#!/bin/bash ################################################################################ # # File: passwd # Description: Password updater for Mother of All Passwords # Author: Andrew DeFaria (defaria@cup.hp.com) # Language: Korn Shell # Modified: With the advent of PWPlus we had to change the algorithm here. # It was decided that since PWPlus disallowed the use of the -f # (and -F) options to /bin/passwd (/usr/bin/passwd) - it silently # ignores them! - that we would have this script change the # regular /etc/passwd file, grab the new encrypted passwd string # from /etc/passwd then update the appropriate file. # Andrew DeFaria Tue Jul 21 23:22:59 PDT 1998 # # (c) Copyright 2001, Andrew@DeFaria.com, all rights reserved # ################################################################################ print -u2 "This script has been disabled pending the NIS implementation." print -u2 "Questions? See CLL Support." exit 1 me=$(basename $0) local_passwd=/etc/passwd.loc passwd=/etc/passwd old_passwd= # Find admin root if [ -d /net/bismol/app/admin ]; then admin_root=/net/bismol/app/admin elif [ -d /net/hpclbis/app/admin ]; then admin_root=/net/hpclbis/app/admin elif [ -d /nfs/bismol/app/admin ]; then admin_root=/nfs/bismol/app/admin elif [ -d /nfs/hpclbis/app/admin ]; then admin_root=/nfs/hpclbis/app/admin elif [ -d /nfs/hpclbis/root/app/admin ]; then admin_root=/nfs/hpclbis/root/app/admin else print -u2 "$me: Error: Unable to ascertain admin_root!" exit 1 fi master_passwd=$admin_root/lib/master_passwd master_passwd_over_nfs=$admin_root/lib/master_pas.old function usage { print "Usage:" print print "$(basename $0): ..." exit 1 } # usage function cancel_checkout { print "$me: Info: Canceling checkout" # Unlock $master_passwd rcs -q -u $master_passwd # Remove write permissions chmod -w $master_passwd co -q $master_passwd exit } # cancel_checkout function check_out_master_passwd { cd $admin_root/lib co -q -l $master_passwd if [ $? -ne 0 ]; then print -u2 "$me: Error: Unable to checkout $master_passwd! Aborting change..." exit 1 else trap cancel_checkout INT ERR fi } # check_out_master_passwd function check_in_master_passwd { # Check in new master password file ci -u -q -m"Changed $username's password" $master_passwd if [ $? -ne 0 ]; then print -u2 "$me: Error: Unable to check in new master password file!" exit 1 fi trap INT ERR # Remove master.pas.old if it exists. When using RCS over NFS it creates # this file for some reason. If the ci was successful then this file is # not needed. rm -f $master_passwd_over_nfs } # check_in_master_passwd function replace_passwd_line { username=$1 passwd_file=$2 new_passwd=$(grep "^$username:" $passwd 2> /dev/null | head -1 | cut -f2 -d:) new_passwd_file=/tmp/passwd.$$ sed -e "s}^$username:$old_passwd}$username:$new_passwd}" $passwd_file > $new_passwd_file cp $new_passwd_file $passwd_file } # replace_passwd_line function update_passwd_file { username=$1 passwd_file=$2 if [ "$passwd_type" = "MoA" ]; then check_out_master_passwd replace_passwd_line $username $passwd_file check_in_master_passwd else replace_passwd_line $username $passwd_file fi } # update_passwd_file function change_password { username=$1 # Check if we are changing the master password file or the local password # file. passwd_type=$(grep "^$username:" $passwd 2> /dev/null | head -1 | cut -f5 -d: | cut -f2 -d"_" ) if [ "$passwd_type" = "MoA" ]; then print "$me: Info: Changing $username's master password entry" passwd_file=$master_passwd elif [ "$passwd_type" = "LcL" ]; then if [ $(id -u) -ne 0 ]; then print -u2 "Sorry but you must be root to change the local password file" return fi print "$me: Info: Changing $username's local password entry" passwd_file=$local_passwd else print -u2 "$me: Error: $username is neither the master password file nor the local password file!" exit 1 fi # First save the user's old passwd old_passwd=$(grep "^$username:" $passwd_file 2> /dev/null | head -1 | cut -f2 -d:) # Now change it $syspasswd $username if [ $? -eq 0 ]; then if [ "$passwd_type" = "MoA" ]; then print "$me: Info: Now updating your entry in the master password file" else print "$me: Info: Now updating your entry in the local password file" fi update_passwd_file $username $passwd_file if [ "$passwd_type" = "MoA" ]; then print "$me: Info: $username's master password entry updated on this system." else print "$me: Info: $username's local password entry updated on this system." fi print "$me: Info: This change will propgate to the other systems tonight." print "$me: Info: To force an update on another system use /app/admin/bin/mkpass -f." fi } # change_passwd ## Main code # Determine OS level OS=`uname -r | cut -c 3-4` if [ $OS = "09" ]; then syspasswd=/bin/passwd else syspasswd=/usr/bin/passwd fi if [ ! -r /opt/pwplus/lib/libpwplus.a ]; then print -u2 "$me: Warning: PWplus is not installed on this system!" print -u2 "Changing your password on this system may result in an insecure" print -u2 "password. You should use another system with PWplus installed" print -u2 "properly to change your password." print -u2 "" print -u2 "Do you still wish to proceed changing your password on this" print -u2 "machine (y/N)? \c" read answer case "$answer" in Y|y) break ;; *) exit 1 ;; esac fi if [ $# = 0 ]; then change_password $LOGNAME else for password in $*; do change_password $1 done fi