File Coverage

blib/lib/App/LDAP/Command/Passwd.pm

Criterion	Covered	Total	%
statement	4	6	66.6
branch			n/a
condition			n/a
subroutine	2	2	100.0
pod			n/a
total	6	8	75.0

line	stmt	sub	time	code
1				package App::LDAP::Command::Passwd;
2
3	1	1	5	use Modern::Perl;
	1		1
	1		9
4
5	1	1	660	use Moose;
	0
	0
6
7				with qw( App::LDAP::Role::Command
8				App::LDAP::Role::Bindable );
9
10				has lock => (
11				is => "rw",
12				isa => "Bool",
13				);
14
15				has unlock => (
16				is => "rw",
17				isa => "Bool",
18				);
19
20				sub run {
21				my ($self,) = @_;
22
23				my $name = $self->extra_argv->[1];
24
25				my $user = $name ? find_user(uid => $name) : current_user();
26
27				if ( $< == 0 ) {
28				$self->distinguish->($user);
29				} else {
30				if ($name and ( find_user(uid => $name)->dn ne current_user->dn ) ) {
31				die "you may not view or modify password information for " . $user->dn;
32				}
33				$self->distinguish->($user);
34				}
35				}
36
37				sub distinguish {
38				my $self = shift;
39
40				if ($self->lock && $self->unlock) {
41				say "I'm dazzled with your key :p";
42				exit;
43				}
44
45				if ($self->unlock) {
46				return \&unlock_user if $> == 0;
47				die "Permission denied";
48				}
49
50				if ($self->lock) {
51				return \&lock_user if $> == 0;
52				die "Permission denied";
53				}
54				return \&change_password;
55				}
56
57				sub change_password {
58				my $user = shift;
59				use Date::Calc qw(Today Delta_Days);
60				$user->replace(
61				userPassword => encrypt(new_password()),
62				shadowLastChange => Delta_Days(1970, 1, 1, Today()),
63				)->update(ldap());
64				}
65
66				sub lock_user {
67				my $user = shift;
68				my $password = $user->get_value("userPassword");
69
70				$password =~ s{{crypt}\$}{{crypt}!\$};
71
72				$user->replace(
73				userPassword => $password,
74				)->update(ldap());
75				}
76
77				sub unlock_user {
78				my $user = shift;
79				my $password = $user->get_value("userPassword");
80
81				$password =~ s{{crypt}!\$}{{crypt}\$};
82
83				$user->replace(
84				userPassword => $password,
85				)->update(ldap());
86				}
87
88				use Net::LDAP;
89				use Net::LDAP::Extension::WhoAmI;
90				sub current_user {
91				my $dn = ldap()->who_am_i->response;
92				$dn =~ s{dn:}{};
93
94				my $search = ldap()->search(
95				base => $dn,
96				scope => "base",
97				filter => "objectClass=*",
98				);
99
100				if ($search->count > 0) {
101				return $search->entry(0);
102				} else {
103				die "$dn not found";
104				}
105				}
106
107				__PACKAGE__->meta->make_immutable;
108				no Moose;
109
110				1;
111
112				=pod
113
114				=head1 NAME
115
116				App::LDAP::Command::Passwd - manage the password in LDAP server
117
118				=head1 SYNOPSIS
119
120				$ ldap passwd # change your own password
121
122				$ sudo ldap passwd # change password of ldap admin
123
124				$ sudo ldap passwd shelling # sudo the privilege of admin to change password of shelling
125
126				$ sudo ldap passwd shelling -l # lock shelling
127
128				$ sudo ldap passwd shelling -u # unlock shelling
129
130				=cut
131