/usr/lib/cgi-bin/poppass is in poppass-cgi 3-6.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 | #!/usr/bin/perl
# PopPass - a CGI script in Perl to allow users to changes their password
# using a WWW interface. PopPass uses poppassd version 1.2 (available at
# ftp://ftp.qualcomm.com/eudora/servers/unix/password/ to actually make
# the password change. It can therefore run as an unprivilaged user on any
# server (not necessarly the server where the password file exists). The
# Perl 5 modules IO::Socket and CGI are also required (available from your
# favorite CPAN site).
# A version of poppassd for Linux systems using shadow passwords can be
# found at ftp://ftp.ceti.com.pl/pub/linux/poppassd-1.8-ceti.tar.gz
# ==========================================================================
# Created: 2 Feb 96 by Jerry Workman (jerry@mtnsoft.com)
# Last Revised: 19 January 2000
# ==========================================================================
use strict;
use CGI qw(:all); # CGI forms etc
use CGI::Carp qw(fatalsToBrowser set_message);
BEGIN {
sub handle_errors {
my $msg = shift;
print "<h2>Error:</H2><i>$msg</i>";
}
set_message(\&handle_errors);
}
$SIG{ALRM} = \&error_exit;
alarm(60);
open(STDERR,">&STDOUT") || die "Can't dup stdout: $!\n";
select(STDERR); $| = 1; # Make unbuffered.
select(STDOUT); $| = 1; # Make unbuffered.
# --------------------------------------------------------------------------
my $DEBUG = 0;
my $DEFAULTHOST = 'localhost'; # host name if different from web server
my $TITLE = 'Change Your Password';
my $AUTHOR = 'Jerry Workman';
my $COPYRIGHT = "Copyright 1996-2000 $AUTHOR";
my $HOME = hr. a({href=>"/"}, "Home"); # Very Basic Home link
my $MESSAGE = <<EOM;
Enter your username, current password, and new password (twice for
verification) then click on Change Password. Passwords must be
at least 6 characters and can be mixed case.
EOM
# ** End of Configurable Parameters (unless you're a Perl hacker) **
# --------------------------------------------------------------------------
my $host = param('host') || $DEFAULTHOST;
my $username = param('username');
my $password = param('password');
my $newpassword1 = param('newpassword1');
my $newpassword2 = param('newpassword2');
my $msg;
# --------------------------------------------------------------------------
print header,
start_html(-title=>$TITLE,
-author=>$AUTHOR,
-base=>'true',
-meta=>{'copyright'=>$COPYRIGHT});
print CGI::Dump() if $DEBUG;
if(!param()) {
showform();
} else {
error_exit("You must supply a Username")
if (!$username);
error_exit("New Passwords do not match")
if ($newpassword1 ne $newpassword2);
error_exit("The New Password can not be blank")
if length($newpassword1) == 0;
my $newpassword = $newpassword1;
error_exit("New Password can not contain spaces")
if $newpassword =~ / /;
error_exit ("Password must be six or more characters")
if length($newpassword) < 6;
if(poppass($host, $username, $password, $newpassword)) {
print p, center(h2("Password Changed Successfully")), "\n";
} else {
error_exit($msg);
}
print hr, "<I>Be sure to change your password in both your dialer" .
" and E-mail programs</I>";
}
print $HOME, end_html;
# --------------------------------------------------------------------------
# Subroutines
# --------------------------------------------------------------------------
sub showform {
my @p;
if (remote_user) {
@p = (hidden('username', remote_user), remote_user);
} else {
@p = (textfield('username', '', 25));
}
print p, blockquote(center(h2('Change Password')), hr,
$MESSAGE, hr, pre(start_form(),
"<b> Username: </b>", @p, "\n",
"<b> Old Password: </b>", password_field('password','', 25), "\n",
"<b> New Password: </b>", password_field('newpassword1','',25),"\n",
"<b>Verify New Password: </b>", password_field('newpassword2','',25),"\n\n",
submit('action','Change Password'),
end_form)), "\n";
}
# --------------------------------------------------------------------------
sub error_exit {
my($msg) = @_;
print h1("Error:"), h2($msg), hr,
"Return to the previous page and make the necessary corrections",
$HOME, end_html;
exit;
}
# --------------------------------------------------------------------------
# Change the password using service poppassd at port 106
#
sub poppass
{
my($host, $username, $password, $newpassword) = @_;
my ($status, $socket) = 0;
eval {
sub popout {
my $str = shift;
print $socket "$str\n";
print "$str <br>\n" if $DEBUG;
}
use IO::Socket::INET;
$socket = IO::Socket::INET->new(
PeerAddr => $host,
PeerPort => 106,
Proto => 'tcp',
Type => SOCK_STREAM) or
( $msg = "No Response from poppass server:$@\n", return $status = 0 );
my $seq = 0;
while ($_ = <$socket>) {
s/\n//g;
s/\r//g;
print "$_ <br>\n" if $DEBUG;
/^500/ && ( s/^500//, $msg = $_, $status = undef, last );
! /^200/ && ( $msg = "No Response from server", $status = 0, last );
++$seq;
$seq == 1 && (popout("USER $username"), next );
$seq == 2 && (popout("PASS $password"), next );
$seq == 3 && (popout("NEWPASS $newpassword"), next );
$seq == 4 && ($msg = "Password successfully changed",
$status = 1, popout("QUIT"), last );
}
close($socket);
}; #eval
if ($@) {
($msg) = split(/:/, $@);
$msg =~ /[Tt]imeout/ && ($msg = "poppassd server not responding, try again later.");
$status = 0;
}
return $status;
}
|