#!/usr/bin/perl -w # checkpasswd-service # part of userv-utils # # # protocols: # # userv root checkpasswd-self <<'END' # < PASSWORD # < ^D # > STATUS MESSAGE... # # userv root checkpasswd-other USERNAME <<'END' # < PASSWORD # < ^D # > STATUS MESSAGE... # # STATUS MESSAGE may be # 0 ok # 2 incorrect password # 4 no such user # 5 password disabled # # # Copyright (C) 2013 Ian Jackson # # This is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with userv-utils; if not, write to the Free Software # Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. use strict; use IO::File; use Fcntl qw(:flock); my ($lockpath, $delay, $separator, $username) = @ARGV; die "$0: bad usage\n" unless @ARGV == 4 || $lockpath =~ m#^/# || $delay =~ m/^[0-9.]+$/ || $separator eq '--' || $username =~ m/^\w/; $username = $ENV{'USERV_USER'} if $username eq 'SELF'; sub result { print "@_\n" or die $!; exit 0; } my @pwent = getpwnam($username); result 4, "no such user" unless @pwent; my $encrpw= $pwent[1]; result 5, "password disabled" unless length $encrpw >= 13; $!=0; my $pw = ; chomp $pw or die "reading password: $!\n"; my $lockf = new IO::File $lockpath, "w+" or die "open $lockpath: $!\n"; flock($lockf, LOCK_EX) or die "lock $lockpath: $!\n"; select(undef,undef,undef,0.5); close $lockf; my $crval = crypt($pw,$encrpw); result 2, "incorrect password" unless $crval eq $encrpw; result 0, "ok";