This is a maintenance release to correct a minor bug in the autoresponse
code introduced in 2.1.0
Download: http://www.courier-mta.org/download.php#sqwebmail
---
The following script attempts to change the system password
non-interactively. The goal is to clean up password changing so that it
updates the actual authentication password, instead of using the
sqwebmail-webpass hack, so that it can go away completely. The stumbling
block has been changing the system password, other authentication modules
are rather straightforward. It is necessary to be able to change the
password non-interactively. Scribbling over /etc/shadow directly is
something that doesn't appear to be rather palatable.
The following script uses expect, which should be available on most systems
(http://expect.nist.gov/), to frob the system's passwd command. The script
reads "oldpasswd<newline>newpasswd<newline>", then attempts to change the
password of the account running this script.
Hopefully, most people will find that this script works. The script is
going to work only in the C locale. I don't expect it to work in other
locales, which is fine since I'll simply reset the current locale to C,
before running it.
This script should pretty much wrap up shadow, passwd, and pam. Then, code
needs to be written for userdb, ldap, and mysql, and that's it. There's
already passwd change code for vpopmail.
--
#!/usr/bin/expect -f
#
# This script attempts to change a system account password in an automated
# fashion. This implemention is an "expect" script for the passwd command.
#
# This script reads two lines of text from stdin: old password, new password
# then runs the passwd command to change the password, and we attempt to parse
# the output of passwd.
#
# This implementation is for the basic "passwd" command. If it doesn't work
# for you, sorry: you're on your own. Some common pitfalls:
#
# * Enhanced passwd implementations that reject passwords based on dictionary
# words, etc.. This can result in unexpected output from the passwd command
# that this script may not be able to handle. We attempt to catch the most
# common error messages, below. Finally, we use a 30 second timeout.
#
# * I dunno - there must be other problems with this.
#
set timeout 30
expect {
-re "(.*)\n" { set oldpass "$expect_out(1,string)" }
eof { exit 1 }
timeout { exit 1 }
}
expect {
-re "(.*)\n" { set newpass "$expect_out(1,string)" }
eof { exit 1 }
timeout { exit 1 }
}
spawn "passwd"
expect {
-re "word:" { sleep 2; send "$oldpass\n" }
eof { exit 1 }
timeout { exit 1 }
}
expect {
-re "nvalid" { exit 1 }
-re "word:" { sleep 2; send "$newpass\n" }
eof { exit 1 }
timeout { exit 1 }
}
expect {
-re "nvalid" { exit 1 }
-re "NVALID" { exit 1 }
-re "bad pass" { exit 1 }
-re "BAD PASS" { exit 1 }
-re "dictionary" { exit 1 }
-re "common" { exit 1 }
-re "short" { exit 1 }
-re "word:" { sleep 2; send "$newpass\n" }
eof { exit 1 }
timeout { exit 1 }
}
expect {
-re "nvalid" { exit 1 }
-re "nchange" { exit 1 }
-re "same" { exit 1 }
eof { exit 0 }
timeout { exit 1 }
}
exit 1
