荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: jjksam (Linux,c/c++,java), 信区: Linux
标 题: [转载] [Proftpasswd.pl],配合proftpd中AuthUserFile使用(转寄)
发信站: 荔园晨风BBS站 (Fri Nov 30 14:53:48 2001), 转信
【 以下文字转载自 jjksam 的信箱 】
【 原文由 jjksam@smth.org 所发表 】
发信人: major (口干舌燥的の想找你爽爽), 信区: Linux
标 题: [Proftpasswd.pl],配合proftpd中AuthUserFile使用
发信站: BBS 水木清华站 (Thu Nov 29 19:02:47 2001)
#!/usr/bin/perl
use strict;
use File::Basename qw(basename);
use Getopt::Long;
$Getopt::Long::auto_abbrev = 0;
my $program = basename($0);
my $default_passwd_file = "./ftpd.passwd";
my $default_group_file = "./ftpd.group";
my $shell_file = "/dev/null";
my $default_cracklib_dict = "/usr/lib/cracklib_dict";
my $cracklib_dict;
my $output_file;
my @data;
my %opts = ();
GetOptions(\%opts, 'enable-group-passwd', 'file=s', 'F|force', 'gid=n',
'group', 'h|help', 'home=s', 'm|member=s@', 'name=s', 'passwd',
'shell=s',
'uid=n', 'use-cracklib:s', 'change-password');
usage() if (defined($opts{'h'}));
if (defined($opts{'use-cracklib'})) {
eval { require Crypt::Cracklib };
die "$program: --use-cracklib requires Crypt::Cracklib to be
installed\n" if $@;
if ($opts{'use-cracklib'} ne "") {
$cracklib_dict = $opts{'use-cracklib'};
} else {
$cracklib_dict = $default_cracklib_dict;
}
}
if (exists($opts{'passwd'}) && exists($opts{'group'})) {
die "$program: please use either --passwd or --group, not both\n";
} elsif (defined($opts{'passwd'})) {
if (defined($opts{'file'})) {
$output_file = $opts{'file'};
print STDOUT "$program: using alternate file: $output_file\n"
} else {
$output_file = $default_passwd_file;
}
die "$program: --passwd: missing required argument: --name\n"
unless (defined($opts{'name'}));
if (defined($opts{'change-password'})) {
open_output_file();
my ($uid, $gid, $home, $shell) = find_passwd_entry(name =>
$opts{'name'});
handle_passwd_entry(gid => $gid, home => $home, name =>
$opts{'name'},
shell => $shell, uid => $uid);
close_output_file();
exit 0;
}
die "$program: --passwd: missing required argument: --home\n"
unless (defined($opts{'home'}));
die "$program: --passwd: missing required argument: --shell\n"
unless (defined($opts{'shell'}));
die "$program: --passwd: missing required argument: --uid\n"
unless (defined($opts{'uid'}));
unless (defined($opts{'gid'})) {
$opts{'gid'} = $opts{'uid'};
warn "$program: --passwd: missing --gid argument: default gid set to
uid\n";
}
open_output_file();
handle_passwd_entry(gid => $opts{'gid'}, home => $opts{'home'},
name => $opts{'name'}, shell => $opts{'shell'}, uid =>
$opts{'uid'});
close_output_file();
} elsif (defined($opts{'group'})) {
if (defined($opts{'file'})) {
$output_file = $opts{'file'};
print STDOUT "$program: using alternate file: $output_file\n";
} else {
$output_file = $default_group_file;
}
die "$program: -group: missing required argument: --gid\n"
unless (defined($opts{'gid'}));
die "$program: -group: missing required argument: --name\n"
unless (defined($opts{'name'}));
open_output_file();
handle_group_entry(gid => $opts{'gid'}, members => $opts{'member'},
name => $opts{'name'});
close_output_file();
} else {
die "$program: missing required --passwd or --group\n$program: use
$program --help for details on usage\n\n";
}
exit 0;
sub check_shell {
my %args = @_;
my $shell = $args{'shell'};
my $result = 0;
unless (open(SHELLS, "< $shell_file")) {
warn "$program: unable to open $shell_file: $!\n";
warn "$program: skipping check of $shell_file\n";
return;
}
while(my $line = <SHELLS>) {
chomp($line);
if ($line eq $shell) {
$result = 1;
last;
}
}
close(SHELLS);
unless ($result) {
print STDOUT "\n$program: $shell is not among the valid system
shells. Use of\n";
