rash & passwd
Tony Bates
Tue May 3 14:50:33 CEST 1994
Andrew Adams <ala at merit.edu> writes: * * Yep, this answers my question. (Sorry to drag you away from your vacation : * -( ). * * >Second, the guardian box is not integrated with the rest of the * >network, thus if it's broken, it doesn't mean the end of your * >network. * * I don't understand the above statement, though. * Not sure I do either but I'll leave that to Geert Jan. However, One other thing about rash. I told Dale I'd wrap up some script we use. Here they are in a small shar. If not clear what they do and are interested please ask me (offline of list I guess ;-)). --Tony. #! /bin/sh # This is a shell archive. Remove anything before this line, then unpack # it by saving it into a file and typing "sh file". To overwrite existing # files, type "sh file -c". You can also feed this as standard input via # unshar, or by typing "sh <file", e.g.. If this archive is complete, you # will see the following message at the end: # "End of shell archive." # Contents: enab genfiles genguard # Wrapped by tony at ns.ripe.net on Tue May 3 14:43:53 1994 PATH=/bin:/usr/bin:/usr/ucb ; export PATH if test -f enab -a "${1}" != "-c" ; then echo shar: Will not over-write existing file \"enab\" else echo shar: Extracting \"enab\" \(921 characters\) sed "s/^X//" >enab <<'END_OF_enab' X#!/local/bin/perl X# X# TB X# X# A well commented script. X$LOG="/nccfs3/dbase/newguard/log/enabled"; X$DATE=`date '+%y%m%d %T'`; Xchop($DATE); X$H="/home/guarded/home"; X$G="/nccfs3/dbase/guarded/as"; Xif($#ARGV ) { X print "usage: $0 account\n"; X exit 1; X} Xprintf STDOUT "Enabling the Guarded account $ARGV[0]\n"; Xsystem("passwd $ARGV[0]"); Xunlink "$H/$ARGV[0]/.autogen"; X$em = &getemail($ARGV[0]); Xprint "Enter new .forward address [$em] > "; Xwhile(<STDIN>) { X $ans = $_; X last if /$/; X} Xchop($ans); Xif($ans eq "") { X $ans = $em; X} Xsystem ("echo \"$ans\" > $H/$ARGV[0]/.forward"); Xopen (L,">$LOG") || warn "can't open logfile $!"; Xprint L "$DATE $ARGV[0]"; Xclose(L); Xsymlink("$H/$ARGV[0]/$ARGV[0]", "$G/$ARGV[0]"); Xprint STDOUT "The account is now enabled\n"; X Xsub getemail { X local($as) = @_; X open (WHOIS, "/local/bin/whois -r -F $as |"); X while (<WHOIS>) { X if(/(^\*gd:\ )(.*$)/) { X return $2; X } X next; X } X return ""; X} END_OF_enab if test 921 -ne `wc -c <enab`; then echo shar: \"enab\" unpacked with wrong size! fi chmod +x enab # end of overwriting check fi if test -f genfiles -a "${1}" != "-c" ; then echo shar: Will not over-write existing file \"genfiles\" else echo shar: Extracting \"genfiles\" \(1158 characters\) sed "s/^X//" >genfiles <<'END_OF_genfiles' X#!/local/bin/perl X# X# This builds the guarded files automagically X# X# TB X# Xrequire "getopts.pl"; X X&Getopts('v'); X$home = "/home/guarded/home/"; # The home extra / needed X$file = ".autogen"; # Needs to see this file X$magicdir = "/nccfs1/local/spool/ftppublic/ripe/as/router/asdir"; X$date = `date '+%y%m%d'`; chop($date); X X# X# Loop the loop !! X# Xopen (LS, "cd $home; /bin/ls |"); Xwhile(<LS>) { X chop; X $cur = $_; X next if (!-e "$home$cur/$file"); X if($opt_v) { X print "processing $cur\n"; X } X open (TMP, ">$home$cur/$cur.new") || warn "cant open $cur $!"; X rename("$home$cur/$cur", "$home$cur/$cur.old"); X chown((getpwnam($cur))[2], 30, "$home$cur/$cur.old"); X chmod (0644, "$home$cur/$cur.old"); X print TMP "#\n# File : $cur\n#\n"; X print TMP "#\n# This file was auto-generated for you on $date\n"; X print TMP "# by the RIPE Guarded Field File Generator\n#\n"; X $as = $cur; X #$as =~ s/as/AS/; X open(TMP2, "$magicdir/$as"); X while (<TMP2>) { X chop; X $in = $_; X printf TMP "$in\n"; X } X close(TMP2); X close(TMP); X rename("$home$cur/$cur.new", "$home$cur/$cur"); X chown ((getpwnam($cur))[2], 30, "$home$cur/$cur"); X chmod (0644, "$home$cur/$cur"); X} X END_OF_genfiles if test 1158 -ne `wc -c <genfiles`; then echo shar: \"genfiles\" unpacked with wrong size! fi chmod +x genfiles # end of overwriting check fi if test -f genguard -a "${1}" != "-c" ; then echo shar: Will not over-write existing file \"genguard\" else echo shar: Extracting \"genguard\" \(4431 characters\) sed "s/^X//" >genguard <<'END_OF_genguard' X#!