From: Dave West <davew@uncensored.citadel.org>
Date: Wed, 28 May 2008 15:15:02 +0000 (+0000)
Subject: Added a step to setup to get a password for the admin user.
X-Git-Tag: v7.86~2200
X-Git-Url: https://code.citadel.org/?a=commitdiff_plain;h=2154154a88f7b1ab6bc972c81979b2c1e52a0693;p=citadel.git

Added a step to setup to get a password for the admin user.
Now when setup is run after it starts the server it will attempt to
create the admin user and set its password. This makes things a little
more obvious for new users setting up a Citadel system for the first
time.
Also it has the added effect of closing the small security hole.
On a new installation setup will grab user 1 before anyone else can thus
ensuring user 1 priviledges and/or it will set the password and user for
whoever the system admin is set to thus preventing the unlikely
situation where some attacker gets there first.
---

diff --git a/citadel/setup.c b/citadel/setup.c
index ac283be36..d0cd21274 100644
--- a/citadel/setup.c
+++ b/citadel/setup.c
@@ -28,7 +28,7 @@
 #include "config.h"
 #include "citadel_dirs.h"
 
-#define MAXSETUP 5	/* How many setup questions to ask */
+#define MAXSETUP 6	/* How many setup questions to ask */
 
 #define UI_TEXT		0	/* Default setup type -- text only */
 #define UI_DIALOG	2	/* Use the 'dialog' program */
@@ -42,11 +42,14 @@ int setup_type;
 char setup_directory[PATH_MAX];
 int using_web_installer = 0;
 int enable_home = 1;
+char admin_pass[SIZ];
+char admin_cmd[SIZ];
 
 char *setup_titles[] =
 {
 	"Citadel Home Directory",
 	"System Administrator",
+ 	"Administrator Password",
 	"Citadel User ID",
 	"Server IP address",
 	"Server port number",
@@ -78,6 +81,10 @@ char *setup_text[] = {
 "you).  When an account is created with this name, it will\n"
 "automatically be given administrator-level access.\n",
 
+"Enter a password for the system administrator. When setup\n"
+"completes it will attempt to create the administrator user\n"
+"and set the password specified here.\n",
+
 "Citadel needs to run under its own user ID.  This would\n"
 "typically be called \"citadel\", but if you are running Citadel\n"
 "as a public BBS, you might also call it \"bbs\" or \"guest\".\n"
@@ -726,6 +733,18 @@ void edit_value(int curr)
 		break;
 
 	case 2:
+		if (setup_type == UI_SILENT)
+		{
+			if (getenv("SYSADMIN_PW")) {
+				strcpy(admin_pass, getenv("SYSADMIN_PW"));
+			}
+		}
+		else {
+			set_str_val(curr, admin_pass);
+		}
+		break;
+	
+	case 3:
 		if (setup_type == UI_SILENT)
 		{		
 			if (getenv("CITADEL_UID")) {
@@ -758,7 +777,7 @@ void edit_value(int curr)
 		}
 		break;
 
-	case 3:
+	case 4:
 		if (setup_type == UI_SILENT)
 		{
 			if (getenv("IP_ADDR")) {
@@ -770,7 +789,7 @@ void edit_value(int curr)
 		}
 		break;
 
-	case 4:
+	case 5:
 		if (setup_type == UI_SILENT)
 		{
 			if (getenv("CITADEL_PORT")) {
@@ -783,7 +802,7 @@ void edit_value(int curr)
 		}
 		break;
 
-	case 5:
+	case 6:
 		if (setup_type == UI_SILENT)
 		{
 			if (getenv("ENABLE_UNIX_AUTH")) {
@@ -1298,6 +1317,8 @@ NEW_INST:
 		}
 
 		if (test_server() == 0) {
+			snprintf (admin_cmd, sizeof(admin_cmd), "%s/sendcommand \"CREU %s|%s\"", ctdl_utilbin_dir, config.c_sysadm, admin_pass);
+			system(admin_cmd);
 			important_message("Setup finished",
 				"Setup of the Citadel server is complete.\n"
 				"If you will be using WebCit, please run its\n"