"Fossies" - the Fresh Open Source Software Archive 
As a special service "Fossies" has tried to format the requested text file into HTML format (style:
standard) with prefixed line numbers.
Alternatively you can here
view or
download the uninterpreted source code file.
1 #! /usr/bin/less
2 ################################################################################
3
4 Program : passwd_exp
5 Version : 1.2.11
6 Purpose : Warn of password expiration via email
7 Check acount expiration status (admin mode)
8 License : GNU GPL v2 (see file COPYING)
9 Author : Samuel Behan <samkob(at)gmail.com> (c) 2000-2006
10 Requirements : perl5.005 + Text-Tokenizer perl package,
11 mail program (ie. mailx) or MTA (sendmail/postfix/...)
12
13 ################################################################################
14
15 ---------
16 - ABOUT -
17 ---------
18 passwd_exp is a perl script that warns users of password/account
19 expiration via email. It extends similar function of login process,
20 that prints such a messages at login time, but many users does not login
21 for a long (long) time and only download/forward their email, so they
22 have absolutely no chance to find out what's happening with their
23 account.
24 This script will warn them (via email), and save you from request
25 to re-enable users accounts that has been 'magicaly' disabled by that
26 BAD BAD man called Linux or whatever :) (And be sure there will be some if
27 you have system with many users forcing them to change their passwords to
28 get just a little more security).
29 Extra feature of this script is listing of expired user accounts
30 so you will have some more info about your system.
31
32 ********************************************************************************
33 PLEASE, send me yours data modules/translations so i can add them to the
34 distribution tarball, and other users can use them without the need to
35 recreate them.
36 Thanks
37 ********************************************************************************
38
39 -----------------
40 - BUG REPORTING -
41 -----------------
42 Well if you find a bug, and you want report it do this at first.
43
44 $ make bug
45
46 This will generate file BUG.REPORT containing some important informations about
47 system you are building on. Please include this file in the message you send me.
48 Thanks a lot.
49
50 ---------------
51 - INSTALATION -
52 ---------------
53 For successfull instalation of this package you need to install Text-Tokenizer
54 perl package, that can be found either on CPAN (www.cpan.org) or at my page
55 http://devel.dob.sk/Text-Tokenizer
56 You can also auto-install them by typing
57
58 $ make install-mod
59
60 before executing `make install'.
61 Script will try to install required modules via perl CPAN installer. You'll be propably
62 asked for configuring CPAN source, but you can skip this and program defaults will be
63 used.
64
65 Then, all you need to do is to run the configure script program and make:
66
67 $ tar -xzf passwd_exp-X.X.X.tar.gz
68 $ cd passwd_exp-X.X.X
69 $ ./configure
70 $ make
71 $ make install
72
73 *** INSTALLING CRON FILES ***
74 If installation of cron scripts fails, you should install them manualy either by
75 copying them to crontab dirs or by adding them to crontab (via crontab -e):
76
77 -- CUT
78 5 0 * * * /usr/local/share/passwd_exp/passwd_exp.cron #daily check
79 5 0 * * sun /usr/local/share/passwd_exp/passwd_exp-admin.cron #weekly check
80 -- CUT
81
82 Just reminding you, that cron scripts resides in /usr/local/share/passwd_exp directory.
83
84 *** WARNING ****
85 Versions > 1.0 are slightly incompatible with the previous one ( < 0.6.4 ). Placement of config file
86 has changed (now resides in /etc/passwd_exp directory) and also some config file directives
87 has been obsoleted (they will be ignored).
