To setup Linux NIS, samba and shadow shadow passwords

Category:	CGI Programming
Author/Contact Info	tbo gilles.thebault@free.fr
Description:	CGI Script to setup NIS, samba and shadow passwords over web . I didn't want to use yppasswd because it doesn't use md5 passwords. (I want to keep md5 because one day I hope I will understand ldap, and then migrate to ldap). The HTML form gives login name, old passwd, and new password twice.
#! /usr/bin/perl -T #################################################### # passwd_sync.pl : Program to Setup Unix, Samba, and NIS passwords ove +r web. # licence GPL #################################################### #################################################### #YOU NEED TO CREATE THIS SCRIPT "SETUID" and owned by # root (This is a security risk!!) #################################################### use strict; use GDBM_File; use CGI qw(:standard); use Crypt::PasswdMD5; use Passwd::Linux qw(modpwinfo); #################################################### #datas from HTML form# my $login = param('login'); my $old_passwd = param('old_passwd'); my $passwd1= param('passwd1'); my $passwd2 = param('passwd2'); #################################################### #things you've got to change to suit you're own configuration #################################################### my $url_server="https://192.168.0.1"; #url of the web server my $nis_domain="tbo.edu";#the nis domain (get by domainname) my $SMBPASSWD="/usr/bin/smbpasswd";#location of smbpasswd my $MAKEDBM="/usr/lib/yp/makedbm";#location of makedbm (YP server) my $SUDO="/usr/bin/sudo";#location of sudo ################################################### #location of nis files my $passwd_byname="/var/yp/".$nis_domain."/passwd.byname"; #location o +f the file passwd.byname from nis my $passwd_byuid="/var/yp/".$nis_domain."/passwd.byuid"; #location of +the file passwd.byuid from nis #################################################### my $name; #login name from /etc/passwd my $shadow_pass; #md5 password's $name from /etc/shadow my $uid; #uid's $name from /etc/passwd my $gid; #gid's $name from /etc/passwd my $gecos; #gecos's $name from /etc/passwd my $home; #directory's $name from /etc/passwd my $shell; #shell's $name from etc/passwd my $crypte;#old passwd crypted in md5 (to compare with $shadow_pass) my $crypt_passwd; #new passwd crypted in md5 my $modif;#used to modify /etc/shadow with $crypt_passwd my %nis; #hash where passwd.byname is stored during manipulations my %nis2; #hash where passwd.byuid is stored during manipulations my $value; #$name's info from nis DB my @new_user_info; #array with $name's infos from nis passwd.byname (s +plit of $value) my @new_user_info2; #array with $name's infos from nis passwd.byuid (s +plit of $value) my $html= new CGI; #################################################### #HTML Header# print $html->header; print $html->start_html(-BGCOLOR=>"white"); #################################################### print "Messages du système : <br><hr>"; ($name,$shadow_pass,$uid,$gid,$gecos,$home,$shell)=getpwnam("$login"); $crypte=unix_md5_crypt($old_passwd,$shadow_pass); if ($uid<500){ print "You don't have the right to change the password by this way"; } else { if ($passwd1 eq $passwd2) { if($crypte eq $shadow_pass) { $crypt_passwd=unix_md5_crypt($passwd1,int rand (99)); $modif=modpwinfo($name,$crypt_passwd,$uid,$gid,$gecos,$home,$sh +ell); system ("$SUDO","$SMBPASSWD","-s","$name","$passwd1"); ($name,$shadow_pass,$uid)=getpwnam("$login"); tie (%nis,'GDBM_File',$passwd_byname,1,0) or die "Can't access NIS + passwd.byname"; $value=$nis{"$login"}; @new_user_info=split (/:/,$value); $new_user_info[1]="$shadow_pass"; $value= join (":",@new_user_info); $nis{"$login"}=$value; untie (%nis); tie (%nis2,'GDBM_File',$passwd_byuid,1,0) or die "Can't access NIS + passwd.byuid"; $value=$nis2{$uid}; @new_user_info2=split (/:/,$value); $new_user_info2[1]="$shadow_pass"; $value= join (":",@new_user_info2); $nis2{"$uid"}=$value; untie (%nis2); system ("$MAKEDBM","-c"); } else { print "The old password or the login name are bad."; } } else { print "Passwords do not match."} } #################################################### #HTML footer print $html->hr; print $html->a({href=>"$url_server"},"Back"); print $html->end_html; ####################################################

Comment on To setup Linux NIS, samba and shadow shadow passwords Download Code

Replies are listed 'Best First'.
Re: To setup Linux NIS, samba and shadow shadow passwords by scain (Curate) on Jan 02, 2002 at 20:18 UTC
This may seem like a silly question, but why whould you want to do this via CGI? I mean, yes, there are security conserns, but in addition to that, is this something that you do that often? I have several linux boxes, and I basically do this once for each of them and I am done. Scott	[reply]
Re: Re: To setup Linux NIS, samba and shadow shadow passwords by tbo (Scribe) on Jan 02, 2002 at 20:55 UTC
This script will run on a linux server which provides file sharing for windows (samba), linux (NIS) and Xterminal (ltsp) in a french high school. Students use both linux and windows (Windows in the library, Windows or linux in my classroom...), so i thought a cgi script is more simple for them because the way to change the password is the same. Another reason is that when I create the accounts, the password used is the last name, the login name used is the first name. So, they must quickly change the password. And, as I am a (lazy) teacher, I can't be here every day to do that task.	[reply]


P is for Practical
	PerlMonks