Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

To setup Linux NIS, samba and shadow shadow passwords

by tbo (Scribe)
on Jan 02, 2002 at 19:22 UTC ( #135685=sourcecode: print w/ replies, xml ) Need Help??

Category: CGI Programming
Author/Contact Info tbo gilles.thebault@free.fr
Description: CGI Script to setup NIS, samba and shadow passwords over web . I didn't want to use yppasswd because it doesn't use md5 passwords. (I want to keep md5 because one day I hope I will understand ldap, and then migrate to ldap). The HTML form gives login name, old passwd, and new password twice.
#! /usr/bin/perl -T

####################################################
# passwd_sync.pl : Program to Setup Unix, Samba, and NIS passwords ove
+r web.
# licence GPL
####################################################

####################################################
#YOU NEED TO CREATE THIS SCRIPT "SETUID" and owned by
# root (This is a security risk!!)
####################################################

use strict;
use GDBM_File;
use CGI qw(:standard);
use Crypt::PasswdMD5;
use Passwd::Linux qw(modpwinfo);
####################################################
#datas from HTML form#
my $login = param('login');
my $old_passwd = param('old_passwd');
my $passwd1= param('passwd1');
my $passwd2 = param('passwd2');

####################################################
#things you've got to change to suit you're own configuration
####################################################
my $url_server="https://192.168.0.1";   #url of the web server
my $nis_domain="tbo.edu";#the nis domain (get by domainname)
my $SMBPASSWD="/usr/bin/smbpasswd";#location of smbpasswd
my $MAKEDBM="/usr/lib/yp/makedbm";#location of makedbm (YP server)
my $SUDO="/usr/bin/sudo";#location of sudo


###################################################
#location of nis files
my $passwd_byname="/var/yp/".$nis_domain."/passwd.byname"; #location o
+f the file passwd.byname from nis
my $passwd_byuid="/var/yp/".$nis_domain."/passwd.byuid"; #location of 
+the file passwd.byuid from nis

####################################################
my $name; #login name from /etc/passwd
my $shadow_pass; #md5 password's $name from /etc/shadow
my $uid; #uid's $name from /etc/passwd
my $gid; #gid's $name from /etc/passwd
my $gecos; #gecos's $name from /etc/passwd
my $home; #directory's $name from /etc/passwd
my $shell; #shell's $name from etc/passwd
my $crypte;#old passwd crypted in md5 (to compare with $shadow_pass)
my $crypt_passwd; #new passwd crypted in md5
my $modif;#used to modify /etc/shadow with $crypt_passwd
my %nis; #hash where passwd.byname is stored during manipulations
my %nis2; #hash where passwd.byuid is stored during manipulations
my $value; #$name's info from nis DB
my @new_user_info; #array with $name's infos from nis passwd.byname (s
+plit of $value)
my @new_user_info2; #array with $name's infos from nis passwd.byuid (s
+plit of $value)
my $html= new CGI;

####################################################
#HTML Header#
print $html->header;
print $html->start_html(-BGCOLOR=>"white");
####################################################
print "Messages du système : <br><hr>";

($name,$shadow_pass,$uid,$gid,$gecos,$home,$shell)=getpwnam("$login");
$crypte=unix_md5_crypt($old_passwd,$shadow_pass);

if ($uid<500){
  print "You don't have the right to change the password by this way";
}
else {
if ($passwd1 eq $passwd2) {
  if($crypte eq $shadow_pass) {

    $crypt_passwd=unix_md5_crypt($passwd1,int rand (99));
       $modif=modpwinfo($name,$crypt_passwd,$uid,$gid,$gecos,$home,$sh
+ell);
    system ("$SUDO","$SMBPASSWD","-s","$name","$passwd1");

    ($name,$shadow_pass,$uid)=getpwnam("$login");

    tie (%nis,'GDBM_File',$passwd_byname,1,0) or die "Can't access NIS
+ passwd.byname";
    $value=$nis{"$login"};
    @new_user_info=split (/:/,$value);
    $new_user_info[1]="$shadow_pass";
    $value= join (":",@new_user_info);
    $nis{"$login"}=$value;
    untie (%nis);


    tie (%nis2,'GDBM_File',$passwd_byuid,1,0) or die "Can't access NIS
+ passwd.byuid";
    $value=$nis2{$uid};
    @new_user_info2=split (/:/,$value);
    $new_user_info2[1]="$shadow_pass";
    $value= join (":",@new_user_info2);
    $nis2{"$uid"}=$value;
    untie (%nis2);

    system ("$MAKEDBM","-c");
  }
  else {
    print "The old password or the login name are bad.";
      }
}
else { print "Passwords do not match."}
}
####################################################
#HTML footer
print $html->hr;
print $html->a({href=>"$url_server"},"Back");
print $html->end_html;
####################################################

Comment on To setup Linux NIS, samba and shadow shadow passwords
Download Code
Re: To setup Linux NIS, samba and shadow shadow passwords
by scain (Curate) on Jan 02, 2002 at 20:18 UTC
    This may seem like a silly question, but why whould you want to do this via CGI? I mean, yes, there are security conserns, but in addition to that, is this something that you do that often? I have several linux boxes, and I basically do this once for each of them and I am done.

    Scott

      This script will run on a linux server which provides file sharing for windows (samba), linux (NIS) and Xterminal (ltsp) in a french high school. Students use both linux and windows (Windows in the library, Windows or linux in my classroom...), so i thought a cgi script is more simple for them because the way to change the password is the same. Another reason is that when I create the accounts, the password used is the last name, the login name used is the first name. So, they must quickly change the password. And, as I am a (lazy) teacher, I can't be here every day to do that task.

Back to Code Catacombs

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: sourcecode [id://135685]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (13)
As of 2014-11-26 16:26 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My preferred Perl binaries come from:














    Results (172 votes), past polls