diff options
Diffstat (limited to 'examples/LDAP/smbldap-tools/cgi')
| -rw-r--r-- | examples/LDAP/smbldap-tools/cgi/README | 27 | ||||
| -rwxr-xr-x | examples/LDAP/smbldap-tools/cgi/ldappass.cgi | 202 |
2 files changed, 0 insertions, 229 deletions
diff --git a/examples/LDAP/smbldap-tools/cgi/README b/examples/LDAP/smbldap-tools/cgi/README deleted file mode 100644 index 7a4fc0c02b9..00000000000 --- a/examples/LDAP/smbldap-tools/cgi/README +++ /dev/null @@ -1,27 +0,0 @@ -Description: - A cgi to allow users to change their passwords via a web browser. - -Installation: - Drop this into a cgi-enabled directory on your webserver. - Edit it and change the CONFIGURATION section to suit your environment. - READ THE NOTES SECTION. - -Notes: This script will run as the user who runs your web server. So, to invoke the smbpasswd call, you must implement sudo. - Example of /etc/sudoers: - - # Host alias specification - # User alias specification - User_Alias PASSWD = apache - # Cmnd alias specification - Cmnd_Alias PASSWD = /usr/bin/smbpasswd - # User privilege specification - root ALL=(ALL) ALL - PASSWD ALL= NOPASSWD: PASSWD - - This concept is probably very insecure and broken. That is why this is a 0.1 release. :) - - -Feel free to drop me suggestions. I am a perl learner so I am always open to suggestions. - -Terry Davis -tdavis@approbation.org diff --git a/examples/LDAP/smbldap-tools/cgi/ldappass.cgi b/examples/LDAP/smbldap-tools/cgi/ldappass.cgi deleted file mode 100755 index 4a5ecb8f3a9..00000000000 --- a/examples/LDAP/smbldap-tools/cgi/ldappass.cgi +++ /dev/null @@ -1,202 +0,0 @@ -#!/usr/bin/perl - -################################################################################ -# -# changepass.pl - A program to allow users to change their passwords -# via a web browser. -# Terry Davis -# -# URLs -# Net::LDAP - http:// -# usermod and this file - http://www.cloudamster.com/cloudmaster/projects -# -# Release History: -# Version 0.1 - initial write -# -# ToDo: -# ... the ToDo section is on the ToDo list... -# -# Limitations: -# The password cannot contain single and double quotes.....welcome to quoting hell.... -# -# Notes: -# This code is largely based on work done by Danny Sauer - http://www.cloudamster.com/cloudmaster/projects -# His work is not licensed and is marked as 'freely distributable'. -# Thank you to Danny for his hard work on the initial work. -# -################################################################################ - -use CGI qw(:standard); -use Net::LDAP; - -# CONFIGURATION SECTION -$masterLDAP = "ldap.idealx.org"; -$basedn = "dc=IDEALX,dc=org"; -$masterPw = ""; -$masterDN = "cn=manager,$basedn"; -$ldap_path = "/usr/bin"; -$ldap_opts = "-x"; -$ldappasswd = "$ldap_path/ldappasswd $ldap_opts -h $masterLDAP -D '$masterDN' -w '$masterPw'"; -$usersdn = "ou=Users,$basedn"; -# END CONFIGURATION - - - -# DONT EDIT ANYTHING BELOW THIS LINE -$logtag = "Login:"; -$passtag = "Current password:"; -$npasstag1 = "New password:"; -$npasstag2 = "Retype new pasword:"; -$error = ""; -$color = "<FONT color='red'>"; -$stopcolor = "</FONT>"; - -if(param()){ - nologin() unless ($username = param('login')); - nopass() unless ($oldpass = param('oldpass')); - nonewpass(1) unless ($newpass1 = param('newpass')); - nonewpass(2) unless ($newpass2 = param('newpass2')); - verifyuser($username) or die "bad user"; - verifypass($username, $oldpass) or die "bad pass"; - testnewpass($newpass1, $newpass2) or die "bad new