Cover V09, I09
Article
Listing 1

sep2000.tar

Listing 1: mail_admin — CGI script that adds or deletes accounts and resets passwords

#!/usr/bin/perl

use CGI qw(:standard);
use IO::Seekable;

$salt=join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand \

  64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64];

    $group="popuser";
    $email="help\@yourdomain.com";
    $name=param("name");
    $passwd=param("passwd");
    $vpasswd=param("vpasswd");
    $real_name=param("real_name");
    $search=param("search");

if(getgrnam($group)!=(getpwnam($name))[3] && getpwnam($name)!=0)  {
    print header();
    print h1("Error!!");
    print p("You can not edit outside your group!");
    exit(1);
}

if(!param) { main_page() }
if(param("func") eq "Add_Account") { add_user() }
if(param("func") eq "Delete_Account") { del_user() }
if(param("func") eq "Reset_Password") { reset_passwd() }
if(param("func") eq "List_Users") { list_users() }

sub main_page()  {
#################
#Print Root Page#
#################
print header();
print <<EOT;
<BODY bgcolor=white>
<CENTER><H3>Mail Admin</H3></CENTER>
<FORM METHOD="POST" ACTION="/mail_admin/mail_admin" \

  ENCTYPE="application/x-www-form-urlencoded">
<H3>Add/Change Account</H3>
<TABLE>
<TR><TD>User Name</TD><TD><INPUT TYPE="text" NAME="name" ></TD></TR>
<TR><TD>User Password</TD><TD><INPUT TYPE="password" \

  NAME="passwd"></TD></TR>
<TR><TD>Verify Password</TD><TD><INPUT TYPE="password" \

  NAME="vpasswd" ></TD></TR>
<TR><TD>User Real Name</TD><TD><INPUT TYPE="text" \

  NAME="real_name"></TD></TR>
</TABLE>
<INPUT TYPE="submit" NAME="func" VALUE="Add_Account">
<INPUT TYPE="submit" NAME="func" VALUE="Delete_Account">
<INPUT TYPE="submit" NAME="func" VALUE="Reset_Password">
<HR>
<H3>Search</H3>
<P>User Real Name  <INPUT TYPE="text" NAME="search"> \

  <INPUT TYPE="submit" NAME="func" VALUE="List_Users"></P>
</FORM>
EOT
}

sub add_user {
    if(!$real_name || !$name || !$vpasswd || !$passwd || $passwd \

      ne $vpasswd) { error() }
    system("/usr/sbin/pw","adduser","-n$name","-g$group", \

           "-c$real_name","-s/sbin/nologin","-d/nonexistent");
    if($?/256 != 0)  {error()}
    reset_passwd();
}

sub del_user {
    if(!$name) { error() }
    system("/usr/sbin/pw","deluser","-n$name");
    if($?/256 != 0)  {error()}
    success();
}

sub list_users {
    open(PASSWD,"/etc/passwd") || die;
    @passwd=<PASSWD>;
    @passwd=sort(@passwd);
    print header;
    print "<BODY bgcolor=white>\n";
    print "<TABLE border=1>\n";
    print "<TR><TH>User ID</TH><TH>Real Name</TH></TR>\n";
    foreach(@passwd)  {
        @pw_info=split(/:/);
        if(getgrnam($group)==$pw_info[3] && $pw_info[4] =~ \

           /$search/i)  {
            print "<TR><TD>$pw_info[0]</TD><TD>$pw_info[4]</TD></TR>\n";
        }
    }
    print "</TABLE>\n";
    print p("<A HREF=\"mail_admin\">Back to Admin</A>");
}

sub reset_passwd {
    if(!$name || !$passwd || !$vpasswd || $passwd ne $vpasswd) { \

       error() }
    $uid=getpwnam($name) || error();

    open(PASSWD,"+< /etc/master.passwd") || die;
    flock(PASSWD,2);
    @passwd=<PASSWD>;
    seek(PASSWD,0,SEEK_SET);

    foreach(@passwd)  {
        @acct_info=split(/:/);
        if($acct_info[2]==$uid)  {
            $acct_info[1]=crypt($passwd,$salt);
        }
        print PASSWD join(':',@acct_info);
    }
    close(PASSWD);
    system("/usr/sbin/pwd_mkdb","-p","/etc/master.passwd");
    if($?/256 != 0)  {error()}
    success();
}

sub error($error_code) {
    print header();
    print p("Error!!, an error has occured. Please check your input:");
    print CGI::dump();
    print p("Error Code: ",$?/256);
    print p("if this problem persists please send this page to:");
    print p("$email");
    print p("<A HREF=\"mail_admin\">Back to Admin</A>");
    exit(1);
}

sub success {
    print header();
    print p("Account Modification Successful!");
    print p("<A HREF=\"mail_admin\">Back to Admin</A>");
    exit(1); 
}

 

© 2002 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com