88
89
90 ------------------------
91 - COMMAND LINE OPTIONS -
92 ------------------------
93
94 -c FILE config file
95 -u USERNAME username to check
96 -l list users, do not send mails
97 -f override `run once per day' restriction
98 -t test mode, print generated emails instead of sending them
99 -T test configuration file validity
100 -v verbose mode, more times for more verbosity
101 -w DAYS override minimum warn days for users
102 -ws DAYS increment minimum warn days for every user
103 -d var=value define variable for message enviroment
104 -m MODULE module to use (can be module name or program path)
105 -mi print module informations
106 -mo option=value set module option (argument)
107 -s option=value override config file option
108
109 --------------
110 - ADMIN MODE -
111 --------------
112 In the admin mode you can get a list of expired, expiring...etc
113 accounts. Special variable %ustate% is defined in this mode that specifies
114 user settings/status:
115 'D' - user is 'date expired'
116 'N' - normal user (however, you can never be sure - this
117 program isn't a psychiatrist ;-)
118
119 Messages printed in admin mode can be also modified from config file.
120
121
122 -----------------------------
123 - ACCOUNT EXPIRATION STAGES -
124 -----------------------------
125 Little info, about stages that account goes when expiring.
126
127 Expiration - user password is expiring.
128 Program generates email using `warn subject/body/file'
129 values.
130 Expired - user password expired, ommiting inactivation phase.
131 User can not login anymore. Program sends no email.
132
133 Inactivation - user password has expired and account is being
134 inactivated. This means that user can login, but
135 he will be imediatelly prompted to change password.
136 Account goes trough this phase only if inactive days
137 are set for it, otherwise it gets Expired (see above).
138 Program generates email using `expired subject/body/file'
139 values.
140 Inactivated - user password has expired, and account was automaticaly
141 inactivated.
142 User can not login anymore. Program sends no email.
143
144 Date Expiration - user account is expiring (for example payed account can
145 have this set).
146 Program generates mails using `account subject/body/file'
147 values.
148 Date Expired - user account has expired (he doesn't pays bills ;).
149 User can not login anymore. Program sends no email.
150
151
152 ---------------
153 - CONFIG FILE -
154 ---------------
155 You can customize program behavior by editing configuration
156 file '/etc/passwd_exp/passwd_exp.conf'.
157
158 NOTE: boolean value means anything from: yes,enable,true,1,ok,allow,oui,si,ano
159 jo,hej,da to be TRUE any other value means FALSE.
160
161 This configuration settings are supported:
162
163 var[$name]
164 var[$name][$locale]
165 variable[$name]
166 variable[$name][$locale]
167 You can define your own variables that will be
168 replaced by their real values when sending e-mail.
169 You can also this way override any of default
170 variables program defines. In the var values you
171 can use also any other variable.
172 Example:
173 const[greeting] = "Hi %user%"
174 Supports LOCALIZATION and VARIABLES.
175
176 locale This version of program supports localization of
177 e-mail messages. By setting this variable you
178 can override your enviroment locale settings. If
179 no value set or value is "auto" then the $LC_ALL will
180 be used as your current locale. Default is 'auto'.
181
182 module Module to use to gather user data. This can be a
183 module name (name is executed from restricted PATH
184 prefering passwd_exp module dir: usualy
185 /usr/local/share/passwd_exp/mod ) or full path to
186 executable. You can also specify it's arguments
187 here. There is no restriction what can be executed.
188 I.e. You can run simple scripts, that execute multiple
189 modules...
190
191 module opt[$name]
192 Set module option that will passed to executed module
193 as argument.
194
195 direct mta Boolean. If true script will use your MTA instead
196 of using 'mailer' program. This can speedup a bit
197 the script since it will call the MTA directly
198 and not 'via' your mail agent. If you are not using
199 mta directly special configurable options can not
200 be used, since they are valid only for sendmail mail
201 via MTA.
202 Default is true.
203
204 mta
205 mail agent Path to your mail transport agent (sendmail compatible)
206 that will be used (if 'direct mta' true) to send e-mails
207 to users. This options obsoletes 'mailer' directive.
208 Path to program has to be absolute else script will
209 refuse to use it.
210
211 mail
212 mailer
213 mail sender Path to program that will be used to send emails.
214 This program have to accept recipient(optionaly subject)
215 on the command line and must read the body of
216 the mail from the stdin (like mailx does).
217 Example:
218 mailer = /bin/mail '%recipient%' -s '%subject%'
219 String '%recipient%' is replaced by the email
220 recipient and '%subject%' is replaced by the email
221 subject. Be sure it is absolute path, else script
222 will refuse to use it. Additionaly %user% variable is
223 also replaced. Other variables are ignored.
