Project

General

Profile

metacat / src / perl / change-ldap-passwd.pl @ 3443

1
#!/usr/bin/perl -w
2
 #
3
 #  '$RCSfile$'
4
 #  Copyright: 2001 Regents of the University of California
5
 #
6
 #   '$Author: sgarg $'
7
 #     '$Date: 2005-04-19 12:11:29 -0700 (Tue, 19 Apr 2005) $'
8
 # '$Revision: 2499 $'
9
 #
10
 # This program is free software; you can redistribute it and/or modify
11
 # it under the terms of the GNU General Public License as published by
12
 # the Free Software Foundation; either version 2 of the License, or
13
 # (at your option) any later version.
14
 #
15
 # This program is distributed in the hope that it will be useful,
16
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
17
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18
 # GNU General Public License for more details.
19
 #
20
 # You should have received a copy of the GNU General Public License
21
 # along with this program; if not, write to the Free Software
22
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
23
 #
24

    
25
#
26
# This is a web-based application for allowing users to register a new
27
# account for Metacat access.  We currently only support LDAP even
28
# though metacat could potentially support other types of directories.
29
#
30
use strict;       # turn on strict syntax checking.
31
use Net::LDAP;    # load the LDAP net libraries
32
use Digest::SHA1; # for creating the password hash
33
use MIME::Base64; # for creating the password hash
34
use Term::ReadKey;# for not displaying the password on command line
35

    
36
# Set up our default configuration
37
my $ldapurl = "@ldapurl@";
38
my $bindDN = "@user@";
39
my $searchBase = "@ldapSearchBase@";
40

    
41
my $userDN = readReqdParam("Enter the user DN:");
42
ReadMode('noecho'); # set no echo mode on the term so that passwords are not displayed
43
my $userPass = readReqdParam("Enter the new user password:");
44
my $bindPass = readReqdParam("Enter the root password:");
45
ReadMode('normal'); # set terminal mode back to normal 
46

    
47
my $errorMessage = 0;
48
my $ldap = Net::LDAP->new($ldapurl) or die "$@";
49
my $bindresult = $ldap->bind( version => 3, dn => $bindDN,
50
                                  password => $bindPass );
51
if ($bindresult->code) {
52
    $errorMessage = "Failed to log in. Are you sure your old " .
53
                    "password is correct? Try again...\n";
54
    print $errorMessage;
55
    exit 0;
56
}
57

    
58
# Find the user here and change their entry
59
my $newpass = createSeededPassHash($userPass);
60
my $modifications = { userPassword => $newpass };
61
my $result = $ldap->modify( $userDN, replace => { %$modifications });
62

    
63
if ($result->code()) {
64
   $errorMessage = "There was an error changing the password: " .
65
                      $result->error."\n";
66
} else {
67
   $errorMessage = "The password has been changed.\n";
68

    
69
}
70

    
71
$ldap->unbind;   # take down session
72

    
73
print $errorMessage;
74

    
75
#
76
# generate a Seeded SHA1 hash of a plaintext password
77
#
78
sub createSeededPassHash {
79
    my $secret = shift;
80

    
81
    my $salt = "";
82
    for (my $i=0; $i < 4; $i++) {
83
        $salt .= int(rand(10));
84
    }
85

    
86
    my $ctx = Digest::SHA1->new;
87
    $ctx->add($secret);
88
    $ctx->add($salt);
89
    my $hashedPasswd = '{SSHA}' . encode_base64($ctx->digest . $salt ,'');
90

    
91
    return $hashedPasswd;
92
}
93

    
94
sub readReqdParam{
95
    my $printString = shift;
96

    
97
    print "$printString\n";
98
    my $returnVal = <>;
99
    chomp $returnVal;
100

    
101
    while($returnVal eq ""){
102
        print "This value is required. $printString\n";
103
        $returnVal = <>;
104
        chomp $returnVal;
105
    }
106
    return $returnVal;
107
}
108