From owner-freebsd-questions Tue Mar 10 11:59:26 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA10016 for freebsd-questions-outgoing; Tue, 10 Mar 1998 11:59:26 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from dove.peace.com.my (peace.com.my [202.184.153.15]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA10002 for ; Tue, 10 Mar 1998 11:59:17 -0800 (PST) (envelope-from panda@peace.com.my) Received: from lovebox ([202.184.153.99]) by dove.peace.com.my (8.8.5/8.8.5) with SMTP id DAA00690 for ; Wed, 11 Mar 1998 03:43:08 +0800 (SGT) Date: Wed, 11 Mar 1998 03:43:08 +0800 (SGT) Message-Id: <3.0.32.19980311040535.009e02f0@peace.com.my> X-Sender: panda@peace.com.my X-Mailer: Windows Eudora Pro Version 3.0 (32) To: freebsd-questions@FreeBSD.ORG From: chas Subject: Problem adapting Expect passwd script for FBSD. Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm trying to use the passwd.cgi script that comes with Expect distribution but am having trouble configuring it. I keep getting the "Passwd Change Acknowledgement" reply but no change is made to the passwd. Looking through the script with my v. limited Expect knowledge, I figure the problem must lie in : spawn /bin/su $var(name) -c /bin/yppasswd $var(name) which I've changed to : spawn /usr/bin/su $var(name) -c /usr/bin/passwd $var(name) But this still doesn't work. If anyone can share the changes they made to this script to get it working with FBSD 2.1.7/Expect 5.25 package, I'd be most grateful. Thank you very much. chas ps. I notice in the freebsd.org archives that many people advised against using web pages for passwd update. the comments in this script suggest it's relatively secure but if anyone has encountered problems or found a better solution (we don't allow telnet to the machines hence the webpage approach), i'm all ears too. #!/usr/local/bin/expect # This is a CGI script to process requests created by the accompanying # passwd.html form. This script is pretty basic, although it is # reasonably robust. (Purposely intent users can make the script bomb # by mocking up their own HTML form, however they can't expose or steal # passwords or otherwise open any security holes.) This script doesn't # need any special permissions. The usual (ownership nobody) is fine. puts "Content-type: text/html\n" ;# note extra newline puts " Passwd Change Acknowledgment

Passwd Change Acknowledgment

" proc cgi2ascii {buf} { regsub -all {\+} $buf { } buf regsub -all {([\\["$])} $buf {\\\1} buf regsub -all -nocase "%0d%0a" $buf "\n" buf regsub -all -nocase {%([a-f0-9][a-f0-9])} $buf {[format %c 0x\1]} buf eval return \"$buf\" } foreach pair [split [read stdin $env(CONTENT_LENGTH)] &] { regexp (.*)=(.*) $pair dummy varname val set val [cgi2ascii $val] set var($varname) $val } log_user 0 proc errormsg {s} {puts "

Error: $s

"} proc successmsg {s} {puts "

$s

"} # Need to su first to get around passwd's requirement that passwd cannot # be run by a totally unrelated user. Seems rather pointless since it's # so easy to satisfy, eh? # Change following line appropriately for your site. # (We use yppasswd, but you might use something else.) # Guessing that the following line was for Sun only : # spawn /bin/su $var(name) -c /bin/yppasswd $var(name) # My attempt for FBSD : spawn usr/bin/su $var(name) -c usr/bin/passwd $var(name) expect { "Unknown login:" { errormsg "unknown user: $var(name)" exit } default { errormsg "$expect_out(buffer)" exit } "Password:" } send "$var(old)\r" expect { "unknown user" { errormsg "unknown user: $var(name)" exit } "Sorry" { errormsg "Old password incorrect" exit } default { errormsg "$expect_out(buffer)" exit } "Old password:" } send "$var(old)\r" expect "New password:" send "$var(new1)\r" expect "New password:" send "$var(new2)\r" expect -re (.*)\r\n { set error $expect_out(1,string) } if [info exists error] { errormsg "$error" } else { successmsg "Password changed successfully." } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message