mirror of
https://github.com/samba-team/samba.git
synced 2025-01-10 01:18:15 +03:00
118 lines
2.9 KiB
Perl
118 lines
2.9 KiB
Perl
#!/usr/bin/perl -w
|
|
|
|
# LDAP to unix password sync script for samba-tng
|
|
# originally by Jody Haynes <Jody.Haynes@isunnetworks.com>
|
|
# 12/12/2000 milos@interactivesi.com
|
|
# modified for use with MD5 passwords
|
|
# 12/16/2000 mami@arena.sci.univr.it
|
|
# modified to change lmpassword and ntpassword for samba
|
|
# 05/01/2001 mami@arena.sci.univr.it
|
|
# modified for being also a /bin/passwd replacement
|
|
|
|
$basedn = "ou=Students,dc=univr, dc=it";
|
|
$binddn = "uid=root,dc=univr,dc=it";
|
|
$scope = "sub";
|
|
$passwd = "mysecret";
|
|
|
|
foreach $arg (@ARGV) {
|
|
if ($< != 0) {
|
|
die "Only root can specify parameters\n";
|
|
} else {
|
|
if ( ($arg eq '-?') || ($arg eq '--help') ) {
|
|
print "Usage: $0 [-o] [username]\n";
|
|
print " -o, --without-old-password do not ask for old password (root only)\n";
|
|
print " -?, --help show this help message\n";
|
|
exit (-1);
|
|
} elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) {
|
|
$oldpass = 1;
|
|
} elsif (substr($arg,0) ne '-') {
|
|
$user = $arg;
|
|
if (!defined(getpwnam($user))) {
|
|
die "$0: Unknown user name '$user'\n"; ;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!defined($user)) {
|
|
$user=$ENV{"USER"};
|
|
}
|
|
|
|
if (!defined($oldpass)) {
|
|
system "stty -echo";
|
|
print "Old password for user $user: ";
|
|
chomp($oldpass=<STDIN>);
|
|
print "\n";
|
|
system "stty echo";
|
|
|
|
$ntpwd = `/usr/local/sbin/smbencrypt '$oldpass'`;
|
|
$lmpassword = substr($ntpwd, 0, index($ntpwd, ':')); chomp $lmpassword;
|
|
$ntpassword = substr($ntpwd, index($ntpwd, ':')+1); chomp $ntpassword;
|
|
|
|
# Find dn for user $user (maybe check unix password too?)
|
|
$dn=`ldapsearch -b '$basedn' -s '$scope' '(&(uid=$user)(lmpassword=$lmpassword)(ntpassword=$ntpassword))'|head -1`;
|
|
chomp $dn;
|
|
|
|
if ($dn eq '') {
|
|
print "Wrong password for user $user!\n";
|
|
exit (-1);
|
|
}
|
|
} else {
|
|
# Find dn for user $user
|
|
$dn=`ldapsearch -b '$basedn' -s '$scope' '(uid=$user)'|head -1`;
|
|
chomp $dn;
|
|
}
|
|
|
|
system "stty -echo";
|
|
print "New password for user $user: ";
|
|
chomp($pass=<STDIN>);
|
|
print "\n";
|
|
system "stty echo";
|
|
|
|
system "stty -echo";
|
|
print "Retype new password for user $user: ";
|
|
chomp($pass2=<STDIN>);
|
|
print "\n";
|
|
system "stty echo";
|
|
|
|
if ($pass ne $pass2) {
|
|
die "Wrong password!\n";
|
|
} else {
|
|
# MD5 password
|
|
$random = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64];
|
|
$bsalt = "\$1\$"; $esalt = "\$";
|
|
$modsalt = $bsalt.$random.$esalt;
|
|
$password = crypt($pass, $modsalt);
|
|
|
|
# LanManager and NT clear text passwords
|
|
$ntpwd = `/usr/local/sbin/smbencrypt '$pass'`;
|
|
chomp($lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
|
|
chomp($ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
|
|
|
|
$FILE="|/usr/bin/ldapmodify -D '$binddn' -w $passwd";
|
|
|
|
open FILE or die;
|
|
|
|
print FILE <<EOF;
|
|
dn: $dn
|
|
changetype: modify
|
|
replace: userPassword
|
|
userPassword: {crypt}$password
|
|
-
|
|
changetype: modify
|
|
replace: lmpassword
|
|
lmpassword: $lmpassword
|
|
-
|
|
changetype: modify
|
|
replace: ntpassword
|
|
ntpassword: $ntpassword
|
|
-
|
|
|
|
EOF
|
|
close FILE;
|
|
|
|
}
|
|
|
|
exit 0;
|
|
|