1203368Slulf#! /bin/sh
2203368Slulf#
3203368Slulf# Copyright 2007. Petar Zhivkov Petrov 
4203368Slulf# pesho.petrov@gmail.com
5203368Slulf#
6203368Slulf# $FreeBSD: releng/10.3/usr.bin/csup/cpasswd.sh 204556 2010-03-02 07:26:07Z lulf $
7203368Slulf
8203368Slulfusage() {
9203368Slulf	echo "Usage: $0 clientName serverName"
10203368Slulf	echo "       $0 -v"
11203368Slulf}
12203368Slulf
13203368SlulfcountChars() {
14203368Slulf    _count="`echo "$1" | sed -e "s/[^$2]//g" | tr -d "\n" | wc -c`"
15203368Slulf	return 0
16203368Slulf}
17203368Slulf
18203368SlulfreadPassword() {
19203368Slulf	while [ true ]; do
20203368Slulf		stty -echo
21203368Slulf		read -p "$1" _password
22203368Slulf		stty echo
23203368Slulf		echo ""
24203368Slulf		countChars "$_password" ":"
25203368Slulf		if [ $_count != 0 ]; then
26203368Slulf			echo "Sorry, password must not contain \":\" characters"
27203368Slulf			echo ""
28203368Slulf		else
29203368Slulf			break
30203368Slulf		fi
31203368Slulf	done
32203368Slulf	return 0
33203368Slulf}
34203368Slulf
35203368SlulfmakeSecret() {
36203368Slulf	local clientLower="`echo "$1" | tr "[:upper:]" "[:lower:]"`"
37203368Slulf	local serverLower="`echo "$2" | tr "[:upper:]" "[:lower:]"`"
38203368Slulf	local secret="`md5 -qs "$clientLower:$serverLower:$3"`"
39203368Slulf	_secret="\$md5\$$secret"
40203368Slulf}
41203368Slulf
42203368Slulfif [ $# -eq 1 -a "X$1" = "X-v" ]; then
43203368Slulf	echo "Csup authentication key generator"
44203368Slulf	usage
45203368Slulf	exit
46203368Slulfelif [ $# -ne 2 ]; then
47203368Slulf	usage
48203368Slulf	exit
49203368Slulffi
50203368Slulf
51203368SlulfclientName=$1
52203368SlulfserverName=$2
53203368Slulf
54203368Slulf#
55203368Slulf# Client name must contain exactly one '@' and at least one '.'.
56203368Slulf# It must not contain a ':'.
57203368Slulf#
58203368Slulf
59203368SlulfcountChars "$clientName" "@"
60203368SlulfaCount=$_count
61203368Slulf
62203368SlulfcountChars "$clientName" "."
63203368SlulfdotCount=$_count
64203368Slulfif [ $aCount -ne 1 -o $dotCount -eq 0 ]; then
65203368Slulf	echo "Client name must have the form of an e-mail address,"
66203368Slulf	echo "e.g., \"user@domain.com\""
67203368Slulf	exit
68203368Slulffi
69203368Slulf
70203368SlulfcountChars "$clientName" ":"
71203368SlulfcolonCount=$_count
72203368Slulfif [ $colonCount -gt 0 ]; then
73203368Slulf	echo "Client name must not contain \":\" characters"
74203368Slulf	exit
75203368Slulffi
76203368Slulf
77203368Slulf#
78203368Slulf# Server name must not contain '@' and must have at least one '.'.
79203368Slulf# It also must not contain a ':'.
80203368Slulf#
81203368Slulf
82203368SlulfcountChars "$serverName" "@"
83203368SlulfaCount=$_count
84203368Slulf
85203368SlulfcountChars "$serverName" "."
86203368SlulfdotCount=$_count
87203368Slulfif [ $aCount != 0 -o $dotCount = 0 ]; then
88203368Slulf	echo "Server name must be a fully-qualified domain name."
89203368Slulf	echo "e.g., \"host.domain.com\""
90203368Slulf	exit
91203368Slulffi
92203368Slulf
93203368SlulfcountChars "$serverName" ":"
94203368SlulfcolonCount=$_count
95203368Slulfif [ $colonCount -gt 0 ]; then
96203368Slulf	echo "Server name must not contain \":\" characters"
97203368Slulf	exit
98203368Slulffi
99203368Slulf
100203368Slulf#
101203368Slulf# Ask for password and generate secret.
102203368Slulf#
103203368Slulf
104203368Slulfwhile [ true ]; do
105203368Slulf	readPassword "Enter password: "
106203368Slulf	makeSecret "$clientName" "$serverName" "$_password"
107203368Slulf	secret=$_secret
108203368Slulf
109203368Slulf	readPassword "Enter same password again: "
110203368Slulf	makeSecret "$clientName" "$serverName" "$_password"
111203368Slulf	secret2=$_secret
112203368Slulf
113203368Slulf	if [ "X$secret" = "X$secret2" ]; then
114203368Slulf		break
115203368Slulf	else
116203368Slulf		echo "Passwords did not match.  Try again."
117203368Slulf		echo ""
118203368Slulf	fi
119203368Slulfdone
120203368Slulf
121203368Slulfecho ""
122203368Slulfecho "Send this line to the server administrator at $serverName:"
123203368Slulfecho "-------------------------------------------------------------------------------"
124203368Slulfecho "$clientName:$secret::"
125203368Slulfecho "-------------------------------------------------------------------------------"
126203368Slulfecho "Be sure to send it using a secure channel!"
127203368Slulfecho ""
128203368Slulfecho "Add this line to your file \"$HOME/.csup/auth\", replacing \"XXX\""
129203368Slulfecho "with the password you typed in:"
130203368Slulfecho "-------------------------------------------------------------------------------"
131203368Slulfecho "$serverName:$clientName:XXX:"
132203368Slulfecho "-------------------------------------------------------------------------------"
133203368Slulfecho "Make sure the file is readable and writable only by you!"
134203368Slulfecho ""
135203368Slulf
136