#!/usr/local/bin/perl # passwd replacement for solaris < 10 # try to make users select a stronger password # copyright 2009.05.04 jeremy kister http://jeremy.kister.net./ # v2009061901 # to install, simply: # mv /usr/bin/passwd /usr/bin/passwd.orig # chmod 0 /usr/bin/passwd.orig # mv passwd.pl /usr/bin/passwd # chown root:sys /usr/bin/passwd # chmod 6555 /usr/bin/passwd # # set CRYPT_DEFAULT=1 in /etc/security/policy.conf use strict; use IO::Socket::SSL; my $DEBUG = 1; $SIG{INT} = $SIG{QUIT} = $SIG{HUP} = sub { cleanup(); }; if($DEBUG){ $IO::Socket::SSL::DEBUG = 1; } my $sock = IO::Socket::SSL->new( Listen => 5, LocalAddr => '0.0.0.0', LocalPort => 269 Proto => 'tcp', Reuse => 1, SSL_verify_mode => 0x01, ); unless($sock){ debug( "unable to create socket: ", &IO::Socket::SSL::errstr ); exit(0); } debug( "socket created: ($sock)" ); while(1){ debug( "waiting for connection." ); while( my $s = $sock->accept() ){ open(TSTMP, ">/etc/stmp.$$") || die "cannot write to /etc/stmp.$$: $!\n"; close TSTMP; chmod(0600, "/etc/stmp.$$") || die "cannot set file mode on /etc/stmp.$$: $!\n"; my $have_link; for(1..5){ if( link("/etc/stmp.$$", "/etc/stmp") ){ $have_link = 1; last; }else{ sleep 2; } } unless($have_link){ print "passwd: Sorry, could not obtain stmp lock.\n"; exit_evil(); } open(SHADOW, "/etc/shadow") || die "cannot read shadow file: $!\n"; my @shadow = ; close SHADOW; open(STMP, ">>/etc/stmp") || die "could not append to stmp: $!\n"; foreach(@shadow){ if(/^$user:/){ print STMP "${user}:${ncrypt}:${days}::::::\n"; }else{ print STMP; } } close STMP; rename("/etc/stmp","/etc/shadow") || die "cannot rename stmp to shadow: $!\n"; unlink("/etc/stmp.$$") || die "cannot unlink stmp.$$: $!\n"; chmod(0400, "/etc/shadow") || die "cannot set file mode on /etc/shadow: $!\n"; system("cd /var/yp ; /usr/local/bin/make >/dev/null 2>&1"); }else{ print "passwd: Sorry, wrong passwd\n"; cleanup(); } sub cleanup { unlink("/etc/stmp.$$"); unlink("/etc/stmp") if($have_link); } sub debug { my $msg = join('', @_); warn "$msg\n" if($DEBUG); }