2 # chfn implementation for LDAP
3 # Copyright (C) 2000 Tom Lear <tom@trap.mtview.ca.us>
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 2 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program; if not, write to the Free Software
17 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 open(CONF,"/etc/login.defs") or die "$!\n";
23 next if(m/^\s*($|#)/);
24 $CHFN_RESTRICT=$1 if(m/^\s*CHFN_RESTRICT\s+(.*?)\s*$/);
27 $CHFN_RESTRICT='rwh' if($CHFN_RESTRICT eq 'yes');
28 $CHFN_RESTRICT='frwh' if($CHFN_RESTRICT eq 'no');
30 $CHFN_RESTRICT='frwho' if($<==0);
32 while($ARGV[0]=~m/^-([frwho])$/) {
36 die "You can't change that field.\n" if($CHFN_RESTRICT!~m/$let/);
41 $user=(getpwuid($<))[0];
43 die "You can't change that user.\n" if($< and $<!=getpwnam($user));
46 # use pam_ldap's config file since this script is ldap specific and
47 # is a work around for a deficiency in pam
48 $CONF{'pam_login_attribute'}='uid';
49 open(CONF,"/etc/ldap.conf") or die "$!\n";
51 next if(m/^\s*($|#)/);
52 m/^\s*(\S+)\s+(.*?)\s*$/;
56 open(CONF,"/etc/ldap.secret") and chomp($CONF{'rootbindpw'}=<CONF>);
69 $ldap=Net::LDAP->new($CONF{'host'});
71 if($< or $CONF{'rootbinddn'} eq '') {
73 system "/bin/stty -echo";
75 chomp($password = <STDIN>);
77 system "/bin/stty echo";
78 %bindargs=('dn' => "$CONF{pam_login_attribute}=$user,ou=People,$CONF{base}",
79 'password' => $password,
82 %bindargs=('dn' => $CONF{'rootbinddn'},
83 'password' => $CONF{'rootbindpw'},
86 $bindargs{'version'}=$CONF{'ldap_version'}?$CONF{'ldap_version'}:2;
88 $ldap->bind(%bindargs) or die "unable to bind to ldap server: $@";
90 # get the current values
91 @gecos=split(',',(getpwnam($user))[6]);
93 # get the new entries if neccesary
95 print "Enter the new value, or press return for the default\n";
96 @fields=('f','r','w','h');
97 push(@fields, 'o') if($<==0);
99 if($CHFN_RESTRICT=~m/$_/) {
100 print "\t$FIELDS{$_} [$gecos[$i]]: ";
101 chomp($new{$_}=<STDIN>);
102 $new{$_}=$gecos[$i] if($new{$_} eq '');
104 print "\t$FIELDS{$_}: $gecos[$i]\n";
110 # check the entries validity
112 foreach('f','r','w','h','o') {
113 die "invalid entry: \"$new{$_}\"\n" if($new{$_}!~m/^[ -~]*$/ or $new{$_}=~m/[:,=]/);
114 $gecos[$i]=$new{$_} if(defined $new{$_});
118 # change the gecos field
120 $ret=$ldap->modify("$CONF{pam_login_attribute}=$user,ou=People,$CONF{base}",
121 replace => {'gecos' => join(',',@gecos)});
123 printf STDERR ("failed: %s\n",$ret->error);