Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
#reading file /usr/local/src/devel/IdM/pwReset/etc/pwReset-unclean.sys
progname = "pwReset"
version = 0.1
date = "2011-01-11"
<author>
name = "Peter Gietz"
org= "DAASI International GmbH"
mail = "peter.gietz@daasi.de"
</author>
<copyright>
text1 = Copyright (c) 2005 DAASI International GmbH
text2 = This library is free software; you can redistribute it and/or \
modify it under the same terms as Perl itself.
</copyright>
progshortdescr = "Webtool for password reset"
<progdescription>
text1 ="pwReset is a simple webtool for password reset. It works as follows: \
When first started (status = 'none') it tests whether cookies are enabled \
(via redirect to status testcookie), and returns a respective message to the \
user if not, with a link to start all over again."
text2 = "If the cookie is \
retrievable an Apache-session is established (information is stored in files \
on the server) and a mask is shown to the user, where she can input an ID \
(loginid, email address or TextGrid ID). If mode 'oneinputfield' is set in the \
configuration there is one input field for either of them, if not, there are \
three separate input fields."
text3 = "After pressing the \"verify me\" button the programm is called with \
'sendlink' status where the programm first checks whether the input values \
conform to configurable regular expressions \
(e.g. \".*\\@.*\" for email address), \
returns respective errors if they do not conform. If they do, the programm \
looks up the ID in the LDAP server and retrieves an email address from there \
(even if the ID was the mail address). \
If the ID was found a separate sessionid (not the ID in the cookie) is created \
and concatenated to an url that calls status 'printform' and that url is sent \
to the email address with some configurable text."
text4 = "If the user clicks on the url in that email, the sessionid in the \
query is compared with the respective id stored in the session and if they \
are identical a form to input the password (in two separate input fields) is \
displayed. After pressing the button \"reset password\" the program is \
restarted with the status 'modify'."
text5 = "In this last status again the matching of sessionid is checked, as \
well as the matching of password and retyped password. Then it is checked how \
often the session has been used (there is a counter for every access) and \
whether that number is less than a configurable maximum. The password value is \
then tested against the configurable regular expression that defines the \
password policy. If any of these checks fail a respective error message is \
displayed, otherwise the program looks up the entry and changes the password \
in the LDAP server."
text6 = "At any error state, the user either gets the last input screen (e.g. \
when wrong values have been inputted) or a link to restart the process (e.g. if \
session is not valid any more). A lot of things are configurable (see the \
single options below). HTTPS as well as TLS for the LDAP connection can be \
enforced. All activities can be logged. Configuration concerning input fields \
(labels, regExp, etc.) happens in a hash at the beginning of the source code. \
Everything else can be configured in a Apache style configuration file. All \
passwords needed (for LDAP access and for SMTP auth) are sored in a separate \
file."
text7= "If you start the program with status 'adminhelp' \
(/url/?status=adminhelp) this manpage is displayed in the browser. You can \
additionally specify one single configuration option to only have the help to \
that option displayed (e.g. /url/?status=adminhelp&helpfeature=emailconfig). \
The adminhelp feature can be turned off in the configuration."
</progdescription>
<bugs>
text1 = "Please report bugs to peter.gietz@daasi.de"
text2 = "some todos are: "
text3 = "more than one regExp per inputfield"
text4 = "multilanguage support is already designed but needs gettext translations"
text5 = "configurable css file does not work properly yet"
</bugs>
<additions example>
text1 = "For getting this manpage: "
text2 = " pwReset.pl -h"
text3 = " "
</additions>
<additions requirements>
text1 = "Following modules are required: "
text2 = "* Config::General"
text5 = "* File::Basename"
text6 = "* File::Copy"
text7 = "* File::Flock"
text8 = "* File::Temp"
text9 = "* Getopt::Std"
text10 = "* IO::Prompt"
text11 = "* Log::Log4perl"
text12 = "* LWP::Authen::Ntlm"
text13 = "* MIME::Base64"
text14 = "* Net::LDAP"
text15 = "* Net::SMTP"
text18 = "* Text::Wrap"
</additions>
<options loglevel>
key = "l"
must = 0
description = "Loglevel for controlling logmessages."
description_de = "Loglevel zur Kontrolle des Logging."
arg = 1
argtype = "skalar"
values = "no, all, debug, info, warn, error, fatal"
default = "warn"
</options>
<options logfile>
key = "L"
must = 0
description = "Name of the logfile with absolute or relative path. "
description_de = "Name der Logdatei mit absolutem oder relativem Pfad."
arg = 1
argtype = "filename_add_subdir_log"
default = "pwReset.log"
</options>
<options debugmode>
key = "d"
must = 0
description = "Sets debug mode to on."
description_de = "Stellt den Debug-Modus an."
