#! /usr/bin/perl -T

####################################################
# passwd_sync.pl : Program to Setup Unix, Samba, and NIS passwords over web.
# licence GPL
####################################################

####################################################
#YOU NEED TO CREATE THIS SCRIPT "SETUID" and owned by
# root (This is a security risk!!)
####################################################

use strict;
use GDBM_File;
use CGI qw(:standard);
use Crypt::PasswdMD5;
use Passwd::Linux qw(modpwinfo);
####################################################
#datas from HTML form#
my $login = param('login');
my $old_passwd = param('old_passwd');
my $passwd1= param('passwd1');
my $passwd2 = param('passwd2');

####################################################
#things you've got to change to suit you're own configuration
####################################################
my $url_server="https://192.168.0.1";   #url of the web server
my $nis_domain="tbo.edu";#the nis domain (get by domainname)
my $SMBPASSWD="/usr/bin/smbpasswd";#location of smbpasswd
my $MAKEDBM="/usr/lib/yp/makedbm";#location of makedbm (YP server)
my $SUDO="/usr/bin/sudo";#location of sudo


###################################################
#location of nis files
my $passwd_byname="/var/yp/".$nis_domain."/passwd.byname"; #location of the file passwd.byname from nis
my $passwd_byuid="/var/yp/".$nis_domain."/passwd.byuid"; #location of the file passwd.byuid from nis

####################################################
my $name; #login name from /etc/passwd
my $shadow_pass; #md5 password's $name from /etc/shadow
my $uid; #uid's $name from /etc/passwd
my $gid; #gid's $name from /etc/passwd
my $gecos; #gecos's $name from /etc/passwd
my $home; #directory's $name from /etc/passwd
my $shell; #shell's $name from etc/passwd
my $crypte;#old passwd crypted in md5 (to compare with $shadow_pass)
my $crypt_passwd; #new passwd crypted in md5
my $modif;#used to modify /etc/shadow with $crypt_passwd
my %nis; #hash where passwd.byname is stored during manipulations
my %nis2; #hash where passwd.byuid is stored during manipulations
my $value; #$name's info from nis DB
my @new_user_info; #array with $name's infos from nis passwd.byname (split of $value)
my @new_user_info2; #array with $name's infos from nis passwd.byuid (split of $value)
my $html= new CGI;

####################################################
#HTML Header#
print $html->header;
print $html->start_html(-BGCOLOR=>"white");
####################################################
print "Messages du système : <br><hr>";

($name,$shadow_pass,$uid,$gid,$gecos,$home,$shell)=getpwnam("$login");
$crypte=unix_md5_crypt($old_passwd,$shadow_pass);

if ($uid<500){
  print "You don't have the right to change the password by this way";
}
else {
if ($passwd1 eq $passwd2) {
  if($crypte eq $shadow_pass) {

    $crypt_passwd=unix_md5_crypt($passwd1,int rand (99));
       $modif=modpwinfo($name,$crypt_passwd,$uid,$gid,$gecos,$home,$shell);
    system ("$SUDO","$SMBPASSWD","-s","$name","$passwd1");

    ($name,$shadow_pass,$uid)=getpwnam("$login");

    tie (%nis,'GDBM_File',$passwd_byname,1,0) or die "Can't access NIS passwd.byname";
    $value=$nis{"$login"};
    @new_user_info=split (/:/,$value);
    $new_user_info[1]="$shadow_pass";
    $value= join (":",@new_user_info);
    $nis{"$login"}=$value;
    untie (%nis);


    tie (%nis2,'GDBM_File',$passwd_byuid,1,0) or die "Can't access NIS passwd.byuid";
    $value=$nis2{$uid};
    @new_user_info2=split (/:/,$value);
    $new_user_info2[1]="$shadow_pass";
    $value= join (":",@new_user_info2);
    $nis2{"$uid"}=$value;
    untie (%nis2);

    system ("$MAKEDBM","-c");
  }
  else {
    print "The old password or the login name are bad.";
      }
}
else { print "Passwords do not match."}
}
####################################################
#HTML footer
print $html->hr;
print $html->a({href=>"$url_server"},"Back");
print $html->end_html;
####################################################