of this program being
# out there.
#
# Todo:
# -----
# - extract unix-username and password from /etc/password.
# - use the /etc/password.downloads file only for telling the script WHO may download.
# - find a solution for the download directory's rights so that there aren't world-writable anymore,
# this is a serious security problem!
# - find a way to limit the maximum download size. (lets try man:wget when I have some time)
#
############################################################################
############################################################################
#
# Instalation instructions:
# - Place this file in a /usr/sbin
# - Make an mail-alias to this script an make sure your mail program accept binairys as alias.
# - Make for every user an directory /tmp/username wich is world readable,writable and executable.
# - Create for every user a symlink from /tmp/username to /home/username/downloads,
# so that the downloads are accesable trough NFS or Samba.
# - Create an /etc/password.downloads file in format: username:password
#
############################################################################
############################# Definitions ##################################
$Password_Admin="postmaster\@deserver.nl";
$Download_Base="/tmp";
$Password_File="/etc/passwd.download";
$ContentsFile="index.txt";
$MyEmail="mailer";
$Username="empty";
$Password="empty";
$Comment="Please enter a comment in your emailīs subject!\n";
$Flag_Multi_User=1;
$FLAG_Login="0";
$FLAG_Login_Success="0";
$FLAG_Get="0";
$FLAG_Help="0";
@GETS;
$NUM_GETS=0;
$LOG_Normal=0;
$LOG_Debug=1;
$LOG_Verbose=2;
$LOG_Level=$LOG_Normal;
$LOG_File="/var/log/download_requests";
@months=qw(Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec);
############################# Subs #########################################
sub LOG {
my $Level=@_[0];
my $Message=@_[1];
if ($Level <= $LOG_Level) { # Only actual LOG_Level and lower loggen
($sec,$min,$hour,$mday,$mon,$year)=gmtime(time);
$time = sprintf ("[%02d/%s/%d:%02d:%02d:%02d +0000]"
, $mday,$months[$mon],$year+1900,$hour,$min,$sec);
print F_LOG "$time $Username: $Message";
}
}
sub escape {
$_=@_[0];
s/\@/\%40/g;
return($_);
}
sub unescape {
$_=@_[0];
s/\%40/\@/g;
return($_);
}
sub parse {
my $From="empty";
my $ReplyTo="empty";
while (<>) {
$Line = $_;
($Field, $Content) = split(/: /);
if ($Field eq "From") {
if (/\<(\S*)\>/) {$Content=$1}; # eMail Adress between <>
$From=$Content;
}
if ($Field eq "Reply-To") {
if (/\<(\S*)\>/) {$Content=$1}; # eMail Adress between <>
$ReplyTo=$Content;
}
if ($Field eq "To") {
if (/\<(\S*)\>/) {$Content=$1}; # eMail Adress between <>
$MyEmail=$Content;
}
if ($Field eq "Subject") { # Comments from Subject
$Comment=$Content;
LOG($LOG_Verbose,"Comment: $Comment");
}
if ($_ eq "\n") {goto END_HEAD;}
}
END_HEAD: # Header is parsed
# Use Reply-To, as Username, if needed, from From.
if (($From ne $ReplyTo) && ($ReplyTo ne "empty")) {
$Username=$ReplyTo;
} else {
$Username=$From;
}
# stripout only what we need
chomp($Username);
chomp($MyEmail);
chomp($Comment);
while (<>) { # Parse message Body (here are the commands...
chop;
LOG ($LOG_Verbose,"$_\n");
($Command, $Parameter) = split(/: /);
LOG($LOG_Verbose, "Command: $Command\n");
LOG($LOG_Verbose, "Parameter: $Parameter\n");
if (uc($Command) eq uc("help")) {$FLAG_Help="1";} # Help requested
if (uc($Command) eq uc("username")) { # Get username
$Username=$Parameter;
$FLAG_Login="1"
}
if (uc($Command) eq uc("password")) { # Get password
$Password=$Parameter;
$FLAG_Login="1"
}
if (uc($Command) eq uc("get")) { # get request
$NUM_GETS=push(@GETS,$Parameter);
$FLAG_Get="1";
}
}
LOG($LOG_Debug, "User sent eMail to: $MyEmail\n");
LOG($LOG_Verbose, "Passwort: $Password\n");
}
sub do_stuff {
LOG($LOG_Debug,"do_stuff()\n");
if ($FLAG_Help eq "1") { # Help
LOG($LOG_Debug,"Help requested.\n");
help();return;
}
if ($FLAG_Login eq "1") { # Authorise?
