--- /dev/null
+#!/usr/bin/perl -Tw
+#
+# fs_passwd
+#
+# portions of this script are copied from the `passwd' script in the original
+# (perl 4) camel book, now archived at
+# http://www.perl.com/CPAN/scripts/nutshell/ch6/passwd
+#
+# ivan@sisd.com 98-mar-8
+#
+# password lengths 0,255 instead of 6,8 - we'll let the server process
+# check the data ivan@sisd.com 98-jul-17
+
+use strict;
+use Getopt::Std;
+use Socket;
+use IO::Handle;
+use vars qw($opt_f $opt_s);
+
+my($fs_passwdd_socket)="/usr/local/freeside/fs_passwdd_socket";
+my($freeside_uid)=scalar(getpwnam('freeside'));
+
+$ENV{'PATH'} ='/usr/bin:/usr/ucb:/bin';
+$ENV{'SHELL'} = '/bin/sh';
+$ENV{'IFS'} = " \t\n";
+$ENV{'CDPATH'} = '';
+$ENV{'ENV'} = '';
+$ENV{'BASH_ENV'} = '';
+
+$SIG{__DIE__}= sub { system '/bin/stty', 'echo'; };
+
+die "passwd program isn't running setuid to freeside\n" if $> != $freeside_uid;
+
+unshift @ARGV, "-f" if $0 =~ /chfn$/;
+unshift @ARGV, "-s" if $0 =~ /chsh$/;
+
+getopts('fs');
+
+my($me)='';
+if ( $_ = shift(@ARGV) ) {
+ /^(\w{2,8})$/;
+ $me = $1;
+}
+die "You can't change the password for $me." if $me && $<;
+$me = (getpwuid($<))[0] unless $me;
+
+my($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell)=
+ getpwnam $me;
+
+my($old_password,$new_password,$new_gecos,$new_shell);
+
+if ( $opt_f || $opt_s ) {
+ system '/bin/stty', '-echo';
+ print "Password:";
+ $old_password=<STDIN>;
+ system '/bin/stty', 'echo';
+ chop($old_password);
+ #$old_password =~ /^(.{6,8})$/ or die "\nIllegal password.\n";
+ $old_password =~ /^(.{0,255})$/ or die "\nIllegal password.\n";
+ $old_password = $1;
+
+ $new_password = '';
+
+ if ( $opt_f ) {
+ print "\nChanging gecos for $me.\n";
+ print "Gecos [", $gcos, "]: ";
+ $new_gecos=<STDIN>;
+ chop($new_gecos);
+ $new_gecos ||= $gcos;
+ $new_gecos =~ /^(.{0,255})$/ or die "\nIllegal gecos.\n";
+ } else {
+ $new_gecos = '';
+ }
+
+ if ( $opt_s ) {
+ print "\nChanging shell for $me.\n";
+ print "Shell [", $shell, "]: ";
+ $new_shell=<STDIN>;
+ chop($new_shell);
+ $new_shell ||= $shell;
+ $new_shell =~ /^(.{0,255})$/ or die "\nIllegal shell.\n";
+ } else {
+ $new_shell = '';
+ }
+
+} else {
+
+ print "Changing password for $me.\n";
+ print "Old password:";
+ system '/bin/stty', '-echo';
+ $old_password=<STDIN>;
+ chop $old_password;
+ #$old_password =~ /^(.{6,8})$/ or die "\nIllegal password.\n";
+ $old_password =~ /^(.{0,255})$/ or die "\nIllegal password.\n";
+ $old_password = $1;
+ print "\nEnter the new password (minimum of 6, maximum of 8 characters)\n";
+ print "Please use a combination of upper and lowercase letters and numbers.\n";
+ print "New password:";
+ $new_password=<STDIN>;
+ chop($new_password);
+ #$new_password =~ /^(.{6,8})$/ or die "\nIllegal password.\n";
+ $new_password =~ /^(.{0,255})$/ or die "\nIllegal password.\n";
+ $new_password = $1;
+ print "\nRe-enter new password:";
+ my($check_new_password);
+ $check_new_password=<STDIN>;
+ chop($check_new_password);
+ die "\nThey don't match; try again.\n" unless $check_new_password eq $new_password;
+
+ $new_gecos='';
+ $new_shell='';
+}
+print "\n";
+
+system '/bin/stty', 'echo';
+
+socket(SOCK, PF_UNIX, SOCK_STREAM, 0) or die "socket: $!";
+connect(SOCK, sockaddr_un($fs_passwdd_socket)) or die "connect: $!";
+print SOCK join("\n",$me,$old_password,$new_password,$new_gecos,$new_shell),"\n";
+SOCK->flush;
+my($error);
+$error = <SOCK>;
+chop $error;
+
+if ($error) {
+ print "\nUpdate error: $error\n";
