1 |
dpavlin |
1.1 |
#!/usr/local/bin/perl |
2 |
|
|
|
3 |
|
|
# PopPass - a CGI script in Perl to allow users to changes their password |
4 |
|
|
# using a WWW interface. PopPass uses poppassd version 1.2 (available at |
5 |
|
|
# ftp://ftp.qualcomm.com/eudora/servers/unix/password/ to actually make |
6 |
|
|
# the password change. It can therefore run as an unprivilaged user on any |
7 |
|
|
# server (not necessarly the server where the password file exists). The |
8 |
|
|
# Perl 5 modules IO::Socket and CGI are also required (available from your |
9 |
|
|
# favorite CPAN site). |
10 |
|
|
# A version of poppassd for Linux systems using shadow passwords can be |
11 |
|
|
# found at ftp://ftp.ceti.com.pl/pub/linux/poppassd-1.8-ceti.tar.gz |
12 |
|
|
# ========================================================================== |
13 |
|
|
# Created: 2 Feb 96 by Jerry Workman (jerry@mtnsoft.com) |
14 |
|
|
# Last Revised: 19 January 2000 |
15 |
|
|
# ========================================================================== |
16 |
|
|
|
17 |
|
|
# 2001-10-12 DbP <dpavlin@rot13.org> support for multiple servers separated |
18 |
|
|
# by spaces |
19 |
|
|
|
20 |
|
|
use strict; |
21 |
|
|
use CGI qw(:all); # CGI forms etc |
22 |
|
|
use CGI::Carp qw(fatalsToBrowser set_message); |
23 |
|
|
use IO::Socket::INET; |
24 |
|
|
|
25 |
|
|
BEGIN { |
26 |
|
|
sub handle_errors { |
27 |
|
|
my $msg = shift; |
28 |
|
|
print "<h2>Error:</H2><i>$msg</i>"; |
29 |
|
|
} |
30 |
|
|
set_message(\&handle_errors); |
31 |
|
|
} |
32 |
|
|
#$SIG{ALRM} = \&error_exit; |
33 |
|
|
#alarm(3*60); |
34 |
|
|
open(STDERR,">&STDOUT") || die "Can't dup stdout: $!\n"; |
35 |
|
|
select(STDERR); $| = 1; # Make unbuffered. |
36 |
|
|
select(STDOUT); $| = 1; # Make unbuffered. |
37 |
|
|
# -------------------------------------------------------------------------- |
38 |
|
|
my $DEBUG = 0; |
39 |
|
|
my $DEFAULTHOST = 'localhost'; # host name if different from web server |
40 |
|
|
my $TITLE = 'Change Your Password'; |
41 |
|
|
my $AUTHOR = 'Jerry Workman'; |
42 |
|
|
my $COPYRIGHT = "Copyright 1996-2000 $AUTHOR"; |
43 |
|
|
my $HOME = hr. a({href=>CGI::referer()}, "Home"); # Very Basic Home link |
44 |
|
|
my $MESSAGE = <<EOM; |
45 |
|
|
Enter your UserName, current password, and new password (twice for |
46 |
|
|
verification) then click on Change Password. Passwords must be |
47 |
|
|
at least 6 characters and can be mixed case. |
48 |
|
|
EOM |
49 |
|
|
# ** End of Configurable Parameters (unless you're a Perl hacker) ** |
50 |
|
|
# -------------------------------------------------------------------------- |
51 |
|
|
my $host = param('host') || $DEFAULTHOST; |
52 |
|
|
my $username = param('username'); |
53 |
|
|
my $password = param('password'); |
54 |
|
|
my $newpassword1 = param('newpassword1'); |
55 |
|
|
my $newpassword2 = param('newpassword2'); |
56 |
|
|
my $msg; |
57 |
|
|
# -------------------------------------------------------------------------- |
58 |
|
|
print header, |
59 |
|
|
start_html(-title=>$TITLE, |
60 |
|
|
-author=>$AUTHOR, |
61 |
|
|
-base=>'true', |
62 |
|
|
-meta=>{'copyright'=>$COPYRIGHT}); |
63 |
|
|
#print CGI::dump() if $DEBUG; |
64 |
|
|
if(!param()) { |
65 |
|
|
showform(); |
66 |
|
|
} else { |
67 |
|
|
error_exit("You must supply a Username") |
68 |
|
|
if (!$username); |
69 |
|
|
error_exit("New Passwords do not match") |
70 |
|
|
if ($newpassword1 ne $newpassword2); |
71 |
|
|
error_exit("The New Password can not be blank") |
72 |
|
|
if length($newpassword1) == 0; |
73 |
|
|
my $newpassword = $newpassword1; |
74 |
|
|
error_exit("New Password can not contain spaces") |
75 |
|
|
if $newpassword =~ / /; |
76 |
|
|
error_exit ("Password must be eight or more characters") |
77 |
|
|
