|
|
@@ -0,0 +1,94 @@
|
|
|
+#!/bin/bash
|
|
|
+# info: check user password
|
|
|
+# options: USER PASSWORD [IP]
|
|
|
+#
|
|
|
+# The function verifies user password from file
|
|
|
+
|
|
|
+
|
|
|
+#----------------------------------------------------------#
|
|
|
+# Variable&Function #
|
|
|
+#----------------------------------------------------------#
|
|
|
+
|
|
|
+# Argument defenition
|
|
|
+user=$1
|
|
|
+password=$2
|
|
|
+ip=${3-127.0.0.1}
|
|
|
+
|
|
|
+# Includes
|
|
|
+source $VESTA/func/main.sh
|
|
|
+source $VESTA/conf/vesta.conf
|
|
|
+
|
|
|
+
|
|
|
+#----------------------------------------------------------#
|
|
|
+# Verifications #
|
|
|
+#----------------------------------------------------------#
|
|
|
+
|
|
|
+check_args '2' "$#" 'USER PASSWORD'
|
|
|
+validate_format 'user'
|
|
|
+
|
|
|
+# Checking user
|
|
|
+if [ ! -d "$VESTA/data/users/$user" ] && [ "$user" != 'root' ]; then
|
|
|
+ echo "Error: password missmatch"
|
|
|
+ echo "$DATE $user $ip failed to login" >> $VESTA/log/auth.log
|
|
|
+ exit 9
|
|
|
+fi
|
|
|
+
|
|
|
+# Checking user password
|
|
|
+is_password_valid
|
|
|
+
|
|
|
+# Checking empty password
|
|
|
+if [[ -z "$password" ]]; then
|
|
|
+ echo "Error: password missmatch"
|
|
|
+ echo "$DATE $user $ip failed to login" >> $VESTA/log/auth.log
|
|
|
+ exit 9
|
|
|
+fi
|
|
|
+
|
|
|
+# Checking mkpasswd command
|
|
|
+which mkpasswd >/dev/null 2>&1
|
|
|
+if [ $? -ne 0 ]; then
|
|
|
+ # Activating fallback procedure
|
|
|
+ if [ -e "/usr/bin/yum" ]; then
|
|
|
+ yum install -y expect >/dev/null 2>&1
|
|
|
+ else
|
|
|
+ apt-get install -y expect >/dev/null 2>&1
|
|
|
+ fi
|
|
|
+fi
|
|
|
+
|
|
|
+
|
|
|
+#----------------------------------------------------------#
|
|
|
+# Action #
|
|
|
+#----------------------------------------------------------#
|
|
|
+
|
|
|
+# Parsing user's salt
|
|
|
+salt=$(grep "^$user:" /etc/shadow |cut -f 3 -d \$)
|
|
|
+if [[ -z "$salt" ]] || [[ "${#salt}" -gt 8 ]]; then
|
|
|
+ echo "Error: password missmatch"
|
|
|
+ echo "$DATE $user $ip failed to login" >> $VESTA/log/auth.log
|
|
|
+ exit 9
|
|
|
+fi
|
|
|
+
|
|
|
+# Generating SHA-512
|
|
|
+hash=$(mkpasswd -m sha-512 -S $salt -s <<< $password)
|
|
|
+if [[ -z "$hash" ]]; then
|
|
|
+ echo "Error: password missmatch"
|
|
|
+ echo "$DATE $user $ip failed to login" >> $VESTA/log/auth.log
|
|
|
+ exit 9
|
|
|
+fi
|
|
|
+
|
|
|
+# Checking hash
|
|
|
+result=$(grep "^$user:$hash:" /etc/shadow 2>/dev/null)
|
|
|
+if [[ -z "$result" ]]; then
|
|
|
+ echo "Error: password missmatch"
|
|
|
+ echo "$DATE $user $ip failed to login" >> $VESTA/log/auth.log
|
|
|
+ exit 9
|
|
|
+fi
|
|
|
+
|
|
|
+
|
|
|
+#----------------------------------------------------------#
|
|
|
+# Vesta #
|
|
|
+#----------------------------------------------------------#
|
|
|
+
|
|
|
+# Logging
|
|
|
+echo "$DATE $user $ip successfully logged in" >> $VESTA/log/auth.log
|
|
|
+
|
|
|
+exit
|