summaryrefslogtreecommitdiff
path: root/fs_passwd/fs_passwd.cgi
blob: 3f676fff395e8ec3709f036b4c1624c76249c10c (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

#!/usr/bin/perl -Tw

use strict;
use Getopt::Std;
use Socket;
use IO::Handle;
use CGI;
use CGI::Carp qw(fatalsToBrowser);

my $fs_passwdd_socket = "/usr/local/freeside/fs_passwdd_socket";
my $freeside_uid = scalar(getpwnam('freeside'));

$ENV{'PATH'} ='/usr/local/bin:/usr/bin:/usr/ucb:/bin';
$ENV{'SHELL'} = '/bin/sh';
$ENV{'IFS'} = " \t\n";
$ENV{'CDPATH'} = '';
$ENV{'ENV'} = '';
$ENV{'BASH_ENV'} = '';

die "fs_passwd.cgi isn't running as freeside user\n" if $> != $freeside_uid;

my $cgi = new CGI;

$cgi->param('username') =~ /^([^\n]{0,255}$)/ or die "Illegal username";
my $me = $1;

$cgi->param('old_password') =~ /^([^\n]{0,255}$)/ or die "Illegal old_password";
my $old_password = $1;

$cgi->param('new_password') =~ /^([^\n]{0,255}$)/ or die "Illegal new_password";
my $new_password = $1;

die "New passwords don't match"
  unless $new_password eq $cgi->param('new_password2');

socket(SOCK, PF_UNIX, SOCK_STREAM, 0) or die "socket: $!";
connect(SOCK, sockaddr_un($fs_passwdd_socket)) or die "connect: $!";
print SOCK join("\n", $me, $old_password, $new_password, '', ''), "\n";
SOCK->flush;
my $error = <SOCK>;
chomp $error;

if ($error) {
  die $error;
} else {
  print $cgi->header(), <<END;
<html>
  <head>
    <title>Password changed</title>
  </head>
  <body bgcolor="#e8e8e8">
    <h3>Password changed</h3>
<br>Your password has been changed.
  </body>
</html>
END
}
generated by cgit v1.2.1 (git 2.18.0) at 2025-01-06 04:03:59 +0000