Linux下SVN远端安全改密配置脚本

本配置参考网络中常用设置方法，做了安全机制控制。

 

主要有以下限定：

使密码输入位数最少为8位（以htpasswd  -b选项来做该设置时，有效密码最多也只能为8位，可调整选项），最多为16位。

限定使输入框最多输入30位字符，防溢出。

限定密码必须由大小写字母和数字组成。

限定密码不可由特殊字符组成。

 

 

配置步骤如下： 

1、将文件ChangePasswd.cgi和ChangePasswd.ini 放到apche安装目录下的cgi-bin下（我的：/usr/local/apache2/cgi-bin ）
2、确认ChangePasswd.cgi 程序第1行 ，prel工具的位置 （我的：#!/usr/bin/perl -w）
/usr/bin/perl
3、修改ChangePasswd.cgi 第111行 改成htpasswd所在的路径（我的：/usr/local/apache2/bin/htpasswd）
4、修改ChangePasswd.cgi 155行 ini文件改成完整路径（我的：/usr/local/apache2/cgi-bin/ChangePasswd.ini）
5、配置文件 ChangePasswd.ini 第2行authuserfile= 密码存放路径（我的：/home/svnroot/conf/passwd）
6、配置文件 ChangePasswd.ini 第3行logfile= 操作日志存放路径（我的：/usr/local/apache2/cgi-bin/ChangPasswd.log）

7.chmod -R 755 ChangePasswd.ini ChangePasswd.cgi

 

注意：
1、用htpasswd时 切勿用-m参数 如果以前用的话，可重新输入一次进行更新
2、ChangPasswd.log 必须有“w”写入权限

 

登录：https://ip/cgi-bin/ChangePasswd.cgi  修改密码。

 

A：

ChangePasswd.cgi 内容为：

#!/usr/bin/perl -w

use strict;
use CGI;
my $time        = localtime;
my $remote_id   = $ENV{REMOTE_HOST} || $ENV{REMOTE_ADDR};
my $admin_email = $ENV{SERVER_ADMIN};

my $cgi = new CGI;
my $pwd_not_alldiginal = "密码须为大小写字母与数字组合，不能全为数字";
my $pwd_not_allchar = "密码须为大小写字母与数字组合，不能全为字母";
my $pwd_not_alllowchar = "密码须为大小写字母与数字组合，您未输入大写字母";
my $pwd_not_allcapchar = "密码须为大小写字母与数字组合，您未输入小写字母";
my $pwd_include_specialchar = "密码须为数字与字母组合，不能包含特殊字符";
my $user_not_exists = "该用户不存在";
my $file_not_found = "文件不存在,请联系管理员";

my $authuserfile;
my $logfile;
my $pwdminlen;
my $title;
my $description;
my $yourname;
my $oldpwd;
my $newpwd1;
my $newpwd2;
my $btn_change;
my $btn_reset;
my $delay_time;

my $changepwdok;
my $changepwdfailed;
my $oldpwderror;
my $passmustgreater;
my $twopassnotmatched;
my $entername;
my $enterpwd;
my $errorpwd;
my $back;

&IniInfo;

if ($cgi -> param())
{#8
 my $User = $cgi->param('UserName');
 my $UserPwd = $cgi->param('OldPwd');
 my $UserNewPwd =  $cgi->param('NewPwd1');
 my $MatchNewPwd =  $cgi->param('NewPwd2');

