Initial add of defaria.com

[clearscm.git] / defaria.com / Computers / code / adm / bin / passwd

#!/bin/bash
################################################################################
#
# File:         passwd
# Description:  Password updater for Mother of All Passwords
# Author:       Andrew DeFaria (defaria@cup.hp.com)
# Language:     Korn Shell
# Modified:     With the advent of PWPlus we had to change the algorithm here.
#               It was decided that since PWPlus disallowed the use of the -f
#               (and -F) options to /bin/passwd (/usr/bin/passwd) - it silently
#               ignores them! - that we would have this script change the 
#               regular /etc/passwd file, grab the new encrypted passwd string
#               from /etc/passwd then update the appropriate file.
#               Andrew DeFaria <defaria@cup.hp.com> Tue Jul 21 23:22:59 PDT 1998
#
# (c) Copyright 2001, Andrew@DeFaria.com, all rights reserved
#
################################################################################
print -u2 "This script has been disabled pending the NIS implementation."
print -u2 "Questions? See CLL Support."
exit 1

me=$(basename $0)
local_passwd=/etc/passwd.loc
passwd=/etc/passwd
old_passwd=

# Find admin root
if [ -d /net/bismol/app/admin ]; then
  admin_root=/net/bismol/app/admin
elif [ -d /net/hpclbis/app/admin ]; then
  admin_root=/net/hpclbis/app/admin
elif [ -d /nfs/bismol/app/admin ]; then
  admin_root=/nfs/bismol/app/admin
elif [ -d /nfs/hpclbis/app/admin ]; then
  admin_root=/nfs/hpclbis/app/admin
elif [ -d /nfs/hpclbis/root/app/admin ]; then
  admin_root=/nfs/hpclbis/root/app/admin
else
  print -u2 "$me: Error: Unable to ascertain admin_root!"
  exit 1
fi

master_passwd=$admin_root/lib/master_passwd
master_passwd_over_nfs=$admin_root/lib/master_pas.old

function usage {
  print "Usage:"
  print
  print "$(basename $0): <username>..."
  exit 1
} # usage

function cancel_checkout {
  print "$me: Info: Canceling checkout"

  # Unlock $master_passwd
  rcs -q -u $master_passwd

  # Remove write permissions
  chmod -w $master_passwd
  co -q $master_passwd

  exit
} # cancel_checkout

function check_out_master_passwd {
  cd $admin_root/lib
  co -q -l $master_passwd

  if [ $? -ne 0 ]; then
    print -u2 "$me: Error: Unable to checkout $master_passwd! Aborting change..."
    exit 1
  else
    trap cancel_checkout INT ERR
  fi
} # check_out_master_passwd

function check_in_master_passwd {
  # Check in new master password file
  ci -u -q -m"Changed $username's password" $master_passwd

  if [ $? -ne 0 ]; then
    print -u2 "$me: Error: Unable to check in new master password file!"
    exit 1
  fi
  trap INT ERR

  # Remove master.pas.old if it exists. When using RCS over NFS it creates
  # this file for some reason. If the ci was successful then this file is
  # not needed.
  rm -f $master_passwd_over_nfs
} # check_in_master_passwd

function replace_passwd_line {
  username=$1
  passwd_file=$2
  new_passwd=$(grep "^$username:" $passwd 2> /dev/null | head -1 | cut -f2 -d:)
  new_passwd_file=/tmp/passwd.$$

  sed -e "s}^$username:$old_passwd}$username:$new_passwd}" $passwd_file > $new_passwd_file
  cp $new_passwd_file $passwd_file
} # replace_passwd_line

function update_passwd_file {
  username=$1
  passwd_file=$2

  if [ "$passwd_type" = "MoA" ]; then
    check_out_master_passwd
    replace_passwd_line $username $passwd_file
    check_in_master_passwd
  else
    replace_passwd_line $username $passwd_file
  fi
} # update_passwd_file

function change_password {
  username=$1

  # Check if we are changing the master password file or the local password
  # file.
  passwd_type=$(grep "^$username:" $passwd 2> /dev/null | head -1 | cut -f5 -d: | cut -f2 -d"_" )

  if [ "$passwd_type" = "MoA" ]; then
    print "$me: Info: Changing $username's master password entry"
    passwd_file=$master_passwd
  elif [ "$passwd_type" = "LcL" ]; then
    if [ $(id -u) -ne 0 ]; then
      print -u2 "Sorry but you must be root to change the local password file"
      return
    fi
    print "$me: Info: Changing $username's local password entry"
    passwd_file=$local_passwd
  else
    print -u2 "$me: Error: $username is neither the master password file nor the local password file!"
    exit 1
  fi
    
  # First save the user's old passwd
  old_passwd=$(grep "^$username:" $passwd_file 2> /dev/null | head -1 | cut -f2 -d:)

  # Now change it
  $syspasswd $username

  if [ $? -eq 0 ]; then
    if [ "$passwd_type" = "MoA" ]; then
      print "$me: Info: Now updating your entry in the master password file"
    else
      print "$me: Info: Now updating your entry in the local password file"
    fi
    update_passwd_file $username $passwd_file
    if [ "$passwd_type" = "MoA" ]; then
      print "$me: Info: $username's master password entry updated on this system."
    else
      print "$me: Info: $username's local password entry updated on this system."
    fi
    print "$me: Info: This change will propgate to the other systems tonight."
    print "$me: Info: To force an update on another system use /app/admin/bin/mkpass -f."
  fi
} # change_passwd

## Main code

# Determine OS level
OS=`uname -r | cut -c 3-4`

if [ $OS = "09" ]; then
  syspasswd=/bin/passwd 
else
  syspasswd=/usr/bin/passwd
fi

if [ ! -r /opt/pwplus/lib/libpwplus.a ]; then
  print -u2 "$me: Warning: PWplus is not installed on this system!"
  print -u2 "Changing your password on this system may result in an insecure"
  print -u2 "password. You should use another system with PWplus installed"
  print -u2 "properly to change your password."
  print -u2 ""
  print -u2 "Do you still wish to proceed changing your password on this"
  print -u2 "machine (y/N)? \c"
  read answer

  case "$answer" in
    Y|y)
      break
      ;;
    *)
      exit 1
      ;;
  esac
fi

if [ $# = 0 ]; then
  change_password $LOGNAME
else
  for password in $*; do
    change_password $1
  done
fi