Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Quoting Tom Metro <tmetro-blu-5a1Jt6qxUNc at public.gmane.org>: > Derek Atkins wrote: >> It's using expect in a different way and this time it actually looks >> for various errors. > > I see the error checks you added, but aside from that, how is it different? The main difference is "expect -f -" --- at least I think that's the MAJOR change that caused it to work, in addition to the error checks. >> function changePassword($user, $currpwd, $newpwd) { > ... >> // Log conversation for verification >> $log = '/tmp/passwd_' . $user . '_' . time(); > > I would include code here to "untaint" $user, seeing as you are > passing it on the command line a few times, and that makes you > vulnerable to shell meta character injection. This is done elsewhere in the script, along with checking that the two new passwords are the same. The user is prompted to enter the new password twice, and they are validated against each other (both in javascript and also in the PHP). >> $cmd .= "log_file -a \"$log\"\n"; >> ... >> return (trim($output[count($output)-2]) == 'passwd: all >> authentication tokens updated successfully.') ? > true : false; > > Now that you've cleaned up the expect script to return unique exit > codes for each state, you should replace that last line with "return > pclose($p);" and get rid of all the code for generating and > processing the log file. Yeah, that was on my list of things to do... I was just happy to get it working at all! [snip] > $cmd = <<< EXPECT > spawn /bin/su $user -c /usr/bin/passwd > expect { > "does not exist" {exit 1} > "assword: " > } > send "$currpwd\r" > expect { > "incorrect" {exit 2} > "hanging password for" > } > EXPECT Yeah, this would be cleaner. It's the way it is no only because I pulled it from somewhere else. > A tad more readable... yeah, but who is going to read it? ;-) Thanks for the tips. :) > -Tom -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord-DPNOqEs/LNQ at public.gmane.org PGP key available
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |