search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
check in Idealx tools after talking with Olivier Lemaire at idealx dot org.
[Samba.git] / examples / LDAP / smbldap-tools / smbldap-passwd.pl
blob832bdcfd0e5332d4c2dc6f6223aadd6aa6365155
1 #!/usr/bin/perl
2
3 # LDAP to unix password sync script for samba
4 # $Id: smbldap-passwd.pl,v 1.1.2.1 2002/06/04 22:25:39 jerry Exp $
5
6 # This code was developped by IDEALX (http://IDEALX.org/) and
7 # contributors (their names can be found in the CONTRIBUTORS file).
8 #
9 # Copyright (C) 2001-2002 IDEALX
10 #
11 # This program is free software; you can redistribute it and/or
12 # modify it under the terms of the GNU General Public License
13 # as published by the Free Software Foundation; either version 2
14 # of the License, or (at your option) any later version.
15 #
16 # This program is distributed in the hope that it will be useful,
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 # GNU General Public License for more details.
20 #
21 # You should have received a copy of the GNU General Public License
22 # along with this program; if not, write to the Free Software
23 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
24 # USA.
25
26 # Purpose :
27 # . ldap-unix passwd sync for SAMBA-2.2.2 + LDAP
28 # . may also replace /bin/passwd
29
30 use strict;
31 use smbldap_tools;
32 use smbldap_conf;
33
34 my $user;
35 my $oldpass;
36 my $ret;
37
38 my $arg;
39
40 foreach $arg (@ARGV) {
41 if ($< != 0) {
42 die "Only root can specify parameters\n";
43 } else {
44 if ( ($arg eq '-?') || ($arg eq '--help') ) {
45 print "Usage: $0 [username]\n";
46 print " -?, --help show this help message\n";
47 exit (6);
48 } elsif (substr($arg,0) ne '-') {
49 $user = $arg;
50 }
51 $oldpass = 1;
52 }
53 }
54
55 if (!defined($user)) {
56 $user=$ENV{"USER"};
57 }
58
59 # test existence of user in LDAP
60 my $dn_line;
61 if (!defined($dn_line = get_user_dn($user))) {
62 print "$0: user $user doesn't exist\n";
63 exit (10);
64 }
65
66 my $dn = get_dn_from_line($dn_line);
67
68 my $samba = is_samba_user($user);
69
70 print "Changing password for $user\n";
71
72 # non-root user
73 if (!defined($oldpass)) {
74 # prompt for current password
75 system "stty -echo";
76 print "(current) UNIX password: ";
77 chomp($oldpass=<STDIN>);
78 print "\n";
79 system "stty echo";
80
81 if (!is_user_valid($user, $dn, $oldpass)) {
82 print "Authentication failure\n";
83 exit (10);
84 }
85 }
86
87 # prompt for new password
88
89 my $pass;
90 my $pass2;
91
92 system "stty -echo";
93 print "New password : ";
94 chomp($pass=<STDIN>);
95 print "\n";
96 system "stty echo";
97
98 system "stty -echo";
99 print "Retype new password : ";
100 chomp($pass2=<STDIN>);
101 print "\n";
102 system "stty echo";
103
104 if ($pass ne $pass2) {
105 print "New passwords don't match!\n";
106 exit (10);
107 }
108
109 # only modify smb passwords if smb user
110 if ($samba == 1) {
111 if (!$with_smbpasswd) {
112 # generate LanManager and NT clear text passwords
113 if ($mk_ntpasswd eq '') {
114 print "Either set \$with_smbpasswd = 1 or specify \$mk_ntpasswd\n";
115 exit(1);
116 }
117 my $ntpwd = `$mk_ntpasswd '$pass'`;
118 chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
119 chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
120
121 # change nt/lm passwords
122 my $tmpldif =
123 "$dn_line
124 changetype: modify
125 replace: lmpassword
126 lmpassword: $lmpassword
127 -
128 changetype: modify
129 replace: ntpassword
130 ntpassword: $ntpassword
131 -
132
133 ";
134 die "$0: error while modifying password for $user\n"
135 unless (do_ldapmodify($tmpldif) == 0);
136 undef $tmpldif;
137 }
138 else {
139 if ($< != 0) {
140 my $FILE="|$smbpasswd -s >/dev/null";
141 open (FILE, $FILE) || die "$!\n";
142 print FILE <<EOF;
143 '$oldpass'
144 '$pass'
145 '$pass'
146 EOF
147 ;
148 close FILE;
149 } else {
150 my $FILE="|$smbpasswd $user -s >/dev/null";
151 open (FILE, $FILE) || die "$!\n";
152 print FILE <<EOF;
153 '$pass'
154 '$pass'
155 EOF
156 ;
157 close FILE;
158 }
159 }
160 }
161 # change unix password
162 $ret = system "$ldappasswd $dn -s '$pass' > /dev/null";
163 if ($ret == 0) {
164 print "all authentication tokens updated successfully\n";
165 } else {
166 return $ret;
167 }
168
169 exit 0;
170
171
172 # - The End
173
174 =head1 NAME
175
176 smbldap-passwd.pl - change user password
177
178 =head1 SYNOPSIS
179
180 smbldap-passwd.pl [name]
181
182 =head1 DESCRIPTION
183
184 smbldap-passwd.pl changes passwords for user accounts. A normal user
185 may only change the password for their own account, the super user may
186 change the password for any account.
187
188 Password Changes
189 The user is first prompted for their old password, if one is present.
190 This password is then tested against the stored password by binding
191 to the server. The user has only one chance to enter the correct pass-
192 word. The super user is permitted to bypass this step so that forgot-
193 ten passwords may be changed.
194
195 The user is then prompted for a replacement password. As a general
196 guideline, passwords should consist of 6 to 8 characters including
197 one or more from each of following sets:
198
199 Lower case alphabetics
200
201 Upper case alphabetics
202
203 Digits 0 thru 9
204
205 Punctuation marks
206
207 passwd will prompt again and compare the second entry against the first.
208 Both entries are require to match in order for the password to be
209 changed.
210
211 =head1 SEE ALSO
212
213 passwd(1)
214
215 =cut
216
217 #'
Samba GIT mirror