=head1 passwd-lib.pl
Functions to support the change passwords module. Some example code :
foreign_require('passwd', 'passwd-lib.pl');
$user = passwd::find_user('joe');
if ($user) {
passwd::change_password($user, 'smeg', 0);
}
=cut
BEGIN { push(@INC, ".."); };
use WebminCore;
&init_config();
%access = &get_module_acl();
$rate_limit_file = "$module_var_directory/rate-limit";
$rate_limit_timeout = 10*60; # 10 minutes
$rate_limit_max = 10;
=head2 can_edit_passwd(&user)
Returns 1 if the current Webmin user can change the password for the Unix
user whose details are in the given hash ref, which is in the format returned
by useradmin::list_users.
=cut
sub can_edit_passwd
{
if ($access{'self'} && $_[0]->[0] eq $remote_user) {
# Self-editing override is enabled
return 1;
}
if ($access{'mode'} == 0) {
# Can change any
return 1;
}
elsif ($access{'mode'} == 3) {
# Only own password
return $_[0]->[0] eq $remote_user;
}
elsif ($access{'mode'} == 4) {
# UID within range
return (!$access{'low'} || $_[0]->[2] >= $access{'low'}) &&
(!$access{'high'} || $_[0]->[2] <= $access{'high'});
}
elsif ($access{'mode'} == 5) {
# Member of some group (except for exclusion list)
return 0 if (&indexof($_[0]->[0],
split(/\s+/, $access{'notusers'})) >= 0);
local $g = getgrgid($_[0]->[3]);
return 1 if (&indexof($g, split(/\s+/, $access{'groups'})) >= 0);
if ($access{'sec'}) {
local $gname;
foreach $gname (split(/\s+/, $access{'groups'})) {
local @g = getgrnam($gname);
return 1 if (&indexof($_[0]->[0],
split(/\s+/, $g[3])) >= 0);
}
}
return 0;
}
elsif ($access{'mode'} == 6) {
# Users matching regexp
return $_[0]->[0] =~ /$access{'users'}/;
}
else {
# Users on / not on some list
local $idx = &indexof($_[0]->[0], split(/\s+/, $access{'users'}));
return $access{'mode'} == 1 && $idx >= 0 ||
$access{'mode'} == 2 && $idx < 0;
}
}
=head2 find_user(name)
Looks up the user structure for some name, in the useradmin, ldap-useradmin
and nis modules, and returns it.
=cut
sub find_user
{
local $mod;
foreach $mod ([ "useradmin", "user-lib.pl" ],
[ "ldap-useradmin", "ldap-useradmin-lib.pl" ],
) {
next if (!&foreign_installed($mod->[0], 1));
&foreign_require($mod->[0], $mod->[1]);
local @ulist = &foreign_call($mod->[0], "list_users");
local ($user) = grep { $_->{'user'} eq $_[0] } @ulist;
if ($user) {
$user->{'mod'} = $mod->[0];
return $user;
}
}
return undef;
}
=head2 change_password(&user, pass, do-others)
Updates a user's password. The required parameters are :
=item user - A hash ref of user details, in the format supplied by find_user.
=item pass - The new password, in plain text.
=item do-others - If set to 1, the password is changed in other Webmin modules too.
=cut
sub change_password
{
local ($user, $pass, $others) = @_;
local $mod = $user->{'mod'} || "useradmin";
local $pft = $mod eq "useradmin" ? &useradmin::passfiles_type() :
$mod eq "ldap-useradmin" ? 1 : 0;