224
225 reply-to Email of the user, that should receive replys from
226 expiration warnings mail. Default is it user running
227 script (root). Script doesn't checks the validity
228 of the value and it passes it in raw form to MTA,
229 that will remove possibly buggy value.
230
231 mail-from Email of the user, that should script set to the
232 From header of the sended email. Defaults to user
233 running script (root).
234
235 mail header[$name]
236 Add special header to the mail head. Will be printed
237 to mail as `$name: $value' in the header section.
238
239 banner
240 print banner Boolean. Print program version banner to each
241 mail sended to user (GNU GPL extension ;-)
242 Defalult is true.
243
244 warn days Digit. This option overrides warning days value
245 get from the user list.
246
247 warn days step Digit. This option increments warning days value
248 get from the user list for every user.
249
250 mail days only List of simple rules to match days, when mails can
251 be sent. This setting is an alias for setting
252 `warn/expired/account days' only setting to the same
253 values.
254 See DAYS MATCHING section.
255
256 wo
257 warn days only List of simple rules to match days, when mail with
258 warning mails should be sent only.
259 See DAYS MATCHING section.
260 Default is '*' (every day).
261
262 warn subject
263 warn subject[locale]
264 ws
265 ws[locale] Subject of the email sended to the users that
266 password/account is expiring. Please don't set it
267 longer than 50 character. Can't be epmty.
268 Supports LOCALIZATION and VARIABLES.
269
270 warn body
271 warn body[locale]
272 wb
273 wb[locale] Body of the email sended to users that password
274 account is expiring. Can't be epmty.
275 Supports LOCALIZATION and VARIABLES.
276
277 warn file
278 warn file[locale]
279 wf
280 wf[locale] File used for definition of mail subject and body.
281 See MAIL FILE for more informations.
282 Supports LOCALIZATION and VARIABLES.
283
284 warn expired Boolean. Warn users if their password/account has
285 been already expired but is not inactived (yet).
286 This is enabled by default.
287
288 eo
289 expired days only
290 List of simple rules to match days, when mail with
291 expired warning should be sent only.
292 See DAYS MATCHING section.
293 Default is '*' (every day).
294
295 expired subject
296 expired subject[locale]
297 es
298 es[locale] Subject of the email sended to the users that
299 password/account has expired but is not inactive
300 (yet). Please don't set it longer than 50 character.
301 Supports LOCALIZATION and VARIABLES. Can't be epmty.
302
303 expired body
304 expired body[locale]
305 eb
306 eb[locale] Body of the email sended to the users that password/
307 account has expired but is not inactive (yet).
308 Supports LOCALIZATION and VARIABLES. Can't be epmty.
309
310 expired file
311 expired file[locale]
312 ef
313 ef[locale] File used for definition of mail subject and body.
314 See MAIL FILE for more informations.
315 Supports LOCALIZATION and VARIABLES.
316
317 date expired
318 warn date expired
319 Boolean. Warn users that have hard set expiration
320 date oftheir account. This is not enabled
321 by default.
322
323 ao
324 account days only
325 List of simple rules to match days, when mail with
326 expired account warning should be sent only.
327 See DAYS MATCHING section.
328 Default is '*' (every day).
329
330 account subject
331 account subject[locale]
332 as
333 as[locale] Subject of the email sended to the users that
334 account will date expire.
335 Please don't set it longer than 50 character.
336 Supports LOCALIZATION and VARIABLES. Can't be epmty.
337
338 account body
339 account body[locale]
340 ab
341 ab[locale] Body of the email sended to the users that will
342 date expire.
343 Supports LOCALIZATION and VARIABLES. Can't be epmty.
344
345 account file
346 account file[locale]
347 af
348 af[locale] File used for definition of mail subject and body.
349 See MAIL FILE for more informations.
350 Supports LOCALIZATION and VARIABLES.
351
352 mexpiring
353 mexpiring[locale]
354 meg
355 meg[locale] Message printed for expiring account in admin mode.
356 Supports LOCALIZATION and VARIABLES.
357
358 mexpired
359 mexpired[locale]
360 med
361 med[locale] Message printed for expired account in admin mode.
