usr.bin/csup/cpasswd.sh

   1 #! /bin/sh
   2 #
   3 # Copyright 2007. Petar Zhivkov Petrov
   4 # pesho.petrov@gmail.com
   5 #
   6 # $FreeBSD$
   7
   8 usage() {
   9         echo "Usage: $0 clientName serverName"
  10         echo "       $0 -v"
  11 }
  12
  13 countChars() {
  14     _count="`echo "$1" | sed -e "s/[^$2]//g" | tr -d "\n" | wc -c`"
  15         return 0
  16 }
  17
  18 readPassword() {
  19         while [ true ]; do
  20                 stty -echo
  21                 read -p "$1" _password
  22                 stty echo
  23                 echo ""
  24                 countChars "$_password" ":"
  25                 if [ $_count != 0 ]; then
  26                         echo "Sorry, password must not contain \":\" characters"
  27                         echo ""
  28                 else
  29                         break
  30                 fi
  31         done
  32         return 0
  33 }
  34
  35 makeSecret() {
  36         local clientLower="`echo "$1" | tr "[:upper:]" "[:lower:]"`"
  37         local serverLower="`echo "$2" | tr "[:upper:]" "[:lower:]"`"
  38         local secret="`md5 -qs "$clientLower:$serverLower:$3"`"
  39         _secret="\$md5\$$secret"
  40 }
  41
  42 if [ $# -eq 1 -a "X$1" = "X-v" ]; then
  43         echo "Csup authentication key generator"
  44         usage
  45         exit
  46 elif [ $# -ne 2 ]; then
  47         usage
  48         exit
  49 fi
  50
  51 clientName=$1
  52 serverName=$2
  53
  54 #
  55 # Client name must contain exactly one '@' and at least one '.'.
  56 # It must not contain a ':'.
  57 #
  58
  59 countChars "$clientName" "@"
  60 aCount=$_count
  61
  62 countChars "$clientName" "."
  63 dotCount=$_count
  64 if [ $aCount -ne 1 -o $dotCount -eq 0 ]; then
  65         echo "Client name must have the form of an e-mail address,"
  66         echo "e.g., \"user@domain.com\""
  67         exit
  68 fi
  69
  70 countChars "$clientName" ":"
  71 colonCount=$_count
  72 if [ $colonCount -gt 0 ]; then
  73         echo "Client name must not contain \":\" characters"
  74         exit
  75 fi
  76
  77 #
  78 # Server name must not contain '@' and must have at least one '.'.
  79 # It also must not contain a ':'.
  80 #
  81
  82 countChars "$serverName" "@"
  83 aCount=$_count
  84
  85 countChars "$serverName" "."
  86 dotCount=$_count
  87 if [ $aCount != 0 -o $dotCount = 0 ]; then
  88         echo "Server name must be a fully-qualified domain name."
  89         echo "e.g., \"host.domain.com\""
  90         exit
  91 fi
  92
  93 countChars "$serverName" ":"
  94 colonCount=$_count
  95 if [ $colonCount -gt 0 ]; then
  96         echo "Server name must not contain \":\" characters"
  97         exit
  98 fi
  99
 100 #
 101 # Ask for password and generate secret.
 102 #
 103
 104 while [ true ]; do
 105         readPassword "Enter password: "
 106         makeSecret "$clientName" "$serverName" "$_password"
 107         secret=$_secret
 108
 109         readPassword "Enter same password again: "
 110         makeSecret "$clientName" "$serverName" "$_password"
 111         secret2=$_secret
 112
 113         if [ "X$secret" = "X$secret2" ]; then
 114                 break
 115         else
 116                 echo "Passwords did not match.  Try again."
 117                 echo ""
 118         fi
 119 done
 120
 121 echo ""
 122 echo "Send this line to the server administrator at $serverName:"
 123 echo "-------------------------------------------------------------------------------"
 124 echo "$clientName:$secret::"
 125 echo "-------------------------------------------------------------------------------"
 126 echo "Be sure to send it using a secure channel!"
 127 echo ""
 128 echo "Add this line to your file \"$HOME/.csup/auth\", replacing \"XXX\""
 129 echo "with the password you typed in:"
 130 echo "-------------------------------------------------------------------------------"
 131 echo "$serverName:$clientName:XXX:"
 132 echo "-------------------------------------------------------------------------------"
 133 echo "Make sure the file is readable and writable only by you!"
 134 echo ""
 135