[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: adding users



> At least it would be good to be able to to change password of the
> existing users in the running system.

Here is a sample to change user admin password - it can be called as a
cgi script from boa !!

could easilly be changed for other users

"elle est pas belle la vie?"
**********************************************

SetPasswd.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
    <META NAME="Generator" CONTENT="Cosmo Create 1.0.3">
    <TITLE>Please enter the requested values: </TITLE>
</HEAD>
                                                                                
                                                                                
<body BGCOLOR="#AAAAAA"
 TEXT="#ffffff" BACKGROUND="../pics/keopsysnb.gif" bgproperties="fixed"
>
                                                                                
                                                                                
<table BORDER="0" CELLPADDING="0" CELLSPACING="0" WIDTH="100%">

</table>
                                                                                
<br><br><br>
                                                                                
                                                                                
                                                                                
<H1>
Please enter the new password:</H1>
<FORM METHOD="POST" ACTION="../admin-bin/passwd" target="_self">
                                                                                
<P>
password : <INPUT TYPE="PASSWORD" NAME="pass1" SIZE="16"></P>
<P>
type again<INPUT TYPE="PASSWORD" NAME="pass2" SIZE="16"></P>
<P>
<INPUT TYPE="SUBMIT" NAME="Apply" VALUE="Apply"></P>
</FORM>
</BODY>
</HTML>




Makefile

AXIS_USABLE_LIBS = UCLIBC GLIBC
#include $(APPS)/Rules.elinux
include $(AXIS_TOP_DIR)/tools/build/Rules.axis
                                                                                
                                                                                
EXE=passwd
PROGS = passwd
LDLIBS += /usr/local/cris/lib/gcc-lib/cris/2.96/linux/libcrypt.a
OBJS  = passwd.o
                                                                                
INSTDIR   = $(prefix)/bin/
INSTCONFDIR   = $(prefix)/bin/
INSTMODE  = 4755
INSTMODERW  = 0555
INSTOWNER = root
INSTGROUP = root
                                                                                
                                                                                
all: $(PROGS)
                                                                                
$(PROGS): $(OBJS)
        $(CC) $(LDFLAGS)  $^ $(LDLIBS) -o $@
        chmod ugo+x $(PROGS)
                                                                                
install:        $(PROGS)
        @echo "Installing passwd"
        $(INSTALL) -d $(INSTDIR)
        $(INSTALL) -m $(INSTMODE) -o $(INSTOWNER) -g $(INSTGROUP)
$(PROGS) $(INSTDIR)
                                                                                
clean:
        rm -rf $(OBJS) $(PROGS) *.o *~ core
                                                                                
passwd.o: passwd.c
~
~
~
~
~

Passwd.c

//#define _XOPEN_SOURCE
#include <pwd.h>
#include <stdio.h>
#include <sys/types.h>
#include <string.h>
#include <strings.h>
#include <unistd.h>


/*************************************************************************/
/**                                                                    
**/
/**     getcgivars.c-- routine to read CGI input variables into an     
**/
/**         array of strings.                                          
**/
/**                                                                    
**/
/**     Written in 1996 by James Marshall, james@xxxxxxx.com, except 
**/
/**     that the x2c() and unescape_url() routines were lifted directly
**/
/**     from NCSA's sample program util.c, packaged with their HTTPD.  
**/
/**                                                                    
**/
/**     For the latest, see http://www.jmarshall.com/easy/cgi/ .       
**/
/**                                                                    
**/
/*************************************************************************/

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

/** Convert a two-char hex string into the char it represents. **/
char x2c(char *what) {
   register char digit;

   digit = (what[0] >= 'A' ? ((what[0] & 0xdf) - 'A')+10 : (what[0] -
'0'));
   digit *= 16;
   digit += (what[1] >= 'A' ? ((what[1] & 0xdf) - 'A')+10 : (what[1] -
'0'));
   return(digit);
}

/** Reduce any %xx escape sequences to the characters they represent.
**/
void unescape_url(char *url) {
    register int i,j;

    for(i=0,j=0; url[j]; ++i,++j) {
        if((url[i] = url[j]) == '%') {
            url[i] = x2c(&url[j+1]) ;
            j+= 2 ;
        }
    }
    url[i] = '\0' ;
}


