diff options
author | Guilhem Moulin <guilhem.moulin@fripost.org> | 2012-04-18 03:33:24 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem.moulin@fripost.org> | 2012-04-18 03:33:24 +0200 |
commit | 7b2df0cb8d29ba835be5d645f8b4f70b74b2fcc4 (patch) | |
tree | 4def1fd7d13b8885568421696c606c12217ad622 | |
parent | c7cc448801f8b6f10cdd0d86568180687173f03e (diff) |
fripost-passwd is LDAP ready.
-rwxr-xr-x | fripost-passwd | 151 | ||||
-rwxr-xr-x | lib/Fripost/Schema.pm | 4 | ||||
-rw-r--r-- | lib/Fripost/Schema/Type/User.pm | 2 |
3 files changed, 137 insertions, 20 deletions
diff --git a/fripost-passwd b/fripost-passwd index bb67e44..9ae47d9 100755 --- a/fripost-passwd +++ b/fripost-passwd @@ -8,54 +8,171 @@ use strict; fripost-passwd - Change password of user +=head1 SYNOPSIS + +B<fripost-passwd> [B<--debug>] [B<--pretend>] [I<username>] +[B<--password=>I<password>] + +=head1 DESCRIPTION + +B<fripost-passwd> changes the password of I<username>, unless B<--pretend> +is set. +If I<username> or I<password> are not given, the user is prompted for them. +If I<username> is not fully qualified, C<fripost.org> is appended. +If I<username> is not an existing username, B<fripost-passwd> raises an +error. + +=head1 OPTIONS + +=over 8 + +=item B<--pretend> + +Only simulates the insertion. (But still query the LDAP server to ensure +that I<username> is a known user.) + +=item B<--password=>I<password> + +By default, the user is prompted for his/her new password, which is +hashed, salted and then added to the LDAP entry. +By using B<--password>, I<password> is inserted RAW in the database. +This can be useful if the user does not want to give the clear copy but +only a hash, for example. + +=item B<--server_host=>I<host> + +The LDAP URI to connect to. +The default value is read from the configuration file, see B<CONFIGURATION>. + +=item B<--bind_dn=>I<binddn> + +The Distinguished Name (DN) to bind to the LDAP directory. +(If not set, B<fripost-passwd> binds anonymously.) +The default value is read from the configuration file, see B<CONFIGURATION>. + +=item B<--bind_pw=>I<password> + +The password to to bind with. +The default value is read from the configuration file, see B<CONFIGURATION>. + +=item B<--base_dn=>I<basedn> + +The root DN for everything done by B<fripost-passwd>. +The default value is read from the configuration file, see B<CONFIGURATION>. + +=item B<--debug> + +Debug mode. + +=back + +=head1 CONFIGURATION + +The configuration is read from the file C<$HOME/.fripost.yml>. +Valid keys include: + +=over 4 + +=item I<server_host> + +The LDAP URI to connect to. It has to be set, either in the +configuration file, or using the command line option B<--server_host>. + +=item I<bind_dn> + +The Distinguished Name (DN) to bind to the LDAP directory. +(If not set, B<fripost-passwd> binds anonymously.) + +=item I<bind_pw> + +The password to to bind with. + +=item I<base_dn> + +The root DN for everything done by B<fripost-passwd>. + +=back + =cut use FindBin qw($Bin); use lib "$Bin/lib"; +use Env qw /HOME/; +use File::Spec::Functions; + use Fripost::Password; use Fripost::Prompt; use Fripost::Schema; -use Getopt::Long; +use Getopt::Long qw /:config noauto_abbrev no_ignore_case + gnu_compat bundling permute nogetopt_compat + auto_version auto_help/; +use Pod::Usage; use YAML::Syck; ## Get command line options -our $conf = LoadFile('default.yml'); +our $conf = LoadFile( catfile ($HOME, '.fripost.yml') ); GetOptions( - 'dbi_dsn' => \$conf->{dbi_dsn}, - 'admuser=s' => \$conf->{admuser}, - 'admpass=s' => \$conf->{admpass}, - 'pretend' => \$conf->{pretend}, -) or die "Unable to get command line options."; + 'server_host' => \$conf->{server_host}, + 'base_dn=s' => \$conf->{base_dn}, + 'bind_dn=s' => \$conf->{bind_dn}, + 'bind_pw=s' => \$conf->{bind_pw}, + 'pretend' => \$conf->{pretend}, + 'debug' => \$conf->{debug}, + 'password=s' => \$conf->{password}, + 'man' => sub { pod2usage(-exitstatus => 0, + -verbose => 2) } +) or pod2usage(2); + + +# Connect to the LDAP server +my $ldap = Fripost::Schema->new( $conf ); + + +my $username; +if (defined $ARGV[0]) { + $username = fix_username ($ARGV[0]); + Email::Valid->address($username) + or die "Error: `" .$username. "' is not a valid e-mail.\n"; +} +else { + $username = prompt_email("New username: ", 'is_user'); +} +my $password = $conf->{password}; +$password //= hash( undef, undef, prompt_password() ); + + +# Ensure that the user exists. +die "Error: Unknown user `" .$username. "'.\n" + unless $ldap->user->search({ username => $username })->count; -my $username = fix_username($ARGV[0]); -$username //= prompt_email("New username: ", 'is_user'); -my $password = prompt_password(); if ($conf->{pretend}) { say "Nothing to do since we are pretending..."; exit 0; } -# Connect to the database -my $schema = Fripost::Schema->connect( - $conf->{dbi_dsn}, $conf->{admuser}, $conf->{admpass}, {} #\%dbi_params -); -my $row = $schema->resultset('Mailbox')->find($username); -$row->password($password); -$row->update; +# Change the password. +$ldap->user->passwd({ username => $username, userPassword => $password }); say "Updated password for $username."; +$ldap->unbind(); + + =head1 AUTHOR Stefan Kangas C<< <skangas at skangas.se> >> +Guilhem Moulin C<< <guilhem at fripost.org> >> + =head1 COPYRIGHT Copyright 2010 Stefan Kangas. +Copyright 2012 Guilhem Moulin. + =head1 LICENSE This program is free software; you can redistribute it and/or modify it diff --git a/lib/Fripost/Schema.pm b/lib/Fripost/Schema.pm index 22c6064..288aa1e 100755 --- a/lib/Fripost/Schema.pm +++ b/lib/Fripost/Schema.pm @@ -92,10 +92,10 @@ sub add { } -sub password { +sub passwd { my $self = shift; if ( $self->{_type} == MAILBOX ) { - $self->Fripost::Schema::Type::User::pwd(@_); + $self->Fripost::Schema::Type::User::passwd(@_); } elsif ( $self->{_type} == DOMAIN ) { die "Cannot change the password of a domain."; diff --git a/lib/Fripost/Schema/Type/User.pm b/lib/Fripost/Schema/Type/User.pm index 544687c..b21c2e1 100644 --- a/lib/Fripost/Schema/Type/User.pm +++ b/lib/Fripost/Schema/Type/User.pm @@ -56,7 +56,7 @@ sub add { # Change password -sub pwd { +sub passwd { my $self = shift; my $user = shift; |