+} else {
+ print "\nUpdate sucessful.\n";
+}
--- /dev/null
+#!/usr/bin/perl -Tw
+#
+# fs_passwd_server
+#
+# portions of this script are copied from the `passwd' script in the original
+# (perl 4) camel book, now archived at
+# http://www.perl.com/CPAN/scripts/nutshell/ch6/passwd
+#
+# ivan@sisd.com 98-mar-9
+#
+# crypt-aware, s/password/_password/; ivan@sisd.com 98-aug-23
+
+use strict;
+use IO::Handle;
+use FS::SSH qw(sshopen2);
+use FS::UID qw(adminsuidsetup);
+use FS::Record qw(qsearchs);
+use FS::svc_acct;
+
+my $user = shift or die &usage;
+adminsuidsetup $user;
+
+my($shellmachine)=shift or die &usage;
+
+$SIG{CHLD} = sub { wait() };
+
+my($fs_passwdd)="/usr/local/sbin/fs_passwdd";
+
+while (1) {
+ my($reader,$writer)=(new IO::Handle, new IO::Handle);
+ $writer->autoflush(1);
+ sshopen2($shellmachine,$reader,$writer,$fs_passwdd);
+ while (1) {
+ my($username,$old_password,$new_password,$new_gecos,$new_shell);
+ defined($username=<$reader>) or last;
+ defined($old_password=<$reader>) or last;
+ defined($new_password=<$reader>) or last;
+ defined($new_gecos=<$reader>) or last;
+ defined($new_shell=<$reader>) or last;
+ chop($username);
+ chop($old_password);
+ chop($new_password);
+ chop($new_gecos);
+ chop($new_shell);
+ my($svc_acct);
+
+ #need to try both $old_password and encrypted $old_password
+ #maybe the crypt function in svc_acct.export needs to be a library?
+ my $salt = substr($old_password,0,2);
+ my $cold_password = crypt($old_password,$salt);
+ $svc_acct=qsearchs('svc_acct',{'username'=>$username,
+ '_password'=>$old_password,
+ } )
+ || qsearchs('svc_acct',{'username'=>$username,
+ '_password'=>$cold_password,
+ } );
+ unless ( $svc_acct ) { print $writer "Incorrect password.\n"; next; }
+
+ my(%hash)=$svc_acct->hash;
+ my($new_svc_acct) = new FS::svc_acct ( \%hash );
+ $new_svc_acct->setfield('_password',$new_password)
+ if $new_password && $new_password ne $old_password;
+ $new_svc_acct->setfield('finger',$new_gecos) if $new_gecos;
+ $new_svc_acct->setfield('shell',$new_shell) if $new_shell;
+ my($error)=$new_svc_acct->replace($svc_acct);
+ print $writer $error,"\n";
+ }
+ close $writer;
+ close $reader;
+ sleep 60;
+ warn "Connection to $shellmachine lost! Reconnecting...\n";
+}
+
+sub usage {
+ die "Usage:\n\n fs_passwd_server user shellmachine\n";
+}
+
--- /dev/null
+#!/usr/bin/perl -Tw
+#
+# fs_passwdd
+#
+# This is run REMOTELY over ssh by fs_passwd_server.
+#
+# ivan@sisd.com 98-mar-9
+
+use strict;
+use Socket;
+
+my($fs_passwdd_socket)="/usr/local/freeside/fs_passwdd_socket";
+
+$ENV{'PATH'} ='/usr/bin:/usr/ucb:/bin';
+$ENV{'SHELL'} = '/bin/sh';
+$ENV{'IFS'} = " \t\n";
+$ENV{'CDPATH'} = '';
+$ENV{'ENV'} = '';
+$ENV{'BASH_ENV'} = '';
+
+$|=1;
+
+my $uaddr = sockaddr_un($fs_passwdd_socket);
+my $proto = getprotobyname('tcp');
+
+socket(Server,PF_UNIX,SOCK_STREAM,0) or die "socket: $!";
+unlink($fs_passwdd_socket);
+bind(Server, $uaddr) or die "bind: $!";
+listen(Server,SOMAXCONN) or die "listen: $!";
+
+my($paddr);
+for ( ; $paddr = accept(Client,Server); close Client) {
+ my($me,$old_password,$new_password,$new_gecos,$new_shell);
+
+ $me=<Client>;
+ $old_password=<Client>;
+ $new_password=<Client>;
+ $new_gecos=<Client>;
+ $new_shell=<Client>;
+
+ print $me,$old_password,$new_password,$new_gecos,$new_shell;
+ my($error);
+
+ $error=<STDIN>;
+
+ print Client $error;
+ close Client;
+}
+
projects / freeside.git / commitdiff