[1752] | 1 | #!/usr/bin/perl |
---|
| 2 | |
---|
| 3 | use strict; |
---|
| 4 | use warnings; |
---|
| 5 | use LATMOS::Accounts; |
---|
| 6 | use Getopt::Long; |
---|
| 7 | use Pod::Usage; |
---|
| 8 | |
---|
| 9 | =head1 NAME |
---|
| 10 | |
---|
[1756] | 11 | la-ban-passwd - Deny password for user |
---|
[1752] | 12 | |
---|
| 13 | =head1 SYNOPSIS |
---|
| 14 | |
---|
[1756] | 15 | la-passwd [options] user password |
---|
| 16 | la-passwd --current user |
---|
[1752] | 17 | |
---|
| 18 | =head1 OPTIONS |
---|
| 19 | |
---|
| 20 | =over 4 |
---|
| 21 | |
---|
| 22 | =item -c|--config configdir |
---|
| 23 | |
---|
| 24 | Use this configuration directory instead of the default one. |
---|
| 25 | |
---|
| 26 | =item -b|--base basename |
---|
| 27 | |
---|
| 28 | Query this specific base instead of the default one. |
---|
| 29 | |
---|
| 30 | =item --current |
---|
| 31 | |
---|
| 32 | Ban the current password for this user |
---|
| 33 | |
---|
| 34 | =item -l|--lock |
---|
| 35 | |
---|
| 36 | Lock the account |
---|
| 37 | |
---|
| 38 | =item -e|--encrypted |
---|
| 39 | |
---|
| 40 | The password given is already encrypted and must be store without modification |
---|
| 41 | |
---|
| 42 | =back |
---|
| 43 | |
---|
| 44 | =cut |
---|
| 45 | |
---|
| 46 | GetOptions( |
---|
| 47 | 'c|config=s' => \my $config, |
---|
| 48 | 'b|base=s' => \my $base, |
---|
| 49 | 'l|lock' => \my $lock, |
---|
| 50 | 'e|encrypted' => \my $encrypted, |
---|
| 51 | 'current' => \my $current, |
---|
| 52 | 'help' => sub { pod2usage(0) }, |
---|
| 53 | ) or pod2usage(); |
---|
| 54 | |
---|
| 55 | my ($user, $password) = @ARGV; |
---|
| 56 | |
---|
| 57 | if (!$password && !$current) { |
---|
| 58 | warn "You must specify a password or --current\n"; |
---|
| 59 | pod2usage(1); |
---|
| 60 | } |
---|
| 61 | |
---|
| 62 | my $otype = 'user'; |
---|
| 63 | |
---|
| 64 | my $LA = LATMOS::Accounts->new($config, noacl => 1); |
---|
| 65 | my $labase = $LA->base($base); |
---|
| 66 | $labase && $labase->load or die "Cannot load base"; |
---|
| 67 | |
---|
| 68 | $labase->wexported(1); |
---|
| 69 | |
---|
| 70 | my $obj = $labase->get_object($otype, $user) or do { |
---|
| 71 | die "Object $otype $user not found\n"; |
---|
| 72 | }; |
---|
| 73 | |
---|
| 74 | if ($lock) { |
---|
| 75 | $obj->set_c_fields('locked', 1); |
---|
[1756] | 76 | print "User $user locked\n"; |
---|
[1752] | 77 | } |
---|
| 78 | |
---|
| 79 | if ($current) { |
---|
| 80 | $obj->banCurrentPassword; |
---|
[1756] | 81 | print "Current password banned\n"; |
---|
[1752] | 82 | } else { |
---|
| 83 | if ($encrypted) { |
---|
[2043] | 84 | $password = $labase->passCrypt($password); |
---|
[1752] | 85 | } |
---|
| 86 | $obj->storeBannedPassword($password); |
---|
[1756] | 87 | print "Given password banned\n"; |
---|
[1752] | 88 | } |
---|
| 89 | |
---|
| 90 | $labase->commit; |
---|
| 91 | exit 0; |
---|