/** Read the CGI input and place all name/val pairs into list.       
**/
/** Returns list containing name1, value1, name2, value2, ... , NULL 
**/
char **getcgivars() {
    register int i ;
    char *request_method ;
    int content_length;
    char *cgiinput ;
    char **cgivars ;
    char **pairlist ;
    int paircount ;
    char *nvpair ;
    char *eqpos ;

    /** Depending on the request method, read all CGI input into
cgiinput. **/
    request_method= getenv("REQUEST_METHOD") ;
    if (!strcmp(request_method, "GET") || !strcmp(request_method,
"HEAD") ) {
        /* Some servers apparently don't provide QUERY_STRING if it's
empty, */
        /*   so avoid strdup()'ing a NULL pointer
here.                      */
        char *qs ;
        qs= getenv("QUERY_STRING") ;
        cgiinput= strdup(qs  ? qs  : "") ;
    }
    else if (!strcmp(request_method, "POST")) {
        /* strcasecmp() is not supported in Windows-- use strcmpi()
instead */
        if ( strcasecmp(getenv("CONTENT_TYPE"),
"application/x-www-form-urlencoded")) {
	    printf("Content-Type: text/plain\n\n") ;
            printf("getcgivars(): Unsupported Content-Type.\n") ;
            exit(1) ;
        }
        if ( !(content_length = atoi(getenv("CONTENT_LENGTH"))) ) {
	    printf("Content-Type: text/plain\n\n") ;
            printf("getcgivars(): No Content-Length was sent with the
POST request.\n") ;
            exit(1) ;
        }
        if ( !(cgiinput= (char *) malloc(content_length+1)) ) {
	    printf("Content-Type: text/plain\n\n") ;
            printf("getcgivars(): Couldn't malloc for cgiinput.\n") ;
            exit(1) ;
        }
        if (!fread(cgiinput, content_length, 1, stdin)) {
	    printf("Content-Type: text/plain\n\n") ;
            printf("getcgivars(): Couldn't read CGI input from
STDIN.\n") ;
            exit(1) ;
        }
        cgiinput[content_length]='\0' ;
    }
    else {
	printf("Content-Type: text/plain\n\n") ;
        printf("getcgivars(): Unsupported REQUEST_METHOD.\n") ;
        exit(1) ;
    }

    /** Change all plusses back to spaces. **/
    for (i=0; cgiinput[i]; i++) if (cgiinput[i] == '+') cgiinput[i] = '
' ;

    /** First, split on "&" and ";" to extract the name-value pairs into
**/
    /**   pairlist.                                                     
**/
    pairlist= (char **) malloc(256*sizeof(char **)) ;
    paircount= 0 ;
    nvpair= strtok(cgiinput, "&;") ;
    while (nvpair) {
        pairlist[paircount++]= strdup(nvpair) ;
        if (!(paircount%256))
            pairlist= (char **)
realloc(pairlist,(paircount+256)*sizeof(char **)) ;
        nvpair= strtok(NULL, "&;") ;
    }
    pairlist[paircount]= 0 ;    /* terminate the list with NULL */

    /** Then, from the list of pairs, extract the names and values. **/
    cgivars= (char **) malloc((paircount*2+1)*sizeof(char **)) ;
    for (i= 0; i<paircount; i++) {
        if (eqpos=strchr(pairlist[i], '=')) {
            *eqpos= '\0' ;
            unescape_url(cgivars[i*2+1]= strdup(eqpos+1)) ;
        } else {
            unescape_url(cgivars[i*2+1]= strdup("")) ;
        }
        unescape_url(cgivars[i*2]= strdup(pairlist[i])) ;
    }
    cgivars[paircount*2]= 0 ;   /* terminate the list with NULL */
    
    /** Free anything that needs to be freed. **/
    free(cgiinput) ;
    for (i=0; pairlist[i]; i++) free(pairlist[i]) ;
    free(pairlist) ;

    /** Return the list of name-value strings. **/
    return cgivars ;
    
