 |
 |
Perl -> Changing passwords
|
|
|
|
|
Addicted to MacNN
Join Date: Sep 2000
Status:
Offline
|
|
I'm using an OS X system as a file server (Yea for the versatility of OS X).
Want to allow users to change their password via a webpage on the server...
Found this for UNIX, which should do exactly what I need. Change both the Samba and UNIX password....
but it doesn't work. Might be with the Expect.pm module... not sure.
Can anyone get this to work? I think others would appreciate it too.
|
I always use protection when fscking my Mac... Do you?
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Sep 2000
Status:
Offline
|
|
Code:
#!/usr/local/bin/perl -U
#-U necessary to run Unsafe setuid scripts, otherwise setuid operation may fail
# version: 1.01
#################################################################################
#passwd_sync.pl : Program to Setup Unix and Windows password over web.
#
# Copyright (C) 2001 Rajeev Kumar (rajeev@rajeevnet.com)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#
#
#Obtain Latest version of this software from:
# http://www.rajeevnet.com/linux/pass_...wd_sync.tar.gz
################################################################################
# First release(v1.0): Sep/07/2001
# Bug Fix(v1.01): (Sept/11/2001) : Soft close soft_close() call added. On some system
# without this call expect commands are not completing
# properly.
#
################################################################
#This is a cgi script which will print the HTML form if no
#argument supplied , else it will execute passwd-sync.pl program
#for user! YOU NEED TO CREATE THIS SCRIPT "SETUID" and owned by
# root (This is a security risk!!)
################################################################
# This script will be used to sync Unix/NT password using
# following.
#
# o Using yppasswd command change NIS password
# o Using smbpasswd (newer version) change user password
# on Domain Controller.
#
# Since it is very tricky or troublesome using above command
# using without user interaction. It is easier if we could interface
# this with feature like UNIX expect(1) command. Fortunately
# there is an Expect.pm module for Perl.
#
# Requirements:
# [1]
# Expect Perl Module: http://cpan.valueclick.com/authors/id/R/RG/RGIERSIG/
# You can also type command:
# perl -MCPAN -e shell
# > install Bundle::Expect
#
# which will install all required packages.
#
# [2]
# You need to have relatively latest samba distribution which
# has smbpasswd(1) command supporting options like -r -U etc.
# All you need is smbpasswd(1) program. You need not to be running
# sambaserver for this program.
#################################################################
################## Edit_Section: site specific variables below ####################
$html_title="[AccetturaNET] :: Password Setup Interface";
$yppasswd="/usr/bin/ppasswd"; #Location of Unix yppasswd(1) command
$smbpasswd="/sw/bin/smbpasswd"; #Location of smbpasswd(1) from samba distro.
$p_domain_controller="ACCETTURANET"; #Netbios Name (your Primary domain controller)
$cgiserver="192.168.1.200"; #Your Webserver
$cgi_url="http://$cgiserver/password/index.cgi"; #Exact cgi-bin URL for this script
$priv_uid=100; #Unix uid, below which this program won't setup passwd
################# No Need to edit after this ######################################
BEGIN
{
$|=1; #Flush all I/O as soon as possible.
}
use CGI qw(:standard); #Parsing Web forms.
#Install Bundle::Expect module in your Perl distribution first.
use Expect; #Using expect(1) like feature in perl.
# Optional debugging for Expect.
# $Expect::Debug=1;
# $Expect::Exp_Internal=1;
# $Expect::Log_Stdout=0; # On by default.
##################################################################
$header=header();
$bottom=end_html();
#Print Common HTML header
print $header;
####################################################
#Parse Form data:
$pform{instance} = param('instance');
$pform{username} = param('username');
$pform{old_passwd_nis} = param('old_passwd_nis');
$pform{old_passwd_windows} = param('old_passwd_windows');
$pform{new_passwd} = param('new_passwd');
$pform{new_passwd_2} = param('new_passwd_2');
$pform{os} = param('os');
####################################################
if($pform{instance} eq "sync")
{
$username=$pform{username};
$old_passwd_nis=$pform{old_passwd_nis};
$old_passwd_windows=$pform{old_passwd_windows};
$new_passwd=$pform{new_passwd};
$new_passwd_2=$pform{new_passwd_2};
if( ($username eq "") or ($old_passwd_nis eq "")
or ($new_passwd eq "") or ($new_passwd_2 eq "") )
{
&print_error("Insufficient Data. Provide all feilds in the form");
}
if( ($user_uid=&verify_user($username,$old_passwd_nis)) le $priv_uid )
{ &print_error("Not allowed to change password for $username($uid)"); }
#Change Effective Userid now
$>=$user_uid;
$<=$user_uid;
if($new_passwd ne $new_passwd_2)
{
&print_error("New Password Mismatch :: Please type new password same twice");
}
#Check if both new and old passwords are same.
