Re: Changing a user's password non-interactively?
- From: "fiedlert@xxxxxxxxx" <fiedlert@xxxxxxxxx>
- Date: 21 Feb 2006 12:17:21 -0800
Chris
here is is a perl script I wrote for our windows admins to interactivly
change passwords from a domain controller - to hell with security :)
You need expect and a setpass.expect script which ill add
you probably couldnt use this verbatim, but it may give you some ideas
(rexec, ssh, etc... )
#!/usr/bin/perl -w
use strict;
#use diagnostics;
use POSIX qw/uname/;
use POSIX qw/strftime/;
use Carp;
$|++;
# Change this to 1 to
# enable undos...
my $UNDO = 0;
my ($os, $hostname, undef)=POSIX::uname();
my ($host, undef)=split(/\./, $hostname);
my $OS = lc($os);
# APACHE Pawword File Location. if what is passed does not
# match this, exit with a nasty warning. If you have more
# than one location, add another variable...
# $APACHEDEFAULT1 etc...
my $APACHEDEFAULT = "/etc/httpd/conf/passwords";
my $APACHEDEFAULT1 = "/var/www/conf/passwords";
# Dispatch table is dependent an these vars
my ( $MODE, $USERNAME, $NEWPASS, $APACHECONF, @THINGS );
$MODE = $USERNAME = $NEWPASS = $APACHECONF = "UNDEFINED";
# Define all input dependant vars here
unless ( defined ($ARGV[0]) and $ARGV[0] =~ m/-(p|a|d|ha|hd)/ )
{
print "500 - DONE - $host - Missing or bad mode\n";
exit;
}
if ( defined $ARGV[0] ) { $MODE = $ARGV[0] }
if ( defined $ARGV[1] ) { $USERNAME = $ARGV[1] }
if ( defined $ARGV[2] ) { $NEWPASS = $ARGV[2] }
if ( defined $ARGV[3] ) { $APACHECONF = $ARGV[3] }
######################
## BEGIN exceptions ##
######################
# Seperate HACMP from AIX...
my @HACMP_CLUSTER=("NODE1",
"NODE2",
"NODE3",
"NODE4");
if ( $OS eq "aix" )
{
HALOOP: for (@HACMP_CLUSTER)
{
$OS = "hacmp" if ( $_ eq $host );
last HALOOP if ( $OS eq "HACMP" );
}
}
# AIX and HACMP are separated
if ( $MODE eq "-hd" )
{
if ( defined ( $ARGV[2] ) )
{
$NEWPASS = "NOTHING";
$APACHECONF = $ARGV[2];
}
}
if ( $USERNAME eq "root" )
{
print "500 - DONE - User Maintenance for $USERNAME not allowed";
exit;
}
if ( $APACHECONF ne "UNDEFINED" )
{
if ( $APACHECONF eq $APACHEDEFAULT1 )
{
$APACHEDEFAULT = $APACHEDEFAULT1;
}
else
{
print "500 - DONE - File mismatch ($APACHECONF !=
$APACHEDEFAULT)";
exit;
}
}
# if the apache config file does not exist,
# we'll add -c to htpasswd and let htpasswd
# create it.
my $APACHEARGS = "";
if ( ! -e "$APACHECONF" ) { $APACHEARGS= "-c" }
# This next line is too long to enter into
# the Dispatch table...
my $AIXADDU="/usr/bin/mkuser pgrp=staff groups=staff
home=/home/$USERNAME shell=/usr/bin/ksh gecos=$USERNAME $USERNAME";
