blob: 405ff0c667c0b899eda077ef2db96f2853c953b1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
From a55d954939799cd35efffa896cebaa17d7393e7f Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Thu, 12 Jan 2012 11:21:20 +0100
Subject: [PATCH] acfpasswd: new tool to set passwords from comman line
This tool allows users to set/reset an ACF password from command line.
It also allows user to syncronize the ACF password with the system
password so the ACF password becomes same as shell login password. This
requires that the username exists in both /etc/acf/passwd and /etc/shadow
diff --git a/bin/acfpasswd b/bin/acfpasswd
new file mode 100644
index 0000000..e25b966
--- /dev/null
+++ b/bin/acfpasswd
@@ -0,0 +1,79 @@
+#!/bin/sh
+
+# tool for managing the ACF passwords
+
+passwdfile=${ACFPASSWD:-/etc/acf/passwd}
+shadow=${SHADOW:-/etc/shadow}
+
+usage() {
+ echo "usage: acfpasswd [-s] USER"
+ echo ""
+ exit 1
+}
+
+die() {
+ echo "$@" >&2
+ exit 1
+}
+
+find_user_or_die() {
+ local user="$1"
+ grep -q "^${user}:" "$passwdfile" \
+ || die "user '$user' was not found in $passwdfile"
+}
+
+set_pw_hash() {
+ local user="$1"
+ local pwhash="$2"
+ # use : as sed separator since its guaranteed to no be valid in shadow
+ sed -i -e "s:^${user}\:[^\:]*\::${user}\:${pwhash}\::" "$passwdfile"
+}
+
+syncpasswd() {
+ local user="$1"
+ local pwhash=$(awk -F: -v user="$user" '$1 == user { print $2 }' \
+ $shadow) || exit
+ find_user_or_die "$user"
+ [ -z "$pwhash" ] && die "user '$user' was not found in $shadow"
+ set_pw_hash "$user" "$pwhash"
+ exit
+}
+
+sync_with_system=
+while getopts "hs" opt; do
+ case "$opt" in
+ h) usage;;
+ s) sync_with_system=yes;;
+ esac
+done
+
+shift $(($OPTIND - 1))
+
+user="$1"
+[ -z "$user" ] && usage
+
+[ -n "$sync_with_system" ] && syncpasswd "$user"
+
+# set password for given user
+find_user_or_die "$user"
+tries=0
+while true; do
+ echo -n "Enter new ACF password for $user (will not echo): "
+ hash=$(mkpasswd -m sha | tail -n1)
+ salt=$(echo "$hash" | cut -d$ -f3)
+ echo ""
+ echo -n "Re-enter the ACF password (will not echo): "
+ hash2=$(mkpasswd -S "$salt" -m sha | tail -n1)
+ echo ""
+ [ "$hash" = "$hash2" ] && break
+ echo -n "The entered passwords does not match. "
+ tries=$(( $tries + 1))
+ if [ $tries -gt 3 ]; then
+ die "ACF password was NOT changed"
+ else
+ echo "Please try again."
+ fi
+done
+
+set_pw_hash "$user" "$hash" && echo "ACF password for $user was changed."
+
--
1.7.8.2
|