diff options
Diffstat (limited to 'testauth.lua')
-rw-r--r-- | testauth.lua | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/testauth.lua b/testauth.lua new file mode 100644 index 0000000..67d703a --- /dev/null +++ b/testauth.lua @@ -0,0 +1,52 @@ +#!/usr/bin/lua + +--[[ + +test authenticate + +* If user exist in acf db and passwd field is not 'x' then use this password. + +* If user exist in acf db and passwd field is 'x' then use password hash in + /etc/shadow. + +* If user does not exit in acf db, then authenticate against /etc/shadow + If success then create new user with no roles in acf db. + +]]-- + +shadow = require("auth.shadow") +acfdb = require("auth.acfpasswd") + +user = arg[1] +entry, errmsg = acfdb.getent(user) + +authenticate = acfdb.authenticate +if entry == nil then + print("Failed to read user '"..user.."' in "..acfdb.file) + if not shadow.getent(user) then + print("Faild to read user in "..shadow.file) + -- We could fallback to ldap, imaps or similar here + return 1 + end + authenticate = shadow.authenticate +elseif entry.passwd == "x" then + -- if passwd field is set to 'x' it means we use password in shadow + authenticate = shadow.authenticate +end + +io.write("Enter password (WARNING: will echo): ") +passwd = io.read("*line") + +if not authenticate(user, passwd) then + print("Authentication failed") + return 1 +end + +print("User "..user.." is authenticated") +if entry == nil then + print("A new account should be created here") + -- passwd = confirm_password(passwd) + -- acfdb.setent(user, passwd, "New User", "NEWUSER") +end + + |