#---------------------------------------------------------------------------- # /var/lib/*/passwdlib - Password library # # Creation : 2013-12-08 hbfl # Last update: $Id$ # # Copyright (c) 2013-@@YEAR@@ Holger Bruenjes, holgerbruenjes(at)gmx(dot)net # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. #---------------------------------------------------------------------------- # --------------------------------------------------------------------------- # only include this file once # --------------------------------------------------------------------------- if [ "${_PASSWDLIB}" != "true" ] then _PASSWDLIB=true # if vergotten, include now . /var/install/include/eislib ASK=/var/install/bin/ask MKTEMP=/bin/mktemp PWGEN=/usr/bin/pwgen PW_TEST=/usr/bin/pwtest SENDMAIL=/usr/sbin/sendmail CAT=/usr/bin/cat RM=/usr/bin/rm CUT=/usr/bin/cut GREP=/usr/bin/grep SED=/usr/bin/sed CP=/usr/bin/cp CHOWN=/usr/bin/chown CHMOD=/usr/bin/chmod CHECK_PACKAGE="/var/install/bin/check-package" # --------------------------------------------------------------------------- # usage # --------------------------------------------------------------------------- # # get_passwd [get password] # -c, --check [(optional) check password] # return: password='passwd' # # get_pwgen_passwd [get password with pwgen -> externes program] # return: password='passwd' # # get_digest_entry [get digest password entry] # -u, --user [username] # -r, --realm [realm] # -p, --passwd [password] # return: _passwd_entry='entry_line' # # set_passwd [set password in passwordfile] # -u, --user [username] # -b, --batch [new passwd entry] # -a, --alter [alter password] # -D, --drop [drop user and password] # -f, --file [passwordfile] # -e, --entry [entry line for passwordfile] # -c, --create [create new passwordfile] # # example: # # create new passwordfile # # set_passwd -c -e 'blublba' -f 'passwordfile' # # add user to passworfile # # set_passwd -b -u 'blablu' -e 'blublba' -f 'passwordfile' # # change password in passwordfile # # set_passwd -a -u 'blablu' -e 'blublba' -f 'passwordfile' # # remove user from passwordfile # # set_passwd -D -u 'blablu' -f 'passwordfile' # # # send_mail [send mail with password to] # -m, --mail [user@domain] # -p, --passwd [password] # -r, --realm [project etc..] # -u, --user [username] # -s, --sender [admin@domain] # # # --------------------------------------------------------------------------- # get password from cmd line # --------------------------------------------------------------------------- get_passwd() { # clear old value password='' while [ ${#} -ne 0 ] do case "${1}" in -c|--check) _do_check=true shift ;; esac done mecho --info "Now enter the new password:" password="" password2="x" _ask_tmpfile=$( ${MKTEMP} -t .XXXXXXXXXXXXX ) ${ASK} "Password:" "" "+hidden+" > ${_ask_tmpfile} rc=${?} read password < ${_ask_tmpfile} rm -f ${_ask_tmpfile} echo # if ask break, ask returned 255 if [ ${rc} = 255 ] then exit 127 fi # check passwd for little security ;-) if ${_do_check:-false} then # check with /usr/bin/pwtext _pw_test=$(${PW_TEST} ${password}) if [ "${_pw_test}" != "GOOD" ] then mecho --warn "${_pw_test}" fi fi # get second passwd to comprare get_passwd2 } get_passwd2() { # clear old value password2='' _ask_tmpfile=$( ${MKTEMP} -t .XXXXXXXXXXXXX ) ${ASK} "Retype password:" "" "+hidden+" > ${_ask_tmpfile} rc=${?