summaryrefslogtreecommitdiffstats
path: root/bin/acfpasswd
diff options
context:
space:
mode:
Diffstat (limited to 'bin/acfpasswd')
-rw-r--r--bin/acfpasswd79
1 files changed, 79 insertions, 0 deletions
diff --git a/bin/acfpasswd b/bin/acfpasswd
new file mode 100644
index 0000000..677b83c
--- /dev/null
+++ b/bin/acfpasswd
@@ -0,0 +1,79 @@
+#!/bin/sh
+
+# tool for managing the ACF passwords
+
+passwdfile=${ACFPASSWD:-/etc/acf/passwd}
+shadow=${SHADOW:-/etc/shadow}
+
+usage() {
+ echo "usage: acfpasswd [-s] USER"
+ echo ""
+ exit 1
+}
+
+die() {
+ echo "$@" >&2
+ exit 1
+}
+
+find_user_or_die() {
+ local user="$1"
+ grep -q "^${user}:" "$passwdfile" \
+ || die "user '$user' was not found in $passwdfile"
+}
+
+set_pw_hash() {
+ local user="$1"
+ local pwhash="$2"
+ # use : as sed separator since its guaranteed to no be valid in shadow
+ sed -i -e "s:^${user}\:[^\:]*\::${user}\:${pwhash}\::" "$passwdfile"
+}
+
+syncpasswd() {
+ local user="$1"
+ local pwhash=$(awk -F: -v user="$user" '$1 == user { print $2 }' \
+ $shadow) || exit
+ find_user_or_die "$user"
+ [ -z "$pwhash" ] && die "user '$user' was not found in $shadow"
+ set_pw_hash "$user" "$pwhash"
+ exit
+}
+
+sync_with_system=
+while getopts "hs" opt; do
+ case "$opt" in
+ h) usage;;
+ s) sync_with_system=yes;;
+ esac
+done
+
+shift $(($OPTIND - 1))
+
+user="$1"
+[ -z "$user" ] && usage
+
+[ -n "$sync_with_system" ] && syncpasswd "$user"
+
+# set password for given user
+find_user_or_die "$user"
+tries=0
+while true; do
+ echo -n "Enter new ACF password for $user (will not echo): "
+ hash=$(mkpasswd -m sha | tail -n1)
+ salt=$(echo "$hash" | cut -d$ -f3)
+ echo ""
+ echo -n "Re-enter the ACF password (will not echo): "
+ hash2=$(mkpasswd -S "$salt" -m sha | tail -n1)
+ echo ""
+ [ "$hash" = "$hash2" ] && break
+ echo -n "The entered passwords does not match. "
+ tries=$(( $tries + 1))
+ if [ $tries -gt 3 ]; then
+ die "ACF password was NOT changed"
+ else
+ echo "Please try again."
+ fi
+done
+
+set_pw_hash "$user" "$hash" && echo "ACF password for $user was changed."
+