#!/usr/bin/perl -wT
#----------------------------------------------------------------------
# e-smith manager functions: userpassword
# copyright (C) 1999, 2000, 2001 e-smith, inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from e-smith, inc.
# Please visit our web site www.e-smith.com for details.
#----------------------------------------------------------------------
use strict;
use esmith::FormMagick;
use esmith::util;
use esmith::ConfigDB;
our $configdb = esmith::ConfigDB->open();
my $fm = new esmith::FormMagick;
$fm->display();
sub change_password {
my ($fm) = @_;
my $q = $fm->{cgi};
$q->param( -name => 'wherenext', -value => 'Done' );
my $oldPass = $q->param('oldPass');
my $pass = $q->param('pass');
my $acctName = $q->param('account');
unless (($oldPass) = ($oldPass =~ /^(\S+)$/ ))
{
$q->param(-name => 'status_message', -value => 'TAINTED_OLDPASS');
return;
}
unless (($pass) = ($pass =~ /^([ -~]+)$/ ))
{
$q->param(-name => 'status_message', -value => 'TAINTED_PASS');
return;
}
unless (($acctName) = ($acctName =~ /^([a-z][\-\_\.a-z0-9]*)$/ ))
{
$q->param(-name => 'status_message', -value => 'TAINTED_ACCOUNT');
return;
}
use esmith::AccountsDB;
my $accountdb = esmith::AccountsDB->open();
my $acct;
unless ($acct = $accountdb->get($acctName))
{
$q->param(-name => 'status_message', -value => 'YOUR_ACCOUNT_INVALID');
return;
}
unless ($acct->prop('type') eq 'user')
{
$q->param(-name=>'status_message', -value=>"YOUR_ACCOUNT_INVALID");
return;
}
unless (esmith::util::setUserPasswordRequirePrevious(
$acctName,
$oldPass,
$pass))
{
$q->param(-name => 'status_message',
-value => 'ERROR_PASSWORD_CHANGE');
return;
}
$acct->set_prop("PasswordSet", "yes");
undef $accountdb;
system("/sbin/e-smith/signal-event", "password-modify", $acctName) == 0
or die ("Error occurred while modifying password for $acctName.\n");
$accountdb = esmith::AccountsDB->open();
$q->param(-name => 'status_message', -value => 'PASSWORD_CHANGE_SUCCESS');
return;
}
sub password_compare {
my $fm = shift;
my $pass2 = shift;
my $pass1 = $fm->{cgi}->param('pass');
unless ($pass1 eq $pass2) {
$fm->{cgi}->param( -name => 'wherenext', -value => 'Password' );
return "PASSWORD_VERIFY_ERROR";
}
return "OK";
}
=pod
=head2 check_password
Validates the password using the desired strength
=cut
sub check_password {
my $fm = shift;
my $pass1 = shift;
my $check_type;
my $rec = $configdb->get('passwordstrength');
$check_type = ($rec ? ($rec->prop('Users') || 'none') : 'none');
return $fm->validate_password($check_type,$pass1);
}
__DATA__
<form title="ACCOUNT_PASSWORD_CHANGE" header="/etc/e-smith/web/common/userpassword_head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl">
<page name="Password" post-event="change_password" pre-event="turn_off_buttons()" header="/etc/e-smith/web/common/head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl">
<description>DESCRIPTION</description>
<field type="text" id="account" validation="nonblank" value="">
<label>YOUR_ACCOUNT</label>
</field>
<field type="password" id="oldPass" validation="nonblank" value="">
<label>PASSWORD_OLD</label>
</field>
<field type="password" id="pass" validation="nonblank, check_password" value="">
<label>PASSWORD_NEW</label>
</field>
<field type="password" id="passVerify" validation="password_compare" value="">
<label>PASSWORD_VERIFY_NEW</label>
</field>
<subroutine src="print_button('PASSWORD_CHANGE')" />
</page>
<page name="Done" pre-event="print_status_message()">
</page>
</form>