File: chsh

package info (click to toggle)
libpam-ldap 186-4
  • links: PTS
  • area: main
  • in suites: bullseye, buster, stretch
  • size: 1,672 kB
  • ctags: 450
  • sloc: ansic: 3,935; sh: 3,264; perl: 361; makefile: 42
file content (107 lines) | stat: -rwxr-xr-x 3,016 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 
#!/usr/bin/perl
# chsh implementation for LDAP
# Copyright (C) 2000 Tom Lear <tom@trap.mtview.ca.us>  

# This program is free software; you can redistribute it and/or modify   
# it under the terms of the GNU General Public License as published by  
# the Free Software Foundation; either version 2 of the License, or  
# (at your option) any later version.  
#
# This program is distributed in the hope that it will be useful,  
# but WITHOUT ANY WARRANTY; without even the implied warranty of  
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the  
# GNU General Public License for more details.                   
#                                               
# You should have received a copy of the GNU General Public License  
# along with this program; if not, write to the Free Software        
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA  
#

if($ARGV[0] eq '-s') {
  shift;
  $shell=shift;
}

$user=$ARGV[0];
if($user eq '') {
  $user=(getpwuid($<))[0];
} else {
  die "You can't change that user.\n" if($< and $<!=getpwnam($user));
}

# use pam_ldap's config file since this script is ldap specific and
# is a work around for a deficiency in pam
$CONF{'pam_login_attribute'}='uid';
open(CONF,"/etc/pam_ldap.conf") or die "$!\n";
while(<CONF>) {
  next if(m/^\s*($|#)/);
  m/^\s*(\S+)\s+(.*?)\s*$/;
  $CONF{$1}=$2;
}
close(CONF);
open(CONF,"/etc/pam_ldap.secret") and chomp($CONF{'rootbindpw'}=<CONF>);
close(CONF);

use Net::LDAP;

$ldap=Net::LDAP->new($CONF{'host'});

if($< or $CONF{'rootbinddn'} eq '') {
  $ENV{'PATH'}='';
  system "/bin/stty -echo";
  print 'Password:';
  chomp($password = <STDIN>);
  print "\n";
  system "/bin/stty echo";
  %bindargs=('dn'         => "$CONF{pam_login_attribute}=$user,ou=People,$CONF{base}",
             'password'   => $password,
  );
} else {
  %bindargs=('dn'         => $CONF{'rootbinddn'},
             'password'   => $CONF{'rootbindpw'},
  );
}
$bindargs{'version'}=$CONF{'ldap_version'}?$CONF{'ldap_version'}:2;

$ldap->bind(%bindargs) or die "unable to bind to ldap server: $@";

# check if the old shell is valid
$oldshell=(getpwnam($user))[8];
open(IN,"/etc/shells");
while(<IN>) {
  chomp;
  $valid=1 if($oldshell eq $_);
}
close(IN);
die "can't change shell for `$user'\n" if($< and !$valid);

# get the new shell if neccesary
if($shell eq '') {
  print "Enter the new value, or press return for the default\n\n";
  print "\t Login Shell [$oldshell]: ";
  $shell=<STDIN>;
  chomp $shell;
  $shell=$oldshell if($shell eq '');
}

# check the shells validity
if($<) {
  $valid=0;
  open(IN,"/etc/shells");
  while(<IN>) {
    chomp;
    $valid=1 if($shell eq $_);
  }
  close(IN);
  die "$shell is an invalid shell.\n" if(!$valid);
}

# change the shell
$ret=$ldap->modify("$CONF{pam_login_attribute}=$user,ou=People,$CONF{base}",
        replace => {'loginShell' => $shell});
if($ret->code) {
  printf STDERR ("failed: %s\n",$ret->error);
} else {
  print "changed user `$user' shell to `$shell'\n";
}