search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
check in Idealx tools after talking with Olivier Lemaire at idealx dot org.
[Samba.git] / examples / LDAP / smbldap-tools / cgi / ldappass.cgi
blob4a5ecb8f3a971cff54ba20bdaa79ce8ddf1b1285
1 #!/usr/bin/perl
2
3 ################################################################################
4 #
5 # changepass.pl - A program to allow users to change their passwords
6 # via a web browser.
7 # Terry Davis
8 #
9 # URLs
10 # Net::LDAP - http://
11 # usermod and this file - http://www.cloudamster.com/cloudmaster/projects
12 #
13 # Release History:
14 # Version 0.1 - initial write
15 #
16 # ToDo:
17 # ... the ToDo section is on the ToDo list...
18 #
19 # Limitations:
20 # The password cannot contain single and double quotes.....welcome to quoting hell....
21 #
22 # Notes:
23 # This code is largely based on work done by Danny Sauer - http://www.cloudamster.com/cloudmaster/projects
24 # His work is not licensed and is marked as 'freely distributable'.
25 # Thank you to Danny for his hard work on the initial work.
26 #
27 ################################################################################
28
29 use CGI qw(:standard);
30 use Net::LDAP;
31
32 # CONFIGURATION SECTION
33 $masterLDAP = "ldap.idealx.org";
34 $basedn = "dc=IDEALX,dc=org";
35 $masterPw = "";
36 $masterDN = "cn=manager,$basedn";
37 $ldap_path = "/usr/bin";
38 $ldap_opts = "-x";
39 $ldappasswd = "$ldap_path/ldappasswd $ldap_opts -h $masterLDAP -D '$masterDN' -w '$masterPw'";
40 $usersdn = "ou=Users,$basedn";
41 # END CONFIGURATION
42
43
44
45 # DONT EDIT ANYTHING BELOW THIS LINE
46 $logtag = "Login:";
47 $passtag = "Current password:";
48 $npasstag1 = "New password:";
49 $npasstag2 = "Retype new pasword:";
50 $error = "";
51 $color = "<FONT color='red'>";
52 $stopcolor = "</FONT>";
53
54 if(param()){
55 nologin() unless ($username = param('login'));
56 nopass() unless ($oldpass = param('oldpass'));
57 nonewpass(1) unless ($newpass1 = param('newpass'));
58 nonewpass(2) unless ($newpass2 = param('newpass2'));
59 verifyuser($username) or die "bad user";
60 verifypass($username, $oldpass) or die "bad pass";
61 testnewpass($newpass1, $newpass2) or die "bad new pass";
62 changepass($username, $newpass1) or die "couldn't change pass";
63 printsuccess();
64 }else{
65 printpage();
66 }
67 exit(0);
68
69 sub verifyuser{
70 local $user = shift;
71 $ldap = Net::LDAP->new($masterLDAP) or die "can't make new LDAP object: $@";
72 $ldap->bind();
73 if (0 < $ldap->search(base => $basedn, filter => "(uid=$user)")->count){
74 return 1;
75 }
76 $logtag = $color . $logtag . $color;
77 $error = "No such user";
78 printpage();
79 return 0;
80 }
81
82 sub verifypass{
83 $uid = shift;
84 $pass = shift;
85 $ldap = Net::LDAP->new($masterLDAP) or die "can't make new LDAP object: $@";
86 $binddn = "uid=$uid,ou=People,$basedn";
87 return 1 if($ldap->bind( $binddn, password => $pass)->code == 0);
88 if($ldap->bind()){
89 $passtag = $color . $passtag . $color;
90 $error = "Incorrect password";
91 printpage();
92 return 0;
93 }else{
94 print header, start_html(-title=>"LDAP dead");
95 print h2("<CENTER>The LDAP server is temporarily unavailable."),
96 p,"Please try again later</CENTER>";
97 return 0;
98 }die "Something (or someone) is defective, contact your friendly Systems Administrator";
99 }
100
101 sub testnewpass{
102 $p1 = shift; $p2 = shift;
103 if ($p1 ne $p2){
104 $npasstag1 = $color . $npasstag1 . $color;
105 $npasstag2 = $color . $npasstag2 . $color;
106 $error = "Passwords don't match ($p1 vs $p2)";
107 printpage();
108 return 0;
109 }
110 if ($p1 =~ /"/ ){
111 $npasstag1 = $color . $npasstag1 . $color;
112 $npasstag2 = $color . $npasstag2 . $color;
113 $error = "Passwords cannot contain double quotes. Sorry";
114 printpage();
115 return 0;
116 }
117 if ($p1 =~ /'/ ){
118 $npasstag1 = $color . $npasstag1 . $color;
119 $npasstag2 = $color . $npasstag2 . $color;
120 $error = "Passwords cannot contain single quotes. Sorry";
121 printpage();
122 return 0;
123 }
124 return 1;
125 }
126
127 sub changepass{
128 local $user = shift;
129 local $newpass = shift;
130 local $dn = "uid=$user,$usersdn";
131 system "$ldappasswd $dn -s '$newpass' > /dev/null";
132 `/usr/bin/sudo /usr/bin/smbpasswd $user "$newpass"`;
133 exit(1);
134 }
135
136 sub nologin{
137 $logtag = $color . $logtag . $color;
138 $error = "You need to enter a Login Name";
139 printpage();
140 exit(1);
141 }
142
143 sub nopass{
144 $passtag = $color . $passtag . $color;
145 $error = "Please enter your old password";
146 printpage();
147 exit(1);
148 }
149
150 sub nonewpass{
151 $f=shift;
152 $npasstag1 = $color . $npasstag1 . $color if($f==1);
153 $npasstag2 = $color . $npasstag2 . $color if($f==2);
154 $error = "You need to enter your new password";
155 $error .= " twice" if($f==2);
156 printpage();
157 exit(1);
158 }
159
160 sub printpage{
161 print header,
162 start_html(-title=> "Password Change Page",
163 -author=> 'tdavis@birddog.com',
164 -BGCOLOR=> 'WHITE'),
165 h3('Password Change Page'),
166 startform(-method=>'POST'),
167 "<TABLE BORDER=0 WIDTH=50%>",
168 "<font size=2>",
169 "<TR><TD>",
170 $logtag,
171 "</TD><TD>",
172 textfield(-name=>'login', -default=>$login,
173 -size=>15, -maxlength=>20),
174 "</TD><TR><TD>",
175 $passtag,
176 "</TD><TD>",
177 password_field(-name=>'oldpass', -size=>15, -maxlength=>25),
178 "</TD><TR><TD>",
179 $npasstag1,
180 "</TD><TD>",
181 password_field(-name=>'newpass', -size=>15, -maxlength=>25),
182 "</TD><TR><TD>",
183 $npasstag2,
184 "</TD><TD>",
185 password_field(-name=>'newpass2', -size=>15, -maxlength=>25),
186 "</TD><TR><TD></TD><TD>",
187 submit(-name=>"change"),reset(),
188 "</TD></TR></TABLE>",
189 "</font>",
190 endform(),
191 "<FONT color='red'>$error</FONT>",
192 end_html;
193 }
194
195 sub printsuccess(){
196 print header,
197 start_html(-title=> "Success",
198 -BGCOLOR=> 'WHITE'),
199 h1("Password Succesfully Changed"),
200 "<br>",
201 end_html;
202 }
Samba GIT mirror