1203368Slulf#! /bin/sh 2203368Slulf# 3203368Slulf# Copyright 2007. Petar Zhivkov Petrov 4203368Slulf# pesho.petrov@gmail.com 5203368Slulf# 6203368Slulf# $FreeBSD: releng/10.3/usr.bin/csup/cpasswd.sh 204556 2010-03-02 07:26:07Z lulf $ 7203368Slulf 8203368Slulfusage() { 9203368Slulf echo "Usage: $0 clientName serverName" 10203368Slulf echo " $0 -v" 11203368Slulf} 12203368Slulf 13203368SlulfcountChars() { 14203368Slulf _count="`echo "$1" | sed -e "s/[^$2]//g" | tr -d "\n" | wc -c`" 15203368Slulf return 0 16203368Slulf} 17203368Slulf 18203368SlulfreadPassword() { 19203368Slulf while [ true ]; do 20203368Slulf stty -echo 21203368Slulf read -p "$1" _password 22203368Slulf stty echo 23203368Slulf echo "" 24203368Slulf countChars "$_password" ":" 25203368Slulf if [ $_count != 0 ]; then 26203368Slulf echo "Sorry, password must not contain \":\" characters" 27203368Slulf echo "" 28203368Slulf else 29203368Slulf break 30203368Slulf fi 31203368Slulf done 32203368Slulf return 0 33203368Slulf} 34203368Slulf 35203368SlulfmakeSecret() { 36203368Slulf local clientLower="`echo "$1" | tr "[:upper:]" "[:lower:]"`" 37203368Slulf local serverLower="`echo "$2" | tr "[:upper:]" "[:lower:]"`" 38203368Slulf local secret="`md5 -qs "$clientLower:$serverLower:$3"`" 39203368Slulf _secret="\$md5\$$secret" 40203368Slulf} 41203368Slulf 42203368Slulfif [ $# -eq 1 -a "X$1" = "X-v" ]; then 43203368Slulf echo "Csup authentication key generator" 44203368Slulf usage 45203368Slulf exit 46203368Slulfelif [ $# -ne 2 ]; then 47203368Slulf usage 48203368Slulf exit 49203368Slulffi 50203368Slulf 51203368SlulfclientName=$1 52203368SlulfserverName=$2 53203368Slulf 54203368Slulf# 55203368Slulf# Client name must contain exactly one '@' and at least one '.'. 56203368Slulf# It must not contain a ':'. 57203368Slulf# 58203368Slulf 59203368SlulfcountChars "$clientName" "@" 60203368SlulfaCount=$_count 61203368Slulf 62203368SlulfcountChars "$clientName" "." 63203368SlulfdotCount=$_count 64203368Slulfif [ $aCount -ne 1 -o $dotCount -eq 0 ]; then 65203368Slulf echo "Client name must have the form of an e-mail address," 66203368Slulf echo "e.g., \"user@domain.com\"" 67203368Slulf exit 68203368Slulffi 69203368Slulf 70203368SlulfcountChars "$clientName" ":" 71203368SlulfcolonCount=$_count 72203368Slulfif [ $colonCount -gt 0 ]; then 73203368Slulf echo "Client name must not contain \":\" characters" 74203368Slulf exit 75203368Slulffi 76203368Slulf 77203368Slulf# 78203368Slulf# Server name must not contain '@' and must have at least one '.'. 79203368Slulf# It also must not contain a ':'. 80203368Slulf# 81203368Slulf 82203368SlulfcountChars "$serverName" "@" 83203368SlulfaCount=$_count 84203368Slulf 85203368SlulfcountChars "$serverName" "." 86203368SlulfdotCount=$_count 87203368Slulfif [ $aCount != 0 -o $dotCount = 0 ]; then 88203368Slulf echo "Server name must be a fully-qualified domain name." 89203368Slulf echo "e.g., \"host.domain.com\"" 90203368Slulf exit 91203368Slulffi 92203368Slulf 93203368SlulfcountChars "$serverName" ":" 94203368SlulfcolonCount=$_count 95203368Slulfif [ $colonCount -gt 0 ]; then 96203368Slulf echo "Server name must not contain \":\" characters" 97203368Slulf exit 98203368Slulffi 99203368Slulf 100203368Slulf# 101203368Slulf# Ask for password and generate secret. 102203368Slulf# 103203368Slulf 104203368Slulfwhile [ true ]; do 105203368Slulf readPassword "Enter password: " 106203368Slulf makeSecret "$clientName" "$serverName" "$_password" 107203368Slulf secret=$_secret 108203368Slulf 109203368Slulf readPassword "Enter same password again: " 110203368Slulf makeSecret "$clientName" "$serverName" "$_password" 111203368Slulf secret2=$_secret 112203368Slulf 113203368Slulf if [ "X$secret" = "X$secret2" ]; then 114203368Slulf break 115203368Slulf else 116203368Slulf echo "Passwords did not match. Try again." 117203368Slulf echo "" 118203368Slulf fi 119203368Slulfdone 120203368Slulf 121203368Slulfecho "" 122203368Slulfecho "Send this line to the server administrator at $serverName:" 123203368Slulfecho "-------------------------------------------------------------------------------" 124203368Slulfecho "$clientName:$secret::" 125203368Slulfecho "-------------------------------------------------------------------------------" 126203368Slulfecho "Be sure to send it using a secure channel!" 127203368Slulfecho "" 128203368Slulfecho "Add this line to your file \"$HOME/.csup/auth\", replacing \"XXX\"" 129203368Slulfecho "with the password you typed in:" 130203368Slulfecho "-------------------------------------------------------------------------------" 131203368Slulfecho "$serverName:$clientName:XXX:" 132203368Slulfecho "-------------------------------------------------------------------------------" 133203368Slulfecho "Make sure the file is readable and writable only by you!" 134203368Slulfecho "" 135203368Slulf 136