2 ################################################################################
5 # Description: Mother of All (MoA) passwd administration script
6 # Author: Cory Chan (cory@cup.hp.com)
8 # Modified: 11/18/1994 Ryan Fong (fong@cup.hp.com) Modified for 10.0
9 # 07/26/1995 Andrew DeFaria (defaria@cup.hp.com) Revamped to use
10 # NFS mount point to avoid rcp. Script now works for both 9.0
12 # 08/21/1995 Andrew DeFaria (defaria@cup.hp.com) Revamped mail
14 # 03/25/98 Michael Coulter (coulter) Changed "ch.apollo" to
15 # "che.hp.com" because of a domain name change for Chelmsford.
17 # (c) Copyright 2001, Andrew@DeFaria.com, all rights reserved
19 ################################################################################
20 # First source the appserver script
21 if [ -x /app/appserver ]; then
25 if [ "$OS" = "09" ]; then
26 /app/admin/bin/nisclient-9.x
28 /app/admin/bin/nisclient
35 # Check for force flag
38 if [ "$1" = "-f" ]; then
42 # Whom to notify of problems.
43 NOTIFY=root@$(hostname)
46 OS=`uname -r | cut -c 3-4`
48 MASTER_PASSWD=$ADMIN_ROOT/lib/master_passwd
49 MASTER_PASSWD_MLL=$ADMIN_ROOT/lib/master_passwd.mll
50 LOCAL_PASSWD=/etc/passwd.loc
51 EXCLUDED_PASSWD=/etc/passwd.exc
52 MARKER_FILE=/etc/pass.time
53 PASSWD_OLD=/etc/passwd.old
55 TMP_PASSWD=/tmp/passwd.$$
56 TMP_PASSWD2=/tmp/passwd2.$$
58 # Log and save old messages if there were any problems
59 MESSAGE_FILE=$ADMIN_ROOT/log/mkpass.$(uname -n)
63 # Check for existance of $MASTER_PASSWD file. If missing send message and
65 if [[ ! -f $MASTER_PASSWD ]]; then
66 mailx -s "mkpass: $MASTER_PASSWD file is missing!" $NOTIFY < /dev/null
70 # Check existence of necessary files; make when necessary.
71 if [[ ! -f $MARKER_FILE ]]; then
72 # make time marker if not exists
76 if [[ ! -f $EXCLUDED_PASSWD ]]; then
77 echo "# one login per line, no space/tab/null line#" > $EXCLUDED_PASSWD
80 if [[ ! -f $PASSWD_OLD ]]; then
81 # make old passwd file if not exists
82 cp $PASSWD $PASSWD_OLD
85 if [[ ! -f $LOCAL_PASSWD ]]; then
86 # no local file, notify and exit
87 cat > $MESSAGE_FILE <<!EOM
88 There was no $LOCAL_PASSWD file found on `uname -n`. This file must exist
89 and have root as its first entry. Please correct the problem.
91 For more information see:
93 http://cllweb/productivity/SysAdmin/Passwords.html#root
96 mailx -s "mkpass: $LOCAL_PASSWD missing!" $NOTIFY < $MESSAGE_FILE
100 if [ $FORCE = "False" ]; then
101 # Check if passwd was changed directly since last check, if so mail the
102 # differences to $NOTIFY
103 if [[ $PASSWD -nt $MARKER_FILE ]] ; then
104 cat > $MESSAGE_FILE <<!EOM
105 $PASSWD on `uname -n` changed without using merge script! This is not the
106 proper way to update passwords. For help regarding what you should do see:
108 http://cllweb/productivity/SysAdmin/Passwords.html#email
110 Here are the differences between the files:
112 (< = /etc/passwd > = /etc/passwd.old)
113 -----------------------------------------------------------------------------
