Author Topic: 3.5: User Password Change [SOLVED]  (Read 2666 times)

ippillihplm

  • Zen Apprentice
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
3.5: User Password Change [SOLVED]
« on: July 01, 2014, 09:16:31 am »
How does a user change his password under 3.5 if the User Portal is now gone?  Is this just using the smbpasswd command for now?
« Last Edit: July 15, 2014, 11:21:14 am by ippillihplm »

sheck

  • Zen Monk
  • **
  • Posts: 52
  • Karma: +0/-0
    • View Profile
Re: 3.5: User Password Change
« Reply #1 on: July 03, 2014, 02:48:50 pm »
any infos about this? it´s a blocker for us since user corner is heavily used...

thanks

ippillihplm

  • Zen Apprentice
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: 3.5: User Password Change
« Reply #2 on: July 15, 2014, 11:20:55 am »
I think I was able to find a way to accomplish this via a CGI script.  If anyone is interested, here is the CGI file that I used that I did a lot of searching for...

############################################################################
# Simple CGI script that uses smbpasswd to allow a user to change their
# password on a Windows domain controller.
#
# Written 2013-03-02 by Lester Hightower
############################################################################

use strict;
use CGI qw(:standard);
use IPC::Open3;
use Symbol 'gensym';

my $DOM_CONTROLLER = '127.0.0.1';
my $EXE_SMBPASSWD = '/usr/bin/smbpasswd';

my $q = CGI->new;
if (uc($q->request_method()) eq 'POST') {
  try_change_passwd($q);
} else {
  send_change_form($q);
}

exit;

############################################################################
############################################################################
############################################################################

sub send_change_form($) {
  my $q=shift @_;
  print $q->header('text/html');
  my @form_elements = (
        { 'name' => 'Username', 'html' =>
    textfield(-name=>'username', -value=>'',-size=>20,-maxlength=>80)
        },
        { 'name' => 'Current Password', 'html' =>
    password_field(-name=>'old_passwd', -value=>'',-size=>20,-maxlength=>80),
        },
        { 'name' => 'New Password', 'html' =>
    password_field(-name=>'new_passwd', -value=>'',-size=>20,-maxlength=>80),
        },
        { 'name' => 'Retype new password', 'html' =>
    password_field(-name=>'new_passwd2', -value=>'',-size=>20,-maxlength=>80),
        },
        );
  print
    "<html>\n" .
    "<head><title>Change Password</title></head>\n" .
    "<body>\n" .
    start_form(-method=>'POST') .
    "<table>\n" .
    make_form_table_fields($q, \@form_elements) .
    "<tr><td colspan=2 align=right>" .
        submit(-name=>'btn_chpasswd', -value=>'Change Password') .
        "</td></tr>\n" .
    "</table>\n" .
    end_form .
    "</body>\n" .
    "</html>\n";

  return;
}
sub make_form_table_fields($$) {
  my $q=shift @_;
  my $form_elements=shift @_;

  my $t='';
  foreach my $fe (@{$form_elements}) {
    my $name=$fe->{name};
    my $html=$fe->{html};
    $t.="<tr><td align=right>$name</td><td>$html</td></tr>\n";
  }
  return $t;
}


############################################################################

sub try_change_passwd($) {
  my $q=shift @_;
  print $q->header('text/html');

  my $username = $q->param('username');
  my $old_passwd = $q->param('old_passwd');
  my $new_passwd = $q->param('new_passwd');
  my $new_passwd2 = $q->param('new_passwd2');

  if ($username !~ m/^[a-z._0-9]+$/i) {
    print "Invalid username\n";
    return;
  }
  if (length($new_passwd) < 1) {
    print "New password cannot be blank.\n";
    return;
  }
  if ($new_passwd ne $new_passwd2) {
    print "Mismatch in new password verification.\n";
    return;
  }

  my($wtr, $rdr, $err);
  $err = gensym;
  my @cmd=($EXE_SMBPASSWD,'-D 0','-s','-U',$username);
  #warn "LHHD: running - " . join(" ", @cmd) . "\n";
  my $pid = open3($wtr, $rdr, $err, @cmd);
  print $wtr "$old_passwd\n$new_passwd\n$new_passwd2\n";
  waitpid( $pid, 0 );
  my $child_exit_status = $? >> 8;

  if ($child_exit_status == 0) {
    print "Password changed successfully.";
  } else {
    my $stdout=<$rdr>;
    my $stderr=<$err>;
    my $errmsg=$stdout;
    if (length($errmsg)) { $errmsg .= "\n-\n"; }
    $errmsg .= $stderr;
    print "Password change was not successful:<pre>$errmsg</pre>\n";
  }
  return;
}

Szemy

  • Zen Apprentice
  • *
  • Posts: 44
  • Karma: +0/-1
    • View Profile
Re: 3.5: User Password Change [SOLVED]
« Reply #3 on: September 01, 2014, 10:32:55 am »
Hi
Nice but my problem ...
Password change was not successful:

Can't load /etc/samba/smb.conf - run testparm to debug it

testparm output all OK..
please help

ippillihplm

  • Zen Apprentice
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: 3.5: User Password Change [SOLVED]
« Reply #4 on: September 02, 2014, 07:36:06 am »
Yep,

I later encountered this issue.  The problem being, the user www-data, which is what the cgi/perl script is running as, is trying to access the smb.conf and openchange.conf files in the /etc/samba/ directory.  There is no secure way, at least that I have found, to run the perl script so that it can access those conf files.  Additionally, if you change the permissions on the files so that it the user can access them, it is temporary at best.  I have ended up running a crontab job that allows the user to access the files with the following commands in crontab:

Code: [Select]
0 * * * * setfacl -m "u:www-data:rx" /etc/samba/openchange.conf
0 * * * * setfacl -m "u:www-data:rx" /etc/samba/smb.conf

What this does is on the hour to set the ACLs for the user of www-data to allow it to access the necessary files.  this has worked for me thus far, but no guarantees here.

-Michael