diff options
| -rw-r--r-- | bin/Makefile | 5 | ||||
| -rw-r--r-- | bin/acfpasswd | 79 |
2 files changed, 81 insertions, 3 deletions
diff --git a/bin/Makefile b/bin/Makefile index 77158af..5b59fbf 100644 --- a/bin/Makefile +++ b/bin/Makefile @@ -1,6 +1,6 @@ include ../config.mk -BIN_DIST=acf_cli\ +BIN_DIST=acf_cli acfpasswd EXTRA_DIST=Makefile DISTFILES=$(BIN_DIST) $(EXTRA_DIST) @@ -28,8 +28,7 @@ install: mkdir -p $(install_dir) for i in $(BIN_DIST); do\ dest=`dirname "$(install_dir)/$$i"`;\ - mkdir -p "$$dest";\ - cp "$$i" "$$dest";\ + install -Dm755 "$$i" "$$dest"/$$i ;\ done chmod 700 $(install_dir)/acf_cli diff --git a/bin/acfpasswd b/bin/acfpasswd new file mode 100644 index 0000000..677b83c --- /dev/null +++ b/bin/acfpasswd @@ -0,0 +1,79 @@ +#!/bin/sh + +# tool for managing the ACF passwords + +passwdfile=${ACFPASSWD:-/etc/acf/passwd} +shadow=${SHADOW:-/etc/shadow} + +usage() { + echo "usage: acfpasswd [-s] USER" + echo "" + exit 1 +} + +die() { + echo "$@" >&2 + exit 1 +} + +find_user_or_die() { + local user="$1" + grep -q "^${user}:" "$passwdfile" \ + || die "user '$user' was not found in $passwdfile" +} + +set_pw_hash() { + local user="$1" + local pwhash="$2" + # use : as sed separator since its guaranteed to no be valid in shadow + sed -i -e "s:^${user}\:[^\:]*\::${user}\:${pwhash}\::" "$passwdfile" +} + +syncpasswd() { + local user="$1" + local pwhash=$(awk -F: -v user="$user" '$1 == user { print $2 }' \ + $shadow) || exit + find_user_or_die "$user" + [ -z "$pwhash" ] && die "user '$user' was not found in $shadow" + set_pw_hash "$user" "$pwhash" + exit +} + +sync_with_system= +while getopts "hs" opt; do + case "$opt" in + h) usage;; + s) sync_with_system=yes;; + esac +done + +shift $(($OPTIND - 1)) + +user="$1" +[ -z "$user" ] && usage + +[ -n "$sync_with_system" ] && syncpasswd "$user" + +# set password for given user +find_user_or_die "$user" +tries=0 +while true; do + echo -n "Enter new ACF password for $user (will not echo): " + hash=$(mkpasswd -m sha | tail -n1) + salt=$(echo "$hash" | cut -d$ -f3) + echo "" + echo -n "Re-enter the ACF password (will not echo): " + hash2=$(mkpasswd -S "$salt" -m sha | tail -n1) + echo "" + [ "$hash" = "$hash2" ] && break + echo -n "The entered passwords does not match. " + tries=$(( $tries + 1)) + if [ $tries -gt 3 ]; then + die "ACF password was NOT changed" + else + echo "Please try again." + fi +done + +set_pw_hash "$user" "$hash" && echo "ACF password for $user was changed." + |