362 Supports LOCALIZATION and VARIABLES.
363
364 minactiving
365 minactiving[locale]
366 mig
367 mig[locale] Message printed for inactivating account in admin mode.
368 Supports LOCALIZATION and VARIABLES.
369
370 minactived
371 minactived[locale]
372 mid
373 mid[locale] Message printed for inactivated account in admin mode.
374 Supports LOCALIZATION and VARIABLES.
375
376 mdinactiving
377 mdinactiving[locale]
378 mdig
379 mdig[locale] Message printed for date inactivating account in admin mode.
380 Supports LOCALIZATION and VARIABLES.
381
382 mdinactived
383 mdinactived[locale]
384 mdid
385 mdid[locale] Message printed for date inactivated account in admin mode.
386 Supports LOCALIZATION and VARIABLES.
387
388 ----------------
389 - LOCALIZATION -
390 ----------------
391 Each sended message can be localized from the config file.
392 If you will use '[locale]' subscription, script will load value of
393 such a subscripted option only if 'locale' matches current locale, else
394 it will ignore it. You can also use wildcards (? and *) to match the locale.
395 Example:
396 warn body[de] = warn body[de_AT] = warn body [de_*] = ....
397 will match (any?) German locale. You can localize specialy for different
398 countries speaking the same language, you only need to specialize
399 locale (see example 'de_AT' will match german language in Austria).
400 PLEASE IF YOU LOCALIZE YOUR CONFIG FILE, SEND IT TO ME AND I WILL ADD IT TO
401 THE TARBALL SO OTHER USERS CAN ALSO USE IT. Thanks.
402
403 -----------------
404 - DAYS MATCHING -
405 -----------------
406
407 Using days matching you can define, when some action (like mail sending)
408 should be taken. The pattern is usualy matched to day value represented by
409 number. Multiple patterns can be defined split by gaps.
410 Badly formed patterns will be silently ignored, try enabling verbose mode to
411 se debug messages.
412
413 Patterns:
414
415 * - match anything
416 */N - match every N-th value
417 N-M - match values from N to M range
418 N- - match values grater then N
419 N - match N
420
421 Examples:
422 */3 - matches every 3rd value (3,6,9,12,...)
423 */7 - matches every 7th day (7,14,21..)
424 1-4 - matches 1,2,3,4
425 5- - matcher 5,6,7...infinite
426 3 - matches 3
427
428
429 -------------
430 - VARIABLES -
431 -------------
432 In some directives you can use internal variables that will be replaced
433 by their real value, that are specific for each user
434 NOTE: unknown/obsoleted variables will not be replaced !!!)
435
436 Including variables you've defined in config file via `define[]' directive
437 script also recognizes these (system) vars:
438
439 %recipient%, %user% = recipient username
440 %locale% = current locale
441 %user_name%, %username%,
442 %fullname% = recipient full name or username if not set
443 %email%, %mail_addr%,
444 %email_addr% = email of the user
445 %data[n]%, = raw data from the data module where `n' is
446 number of the record starting from 0
447 %userdata[n]%, %udata[n]% = special data from data module (see MODULES)
448 that can be used for evaluting own user
449 specific data in messages.
