This is an old guide I wrote many years ago (2001). It will allow you to change your mailbox password using Neomail on Cobalt Raqs. Don’t try this at home.
########## Password change for Neomail #################################################
## Requirements: chpasswd and a running copy of Neomail (http://neomail.sourceforge.net)
## Additional: A lot of patience!
## Installation notes: Make sure you have some coffee and smokes ;)
##
##
## This little patch generates 2/3 fields in the prefs page that will allow certain
## user to change their passwords. Before it makes any changes it will validate:
## - If user is allowed to change his/her password
## - If current password is the same as the new password (* Paranoid Mode)
## - If new passwords match
## - If new password is on certain range of characters
## - For a Double current password check (* Paranoid Mode)
##
## * Paranoid Mode: This mode enables 3 fields instead of 2, the 1st will be for
## the current password, the 2nd will be for the new password and the 3rd will
## be for the new password confirmation. This is not really necesary because if
## the user is logged we don't need to re-check for his/her password but... I'm
## pretty sure some people will love this. To enable just uncomment all the lines
## that say "uncomment".
##
## TODO:
## - Check for dangerous characters (really needed?).
## - Add a re-login before password change (ultra-paranoid)
## - Implement patch for newer Neomail versions
## - Any ideas?
##
## Now you can star playing with your Neomail, remember first to make some backup
## of your original files. It was tested on servers Cobalt Raq3, Cobalt Raq4,
## Red Hat 7.1 all running Neomail 1.25
##
## Sweet Dreams! :)
########################################################################
########## prefs.template ##########
## Line: 41 aprox...
## Description: try to don't mess with html tags, it looks complicated
## but it's really easy ;)
width="75">
Change Password:
@@@PASSFIELDS@@@
########## END ##########
########### neomail-prefs.pl ##########
## Line: 250 aprox...
## Description: when you see the comment "#no action has been taken, display
## prefs page", means that the script will show the default content for preferences
## and you should put this form fields according to your changes made on the
## prefs.template
$temphtml = '';
## Uncomment this lines if you are paranoid ;) also you'll need to uncomment
## all the lines that say "uncomment"
#$temphtml .= textfiedl(-name=>'cpass',
# -size=>'15',
# -override=>'1');
#
#$temphtml .= " $lang_text{'current_password'}";
$temphtml .= textfiedl(-name=>'pass1',
-size=>'15',
-override=>'1');
$temphtml .= " $lang_text{'new_password1'}";
$temphtml .= textfiedl(-name=>'pass2',
-size=>'15',
-override=>'1');
$temphtml .= " $lang_text{'new_password2'}";
$html =~ s/\@\@\@PASSFIELDS\@\@\@/$temphtml/;
########## END ##########
########## neomail-prefs.pl ##########
## Line: 947 aprox...
## Description: This is where we'll put the main password engine, it should be
## located before the script opens the prefssaved.template , why? easy, cause
## it has a higher priority the user's data, then if everything it's ok it'll
## try to change the user's password, and if some error occurs after that the
## script will show a message like "User prefs saved but couldn't change the
## user's password"... nice isn't it?
## Uncomment this line again! only if you uncommented the first one
#my $cpass = param("cpass1");
my $pass1 = param("pass1");
my $pass2 = param("pass2");
## I forgot "if user didn't want to change pass"
if ( ($cpass ne "") && ($pass1 ne "") && ($pass2 ne "") ) {
## Fields where filled, so we will change password
## Same, just uncomment...
#($cpass =~ /^(.+)$/) && ($cpass = $1);
($pass1 =~ /^(.+)$/) && ($pass1 = $1);
($pass2 =~ /^(.+)$/) && ($pass2 = $1);
foreach (@notallowed) {
if ($_ eq $user) {
writelog("USER $user IS NOT ALLOWED TO CHANGE PASSWORD");
neomailerror ("$lang_err{'nouserallowed'}");
}
}
## Uncomment ...
#if ($pass1 eq $cpass) {
# writelog("USER $user SAME PASSWORDS");
# neomailerror ("$lang_err{'samepass'}");
#}
if ($pass1 ne $pass2) {
writelog("USER $user NEW PASSWORDS MISMATCH");
neomailerror ("$lang_err{'passmismatch'}");
}
if (length($pass1) < $minchar) {
writelog("USER $user PASSWORD CONTAINS LESS THAN $minchar CHARS");
neomailerror ("$lang_err{'passmin'}");
}
if (length($pass1) > $maxchar) {
writelog("USER $user PASSWORD CONTAINS MORE THAN $maxchar CHARS");
neomailerror ("$lang_err{'passmax'}");
}
## Uncomment...
#if ( ( -x "$neomaildir/checklogin.pl" ) &&
# (eval { open (CHECKLOGIN,"| $neomaildir/checklogin.pl");
# print CHECKLOGIN "$passwdfile\n";
# print CHECKLOGIN "$user\n";
# print CHECKLOGIN "$cpass\n";
# close (CHECKLOGIN);
# }
# )
# ) {
srand();
$pass1 = crypt($pass1, $realsalt);
open (CHPASS,"| $chpasswdcmd -e") or
neomailerror("$lang_err{'passcmdnotfound'}");
print CHPASS "$user:$pass1\n";
close (CHPASS);
## We are done! weeee
## Uncomment...
# }
#
#else { ## Password Incorrect
# writelog("invalid password change attempt for username=$user");
# neomailerror ("$lang_err{'passfail'}");
#}
}
########## END ##########
########## /lang/eng ##########
## Line: %lang_text and %lang_err
## Description: Custom texts for this patch
## Add this new messages to %lang_text
current_password => 'Current Password',
## Contraseña Actual (Spanish)
new_password1 => 'New Password',
## Contraseña Nueva (Spanish)
new_password2 => 'New Password Confirmation',
## Confirmación de Contraseña Nueva (Spanish)
## Add this new messages to %lang_err
nouserallowed => 'You are not allowed to change your password!',
## No está permitido que cambies tu contraseña (Spanish)
samepass => 'The current password and the new password are the same!',
## La contraseña actual y la nueva son iguales!
passmismatch => 'New passwords need to be equal!',
## Las contraseñas nuevas tienen que ser iguales!
passmin => 'Passwords too small are insecure!',
## Contraseñas pequeñas son inseguras!
passmax => 'Password too large!',
## Contraseña muy larga!
passfail => 'Current Password INCORRECT!',
## Contraseña actual INCORRECTA!
passcmdnotfound=> 'chpasswd was not found on the system!',
## chpasswd no se encontró en el sistema!
########## END ##########
## Line: Bottom of the file before the 1;
## Description: Some variables that will help this little patch to work
## notallowed - A list of users that wont be able to change their passwords for
## security reasons
@notallowed = qw( root bin daemon adm lp sync shutdown halt mail news uucp
operator games gopher ftp nobody xfs gdm postgres squid );
## chpasswdcmd - Update password file in batch, more info 'man chpasswd'
$chpasswdcmd = '/usr/sbin/chpasswd';
## minchar and maxchar - Minimun and Maximun numbers of chars for new
## password changes
$minchar = 5;
$maxchar = 12;
## realsalt - This is the last used to crypt new passwords, any other ideas?
$realsalt = ('a'..'z','A'..'Z',0..9)[rand(62)] . ('a'..'z','A'..'Z',0..9)[rand(62)];
########## END ##########
Thats all folks! hope you enjoy hacking your Neomail's code, remember I'm not responsable
for any damage caused by this patch, use it at your own risk, and if you find any bugs
or better ways to do this just send me an email: xux@staff.mirc.com.mx