#!/usr/bin/perl package change_root_password; use strict; use FindBin; use lib "$FindBin::Bin/../"; use lib "$FindBin::Bin/../DADA/perllib"; BEGIN { my $b__dir = ( getpwuid($>) )[7] . '/perl'; push @INC, $b__dir . '5/lib/perl5', $b__dir . '5/lib/perl5/x86_64-linux-thread-multi', $b__dir . 'lib', map { $b__dir . $_ } @INC; } # use some of those Modules use DADA::Config 11.0.0; use DADA::Template::HTML; use DADA::Template::Widgets; use DADA::App::Guts; use DADA::MailingList::Settings; my $Start_Marker = '# Start Root Password'; my $End_Marker = '# End Root Password'; sub run() { my $q = shift; my ( $admin_list, $root_login, $checksout, $error_msg ) = check_list_security( -cgi_obj => $q, - Function => 'change_root_password' ); if ( !$checksout ) { return ( {}, $error_msg ); } my $list = $admin_list; # get the list information my $ls = DADA::MailingList::Settings->new( { -list => $list } ); my $li = $ls->get; if ( !$q->param('process') ) { my $scrn = DADA::Template::Widgets::wrap_screen( { -screen => 'plugins/change_root_password/default.tmpl', -with => 'admin', -wrapper_params => { -Root_Login => $root_login, -List => $list, }, -vars => { ROOT_PASS_IS_ENCRYPTED => $DADA::Config::ROOT_PASS_IS_ENCRYPTED, new_pass_no_match => ( $q->param('new_pass_no_match') == 1 ) ? 1 : 0, old_root_pass_incorrect => ( $q->param('old_root_pass_incorrect') == 1 ) ? 1 : 0, }, } ); return ({}, $scrn); } else { if ( !$q->param('old_password') ) { return({ -redirect_uri => $DADA::Config::S_PROGRAM_URL .'?flavor=plugins&plugin=change_root_password&old_root_pass_incorrect=1'}, undef ); } else { if ( $DADA::Config::ROOT_PASS_IS_ENCRYPTED == 1 ) { require DADA::Security::Password; my $root_password_check = DADA::Security::Password::check_password( $DADA::Config::PROGRAM_ROOT_PASSWORD, $q->param('old_password') ); if ( $root_password_check == 1 ) { # we are good. } else { return({-redirect_uri => $DADA::Config::S_PROGRAM_URL .'?flavor=plugins&plugin=change_root_password&old_root_pass_incorrect=1'}, undef ); } } else { if ( $DADA::Config::PROGRAM_ROOT_PASSWORD ne $q->param('old_password') ) { return ({-redirect_uri => $DADA::Config::S_PROGRAM_URL .'?flavor=plugins&plugin=change_root_password&old_root_pass_incorrect=1'}, undef ); } } } if ( $q->param('new_password') ne $q->param('again_new_password') ) { return ({-redirect_uri => $DADA::Config::S_PROGRAM_URL .'?flavor=plugins&plugin=change_root_password&new_pass_no_match=1'}, undef ); } else { # Well, if everything works out, we're cool. my $file = $DADA::Config::CONFIG_FILE; open my $CONFIG, '<:encoding(' . $DADA::Config::HTML_CHARSET . ')', $file or die "Cannot read config file at: '" . $file . "' because: " . $!; my $config = do { local $/; <$CONFIG> }; close($CONFIG) or die $!; my $qmsp = quotemeta($Start_Marker); my $qmep = quotemeta($End_Marker); require DADA::Security::Password; my $pw = $q->param('new_password'); my $root_pass = DADA::Security::Password::encrypt_passwd($pw); my $new_pass = "\n" . '$ROOT_PASS_IS_ENCRYPTED = 1; ' . "\n \n" . '$PROGRAM_ROOT_PASSWORD = \'' . $root_pass . "'; \n"; $config =~ s/($qmsp)(.*?)