--------------------------------------------------------------------
adduser.pl
--------------------------------------------------------------------
This perl script is a CGI program which I use to create users
accounts from an HTTP form. The script takes on the standard input
(via the POST method of the HTML form) the following items:

 - First name
 - Last name
 - Desired e-mail alias
 - Password

Then it performs several tasks:

 - Check first name and last name to contains only allowed
   characters.
 - Check alias to contains only allowed characters.
 - Check that mail alias does not already exists as an user name
   or as an alias.
 - Generate an unique username from first name and second name
   initial characters, plus a random number.
 - Create the user placing first name and second name as a
   comment (gecos field in /etc/passwd).
 - Add the alias in /etc/aliases.
 - Set the user quota from a prototype user.

The script must be launched by a wrapper program suid root,
because it is run by the httpd daemon (usually running as a
unprivileged user), but it must perform superuser actions.

I choose to put a wrapper instead of using the suid capabilities
of perl, because - as far I know - perl can change only
EFFECTIVE UID and GID, but some action (like edquota) need
REAL UID and GID set to root.

So you have to put two files in the CGI-BIN directory: the perl
script adduser.pl, and the wrapper adduser.cgi. Only the wrapper
should be suid root. As root you can run "make install" to do the
job. Those are the permissions needed by the files:

  -rwsr-sr-x   1 root   root     2620 Feb  8 11:08 adduser.cgi
  -rwxr-xr-x   1 root   root    10253 Feb  8 11:08 adduser.pl


--------------------------------------------------------------------
What to check
--------------------------------------------------------------------
This is a unordered and uncomplete list of rules that must be
satisfied by user input for the adduser.cgi script to be successful.
Actually the script is more restrictive than this, but you must
check this before relaxing some constrains.

- First name and last name must not contain ":" because it is
  not allowed in gecos field.
  
- Need to write something here!!!!


--------------------------------------------------------------------
History
--------------------------------------------------------------------
Version 1.7 (20 Mar 2000)
   Some clean up. Better organization for different language
   support. Better tracing of system operation and error.

Version 1.6 (21 Feb 2000)
   Switched from standard Unix useradd to the Debian adduser
   utility, because it chooses the UID reallocating free ones.
   
Version 1.5 (Feb 2000)
   Don't remember what changed!

Version 1.4 (8 Feb 2000)
   Switched from perl suid to exec from a wrapper, because I
   need real UID and GID set to root. Added a Makefile.

Version 1.3 (16 Jan 2000)
   Improved security on adduser, chpasswd and adding alias. The
   commands now don't go through a shell, so they resist to
   shell metacharacters (", &, etc.). At least I think...

Version 1.1 (15 Jan 2000)
   The script is now working. It must be suid root (chmod 4755).
   Some check is done un user input. No special chars are
   allowed in user name (e.g. accented letters).
   The username is generated with the initials of first name
   and last name, plus a random number of USERNAME_DIGITS digits.
   The alias is appended to /etc/aliases.