print STDOUT "$program: the RequireValidShell may be required, and
the PAM\n";
print STDOUT "$program: module configuration may need to be
adjusted.\n\n";
}
return $result;
}
#
------------------------------------------------------------------------
----
sub close_output_file {
my %args = @_;
chmod 0444, $output_file;
close(OUTPUT) or die "$program: unable to close $output_file: $!\n";
}
#
------------------------------------------------------------------------
----
sub find_passwd_entry {
my %args = @_;
my $name = $args{'name'};
my ($uid, $gid, $home, $shell);
my $found = 0;
foreach my $line (@data) {
next unless $line =~ /^$name/;
my @fields = split(':', $line);
$uid = $fields[2];
$gid = $fields[3];
$home = $fields[5];
$shell = $fields[6];
$found = 1;
last;
}
unless ($found) {
print STDOUT "$program: error: no such user $name in
$output_file\n";
exit 1;
}
return ($uid, $gid, $home, $shell);
}
#
------------------------------------------------------------------------
----
sub get_passwd {
my %args = @_;
my ($passwd, $passwd2);
system "stty -echo";
print STDOUT "\nPassword:";
chomp($passwd = <STDIN>);
print STDOUT "\n";
system "stty echo";
system "stty -echo";
print STDOUT "Re-type password:";
chomp($passwd2 = <STDIN>);
print STDOUT "\n\n";
system "stty echo";
if ($passwd2 ne $passwd) {
print STDOUT "Passwords do not match. Please try again.\n";
return get_passwd();
}
if ($args{'allow_blank'} and $passwd eq "") {
return "";
}
if (defined($opts{'use-cracklib'})) {
require Crypt::Cracklib;
if (!Crypt::Cracklib::check($passwd, $cracklib_dict)) {
print STDOUT "Bad password: ", Crypt::Cracklib::
fascist_check($passwd,
$cracklib_dict), "\n";
return get_passwd();
}
}
my $salt = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand
64];
return crypt($passwd, $salt);
}
#
------------------------------------------------------------------------
----
sub handle_group_entry {
my %args = @_;
my $gid = $args{'gid'};
my $members = "";
if (defined($args{'members'})) {
$members = join(',', @{ $args{'members'} });
}
my $name = $args{'name'};
my $passwd;
my $found = 0;
for (my $index = 0; $index <= $#data; $index++) {
my @entry = split(':', $data[$index]);
if ($name eq $entry[0]) {
print STDOUT "$program: updating group entry for group $name\n";
# remove the entry to be updated
splice(@data, $index, 1);
$found = 1;
}
}
unless ($found) {
print STDOUT "$program: creating group entry for group $name\n";
}
if (defined($opts{'enable-group-passwd'})) {
$passwd = get_passwd(allow_blank => 1);
} else {
$passwd = "x";
}
push(@data, "$name:$passwd:$gid:$members");
@data = map { $_->[0] }
sort {
$a->[3] <=> $b->[3]
}
map { [ $_, (split /:/)[0, 1, 2, 3] ] }
@data;
foreach my $line (@data) {
print OUTPUT "$line\n";
}
unless ($found) {
print STDOUT "$program: entry created\n";
} else {
print STDOUT "$program: entry updated\n";
}
}
#
------------------------------------------------------------------------
----
sub handle_passwd_entry {
my %args = @_;
my $gid = $args{'gid'};
my $home = $args{'home'};
my $name = $args{'name'};
my $shell = $args{'shell'};
my $uid = $args{'uid'};
$home =~ s/(.*)\/$/$1/ if ($home =~ /\/$/);
my $gecos = "";
my $found = 0;
for (my $index = 0; $index <= $#data; $index++) {
my @entry = split(':', $data[$index]);
if ($name eq $entry[0]) {
print STDOUT "$program: updating passwd entry for user $name\n";
splice(@data, $index, 1);
$found = 1;
}
}
unless ($found) {
print STDOUT "$program: creating passwd entry for user $name\n";
}
check_shell(shell => $shell);
my $passwd = get_passwd();
push(@data, "$name:$passwd:$uid:$gid:$gecos:$home:$shell");
@data = map { $_->[0] }
sort {
$a->[3] <=> $b->[3]
}
map { [ $_, (split /:/)[0, 1, 2, 3, 4, 5, 6] ] }
