$basedn = "ou=Students,dc=univr, dc=it";
$binddn = "uid=root,dc=univr,dc=it";
$scope = "sub";
$server = "my_server";
foreach $arg (@ARGV) {
if ($< != 0) {
die "Only root can specify parameters\n";
} else {
if ( ($arg eq '-?') || ($arg eq '--help') ) {
print "Usage: $0 [-o] [username]\n";
print " -o, --without-old-password do not ask for old password (root only)\n";
print " -?, --help show this help message\n";
exit (-1);
} elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) {
$oldpass = 1;
} elsif (substr($arg,0) ne '-') {
$user = $arg;
if (!defined(getpwnam($user))) {
die "$0: Unknown user name '$user'\n"; ;
}
}
}
}
if (!defined($user)) {
$user=$ENV{"USER"};
}
my $dn = '';
if ($< == 0) {
system "stty -echo";
print "LDAP password for root DN: ";
chomp($passwd=<STDIN>);
print "\n";
system "stty echo";
chomp($dn=`ldapsearch -h '$server' -b '$basedn' -s '$scope' -D '$binddn' -w '$passwd' '(uid=$user)'|head -1`);
if ( ($dn eq '') || ($passwd eq '') ) {
print "Wrong LDAP password for root DN!\n";
exit (-1);
}
} else {
if (!defined($oldpass)) {
system "stty -echo";
print "Old password for user $user: ";
chomp($oldpass=<STDIN>);
print "\n";
system "stty echo";
chomp($path_to_uid=`ldapsearch -h '$server' -b '$basedn' -s '$scope' '(uid=$user)'|head -1`);
chomp($dn=`ldapsearch -h '$server' -b '$basedn' -s '$scope' -D '$path_to_uid' -w '$oldpass' '(uid=$user)'|head -1`);
if ( ($dn eq '') || ($oldpass eq '') ) {
print "Wrong password for user $user!\n";
exit (-1);
}
}
}
system "stty -echo";
print "New password for user $user: ";
chomp($pass=<STDIN>);
print "\n";
system "stty echo";
system "stty -echo";
print "Retype new password for user $user: ";
chomp($pass2=<STDIN>);
print "\n";
system "stty echo";
if ( ($pass ne $pass2) || (length($pass)<1) ) {
die "Wrong password!\n";
} else {
$random = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64];
$bsalt = "\$1\$"; $esalt = "\$";
$modsalt = $bsalt.$random.$esalt;
$password = crypt($pass, $modsalt);
$ntpwd = `/usr/local/sbin/mkntpwd '$pass'`;
chomp($lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
chomp($ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
if ($< != 0) {
$FILE="|/usr/bin/ldapmodify -h '$server' -D '$dn' -w '$oldpass'";
} else {
$FILE="|/usr/bin/ldapmodify -h '$server' -D '$binddn' -w '$passwd'";
}
$shadowlastchange=int(time/24/3600);
$pwdlastset=sprintf('%x',time);
open FILE or die;
print FILE <<EOF;
dn: $dn
changetype: modify
replace: userPassword
userPassword: {crypt}$password
-
changetype: modify
replace: lmpassword
lmpassword: $lmpassword
-
changetype: modify
replace: ntpassword
ntpassword: $ntpassword
-
changetype: modify
replace: shadowlastchange
shadowlastchange: $shadowlastchange
-
changetype: modify
replace: pwdlastset
pwdlastset: $pwdlastset
-
EOF
close FILE;
}
exit 0;