Date: Wed, 11 Mar 1998 03:43:08 +0800 (SGT) From: chas <panda@peace.com.my> To: freebsd-questions@FreeBSD.ORG Subject: Problem adapting Expect passwd script for FBSD. Message-ID: <3.0.32.19980311040535.009e02f0@peace.com.my>
next in thread | raw e-mail | index | archive | help
I'm trying to use the passwd.cgi script that comes with Expect
distribution but am having trouble configuring it.
I keep getting the "Passwd Change Acknowledgement" reply but
no change is made to the passwd. Looking through the script
with my v. limited Expect knowledge, I figure the problem
must lie in :
spawn /bin/su $var(name) -c /bin/yppasswd $var(name)
which I've changed to :
spawn /usr/bin/su $var(name) -c /usr/bin/passwd $var(name)
But this still doesn't work.
If anyone can share the changes they made to this script
to get it working with FBSD 2.1.7/Expect 5.25 package,
I'd be most grateful.
Thank you very much.
chas
ps. I notice in the freebsd.org archives that many people
advised against using web pages for passwd update. the
comments in this script suggest it's relatively secure
but if anyone has encountered problems or found a better
solution (we don't allow telnet to the machines hence
the webpage approach), i'm all ears too.
#!/usr/local/bin/expect
# This is a CGI script to process requests created by the accompanying
# passwd.html form. This script is pretty basic, although it is
# reasonably robust. (Purposely intent users can make the script bomb
# by mocking up their own HTML form, however they can't expose or steal
# passwords or otherwise open any security holes.) This script doesn't
# need any special permissions. The usual (ownership nobody) is fine.
puts "Content-type: text/html\n" ;# note extra newline
puts "
<head>
<title>Passwd Change Acknowledgment</title>
</head>
<h2>Passwd Change Acknowledgment</h2>
"
proc cgi2ascii {buf} {
regsub -all {\+} $buf { } buf
regsub -all {([\\["$])} $buf {\\\1} buf
regsub -all -nocase "%0d%0a" $buf "\n" buf
regsub -all -nocase {%([a-f0-9][a-f0-9])} $buf {[format %c 0x\1]} buf
eval return \"$buf\"
}
foreach pair [split [read stdin $env(CONTENT_LENGTH)] &] {
regexp (.*)=(.*) $pair dummy varname val
set val [cgi2ascii $val]
set var($varname) $val
}
log_user 0
proc errormsg {s} {puts "<h3>Error: $s</h3>"}
proc successmsg {s} {puts "<h3>$s</h3>"}
# Need to su first to get around passwd's requirement that passwd cannot
# be run by a totally unrelated user. Seems rather pointless since it's
# so easy to satisfy, eh?
# Change following line appropriately for your site.
# (We use yppasswd, but you might use something else.)
# Guessing that the following line was for Sun only :
# spawn /bin/su $var(name) -c /bin/yppasswd $var(name)
# My attempt for FBSD :
spawn usr/bin/su $var(name) -c usr/bin/passwd $var(name)
expect {
"Unknown login:" {
errormsg "unknown user: $var(name)"
exit
} default {
errormsg "$expect_out(buffer)"
exit
} "Password:"
}
send "$var(old)\r"
expect {
"unknown user" {
errormsg "unknown user: $var(name)"
exit
} "Sorry" {
errormsg "Old password incorrect"
exit
} default {
errormsg "$expect_out(buffer)"
exit
} "Old password:"
}
send "$var(old)\r"
expect "New password:"
send "$var(new1)\r"
expect "New password:"
send "$var(new2)\r"
expect -re (.*)\r\n {
set error $expect_out(1,string)
}
if [info exists error] {
errormsg "$error"
} else {
successmsg "Password changed successfully."
}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19980311040535.009e02f0>