#!/bin/sh -e # # Password Battler Version 2, for LDAP # # Prerequiste: ldapsearch # Prerequiste: battlerV2 # # $Id: passwdbattler.in,v 1.21 2021/05/16 07:09:55 kabe Exp $ ## if autodetection does not work, set them manually as below #: ${LDAPBASE:='dc=example,dc=ac,dc=jp'} #: ${LDAPURI:='ldap://ldap.example.ac.jp'} #export LDAPBASE LDAPURI ## set these if LDAP server won't accept anonymous bind #: ${LDAPBINDDN="CN=ldapbind,CN=Users,${LDAPBASE}"} #: ${LDAPBINDPW='password'} ## set these if LDAP server urges TLS encryption #Z=-Z export LDAPTLS_REQCERT=never # detect binary, if _BATTLERV2 test environ is not defined if [ -z "$_BATTLERV2" ]; then test -x @LIBEXECDIR@/battlerV2 && BATTLER=@LIBEXECDIR@/battlerV2 else test -x "$_BATTLERV2" && BATTLER="$_BATTLERV2" fi ## last resort [ ! -x "$BATTLER" ] && BATTLER=`dirname $0`/battlerV2 if [ ! -x "$BATTLER" ]; then echo Cannot find libexec/battlerV2 binary. Abort. >&2 exit 1 fi # read settings test -r @ETCDIR@/pwbrc && . @ETCDIR@/pwbrc if [ ! -z "$HOME" -a -r "$HOME/.pwbrc" ]; then # user defined, if bind password is private . "$HOME/.pwbrc" fi # last resort or testing in source directory if [ -z "$LDAPURI" -o -z "$LDAPBASE" ]; then if [ -r `dirname $0`/pwbrc ]; then . `dirname $0`/pwbrc fi fi # test for mandatory settings if [ -z "$LDAPURI" -o -z "$LDAPBASE" ]; then echo ERROR: mandatory LDAPURI or LDAPBASE is not set. echo Invoke passwdbattler-genrc to generate the pwbrc setting file. exit 1 fi ## stream LDIF to Ldif2UidScore () { awk ' /^sAMAccountName:/{uid=$2;next} /^uid:/{uid=$2} /^pwdLastSet:/{c=$2} /^entryCSN:/{c=$2} /^$/&&uid!=""&&c!=""&&c!=0{ print uid,c uid="";c="" } ' | #while read uid c; do # echo $uid `${BATTLER} "$c"` #done ${BATTLER} #no arg; use stream mode } ScoreOf () { set -- `ldapsearch -x -LL ${Z} ${LDAPBINDDN+-D} $LDAPBINDDN ${LDAPBINDPW+-w} ${LDAPBINDPW} \ '(|(uid='${1}')(&(sAMAccountName='${1}')(|(userAccountControl=512)(userAccountControl=544))))' \ uid entryCSN sAMAccountName pwdLastSet | Ldif2UidScore` if [ $# -lt 2 ]; then # user not found return 1 fi echo "$2" } ## LOGNAME should have been set in POSIX, but whatever : ${LOGNAME:=${USER}} : ${LOGNAME:=`id -nu`} : ${LOGNAME:=`whoami`} case "$1" in -CHAMP) LTMP=/tmp/ltmp$$.out trap "rm $LTMP" 0 1 2 15 ldapsearch -x -LL ${Z} ${LDAPBINDDN+-D} $LDAPBINDDN ${LDAPBINDPW+-w} ${LDAPBINDPW} \ -E pr=1000/noprompt \ '(|(uid=*)(&(objectClass=user)(!(objectClass=computer))(|(userAccountControl=512)(userAccountControl=544))))' \ uid entryCSN sAMAccountName pwdLastSet | Ldif2UidScore | sort -k 2nbr > $LTMP { read uid s; set x $uid $s; shift read uid s; set "$@" $uid $s read uid s; set "$@" $uid $s echo "BEST3:" "$@" } < $LTMP tail -3 $LTMP | { read uid s; set x $uid $s ; shift read uid s; set x $uid $s "$@"; shift read uid s; set x $uid $s "$@"; shift echo "WORST3:" "$@" } rm $LTMP trap 0 1 2 15 ;; -MATCH) ENEMY="$2" ENESCO=`ScoreOf ${ENEMY}` MYSCO=`ScoreOf ${LOGNAME}` if [ "$MYSCO" -gt "$ENESCO" ]; then echo "YOU WIN." else echo "YOU DIED." exit 2 fi ;; -HISTO) if MYSCO=`ScoreOf ${LOGNAME}`; then :; else MYSCO=0 echo WARNING: you are not an LDAP user. Your score unknown. fi ldapsearch -x -LL ${Z} ${LDAPBINDDN+-D} $LDAPBINDDN ${LDAPBINDPW+-w} ${LDAPBINDPW} \ -E pr=1000/noprompt \ '(|(uid=*)(&(objectClass=user)(!(objectClass=computer))(|(userAccountControl=512)(userAccountControl=544))))' \ uid entryCSN sAMAccountName pwdLastSet | Ldif2UidScore | awk -v mysco=$MYSCO ' BEGIN{min=99999;max=0;} $2max{max=$2} {h[int($2)]++} END{ xmax=0 ymin=int(min/1000)*1000 ystep=int((max-min)/20/100)*100 # get xmax first for(y=ymin;y<=max;y+=ystep){ x=0; for(yy=y;yy<(y+ystep);yy++)x+=h[yy]; if(x>xmax)xmax=x; } xscale=1.0; if (xmax>70)xscale=70.0/xmax # plot for(y=ymin;y<=max;y+=ystep){ x=0; for(yy=y;yy<(y+ystep);yy++)x+=h[yy]; if (mysco!=0 && y<=mysco && mysco<(y+ystep)) { # counts lower than me lo=0 for(yy=y;yy