aboutsummaryrefslogtreecommitdiffstats
path: root/fripost-passwd
blob: 9ae47d96130f75e51e7bea229080502137199712 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
#!/usr/bin/perl

use 5.010_000;
use warnings;
use strict;

=head1 NAME

fripost-passwd - Change password of user

=head1 SYNOPSIS

B<fripost-passwd> [B<--debug>] [B<--pretend>] [I<username>]
[B<--password=>I<password>]

=head1 DESCRIPTION

B<fripost-passwd> changes the password of I<username>, unless B<--pretend>
is set.
If I<username> or I<password> are not given, the user is prompted for them.
If I<username> is not fully qualified, C<fripost.org> is appended.
If I<username> is not an existing username, B<fripost-passwd> raises an
error.

=head1 OPTIONS

=over 8

=item B<--pretend>

Only simulates the insertion. (But still query the LDAP server to ensure
that I<username> is a known user.)

=item B<--password=>I<password>

By default, the user is prompted for his/her new password, which is
hashed, salted and then added to the LDAP entry.
By using B<--password>, I<password> is inserted RAW in the database.
This can be useful if the user does not want to give the clear copy but
only a hash, for example.

=item B<--server_host=>I<host>

The LDAP URI to connect to.
The default value is read from the configuration file, see B<CONFIGURATION>.

=item B<--bind_dn=>I<binddn>

The Distinguished Name (DN) to bind to the LDAP directory.
(If not set, B<fripost-passwd> binds anonymously.)
The default value is read from the configuration file, see B<CONFIGURATION>.

=item B<--bind_pw=>I<password>

The password to to bind with.
The default value is read from the configuration file, see B<CONFIGURATION>.

=item B<--base_dn=>I<basedn>

The root DN for everything done by B<fripost-passwd>.
The default value is read from the configuration file, see B<CONFIGURATION>.

=item B<--debug>

Debug mode.

=back

=head1 CONFIGURATION

The configuration is read from the file C<$HOME/.fripost.yml>.
Valid keys include:

=over 4

=item I<server_host>

The LDAP URI to connect to. It has to be set, either in the
configuration file, or using the command line option B<--server_host>.

=item I<bind_dn>

The Distinguished Name (DN) to bind to the LDAP directory.
(If not set, B<fripost-passwd> binds anonymously.)

=item I<bind_pw>

The password to to bind with.

=item I<base_dn>

The root DN for everything done by B<fripost-passwd>.

=back

=cut

use FindBin qw($Bin);
use lib "$Bin/lib";

use Env qw /HOME/;
use File::Spec::Functions;

use Fripost::Password;
use Fripost::Prompt;
use Fripost::Schema;
use Getopt::Long qw /:config noauto_abbrev no_ignore_case
                             gnu_compat bundling permute nogetopt_compat
                             auto_version auto_help/;
use Pod::Usage;
use YAML::Syck;

## Get command line options
our $conf = LoadFile( catfile ($HOME, '.fripost.yml') );

GetOptions(
    'server_host' => \$conf->{server_host},
    'base_dn=s'   => \$conf->{base_dn},
    'bind_dn=s'   => \$conf->{bind_dn},
    'bind_pw=s'   => \$conf->{bind_pw},
    'pretend'     => \$conf->{pretend},
    'debug'       => \$conf->{debug},
    'password=s'  => \$conf->{password},
    'man'         => sub { pod2usage(-exitstatus => 0,
                                     -verbose => 2) }
) or pod2usage(2);


# Connect to the LDAP server
my $ldap = Fripost::Schema->new( $conf );


my $username;
if (defined $ARGV[0]) {
    $username = fix_username ($ARGV[0]);
    Email::Valid->address($username)
        or die "Error: `" .$username. "' is not a valid e-mail.\n";
}
else {
    $username = prompt_email("New username: ", 'is_user');
}
my $password   = $conf->{password};
$password    //= hash( undef, undef, prompt_password() );


# Ensure that the user exists.
die "Error: Unknown user `" .$username. "'.\n"
    unless $ldap->user->search({ username => $username })->count;


if ($conf->{pretend}) {
    say "Nothing to do since we are pretending...";
    exit 0;
}


# Change the password.
$ldap->user->passwd({ username => $username, userPassword => $password });
say "Updated password for $username.";

$ldap->unbind();


=head1 AUTHOR

Stefan Kangas C<< <skangas at skangas.se> >>

Guilhem Moulin C<< <guilhem at fripost.org> >>

=head1 COPYRIGHT

Copyright 2010 Stefan Kangas.

Copyright 2012 Guilhem Moulin.

=head1 LICENSE

This program is free software; you can redistribute it and/or modify it
under the same terms as perl itself.

=cut