arg = 0
</options>
<options verbose>
key = "v"
must = 0
description = "Sets verbose mode which makes the program quite chatty."
description_de = "Stellt den Verbose-Modus an, womit das Programm \
gespraechiger wird."
arg = 0
</options>
<options language>
key = "G"
must = 0
description = "Sets the language for output like this one"
description_de = "Setzt die Sprache fuer Ausgaben wie diese. "
arg = 1
default = en
values = en, de
</options>
<options passwordfile>
key = "p"
description = "Name of the password file which contains the secrets \
the programm must know to connect to data bases etc. \
The format for all lines of this file must be: \
<token><blank><password> where <token> has to be the \
option label which defines the database such as e.g. \
\"outputuri\". "
description_de = "Name einer Datei, welche die Passworte enthaelt, \
die das Programm wissen muss um Datenbanken zu \
kontaktieren etc. Das Format dieser Datei ist: \
<Token><Leerzeichen><Passwort> wobei <Token> ein \
Optionsname sein muss, welcher die Datenbank \
definiert wie z.B. \"outputuri\". "
arg = 1
default = "pwReset.secret"
argtype = "filename_exist"
</options>
<options configfile>
key = "c"
must = 0
description = Name of the user config file with absolute or \
relative path."
description_de = Name der benutzerdefinierten Konfigurationsdatei \
mit absolutem oder relativem Pfad."
arg = 1
argtype = "filename_exist_subdir_etc"
default = "./etc/pwReset.conf"
</options>
<options printhelp>
key = "h"
must = 0
description = "prints out the manpage"
description_de = "Druckt die Manpage aus"
arg = 0
</options>
<options helpfeature>
key = "H"
must = 0
description = "prints out description of the feature referenced by \
commandline flag or config file token. "
description_de = "Druckt die Beschreibung der Option aus, die \
entweder ueber den Kommandozeilen- oder ueber den \
Konfigurationsdatei-Parameter spezifiziert wird."
arg = 1
</options>
<options emailconfig>
key = "e"
must = 0
description = "specifies the SMTP-communication of the program, in a \
string with token-value pairs, format: \
\#token1=value1;\#token2=value; etc. \
Following tokens are understood: \
\#smtprelay sets the mailserver from which the mail should \
be sent \
\#from sets the from address of the mail to be sent. \
\#to sets the mailaddress of the administrator to whom mails \
should be sent. More than one address can be separated by \
comma. \
\#subjectpart sets a prefix that will be included in the \
subject line.\n\
\#hello sets the smtpclient name.\n\
\#smtpuser sets the user name SMTP Auth authentication. \
In this case the corresponding password has to \
be stored in the passwordfile (-p, default is \
dbconnector.secret) behind the token smtpauth."
description_de = "Spezifiziert das Mail-Interface des Programms \
wodurch in bestimmten Faellen automatische E-Mails an den \
Administrator geschickt werden koennen. Das Format besteht \
aus mit Semikolon getrennten Schluessel-Wert-Paaren, wobei \
der Schluessel mit einem vorgestellten \# gekennzeichnet \
wird: \n\
\#token1=value1;\#token2=value; etc. \n\
Folgende Tokens werden unterstuetzt: \n\
\#smtprelay spezifiziert den Mailserver von welchem aus die \
Mail geschickt werden soll.\n\
\#from spezifiziert die Sender-E-Mail-Adresse.\n\
\#to spezifiziert die Ziel-Adresse des Administratoren, an \
den die automatischen Mails geschickt werden sollen. \
Hierbei koennen mehrere mit Komma separierte Adressen \
angegeben werden.\n\
\#subjectpart setzt ein Praefix fuer die verschiedenen \
Mail-Subjects.\n\
\#hello setzt den smtpclient-Namen.\n\
\#smtpuser setzt den User-Namen für SMTP \
Auth-Authentifizierung. Wenn dieser gesetzt ist, muss \
das korrespondierende Passwort in der mit \
passwordfile spezifizierten Datei (-p, Voreinstellung \
ist dbconnector.secret) hinter dem Stichwort smtpauth \
eingetragen sein."
arg = 1
argtype = token_emailinfo
default = 0
</options>
<options cssfile>
key = "C"
must = 0
description = "Name of the CSS file with absolute or \
relative path."
description_de = "Name der CSS-Datei \
mit absolutem oder relativem Pfad."
arg = 1
argtype = "filename_exist_subdir_etc"
default = "./etc/pwReset.css"
</options>
<options sessionpath>
key = "s"
must = 0
description = "Path (relative or absolute) of the directory where to store session information."
description_de = "Pfad (relativ oder absolut) zum Verzeichnis, in dem die Session-Informationen gespeichert werden."