#if($new_passwd eq $old_passwd)
# {
# &print_error("Both new and Old passwords are same. Aborting ...\n");
# }
$change_win_passwd=0;
$change_nis_passwd=0;
SWITCH:
{
if($pform{os} eq "both")
{ $change_win_passwd = $change_nis_passwd = 1; last SWITCH; }
if($pform{os} eq "windows") { $change_win_passwd=1; last SWITCH; }
if($pform{os} eq "nis") { $change_nis_passwd=1; last SWITCH; }
&print_error("You need to select atleast one option to change password\n");
}
###################################################################
### Change Windows Passwd: ############
###################################################################
if($change_win_passwd)
{
if($old_passwd_windows eq "")
{
&print_error("Insufficient Data. Provide Old Windows password");
}
print "<PRE><HR>";
print "Changing Windows Password on Domain Controller $p_domain_controller\n";
($win_passwd=Expect->spawn("$smbpasswd -r $p_domain_controller")) ||
&print_error("Unable to spawn $smbpasswd\n");
unless($win_passwd->expect(30,"Old SMB password:"))
{ &print_error("101: Unable to change Windows password \n"); }
print $win_passwd "$old_passwd_windows\r";
unless($win_passwd->expect(30,"New SMB password:"))
{ &print_error("102: Unable to change Windows password \n"); }
print $win_passwd "$new_passwd\r";
unless($win_passwd->expect(30,"Retype new SMB password:"))
{ &print_error("103: Unable to change Windows password \n"); }
print $win_passwd "$new_passwd_2\r";
#Must soft close this file handle otherwise on some system
#command may fail to complete.
$win_passwd->soft_close();
print "</PRE>"
}
###################################################################
### Change NIS passwd #######
###################################################################
if($change_nis_passwd)
{
print "<PRE><HR>";
print "Changing NIS (Unix) password for user $username($user_uid) \n";
($nis_passwd=Expect->spawn("$yppasswd")) ||
&print_error("Unable to spawn $yppasswd $username\n");
unless($nis_passwd->expect(30,"Please enter old password:"))
{ &print_error("201: Unable to change UNIX password \n"); }
print $nis_passwd "$old_passwd_nis\r";
(Last edited by macvillage.net; May 31, 2003 at 08:20 PM.
)
|
I always use protection when fscking my Mac... Do you?
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Sep 2000
Status:
Offline
|
|
Code:
unless($nis_passwd->expect(30,"Please enter new password:"))
{ &print_error("202: Unable to change UNIX password \n"); }
print $nis_passwd "$new_passwd\r";
unless($nis_passwd->expect(30,"Please retype new password:"))
{ &print_error("203: Unable to change UNIX password \n"); }
print $nis_passwd "$new_passwd_2\r";
#Must soft close this file handle otherwise on some system
#command may fail to complete.
$nis_passwd->soft_close();
print "</PRE>";
}
}
else
{
#Presenting Web Form.
print "<! This is a cgi-bin script, Do not run from command line>\n";
&print_form();
}
#####################################################
## Subroutimes
#####################################################
sub print_form
{
#############################
# Printing Header and Info.
#############################
print <<INFORM;
<body bgcolor="#cccc99" text="#000000" link="#336600" vlink="#336600" alink="#336600">
<font color="#000000" face="Arial, Helvetica, sans-serif" size="3">
</font>
<hr> <font color="#000000" face="Arial, Helvetica, sans-serif" size="3">
</font>
<center><big> </big>
<h1><big><big><font color="#000000" face="Arial, Helvetica, sans-serif" size="3"><font color="#990000">
$html_title </font></font></big></big></h1>
<hr width="100%" size="2" align="Left"><big> </big></center>
<font color="#000000" face="Arial, Helvetica, sans-serif" size="3">
</font> <font color="#000000" face="Arial, Helvetica, sans-serif" size="3"><small>
This web form will change your UNIX (NIS) and Windows (Domain Controller)
passwords. Provide following information:</small><br>
<br>
</font>
<table border="1" width="100%" cellpadding="2" cellspacing="2" bgcolor="#cc9933">
<tbody>
<tr>
<td width="30"><b>Username</b></td>
<td colspan="2"> This is your user (login) name assigned by
Computer Services .</td>
</tr>
<tr>
<td><b>Current (UNIX) Password</b></td>
<td> Existing UNIX password.</td>
</tr>
<tr>
<td><b>Current (Windows) Password</b></td>
<td> Existing Windows (Domain controller password)</td>
</tr>
<tr>
<td colspan="2" bgcolor="#999900"><i><em> Provide your existing
passwords correctly for both UNIX (NIS) and Windows (Domain Controller).
