home *** CD-ROM | disk | FTP | other *** search
#!/bin/sh PATH=/usr/local/gnu/bin:/usr/local/bin:/bin:/usr/ucb:/usr/bin:/usr/etc:/usr:/etc ##################################################################### # # Date: 13 Sept 1997 # Author: TjL <luomat+next@luomat.peak.org> # Version: 2.0 (previously released as `fiddlepass' # ##################################################################### # # # Warning: do NOT make root the DefaultUser... it just # isn't a good idea # # ##################################################################### # # This script is to remove and restore the password for the user # known as the ``DefaultUser'' # # This supercedes the script I formerly wrote called `fiddlepass' # to do roughly the same thing, thou not nearly as well. # # Thanks to Luke Howard <lukeh@xedoc.com.au> and # Christian Limpach <chris@nice.ch> # but they are not responsible for this script.... # # ... in fact, neither am I... Use entirely at your own risk # # # USAGE: pretty simple. It takes one of two arguments: # # Use ``removepass'' to remove the password. # It will be stored (encrypted) in root's dwrites. # # Use ``restorepass'' to restore the password # # How to use: # I'd try putting something like this in /etc/rc.local: # # defaultuser.sh removepass # (sleep 60 && defaultuser.sh restorepass) & # # That will remove the password, wait 60 seconds, and then # restore the password.... that should be plenty of time # to complete the boot action and have the default user # get logged in.... you might want to make it less time # since this account will be open during that interval... # # # #################################################################### # setting VERBOSE=yes gets some extra info during processing VERBOSE=yes name=`basename $0` #################################################################### if [ "`/usr/ucb/whoami`" != "root" ] then echo "Must be root to run this program" exit 1 fi #################################################################### NIUTIL=/usr/bin/niutil if [ ! -x $NIUTIL ]; then echo "Oops... can't find $NIUTIL!" exit 1 fi #################################################################### ################################################################### # get the username of the `DefaultUser' from root's dwrite # database USER=`/usr/bin/dread loginwindow DefaultUser |awk '{print $NF}'` ######################################### # if there is no DefaultUser, exit if [ "$USER" = "" ] then echo "No default user found, try 'dwrite loginwindow DefaultUser username' to set a Default User" exit 1 fi if [ "$VERBOSE" = "yes" ]; then # OK, tell them who the user is echo "DefaultUser is ${USER}" fi ################################################################### # set the NetInfo Directory NIDIR=/users/${USER} if [ "$VERBOSE" = "yes" ]; then # OK, tell them who the user is echo "NIDIR=/users/${USER}" fi #################################################################### case $1 in removepass) # we try to get the current password from the # NetInfo database PASSWD=`$NIUTIL -readprop . $NIDIR passwd` # if that exited NOT zero, something went wrong if [ "$?" != "0" ] then echo "FATAL: Can't find local password for user $USER" exit 1 fi if [ "$VERBOSE" = "yes" ]; then echo "Good: found a local passwd for $USER" fi ######################################### # store the password (encrypted) in # root's dwrite database /usr/bin/dwrite loginwindow DefaultUserPassword $PASSWD ######################################### # then remove the password $NIUTIL -destroyprop . $NIDIR passwd ;; # # The end of the `removepass' code # restorepass) if [ "$VERBOSE" = "yes" ]; then echo "Trying to reestablish password for $USER" fi PASS=`/usr/bin/dread loginwindow DefaultUserPassword |\ awk '{print $NF}'` ######################################################## if [ "$PASS" = "" ] then if [ "$VERBOSE" = "yes" ]; then echo "Drat.... can't find old password for $USER... trying to grab root's" fi # eek, no password found... let's use # root's password so we don't have an account # with no password at all PASS=`$NIUTIL -readprop . /users/root passwd` ########################################### if [ "$PASS" = "" ] then if [ "$VERBOSE" = "yes" ]; then echo "Very bad... no root password " fi # goodness, there's no root password # this is bad news echo "Please check the local domain on `hostname` since there does not seem to be a password for $USER or root... logins are disabled for $USER" | /usr/ucb/Mail -s "($name) WARNING: " root $USER # well, since we can't find a password # we'll use "*" to disable logins # to we'll be secure at least PASS="*" ######################################### else if [ "$VERBOSE" = "yes" ]; then echo "well, at least we can use root's password rather than $USER's" fi echo "Could not find a password for $USER, so I made it the same as root's from the local domain on machine `hostname`" | /usr/ucb/Mail -s "($name) WARNING: " root $USER fi ######################################### fi ################################################################### # now we recreate the password $NIUTIL -createprop . $NIDIR passwd $PASS if [ "$?" != "0" ] then echo "Something went wrong trying to restore password for $USER" exit 1 fi ;; # # the end of the ``restorepass' code # *) echo "Use either:" echo " $name restorepass" echo "or" echo " $name removepass" ;; esac ################################################################### exit 0 ################################################################### 
