diff options
Diffstat (limited to 'fs_passwd')
| -rwxr-xr-x | fs_passwd/fs_passwd | 129 | ||||
| -rwxr-xr-x | fs_passwd/fs_passwd.cgi | 57 | ||||
| -rw-r--r-- | fs_passwd/fs_passwd.html | 25 | ||||
| -rwxr-xr-x | fs_passwd/fs_passwd_server | 88 | ||||
| -rwxr-xr-x | fs_passwd/fs_passwdd | 62 |
5 files changed, 361 insertions, 0 deletions
diff --git a/fs_passwd/fs_passwd b/fs_passwd/fs_passwd new file mode 100755 index 000000000..0b467aefc --- /dev/null +++ b/fs_passwd/fs_passwd @@ -0,0 +1,129 @@ +#!/usr/bin/perl -Tw +# +# fs_passwd +# +# portions of this script are copied from the `passwd' script in the original +# (perl 4) camel book, now archived at +# http://www.perl.com/CPAN/scripts/nutshell/ch6/passwd +# +# ivan@sisd.com 98-mar-8 +# +# password lengths 0,255 instead of 6,8 - we'll let the server process +# check the data ivan@sisd.com 98-jul-17 + +use strict; +use Getopt::Std; +use Socket; +use IO::Handle; +use vars qw($opt_f $opt_s); + +my($fs_passwdd_socket)="/usr/local/freeside/fs_passwdd_socket"; +my($freeside_uid)=scalar(getpwnam('freeside')); + +$ENV{'PATH'} ='/usr/local/bin:/usr/bin:/usr/ucb:/bin'; +$ENV{'SHELL'} = '/bin/sh'; +$ENV{'IFS'} = " \t\n"; +$ENV{'CDPATH'} = ''; +$ENV{'ENV'} = ''; +$ENV{'BASH_ENV'} = ''; + +$SIG{__DIE__}= sub { system '/bin/stty', 'echo'; }; + +die "passwd program isn't running setuid to freeside\n" if $> != $freeside_uid; + +unshift @ARGV, "-f" if $0 =~ /chfn$/; +unshift @ARGV, "-s" if $0 =~ /chsh$/; + +getopts('fs'); + +my($me)=''; +if ( $_ = shift(@ARGV) ) { + /^(\w{2,8})$/; + $me = $1; +} +die "You can't change the password for $me." if $me && $<; +$me = (getpwuid($<))[0] unless $me; + +my($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell)= + getpwnam $me; + +my($old_password,$new_password,$new_gecos,$new_shell); + +if ( $opt_f || $opt_s ) { + system '/bin/stty', '-echo'; + print "Password:"; + $old_password=<STDIN>; + system '/bin/stty', 'echo'; + chop($old_password); + #$old_password =~ /^(.{6,8})$/ or die "\nIllegal password.\n"; + $old_password =~ /^(.{0,255})$/ or die "\nIllegal password.\n"; + $old_password = $1; + + $new_password = ''; + + if ( $opt_f ) { + print "\nChanging gecos for $me.\n"; + print "Gecos [", $gcos, "]: "; + $new_gecos=<STDIN>; + chop($new_gecos); + $new_gecos ||= $gcos; + $new_gecos =~ /^(.{0,255})$/ or die "\nIllegal gecos.\n"; + } else { + $new_gecos = ''; + } + + if ( $opt_s ) { + print "\nChanging shell for $me.\n"; + print "Shell [", $shell, "]: "; + $new_shell=<STDIN>; + chop($new_shell); + $new_shell ||= $shell; + $new_shell =~ /^(.{0,255})$/ or die "\nIllegal shell.\n"; + } else { + $new_shell = ''; + } + +} else { + + print "Changing password for $me.\n"; + print "Old password:"; + system '/bin/stty', '-echo'; + $old_password=<STDIN>; + chop $old_password; + #$old_password =~ /^(.{6,8})$/ or die "\nIllegal password.\n"; + $old_password =~ /^(.{0,255})$/ or die "\nIllegal password.\n"; + $old_password = $1; + print "\nEnter the new password (minimum of 6, maximum of 8 characters)\n"; + print "Please use a combination of upper and lowercase letters and numbers.\n"; + print "New password:"; + $new_password=<STDIN>; + chop($new_password); + #$new_password =~ /^(.{6,8})$/ or die "\nIllegal password.\n"; + $new_password =~ /^(.{0,255})$/ or die "\nIllegal password.\n"; + $new_password = $1; + print "\nRe-enter new password:"; + my($check_new_password); + $check_new_password=<STDIN>; + chop($check_new_password); + die "\nThey don't match; try again.