From a55d954939799cd35efffa896cebaa17d7393e7f Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Thu, 12 Jan 2012 11:21:20 +0100 Subject: [PATCH] acfpasswd: new tool to set passwords from comman line This tool allows users to set/reset an ACF password from command line. It also allows user to syncronize the ACF password with the system password so the ACF password becomes same as shell login password. This requires that the username exists in both /etc/acf/passwd and /etc/shadow diff --git a/bin/acfpasswd b/bin/acfpasswd new file mode 100644 index 0000000..e25b966 --- /dev/null +++ b/bin/acfpasswd @@ -0,0 +1,79 @@ +#!/bin/sh + +# tool for managing the ACF passwords + +passwdfile=${ACFPASSWD:-/etc/acf/passwd} +shadow=${SHADOW:-/etc/shadow} + +usage() { + echo "usage: acfpasswd [-s] USER" + echo "" + exit 1 +} + +die() { + echo "$@" >&2 + exit 1 +} + +find_user_or_die() { + local user="$1" + grep -q "^${user}:" "$passwdfile" \ + || die "user '$user' was not found in $passwdfile" +} + +set_pw_hash() { + local user="$1" + local pwhash="$2" + # use : as sed separator since its guaranteed to no be valid in shadow + sed -i -e "s:^${user}\:[^\:]*\::${user}\:${pwhash}\::" "$passwdfile" +} + +syncpasswd() { + local user="$1" + local pwhash=$(awk -F: -v user="$user" '$1 == user { print $2 }' \ + $shadow) || exit + find_user_or_die "$user" + [ -z "$pwhash" ] && die "user '$user' was not found in $shadow" + set_pw_hash "$user" "$pwhash" + exit +} + +sync_with_system= +while getopts "hs" opt; do + case "$opt" in + h) usage;; + s) sync_with_system=yes;; + esac +done + +shift $(($OPTIND - 1)) + +user="$1" +[ -z "$user" ] && usage + +[ -n "$sync_with_system" ] && syncpasswd "$user" + +# set password for given user +find_user_or_die "$user" +tries=0 +while true; do + echo -n "Enter new ACF password for $user (will not echo): " + hash=$(mkpasswd -m sha | tail -n1) + salt=$(echo "$hash" | cut -d$ -f3) + echo "" + echo -n "Re-enter the ACF password (will not echo): " + hash2=$(mkpasswd -S "$salt" -m sha | tail -n1) + echo "" + [ "$hash" = "$hash2" ] && break + echo -n "The entered passwords does not match. " + tries=$(( $tries + 1)) + if [ $tries -gt 3 ]; then + die "ACF password was NOT changed" + else + echo "Please try again." + fi +done + +set_pw_hash "$user" "$hash" && echo "ACF password for $user was changed." + -- 1.7.8.2