115 diff $PASSWD $PASSWD_OLD >> $MESSAGE_FILE
116 mailx -s "mkpass: $PASSWD incorrectly changed" $NOTIFY < $MESSAGE_FILE
121 # Check to see if $LOCAL_PASSWD, $MASTER_PASSWD or $EXCLUDED_PASSWD is newer
122 # than $PASSWD. If so, combine $LOCAL_PASSWD and $MASTER_PASSWD (excluding
123 # entries from $EXCLUDED_PASSWD) to form new $PASSWD
124 if [[ $FORCE = "True" ||
125 $LOCAL_PASSWD -nt $PASSWD ||
126 $MASTER_PASSWD -nt $PASSWD ||
127 $MASTER_PASSWD_MLL -nt $PASSWD ||
128 $EXCLUDED_PASSWD -nt $PASSWD ]]; then
130 # If only the $MASTER_PASSWD changed then make a note not to send email
131 if [[ $LOCAL_PASSWD -nt $PASSWD ||
132 $EXCLUDED_PASSWD -nt $PASSWD ]]; then
133 NOTIFY_OF_CHANGE=True
135 NOTIFY_OF_CHANGE=False
138 # Save an old copy around
139 cp $PASSWD $PASSWD_OLD
141 # Check root entry in $LOCAL_PASSWD
142 if grep -v "^#" $LOCAL_PASSWD | head -n 1 | grep "^root:" > /dev/null; then
143 # 1st entry root OKAY in $LOCAL_PASSWD
146 # 1st entry NOT root in passwd.loc
147 cat > $MESSAGE_FILE <<!EOM
148 The first entry of $LOCAL_PASSWD on `uname -n` should be for root.
149 Please correct this problem.
151 For more information see:
153 http://cllweb/productivity/SysaAdmin/Passwords.html#root
156 mailx -s "mkpass: Missing first root in $LOCAL_PASSWD" $NOTIFY < $MESSAGE_FILE
164 # MLL gives us a passwd file that does not qualify the machine name portion
165 # of the home directory. This code fixes that up and also adds "_MoA" to the
168 # Some engineers also use a local copy of tcsh, therefore we must also check
169 # shell and add on .che.hp.com to the shell path.
171 while read user pass uid gid geos home shell; do
172 first_component_home=$(print $home | cut -f2 -d/)
173 machine_component_home=$(print $home | cut -f3 -d/)
174 rest_home=$(print $home | cut -f4- -d/)
175 home=/$first_component_home/$machine_component_home.che.hp.com/$rest_home
176 first_component_shell=$(print $shell | cut -f2 -d/)
177 machine_component_shell=$(print $shell | cut -f3 -d/)
178 rest_shell=$(print $shell | cut -f4- -d/)
179 if [ $first_component_shell = "net" ]; then
181 /$first_component_shell/$machine_component_shell.che.hp.com/$rest_shell
183 print "$user:$pass:$uid:$gid:$geos,_MoA_:$home:$shell" >> $TMP_PASSWD2
184 done < $MASTER_PASSWD_MLL
186 cat $LOCAL_PASSWD $MASTER_PASSWD $TMP_PASSWD2 > $TMP_PASSWD
189 grep -v "^#" $EXCLUDED_PASSWD |\
190 grep -vf $EXCLUDED_PASSWD $TMP_PASSWD > $TMP_PASSWD2
192 # Transform password file to 10.0 format
193 if [ $OS = "10" ]; then
194 sed -e 's/:\/nfs/:\/net/' -e 's/:\/bin/:\/usr\/bin/' \
195 $TMP_PASSWD2 > $TMP_PASSWD
198 mv $TMP_PASSWD2 $TMP_PASSWD
201 if [ -s $TMP_PASSWD ]; then
202 mv $TMP_PASSWD $PASSWD
206 mailx -s "mkpass: Error: Zero length passwd file resulted!" $NOTIFY <<!EOM
207 For some reason mkpass resulted in a zero length passwd file. Please
212 if [[ $NOTIFY_OF_CHANGE = "True" ]]; then
213 # Notify... (This could be improved by implementing a logging facility
214 # instead of tons of email).
215 cat > $MESSAGE_FILE <<!EOM
216 MoA has updated the $PASSWD file on `uname -n`. Here were the differences
217 before the update occured. Unless you feel that these updates were made
218 incorrectly you can probably safely ignore this message.
220 (< = /etc/passwd > = /etc/passwd.old)
221 -----------------------------------------------------------------------------
223 diff $PASSWD $PASSWD_OLD >> $MESSAGE_FILE
224 mailx -s "mkpass: Made new $PASSWD" $NOTIFY < $MESSAGE_FILE
229 touch -ma $MARKER_FILE
232 echo "$PASSWD on `uname -n` is up to date as of `date`" > $MESSAGE_FILE