/local/bin/perl X# X# This is the account builder. X# This will build an account that needs (or may need to be guarded at least). X# X# It is a perl script that builds and finally execs a shell script. X# X# This can be run in two modes every by reading a config or by passing a X# single (use -s arg) argument of "ASblah:GCOS" X# X# TB X# Xrequire "getopts.pl"; X# X$first = 14000; # This is the starting UID X # only needed for first gen X$commstart = 13000; X$asmacstart = 12000; X$first += 0; X$commstart + 0; X$asmacstart += 0; X$group = 30; # This is the GID X$home = "/home/guarded/./home/"; # The home extra / needed X$sh = "/local/bin/rash"; # The key to it all X$passwd = "/nccfs3/dbase/newguard/tmp/passwd.$$"; X$tmp = "/nccfs3/dbase/newguard/tmp/shell.$$"; X$profile = "/nccfs3/dbase/newguard/etc/profile"; X$forward = "/nccfs3/dbase/newguard/etc/forward"; X X X&Getopts('hvcms:'); X Xif ($opt_h) { X print STDOUT "Usage: genguard [-v] [-h] [config | -s \"ASnnn:GCOS\"]\n". X "Optional: [-m] for AS-macro\n". X " [-c] for community\n"; X exit 0; X} Xif ($opt_m && $opt_c) { X print STDOUT "Sorry - cant do an as-macro and community at the same time\n"; X exit 1; X} X$start = &getuid; Xif (!$start) { X if ($opt_m) { X $start = $asmacstart; X } elsif ($opt_c) { X $start = $commstart; X } else { X $start = $first; X } X} Xif ($opt_s) { X if ($opt_v) { X print STDOUT "Creating a single entry using \"$opt_s\"\n"; X } X open (FD, ">$passwd") || die "Can't open $passwd $!"; X if ($opt_m) { X if ($opt_s !~ /^[aA][sS]\-.*$/) { X print STDOUT "single entry has an error - exiting ! X\n"; X exit 1; X } X } elsif ($opt_c) { X if ($opt_s =~ /^[aA][sS].*$/) { X print STDOUT "single entry has an error - exiting ! X\n"; X exit 1; X } X } else { X if ($opt_s !~ /^[aA][sS]\d+:.*$/) { X print STDOUT "single entry has an error - exiting ! \n"; X exit 1; X } X } X if ($opt_v) { X print STDOUT "Creating password entry in $passwd\n"; X } X $line[0] =~ tr/a-z/A-Z/; X @line = split(/:/, $opt_s); X printf FD "%s:PASSWORD:%s:%s:%s:%s%s:%s\n", X $line[0], ++$start, $group, X $line[1], $home, $line[0], $sh; X $as{$line[0]} = 1; X} else { X if($#ARGV ) { X print STDOUT "No configfile given, assuming stdin\n"; X } X open (FD, ">$passwd") || die "Can't open $passwd $!"; X if ($opt_v) { X print STDOUT "Creating password entries in $passwd\n"; X } X while (<ARGV>) { X chop; X next if (/^#/); # Allow comments in the config; X if (/^[aA][sS]/) { X @line = split(/:/, $_); X $line[0] =~ tr/a-z/A-Z/; X printf FD "%s:PASSWORD:%s:%s:%s:%s%s:%s\n", X $line[0], ++$start, $group, X $line[1], $home, $line[0], $sh; X $as{$line[0]} = 1; X } X } X} Xprintf STDOUT "Password entr%s created in $passwd\n", $opt_s ? "y" : "ies"; Xif ($opt_v) { X print STDOUT "Creating script in $tmp\n"; X} X Xopen (SHELL, ">$tmp") || die "can't open shell script $tmp $!"; X printf SHELL "#!/bin/sh\n"; X if ($opt_v) { X printf SHELL "set -x\n\t# you asked for -v\n"; X } X Xforeach $j (keys %as) { X printf SHELL "mkdir $home$j\n"; X printf SHELL "chmod 755 $home$j\n"; X printf SHELL "cp $profile $home$j/.profile\n"; X printf SHELL "cp $forward $home$j/.forward\n"; X printf SHELL "chmod 600 $home$j/.forward\n"; X printf SHELL "chown $j $home$j/.forward\n"; X printf SHELL "touch $home$j/$j\n"; X printf SHELL "chown $j $home$j/$j\n"; X} Xif ($opt_v) { X print STDOUT "$tmp creation done\n"; X} Xprint STDOUT "Shell script created in $tmp\n"; Xprint STDOUT <<"E_O_F"; X** Now all you do is the following:- X** Edit the passwd file and include $passwd X** at the end of the file like... Xvipw X:\$r $passwd X:x X** Then run script $tmp like.... Xsh $tmp X** them remove the files... Xrm -i $tmp $passwd XE_O_F X Xsub getuid { X local(@line) = ""; X local(@uid) = ""; X open (PASS, "/etc/passwd") || die "can't open password file $!"; X while (<PASS>) { X @line = split (/:/, $_); X next if ($line[3] != 30); X $line[2] += 0; X if($opt_c) { X if($line[2] >= $commstart && $line[2] < $first ) { X @uid = (@uid, $line[2]) ; X } X } elsif ($opt_m) { X if($line[2] >= $asmacstart && $line[2] < $commstart ) { X @uid = (@uid, $line[2]) ; X } X } X else { X @uid = (@uid, $line[2]); X } X } X return (sort num @uid)[$#uid]; X} Xsub num { $a <=> $b; } X END_OF_genguard if test 4431 -ne `wc -c <genguard`; then echo shar: \"genguard\" unpacked with wrong size! fi chmod +x genguard # end of overwriting check fi echo shar: End of shell archive. exit 0 -------- Logged at Tue May 3 20:53:17 MET DST 1994 ---------
[ rr-impl Archive ]