[clug] Passwd cgi-bin user interface

Andrew Smith andrew at coolchilli.com
Thu Sep 30 23:00:24 GMT 2004 

Here's a dodgy one I knocked up some time ago, for Nagios users without
shell access.  It's on an internal server, not publically accessible,
hence the lack of session security.  .htaccess requires authentication
to run the script, so an existing user needs a valid password before a
change.  I never got around to allowing super-user type
reset-other-users-passwords' functionality.

Flames on my poor coding to /dev/null :)
If you improve it, I wouldn't mind a copy ;)
Andrew

[asmith at bert nagpass]$ cat .htaccess
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
require valid-user

[asmith at bert nagpass]$ cat index.cgi
#!/usr/bin/perl
# NagPass - change an htpasswd password for a given username - asmith
5/2/03
# Requires a .htaccess and htpasswd file already setup so it can auth
the user
# Does simple error and invalid password checking, plus blocks the guest
account
# Also does some extended character conversions for browsers.
my $passfile="/usr/local/nagios/etc/htpasswd.users";
my $user = $ENV{'REMOTE_USER'};
my $userip = $ENV{'REMOTE_ADDR'};
my $buffer;
my $newpass = "";
my $passconf = "";
my $updated = "<H5><I>Last updated: 25/2/03 <a
href=\"mailto:andrew\@coolchilli.com\">asmith</a></I></H5>";


print "\n\n<TITLE>Nagios password change</TITLE>\n";

if ($ENV{'REQUEST_METHOD'} ne "POST") {
  print "<H5><a href=\"\/\">cancel</a></h5><p>\n";
  print "<H4>Changing Nagios password for $user</H4>";
  print "<FORM action=\"/cgi-bin/nagpass/index.cgi\" method=POST
name=passform>\n";
  print "New password: <INPUT type=password size=15 name=newpass>\n";
  print "Confirm: <INPUT type=password size=15 name=passconf>\n";
  print "<INPUT type=reset action=reset value=\"Reset\"> <INPUT
type=submit action=submit value=\"GO!\">\n";
  print "</FORM>\n";
  print "<P>$updated\n";
} else {
  read(STDIN,$buffer,$ENV{'CONTENT_LENGTH'});
  my @params=split(/&/,$buffer);
  foreach $currpair (@params) {
    my @currreq=split(/=/,$currpair);
    $buffer = @currreq[1];
    $buffer =~ s/\+/ /g;
    $buffer =~ s/%2/\+/g;
    $buffer =~ s/%0D%0A/ /g;
    $buffer =~ s/\+C/,/g;
    $buffer =~ s/\+8/(/g;
    $buffer =~ s/\+9/)/g;
    $buffer =~ s/\%3B/;/g;
    $buffer =~ s/\%3A/:/g;
    $buffer =~ s/\+7/'/g;
    $buffer =~ s/\+2/"/g;
    $buffer =~ s/\%5C/\\/g;
    $buffer =~ s/\+F/\//g;
    $buffer =~ s/\+1/!/g;
    if (@currreq[0] eq "newpass") { $newpass = $buffer; };
    if (@currreq[0] eq "passconf") { $passconf = $buffer; };
  };
    if (( $newpass eq $passconf ) && ( $newpass ne "" ) && ( $user ne
"guest" )) {
      print "Cool, passwords match, that's handy...<p>\n";
      print "Attempting to change your password, $user. <p>\n";
        if ( $user eq "") {
          print "Uh oh, I don't know your name, this is BAD.\n";
          print "Tell <a
href=\"mailto:andrew\@coolchilli.com?Subject=Nagios Script
busted?Message=Name=$user IP=$userip\">Andrew</a>\n";
        } else {
          my $msg = system("/usr/bin/htpasswd -b $passfile \"$user\"
\"$newpass\"");
          if ( $msg == 0 ) {
            print "Done, $user your password was changed to
\"$newpass\"<p>\n";
            print "Time to do some <a href=\"\/\">work</a>\n";
          } elsif ( $msg == 256 ) {
              print "Uh oh, there's something wrong with the password
file, this is BAD.\n";
              print "Tell <a
href=\"mailto:andrew\@coolchilli.com?Subject=Nagios Script
busted?Message=Name=$user IP=$userip\">Andrew</a>\n";
          } else {
              print "Uh oh, there's something wrong that I don't know
(what is error $msg?), this is BAD.\n";
              print "Tell <a
href=\"mailto:andrew\@coolchilli.com?Subject=Nagios Script
busted?Message=Name=$user IP=$userip Error=$msg\">Andrew</a>\n";
          };
        };
    } else {
      if ( $newpass eq "") {
        print "A blank password?  You reckon?  Nice try...\n";
      } else {
        if ( $user eq "guest") {
          print "No, I don't think I'll change the guest password, not
today...\n";
        } else {
            print "Whoops, the passwords don't match, Please try
again.\n";
        };
      };
      print "<H5><a href=\"\/\">cancel</a></h5><p>\n";
      print "<H4>Changing Nagios password for $user</H4>";
      print "<FORM action=\"/cgi-bin/nagpass/index.cgi\" method=POST
name=passform>\n";
      print "New password: <INPUT type=password size=15
name=newpass>\n";
      print "Confirm: <INPUT type=password size=15 name=passconf>\n";
      print "<INPUT type=reset action=reset value=\"Reset\"> <INPUT
type=submit action=submit value=\"GO!\">\n";
      print "</FORM>\n";
      print "<P>$updated\n";
    };
};


On Thu, 2004-09-30 at 15:25, Michael Still wrote:
> Heya,
> 
> so, at short notice I have to be able to let people change their linux 
> passwords on a box they only have web access to. I'm thinking some sort 
> of cgi-bin script can do this for me.
> 
> Does anyone have a suggestion for a favourite one?
> 
> Thanks,
> Mikal
> 
> -- 
> 
> Michael Still (mikal at stillhq.com) | "All my life I've had one dream,
> http://www.stillhq.com            |  to achieve my many goals"
> UTC + 10                          |    -- Homer Simpson
> 
> Linux.conf.au 2005 -- Quite like an excellent Linux and Open Source
> conference. http://lca2005.linux.org.au

More information about the linux mailing list