They may or may not be same. If you are changing UNIX password *only* then you
do not have to provide Windows password. </em></i></td>
</tr>
<tr>
<td><b>New Password</b></td>
<td> New password for both UNIX and Windows.</td>
</tr>
<tr>
<td><b>Retype New password</b></td>
<td> Same as New Password.</td>
</tr>
<tr>
<td colspan="2" bgcolor="#999900"><em>If you see no errors
after this form is processed then new password will be same for both
UNIX and Windows. Password change for UNIX and Windows will happen independently.
Carefully read output after clicking "Setup Password" button and check for any errors.
</em></td>
</tr>
</tbody>
</table>
INFORM
#################################
#### Printing Actual Form
#################################
print <<PRINTFORM;
<font color="#000000" face="Arial, Helvetica, sans-serif" size="3"><em></em><br>
<br>
</font>
<hr> <font color="#000000" face="Arial, Helvetica, sans-serif" size="3">
</font>
<form action="$cgi_url" method="Post">
<font color="#000000" face="Arial, Helvetica, sans-serif" size="3"><input type="hidden" name="instance" value="sync">
</font>
<table border="0" width="55%" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td><label for="username"><font color="#000000" face="Arial, Helvetica, sans-serif" size="3">
Username </font></label></td>
<td><font color="#000000" face="Arial, Helvetica, sans-serif" size="3"><input name="username" type="text"></font></td>
</tr>
<tr>
<td><label for="old_passwd_nis"> Current Password (UNIX)
<font size=-1> <BR><EM>This is also used for your identity authentication
</EM> </font> </label></td>
<td><input name="old_passwd_nis" type="password"></td>
</tr>
<tr>
<td><label for="old_passwd_windows"> Current Password (Windows)
<font size=-1> <BR><EM>Optional,if you are changing UNIX password only.
</EM> </label></td>
<td><input name="old_passwd_windows" type="password"></td>
</tr>
<tr>
<td><label for="new_passwd"><b>New Password</b> </label></td>
<td><input name="new_passwd" type="password"></td>
</tr>
<tr>
<td><label for="new_passwd_2"><b> Retype New Password</b> </label></td>
<td><input name="new_passwd_2" type="password"></td>
</tr>
<tr>
<td bgcolor="#999900"> Select ONE option from below</td> <br>
</tr>
<tr>
<td colspan="2" align="Justify"><input value="windows" name="os" type="radio">
Change Only Windows Password</td>
<td valign="Top" align="Center"><br>
</td>
</tr>
<tr>
<td colspan="2" align="Left"><input value="nis" name="os" type="radio">
Change Only UNIX(NIS) Password</td>
<td valign="Top"><br>
</td>
</tr>
<tr>
<td colspan="2" align="Left"><input default="" value="both" name="os" type="radio">
Change Both Windows and UNIX Password</td>
<td valign="Top"><br>
</td>
</tr>
<tr>
<td colspan="2" align="Center"><input value="Clear Entries" type="reset"> <input value="Setup Password" name="action" type="submit">
<table>
<tbody>
<tr>
</tr>
</tbody>
</table>
</td>
<td valign="Top"><br>
</td>
</tr>
</tbody>
</table>
</form>
PRINTFORM
}
########################
# Print Error in Red
########################
sub print_error
{
local($message)=@_;
print <<ERROR;
<H1><FONT COLOR=\"\#ff0000\"><BLINK>ERROR :: </BLINK>$message</FONT> </H1>
ERROR
print $bottom;
exit(0);
}
####################################
#Verify UNIX user name and password
####################################
sub verify_user
{
local($verify_user,$verify_passwd)=@_;
local($user1,$passwd1,$uid1,$junk,$salt);
($user1,$passwd1,$uid1,$junk)=getpwnam($verify_user);
if(!$user1)
{
&print_error("UNIX User \"$verify_user\" does not exists\n");
return -1;
}
$salt=substr($passwd1,0,2); #Extract first two chars of encrypted passwd as salt.
if(crypt($verify_passwd,$salt) ne $passwd1)
{
&print_error(" Incorrect UNIX password for user $verify_user($uid1)\n");
return -1;
}
return $uid1;
}
 Thought it would fit in one post... stupid me.
|
I always use protection when fscking my Mac... Do you?
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2001
Location: Up north
Status:
Offline
|
|
I like how ':'D'e'b'u'g turned into  ebug
|
|
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Sep 2000
Status:
Offline
|
|
Originally posted by 11011001:
I like how ':'D'e'b'u'g turned into ebug
Not anymore 
|
I always use protection when fscking my Mac... Do you?
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
