#!/usr/bin/perl

$LDAP_BASE_DN        = "dc=muppet,dc=cs,dc=dixie,dc=edu";
$LDAP_USER_DN        = "ou=People,$LDAP_BASE_DN";
$LDAP_GROUP_DN       = "ou=Group,$LDAP_BASE_DN";
$LDAP_HOST           = "piggy.muppet.cs.dixie.edu";
$LDAP_MIN_UID        = "11000";
$LDAP_HOME_DIR       = "/home";
$LDAP_LOGIN_SHELL    = "/bin/bash";
$LDAP_ADMIN_DN       = "cn=admin,$LDAP_BASE_DN";
$LDAP_ADMIN_PASS     = "secret";

$LDAPSEARCH          = "/usr/bin/ldapsearch";
$LDAPADD             = "/usr/bin/ldapadd";
$LDAPMODIFY          = "/usr/bin/ldapmodify";
$LDAPDELETE          = "/usr/bin/ldapdelete";



@vars   = &get_information();
$entry  = &ldap_make_password_change_entry(@vars);

&ldap_modify($entry);

exit(0);

sub get_information
{
  my ($username, $password, $shadow_last);

  print "Username: ";
  chomp($username = <STDIN>);
  $password       = &get_password();
  $shadow_last    = &get_shadow_last_change();
  
  return ($username, $password, $shadow_last);
}

sub get_password()
{
  my($word, $word1, $word2, $salt);
  my($again);
  do
    {
      $again = 0;
      system "stty -echo >& /dev/null";
      print "        New Password: ";
      chomp($word1 = <STDIN>);
      print "\n";
      print "Confirm New Password: ";
      chomp($word2 = <STDIN>);
      print "\n";
      system "stty echo >& /dev/null";
      if($word1 ne $word2)
        {
	  print "The passwords did not match.\n";
	  $again ++;
        }
      local($n);
      $n = split(//, $word1);
      if($n < 6)
        {
	  print "Passwords must be at least 6 characters long.\n";
	  $again ++;
        }
      if(($word1 =~ /^[a-z]*$/) || ($word1 =~ /^[A-Z]*$/) ||
	 ($word1 =~ /^[0-9]*$/))
        {
	  print "Passwords must contain mixture of characters.\n";
	  print "Try using upper case, lower case, numeric ",
	  "and special characters.\n";
	  $again ++;
        }
    }
  while ($again > 0);
  $salt = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64];
  $word = "{crypt}" . crypt($word1, $salt);
#  $new_pass = $word1;
  $word1 = "xxxx";
  $word2 = "xxxx";
  return $word;
}

sub ldap_make_password_change_entry
{
  my ($username, $password, $shadow_last) = @_;
  my $entry =
  "dn: uid=$username,$LDAP_USER_DN
userPassword: $password
shadowLastChange: $shadow_last
";
  return $entry;
}
  
sub get_shadow_last_change()
{   # days since 1 Jan 1970 that the password was last changed
  my($word, $i);
  chomp($word = `date "+%s"`);
  $word /= (60*60*24);
  $i = int($word);
  return $i;
}

sub ldap_modify()
{
  my($entry) = @_;
  
  my($pid);
  my($fh);
  $pid = open($fh, "|-");
  if(!$pid)
    { # child
      ($EUID, $EGID) = ($UID, $GID); # suid only
      
      $program = "$LDAPMODIFY";
      @options = ("-x",
		  "-h", "${LDAP_HOST}",
		  "-D", "${LDAP_ADMIN_DN}",
		  "-w", "${LDAP_ADMIN_PASS}");
      exec($program, @options)
      || die "can't exec program: $!";
      # the end
    }
  print $fh $entry;
  close($fh);
}