($qmep)/$Start_Marker\n$new_pass\n$End_Marker/sm; # die $root_pass; open my $CONFIGW, '>:encoding(' . $DADA::Config::HTML_CHARSET . ')', $file or die "Cannot write config file at: '" . $file . "' because: " . $!; print $CONFIGW $config or die $!; close($CONFIGW) or die $!; return({-redirect_uri => $DADA::Config::S_PROGRAM_URL . '?flavor=logout&login_url=' . $DADA::Config::S_PROGRAM_URL . '/' . $DADA::Config::ADMIN_FLAVOR_NAME}, undef ); } } } =pod =head1 NAME change_root_password.cgi - B Dada Mail plugin to allow you to easily change the Dada Mail Root Password. =head1 DEPRECATED The plugin, B has now landed itself on the DEPRECATED list of plugins that comes with Dada Mail. Since the new, B plugin allows you to easily change the Dada Mail Root Password, amongst many other things, this plugin can now be retired. =head1 VERSION Refer to the version of Dada Mail you're using - NEVER use a version of this proggy with an earlier or later version of Dada Mail. =head1 USAGE This script is a Dada Mail plugin. Once configured, you should be able to log into your list and access this plugin under the, B menu. B, that by default, this plugin can only be accessed if you log into a list using the B. =head1 DESCRIPTION =head1 Installation This plugin can be installed during a Dada Mail install/upgrade, using the included installer that comes with Dada Mail. The below installation instructions go through how to install the plugin manually. =head1 CONFIGURATION AND ENVIRONMENT =head2 Please Read Before Installing Before getting into configuration of the plugin, do note that this is an B plugin, so it is slightly awkward in a few places. Make sure you have the correct environment set up to use it. Here's what you'll need to have: =over =item * Outside Config File (.dada_config) Currently, this plugin only works when you do a contemporary installation of Dada Mail. Refer to the installation instructions that come with Dada Mail to understand the difference between a contemporary installation and a basic installation. If you use the installer that comes with Dada Mail, you will have a B of Dada Mail. =item * Specific Markers in the Outside Config File This plugin very simply looks for a, B and an, B and between these two markers should be the following variables: =over =item * $ROOT_PASS_IS_ENCRYPTED (can either be set to 1 or 0) =item * $PROGRAM_ROOT_PASSWORD =back By default, the two markers are set in this very plugin under the variables, B<$Start_Marker> and B<$End_Marker>. So, in your C<.dada_config> file, you should have something that looks similar to this: # Start Root Password $ROOT_PASS_IS_ENCRYPTED = 1; $PROGRAM_ROOT_PASSWORD = 'S5R8IqNB7C3cQ'; # End Root Password If your C<.dada_config> file does not have a part of its content that looks like this, this plugin will not work. =back =head2 Change permissions of "change_root_password.cgi" to 755 The, C plugin will be located in your, I diretory. Change the script to, C<755> =head2 Configure your .dada_config file Now, edit your C<.dada_config> file, so that it shows the plugin in the left-hand menu, under the, B heading: First, see if the following lines are present in your C<.dada_config> file: # start cut for list control panel menu =cut =cut # end cut for list control panel menu If they are, remove them. Then, find these lines: # { # -Title => 'Change the Program Root Password', # -Title_URL => $S_PROGRAM_URL."/plugins/change_root_password.cgi", # -Function => 'change_root_password', # -Activated => 0, # }, Uncomment the lines, by taking off the, "#"'s: { -Title => 'Change the Program Root Password', -Title_URL => $S_PROGRAM_URL."/plugins/change_root_password.cgi", -Function => 'change_root_password', -Activated => 0, }, Save your C<.dada_config> file. =head1 DEPENDENCIES You'll most likely want to use the version of this plugin with the version of Dada Mail is comes with. =head1 INCOMPATIBILITIES =head1 BUGS AND LIMITATIONS Please, let me know if you find any bugs. =head1 AUTHOR Justin Simoni See: https://dadamailproject.com/contact =head1 LICENSE AND COPYRIGHT Copyright (c) 1999 - 2020 Justin Simoni All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. =cut