Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CGI shell script using bash 3

Status
Not open for further replies.

raggmopp

MIS
Feb 14, 2002
40
US
Hi all:

Got a task to have end users change their samba passwd from a web page. I would like to use perl but having hacked and tried for the last few days, I am not getting anywhere. I have gotten farther using bash.

The end users are CLI illerteriate, if it isn't on windoze or a web page they are lost. The need for this is coming as a result of WIN7 putting in another level of authentication for samba and it will not allow for blank passwds. (It will, but research I have done says it is a registry change.)

The system that has the smbpasswd is a RH5 system with apache.

I have searched for something similar but to no avail, all I can find are programs that change the LDAP, NIS, AD, & samba passwds - but all I want (need) is to change the samba passwd. Nothing else. Nothing complex, just plug the user entered values into the smbpasswd command, being called by sudo. But I cannot seem to get the user entered values to populate the sam_chg script.

Here is what I have;

#!/bin/bash
echo "Content-type: text/html"

echo ""
echo "<html><head><title>Change CIFS password</title></head><body>"
echo ""
printf '<h1>CIFS passwd change</h1>'
echo ""
echo "Today is $(date '+%Y-%B-%d %H:%M:%S')"
echo ""
printf '<h3>Enter your username: <input type="text" name="username" size="20" /></h3>'
printf '<h3>Enter your old password: <input type="text" name="old_pass" size="20" /></h3>'
printf '<h3>Enter your new password: <input type="text" name="new_pass1" size="20" /></h3>'
printf '<h3>Re-Enter your new password: <input type="text" name="new_pass2" size="20" /></h3>'
echo ""
echo "<input type="Submit" name="submit" value="submit form" />"
echo "<form action="sam_chg.bsh" method="POST">"
echo ""
echo "</form>"
echo "</body></html>"

The sam_chg.bsh contains the following;

#!/bin/bash
printf "$2\n$3\n$4\n" | /usr/bin/sudo /usr/bin/smbpasswd $1

Any help, please?


Thanks!
 
Hi

I strongly encourage you to forget this idea. If you not know how CGI works, is dangerous to write one in shell script.

Anyway, neither your HTML is correct. Your [tt]form[/tt] has no [tt]input[/tt], so even if you manage to submit it, the CGI script will receive nothing.

The CGI scripts receive the submitted data according to the method :
[ul]
[li]GET parameters in the [tt]QUERY_STRING[/tt] environment variable[/li]
[li]POST data on the standard input[/li]
[/ul]
So [tt]$1[/tt] and similar variables are not set. You have to split up the data and decode as necessary.

Beside that, there is no sign that the username will be retrieved from anywhere to pass it to [tt]smbpasswd[/tt].

Better take a look at the [tt]CGI[/tt] Perl module. It will save you from some work and your system from some possible vulnerabilities.


Feherke.
 
Raggmopp,

I would tend to agree with Feherke's warning about using shell scripts for CGI, but in the interest of figuring things out [and taking note of what feherke says about POST], I believe what you need is to "read" the data you are looking for from standard input.

Something like this:
Code:
#!/bin/bash
read Username
read Old_pswd
read New_pswd
read Confirm_pswd
printf "$Old_pswd\n$New_pswd\n$Confirm_pswd\n" | /usr/bin/sudo /usr/bin/smbpasswd $Username

Code what you mean,
and mean what you code!
But by all means post your code!

Razalas
 
Hi

Razalas, the truth is more complicated. For example a [tt]form[/tt] like this :
Code:
[b]<form[/b] [maroon]action[/maroon][teal]=[/teal][green][i]"sam_chg.bsh"[/i][/green] [maroon]method[/maroon][teal]=[/teal][green][i]"post"[/i][/green][b]>[/b]
[b]<input[/b] [maroon]type[/maroon][teal]=[/teal][green][i]"text"[/i][/green] [maroon]name[/maroon][teal]=[/teal][green][i]"user"[/i][/green] [maroon]value[/maroon][teal]=[/teal][green][i]"joe"[/i][/green][b]>[/b]
[b]<input[/b] [maroon]type[/maroon][teal]=[/teal][green][i]"password"[/i][/green] [maroon]name[/maroon][teal]=[/teal][green][i]"pass"[/i][/green] [maroon]value[/maroon][teal]=[/teal][green][i]"v3ry s&cr∑t"[/i][/green][b]>[/b]
[b]<input[/b] [maroon]type[/maroon][teal]=[/teal][green][i]"submit"[/i][/green][b]>[/b]
[b]</form>[/b]
Will be submitted like this :
Code:
www-form-urlencoded[/URL] )]
user=foo&pass=v3ry+s%26cr%26%238721%3Bt
See ? Name-value pairs separated by equal signs ( = ), enumerated separated with ampersand ( & ). And all data urlencoded.

If you specify multipart/form-data in the [tt]form[/tt]'s [tt]enctype[/tt] attribute, the data format changes :
Code:
-----------------------------945152246229792556967445872
Content-Disposition: form-data; name="user"

joe
-----------------------------945152246229792556967445872
Content-Disposition: form-data; name="pass"

v3ry s&cr&#8721;t
-----------------------------945152246229792556967445872--
Less encoding, but uglier structure. I prefer the first one. With some processing is easy to populate an array with the data :
Code:
[navy]IFS[/navy][teal]=[/teal][green][i]'&;'[/i][/green] [b]read[/b] -r -a data

[b]declare[/b] -A post

[b]for[/b] one [b]in[/b] [green][i]"${data[@]}"[/i][/green][teal];[/teal] [b]do[/b]
  [navy]IFS[/navy][teal]=[/teal][green][i]'='[/i][/green] [b]read[/b] -r key val [teal]<<<[/teal] [green][i]"$one"[/i][/green]
  [navy]val[/navy][teal]=[/teal][green][i]"${val//+/ }"[/i][/green]
  [b]printf[/b] -v val [green][i]'%b'[/i][/green] [green][i]"${val//%/[/i][/green][lime][i]\\[/i][/lime][green][i]x}"[/i][/green]
  post[teal][[/teal][green][i]"${key//+/ }"[/i][/green][teal]]=[/teal][green][i]"$val"[/i][/green]
[b]done[/b]
The weak point is the character encoding. You can use [tt]recode[/tt] or [tt]iconv[/tt], but I had no constant luck with them. Using UTF-8 is more stable.

Then you can reach the data like this :
Bash:
[b]printf[/b] [green][i]'%s[/i][/green][lime][i]\n[/i][/lime][green][i]%s[/i][/green][lime][i]\n[/i][/lime][green][i]%s[/i][/green][lime][i]\n[/i][/lime][green][i]'[/i][/green] [green][i]"${post[pass]}"[/i][/green] [green][i]"${post[pass]}"[/i][/green] [green][i]"${post[pass]}"[/i][/green] [teal]|[/teal] /usr/bin/sudo /usr/bin/smbpasswd [green][i]"${post[user]}"[/i][/green]
( Of course, you will add more fields for the old password's two copies and will use their appropriate names. But pass them as arguments, do not include them in the format string. Otherwise having a percent sign ( % ) in the password will make the parsing to fail. )


Feherke.
 
Hi

Forgot to mention another weakness of the above data manipulation : as Bash is unable to handle multidimensional arrays, it is not possible to simply and reliably handle multiple values submitted for the same field name. A relative simple workaround would imply the use of [tt]eval[/tt], the ugly builtin I was able to happily avoid since Bash 4 introduced associative arrays.


Feherke.
 
Feherke

thanks for the informative reply. Catch a star!

Code what you mean,
and mean what you code!
But by all means post your code!

Razalas
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top