/usr/share/lemonldap-ng/bin/lmConfigEditor is in liblemonldap-ng-manager-perl 1.2.5-1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 | #!/usr/bin/perl
use Lemonldap::NG::Common::Conf;
use Lemonldap::NG::Common::Conf::Constants;
use Data::Dumper;
use English qw(-no_match_vars);
use File::Temp;
use POSIX qw(setuid setgid);
use strict;
eval {
setgid( ( getgrnam('www-data') )[2] );
setuid( ( getpwnam('www-data') )[2] );
print STDERR "Running as uid $EUID and gid $EGID\n";
};
if ( $EUID == 0 ) {
print STDERR
"$0 must not be launched as root since local cache can be corrupted\n"
. "Continue (y/N)? ";
my $res = <STDIN>;
exit 1 unless ( $res =~ /^y/i );
}
my $conf = Lemonldap::NG::Common::Conf->new();
unless ($conf) {
print STDERR $Lemonldap::NG::Common::Conf::msg;
exit 1;
}
my $tmp = $conf->getConf();
delete $tmp->{reVHosts};
delete $tmp->{cipher};
delete $tmp->{cfgAuthor};
delete $tmp->{cfgAuthorIP};
delete $tmp->{cfgDate};
$tmp = Dumper($tmp);
my $refFile = File::Temp->new( UNLINK => 1 );
my $editFile = File::Temp->new( UNLINK => 1 );
print $refFile $tmp;
print $editFile $tmp;
close $refFile;
close $editFile;
system "editor $editFile";
if (`diff $refFile $editFile`) {
my $VAR1;
my $buf;
# Check if the new configuration hash is valid
open F1, $editFile->filename();
while (<F1>) {
$buf .= $_;
}
eval $buf;
die $EVAL_ERROR if $EVAL_ERROR;
# Update author and date
$VAR1->{cfgAuthor} = "lmConfigEditor";
$VAR1->{cfgAuthorIP} = "localhost";
$VAR1->{cfgDate} = time();
# Store new configuration
my $res = $conf->saveConf($VAR1);
if ( $res > 0 ) {
print STDERR "Configuration $res saved\n";
}
else {
print STDERR "Configuration was not saved:\n ";
if ( $res == CONFIG_WAS_CHANGED ) {
print STDERR "Configuration has changed\n";
}
elsif ( $res == DATABASE_LOCKED ) {
print STDERR "Configuration database is or can nor be locked\n";
}
elsif ( $res == UPLOAD_DENIED ) {
print STDERR "You're not authorized to save this configuration\n";
}
elsif ( $res == SYNTAX_ERROR ) {
print STDERR "Syntax error in your configuration\n";
}
elsif ( $res == UNKNOWN_ERROR ) {
print STDERR "Unknown error\n";
}
}
}
else {
print STDERR "Configuration not changed\n";
}
|