From jrml@dps.state.vt.us Thu Aug 17 16:27:17 1995 From: jrml@dps.state.vt.us (Jim McLean-Lipinski) Message-Id: <9508171426.AA04716@dps.state.vt.us> Subject: Re: Password generator To: ulla@Stupi.SE (Ulla Sandberg) Date: Thu, 17 Aug 1995 10:26:44 -0400 (EDT) In-Reply-To: from "Ulla Sandberg" at Aug 16, 95 03:33:09 pm X-Mailer: ELM [version 2.4 PL22] Content-Type: text Content-Length: 15219 > > > Thank you for answering my question. Yes, I will be grateful to > receive your scripts. > OOOOOPPS, forgot to send them, Sorry Well here they are -------------------------------------%<---------------------- Scripts to automate addition of users in NIS+ descred Expect script to allow for non interactive entry of DES credentials - NOTE: You must have the program "expect" for this to work homeservers Listing of NFS servers that are valid locations of home directories. new_user_nis+ Main script for adding new users pwgen Perl script to generate a psudo-random, yet pronounceable password. exppasswd Expect script for non interactive addition of passwords ---------------------%<-------------------------------------------------- #!/usr/local/bin/expect -f # descred # wrapper to non-interactively add des credentials set password [lindex $argv 3] set username [lindex $argv 1] set useruid [lindex $argv 2] # You will need to correctly set your domain name on the next line spawn nisaddcred -p unix.$useruid@MY.DOMAIN.COM -P $username.MY.DOMAIN.COM. des expect {*password:} send "$password\r" expect {*password:} send "$password\r" expect eof ---------------------%<-------------------------------------------------- # homeservers homeserver1 homeserver2 ---------------------%<-------------------------------------------------- #!/bin/sh # %W% # %G% %U% # new_user_nis+ - Add a new user and update naming services # # format of input file user_name:group:full_name:home_server:shell:mail_group # To be run only on master machine. At this time it is marshall # #set -x # Set up variables # Check for another user modifing files if [ -f /tmp/usrmod.lock ];then echo "Another user is currently modifing the system tables. Please try later" exit else touch /tmp/usrmod.lock fi # You will need to set some site specific variables in the next section NISPLUSDOMAIN=MY.DOMAIN.COM # Name of your NIS+ Domain PATH=/usr/bin:/usr/lib/nis:/usr/ucb:/usr/sbin MASTER=master # This is the hostname of the only machine this # should run on. NISPLUS_MASTER=rootmaster # This is the hostname of the NIS+ root master NIS_MASTER=nismaster # This is the hostname of the NIS master (if # you are running dual naming services MAIL_MASTER=mailhost # Hostname of main mail server GROUPFILE=/etc/group PASSWD=/etc/passwd PASSWDTMP=/var/tmp/passwd PASSWDTMPBSD=/var/tmp/passwd_bsd ALIASES=/etc/aliases ALIASESTMP=/var/tmp/aliases SHADOW=/etc/shadow SHADOWTMP=/var/tmp/shadow WELCOMEMSG=/var/adm/welcome.msg INPUT=/var/tmp/new_users; export INPUT NIS_GROUP=admin.$NISPLUSDOMAIN. # NIS+ Admin group name NIS_PATH=$NISPLUSDOMAIN.:org_dir.$NISPLUSDOMAIN.:group_dir.$NISPLUSDOMAIN. export NIS_GROUP NIS_PATH CREDSETUP=/var/tmp/.credsetup.$$ MAILSETUP=/var/tmp/.mailsetup.