summaryrefslogtreecommitdiffstats
path: root/testauth.lua
diff options
context:
space:
mode:
Diffstat (limited to 'testauth.lua')
-rw-r--r--testauth.lua52
1 files changed, 52 insertions, 0 deletions
diff --git a/testauth.lua b/testauth.lua
new file mode 100644
index 0000000..67d703a
--- /dev/null
+++ b/testauth.lua
@@ -0,0 +1,52 @@
+#!/usr/bin/lua
+
+--[[
+
+test authenticate
+
+* If user exist in acf db and passwd field is not 'x' then use this password.
+
+* If user exist in acf db and passwd field is 'x' then use password hash in
+ /etc/shadow.
+
+* If user does not exit in acf db, then authenticate against /etc/shadow
+ If success then create new user with no roles in acf db.
+
+]]--
+
+shadow = require("auth.shadow")
+acfdb = require("auth.acfpasswd")
+
+user = arg[1]
+entry, errmsg = acfdb.getent(user)
+
+authenticate = acfdb.authenticate
+if entry == nil then
+ print("Failed to read user '"..user.."' in "..acfdb.file)
+ if not shadow.getent(user) then
+ print("Faild to read user in "..shadow.file)
+ -- We could fallback to ldap, imaps or similar here
+ return 1
+ end
+ authenticate = shadow.authenticate
+elseif entry.passwd == "x" then
+ -- if passwd field is set to 'x' it means we use password in shadow
+ authenticate = shadow.authenticate
+end
+
+io.write("Enter password (WARNING: will echo): ")
+passwd = io.read("*line")
+
+if not authenticate(user, passwd) then
+ print("Authentication failed")
+ return 1
+end
+
+print("User "..user.." is authenticated")
+if entry == nil then
+ print("A new account should be created here")
+ -- passwd = confirm_password(passwd)
+ -- acfdb.setent(user, passwd, "New User", "NEWUSER")
+end
+
+