LOG($LOG_Debug,"Identifing requested.\n");
auth();
} else {
LOG($LOG_Normal,"No Login...\n");
error_no_login();
return;
}
if ($FLAG_Login_Success ne "1") { # Bad password?
error_bad_login();
return;
}
if ($FLAG_Get eq "1") { # Execute GET
LOG($LOG_Normal,"Get requested.\n");
get();
return;
}
error_no_action(); # No command given...
}
sub check_url {
my $bad="0";
foreach $_ (@_) {
if (!(/^ftp:\/\/.*/ || /^http:\/\/.*/)) {
LOG(LOG_Debug,"bad URL: $_\n");
$bad="1";
}
}
if ($bad eq "1") {
return ("0");
} else {
return("1");
}
}
sub error_bad_url_get {
LOG(LOG_Debug,"error_bad_url_get()\n;");
create_mail();
print MAIL "De URL voor \"get:\" was niet goed geformuleerd!\n\n";
print MAIL "Controleer of U de URL goed ingevuld heeft, en probeer het nog eens.\n";
print MAIL "Let op!: u moet het protocol in uw URL specificeren:\n";
print MAIL "b.v.: ftp://ftp.suse.com/\n";;
close_mail();
LOG (LOG_Debug,"error_bad_url_get() end.\n");
}
sub set_owner {
system ("chmod 666 $Download_Base/*");
}
sub get {
LOG($LOG_Debug,"get()\n");
LOG($LOG_Debug,"@GETS\n");
($sec,$min,$hour,$mday,$mon,$year)=gmtime(time);
$Start_time = sprintf ("[%02d/%s/%d:%02d:%02d:%02d +0000]",
$mday,$months[$mon],$year+1900,$hour,$min,$sec);
if (check_url(@GETS) eq "1") {
create_mail();
if ($Flag_Multi_User) {
open (WGET, "wget -nv -nd -N -P$Download_Base/$Username @GETS 2>&1 |");
}
while (<WGET>) {
print MAIL "De door U verzochte download:\n\n @GETS\n\n is nu aanwezig in uw server directory.\n";
}
close (WGET);
set_owner();
close_mail();
} else {
error_bad_url_get();
}
($sec,$min,$hour,$mday,$mon,$year)=gmtime(time);
$End_time = sprintf ("[%02d/%s/%d:%02d:%02d:%02d +0000]",
$mday,$months[$mon],$year+1900,$hour,$min,$sec);
write_contents();
LOG($LOG_Debug,"get() done.\n");
# }
}
sub write_contents {
if ($Flag_Multi_User) {
open (CONTENT,">> $Download_Base/$ContentsFile");
}
flock (CONTENT,LOCK_EX); # exclusive Lock
print CONTENT "Username: $Username\n";
print CONTENT "Comment: $Comment\n";
foreach $URL (@GETS) {
print CONTENT "URL: $URL \n";
}
print CONTENT "Download Start: $Start_time\n";
print CONTENT "Download End: $End_time\n";
print CONTENT "--------------------------------------\n\n";
close (CONTENT);
}
sub help {
LOG($LOG_Debug,"help()\n");
create_mail();
print MAIL "Download Help\n";
print MAIL "-------------\n\n";
print MAIL "Deze service is er om bestanden te downloaden naar deserver's harde schijf,\nof U deze via eMail toe te laten sturen.\n\n";
print MAIL "Het gebruik wordt bepaald door een aantal parameters:\n";
print MAIL " - Het is noodzakelijk om de commando's in het bericht te plaatsen.\n";
print MAIL " Commando's hebben parameters nodig, die na het commando gegeven dienen te worden,\n";
print MAIL " gescheiden door een dubbele punt (:) gevolgd door een spatie ( ). \n";
print MAIL " - Twee speciale commando's die verplicht zijn, zijn \"username: \" en \"password: \".\n";
print MAIL " Gebruik: \"username: uw_gebruikersnaam\"\n";
print MAIL "Als u nog geen geldig wachtwoord hebt, kunt U deze per mail aanvragen bij: $Password_Admin\n\n";
print MAIL "Commando Lijst\n";
print MAIL "--------------\n\n";
