1 files changed, 79 insertions, 0 deletions

diff --git a/bin/acfpasswd b/bin/acfpasswd
new file mode 100644
index 0000000..677b83c
--- /dev/null
+++ b/bin/acfpasswd
@@ -0,0 +1,79 @@
+#!/bin/sh
+
+# tool for managing the ACF passwords
+
+passwdfile=${ACFPASSWD:-/etc/acf/passwd}
+shadow=${SHADOW:-/etc/shadow}
+
+usage() {
+	echo "usage: acfpasswd [-s] USER"
+	echo ""
+	exit 1
+}
+
+die() {
+	echo "$@" >&2
+	exit 1
+}
+
+find_user_or_die() {
+	local user="$1"
+	grep -q "^${user}:" "$passwdfile" \
+		|| die "user '$user' was not found in $passwdfile"
+}
+
+set_pw_hash() {
+	local user="$1"
+	local pwhash="$2"
+	# use : as sed separator since its guaranteed to no be valid in shadow
+	sed -i -e "s:^${user}\:[^\:]*\::${user}\:${pwhash}\::" "$passwdfile"
+}
+
+syncpasswd() {
+	local user="$1"
+	local pwhash=$(awk -F: -v user="$user" '$1 == user { print $2 }' \
+			$shadow) || exit
+	find_user_or_die "$user"
+	[ -z "$pwhash" ] && die "user '$user' was not found in $shadow"
+	set_pw_hash "$user" "$pwhash"
+	exit
+}
+
+sync_with_system=
+while getopts "hs" opt; do
+	case "$opt" in
+	h) usage;;
+	s) sync_with_system=yes;;
+	esac
+done
+
+shift $(($OPTIND - 1))
+
+user="$1"
+[ -z "$user" ] && usage
+
+[ -n "$sync_with_system" ] && syncpasswd "$user"
+
+# set password for given user
+find_user_or_die "$user"
+tries=0
+while true; do
+	echo -n "Enter new ACF password for $user (will not echo): "
+	hash=$(mkpasswd -m sha | tail -n1)
+	salt=$(echo "$hash" | cut -d$ -f3)
+	echo ""
+	echo -n "Re-enter the ACF password (will not echo): "
+	hash2=$(mkpasswd -S "$salt" -m sha | tail -n1)
+	echo ""
+	[ "$hash" = "$hash2" ] && break
+	echo -n "The entered passwords does not match. "
+	tries=$(( $tries + 1))
+	if [ $tries -gt 3 ]; then
+		die "ACF password was NOT changed"
+	else
+		echo "Please try again."
+	fi
+done
+
+set_pw_hash "$user" "$hash" && echo "ACF password for $user was changed."
+