arg = 1
argtype = "filename_dir"
default = "./sessions"
</options>
<options sessionlockpath>
key = "S"
must = 0
description = "Path (relative or absolute) of the directory where to store session lock information."
description_de = "Pfad (relativ oder absolut) zum Verzeichnis, in dem die Session-Lock-Informationen gespeichert werden."
arg = 1
argtype = "filename_dir"
default = "./locks"
</options>
<options sessiontime>
key = "T"
must = 0
description = "Sets the duration of a cookie session. Format: +<number><unit>, where you can specify the following units: s for seconds, m for minutes, h for hours, d for days, M for months, and y for years"
description_de = "definiert die Lebensdauer einer cookie session. Format: +<Nummer><Einheit>, wobei Einheit s für Sekunden, m für Minuten, h für Stunden, d für Tage, M für Monate, und y für Jahre steht. "
arg = 1
default = "2d"
</options>
<options title>
key = "t"
must = 1
description = "Sets the page title."
description_de = "definiert den Seitentitel."
arg = 1
default = "Password Reset Tool"
</options>
<options charset>
key = "X"
must = 1
description = "Sets the character set."
description_de = "definiert die Zeichensatzkodierung."
arg = 1
default = "utf-8"
values = "utf-8, iso5889"
</options>
<options bgcolor>
key = "b"
must = 0
description = "Sets the background color"
description_de = "definiert die Hintergrundsfarbe."
arg = 1
default = "ffffff"
</options>
<options linkmail>
key = "K"
must = 0
description = "Sets the text for the link mail"
description_de = "Definiert die link mail"
arg = 1
default = "You receive this message, because someone (probably you) requested $ to reset your Password. $ You can do this with following link: %URL%"
</options>
<options meta>
key = "M"
must = 0
description = "Sets the metatags. Format: name1:content1|name2:content2"
description_de = "definiert die Meta-Tags. \
Format: name1:content1|name2:content2"
arg = 1
default = "Robots:noindex,nofollow"
</options>
<options ldapuri>
key = "u"
must = 1
description = "URI for input of LDAP data. \n\
The format for the LDAP URI is (see RFC 4516): \
ldap://<host>[:<port>]/<basedn>?<attributes>?<scope>?\n\
<filter>?<extension> where <extension> can by now only \
be either bindname=<bindname> for authenticating to the \
server. In this case the corresponding password has to \
be stored in the passwordfile (-p, default is \
dbconnector.secret) behind the token inputuri. \
The second extension supported is \
config=<Slapd-configuration file>, which is only \
needed with inputformat _REPL."
description_de = "URI fuer Eingabedaten aus einem LDAP-Server.\n\
Das Format fuer die LDAP-URI (siehe RFC 4516) ist: \
ldap://<host>[:<port>]/<basedn>?<attributes>?<scope>?\n\
<filter>?<extension> wobei als <extension> gegenwaertig \
folgende Erweiterungen unterstuetzt werden:\n\
bindname=<bindname> zur Authentifizierung am Server, \
wobei das korrespondierende Passwort in der mit \
passwordfile spezifizierten Datei (-p, Voreinstellung \
ist dbconnector.secret) hinter dem Stichwort inputuri \
eingetragen sein muss.\n\
config=<Slapd-configuration file>, womit die zu \
verwendende Open-LDAP-Konfigurationsdatei spezifiziert \
wird, was nur im Zusammenhang mit dem inputformat (-I) \
\"_REPL\" benoetigt wird."
arg = 1
argtype = "uri"
</options>
<options pwhash>
key = "P"
must = 1
description = "Specifies the password hash algorithm"
description_de = "definiert den Passwort-Hash-Algorhitmus"
arg = 1
default = "SSHA"
values = "SSHA, MD5, CRYPT"
</options>
<options forcehttps>
key = "f"
must = 0
description = "Forces https."
description_de = "Erzwingt https."
arg = 0
</options>
<options oneinputfield>
key = "o"
must = 0
description = "Combines all ID-inputfields to one and creates a complex filter"
description_de = "vereinigt alle ID-Eingabefelder in eins und baut entsprechende Filter auf"
arg = 0
</options>
<options forcetls>
key = "z"
must = 0
description = "Forces START_TLS in LDAP-connection"
description_de = "Erzwingt START_TLS in LDAP-Verbindung"
arg = 0
</options>
<options rewritepath>
key = "r"
must = 0
description = "Rewrites path, which might be needed for proxying. \
Format: <regexp>=><string>;<regexp>=><string>;..."
description_de = "Schreibt den Pfad um, was bei Proxying notwendig \
sein kann. Format: <regexp>=><string>;<regexp>=><string>;..."
arg = 0
</options>
<options enableadminhelp>
key = "a"
must = 0
description = "Allows display of adminhelp"
description_de = "Erlaubt die Anzeige der Admin-Hilfe"
arg = 0
</options>