 if (!$User)
     {&Writer_Log("Enter no user name");
     sleep($delay_time);
       &otherhtml($title,$entername,$back);}
 elsif (!$UserPwd )
    {&Writer_Log("Enter no OldPasswd");
    sleep($delay_time);
     &otherhtml($title,$enterpwd,$back); }
 elsif (length($UserNewPwd)<$pwdminlen)
    {&Writer_Log("Password's length must greater than".$pwdminlen);
    sleep($delay_time);
     &otherhtml($title,$passmustgreater.$pwdminlen,$back);}
 elsif (length($UserNewPwd)>16)
     {&Writer_Log("Password's length must below than 16");
      sleep($delay_time);
      &otherhtml($title,"新密码必须小于16位",$back);}
 elsif ($UserNewPwd !~/^[0-9a-zA-Z]+$/)
     {&Writer_Log("New Passwd must use diginal or char,can't use special char");
     sleep($delay_time);
      &otherhtml($title,$pwd_include_specialchar,$back);}     
 elsif ($UserNewPwd =~/^\d+$/)
    {&Writer_Log("New Passwd isn't all diginal");
     sleep($delay_time);
     &otherhtml($title,$pwd_not_alldiginal,$back);}
 elsif ($UserNewPwd =~/^[A-Za-z]+$/)
    {&Writer_Log("New Passwd isn't all char");
     sleep($delay_time);
     &otherhtml($title,$pwd_not_allchar,$back);}
 elsif ($UserNewPwd =~/^[0-9A-Z]+$/)
    {&Writer_Log("New Passwd isn't all capital char");
    sleep($delay_time);
     &otherhtml($title,$pwd_not_allcapchar,$back);}
 elsif ($UserNewPwd =~/^[0-9a-z]+$/)
    {&Writer_Log("New Passwd isn't all lower char");
    sleep($delay_time);
     &otherhtml($title,$pwd_not_alllowchar,$back);}
 elsif ($UserNewPwd ne $MatchNewPwd)
    {&Writer_Log("Two new passwords are not matched");
    sleep($delay_time);
     &otherhtml($title,$twopassnotmatched,$back);}
 else
{if($authuserfile)
 {#6
  #sleep($delay_time);
  open UserFile, "<$authuserfile" or die "打开文件失败：$!";
  while (<UserFile>)
    {#5
       my $varstr=$_;

       if($varstr =~/($User)/)
    {#3
     my $eqpos =index($varstr, ":");
     my $UserName = substr($varstr,0,$eqpos);
     my $cryptpwd = substr($varstr,$eqpos + 1,13);
    
     next if($UserName ne $User);
        
     if(crypt($UserPwd,$cryptpwd) eq $cryptpwd)
     {#a
      my $rc = system("/usr/local/apache2/bin/htpasswd -b $authuserfile $User $UserNewPwd");
      if ($rc == 0)
         {#1
            &Writer_Log( $User."：Change Passwd");
            &otherhtml($title,$changepwdok,$back);
          }#1
       else
          {#2
           &Writer_Log( $User."：Change Passwd Failed");
           &otherhtml($title,$changepwdfailed,$back);
          }#2 
       exit;
     }#a
     else
     {#b
      &Writer_Log("Old Passwd is Incorrect ");
      &otherhtml($title,$errorpwd,$back);
     }#b
     exit;       
    }#3
       else
    {#4
     if(eof)
     { &Writer_Log($User."：no this user");
       &otherhtml($title,$user_not_exists,$back);
       exit;
     }
     else
     {next;}
    }#4   
     }#5
   close UserFile;
 }#6
else
 {#7
   &Writer_Log($authuserfile."：no found");
   &otherhtml($title,$file_not_found,$back);
 }#7
}
}#8
else
{&Index_Html;}

sub IniInfo{
my $inifile = "/usr/local/apache2/cgi-bin/ChangePasswd.ini";
open CGI_INI_FILE, "<$inifile" or die "打开文件失败：$!";;
while (<CGI_INI_FILE>)
{
  my $eqpos =index($_,'=');
  my $len = length($_);

  if ($_ =~/authuserfile/)
  {$authuserfile= substr($_, $eqpos + 1, $len - $eqpos -2);}
  elsif ($_ =~/logfile/)
  {$logfile= substr($_, $eqpos + 1);}
  elsif ($_ =~/pwdminlen/)
  {$pwdminlen= substr($_, $eqpos + 1);}
  elsif ($_ =~/title/)
  {$title = substr($_, $eqpos + 1);}
  elsif ($_ =~/description/)
  {$description = substr($_, $eqpos + 1);}
  elsif ($_ =~/yourname/)
  {$yourname = substr($_, $eqpos + 1);}
  elsif ($_ =~/oldpwd/)
  {$oldpwd= substr($_, $eqpos + 1);}
  elsif ($_ =~/newpwd1/)
  {$newpwd1= substr($_, $eqpos + 1);}
  elsif ($_ =~/newpwd2/)
  {$newpwd2= substr($_, $eqpos + 1);}
  elsif ($_ =~/btn_change/)
  {$btn_change = substr($_, $eqpos + 1);}
  elsif ($_ =~/btn_reset/)
  {$btn_reset = substr($_, $eqpos + 1);}
  elsif ($_ =~/changepwdok/)
  {$changepwdok = substr($_, $eqpos + 1);}
  elsif ($_ =~/changepwdfailed/)
  {$changepwdfailed = substr($_, $eqpos + 1);}
  elsif ($_ =~/oldpwderror/)
  {$oldpwderror = substr($_, $eqpos + 1);}
  elsif ($_ =~/passmustgreater/)
  {$passmustgreater = substr($_, $eqpos + 1);}
  elsif ($_ =~/twopassnotmatched/)
  {$twopassnotmatched = substr($_, $eqpos + 1);}
  elsif ($_ =~/entername/)
  {$entername = substr($_, $eqpos + 1);}
  elsif ($_ =~/enterpwd/)
  {$enterpwd= substr($_, $eqpos + 1);}
  elsif ($_ =~/errorpwd/)
  {$errorpwd= substr($_, $eqpos + 1);}
  elsif ($_ =~/back/)
  {$back = substr($_, $eqpos + 1);}
  elsif ($_ =~/delay_time/)
  {$delay_time=substr($_, $eqpos + 1);}
 }
 close CGI_INI_FILE;
}

