1#!/usr/bin/perl -w 2 3# LDAP to unix password sync script for samba-tng 4# originally by Jody Haynes <Jody.Haynes@isunnetworks.com> 5# 12/12/2000 milos@interactivesi.com 6# modified for use with MD5 passwords 7# 12/16/2000 mami@arena.sci.univr.it 8# modified to change lmpassword and ntpassword for samba 9# 05/01/2001 mami@arena.sci.univr.it 10# modified for being also a /bin/passwd replacement 11# 12# ACHTUNG!! For servers that support the LDAP Modify password 13# extended op (e.g. OpenLDAP), see the "ldap password 14# sync" option in smb.conf(5). 15# 16 17$basedn = "ou=Students,dc=univr, dc=it"; 18$binddn = "uid=root,dc=univr,dc=it"; 19$scope = "sub"; 20$passwd = "mysecret"; 21 22foreach $arg (@ARGV) { 23 if ($< != 0) { 24 die "Only root can specify parameters\n"; 25 } else { 26 if ( ($arg eq '-?') || ($arg eq '--help') ) { 27 print "Usage: $0 [-o] [username]\n"; 28 print " -o, --without-old-password do not ask for old password (root only)\n"; 29 print " -?, --help show this help message\n"; 30 exit (-1); 31 } elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) { 32 $oldpass = 1; 33 } elsif (substr($arg,0) ne '-') { 34 $user = $arg; 35 if (!defined(getpwnam($user))) { 36 die "$0: Unknown user name '$user'\n"; ; 37 } 38 } 39 } 40} 41 42if (!defined($user)) { 43 $user=$ENV{"USER"}; 44} 45 46if (!defined($oldpass)) { 47 system "stty -echo"; 48 print "Old password for user $user: "; 49 chomp($oldpass=<STDIN>); 50 print "\n"; 51 system "stty echo"; 52 53 $ntpwd = `/usr/local/sbin/smbencrypt '$oldpass'`; 54 $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')); chomp $lmpassword; 55 $ntpassword = substr($ntpwd, index($ntpwd, ':')+1); chomp $ntpassword; 56 57 # Find dn for user $user (maybe check unix password too?) 58 $dn=`ldapsearch -b '$basedn' -s '$scope' '(&(uid=$user)(lmpassword=$lmpassword)(ntpassword=$ntpassword))'|head -1`; 59 chomp $dn; 60 61 if ($dn eq '') { 62 print "Wrong password for user $user!\n"; 63 exit (-1); 64 } 65} else { 66 # Find dn for user $user 67 $dn=`ldapsearch -b '$basedn' -s '$scope' '(uid=$user)'|head -1`; 68 chomp $dn; 69} 70 71system "stty -echo"; 72print "New password for user $user: "; 73chomp($pass=<STDIN>); 74print "\n"; 75system "stty echo"; 76 77system "stty -echo"; 78print "Retype new password for user $user: "; 79chomp($pass2=<STDIN>); 80print "\n"; 81system "stty echo"; 82 83if ($pass ne $pass2) { 84 die "Wrong password!\n"; 85} else { 86# MD5 password 87$random = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64]; 88$bsalt = "\$1\$"; $esalt = "\$"; 89$modsalt = $bsalt.$random.$esalt; 90$password = crypt($pass, $modsalt); 91 92# LanManager and NT clear text passwords 93$ntpwd = `/usr/local/sbin/smbencrypt '$pass'`; 94chomp($lmpassword = substr($ntpwd, 0, index($ntpwd, ':'))); 95chomp($ntpassword = substr($ntpwd, index($ntpwd, ':')+1)); 96 97$FILE="|/usr/bin/ldapmodify -D '$binddn' -w $passwd"; 98 99open FILE or die; 100 101print FILE <<EOF; 102dn: $dn 103changetype: modify 104replace: userPassword 105userPassword: {crypt}$password 106- 107changetype: modify 108replace: lmpassword 109lmpassword: $lmpassword 110- 111changetype: modify 112replace: ntpassword 113ntpassword: $ntpassword 114- 115 116EOF 117close FILE; 118 119} 120 121exit 0; 122 123