print MAIL "username: uw_gebruikersnaam (Wie Ben Ik)\n";
print MAIL "password: uw_wachtwoord (Dit is niet hetzelfde als uw gebruikerswachtwoord!)\n";
print MAIL "help (stuurt u deze gebruiksaanwijzing)\n";
print MAIL "get: URL (plaatst het gedownloade bestand op deserver's harde schijf)\n\n";
print MAIL "Het is absoluut noodzakelijk het protocol in de URL te specifiseren:\n";
print MAIL " b.v.: ftp://ftp.suse.com/ or http://www.linux.de/\n\n";;
close_mail();
}
sub list {
LOG($LOG_Debug,"list()\n");
my $tmp;
my $user;
my $host;
create_mail();
if ($Flag_Multi_User) {
open (LIST, "find $Download_Base| sort|");
}
while (<LIST>) {
if ($Flag_Multi_User) {
($tmp, $_)=split(/$Download_Base/);
}
if (!(/.*\.lock/ || /.*\@.*/) || /\/$Username\n/ || /\/$Username\.**/ || /\/$Username.lock\n/) {print MAIL;}
}
close(LIST);
close_mail();
}
sub auth {
LOG($LOG_Debug,"auth()\n");
open(PASSWD,"$Password_File");
while(<PASSWD>) {
chop;
($U,$P)=split(/:/);
if ($U eq $Username) { # Found username
if ($P eq $Password) {
$FLAG_Login_Success="1"; # Login suxeeded...
return;
} else {
$FLAG_Login_Success="0"; # Bad password
return;
}
}
}
close(PASSWD);
$FLAG_Login_Success="0"; # Username not found.
}
sub error_no_login { # No password given
LOG($LOG_Debug,"error_no_login()\n");
create_mail();
print MAIL "Geen login gebruikt!\n\n";
print MAIL "Gebruik A.U.B. \"password:\" commando en vergewis U ervan dat er een spatie zit tussen de \ndubbele punt (:) en uw wachtwoord.\n\n";
print MAIL "Voor meer hulp kunt U een mailtje sturen met \"help\" in het bericht.\n";
close_mail();
}
sub error_no_action { # No command given
LOG($LOG_Debug,"error_no_action()\n");
create_mail();
print MAIL "Geen aktie verzocht!\n\n";
print MAIL "Geef A.U.B. een commando op en vergewis U ervan dat er een spatie zit tussen de \ndubbele punt (:) en uw wachtwoord.\n\n";
print MAIL "Voor meer hulp kunt U een mailtje sturen met \"help\" in het bericht.\n";
close_mail();
}
sub error_bad_login { # Wring password given
LOG($LOG_Debug,"error_bad_login()\n");
create_mail();
print MAIL "Foute gebruikersnaam-wachtwoord combinatie!\n\n";
print MAIL "Vraag een gebruikersnaam en wacht woord aan!\n\n";
print MAIL "Voor meer hulp kunt U een mailtje sturen met \"help\" in het bericht.\n";
close_mail();
LOG($LOG_Normal, "ATTENTION: Bad Login trial!!\n");
}
sub create_mail { # Create MAIL and Header
LOG($LOG_Debug,"create_mail()\n");
open (MAIL, "|/usr/sbin/sendmail -t -f $MyEmail");
print MAIL "Subject: Uw download verzoek\n";
print MAIL "From: ",$MyEmail,"\n";
print MAIL "To: ",$Username,"\n";
print MAIL "\n";
}
sub close_mail { # Send MAIL
LOG($LOG_Debug,"close_mail()\n");
close(MAIL)
}
################################ Main #######################################
select (F_LOG); $|=1;select(STDOUT); # unbuffered Output in Logfile
LOG($LOG_Normal,"-------------- START ----------------\n");
LOG($LOG_Debug,"main() start\n");
parse;
do_stuff;
LOG($LOG_Debug,"main() end\n");
close(F_LOG);
############################################################################
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
