summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoe Rayhawk <jrayhawk@omgwallhack.org>2012-01-27 18:11:52 -0800
committerJoe Rayhawk <jrayhawk@omgwallhack.org>2012-01-27 18:11:52 -0800
commit8a4e3cedb5ec2975228faad597909037d3225950 (patch)
treee51d7ebc62f6d311ea688ddc374b919d2202bbbd
parentb980f3db18589ff1f02edb7737689194f5cb9b86 (diff)
downloadpiny-code-8a4e3cedb5ec2975228faad597909037d3225950.tar.gz
piny-code-8a4e3cedb5ec2975228faad597909037d3225950.zip
Initial shot at web-friendly (sadly PAM unfriendly...) password modification.
-rwxr-xr-xpinyadmin/bin/newpasshash2
-rw-r--r--pinyadmin/sbin/newpasshash15
-rwxr-xr-xpinyweb/cgi-bin/auth/newpass.cgi41
3 files changed, 58 insertions, 0 deletions
diff --git a/pinyadmin/bin/newpasshash b/pinyadmin/bin/newpasshash
new file mode 100755
index 0000000..e5cf7b1
--- /dev/null
+++ b/pinyadmin/bin/newpasshash
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/sudo /usr/sbin/newpasshash "$@"
diff --git a/pinyadmin/sbin/newpasshash b/pinyadmin/sbin/newpasshash
new file mode 100644
index 0000000..bf55a76
--- /dev/null
+++ b/pinyadmin/sbin/newpasshash
@@ -0,0 +1,15 @@
+#!/usr/bin/perl
+
+my ( $crypt ) = @ARGV;
+
+if ( $crypt eq "" ) {
+ print "You must enter a password!\n";
+ exit 1;
+};
+
+my $ret = system( "/usr/sbin/usermod", "-P", $crypt, $ENV{'SUDO_USER'});
+
+if ( $ret ) {
+ print "An error occured.\n";
+ exit 2;
+};
diff --git a/pinyweb/cgi-bin/auth/newpass.cgi b/pinyweb/cgi-bin/auth/newpass.cgi
new file mode 100755
index 0000000..1031820
--- /dev/null
+++ b/pinyweb/cgi-bin/auth/newpass.cgi
@@ -0,0 +1,41 @@
+#!/usr/bin/perl
+$| = 1;
+
+open(STDERR, ">&STDOUT");
+
+use warnings;
+
+use CGI;
+
+use IPC::Open2;
+
+$q = CGI->new;
+
+print( "Content-type: text/plain\n\n");
+
+if( defined( $q->param('p') ) ) {
+
+my @saltchars =
+ ( 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'
+ , 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'
+ , '0', '1', '2', '3', '4', '5', '6', '7', '8', '9'
+ , '.', '/'
+ );
+
+my $salt = "\$6\$";
+
+foreach my $n ( 1 .. 16 ) {
+ $salt .= $saltchars[int ( rand ( scalar @saltchars ) )];
+};
+
+$salt .= "\$";
+
+my $crypt = crypt( $q->param('p'), $salt );
+
+ unless ( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'newpasshash', $crypt ) == 0 ) {
+ die( 'newpass was unsuccessful.' );
+ };
+ print 'newpass was successful.' ;
+} else {
+ print 'Missing parameters.';
+};