blob: 67d703a95c7ae719a453452bb39c6658c91cb197 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
#!/usr/bin/lua
--[[
test authenticate
* If user exist in acf db and passwd field is not 'x' then use this password.
* If user exist in acf db and passwd field is 'x' then use password hash in
/etc/shadow.
* If user does not exit in acf db, then authenticate against /etc/shadow
If success then create new user with no roles in acf db.
]]--
shadow = require("auth.shadow")
acfdb = require("auth.acfpasswd")
user = arg[1]
entry, errmsg = acfdb.getent(user)
authenticate = acfdb.authenticate
if entry == nil then
print("Failed to read user '"..user.."' in "..acfdb.file)
if not shadow.getent(user) then
print("Faild to read user in "..shadow.file)
-- We could fallback to ldap, imaps or similar here
return 1
end
authenticate = shadow.authenticate
elseif entry.passwd == "x" then
-- if passwd field is set to 'x' it means we use password in shadow
authenticate = shadow.authenticate
end
io.write("Enter password (WARNING: will echo): ")
passwd = io.read("*line")
if not authenticate(user, passwd) then
print("Authentication failed")
return 1
end
print("User "..user.." is authenticated")
if entry == nil then
print("A new account should be created here")
-- passwd = confirm_password(passwd)
-- acfdb.setent(user, passwd, "New User", "NEWUSER")
end
|