sub Index_Html
{
print "Content-type: text/html\n\n";
print <<END_OF_PAGE;
<html >
<head>
<title>$title</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
</head>
<body>
<center><h1>$description</h1>
</center>
<form method="POST" enctype="multipart/form-data"  action="/cgi-bin/ChangePasswd.cgi">
<br>
<TABLE align="center">
<TR><TD class="t_text">$yourname</TD><TD><input type="text" name="UserName"  maxlength="30" /></TD></TR>
<TR><TD class="t_text">$oldpwd</TD><TD><input type="password" name="OldPwd"  maxlength="30" /></TD></TR>
<TR><TD class="t_text">$newpwd1</TD><TD><input type="password" name="NewPwd1" maxlength="30" /></TD></TR>
<TR><TD class="t_text">$newpwd2</TD><TD><input type="password" name="NewPwd2" maxlength="30" /></TD></TR>
</TABLE>
<br>
<TABLE align="center">
<TR><TD><input type="submit" name="chgpasswd" value="$btn_change"> <input type="reset" value="$btn_reset"></TD></TR>
</TABLE>
</form>
<HR>
<font color="#FF0000">注意:新密码位数须大于等于$pwdminlen小于16，且须同时包含大写字母、小写字母与数字，不能包含特殊字符，如Zlglb001;</font>
<P>如有问题请与质量管理部**（csc\@126.com）联系</P>

<P>***市***有限公司 </P>
<P>公司主页：http://www.****dom.com </p>
</body>
</html>
END_OF_PAGE
}

sub otherhtml{
print "Content-type: text/html\n\n";

print <<END_OF_PAGE;
<html>
<head>
<meta http-equiv="Content-Language" content="zh-cn">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>$_[0]</title>
</head>

<body>
<p align="center"><font size="5">$_[1]</font></p>
<p align="center"><a href="/cgi-bin/ChangePasswd.cgi"><font size="4">$_[2]</font></a></p>

<HR>
<P>如有问题请与admin联系E-Mail:csc\@126.com<A HREF="mailto:csc\@126.com"></A> </P>
</body>

</html>
END_OF_PAGE
}

sub Writer_Log{
if($logfile)
{
  my $loginfo ="[".$time."] "." [".$remote_id."] "." || ".$_[0];
  open LOGFILE,">>$logfile" or die "Couldn't open LOG FILE for writing: $!";
  print LOGFILE ("$loginfo\n");
  close LOGFILE;
}
}

 

B:ChangePasswd.ini文件内容：

[path]
authuserfile=/home/svnroot/conf/passwd
logfile=/usr/local/apache2/cgi-bin/ChangPasswd.log
[setup]
pwdminlen=8
[html]
title=SVN用户密码自助修改
description=SVN用户密码自助修改
yourname=用户名
oldpwd=旧密码
newpwd1=新密码
newpwd2=确认新密码
btn_change=修 改
btn_reset=重 置
delay_time=30

changepwdok=成功修改密码
changepwdfailed=修改密码失败
servererror=服务器错误
passmustgreater=新密码位数必须为
twopassnotmatched=两密码不一致
entername=请输入用户名
enterpwd=密码未输入
errorpwd=你的密码不正确
back=返回

 

 

申明：本配置参考网络中常用设置方法。参考地址：http://hi.baidu.com/deanlee1987/item/5f9fff0b3a6655813d42e279