-
Notifications
You must be signed in to change notification settings - Fork 1
/
cpasswd.sh
133 lines (114 loc) · 2.94 KB
/
cpasswd.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#! /bin/sh
#
# Copyright 2007. Petar Zhivkov Petrov
#
usage() {
echo "Usage: $0 clientName serverName"
echo " $0 -v"
}
countChars() {
_count="`echo "$1" | sed -e "s/[^$2]//g" | tr -d "\n" | wc -c`"
return 0
}
readPassword() {
while [ true ]; do
stty -echo
read -p "$1" _password
stty echo
echo ""
countChars "$_password" ":"
if [ $_count != 0 ]; then
echo "Sorry, password must not contain \":\" characters"
echo ""
else
break
fi
done
return 0
}
makeSecret() {
local clientLower="`echo "$1" | tr "[:upper:]" "[:lower:]"`"
local serverLower="`echo "$2" | tr "[:upper:]" "[:lower:]"`"
local secret="`md5 -qs "$clientLower:$serverLower:$3"`"
_secret="\$md5\$$secret"
}
if [ $# -eq 1 -a "X$1" = "X-v" ]; then
echo "Csup authentication key generator"
usage
exit
elif [ $# -ne 2 ]; then
usage
exit
fi
clientName=$1
serverName=$2
#
# Client name must contain exactly one '@' and at least one '.'.
# It must not contain a ':'.
#
countChars "$clientName" "@"
aCount=$_count
countChars "$clientName" "."
dotCount=$_count
if [ $aCount -ne 1 -o $dotCount -eq 0 ]; then
echo "Client name must have the form of an e-mail address,"
echo "e.g., \"[email protected]\""
exit
fi
countChars "$clientName" ":"
colonCount=$_count
if [ $colonCount -gt 0 ]; then
echo "Client name must not contain \":\" characters"
exit
fi
#
# Server name must not contain '@' and must have at least one '.'.
# It also must not contain a ':'.
#
countChars "$serverName" "@"
aCount=$_count
countChars "$serverName" "."
dotCount=$_count
if [ $aCount != 0 -o $dotCount = 0 ]; then
echo "Server name must be a fully-qualified domain name."
echo "e.g., \"host.domain.com\""
exit
fi
countChars "$serverName" ":"
colonCount=$_count
if [ $colonCount -gt 0 ]; then
echo "Server name must not contain \":\" characters"
exit
fi
#
# Ask for password and generate secret.
#
while [ true ]; do
readPassword "Enter password: "
makeSecret "$clientName" "$serverName" "$_password"
secret=$_secret
readPassword "Enter same password again: "
makeSecret "$clientName" "$serverName" "$_password"
secret2=$_secret
if [ "X$secret" = "X$secret2" ]; then
break
else
echo "Passwords did not match. Try again."
echo ""
fi
done
echo ""
echo "Send this line to the server administrator at $serverName:"
echo "-------------------------------------------------------------------------------"
echo "$clientName:$secret::"
echo "-------------------------------------------------------------------------------"
echo "Be sure to send it using a secure channel!"
echo ""
echo "Add this line to your file \"$HOME/.csup/auth\", replacing \"XXX\""
echo "with the password you typed in:"
echo "-------------------------------------------------------------------------------"
echo "$serverName:$clientName:XXX:"
echo "-------------------------------------------------------------------------------"
echo "Make sure the file is readable and writable only by you!"
echo ""