Changeset 1935
- Timestamp:
- 01/17/17 17:38:36 (7 years ago)
- Location:
- trunk/LATMOS-Accounts
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LATMOS-Accounts/bin/la-passwd
r1755 r1935 36 36 Don't change the password but check its validity using CrackLib. 37 37 38 =item -f|--force 39 40 Change the even it is weak (has no effect with --crypt) 41 42 =item --crypt 43 44 The given password is crypt using standard unix method and will be injected 45 as is inside the base. Works only for base supporting this, and some form of 46 password may not be updated. 47 48 =item --input FILENAME 49 50 Read login/password from a file in form 51 52 username:password 53 54 or 55 username:password:... 56 57 Everything after the second colon is ignored 58 59 If C<FILENAME> is C<->, standard input is used 60 38 61 =back 39 62 … … 46 69 's|sync=s' => \my $sync, 47 70 'f|force' => \my $force, 71 'crypt' => \my $crypt, 72 'i|input=s' => \my $input, 48 73 'help' => sub { pod2usage(0) }, 49 74 ) or pod2usage(); 50 51 if (!$ARGV[0]) {warn "You must specify 'userid', aborting\n"; pod2usage(); }52 53 my $otype = 'user';54 75 55 76 my $LA = LATMOS::Accounts->new($config, noacl => 1); … … 59 80 $labase->wexported(1); 60 81 61 my $obj = $labase->get_object($otype, $ARGV[0]) or do { 62 die "Object $otype $ARGV[0] not found\n"; 82 sub set_passwd { 83 my ($obj, $password) = @_; 84 my $res = $obj->check_password($password); 85 86 if ($res !~ /^ok$/) { 87 print "Password quality: " . $res . "\n"; 88 print "Cannot set bad password, use --force to bypass security\n" unless($force); 89 return 0; 90 } 91 92 return 1 if($test); 93 94 if ($obj->set_password($password)) { 95 print "Password succefully changed\n"; 96 $labase->commit; 97 return 1; 98 } else { 99 warn "Error when trying to change password\n"; 100 return 0; 101 } 102 } 103 104 if (!$ARGV[0] && !$input) {warn "You must specify 'userid', aborting\n"; pod2usage(); } 105 106 my ($username, $password) = @ARGV; 107 108 my $otype = 'user'; 109 110 111 if ($input) { 112 my $handle; 113 if ($input eq '-') { 114 $input = \*STDIN; 115 } else { 116 open($handle, '<', $input) or die "Cannot open $input: $!\n"; 117 } 118 119 while (<$handle>) { 120 my ($username, $password) = split(/:/); 121 $username or next; 122 $password or next; 123 124 my $obj = $labase->get_object($otype, $username) or do { 125 warn "Object $otype $ARGV[0] not found\n"; 126 next; 127 }; 128 129 print "Updating user $username\n"; 130 if ($crypt) { 131 if ($obj->InjectCryptPasswd($password)) { 132 $labase->commit; 133 } 134 } else { 135 set_passwd($obj, $password); 136 } 137 } 138 139 } else { 140 my $obj = $labase->get_object($otype, $username) or do { 141 die "Object $otype $ARGV[0] not found\n"; 142 }; 143 144 unless($password) { 145 ReadMode('noecho'); 146 print "Enter password: "; 147 $password = ReadLine(0); 148 ReadMode 0; 149 print "\n"; 150 chomp($password); 151 } 152 153 if ($crypt) { 154 if ($obj->InjectCryptPasswd($password)) { 155 $labase->commit; 156 exit(0); 157 } 158 } else { 159 exit (!set_passwd($obj, $password)); 160 } 63 161 }; 64 162 65 ReadMode('noecho');66 print "Enter password: ";67 my $password = ReadLine(0);68 ReadMode 0;69 print "\n";70 chomp($password);71 72 my $res = $obj->check_password($password);73 74 if ($res !~ /^ok$/) {75 print "Password quality: " . $res . "\n";76 die "Cannot set bad password, use --force to bypass security\n" unless($force);77 }78 79 exit(0) if($test);80 81 if ($obj->set_password($password)) {82 print "Password succefully changed\n";83 $labase->commit;84 exit 0;85 } else {86 warn "Error when trying to change password\n";87 exit 1;88 } -
trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Ldap/User.pm
r1865 r1935 101 101 }, 102 102 homeDirectory => { }, 103 userPassword => { },104 103 loginShell => { }, 105 104 gecos => { }, … … 298 297 } 299 298 299 =head2 _InjectCryptPasswd($cryptpasswd) 300 301 Inject a password encrypted using standard UNIX method. 302 303 Works only for unix authentification method inside LDAP 304 305 =cut 306 307 sub _InjectCryptPasswd { 308 my ($self, $cryptpasswd) = @_; 309 310 my $res = $self->set_fields( 311 userPassword => '{CRYPT}' . $cryptpasswd, 312 ); 313 314 if ($res) { 315 $self->base->log(LA_NOTICE, 'Crypted password injected for %s', $self->id); 316 return 1; 317 } else { 318 $self->base->log(LA_ERR, 'Cannot inject crypted password for %s', $self->id); 319 return 0; 320 } 321 } 322 300 323 1; 301 324 -
trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Objects.pm
r1865 r1935 551 551 552 552 return fascist_check($password, $dictionary); 553 } 554 555 =head2 InjectCryptPasswd($cryptpasswd) 556 557 Inject a password encrypted using standard UNIX method. 558 559 =cut 560 561 sub InjectCryptPasswd { 562 my ($self, $cryptpasswd) = @_; 563 564 if ($self->can('_InjectCryptPasswd')) { 565 return $self->_InjectCryptPasswd($cryptpasswd); 566 } else { 567 $self->base->log('Injecting unix crypt password is not supported'); 568 return; 569 } 553 570 } 554 571 -
trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/User.pm
r1922 r1935 1869 1869 } 1870 1870 1871 =head2 _InjectCryptPasswd($cryptpasswd) 1872 1873 Inject a password encrypted using standard UNIX method. 1874 1875 The passwrod will be used to authenticate user inside the application but it 1876 will not be transmit to any other database. 1877 1878 =cut 1879 1880 sub _InjectCryptPasswd { 1881 my ($self, $cryptpasswd) = @_; 1882 1883 if (my $current = $self->get_field('userPassword')) { 1884 if ($cryptpasswd eq $current) { 1885 return 1; 1886 } 1887 } 1888 my $res = $self->set_fields('userPassword', $cryptpasswd); 1889 1890 if ($res) { 1891 $self->base->log(LA_NOTICE, 'Crypted password injected for %s', $self->id); 1892 return 1; 1893 } else { 1894 $self->base->log(LA_ERR, 'Cannot inject crypted password for %s', $self->id); 1895 return 0; 1896 } 1897 } 1871 1898 1872 1899 =head2 GenPasswordResetId -
trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Unix/User.pm
r1931 r1935 138 138 } 139 139 140 =head2 _InjectCryptPasswd($cryptpasswd) 141 142 Inject a password encrypted using standard UNIX method. 143 144 =cut 145 146 sub _InjectCryptPasswd { 147 my ($self, $cryptpasswd) = @_; 148 149 my $res = $self->set_c_fields( 150 userPassword => $cryptpasswd, 151 ); 152 153 if ($res) { 154 $self->base->log(LA_NOTICE, 'Crypted password injected for %s', $self->id); 155 return 1; 156 } else { 157 $self->base->log(LA_ERR, 'Cannot inject crypted password for %s', $self->id); 158 return 0; 159 } 160 } 161 140 162 1; 141 163
Note: See TracChangeset
for help on using the changeset viewer.