$$ MAILFILE=/var/tmp/.mail_$$ MAILTO=staff # This is who we want to notify when we add use DEFAULTSH=/bin/sh HOMESRVRS=/usr/local/adm/homeservers # File containing names of valid home # directory servers ########################################### LASTUID="`tail -1 ${PASSWD}|cut -f3 -d:`" # Preliminary error checks # Are you root #if [ "`whoami`x" != "root"x ]; then #echo "Not running as root" >&2 #exit 1 #fi # Is there an input file if [ ! -f ${INPUT} ];then echo "${INPUT} does not exist Running interactively">&2 INTERA="true" fi # Are you on MASTER if [ "${MASTER}" != "`hostname`" ];then echo "$0 not running on ${MASTER}">&2 rm /tmp/usrmod.lock exit 1 fi # Allow interactive additions if [ "$1" = "-i" ];then INTERA="true" fi if [ "$INTERA" = "true" ]; then clear ADDMORE="true" while [ "${ADDMORE}" = "true" ] do clear echo "User Name: \c" read UNAME echo "Group: \c" read GROUP echo "Fullname: \c" read FULLNAME echo "Home Server: \c" read HOME echo "Shell: \c" read SHELL echo "Mail Group: \c" read MAILGRP echo "${UNAME}:${GROUP}:${FULLNAME}:${HOME}:${SHELL}:${MAILGRP}:">>${INPUT} echo "Add another (Y/N)? \c" read CONT case $CONT in Y) ADDMORE="true" ;; y) ADDMORE="true" ;; *) ADDMORE="false" ;; esac done fi # Build preliminary update files echo "#!/bin/sh">${PASSWDTMP} echo "#!/bin/sh">${PASSWDTMPBSD} echo "cp /etc/passwd /var/adm/passwd.save.$$">>${PASSWDTMPBSD} echo "#!/bin/sh">${SHADOWTMP} echo "#!/bin/sh">${ALIASESTMP} echo "#!/bin/sh">${MAILSETUP} echo "Results of $0 run at `date`">${MAILFILE} # Begin processing INPUT file awk ' { print $0 }' ${INPUT}| while read LINE; do echo "Processing ${LINE}">>${MAILFILE} ERROR="false" # Parse out line UNAME="`echo ${LINE}|cut -f1 -d:`" UGROUP="`echo ${LINE}|cut -f2 -d:`" UFULLNAME="`echo ${LINE}|cut -f3 -d:`" UHOME="`echo ${LINE}|cut -f4 -d:`" SHELL="`echo ${LINE}|cut -f5 -d:`" MAILGRP="`echo ${LINE}|cut -f6 -d:`" # Assign UID UID=`expr ${LASTUID} + 1` while grep -s ".*:.*:${UID}:" ${PASSWD} ; do UID=`expr ${UID} + 1` done LASTUID=${UID} # Validate variables # UNAME if grep -s "^${UNAME}:" ${PASSWD} ; then echo "$$: ERROR: ${UNAME} already in ${PASSWD}">>${MAILFILE} ERROR="true" fi # UGROUP if [ `grep -s "^${UGROUP}:" ${GROUPFILE}` ]; then GID=`grep "^${UGROUP}" ${GROUPFILE} | cut -f3 -d:` else echo "${UGROUP} is not in ${GROUPFILE}">>${MAILFILE} ERROR="true" fi # UHOME if [ "`ping ${UHOME} |grep alive`" ];then if [ "`cat ${HOMESRVRS}|grep ${UHOME}`" ];then HOMEDIR=/home/${UHOME}/${UNAME} else echo "${UHOME} is not a valid homeserver.">>${MAILFILE} ERROR="true" fi else if [ "`cat ${HOMESRVRS}|grep ${UHOME}`" ];then echo "${UHOME} is not responding.">>${MAILFILE} ERROR="true" else echo "${UHOME} is not a valid homeserver.">>${MAILFILE} ERROR="true" fi fi # USHELL if [ "0${USHELL}" = "0" ];then USHELL=${DEFAULTSH} else if test ! -x ${USHELL} ; then echo "${SHELL} does not exist or is not executable">>${MAILFILE} ERROR="true" fi fi # At some point need to add mail groups # Error handling if [ "${ERROR}" = "true" ];then echo "${LINE} not added due to errors">>${MAILFILE} else # Add the name # Build name service entries # Create a file that when executed will build name service entry # /etc files echo "echo \"${UNAME}:x:${UID}:${GID}:${UFULLNAME}:${HOMEDIR}:${SHELL}\"">>${PASSWDTMP} echo "echo \"${UNAME}::${UID}:${GID}:${UFULLNAME}:${HOMEDIR}:${SHELL}\">>/etc/passwd">>${PASSWDTMPBSD} # 8736 is an arbitrary #. Code should be added to set it correctly echo "echo \"${UNAME}::8736::::::\"">>${SHADOWTMP} echo "echo \"${UNAME}:${UNAME}@$MAIL_MASTER\"">>${ALIASESTMP} echo "${UFULLNAME} has been added as a user. Login name will be ${UNAME},">>${MAILFILE} echo "UID is ${UID}, GID is ${GID}, and home directory is ${HOMEDIR}">>${MAILFILE} # Set up NIS+ credentials # Create a file to be read when adding credentials echo "${UNAME}:${UID}">>${CREDSETUP} # Set up mail echo "echo \"Welcome to the VIBRS system. For help send email to staff\" |mail ${UNAME}">>${MAILSETUP} fi ERROR="false" done if [ "0" = "0`sh ${PASSWDTMP}`" ];then echo "No users were added. $0 exiting at `date`">>$MAILFILE cat ${MAILFILE} |mail ${MAILTO} # Clean up /bin/rm -f ${PASSWDTMP} /bin/rm -f ${PASSWDTMP}_1 /bin/rm -f ${PASSWDTMPBSD} /bin/rm -f ${SHADOWTMP} /bin/rm -f ${ALIASESTMP} mv ${INPUT} ${INPUT}.$$ /bin/rm -f ${MAILFILE} rm /tmp/usrmod.lock exit 1 fi # Update /etc files echo "Updating /etc files on ${MASTER}">>$MAILFILE cp /etc/passwd /var/adm/passwd.save.$$ cp /etc/shadow /var/adm/shadow.save.$$ cp /etc/aliases /var/adm/aliases.save.$$ sh ${PASSWDTMP}>>/etc/passwd sh ${SHADOWTMP}>>/etc/shadow sh ${ALIASESTMP}>>/etc/aliases rcp -p ${ALIASES} $MAIL_MASTER:/etc/aliases # Update NIS+ echo "Updating NIS+ on ${MASTER}">>$MAILFILE sh ${PASSWDTMP}|nisaddent -a passwd sh ${SHADOWTMP}|nisaddent -a shadow sh ${ALIASESTMP}|nisaddent -a aliases nisping -C # Add NIS+ credentials NISDOM="$NISPLUSDOMAIN." awk ' { print $0 }' ${CREDSETUP}| while read LINE; do UNAME="`echo ${LINE}|cut -d: -f1`" UID="`echo ${LINE}|cut -d: -f2`" # Local # set password to be username and then expire it # This should be replace by a password generator /usr/local/adm/exppasswd ${UNAME} ${UNAME} #nispasswd -f ${UNAME} echo "Adding local credentials ">>${MAILFILE} nisaddcred -p ${UID} -P ${UNAME}.${NISDOM} local # Check to see if they have been added if [ "0" = "0`nismatch ${UNAME}.${NISDOM} cred|grep LOCAL`" ] then echo " ERROR: LOCAL credentials not created for ${UNAME}">>${MAILFILE} else echo " SUCCESS: LOCAL credentials created for ${UNAME}">>${MAILFILE} fi echo "Adding DES credentials ">>${MAILFILE} /usr/local/adm/descred ${UNAME} ${UID} ${UNAME} # Check to see if they have been added if [ "0" = "0`nismatch ${UNAME}.${NISDOM} cred|grep DES`" ] then echo " ERROR: DES credentials not created for ${UNAME}">>${MAILFILE} else echo " SUCCESS: DES credentials created for ${UNAME}">>${MAILFILE} fi done # Update NIS echo "cd /var/yp">>${PASSWDTMPBSD} echo "/usr/bin/make">>${PASSWDTMPBSD} if [ "`ping ${NIS_MASTER} |grep alive`" ];then echo "Updating NIS on ${NIS_MASTER}">>$MAILFILE rcp -p ${PASSWDTMPBSD} ${NIS_MASTER}:/tmp/passwdbsd rcp -p ${ALIASES} ${NIS_MASTER}:/etc/aliases rsh ${NIS_MASTER} sh /tmp/passwdbsd else echo "${NIS_MASTER} is not responding. NIS not updated!">>${MAILFILE} fi # Update mail if [ "`ping ${MAIL_MASTER} |grep alive`" ];then rcp -p ${ALIASES} $MAIL_MASTER:/etc/aliases chmod 555 ${MAILSETUP} rcp -p ${MAILSETUP} major:/var/tmp/.mailsetup rsh $MAIL_MASTER /var/tmp/.mailsetup /bin/rm -f ${MAILSETUP} echo "Mail has been setup for the new users">>${MAILFILE} else echo "${MAIL_MASTER} is not reachable at this time. ${MAILSETUP} has">>${MAILFILE} echo "been renamed to ${MAILSETUP}.