#######################
## END of exceptions ##
#######################
# Format: MODE => ( COMMAND, UNDOCMD, ACTION TAKEN, ERROR_CODES )
# Be careful of the COMMAND and UNDOCMD - they are dependant on your
# OS and of how yor binaries are installed.
my %cmd=( "-p" => { "COMMAND" => { "linux" =>
"/usr/local/bin/setpass.expect $USERNAME $NEWPASS",
"aix" =>
"/usr/local/bin/setpass.expect $USERNAME $NEWPASS &&
/usr/bin/pwdadm -c
$USERNAME",
"hacmp" => "" },
"ACTION" => "Password Changed",
"ERRORS" => { "$OS:256" => "$USERNAME Does
not exist",
"$OS:32512" => "Unable to find
setpass.expect" } },
"-d" => { "COMMAND" => { "linux" => "/usr/sbin/userdel -r
$USERNAME",
"aix" => "/usr/sbin/rmuser -p
$USERNAME",
"hacmp" => "" },
"ACTION" => "Deleted",
"ERRORS" => { "$OS:1536" => "$USERNAME Does
not exist"} },
"-a" => { "COMMAND" => { "linux" => "/usr/sbin/useradd
$USERNAME &&
/usr/local/bin/setpass.expect $USERNAME $NEWPASS",
"aix" => "$AIXADDU &&
/usr/local/bin/setpass.expect $USERNAME $NEWPASS &&
/usr/bin/pwdadm -c
$USERNAME",
"hacmp" => "" },
"UNDOCMD" => { "linux" => "/usr/sbin/userdel -r
$USERNAME",
"aix" => "/usr/sbin/rmuser -p
$USERNAME" },
"ACTION" => "Added",
"ERRORS" => { "$OS:2304" => "$USERNAME
exists",
"$OS:32512" => "Unable to find
setpass.expect" } },
"-ha" => { "COMMAND" => { "linux" => "/usr/bin/htpasswd -b
-d $APACHEARGS $APACHECONF $USERNAME $NEWPASS",
"aix" =>
"/var/www/bin/htpasswd -b -d $APACHEARGS $APACHECONF $USERNAME
$NEWPASS" },
"UNDOCMD" => { "linux" => "/usr/bin/htpasswd -D
$APACHECONF $USERNAME",
"aix" =>
"/var/www/bin/htpasswd -b -d $APACHECONF $USERNAME `echo \$RANDOM`" },
"ACTION" => "Added to $APACHECONF" },
"-hd" => { "COMMAND" => { "linux" => "/usr/bin/htpasswd -D
$APACHECONF $USERNAME",
"aix" =>
"/var/www/bin/htpasswd -b -d $APACHECONF $USERNAME `echo \$RANDOM`" },
"ACTION" => "Deleted from $APACHECONF" } );
# Check for the correct parameters for the runtime mode
# you are in, run the command and check for errors
# all exits should be clean and return vals checked.
if ( &checkparms($MODE, $USERNAME, $NEWPASS, $APACHECONF) == 0 )
{
qx/$cmd{$MODE}{'COMMAND'}{$OS}/;
check_error($?);
}
else
{
# see checkparms() for info on @THINGS
print "500 - DONE - $host - @THINGS not defined";
}
exit;
###############
sub check_error
###############
{
$_=shift;
my $err="$OS:$_";
my $msg = "$USERNAME $cmd{$MODE}{'ACTION'}";
$msg = $cmd{$MODE}{'ERRORS'}{$err} if ( defined
($cmd{$MODE}{'ERRORS'}{$err}) );
open (LOGFILE, ">>/var/log/user_maint.log") or
carp "500 - DONE - Unable to open logfile";
# If we have an undo command for anything but a succesful return
# Lets run it now and log the results
if ( $UNDO == 1 and $_ > 0 )
{
qx/$cmd{$MODE}{'UNDO'}/ if ( defined ($cmd{$MODE}{'UNDO'}) );
$msg = "Undo command was run (USER = $USERNAME, MODE = $MODE)";
}
( $_ == 0 ) ? print "200 - DONE - $host - Sucess ($_) - $msg\n"
: print "500 - DONE - $host - Failure ($_) - $msg\n";
my $now = strftime "%m/%d/%Y %H:%M:%S", (localtime);
print LOGFILE "$now - $_ - $USERNAME - $msg\n";
close (LOGFILE) or carp "Unable to close logfile\n";
return 0;
}
##############
sub checkparms
##############
{
my $mode= shift;
my $username=shift;
my $newpass=shift;
my $apacheconf=shift;
if ( $mode eq "-a" or
$mode eq "-p" or
$mode eq "-d" or
$mode eq "-ha" or
$mode eq "-hd" )
{
push (@THINGS, "USERNAME") if ( $username eq "UNDEFINED" );
}
if ( $mode eq "-a" or
$mode eq "-p" or
$mode eq "-ha" )
{
push (@THINGS, "PASSWORD") if ( $newpass eq "UNDEFINED" );
}
if ( $mode eq "-ha" or
$mode eq "-hd" )
{
push (@THINGS, "HTTPD.CONF") if ($apacheconf eq "UNDEFINED" );
}
return ( scalar(@THINGS) == "0" ) ? 0 : 1;
}
__END__
setpass.expect script ->
#!/usr/local/bin/expect
# chpass.expect
# Expect script for adding a new user
#
# Uses /usr/bin/passwd(1) non-interactive
# username is passed as 1st arg, passwd as 2nd
# assigned password value to $password
set password [lindex $argv 1]
# start /usr/bin/passwd with $argv0
spawn passwd [lindex $argv 0]
sleep 1
# wait for string "password"
expect "password:"
sleep 1
# send $password
send "$password\r"
sleep 1
# wait for string "password"
expect "password:"
sleep 1
# send $password
send "$password\r"
sleep 1
expect eof
my "production" version differs only in that I have the cspoc commands
built in...
.
- Follow-Ups:
- Re: Changing a user's password non-interactively?
- From: base60
- Re: Changing a user's password non-interactively?
- From: Chris
- Re: Changing a user's password non-interactively?
- References:
- Changing a user's password non-interactively?
- From: Chris
- Changing a user's password non-interactively?
- Prev by Date: Re: gated coredump
- Next by Date: Re: NFS AIX 5.3 (5300-04-00) & Windows 2003 STD SP1
- Previous by thread: Re: Changing a user's password non-interactively?
- Next by thread: Re: Changing a user's password non-interactively?
- Index(es):
Relevant Pages
|
Loading
