diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2012-01-12 11:21:20 +0100 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-01-12 15:19:26 +0100 |
commit | dc844284d7fa60be2adc8ab93a03097474af90f8 (patch) | |
tree | 4a294dce3c317977dbc9096086c643b471f05809 /bin | |
parent | 61444c20122bd7b91ffaf568a2bcf69cc36fd63e (diff) | |
download | acf-core-dc844284d7fa60be2adc8ab93a03097474af90f8.tar.bz2 acf-core-dc844284d7fa60be2adc8ab93a03097474af90f8.tar.xz |
acfpasswd: new tool to set passwords from comman line
This tool allows users to set/reset an ACF password from command line.
It also allows user to syncronize the ACF password with the system
password so the ACF password becomes same as shell login password. This
requires that the username exists in both /etc/acf/passwd and /etc/shadow
Diffstat (limited to 'bin')
-rw-r--r-- | bin/Makefile | 5 | ||||
-rw-r--r-- | bin/acfpasswd | 79 |
2 files changed, 81 insertions, 3 deletions
diff --git a/bin/Makefile b/bin/Makefile index 77158af..5b59fbf 100644 --- a/bin/Makefile +++ b/bin/Makefile @@ -1,6 +1,6 @@ include ../config.mk -BIN_DIST=acf_cli\ +BIN_DIST=acf_cli acfpasswd EXTRA_DIST=Makefile DISTFILES=$(BIN_DIST) $(EXTRA_DIST) @@ -28,8 +28,7 @@ install: mkdir -p $(install_dir) for i in $(BIN_DIST); do\ dest=`dirname "$(install_dir)/$$i"`;\ - mkdir -p "$$dest";\ - cp "$$i" "$$dest";\ + install -Dm755 "$$i" "$$dest"/$$i ;\ done chmod 700 $(install_dir)/acf_cli diff --git a/bin/acfpasswd b/bin/acfpasswd new file mode 100644 index 0000000..677b83c --- /dev/null +++ b/bin/acfpasswd @@ -0,0 +1,79 @@ +#!/bin/sh + +# tool for managing the ACF passwords + +passwdfile=${ACFPASSWD:-/etc/acf/passwd} +shadow=${SHADOW:-/etc/shadow} + +usage() { + echo "usage: acfpasswd [-s] USER" + echo "" + exit 1 +} + +die() { + echo "$@" >&2 + exit 1 +} + +find_user_or_die() { + local user="$1" + grep -q "^${user}:" "$passwdfile" \ + || die "user '$user' was not found in $passwdfile" +} + +set_pw_hash() { + local user="$1" + local pwhash="$2" + # use : as sed separator since its guaranteed to no be valid in shadow + sed -i -e "s:^${user}\:[^\:]*\::${user}\:${pwhash}\::" "$passwdfile" +} + +syncpasswd() { + local user="$1" + local pwhash=$(awk -F: -v user="$user" '$1 == user { print $2 }' \ + $shadow) || exit + find_user_or_die "$user" + [ -z "$pwhash" ] && die "user '$user' was not found in $shadow" + set_pw_hash "$user" "$pwhash" + exit +} + +sync_with_system= +while getopts "hs" opt; do + case "$opt" in + h) usage;; + s) sync_with_system=yes;; + esac +done + +shift $(($OPTIND - 1)) + +user="$1" +[ -z "$user" ] && usage + +[ -n "$sync_with_system" ] && syncpasswd "$user" + +# set password for given user +find_user_or_die "$user" +tries=0 +while true; do + echo -n "Enter new ACF password for $user (will not echo): " + hash=$(mkpasswd -m sha | tail -n1) + salt=$(echo "$hash" | cut -d$ -f3) + echo "" + echo -n "Re-enter the ACF password (will not echo): " + hash2=$(mkpasswd -S "$salt" -m sha | tail -n1) + echo "" + [ "$hash" = "$hash2" ] && break + echo -n "The entered passwords does not match. " + tries=$(( $tries + 1)) + if [ $tries -gt 3 ]; then + die "ACF password was NOT changed" + else + echo "Please try again." + fi +done + +set_pw_hash "$user" "$hash" && echo "ACF password for $user was changed." + |