} read password2 < ${_ask_tmpfile} rm -f ${_ask_tmpfile} echo # if ask break, ask returned 255 if [ ${rc} = 255 ] then exit 127 fi if [ "${password}" != "${password2}" ] then mecho --warn "Passwords do not match!" get_passwd else _passwd=true fi } # --------------------------------------------------------------------------- # get password with pwgen # --------------------------------------------------------------------------- get_pwgen_passwd() { # clear old value password='' # create password # pwgen --help password="$( ${PWGEN} -1s 12 )" } # --------------------------------------------------------------------------- # get digest entry # --------------------------------------------------------------------------- get_digest_entry() { # clear old value _passwd_entry='' _user='' _realm='' _password='' while [ ${#} -ne 0 ] do case "${1}" in -u|--user) _user="${2}" ;; -r|--realm) _realm="${2}" ;; -p|--passwd) _password="${2}" ;; esac shift 2 done # create md5-Hash for password entry _pw_prefix="${_user}:${_realm}:" _pw_hash="$( echo -n "${_pw_prefix}${_password}" | md5sum | cut -b -32 )" _passwd_entry="${_pw_prefix}${_pw_hash}" # example # HTUSER=user HTREALM=realm HTPASSWORD=password && # (echo -n "$HTUSER:$HTREALM:" && # echo -n "$HTUSER:$HTREALM:$HTPASSWORD" | md5sum | cut -b -32) \ # > .htdigest } # --------------------------------------------------------------------------- # set_passwd # --------------------------------------------------------------------------- set_passwd() { # clear old value _create_pw_file='' _batch='' _alter='' _remove='' _pw_file='' _user='' _entry_line='' while [ ${#} -ne 0 ] do case "${1}" in -u|--user) _user="${2}" shift 2 ;; -c|--create) _create_pw_file="true" shift ;; -b|--batch) _batch="true" shift ;; -a|--alter) _alter="true" shift ;; -D|--drop) _remove="true" shift ;; -f|--file) _pw_file="${2}" shift 2 ;; -e|--entry) _entry_line="${2}" shift 2 ;; esac done if ${_remove:-false} then ${SED} -i "/^${_user}:/d" ${_pw_file} elif ${_alter:-false} then if ${GREP} -q "^${_user}:" ${_pw_file} then ${SED} -i "s/^${_user}:.*$/${_entry_line}/" ${_pw_file} else mecho --error " '${_user}' not in password-file. " fi elif ${_batch:-false} then if ! ${GREP} -q "^${_user}:" ${_pw_file} then echo "${_entry_line}" >>${_pw_file} else mecho --error " '${_user}' exists in password-file. " fi elif ${_create_pw_file:-false} then echo "${_entry_line}" >${_pw_file} fi # set rights ${CHOWN} wwwrun ${_pw_file} ${CHMOD} 0600 ${_pw_file} } # --------------------------------------------------------------------------- # send password as mail # --------------------------------------------------------------------------- send_passwd() { # clear old value _to_mail='' _password='' _realm='' _user='' _from_mail='' while [ ${#} -ne 0 ] do case "${1}" in -u|--user) _user="${2}" shift 2 ;; -p|--passwd) _password="${2}" shift 2 ;; -r|--realm) _realm="${2}" shift 2 ;; -m|--mail) _to_mail="${2}" shift 2 ;; -s|--sender) _from_mail="${2}" shift 2 ;; esac done # the message to send { echo "From: Passwd Agent <${_from_mail}>" echo "To: ${_to_mail}" echo "Subject: ${_realm} Message" echo "Mime-Version: 1.0" echo "X-Mailer: sendmail '${_realm}' on eisfair" echo "Content-Type: text/plain; charset=iso-8859-1" echo "Content-Transfer-Encoding: quoted-printable" echo echo echo "Dispatched from 'Pw-Agent' on Server '${HOSTNAME}'" echo "Current Date: ${EISDATE} Time: ${EISTIME}" echo echo "The new password for '${_realm}' access" echo echo " User : ${_user} " echo " Project : ${_realm}" echo " Password: ${_password}" echo echo } | ${SENDMAIL} -f${_from_mail} -oi -t } # --------------------------------------------------------------------------- # end only include once # --------------------------------------------------------------------------- fi # --------------------------------------------------------------------------- # end # ---------------------------------------------------------------------------