# HG changeset patch # User Heiko Schlittermann # Date 1275428662 -7200 # Node ID 15103e67791deacf916b49480d5855b1a3a2be90 # Parent e0329f2e2f11091302d9c29b3a3625f8e8c03b23 functional: UID switch now works really diff -r e0329f2e2f11 -r 15103e67791d sap-vpn.pl --- a/sap-vpn.pl Tue Jun 01 08:44:27 2010 +0200 +++ b/sap-vpn.pl Tue Jun 01 23:44:22 2010 +0200 @@ -15,7 +15,7 @@ my $use_lwp = -f "lwp"; -($EUID, $UID) = ($UID, $EUID); # release ROOT, doesn't harm, if not suid +($UID, $EUID) = ($EUID, $UID); # release ROOT, doesn't harm, if not suid ($0) = ($0 =~ /([.\/\w-]+)/); # untaint $0 use constant ME => basename $0; @@ -94,14 +94,16 @@ $opt_verbose += $opt_debug; - untaint($opt_host) or ohshit "hostname didn't pass verification\n"; + untaint($opt_host) or ohshit "hostname didn't pass verification\n"; untaint($opt_linkname) or ohshit "linkname didn't pass verification\n"; untaint($opt_script) or ohshit "script name didn't pass verification\n" if $opt_script; map { untaint } @ppp_opts; - ohshit "need to run with root permissions!\n" + # now get back the root permissions + ($EUID, $UID) = ($UID, $EUID); + ohshit "need to run with root permissions (current: $UID/$EUID)!\n" if not $EUID == 0 || $UID == 0; exit do_kill($opt_linkname) if $opt_kill; @@ -151,7 +153,7 @@ $request = "GET /my.logon.php3?check=1 HTTP/1.0\r\n" . "Content-Type: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" - . "User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; de-de) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7\r\n" + . "User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; de-de) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7\r\n" . "Connection: close\r\n" . "\r\n"; $response = qx(echo "${request}" | ${openssl} 2>/dev/null) @@ -162,13 +164,14 @@ use LWP::UserAgent; use HTTP::Request::Common; use HTTP::Status; - use HTTP::Cookies; - #use LWP::Debug qw(+); - $cookies = new HTTP::Cookies; - $ua = new LWP::UserAgent; + use HTTP::Cookies; + + #use LWP::Debug qw(+); + $cookies = new HTTP::Cookies; + $ua = new LWP::UserAgent; $ua->agent(""); $ua->env_proxy; - $ua->cookie_jar($cookies); + $ua->cookie_jar($cookies); $response = $ua->get("https://$opt_host:443/my.logon.php3?check=1"); ohshit "initial failed with http code @{[$response->message]}\n" @@ -220,7 +223,8 @@ unless $response->is_success; $response = $response->as_string; - # ? $cookies->set_cookie(0, MRHSession => $sessionid, "/", $opt_host, 443, 1, 0, 10, 0, {}); + +# ? $cookies->set_cookie(0, MRHSession => $sessionid, "/", $opt_host, 443, 1, 0, 10, 0, {}); } # We can then parse the response for the MRHSession Cookie, which contains our @@ -231,7 +235,6 @@ $sessionid = $1; verbose "% session id ${sessionid}\n"; - ### ### STEP 3 :: Create the SSL VPN tunnel. ### @@ -247,19 +250,20 @@ $response = qx(echo "${request}" | ${openssl} 2>/dev/null); } else { - $response = $ua->get("https://$opt_host:443/vdesk/vpn/index.php3?outform=xml"); + $response = + $ua->get("https://$opt_host:443/vdesk/vpn/index.php3?outform=xml"); ohshit "creating tunnel failed with http code @{[$response->message]}\n" unless $response->is_success; - $response = $response->as_string; + $response = $response->as_string; } # The response is XML, so we can safely grab what we are looking for using some # regular expression magic. Same with the SessionID, we're printing out the # final value to make sure we're on the right track. - open(X, ">response.out") or die; - print X $response; + #open(X, ">response.out") or die; + #print X $response; $response =~ /${opt_name}[^\n]+\n[^Z]+Z=\d+,(\d+)/; $favorite = $1;