${MAIL_SERVER}. You must manually transfer">>${MAILFILE} echo "this file to ${MAIL_SERVER} and run it to set up mail" >>${MAILFILE} mv ${MAILSETUP} ${MAILSETUP}.${MAIL_SERVER} fi # Make home directories by creating a file to send to each host on # which a home directory is to be created. This file will then be # processed by add_home_dir # Begin processing ${PASSWDTMP} file # Create 1 file of the users to be added for each server #awk ' { print $0 }' ${HOMESRVRS}| #while read HOME_SERVER;do HOMESERVERS=`cat ${HOMESRVRS}` for HOME_SERVER in ${HOMESERVERS};do echo "Checking for users being added to ${HOME_SERVER}">>${MAILFILE} if [ -f ${PASSWDTMP}_1 ];then /bin/rm -f ${PASSWDTMP}_1 fi sh ${PASSWDTMP}|grep "/${HOME_SERVER}/">${PASSWDTMP}_1 if [ "0" != "0`cat ${PASSWDTMP}_1`" ];then if [ "`ping ${HOME_SERVER} |grep alive`" ];then echo "Transfering .new_user_list to ${HOME_SERVER}">>${MAILFILE} rcp ${PASSWDTMP}_1 ${HOME_SERVER}:/export/home/${HOME_SERVER}/.new_user_list echo "Transfering skel files to ${HOME_SERVER}">>${MAILFILE} if [ "`rsh ${HOME_SERVER} ls -d /etc/skel/local`" != "/etc/skel/local" ];then rsh ${HOME_SERVER} mkdir /etc/skel rsh ${HOME_SERVER} mkdir /etc/skel/local fi rcp -p /etc/skel/local/* ${HOME_SERVER}:/etc/skel/local/ rcp -p /etc/skel/local/.* ${HOME_SERVER}:/etc/skel/local/ chmod 555 add_home_dir rcp -p add_home_dir ${HOME_SERVER}:/export/home/${HOME_SERVER} rsh ${HOME_SERVER} /export/home/${HOME_SERVER}/add_home_dir else echo "${HOME_SERVER} is not reachable at this time. .new_user_list has">>${MAILFILE} echo "been renamed to ${HOME_SERVER}.new_user_list.$$. You must manually transfer">>${MAILFILE} echo "this file to /export/home/${HOME_SERVER/.new_user_list on ${HOME_SERVER} and run">>${MAILFILE} echo "./add_home_dir to create the home directories">>${MAILFILE} mv .new_user_list ${HOME_SERVER}.new_user_list.$$ fi else echo "No users are to be added to ${HOME_SERVER}">>${MAILFILE} fi done # Put the word out echo "$0 done at `date`">>${MAILFILE} cat ${MAILFILE} |mail ${MAILTO} # Clean up #/bin/rm -f ${PASSWDTMP} #/bin/rm -f ${PASSWDTMP}_1 /bin/rm -f ${PASSWDTMPBSD} /bin/rm -f ${SHADOWTMP} /bin/rm -f ${ALIASESTMP} mv ${INPUT} ${INPUT}.$$ /bin/rm -f ${MAILFILE} /bin/rm -f /tmp/usrmod.lock rsh ${NIS_MASTER} /bin/rm -f /tmp/passwdbsd ---------------------%<-------------------------------------------------- #!/usr/local/bin/perl # pwgen # Build arrays of characters to be used @P1=('a','e','i','o','u','y','A','E','I','O','U','Y'); @P2=('b','c','d','f','g','h','j','k','l','m','n','p','q','r','s','t','v','w','x','z','B','C','D','F','G','H','J','K','L','M','N','P','Q','R','S','T','V','W','X','Z'); @P3=('1','2','3','4','5','6','7','8','9','0','~','!','$','%','^','&','*','+','-','_','=','<','>',';','|','/','?','[',']','{','}',',','(',')','.',':'); # Randomly shuffle arrays srand(time()%$$); srand(int(time()/$$)/rand($$/rand($$))); for ($i = 1; $i