freebsd-skq/usr.bin/csup/cpasswd.sh

136 lines
3.0 KiB
Bash
Raw Normal View History

#! /bin/sh
#
# Copyright 2007. Petar Zhivkov Petrov
# pesho.petrov@gmail.com
#
# $FreeBSD$
usage() {
echo "Usage: $0 clientName serverName"
echo " $0 -v"
}
countChars() {
_count="`echo "$1" | sed -e "s/[^$2]//g" | tr -d "\n" | wc -c`"
return 0
}
readPassword() {
while [ true ]; do
stty -echo
read -p "$1" _password
stty echo
echo ""
countChars "$_password" ":"
if [ $_count != 0 ]; then
echo "Sorry, password must not contain \":\" characters"
echo ""
else
break
fi
done
return 0
}
makeSecret() {
local clientLower="`echo "$1" | tr "[:upper:]" "[:lower:]"`"
local serverLower="`echo "$2" | tr "[:upper:]" "[:lower:]"`"
local secret="`md5 -qs "$clientLower:$serverLower:$3"`"
_secret="\$md5\$$secret"
}
if [ $# -eq 1 -a "X$1" = "X-v" ]; then
echo "Csup authentication key generator"
usage
exit
elif [ $# -ne 2 ]; then
usage
exit
fi
clientName=$1
serverName=$2
#
# Client name must contain exactly one '@' and at least one '.'.
# It must not contain a ':'.
#
countChars "$clientName" "@"
aCount=$_count
countChars "$clientName" "."
dotCount=$_count
if [ $aCount -ne 1 -o $dotCount -eq 0 ]; then
echo "Client name must have the form of an e-mail address,"
echo "e.g., \"user@domain.com\""
exit
fi
countChars "$clientName" ":"
colonCount=$_count
if [ $colonCount -gt 0 ]; then
echo "Client name must not contain \":\" characters"
exit
fi
#
# Server name must not contain '@' and must have at least one '.'.
# It also must not contain a ':'.
#
countChars "$serverName" "@"
aCount=$_count
countChars "$serverName" "."
dotCount=$_count
if [ $aCount != 0 -o $dotCount = 0 ]; then
echo "Server name must be a fully-qualified domain name."
echo "e.g., \"host.domain.com\""
exit
fi
countChars "$serverName" ":"
colonCount=$_count
if [ $colonCount -gt 0 ]; then
echo "Server name must not contain \":\" characters"
exit
fi
#
# Ask for password and generate secret.
#
while [ true ]; do
readPassword "Enter password: "
makeSecret "$clientName" "$serverName" "$_password"
secret=$_secret
readPassword "Enter same password again: "
makeSecret "$clientName" "$serverName" "$_password"
secret2=$_secret
if [ "X$secret" = "X$secret2" ]; then
break
else
echo "Passwords did not match. Try again."
echo ""
fi
done
echo ""
echo "Send this line to the server administrator at $serverName:"
echo "-------------------------------------------------------------------------------"
echo "$clientName:$secret::"
echo "-------------------------------------------------------------------------------"
echo "Be sure to send it using a secure channel!"
echo ""
echo "Add this line to your file \"$HOME/.csup/auth\", replacing \"XXX\""
echo "with the password you typed in:"
echo "-------------------------------------------------------------------------------"
echo "$serverName:$clientName:XXX:"
echo "-------------------------------------------------------------------------------"
echo "Make sure the file is readable and writable only by you!"
echo ""