Contents of /mcore-src/trunk/mcore-tools/src/include/sessionauth.global.class.in
Parent Directory | Revision Log
Revision 2480 -
(show annotations)
(download)
Thu Sep 10 10:41:11 2015 UTC (9 years ago) by niro
File size: 2591 byte(s)
Thu Sep 10 10:41:11 2015 UTC (9 years ago) by niro
File size: 2591 byte(s)
-respect SILENT env var for internal daemon communication
1 | # $Id$ |
2 | |
3 | provide auth ssl |
4 | |
5 | PASSWD="@@SYSCONFDIR@@/mcoredpasswd" |
6 | |
7 | md5crypt() |
8 | { |
9 | local pass="$1" |
10 | md5sum << EOF | sed 's:\(.*\)\ \ .*-.*:\1:' |
11 | ${pass} |
12 | EOF |
13 | } |
14 | |
15 | mcorepasswd() |
16 | { |
17 | local user="$1" |
18 | local pass |
19 | local validate |
20 | |
21 | if [[ -z ${user} ]] |
22 | then |
23 | echo "No username given! Aborting." |
24 | return 1 |
25 | fi |
26 | |
27 | # get pass |
28 | echo -n "Enter Password: " |
29 | stty -echo |
30 | read pass |
31 | stty echo |
32 | echo |
33 | |
34 | echo -n "Retype Password: " |
35 | stty -echo |
36 | read validate |
37 | stty echo |
38 | echo |
39 | |
40 | if [[ ${pass} == ${validate} ]] |
41 | then |
42 | # encrypt and save |
43 | echo "${user}:$(md5crypt ${pass})" > ${PASSWD} |
44 | echo "Password for user '${user}' changed by $(id -u -n)." |
45 | else |
46 | echo "Passwords don't match!" |
47 | echo "Password for user '${user}' is unchanged." |
48 | return 1 |
49 | fi |
50 | |
51 | } |
52 | |
53 | validate_auth() |
54 | { |
55 | local user="$1" |
56 | local pass="$2" |
57 | |
58 | local passwduser |
59 | local passwdpass |
60 | |
61 | # return 0 if ${valid_auth=yes} - user alread authenticated |
62 | valid_session && return 0 |
63 | |
64 | if [[ ! -f ${PASSWD} ]] |
65 | then |
66 | eecho "passwd '${PASSWD}' does not exist!" |
67 | return 1 |
68 | fi |
69 | |
70 | passwduser=$(grep "^${user}:" ${PASSWD} | cut -d: -f1) |
71 | passwdpass=$(grep "^${user}:" ${PASSWD} | cut -d: -f2) |
72 | |
73 | if [[ -n ${passwduser} ]] |
74 | then |
75 | if [[ $(md5crypt ${pass}) == ${passwdpass} ]] |
76 | then |
77 | [[ ${SILENT} = 1 ]] || mecho "password for user '${user}' is valid!" |
78 | [[ ${SILENT} = 1 ]] || mecho "Successfully logged in. Type 'help' for more information." |
79 | export valid_session="yes" |
80 | return 0 |
81 | else |
82 | mecho "password for user '${user}' is invalid!" |
83 | export valid_session="no" |
84 | return 1 |
85 | fi |
86 | else |
87 | eecho "User '${user}' unknown." |
88 | export valid_session="no" |
89 | return 1 |
90 | fi |
91 | } |
92 | |
93 | validate_auth_certificate() |
94 | { |
95 | local cert_fingerprint="$1" |
96 | local key_fingerprint |
97 | |
98 | # return 0 if ${valid_auth=yes} - user alread authenticated |
99 | valid_session && return 0 |
100 | |
101 | if [[ ! -e ${MCORE_KEY_FILE} ]] |
102 | then |
103 | eecho "MCORE_KEY_FILE '${MCORE_KEY_FILE}' does not exist" |
104 | fi |
105 | |
106 | if [[ -z ${cert_fingerprint} ]] |
107 | then |
108 | eecho "no certificate fingerprint given" |
109 | return 1 |
110 | fi |
111 | |
112 | key_fingerprint="$(key_fingerprint)" |
113 | |
114 | if [[ ${cert_fingerprint} == ${key_fingerprint} ]] |
115 | then |
116 | [[ ${SILENT} = 1 ]] || mecho "certificate fingerprint is valid!" |
117 | [[ ${SILENT} = 1 ]] || mecho "Successfully logged in. Type 'help' for more information." |
118 | export valid_session="yes" |
119 | return 0 |
120 | else |
121 | mecho "certificate fingerprint is invalid!" |
122 | export valid_session="no" |
123 | return 1 |
124 | fi |
125 | } |
126 | |
127 | valid_session() |
128 | { |
129 | if [[ ${valid_session} = yes ]] |
130 | then |
131 | return 0 |
132 | else |
133 | return 1 |
134 | fi |
135 | } |
136 | |
137 | invalid_session() |
138 | { |
139 | if [[ ${valid_session} != yes ]] |
140 | then |
141 | eecho "not logged in..." |
142 | # export quit signal |
143 | export run=quit |
144 | fi |
145 | } |