1 | #!/usr/bin/perl |
---|
2 | |
---|
3 | use strict; |
---|
4 | use warnings; |
---|
5 | use LATMOS::Accounts; |
---|
6 | use Getopt::Long; |
---|
7 | use Pod::Usage; |
---|
8 | |
---|
9 | =head1 NAME |
---|
10 | |
---|
11 | la-ban-passwd - Deny password for user |
---|
12 | |
---|
13 | =head1 SYNOPSIS |
---|
14 | |
---|
15 | la-passwd [options] user password |
---|
16 | la-passwd --current user |
---|
17 | |
---|
18 | =head1 OPTIONS |
---|
19 | |
---|
20 | =over 4 |
---|
21 | |
---|
22 | =item -c|--config configdir |
---|
23 | |
---|
24 | Use this configuration directory instead of the default one. |
---|
25 | |
---|
26 | =item -b|--base basename |
---|
27 | |
---|
28 | Query this specific base instead of the default one. |
---|
29 | |
---|
30 | =item --current |
---|
31 | |
---|
32 | Ban the current password for this user |
---|
33 | |
---|
34 | =item -l|--lock |
---|
35 | |
---|
36 | Lock the account |
---|
37 | |
---|
38 | =item -e|--encrypted |
---|
39 | |
---|
40 | The password given is already encrypted and must be store without modification |
---|
41 | |
---|
42 | =back |
---|
43 | |
---|
44 | =cut |
---|
45 | |
---|
46 | GetOptions( |
---|
47 | 'c|config=s' => \my $config, |
---|
48 | 'b|base=s' => \my $base, |
---|
49 | 'l|lock' => \my $lock, |
---|
50 | 'e|encrypted' => \my $encrypted, |
---|
51 | 'current' => \my $current, |
---|
52 | 'help' => sub { pod2usage(0) }, |
---|
53 | ) or pod2usage(); |
---|
54 | |
---|
55 | my ($user, $password) = @ARGV; |
---|
56 | |
---|
57 | if (!$password && !$current) { |
---|
58 | warn "You must specify a password or --current\n"; |
---|
59 | pod2usage(1); |
---|
60 | } |
---|
61 | |
---|
62 | my $otype = 'user'; |
---|
63 | |
---|
64 | my $LA = LATMOS::Accounts->new($config, noacl => 1); |
---|
65 | my $labase = $LA->base($base); |
---|
66 | $labase && $labase->load or die "Cannot load base"; |
---|
67 | |
---|
68 | $labase->wexported(1); |
---|
69 | |
---|
70 | my $obj = $labase->get_object($otype, $user) or do { |
---|
71 | die "Object $otype $user not found\n"; |
---|
72 | }; |
---|
73 | |
---|
74 | if ($lock) { |
---|
75 | $obj->set_c_fields('locked', 1); |
---|
76 | print "User $user locked\n"; |
---|
77 | } |
---|
78 | |
---|
79 | if ($current) { |
---|
80 | $obj->banCurrentPassword; |
---|
81 | print "Current password banned\n"; |
---|
82 | } else { |
---|
83 | if ($encrypted) { |
---|
84 | $password = $labase->passCrypt($password); |
---|
85 | } |
---|
86 | $obj->storeBannedPassword($password); |
---|
87 | print "Given password banned\n"; |
---|
88 | } |
---|
89 | |
---|
90 | $labase->commit; |
---|
91 | exit 0; |
---|