1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
#!/usr/bin/perl -w
# LDAP to unix password sync script for samba-tng
# originally by Jody Haynes <Jody.Haynes@isunnetworks.com>
# 12/12/2000 milos@interactivesi.com
# modified for use with MD5 passwords
# 12/16/2000 mami@arena.sci.univr.it
# modified to change lmpassword and ntpassword for samba
# 05/01/2001 mami@arena.sci.univr.it
# modified for being also a /bin/passwd replacement
#
# ACHTUNG!! For servers that support the LDAP Modify password
# extended op (e.g. OpenLDAP), see the "ldap password
# sync" option in smb.conf(5).
#
$basedn = "ou=Students,dc=univr, dc=it";
$binddn = "uid=root,dc=univr,dc=it";
$scope = "sub";
$passwd = "mysecret";
foreach $arg (@ARGV) {
if ($< != 0) {
die "Only root can specify parameters\n";
} else {
if ( ($arg eq '-?') || ($arg eq '--help') ) {
print "Usage: $0 [-o] [username]\n";
print " -o, --without-old-password do not ask for old password (root only)\n";
print " -?, --help show this help message\n";
exit (-1);
} elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) {
$oldpass = 1;
} elsif (substr($arg,0) ne '-') {
$user = $arg;
if (!defined(getpwnam($user))) {
die "$0: Unknown user name '$user'\n"; ;
}
}
}
}
if (!defined($user)) {
$user=$ENV{"USER"};
}
if (!defined($oldpass)) {
system "stty -echo";
print "Old password for user $user: ";
chomp($oldpass=<STDIN>);
print "\n";
system "stty echo";
$ntpwd = `/usr/local/sbin/smbencrypt '$oldpass'`;
$lmpassword = substr($ntpwd, 0, index($ntpwd, ':')); chomp $lmpassword;
$ntpassword = substr($ntpwd, index($ntpwd, ':')+1); chomp $ntpassword;
# Find dn for user $user (maybe check unix password too?)
$dn=`ldapsearch -b '$basedn' -s '$scope' '(&(uid=$user)(lmpassword=$lmpassword)(ntpassword=$ntpassword))'|head -1`;
chomp $dn;
if ($dn eq '') {
print "Wrong password for user $user!\n";
exit (-1);
}
} else {
# Find dn for user $user
$dn=`ldapsearch -b '$basedn' -s '$scope' '(uid=$user)'|head -1`;
chomp $dn;
}
system "stty -echo";
print "New password for user $user: ";
chomp($pass=<STDIN>);
print "\n";
system "stty echo";
system "stty -echo";
print "Retype new password for user $user: ";
chomp($pass2=<STDIN>);
print "\n";
system "stty echo";
if ($pass ne $pass2) {
die "Wrong password!\n";
} else {
# MD5 password
$random = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64];
$bsalt = "\$1\$"; $esalt = "\$";
$modsalt = $bsalt.$random.$esalt;
$password = crypt($pass, $modsalt);
# LanManager and NT clear text passwords
$ntpwd = `/usr/local/sbin/smbencrypt '$pass'`;
chomp($lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
chomp($ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
$FILE="|/usr/bin/ldapmodify -D '$binddn' -w $passwd";
open FILE or die;
print FILE <<EOF;
dn: $dn
changetype: modify
replace: userPassword
userPassword: {crypt}$password
-
changetype: modify
replace: lmpassword
lmpassword: $lmpassword
-
changetype: modify
replace: ntpassword
ntpassword: $ntpassword
-
EOF
close FILE;
}
exit 0;
|
