diff options
Diffstat (limited to 'fs_passwd')
| -rwxr-xr-x | fs_passwd/fs_passwd | 22 | ||||
| -rwxr-xr-x | fs_passwd/fs_passwd_server | 88 | ||||
| -rwxr-xr-x | fs_passwd/fs_passwdd | 62 |
3 files changed, 160 insertions, 12 deletions
diff --git a/fs_passwd/fs_passwd b/fs_passwd/fs_passwd index feddb462c..0b467aefc 100755 --- a/fs_passwd/fs_passwd +++ b/fs_passwd/fs_passwd @@ -10,14 +10,14 @@ # # password lengths 0,255 instead of 6,8 - we'll let the server process # check the data ivan@sisd.com 98-jul-17 -# -# updated for the exciting new world of self-service 2004-mar-10 use strict; use Getopt::Std; -use FS::SelfService qw(passwd); +use Socket; +use IO::Handle; use vars qw($opt_f $opt_s); +my($fs_passwdd_socket)="/usr/local/freeside/fs_passwdd_socket"; my($freeside_uid)=scalar(getpwnam('freeside')); $ENV{'PATH'} ='/usr/local/bin:/usr/bin:/usr/ucb:/bin'; @@ -114,15 +114,13 @@ print "\n"; system '/bin/stty', 'echo'; -my $rv = passwd( - 'username' => $me, - 'old_password' => $old_password, - 'new_password' => $new_password, - 'new_gecos' => $new_gecos, - 'new_shell' => $new_shell, -); - -my $error = $rv->{error}; +socket(SOCK, PF_UNIX, SOCK_STREAM, 0) or die "socket: $!"; +connect(SOCK, sockaddr_un($fs_passwdd_socket)) or die "connect: $!"; +print SOCK join("\n",$me,$old_password,$new_password,$new_gecos,$new_shell),"\n"; +SOCK->flush; +my($error); +$error = <SOCK>; +chop $error; if ($error) { print "\nUpdate error: $error\n"; diff --git a/fs_passwd/fs_passwd_server b/fs_passwd/fs_passwd_server new file mode 100755 index 000000000..a29b2c738 --- /dev/null +++ b/fs_passwd/fs_passwd_server @@ -0,0 +1,88 @@ +#!/usr/bin/perl -Tw +# +# fs_passwd_server +# +# portions of this script are copied from the `passwd' script in the original +# (perl 4) camel book, now archived at +# http://www.perl.com/CPAN/scripts/nutshell/ch6/passwd +# +# ivan@sisd.com 98-mar-9 +# +# crypt-aware, s/password/_password/; ivan@sisd.com 98-aug-23 + +use strict; +use vars qw($pid); +use subs qw(killssh); +use IO::Handle; +use Net::SSH qw(sshopen2); +use FS::UID qw(adminsuidsetup); +use FS::Record qw(qsearchs); +use FS::svc_acct; + +my $user = shift or die &usage; +adminsuidsetup $user; + +my($shellmachine)=shift or die &usage; + +#causing trouble for some folks +#$SIG{CHLD} = sub { wait() }; + +$SIG{HUP} = \&killssh; +$SIG{INT} = \&killssh; +$SIG{QUIT} = \&killssh; +$SIG{TERM} = \&killssh; +$SIG{PIPE} = \&killssh; + +sub killssh { kill 'TERM', $pid if $pid; exit; }; + +my($fs_passwdd)="/usr/local/sbin/fs_passwdd"; + +while (1) { + my($reader,$writer)=(new IO::Handle, new IO::Handle); + $writer->autoflush(1); + $pid = sshopen2($shellmachine,$reader,$writer,$fs_passwdd); + while (1) { + my($username,$old_password,$new_password,$new_gecos,$new_shell); + defined($username=<$reader>) or last; + defined($old_password=<$reader>) or last; + defined($new_password=<$reader>) or last; + defined($new_gecos=<$reader>) or last; + defined($new_shell=<$reader>) or last; + chop($username); + chop($old_password); + chop($new_password); + chop($new_gecos); + chop($new_shell); + my($svc_acct); + + #need to try both $old_password and encrypted $old_password + #maybe the crypt function in svc_acct.export needs to be a library? + my $salt = substr($old_password,0,2); + my $cold_password = crypt($old_password,$salt); + $svc_acct=qsearchs('svc_acct',{'username'=>$username, + '_password'=>$old_password, + } ) + || qsearchs('svc_acct',{'username'=>$username, + '_password'=>$cold_password, + } ); + unless ( $svc_acct ) { print $writer "Incorrect password.\n"; next; } + + my(%hash)=$svc_acct->hash; + my($new_svc_acct) = new FS::svc_acct ( \%hash ); + $new_svc_acct->setfield('_password',$new_password) + if $new_password && $new_password ne $old_password; + $new_svc_acct->setfield('finger',$new_gecos) if $new_gecos; + $new_svc_acct->setfield('shell',$new_shell) if $new_shell; + my($error)=$new_svc_acct->replace($svc_acct); + print $writer $error,"\n"; + } + close $writer; + close $reader; + sleep 60; + warn "Connection to $shellmachine lost! Reconnecting...\n"; +} + +sub usage { + die "Usage:\n\n fs_passwd_server user shellmachine\n"; +} + diff --git a/fs_passwd/fs_passwdd b/fs_passwd/fs_passwdd new file mode 100755 index 000000000..cce98e787 --- /dev/null +++ b/fs_passwd/fs_passwdd @@ -0,0 +1,62 @@ +#!/usr/bin/perl -Tw +# +# fs_passwdd +# +# This is run REMOTELY over ssh by fs_passwd_server. +# +# ivan@sisd.com 98-mar-9 + +use strict; +use Socket; + +my $fs_passwdd_socket = "/usr/local/freeside/fs_passwdd_socket"; +my $pid_file = "$fs_passwdd_socket.pid"; + +$ENV{'PATH'} ='/usr/local/bin:/usr/bin:/usr/ucb:/bin'; +$ENV{'SHELL'} = '/bin/sh'; +$ENV{'IFS'} = " \t\n"; +$ENV{'CDPATH'} = ''; +$ENV{'ENV'} = ''; +$ENV{'BASH_ENV'} = ''; + +$|=1; + +my $uaddr = sockaddr_un($fs_passwdd_socket); +my $proto = getprotobyname('tcp'); + +socket(Server,PF_UNIX,SOCK_STREAM,0) or die "socket: $!"; +unlink($fs_passwdd_socket); +bind(Server, $uaddr) or die "bind: $!"; +listen(Server,SOMAXCONN) or die "listen: $!"; + +if ( -e $pid_file ) { + open(PIDFILE,"<$pid_file"); + #chomp( my $old_pid = <PIDFILE> ); + my $old_pid = <PIDFILE>; + close PIDFILE; + $old_pid =~ /^(\d+)$/; + kill 'TERM', $1; +} +open(PIDFILE,">$pid_file"); +print PIDFILE "$$\n"; +close PIDFILE; + +my($paddr); +for ( ; $paddr = accept(Client,Server); close Client) { + my($me,$old_password,$new_password,$new_gecos,$new_shell); + + $me=<Client>; + $old_password=<Client>; + $new_password=<Client>; + $new_gecos=<Client>; + $new_shell=<Client>; + + print $me,$old_password,$new_password,$new_gecos,$new_shell; + my($error); + + $error=<STDIN>; + + print Client $error; + close Client; +} + |