src/include/sessionauth.global.class.in

# $Id$

provide auth ssl

PASSWD="@@SYSCONFDIR@@/mcoredpasswd"

md5crypt()
{
	local pass="$1"
	md5sum << EOF | sed 's:\(.*\)\ \ .*-.*:\1:'
${pass}
EOF
}

mcorepasswd()
{
	local user="$1"
	local pass
	local validate

	if [[ -z ${user} ]]
	then
		echo "No username given! Aborting."
		return 1
	fi

	# get pass
	echo -n "Enter Password: "
	stty -echo
	read pass
	stty echo
	echo

	echo -n "Retype Password: "
	stty -echo
	read validate
	stty echo
	echo

	if [[ ${pass} == ${validate} ]]
	then
		# encrypt and save
		echo "${user}:$(md5crypt ${pass})" > ${PASSWD}
		echo "Password for user '${user}' changed by $(id -u -n)."
	else
		echo "Passwords don't match!"
		echo "Password for user '${user}' is unchanged."
		return 1
	fi

}

validate_auth()
{
	local user="$1"
	local pass="$2"

	local passwduser
	local passwdpass

	# return 0 if ${valid_auth=yes} - user alread authenticated
	valid_session && return 0

	if [[ ! -f ${PASSWD} ]]
	then
		eecho "passwd '${PASSWD}' does not exist!"
		return 1
	fi

	passwduser=$(grep "^${user}:" ${PASSWD} | cut -d: -f1)
	passwdpass=$(grep "^${user}:" ${PASSWD} | cut -d: -f2)

	if [[ -n ${passwduser} ]]
	then
		if [[ $(md5crypt ${pass}) == ${passwdpass} ]]
		then
			mecho "password for user '${user}' is valid!"
			mecho "Successfully logged in. Type 'help' for more information."
			export valid_session="yes"
			return 0
		else
			mecho "password for user '${user}' is invalid!"
			export valid_session="no"
			return 1
		fi
	else
		eecho "User '${user}' unknown."
		export valid_session="no"
		return 1
	fi
}

validate_auth_certificate()
{
	local cert="$1"
	local cert_fingerprint
	local key_fingerprint

	# return 0 if ${valid_auth=yes} - user alread authenticated
	valid_session && return 0

	if [[ ! -e ${MCORE_KEY_FILE} ]]
	then
		eecho "MCORE_KEY_FILE '${MCORE_KEY_FILE}' does not exist"
	fi

	if [[ -z ${cert} ]]
	then
		eecho "no certificate given"
		return 1
	fi

	cert_fingerprint=$(echo "${cert}" | openssl x509 -noout -modulus | openssl sha1)
	key_fingerprint=$(openssl rsa -noout -modulus -in "${MCORE_KEY_FILE}" | openssl sha1)

	if [[ ${cert_fingerprint} == ${key_fingerprint} ]]
	then
		mecho "certificate is valid!"
		mecho "Successfully logged in. Type 'help' for more information."
		export valid_session="yes"
		return 0
	else
		mecho "certificate is invalid!"
		export valid_session="no"
		return 1
	fi
}

valid_session()
{
	if [[ ${valid_session} = yes ]]
	then
		return 0
	else
		return 1
	fi
}

invalid_session()
{
	if [[ ${valid_session} != yes ]]
	then
		eecho "not logged in..."
		# export quit signal
		export run=quit
	fi
}
1	# $Id$
2
3	provide auth ssl
4
5	PASSWD="@@SYSCONFDIR@@/mcoredpasswd"
6
7	md5crypt()
8	{
9	local pass="$1"
10	md5sum << EOF \| sed 's:\(.\)\ \ .-.*:\1:'
11	${pass}
12	EOF
13	}
14
15	mcorepasswd()
16	{
17	local user="$1"
18	local pass
19	local validate
20
21	if [[ -z ${user} ]]
22	then
23	echo "No username given! Aborting."
24	return 1
25	fi
26
27	# get pass
28	echo -n "Enter Password: "
29	stty -echo
30	read pass
31	stty echo
32	echo
33
34	echo -n "Retype Password: "
35	stty -echo
36	read validate
37	stty echo
38	echo
39
40	if [[ ${pass} == ${validate} ]]
41	then
42	# encrypt and save
43	echo "${user}:$(md5crypt ${pass})" > ${PASSWD}
44	echo "Password for user '${user}' changed by $(id -u -n)."
45	else
46	echo "Passwords don't match!"
47	echo "Password for user '${user}' is unchanged."
48	return 1
49	fi
50
51	}
52
53	validate_auth()
54	{
55	local user="$1"
56	local pass="$2"
57
58	local passwduser
59	local passwdpass
60
61	# return 0 if ${valid_auth=yes} - user alread authenticated
62	valid_session && return 0
63
64	if [[ ! -f ${PASSWD} ]]
65	then
66	eecho "passwd '${PASSWD}' does not exist!"
67	return 1
68	fi
69
70	passwduser=$(grep "^${user}:" ${PASSWD} \| cut -d: -f1)
71	passwdpass=$(grep "^${user}:" ${PASSWD} \| cut -d: -f2)
72
73	if [[ -n ${passwduser} ]]
74	then
75	if [[ $(md5crypt ${pass}) == ${passwdpass} ]]
76	then
77	mecho "password for user '${user}' is valid!"
78	mecho "Successfully logged in. Type 'help' for more information."
79	export valid_session="yes"
80	return 0
81	else
82	mecho "password for user '${user}' is invalid!"
83	export valid_session="no"
84	return 1
85	fi
86	else
87	eecho "User '${user}' unknown."
88	export valid_session="no"
89	return 1
90	fi
91	}
92
93	validate_auth_certificate()
94	{
95	local cert="$1"
96	local cert_fingerprint
97	local key_fingerprint
98
99	# return 0 if ${valid_auth=yes} - user alread authenticated
100	valid_session && return 0
101
102	if [[ ! -e ${MCORE_KEY_FILE} ]]
103	then
104	eecho "MCORE_KEY_FILE '${MCORE_KEY_FILE}' does not exist"
105	fi
106
107	if [[ -z ${cert} ]]
108	then
109	eecho "no certificate given"
110	return 1
111	fi
112
113	cert_fingerprint=$(echo "${cert}" \| openssl x509 -noout -modulus \| openssl sha1)
114	key_fingerprint=$(openssl rsa -noout -modulus -in "${MCORE_KEY_FILE}" \| openssl sha1)
115
116	if [[ ${cert_fingerprint} == ${key_fingerprint} ]]
117	then
118	mecho "certificate is valid!"
119	mecho "Successfully logged in. Type 'help' for more information."
120	export valid_session="yes"
121	return 0
122	else
123	mecho "certificate is invalid!"
124	export valid_session="no"
125	return 1
126	fi
127	}
128
129	valid_session()
130	{
131	if [[ ${valid_session} = yes ]]
132	then
133	return 0
134	else
135	return 1
136	fi
137	}
138
139	invalid_session()
140	{
141	if [[ ${valid_session} != yes ]]
142	then
143	eecho "not logged in..."
144	# export quit signal
145	export run=quit
146	fi
147	}