450 %expire_in%, %expire_days%,
451 %edays% = days account will/has been expired
452 %expire_date%, %edate% = date account will/has been expired
453 %inactive_in%, %inactive_days%,
454 %idays% = days account will be/has been inactived
455 %inactive_date%, %idate% = date account will be/has been inactived
456 %account_days%, %adays% = days account will be/has been date inactivated
457 %account_days%, %adate% = date account will/has been expired
458 %home_dir%, %homedir% = user home directory (OBSOLETED)
459 %deny_check%, %nocheck%,
460 %ignore_file% = filename defined by 'no check' directive (OBSOLETED)
461 %date%, %today% = current date ( weekday day name_of_month year)
462 %locale_date%, %ldate%,
463 %ltoday% = curent date as defines your locale
464 %time%, %now% = current time ( hour:minute:second )
465 %locale_time%, %ltime%,
466 %lnow% = current time as defines yours locale
467 %unix_time%, %utime% = seconds since Epoch ( Jan 1. 1970 )
468 %host%, %host_name%,
469 %hostname% = current host name (from uname)
470 %host_domain%, %domain% = host domain
471 %host_os%, %os% = your os (from uname, ie. Linux)
472 %host_osver%, %osver% = your os version (from uname, ie. 2.2.17)
473 %host_machine%, %machine%,
474 %host_arch%, %arch% = your machine (from uname, ie. Pentium 10 == i1086 ;-)
475 %agent% = passwd_exp alias (Password expiration agent)
476 %verion%, %ver% = passwd_exp version
477 %ustate% = see ADMIN MODE
478
479 + There are also `time' variables created on fly, via strftime() so you
480 can using them create your owen time `definitions'. There are four
481 groups of these variables, for:
482 1. Warning time (references time when user's password will/has expired)
483 objects: w, warn, warning
484 2. Expired time (references time when user's account will be inactivated)
485 objects: e, expire
486 3. Date expired time (references time when user's account will be date inactivated)
487 objects: a, account
488 4. Current time (references current time)
489 objects: c, curr, current
490 You can dereference their specific time representation using '_','.','->'
491 or '=>' operators (it's just like objects ;-) and various conversion
492 specifiers that uses strftime (without leading '%').
493 Examples:
494 %warn->A% - get full name of weekday when user's passwd. expires
495 %expire->Y% - (full) year when user's account inactivates.
496 %c->c% - preferred datetime presentation of now()
497 .... (see `man 3 strftime' or `date --help')
498 + it evalues backslash-escaped characters like perl does including wide
499 char hex char (UNICODE)
500 (ie. \t,\n,\r,\a, \xAB, \x{263a}...etc)
501 + evalutes enviroment variables (ie. $USER, ${USER}...etc)
502
503
504 -------------
505 - MAIL FILE -
506 -------------
507
508 Mail file can be used for defining subject and body of sended mail.
509 Filename can be either absolute or relative. Relative files will be searched
510 in these paths:
511 /etc/passwd_exp/mail
512 ${prefix}/share/mail (prefix is usualy /usr/local)
513 Well. There is a little bonus. You can use any variable in filename defined for
514 mail file. This way you can easily define dynamic filenames based on user name or
515 day of week or anything...
516
517 File format is very easy:
518 - first line defines mail subject
519 - rest of lines will be used for mail body. Dot only line (line with
520 `.' dot only) will also be threated as end of body definition.
521
522
523 ---------------------------------
524 - MODULES (for module creators) -
525 ---------------------------------
526 passwd_exp now uses external executable module to gather user list
527 data. It should be a standard executable (no mather what is it, bash script
528 C binary or whatever) that prints its record list to STDOUT (one record per
529 line !!!). Distribution modules currently resides in ....share/passwd_exp/mod (or similar)
530 directory (aka $MODULE_DIR).
531
532 Here is record format (fields):
533 u_name - user name
534 u_fullname - user full name
535 u_email - user email (possibly here can be more recipients set)
536 t_expire_date - expire days
537 t_disable_date - date of dissable in days
538 d_warn_days - warning days
539 d_inactive_days - inactive days
540 s_nosend - user nosend bit (0/1)
541 * - special fields separator
542 .... - your's fields
543
544 Fields are separated by `:'. You can add your own fields that will be avaible in
545 messages via `%userdata[n]%' or `%udata[n]%' arrays (where n is it's position
546 from the special separator starting 0). Remember, these fields should be separated
547 from the above ones by field containing '*' char, or you will get in trouble when
548 format changes !!!
549 You can also access all data via `%data[n]' array (almost for debuging purposes).
550
551 NOTE: modules are searched in restricted PATH with passwd_exp module dir
552 prefered. This also means you can use ie. `cat' as a module for
553 reading user list data from STDIN :)))
554
555 PATH=$MODULE_DIR:/sbin:/usr/sbin:/usr/local/sbin:/usr/bin:/bin:/usr/local/bin
556 -- path is defined like this purely for SECURITY REASONS
557
558
559
560 #EOF (c) by UN*X 1970-$EOD (End of Days) [ EOD (c) by God ]