}

/***************** end of the getcgivars() module ********************/


                                                                                
/*****************************************************************************/
void printHead()
/*****************************************************************************/
{
printf("<html>\n<head>\n<title>Welcome to AIRTRIA snmp agent for
KEOPSYS</title>\n</head>\n<body
BGCOLOR=\"#AAAAAA\">\n<br><br><br>\n<center><h2><b>\n");	
}
/*****************************************************************************/

/*****************************************************************************/
void printTrail()
/*****************************************************************************/
{
printf("</b></h2></center>\n</body></html>\n\n");	
}
/*****************************************************************************/

/*****************************************************************************/
int	myCopyFile(const char * Src, const char * Tgt)
/*****************************************************************************/
{
FILE *in;
FILE *out;
char ligne_lue[256];
int nb;


	//initialisation
	memset(ligne_lue, 0, 256);

	in=fopen(Src,"rb");
	if(in==NULL)
		{
		//printHead();
		//printf("Cannot open file %s",Src);
		//printTrail();
		return(-1);
		}

	out=fopen(Tgt,"wb");
	if(out==NULL)
		{
		//printHead();
		//printf("Cannot open file %s",Tgt);
		//printTrail();
		return(-1);
		}


	do
	{
	nb=fread(ligne_lue, 256,1, in);
	fwrite(ligne_lue, 256,1,out);
	memset(ligne_lue, 0, 256);
	}while(nb!=0);
	//fin while lecture fichier src
	
				
	fclose(in);
	fclose(out);


return(1);
}
/*****************************************************************************/


//   struct passwd {
// char    *pw_name;       /* user name */
// char    *pw_passwd;     /* user password */
// uid_t   pw_uid;         /* user id */
// gid_t   pw_gid;         /* group id */
// char    *pw_gecos;      /* real name */
// char    *pw_dir;        /* home directory */
// char    *pw_shell;      /* shell program */
//};



int main(int argc, char*argv[])
{
char**test;
char name[64];	
char password[64];	
const struct passwd *p;
FILE *out;

 const char *method = getenv("REQUEST_METHOD");
  if (method != NULL)
  {     /* CGI call */
    printf("Cache-Control: no-cache\r\n");
    printf("Pragma: no-cache\r\n"); 
    printf("Expires: Thu, 01 Dec 1994 16:00:00 GMT\r\n");
    printf("Content-Type: text/html\n\n");
    printf("\r\n");
    printHead();
    
     test=getcgivars();
     if(test[0]!=NULL)
        {
	if(strcmp(test[1],test[3])!=0)
		{
		printf("the two password you entered are different!!\n");
		printTrail();
		exit(-1);
		}
	 argv[1]=strdup(test[1]);	
	 argv[2]=strdup(test[3]);	
	}


  }


	

	strcpy(name,"admin");
	strcpy(password,argv[1]);
	
	do
	{
	p=getpwent();
	if(p==NULL)
	{
		printf("Cannot open file /etc/passwd\n");
		printTrail();
		endpwent();
		exit(-1);
	}
	}while(strcmp(p->pw_name,name)!=0);

	//ici l entree existe
	//on peut donc recopier le fichier
	//
	//reset au debut du fichier
	setpwent();



	out=fopen("/tmp/.passwd","w");
	if(out==NULL)	
		{
		endpwent();
		printf("Cannot open file /tmp/.passwd\n");
		printTrail();
		exit(-1);
		}

	//lecture du 1er
	p=getpwent();
	while(p!=NULL)
	{
	if(strcmp(p->pw_name,name)==0)
		p->pw_passwd=strdup(crypt(password,"xx"));
	if( putpwent(p, out)<0)
		{
		endpwent();
		fclose(out);
		printf("Cannot write in file /tmp/.passwd\n");
		printTrail();
		exit(-1);
		}
	p=getpwent();
	}
	
	endpwent();
        fclose(out);

	if(myCopyFile("/tmp/.passwd","/etc/passwd")<0)
		{
		printf("Cannot move file /tmp/.passwd to /etc/passwd\n");
		printTrail();
		exit(-1);
		}
	printf("Password changed succesfully\n");
	printTrail();
 exit(0);
}