From 655e68e0dfac46ded70f143c4cee279a3d57a0d1 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sun, 27 Jan 2013 16:21:16 +0000
Subject: [PATCH] checkpasswd: initial implementation

---
 misc/checkpasswd-mine    |  8 ++++++++
 misc/checkpasswd-other   |  9 +++++++++
 misc/checkpasswd-service | 34 ++++++++++++++++++++++++++++++++++
 3 files changed, 51 insertions(+)
 create mode 100644 misc/checkpasswd-mine
 create mode 100644 misc/checkpasswd-other
 create mode 100755 misc/checkpasswd-service

diff --git a/misc/checkpasswd-mine b/misc/checkpasswd-mine
new file mode 100644
index 0000000..5e3a5a5
--- /dev/null
+++ b/misc/checkpasswd-mine
@@ -0,0 +1,8 @@
+#
+if glob service-user root
+	reset
+	no-set-environment
+	disconnect-hup
+	suppress-args
+	execute checkpasswd-service SELF
+fi
diff --git a/misc/checkpasswd-other b/misc/checkpasswd-other
new file mode 100644
index 0000000..c9a9b59
--- /dev/null
+++ b/misc/checkpasswd-other
@@ -0,0 +1,9 @@
+#
+if ( grep calling-user /etc/userv/checkpasswd-service-users
+   & glob service-user root
+   )
+	reset
+	no-set-environment
+	disconnect-hup
+	execute checkpasswd-service
+fi
diff --git a/misc/checkpasswd-service b/misc/checkpasswd-service
new file mode 100755
index 0000000..5418a7c
--- /dev/null
+++ b/misc/checkpasswd-service
@@ -0,0 +1,34 @@
+#!/usr/bin/perl -w
+use strict;
+use IO::File;
+use Fcntl qw(:flock);
+
+die "$0: bad usage\n" unless @ARGV==1 && $ARGV[0] !~ m/^-/;
+my $username = shift @ARGV;
+$username = $ENV{'USERV_USER'} if $username eq 'SELF';
+
+sub result {
+    print "@_\n" or die $!;
+    exit 0;
+}
+
+my @pwent = getpwnam($username);
+result 4, "no such user" unless @pwent;
+
+my $encrpw= $pwent[1];
+result 5, "password disabled" unless length $encrpw >= 13;
+
+$!=0; my $pw = <STDIN>;
+chomp $pw or die "reading password: $!\n";
+
+my $lockpath = "/var/run/checkpasswd.synch";
+my $lockf = new IO::File $lockpath, "w+" or die "open $lockpath: $!\n";
+flock($lockf, LOCK_EX) or die "lock $lockpath: $!\n";
+select(undef,undef,undef,0.5);
+close $lockf;
+
+my $crval = crypt($pw,$encrpw);
+
+result 2, "incorrect password" unless  $crval eq $encrpw;
+
+result 0, "ok";
-- 
2.30.2