use CGI qw(:standard);
use Net::LDAP;
$masterLDAP = "ldap.idealx.org";
$basedn = "dc=IDEALX,dc=org";
$masterPw = "";
$masterDN = "cn=manager,$basedn";
$ldap_path = "/usr/bin";
$ldap_opts = "-x";
$ldappasswd = "$ldap_path/ldappasswd $ldap_opts -h $masterLDAP -D '$masterDN' -w '$masterPw'";
$usersdn = "ou=Users,$basedn";
$logtag = "Login:";
$passtag = "Current password:";
$npasstag1 = "New password:";
$npasstag2 = "Retype new pasword:";
$error = "";
$color = "<FONT color='red'>";
$stopcolor = "</FONT>";
if(param()){
nologin() unless ($username = param('login'));
nopass() unless ($oldpass = param('oldpass'));
nonewpass(1) unless ($newpass1 = param('newpass'));
nonewpass(2) unless ($newpass2 = param('newpass2'));
verifyuser($username) or die "bad user";
verifypass($username, $oldpass) or die "bad pass";
testnewpass($newpass1, $newpass2) or die "bad new pass";
changepass($username, $newpass1) or die "couldn't change pass";
printsuccess();
}else{
printpage();
}
exit(0);
sub verifyuser{
local $user = shift;
$ldap = Net::LDAP->new($masterLDAP) or die "can't make new LDAP object: $@";
$ldap->bind();
if (0 < $ldap->search(base => $basedn, filter => "(uid=$user)")->count){
return 1;
}
$logtag = $color . $logtag . $color;
$error = "No such user";
printpage();
return 0;
}
sub verifypass{
$uid = shift;
$pass = shift;
$ldap = Net::LDAP->new($masterLDAP) or die "can't make new LDAP object: $@";
$binddn = "uid=$uid,ou=People,$basedn";
return 1 if($ldap->bind( $binddn, password => $pass)->code == 0);
if($ldap->bind()){
$passtag = $color . $passtag . $color;
$error = "Incorrect password";
printpage();
return 0;
}else{
print header, start_html(-title=>"LDAP dead");
print h2("<CENTER>The LDAP server is temporarily unavailable."),
p,"Please try again later</CENTER>";
return 0;
}die "Something (or someone) is defective, contact your friendly Systems Administrator";
}
sub testnewpass{
$p1 = shift; $p2 = shift;
if ($p1 ne $p2){
$npasstag1 = $color . $npasstag1 . $color;
$npasstag2 = $color . $npasstag2 . $color;
$error = "Passwords don't match ($p1 vs $p2)";
printpage();
return 0;
}
if ($p1 =~ /"/ ){
$npasstag1 = $color . $npasstag1 . $color;
$npasstag2 = $color . $npasstag2 . $color;
$error = "Passwords cannot contain double quotes. Sorry";
printpage();
return 0;
}
if ($p1 =~ /'/ ){
$npasstag1 = $color . $npasstag1 . $color;
$npasstag2 = $color . $npasstag2 . $color;
$error = "Passwords cannot contain single quotes. Sorry";
printpage();
return 0;
}
return 1;
}
sub changepass{
local $user = shift;
local $newpass = shift;
local $dn = "uid=$user,$usersdn";
system "$ldappasswd $dn -s '$newpass' > /dev/null";
`/usr/bin/sudo /usr/bin/smbpasswd $user "$newpass"`;
exit(1);
}
sub nologin{
$logtag = $color . $logtag . $color;
$error = "You need to enter a Login Name";
printpage();
exit(1);
}
sub nopass{
$passtag = $color . $passtag . $color;
$error = "Please enter your old password";
printpage();
exit(1);
}
sub nonewpass{
$f=shift;
$npasstag1 = $color . $npasstag1 . $color if($f==1);
$npasstag2 = $color . $npasstag2 . $color if($f==2);
$error = "You need to enter your new password";
$error .= " twice" if($f==2);
printpage();
exit(1);
}
sub printpage{
print header,
start_html(-title=> "Password Change Page",
-author=> 'tdavis@birddog.com',
-BGCOLOR=> 'WHITE'),
h3('Password Change Page'),
startform(-method=>'POST'),
"<TABLE BORDER=0 WIDTH=50%>",
"<font size=2>",
"<TR><TD>",
$logtag,
"</TD><TD>",
textfield(-name=>'login', -default=>$login,
-size=>15, -maxlength=>20),
"</TD><TR><TD>",
$passtag,
"</TD><TD>",
password_field(-name=>'oldpass', -size=>15, -maxlength=>25),
"</TD><TR><TD>",
$npasstag1,
"</TD><TD>",
password_field(-name=>'newpass', -size=>15, -maxlength=>25),
"</TD><TR><TD>",
$npasstag2,
"</TD><TD>",
password_field(-name=>'newpass2', -size=>15, -maxlength=>25),
"</TD><TR><TD></TD><TD>",
submit(-name=>"change"),reset(),
"</TD></TR></TABLE>",
"</font>",
endform(),
"<FONT color='red'>$error</FONT>",
end_html;
}
sub printsuccess(){
print header,
start_html(-title=> "Success",
-BGCOLOR=> 'WHITE'),
h1("Password Succesfully Changed"),
"<br>",
end_html;
}