@data;
foreach my $line (@data) {
print OUTPUT "$line\n";
}
unless ($found) {
print STDOUT "$program: entry created\n";
} else {
print STDOUT "$program: entry updated\n";
}
}
#
------------------------------------------------------------------------
----
sub open_output_file {
my %args = @_;
if (-f $output_file) {
open(INPUT, "< $output_file") or
die "$program: unable to open $output_file: $!\n";
chomp(@data = <INPUT>);
close(INPUT);
}
open(OUTPUT, "> $output_file") or
die "$program: unable to open $output_file: $!\n";
@data = () if (defined($opts{'F'}));
}
#
------------------------------------------------------------------------
----
sub usage {
print STDOUT <<END_OF_USAGE;
usage: $program [ -h ] [ --group | --passwd ]
If used with --passwd, $program creates a file in the passwd(5)
format,
suitable for use with proftpd's AuthUserFile configuration directive.
You will be prompted for the password to use of the user, which will
be
encrypted, and written out as the encrypted string.
By default, using --passwd will write output to
"$default_passwd_file".
Options:
--file write output to specified file, rather than
"$default_passwd_file"
-F if the file to be used already exists, delete it and
write a
--force new one.
--gid primary group ID for this user (optional, will default
to
given --uid value if absent)
-h displays this message
--help
--home home directory for the user (required)
--name name of the user account (required). If the name does
not
exist in the specified output-file, an entry will be
created
for her. Otherwise, the given fields will be updated.
--shell shell for the user (required). Recommended:
/bin/false
--uid numerical user ID (required)
--change-password
update only the password field for a user. This
option
requires that the --name option be used, but no others.
--use-cracklib
causes $program to use Alec Muffet's cracklib routines
in
order to determine and prevent the use of bad or weak
passwords. The optional path to this option specifies
the path to the dictionary files to use -- default
path
is "$default_cracklib_dict". This requires the Perl
Crypt::Cracklib module to be installed on your system.
If used with --group, $program creates a file in the group(5) format,
suitable for use with proftpd's AuthGroupFile configuration
directive.
By default, using --group will write output to "$default_group_file".
Options:
--enable-group-passwd
prompt for a group password. This is disabled by
default.
--file write output to specified file, rather than
"$default_group_file"
-F if the file be used already exists, delete it and
write a new
--force one.
--gid numerical group ID (required)
-h
--help displays this message
-m
--member user to be a member of the group. This argument may
be used
multiple times to specify the full list of users to be
members
of this group.
--name name of the group (required). If the name does not
exist in
the specified output-file, an entry will be created
for them.
Otherwise, the given fields will be updated.
--use-cracklib
causes $program to use Alec Muffet's cracklib routines
in
order to determine and prevent the use of bad or weak
passwords. The optional path to this option specifies
the path to the dictionary files to use -- default
path
is "$default_cracklib_dict". This requires the Perl
Crypt::Cracklib module to be installed on your system.
END_OF_USAGE
exit 0;
}
--
┌————————————————————————┐
│Software is like sex; it's better when it's free│
└————————————————————————┘
- Linus Torvalds -
※ 来源:·BBS 水木清华站 smth.org·[FROM: 166.111.171.19]
--
※ 转载:·荔园晨风BBS站 bbs.szu.edu.cn·[FROM: 192.168.0.146]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店