pass"; - changepass($username, $newpass1) or die "couldn't change pass"; - printsuccess(); -}else{ - printpage(); -} -exit(0); - -sub verifyuser{ - local $user = shift; - $ldap = Net::LDAP->new($masterLDAP) or die "can't make new LDAP object: $@"; - $ldap->bind(); - if (0 < $ldap->search(base => $basedn, filter => "(uid=$user)")->count){ - return 1; - } - $logtag = $color . $logtag . $color; - $error = "No such user"; - printpage(); - return 0; -} - -sub verifypass{ - $uid = shift; - $pass = shift; - $ldap = Net::LDAP->new($masterLDAP) or die "can't make new LDAP object: $@"; - $binddn = "uid=$uid,ou=People,$basedn"; - return 1 if($ldap->bind( $binddn, password => $pass)->code == 0); - if($ldap->bind()){ - $passtag = $color . $passtag . $color; - $error = "Incorrect password"; - printpage(); - return 0; - }else{ - print header, start_html(-title=>"LDAP dead"); - print h2("<CENTER>The LDAP server is temporarily unavailable."), - p,"Please try again later</CENTER>"; - return 0; - }die "Something (or someone) is defective, contact your friendly Systems Administrator"; -} - -sub testnewpass{ - $p1 = shift; $p2 = shift; - if ($p1 ne $p2){ - $npasstag1 = $color . $npasstag1 . $color; - $npasstag2 = $color . $npasstag2 . $color; - $error = "Passwords don't match ($p1 vs $p2)"; - printpage(); - return 0; - } - if ($p1 =~ /"/ ){ - $npasstag1 = $color . $npasstag1 . $color; - $npasstag2 = $color . $npasstag2 . $color; - $error = "Passwords cannot contain double quotes. Sorry"; - printpage(); - return 0; - } - if ($p1 =~ /'/ ){ - $npasstag1 = $color . $npasstag1 . $color; - $npasstag2 = $color . $npasstag2 . $color; - $error = "Passwords cannot contain single quotes. Sorry"; - printpage(); - return 0; - } - return 1; -} - -sub changepass{ - local $user = shift; - local $newpass = shift; - local $dn = "uid=$user,$usersdn"; - system "$ldappasswd $dn -s '$newpass' > /dev/null"; - `/usr/bin/sudo /usr/bin/smbpasswd $user "$newpass"`; - exit(1); -} - -sub nologin{ - $logtag = $color . $logtag . $color; - $error = "You need to enter a Login Name"; - printpage(); - exit(1); -} - -sub nopass{ - $passtag = $color . $passtag . $color; - $error = "Please enter your old password"; - printpage(); - exit(1); -} - -sub nonewpass{ - $f=shift; - $npasstag1 = $color . $npasstag1 . $color if($f==1); - $npasstag2 = $color . $npasstag2 . $color if($f==2); - $error = "You need to enter your new password"; - $error .= " twice" if($f==2); - printpage(); - exit(1); -} - -sub printpage{ - print header, - start_html(-title=> "Password Change Page", - -author=> 'tdavis@birddog.com', - -BGCOLOR=> 'WHITE'), - h3('Password Change Page'), - startform(-method=>'POST'), - "<TABLE BORDER=0 WIDTH=50%>", - "<font size=2>", - "<TR><TD>", - $logtag, - "</TD><TD>", - textfield(-name=>'login', -default=>$login, - -size=>15, -maxlength=>20), - "</TD><TR><TD>", - $passtag, - "</TD><TD>", - password_field(-name=>'oldpass', -size=>15, -maxlength=>25), - "</TD><TR><TD>", - $npasstag1, - "</TD><TD>", - password_field(-name=>'newpass', -size=>15, -maxlength=>25), - "</TD><TR><TD>", - $npasstag2, - "</TD><TD>", - password_field(-name=>'newpass2', -size=>15, -maxlength=>25), - "</TD><TR><TD></TD><TD>", - submit(-name=>"change"),reset(), - "</TD></TR></TABLE>", - "</font>", - endform(), - "<FONT color='red'>$error</FONT>", - end_html; -} - -sub printsuccess(){ - print header, - start_html(-title=> "Success", - -BGCOLOR=> 'WHITE'), - h1("Password Succesfully Changed"), - "<br>", - end_html; -} |