1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
#!/usr/bin/perl -w
# LDAP to unix password sync script for samba-tng
# originally by Jody Haynes <Jody.Haynes@isunnetworks.com>
# 2000/12/12 milos@interactivesi.com
# modified for use with MD5 passwords
# 2000/12/16 mami@arena.sci.univr.it
# modified to change lmpassword and ntpassword for samba
# 2001/01/05 mami@arena.sci.univr.it
# modified for being also a /bin/passwd replacement
# 2001/01/29 mami@arena.sci.univr.it
# now there are two small programs: ldapchpasswd to
# change password from unix and ldapsync.pl to sync
# from NT/2000. ldapchpasswd do not need clear password.
# 2001/01/31 mami@arena.sci.univr.it
# add server parameter to ldap commands
# 2001/06/20 mami@arena.sci.univr.it
# add pwdlastset and shadowlastchange update
$basedn = "ou=Students,dc=univr, dc=it";
$binddn = "uid=root,dc=univr,dc=it";
$scope = "sub";
$server = "my_server";
foreach $arg (@ARGV) {
if ($< != 0) {
die "Only root can specify parameters\n";
} else {
if ( ($arg eq '-?') || ($arg eq '--help') ) {
print "Usage: $0 [-o] [username]\n";
print " -o, --without-old-password do not ask for old password (root only)\n";
print " -?, --help show this help message\n";
exit (-1);
} elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) {
$oldpass = 1;
} elsif (substr($arg,0) ne '-') {
$user = $arg;
if (!defined(getpwnam($user))) {
die "$0: Unknown user name '$user'\n"; ;
}
}
}
}
if (!defined($user)) {
$user=$ENV{"USER"};
}
# current user's dn
my $dn = '';
if ($< == 0) {
system "stty -echo";
print "LDAP password for root DN: ";
chomp($passwd=<STDIN>);
print "\n";
system "stty echo";
# Find dn for user $user binding as root's dn
chomp($dn=`ldapsearch -h '$server' -b '$basedn' -s '$scope' -D '$binddn' -w '$passwd' '(uid=$user)'|head -1`);
if ( ($dn eq '') || ($passwd eq '') ) {
print "Wrong LDAP password for root DN!\n";
exit (-1);
}
} else {
if (!defined($oldpass)) {
system "stty -echo";
print "Old password for user $user: ";
chomp($oldpass=<STDIN>);
print "\n";
system "stty echo";
# Find path to uid
chomp($path_to_uid=`ldapsearch -h '$server' -b '$basedn' -s '$scope' '(uid=$user)'|head -1`);
# Find old password for user $user binding as self
chomp($dn=`ldapsearch -h '$server' -b '$basedn' -s '$scope' -D '$path_to_uid' -w '$oldpass' '(uid=$user)'|head -1`);
if ( ($dn eq '') || ($oldpass eq '') ) {
print "Wrong password for user $user!\n";
exit (-1);
}
}
}
system "stty -echo";
print "New password for user $user: ";
chomp($pass=<STDIN>);
print "\n";
system "stty echo";
system "stty -echo";
print "Retype new password for user $user: ";
chomp($pass2=<STDIN>);
print "\n";
system "stty echo";
if ( ($pass ne $pass2) || (length($pass)<1) ) {
die "Wrong password!\n";
} else {
# MD5 password
$random = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64];
$bsalt = "\$1\$"; $esalt = "\$";
$modsalt = $bsalt.$random.$esalt;
$password = crypt($pass, $modsalt);
# LanManager and NT clear text passwords
$ntpwd = `/usr/local/sbin/mkntpwd '$pass'`;
chomp($lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
chomp($ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
#$FILE="|/usr/bin/ldapmodify -h '$server' -D '$binddn' -w $passwd";
if ($< != 0) {
$FILE="|/usr/bin/ldapmodify -h '$server' -D '$dn' -w '$oldpass'";
} else {
$FILE="|/usr/bin/ldapmodify -h '$server' -D '$binddn' -w '$passwd'";
}
# Chenge time
$shadowlastchange=int(time/24/3600);
$pwdlastset=sprintf('%x',time);
open FILE or die;
print FILE <<EOF;
dn: $dn
changetype: modify
replace: userPassword
userPassword: {crypt}$password
-
changetype: modify
replace: lmpassword
lmpassword: $lmpassword
-
changetype: modify
replace: ntpassword
ntpassword: $ntpassword
-
changetype: modify
replace: shadowlastchange
shadowlastchange: $shadowlastchange
-
changetype: modify
replace: pwdlastset
pwdlastset: $pwdlastset
-
EOF
close FILE;
}
exit 0;
|