\n" unless $check_new_password eq $new_password; + + $new_gecos=''; + $new_shell=''; +} +print "\n"; + +system '/bin/stty', 'echo'; + +socket(SOCK, PF_UNIX, SOCK_STREAM, 0) or die "socket: $!"; +connect(SOCK, sockaddr_un($fs_passwdd_socket)) or die "connect: $!"; +print SOCK join("\n",$me,$old_password,$new_password,$new_gecos,$new_shell),"\n"; +SOCK->flush; +my($error); +$error = <SOCK>; +chop $error; + +if ($error) { + print "\nUpdate error: $error\n"; +} else { + print "\nUpdate sucessful.\n"; +} diff --git a/fs_passwd/fs_passwd.cgi b/fs_passwd/fs_passwd.cgi new file mode 100755 index 000000000..3f676fff3 --- /dev/null +++ b/fs_passwd/fs_passwd.cgi @@ -0,0 +1,57 @@ +#!/usr/bin/perl -Tw + +use strict; +use Getopt::Std; +use Socket; +use IO::Handle; +use CGI; +use CGI::Carp qw(fatalsToBrowser); + +my $fs_passwdd_socket = "/usr/local/freeside/fs_passwdd_socket"; +my $freeside_uid = scalar(getpwnam('freeside')); + +$ENV{'PATH'} ='/usr/local/bin:/usr/bin:/usr/ucb:/bin'; +$ENV{'SHELL'} = '/bin/sh'; +$ENV{'IFS'} = " \t\n"; +$ENV{'CDPATH'} = ''; +$ENV{'ENV'} = ''; +$ENV{'BASH_ENV'} = ''; + +die "fs_passwd.cgi isn't running as freeside user\n" if $> != $freeside_uid; + +my $cgi = new CGI; + +$cgi->param('username') =~ /^([^\n]{0,255}$)/ or die "Illegal username"; +my $me = $1; + +$cgi->param('old_password') =~ /^([^\n]{0,255}$)/ or die "Illegal old_password"; +my $old_password = $1; + +$cgi->param('new_password') =~ /^([^\n]{0,255}$)/ or die "Illegal new_password"; +my $new_password = $1; + +die "New passwords don't match" + unless $new_password eq $cgi->param('new_password2'); + +socket(SOCK, PF_UNIX, SOCK_STREAM, 0) or die "socket: $!"; +connect(SOCK, sockaddr_un($fs_passwdd_socket)) or die "connect: $!"; +print SOCK join("\n", $me, $old_password, $new_password, '', ''), "\n"; +SOCK->flush; +my $error = <SOCK>; +chomp $error; + +if ($error) { + die $error; +} else { + print $cgi->header(), <<END; +<html> + <head> + <title>Password changed</title> + </head> + <body bgcolor="#e8e8e8"> + <h3>Password changed</h3> +<br>Your password has been changed. + </body> +</html> +END +} diff --git a/fs_passwd/fs_passwd.html b/fs_passwd/fs_passwd.html new file mode 100644 index 000000000..fadc4df8b --- /dev/null +++ b/fs_passwd/fs_passwd.html @@ -0,0 +1,25 @@ +<html> + <head> + <title>Change password</title> + </head> + <body bgcolor="#e8e8e8"> + <h3>Change password</h3> + <form action="/cgi-bin/fs_passwd.cgi" method="post"> + <table bgcolor="#cccccc" border=0 cellspacing=2> + <tr><th align="right">Username</th> + <td><input type="text" name="username" size="18"></td> + </tr> + <tr><th align="right">Current password</th> + <td><input type="password" name="old_password" size="18"></td> + </tr> + <tr><th align="right">New password</th> + <td><input type="password" name="new_password" size="18"></td> + </tr> + <tr><th align="right">Re-enter new password</th> + <td><input type="password" name="new_password2" size="18"></td> + </tr> + </table> + <br><input type="submit" value="Change password"> + </body> +</html> + diff --git a/fs_passwd/fs_passwd_server b/fs_passwd/fs_passwd_server new file mode 100755 index 000000000..a29b2c738 --- /dev/null +++ b/fs_passwd/fs_passwd_server @@ -0,0 +1,88 @@ +#!