#!/usr/bin/perl -w
#
# chpasswds.pl -- change the passwords on your servers
# (C) 2001 Jason Spence <thalakan@lightconsulting.com>
#
# Requirements:
#  - Crypt::PasswdMD5
#
# Usage:
#
# Simply give the names of the servers to change the passwords on as
# arguments to the script like so:
#
# ./chpasswds.pl mybox.myco.com otherbox.myco.com
#
# or better yet:
#
# echo 'box1 box2 box3 box4 box5' > servers
# ./chpasswds.pl $(cat servers)
#
# Bugs:
#
# Only tested on OpenBSD 2.9 and Linux.  Requires that the target
# operating system have the usermod command with the -p flag and it
# must accept MD5 encrypted passwords.  Adding blowfish wouldn't be
# very hard at all but I don't need it.
#
# License:
#
# GPL.

use Crypt::PasswdMD5;
use strict;
use vars qw(@failed $i);

sub usage {
  print <<EOF;
Usage: chpasswds.pl HOST ...
Changes root passwords on HOSTS.

Report bugs to Jason Spence <thalakan\@lightconsulting.com>
EOF

exit 0;
}

if(scalar @ARGV < 1) {
    usage();
}

foreach (@ARGV) {
  my $p = get_passwd();
  my $cp = crypt_passwd($p);
  my $ecp = escape_passwd($cp);

#  print "Your password is: $p\n";
#  print "Your crypted password is: ". crypt_passwd($p). "\n";

  my $cmd = "ssh root\@$_ \"/usr/sbin/usermod -p '" . $ecp . "' root\"";

#  print "$cmd\n";
  my $out = `$cmd`;

#  print $ecp. "\n";
  print $out;

# Check the return value.  See the perl documentation for details on $?
  if(($? >> 8) == 0) {
    print "Successfully changed the password on $_ to $p\n";
  }
  else {
    print "Failed to change the password on $_, output follows\n";
    print $out;
    push @failed, $_;
  }
}

if(@failed) {
  print ">>> Failed to change the password on the following systems <<<\n";
  foreach (@failed) {
    print "$_\n";
  }
}

sub get_passwd {
  my $p;
  for($i = 0; $i < 12; $i++) {
    $p .= chr(rand(93)+33);
#    srand();
  }

  return $p;
}

sub crypt_passwd {
  my $i;
  my $ret;
  my $salt;
  my $p = $_[0];
  my $saltset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./';

  for($i = 0; $i < 8; $i++) {
    $salt .= substr $saltset, rand(length($saltset)), 1;
  }

  $ret = unix_md5_crypt($p, $salt);

  return $ret;
}

sub escape_passwd {
  my $ret;
  my $p = $_[0];

  my @c = split //, $p;

  foreach(@c) {
    if($_ eq '$') {
      $ret .= '\\';
      $ret .= '$';
    }
    else {
      $ret .= $_;
    }
  }

  return $ret;
}