summaryrefslogtreecommitdiffstats
path: root/bin
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2012-01-12 11:21:20 +0100
committerNatanael Copa <ncopa@alpinelinux.org>2012-01-12 15:19:26 +0100
commitdc844284d7fa60be2adc8ab93a03097474af90f8 (patch)
tree4a294dce3c317977dbc9096086c643b471f05809 /bin
parent61444c20122bd7b91ffaf568a2bcf69cc36fd63e (diff)
downloadacf-core-dc844284d7fa60be2adc8ab93a03097474af90f8.tar.bz2
acf-core-dc844284d7fa60be2adc8ab93a03097474af90f8.tar.xz
acfpasswd: new tool to set passwords from comman line
This tool allows users to set/reset an ACF password from command line. It also allows user to syncronize the ACF password with the system password so the ACF password becomes same as shell login password. This requires that the username exists in both /etc/acf/passwd and /etc/shadow
Diffstat (limited to 'bin')
-rw-r--r--bin/Makefile5
-rw-r--r--bin/acfpasswd79
2 files changed, 81 insertions, 3 deletions
diff --git a/bin/Makefile b/bin/Makefile
index 77158af..5b59fbf 100644
--- a/bin/Makefile
+++ b/bin/Makefile
@@ -1,6 +1,6 @@
include ../config.mk
-BIN_DIST=acf_cli\
+BIN_DIST=acf_cli acfpasswd
EXTRA_DIST=Makefile
DISTFILES=$(BIN_DIST) $(EXTRA_DIST)
@@ -28,8 +28,7 @@ install:
mkdir -p $(install_dir)
for i in $(BIN_DIST); do\
dest=`dirname "$(install_dir)/$$i"`;\
- mkdir -p "$$dest";\
- cp "$$i" "$$dest";\
+ install -Dm755 "$$i" "$$dest"/$$i ;\
done
chmod 700 $(install_dir)/acf_cli
diff --git a/bin/acfpasswd b/bin/acfpasswd
new file mode 100644
index 0000000..677b83c
--- /dev/null
+++ b/bin/acfpasswd
@@ -0,0 +1,79 @@
+#!/bin/sh
+
+# tool for managing the ACF passwords
+
+passwdfile=${ACFPASSWD:-/etc/acf/passwd}
+shadow=${SHADOW:-/etc/shadow}
+
+usage() {
+ echo "usage: acfpasswd [-s] USER"
+ echo ""
+ exit 1
+}
+
+die() {
+ echo "$@" >&2
+ exit 1
+}
+
+find_user_or_die() {
+ local user="$1"
+ grep -q "^${user}:" "$passwdfile" \
+ || die "user '$user' was not found in $passwdfile"
+}
+
+set_pw_hash() {
+ local user="$1"
+ local pwhash="$2"
+ # use : as sed separator since its guaranteed to no be valid in shadow
+ sed -i -e "s:^${user}\:[^\:]*\::${user}\:${pwhash}\::" "$passwdfile"
+}
+
+syncpasswd() {
+ local user="$1"
+ local pwhash=$(awk -F: -v user="$user" '$1 == user { print $2 }' \
+ $shadow) || exit
+ find_user_or_die "$user"
+ [ -z "$pwhash" ] && die "user '$user' was not found in $shadow"
+ set_pw_hash "$user" "$pwhash"
+ exit
+}
+
+sync_with_system=
+while getopts "hs" opt; do
+ case "$opt" in
+ h) usage;;
+ s) sync_with_system=yes;;
+ esac
+done
+
+shift $(($OPTIND - 1))
+
+user="$1"
+[ -z "$user" ] && usage
+
+[ -n "$sync_with_system" ] && syncpasswd "$user"
+
+# set password for given user
+find_user_or_die "$user"
+tries=0
+while true; do
+ echo -n "Enter new ACF password for $user (will not echo): "
+ hash=$(mkpasswd -m sha | tail -n1)
+ salt=$(echo "$hash" | cut -d$ -f3)
+ echo ""
+ echo -n "Re-enter the ACF password (will not echo): "
+ hash2=$(mkpasswd -S "$salt" -m sha | tail -n1)
+ echo ""
+ [ "$hash" = "$hash2" ] && break
+ echo -n "The entered passwords does not match. "
+ tries=$(( $tries + 1))
+ if [ $tries -gt 3 ]; then
+ die "ACF password was NOT changed"
+ else
+ echo "Please try again."
+ fi
+done
+
+set_pw_hash "$user" "$hash" && echo "ACF password for $user was changed."
+