/usr/bin/perl -Tw +# +# fs_passwd_server +# +# portions of this script are copied from the `passwd' script in the original +# (perl 4) camel book, now archived at +# http://www.perl.com/CPAN/scripts/nutshell/ch6/passwd +# +# ivan@sisd.com 98-mar-9 +# +# crypt-aware, s/password/_password/; ivan@sisd.com 98-aug-23 + +use strict; +use vars qw($pid); +use subs qw(killssh); +use IO::Handle; +use Net::SSH qw(sshopen2); +use FS::UID qw(adminsuidsetup); +use FS::Record qw(qsearchs); +use FS::svc_acct; + +my $user = shift or die &usage; +adminsuidsetup $user; + +my($shellmachine)=shift or die &usage; + +#causing trouble for some folks +#$SIG{CHLD} = sub { wait() }; + +$SIG{HUP} = \&killssh; +$SIG{INT} = \&killssh; +$SIG{QUIT} = \&killssh; +$SIG{TERM} = \&killssh; +$SIG{PIPE} = \&killssh; + +sub killssh { kill 'TERM', $pid if $pid; exit; }; + +my($fs_passwdd)="/usr/local/sbin/fs_passwdd"; + +while (1) { + my($reader,$writer)=(new IO::Handle, new IO::Handle); + $writer->autoflush(1); + $pid = sshopen2($shellmachine,$reader,$writer,$fs_passwdd); + while (1) { + my($username,$old_password,$new_password,$new_gecos,$new_shell); + defined($username=<$reader>) or last; + defined($old_password=<$reader>) or last; + defined($new_password=<$reader>) or last; + defined($new_gecos=<$reader>) or last; + defined($new_shell=<$reader>) or last; + chop($username); + chop($old_password); + chop($new_password); + chop($new_gecos); + chop($new_shell); + my($svc_acct); + + #need to try both $old_password and encrypted $old_password + #maybe the crypt function in svc_acct.export needs to be a library? + my $salt = substr($old_password,0,2); + my $cold_password = crypt($old_password,$salt); + $svc_acct=qsearchs('svc_acct',{'username'=>$username, + '_password'=>$old_password, + } ) + || qsearchs('svc_acct',{'username'=>$username, + '_password'=>$cold_password, + } ); + unless ( $svc_acct ) { print $writer "Incorrect password.\n"; next; } + + my(%hash)=$svc_acct->hash; + my($new_svc_acct) = new FS::svc_acct ( \%hash ); + $new_svc_acct->setfield('_password',$new_password) + if $new_password && $new_password ne $old_password; + $new_svc_acct->setfield('finger',$new_gecos) if $new_gecos; + $new_svc_acct->setfield('shell',$new_shell) if $new_shell; + my($error)=$new_svc_acct->replace($svc_acct); + print $writer $error,"\n"; + } + close $writer; + close $reader; + sleep 60; + warn "Connection to $shellmachine lost! Reconnecting...\n"; +} + +sub usage { + die "Usage:\n\n fs_passwd_server user shellmachine\n"; +} + diff --git a/fs_passwd/fs_passwdd b/fs_passwd/fs_passwdd new file mode 100755 index 000000000..cce98e787 --- /dev/null +++ b/fs_passwd/fs_passwdd @@ -0,0 +1,62 @@ +#!/usr/bin/perl -Tw +# +# fs_passwdd +# +# This is run REMOTELY over ssh by fs_passwd_server. +# +# ivan@sisd.com 98-mar-9 + +use strict; +use Socket; + +my $fs_passwdd_socket = "/usr/local/freeside/fs_passwdd_socket"; +my $pid_file = "$fs_passwdd_socket.pid"; + +$ENV{'PATH'} ='/usr/local/bin:/usr/bin:/usr/ucb:/bin'; +$ENV{'SHELL'} = '/bin/sh'; +$ENV{'IFS'} = " \t\n"; +$ENV{'CDPATH'} = ''; +$ENV{'ENV'} = ''; +$ENV{'BASH_ENV'} = ''; + +$|=1; + +my $uaddr = sockaddr_un($fs_passwdd_socket); +my $proto = getprotobyname('tcp'); + +socket(Server,PF_UNIX,SOCK_STREAM,0) or die "socket: $!"; +unlink($fs_passwdd_socket); +bind(Server, $uaddr) or die "bind: $!"; +listen(Server,SOMAXCONN) or die "listen: $!"; + +if ( -e $pid_file ) { + open(PIDFILE,"<$pid_file"); + #chomp( my $old_pid = <PIDFILE> ); + my $old_pid = <PIDFILE>; + close PIDFILE; + $old_pid =~ /^(\d+)$/; + kill 'TERM', $1; +} +open(PIDFILE,">$pid_file"); +print PIDFILE "$$\n"; +close PIDFILE; + +my($paddr); +for ( ; $paddr = accept(Client,Server); close Client) { + my($me,$old_password,$new_password,$new_gecos,$new_shell); + + $me=<Client>; + $old_password=<Client>; + $new_password=<Client>; + $new_gecos=<Client>; + $new_shell=<Client>; + + print $me,$old_password,$new_password,$new_gecos,$new_shell; + my($error); + + $error=<STDIN>; + + print Client $error; + close Client; +} + |