OpenCores
URL https://opencores.org/ocsvn/or1k/or1k/trunk

Subversion Repositories or1k

[/] [or1k/] [trunk/] [insight/] [expect/] [example/] [passwd.cgi] - Blame information for rev 1765

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 578 markom
#!/depot/path/expect --
2
 
3
# This is a CGI script to process requests created by the accompanying
4
# passwd.html form.  This script is pretty basic, although it is
5
# reasonably robust.  (Purposely intent users can make the script bomb
6
# by mocking up their own HTML form, however they can't expose or steal
7
# passwords or otherwise open any security holes.)  This script doesn't
8
# need any special permissions.  The usual (ownership nobody) is fine.
9
#
10
# With a little more code, the script can do much more exotic things -
11
# for example, you could have the script:
12
#
13
# - telnet to another host first (useful if you run CGI scripts on a
14
#   firewall), or
15
#
16
# - change passwords on multiple password server hosts, or
17
#
18
# - verify that passwords aren't in the dictionary, or
19
#
20
# - verify that passwords are at least 8 chars long and have at least 2
21
#   digits, 2 uppercase, 2 lowercase, or whatever restrictions you like,
22
#   or
23
#
24
# - allow short passwords by responding appropriately to passwd
25
#
26
# and so on.  Have fun!
27
#
28
# Don Libes, NIST
29
 
30
puts "Content-type: text/html\n"        ;# note extra newline
31
 
32
puts "
33
34
Passwd Change Acknowledgment
35
36
 
37

Passwd Change Acknowledgment

38
"
39
 
40
proc cgi2ascii {buf} {
41
    regsub -all {\+} $buf { } buf
42
    regsub -all {([\\["$])} $buf {\\\1} buf
43
    regsub -all -nocase "%0d%0a" $buf "\n" buf
44
    regsub -all -nocase {%([a-f0-9][a-f0-9])} $buf {[format %c 0x\1]} buf
45
    eval return \"$buf\"
46
}
47
 
48
foreach pair [split [read stdin $env(CONTENT_LENGTH)] &] {
49
        regexp (.*)=(.*) $pair dummy varname val
50
        set val [cgi2ascii $val]
51
        set var($varname) $val
52
}
53
 
54
log_user 0
55
 
56
proc errormsg {s} {puts "

Error: $s

"}
57
proc successmsg {s} {puts "

$s

"}
58
 
59
# Need to su first to get around passwd's requirement that passwd cannot
60
# be run by a totally unrelated user.  Seems rather pointless since it's
61
# so easy to satisfy, eh?
62
 
63
# Change following line appropriately for your site.
64
# (We use yppasswd, but you might use something else.)
65
spawn /bin/su $var(name) -c "/bin/yppasswd $var(name)"
66
# This fails on SunOS 4.1.3 (passwd says "you don't have a login name")
67
# run on (or telnet first to) host running SunOS 4.1.4 or later.
68
 
69
expect {
70
        "Unknown login:" {
71
                errormsg "unknown user: $var(name)"
72
                exit
73
        } default {
74
                errormsg "$expect_out(buffer)"
75
                exit
76
        } "Password:"
77
}
78
send "$var(old)\r"
79
expect {
80
        "unknown user" {
81
                errormsg "unknown user: $var(name)"
82
                exit
83
        } "Sorry" {
84
                errormsg "Old password incorrect"
85
                exit
86
        } default {
87
                errormsg "$expect_out(buffer)"
88
                exit
89
        } "Old password:"
90
}
91
send "$var(old)\r"
92
expect "New password:"
93
send "$var(new1)\r"
94
expect "New password:"
95
send "$var(new2)\r"
96
expect -re (.*)\r\n {
97
        set error $expect_out(1,string)
98
}
99
 
100
if [info exists error] {
101
        errormsg "$error"
102
} else {
103
        successmsg "Password changed successfully."
104
}
105
 

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.