# Do the change!
$user->{'olduser'} = $user->{'user'};
$user->{'pass'} = &foreign_call($mod, "encrypt_password", $pass);
$user->{'passmode'} = 3;
# Modification ALain De Witte - on change of the password set
# ADMCHG flag for AIX
$user->{'admchg'} = 1;
$user->{'plainpass'} = $pass;
if ($pft == 2 || $pft == 5) {
if ($in{'expire'}) {
$user->{'change'} = 0;
}
else {
$user->{'change'} = int(time() / (60*60*24));
}
}
elsif ($pft == 4) {
$user->{'change'} = time();
}
&foreign_call($mod, "lock_user_files");
&foreign_call($mod, "set_user_envs", $user, 'MODIFY_USER',
$in{'new'});
&foreign_call($mod, "making_changes");
&foreign_call($mod, "modify_user", $user, $user);
&foreign_call($mod, "made_changes");
&foreign_call($mod, "unlock_user_files");
if ($others) {
&foreign_call($mod, "other_modules",
"useradmin_modify_user", $user);
}
}
# apply_rate_limit(key)
# Delays for some amount of time based on the key, to prevent brute force attacks
sub apply_rate_limit
{
my ($key) = @_;
my $now = time();
my %rate;
&lock_file($rate_limit_file);
&read_file($rate_limit_file, \%rate);
$rate{$key."_last"} ||= $now;
if ($now - $rate{$key."_last"} > $rate_limit_timeout) {
# Time since blocking for this key started as expired
delete($rate{$key});
delete($rate{$key."_last"});
}
my $rv;
if ($rate{$key} > $rate_limit_max) {
$rv = "Too many failures for $key";
}
else {
sleep(2 ** $rate{$key});
$rate{$key}++;
}
&write_file($rate_limit_file, \%rate);
&unlock_file($rate_limit_file);
return $rv;
}
# clear_rate_limit(key)
# After a successful operation, clear any rate limits for the given key
sub clear_rate_limit
{
my ($key) = @_;
my %rate;
&lock_file($rate_limit_file);
&read_file($rate_limit_file, \%rate);
delete($rate{$key});
delete($rate{$key."_last"});
&write_file($rate_limit_file, \%rate);
&unlock_file($rate_limit_file);
}
1;
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| images | Folder | 0755 |
|
|
| lang | Folder | 0755 |
|
|
| CHANGELOG | File | 648 B | 0644 |
|
| acl_security.pl | File | 2.37 KB | 0755 |
|
| change-passwd.pl | File | 1.44 KB | 0755 |
|
| change_passwd.cgi | File | 1.6 KB | 0755 |
|
| config | File | 39 B | 0644 |
|
| config-openmamba-linux | File | 57 B | 0644 |
|
| config.info | File | 229 B | 0644 |
|
| config.info.af | File | 256 B | 0644 |
|
| config.info.ar | File | 371 B | 0644 |
|
| config.info.ca | File | 285 B | 0644 |
|
| config.info.cs | File | 288 B | 0644 |
|
| config.info.de | File | 271 B | 0644 |
|
| config.info.el | File | 456 B | 0644 |
|
| config.info.es | File | 307 B | 0644 |
|
| config.info.fa | File | 433 B | 0644 |
|
| config.info.fi | File | 261 B | 0644 |
|
| config.info.fr | File | 312 B | 0644 |
|
| config.info.hr | File | 0 B | 0644 |
|
| config.info.hu | File | 310 B | 0644 |
|
| config.info.it | File | 250 B | 0644 |
|
| config.info.ja | File | 307 B | 0644 |
|
| config.info.ko | File | 239 B | 0644 |
|
| config.info.ms | File | 259 B | 0644 |
|
| config.info.nl | File | 264 B | 0644 |
|
| config.info.no | File | 241 B | 0644 |
|
| config.info.pl | File | 231 B | 0644 |
|
| config.info.ru | File | 498 B | 0644 |
|
| config.info.tr | File | 299 B | 0644 |
|
| config.info.uk | File | 482 B | 0644 |
|
| config.info.zh_TW | File | 175 B | 0644 |
|
| defaultacl | File | 71 B | 0644 |
|
| edit_passwd.cgi | File | 1.8 KB | 0755 |
|
| index.cgi | File | 2.74 KB | 0755 |
|
| log_parser.pl | File | 423 B | 0755 |
|
| module.info | File | 218 B | 0644 |
|
| module.info.af | File | 26 B | 0644 |
|
| module.info.af.auto | File | 85 B | 0644 |
|
| module.info.ar | File | 130 B | 0644 |
|
| module.info.ar.auto | File | 19 B | 0644 |
|
| module.info.be | File | 0 B | 0644 |
