Contents of /mcore-src/trunk/mcore-tools/src/include/sessionauth.global.class.in
Parent Directory | Revision Log
Revision 2423 -
(show annotations)
(download)
Thu Sep 3 07:29:19 2015 UTC (9 years ago) by niro
File size: 2594 byte(s)
Thu Sep 3 07:29:19 2015 UTC (9 years ago) by niro
File size: 2594 byte(s)
-added certifacte auth method
1 | # $Id$ |
2 | |
3 | provide auth ssl |
4 | |
5 | PASSWD="@@SYSCONFDIR@@/mcoredpasswd" |
6 | |
7 | md5crypt() |
8 | { |
9 | local pass="$1" |
10 | md5sum << EOF | sed 's:\(.*\)\ \ .*-.*:\1:' |
11 | ${pass} |
12 | EOF |
13 | } |
14 | |
15 | mcorepasswd() |
16 | { |
17 | local user="$1" |
18 | local pass |
19 | local validate |
20 | |
21 | if [[ -z ${user} ]] |
22 | then |
23 | echo "No username given! Aborting." |
24 | return 1 |
25 | fi |
26 | |
27 | # get pass |
28 | echo -n "Enter Password: " |
29 | stty -echo |
30 | read pass |
31 | stty echo |
32 | echo |
33 | |
34 | echo -n "Retype Password: " |
35 | stty -echo |
36 | read validate |
37 | stty echo |
38 | echo |
39 | |
40 | if [[ ${pass} == ${validate} ]] |
41 | then |
42 | # encrypt and save |
43 | echo "${user}:$(md5crypt ${pass})" > ${PASSWD} |
44 | echo "Password for user '${user}' changed by $(id -u -n)." |
45 | else |
46 | echo "Passwords don't match!" |
47 | echo "Password for user '${user}' is unchanged." |
48 | return 1 |
49 | fi |
50 | |
51 | } |
52 | |
53 | validate_auth() |
54 | { |
55 | local user="$1" |
56 | local pass="$2" |
57 | |
58 | local passwduser |
59 | local passwdpass |
60 | |
61 | # return 0 if ${valid_auth=yes} - user alread authenticated |
62 | valid_session && return 0 |
63 | |
64 | if [[ ! -f ${PASSWD} ]] |
65 | then |
66 | eecho "passwd '${PASSWD}' does not exist!" |
67 | return 1 |
68 | fi |
69 | |
70 | passwduser=$(grep "^${user}:" ${PASSWD} | cut -d: -f1) |
71 | passwdpass=$(grep "^${user}:" ${PASSWD} | cut -d: -f2) |
72 | |
73 | if [[ -n ${passwduser} ]] |
74 | then |
75 | if [[ $(md5crypt ${pass}) == ${passwdpass} ]] |
76 | then |
77 | mecho "password for user '${user}' is valid!" |
78 | mecho "Successfully logged in. Type 'help' for more information." |
79 | export valid_session="yes" |
80 | return 0 |
81 | else |
82 | mecho "password for user '${user}' is invalid!" |
83 | export valid_session="no" |
84 | return 1 |
85 | fi |
86 | else |
87 | eecho "User '${user}' unknown." |
88 | export valid_session="no" |
89 | return 1 |
90 | fi |
91 | } |
92 | |
93 | validate_auth_certificate() |
94 | { |
95 | local cert="$1" |
96 | local cert_fingerprint |
97 | local key_fingerprint |
98 | |
99 | # return 0 if ${valid_auth=yes} - user alread authenticated |
100 | valid_session && return 0 |
101 | |
102 | if [[ ! -e ${MCORE_KEY_FILE} ]] |
103 | then |
104 | eecho "MCORE_KEY_FILE '${MCORE_KEY_FILE}' does not exist" |
105 | fi |
106 | |
107 | if [[ -z ${cert} ]] |
108 | then |
109 | eecho "no certificate given" |
110 | return 1 |
111 | fi |
112 | |
113 | cert_fingerprint=$(echo "${cert}" | openssl x509 -noout -modulus | openssl sha1) |
114 | key_fingerprint=$(openssl rsa -noout -modulus -in "${MCORE_KEY_FILE}" | openssl sha1) |
115 | |
116 | if [[ ${cert_fingerprint} == ${key_fingerprint} ]] |
117 | then |
118 | mecho "certificate is valid!" |
119 | mecho "Successfully logged in. Type 'help' for more information." |
120 | export valid_session="yes" |
121 | return 0 |
122 | else |
123 | mecho "certificate is invalid!" |
124 | export valid_session="no" |
125 | return 1 |
126 | fi |
127 | } |
128 | |
129 | valid_session() |
130 | { |
131 | if [[ ${valid_session} = yes ]] |
132 | then |
133 | return 0 |
134 | else |
135 | return 1 |
136 | fi |
137 | } |
138 | |
139 | invalid_session() |
140 | { |
141 | if [[ ${valid_session} != yes ]] |
142 | then |
143 | eecho "not logged in..." |
144 | # export quit signal |
145 | export run=quit |
146 | fi |
147 | } |