4 use vars qw/ $file $dirty_file $user $dirty_user $group $dirty_group
5 $real_file $dirty_real_file $src_file $dest_dir $dest_file $retval
6 $homedir_prefix $sys_dbpasswd / ;
7 use subs qw/ &fileforge &tmpfilemove &wash_string / ;
10 # Clean up our environment
11 delete @ENV{qw(IFS CDPATH ENV BASH_ENV PATH)};
13 # Check access to secret
14 require ("/usr/share/gforge/lib/include.pl") ;
15 unless ( (defined $sys_dbpasswd)
16 and (defined $ENV{'sys_dbpasswd'})
17 and ($sys_dbpasswd eq $ENV{'sys_dbpasswd'}) ) {
18 die "You are not authorized to run this script" ;
21 # Initialize a constant
22 $homedir_prefix = "/var/lib/gforge/chroot/home/users/" ;
24 # Check which mode we're in
26 if ($0 eq "/usr/share/gforge/bin/fileforge.pl") {
30 # Temporary moving of files (for quick release system)
31 if ($0 eq "/usr/share/gforge/bin/tmpfilemove.pl") {
35 # If we're not in one of these two modes, then fail
36 print STDERR "You must call this script as one of:
37 * /usr/share/gforge/bin/fileforge.pl (normal execution)
38 * /usr/share/gforge/bin/tmpfilemove.pl (for QRS)" ;
39 die "Unauthorized invocation '$0'" ;
43 die "Usage: fileforge.pl file user group" ;
46 # "Parse" command-line options
47 $dirty_file = $ARGV [0] ;
48 $dirty_user = $ARGV [1] ;
49 $dirty_group = $ARGV [2] ;
51 # Check and untaint $user and $file here
52 $file = &wash_string ($dirty_file, "file", 1) ;
53 $user = &wash_string ($dirty_user, "user", 0) ;
55 # Compute source file name
56 $src_file = $homedir_prefix ;
58 $src_file .= "/incoming/" ;
61 # Check and untaint $group here
62 $group = &wash_string ($dirty_group, "group", 0) ;
64 # Compute and test destination dir name
65 $dest_dir = "/var/lib/gforge/download/" ;
68 unless ( -d $dest_dir ) {
69 mkdir $dest_dir, 0755 or die $! ;
70 chown 0, 0, $dest_dir or die $! ;
72 unless ( -d $dest_dir ) {
73 die "Destination directory '$dest_dir' does not exist" ;
76 chmod 0400, $src_file ;
77 chown 0, 0, $src_file ;
78 chmod 0644, $src_file ;
79 $retval = system "/bin/mv $src_file $dest_dir" ;
81 die "Could not execute /bin/mv: $!" ;
84 die "Error moving file" ;
90 die "Usage: tmpfilemove.pl temp_filename real_filename user_unix_name" ;
92 $dirty_file = $ARGV [0] ;
93 $dirty_real_file = $ARGV [1] ;
94 $dirty_user = $ARGV [2] ;
96 # Check and untaint variables here
97 $file = &wash_string ($dirty_file, "file", 1) ;
98 $real_file = &wash_string ($dirty_real_file, "real_file", 1) ;
99 $user = &wash_string ($dirty_user, "user", 0) ;
101 # Compute source file name
102 $src_file = "/tmp/" ;
105 # Insure the source file is good
106 chmod 0400, $src_file ;
107 $retval = system "/bin/chown $user:$user $src_file" ;
109 die "Could not execute '/bin/chmod $user:$user $src_file': $!" ;
112 die "Error reattributing file" ;
114 chmod 0644, $src_file ;
116 # Compute and test destination directory name
117 $dest_dir = $homedir_prefix ;
119 $dest_dir .= "/incoming/" ;
120 unless ( -d $dest_dir ) {
121 die "Destination directory '$dest_dir' does not exist" ;
124 # Compute destination file name
125 $dest_file = $dest_dir . $real_file ;
127 $retval = system "/bin/mv $src_file $dest_file" ;
129 die "Could not execute /bin/mv: $!" ;
132 die "Error moving file" ;
139 my $allowtilde = shift ;
141 # Empty strings are not allowed
142 if (length $string == 0) {
143 die "Forbidden empty $name '$string'" ;
147 # Only allowed characters are alphanumerical . + _ - ~
148 if ($string =~ m,[^\w.+_~-],) {
149 die "Forbidden characters in $name '$string'" ;
152 # Only allowed characters are alphanumerical . + _ -
153 if ($string =~ m,[^\w.+_-],) {
154 die "Forbidden characters in $name '$string'" ;
158 # No .. sequence is allowed
159 if ($string =~ m,\.\.,) {
160 die "Forbidden '..' sequence in $name 'string'" ;
165 if ($string =~ /^([\w.+_-]+)$/) {
168 die "Unexpected error while untainting $name '$string'" ;