checkpasswd: initial implementation

3 files changed, 51 insertions, 0 deletions

diff --git a/misc/checkpasswd-mine b/misc/checkpasswd-mine
new file mode 100644
index 0000000..5e3a5a5
--- /dev/null
+++ b/misc/checkpasswd-mine
@@ -0,0 +1,8 @@
+#
+if glob service-user root
+	reset
+	no-set-environment
+	disconnect-hup
+	suppress-args
+	execute checkpasswd-service SELF
+fi
diff --git a/misc/checkpasswd-other b/misc/checkpasswd-other
new file mode 100644
index 0000000..c9a9b59
--- /dev/null
+++ b/misc/checkpasswd-other
@@ -0,0 +1,9 @@
+#
+if ( grep calling-user /etc/userv/checkpasswd-service-users
+   & glob service-user root
+   )
+	reset
+	no-set-environment
+	disconnect-hup
+	execute checkpasswd-service
+fi
diff --git a/misc/checkpasswd-service b/misc/checkpasswd-service
new file mode 100755
index 0000000..5418a7c
--- /dev/null
+++ b/misc/checkpasswd-service
@@ -0,0 +1,34 @@
+#!/usr/bin/perl -w
+use strict;
+use IO::File;
+use Fcntl qw(:flock);
+
+die "$0: bad usage\n" unless @ARGV==1 && $ARGV[0] !~ m/^-/;
+my $username = shift @ARGV;
+$username = $ENV{'USERV_USER'} if $username eq 'SELF';
+
+sub result {
+    print "@_\n" or die $!;
+    exit 0;
+}
+
+my @pwent = getpwnam($username);
+result 4, "no such user" unless @pwent;
+
+my $encrpw= $pwent[1];
+result 5, "password disabled" unless length $encrpw >= 13;
+
+$!=0; my $pw = <STDIN>;
+chomp $pw or die "reading password: $!\n";
+
+my $lockpath = "/var/run/checkpasswd.synch";
+my $lockf = new IO::File $lockpath, "w+" or die "open $lockpath: $!\n";
+flock($lockf, LOCK_EX) or die "lock $lockpath: $!\n";
+select(undef,undef,undef,0.5);
+close $lockf;
+
+my $crval = crypt($pw,$encrpw);
+
+result 2, "incorrect password" unless  $crval eq $encrpw;
+
+result 0, "ok";