if length($newpassword) < 8; |
78 |
|
|
if ($host =~ m,\s+,) { |
79 |
|
|
my @host_arr=split(/\s+/,$host); |
80 |
|
|
foreach $host (@host_arr) { |
81 |
|
|
print b("working on host: $host"),p if $DEBUG; |
82 |
|
|
if(poppass($host, $username, $password, $newpassword)) { |
83 |
|
|
print p, center(h2("Password on $host changed successfully")), "\n"; |
84 |
|
|
} else { |
85 |
|
|
print p, center(h2("Error changing password on $host: $msg")); |
86 |
|
|
} |
87 |
|
|
} |
88 |
|
|
} else { |
89 |
|
|
if(poppass($host, $username, $password, $newpassword)) { |
90 |
|
|
print p, center(h2("Password changed successfully")), "\n"; |
91 |
|
|
} else { |
92 |
|
|
error_exit($msg); |
93 |
|
|
} |
94 |
|
|
} |
95 |
|
|
} |
96 |
|
|
print $HOME, end_html; |
97 |
|
|
# -------------------------------------------------------------------------- |
98 |
|
|
# Subroutines |
99 |
|
|
# -------------------------------------------------------------------------- |
100 |
|
|
sub showform { |
101 |
|
|
print p, blockquote(center(h2('Change Password')), hr, |
102 |
|
|
$MESSAGE, hr, center(pre(startform(), |
103 |
|
|
"<b> UserName: </b>", textfield('username','', 25), "\n", |
104 |
|
|
"<b> Old Password: </b>", password_field('password','', 25), "\n", |
105 |
|
|
"<b> New Password: </b>", password_field('newpassword1','',25),"\n", |
106 |
|
|
"<b>Verify New Password: </b>", password_field('newpassword2','',25),"\n\n", |
107 |
|
|
submit('action','Change Password'), |
108 |
|
|
endform))), "\n"; |
109 |
|
|
} |
110 |
|
|
# -------------------------------------------------------------------------- |
111 |
|
|
sub error_exit { |
112 |
|
|
my($msg) = @_; |
113 |
|
|
print h1("Error:"), h2($msg), hr, |
114 |
|
|
"Return to the previous page and make the necessary corrections", |
115 |
|
|
$HOME, end_html; |
116 |
|
|
exit; |
117 |
|
|
} |
118 |
|
|
# -------------------------------------------------------------------------- |
119 |
|
|
# Change the password using service poppassd at port 106 |
120 |
|
|
# |
121 |
|
|
sub poppass |
122 |
|
|
{ |
123 |
|
|
my($host, $username, $password, $newpassword) = @_; |
124 |
|
|
my $status = 0; |
125 |
|
|
eval { |
126 |
|
|
sub popout { |
127 |
|
|
my ($socket,$str) = @_; |
128 |
|
|
print $socket "$str\n"; |
129 |
|
|
print "$str <br>\n" if $DEBUG; |
130 |
|
|
} |
131 |
|
|
print "connect: $host 106<br>\n" if $DEBUG; |
132 |
|
|
my $socket = IO::Socket::INET->new( |
133 |
|
|
PeerAddr => $host, |
134 |
|
|
PeerPort => 106, |
135 |
|
|
Timeout => 5, |
136 |
|
|
Reuse => 1 |
137 |
|
|
) or |
138 |
|
|
( $msg = "No Response from poppass server $host:$@\n", return $status = 0 ); |
139 |
|
|
|
140 |
|
|
$socket->autoflush(1); |
141 |
|
|
|
142 |
|
|
while ($_ = <$socket>) { |
143 |
|
|
s/\n//g; |
144 |
|
|
s/\r//g; |
145 |
|
|
print "$_ <br>\n" if $DEBUG; |
146 |
|
|
/200 poppassd/ && |
147 |
|
|
(popout($socket,"USER $username"), next ); |
148 |
|
|
/200.*[Yy]our password please/ && |
149 |
|
|
(popout($socket,"PASS $password"), next ); |
150 |
|
|
/200.*new password/ && |
151 |
|
|
(popout($socket,"NEWPASS $newpassword"), next ); |
152 |
|
|
/200 Password changed/ && |
153 |
|
|
( $msg = "Password successfully changed", $status = 1, last ); |
154 |
|
|
/200 Bye/ && |
155 |
|
|
(popout($socket,"QUIT"), last ); |
156 |
|
|
/500/ && ( s/500//, $msg = $_, $status = undef, last ); |
157 |
|
|
// && ( $msg = "No Response from server", $status = 0, last ); |
158 |
|
|
print "bonk: $_<br>\n" if $DEBUG; |
159 |
|
|
} |
160 |
|
|
undef $socket; |
161 |
|
|
}; #eval |
162 |
|
|
if ($@) { |
163 |
|
|
($msg) = split(/:/, $@); |
164 |
|
|
$msg =~ /[Tt]imeout/ && ($msg = "poppassd server not responding, try again later."); |
165 |
|
|
$status = 0; |
166 |
|
|
} |
167 |
|
|
return $status; |
168 |
|
|
} |