|
| module.info.be.auto | File | 148 B | 0644 |
|
| module.info.bg | File | 0 B | 0644 |
|
| module.info.bg.auto | File | 164 B | 0644 |
|
| module.info.ca | File | 97 B | 0644 |
|
| module.info.ca.auto | File | 15 B | 0644 |
|
| module.info.cs | File | 21 B | 0644 |
|
| module.info.cs.auto | File | 78 B | 0644 |
|
| module.info.da | File | 0 B | 0644 |
|
| module.info.da.auto | File | 104 B | 0644 |
|
| module.info.de | File | 96 B | 0644 |
|
| module.info.de.auto | File | 15 B | 0644 |
|
| module.info.el | File | 0 B | 0644 |
|
| module.info.el.auto | File | 197 B | 0644 |
|
| module.info.es | File | 31 B | 0644 |
|
| module.info.es.auto | File | 86 B | 0644 |
|
| module.info.eu | File | 0 B | 0644 |
|
| module.info.eu.auto | File | 105 B | 0644 |
|
| module.info.fa | File | 0 B | 0644 |
|
| module.info.fa.auto | File | 157 B | 0644 |
|
| module.info.fi | File | 26 B | 0644 |
|
| module.info.fi.auto | File | 87 B | 0644 |
|
| module.info.fr | File | 32 B | 0644 |
|
| module.info.fr.auto | File | 95 B | 0644 |
|
| module.info.he | File | 0 B | 0644 |
|
| module.info.he.auto | File | 117 B | 0644 |
|
| module.info.hr | File | 0 B | 0644 |
|
| module.info.hr.auto | File | 104 B | 0644 |
|
| module.info.hu | File | 32 B | 0644 |
|
| module.info.hu.auto | File | 92 B | 0644 |
|
| module.info.it | File | 24 B | 0644 |
|
| module.info.it.auto | File | 79 B | 0644 |
|
| module.info.ja | File | 33 B | 0644 |
|
| module.info.ja.auto | File | 115 B | 0644 |
|
| module.info.ko | File | 22 B | 0644 |
|
| module.info.ko.auto | File | 105 B | 0644 |
|
| module.info.lt | File | 0 B | 0644 |
|
| module.info.lt.auto | File | 112 B | 0644 |
|
| module.info.lv | File | 0 B | 0644 |
|
| module.info.lv.auto | File | 96 B | 0644 |
|
| module.info.ms | File | 88 B | 0644 |
|
| module.info.ms.auto | File | 15 B | 0644 |
|
| module.info.mt | File | 0 B | 0644 |
|
| module.info.mt.auto | File | 105 B | 0644 |
|
| module.info.nl | File | 30 B | 0644 |
|
| module.info.nl.auto | File | 84 B | 0644 |
|
| module.info.no | File | 31 B | 0644 |
|
| module.info.no.auto | File | 75 B | 0644 |
|
| module.info.pl | File | 22 B | 0644 |
|
| module.info.pl.auto | File | 76 B | 0644 |
|
| module.info.pt | File | 0 B | 0644 |
|
| module.info.pt.auto | File | 98 B | 0644 |
|
| module.info.pt_BR | File | 25 B | 0644 |
|
| module.info.pt_BR.auto | File | 81 B | 0644 |
|
| module.info.ro | File | 0 B | 0644 |
|
| module.info.ro.auto | File | 103 B | 0644 |
|
| module.info.ru | File | 21 B | 0644 |
|
| module.info.ru.auto | File | 114 B | 0644 |
|
| module.info.sk | File | 20 B | 0644 |
|
| module.info.sk.auto | File | 84 B | 0644 |
|
| module.info.sl | File | 0 B | 0644 |
|
| module.info.sl.auto | File | 105 B | 0644 |
|
| module.info.sv | File | 0 B | 0644 |
|
| module.info.sv.auto | File | 106 B | 0644 |
|
| module.info.th | File | 0 B | 0644 |
|
| module.info.th.auto | File | 190 B | 0644 |
|
| module.info.tr | File | 31 B | 0644 |
|
| module.info.tr.auto | File | 92 B | 0644 |
|
| module.info.uk | File | 0 B | 0644 |
|
| module.info.uk.auto | File | 151 B | 0644 |
|
| module.info.ur | File | 0 B | 0644 |
|
| module.info.ur.auto | File | 160 B | 0644 |
|
| module.info.vi | File | 0 B | 0644 |
|
| module.info.vi.auto | File | 145 B | 0644 |
|
| module.info.zh | File | 0 B | 0644 |
|
| module.info.zh.auto | File | 88 B | 0644 |
|
| module.info.zh_TW | File | 24 B | 0644 |
|
| module.info.zh_TW.auto | File | 73 B | 0644 |
|
| passwd-lib.pl | File | 4.76 KB | 0755 |
|
| prefs.info | File | 39 B | 0644 |
|
| rbac-mapping | File | 73 B | 0644 |
|
| safeacl | File | 47 B | 0644 |
|
| save_passwd.cgi | File | 2.88 KB | 0755 |
|