bayrepo
/
hestiacp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3a964e54b1'
${ noResults }
hestiacp/bin/v-check-user-password

131 lines
3.5 KiB
Raw Normal View History Unescape

Initial
2 years ago
#!/bin/bash
# info: check user password
# options: USER PASSWORD [IP] [RETURN_HASH]
#
# example: v-check-user-password admin qwerty1234
#
# This function verifies user password from file
#----------------------------------------------------------#
# Variables & Functions #
#----------------------------------------------------------#
# Argument definition
user=$1
password=$2
HIDE=2
ip46=${3-127.0.0.1}
return_hash=$4
# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"
time_n_date=$(date +'%T %F')
time=$(echo "$time_n_date" | cut -f 1 -d \ )
date=$(echo "$time_n_date" | cut -f 2 -d \ )
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER PASSWORD [IP] [RETURN_HASH]'
is_format_valid 'user' 'ip46'
# Checking user
if [ ! -d "$HESTIA/data/users/$user" ]; then
echo "Error: password missmatch"
echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
exit 9
fi
is_password_valid
# Checking empty password
if [[ -z "$password" ]]; then
echo "Error: password missmatch"
echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
exit 9
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Parsing user's salt
shadow=$(grep "^$user:" /etc/shadow | cut -f 2 -d :)
if echo "$shadow" | grep -qE '^\$[0-9a-z]+\$[^\$]+\$'; then
salt=$(echo "$shadow" | cut -f 3 -d \$)
method=$(echo "$shadow" | cut -f 2 -d \$)
if [ "$method" = "y" ]; then
method="yescrypt"
elif [ "$method" -eq '1' ]; then
method='md5'
elif [ "$method" -eq '6' ]; then
method='sha-512'
else
echo "Error: password missmatch"
echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
exit 9
fi
else
salt=${shadow:0:2}
method='des'
fi
if [ -z "$salt" ]; then
echo "Error: password missmatch"
echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
exit 9
fi
if [ "$method" = "yescrypt" ]; then
if which python3 > /dev/null; then
export PASS="$password" SALT="$shadow"
hash=$(python3 -c 'import crypt, os; print(crypt.crypt(os.getenv("PASS"), os.getenv("SALT")))')
else
# Fall back to mkpasswd as fallback
hash=$(mkpasswd "$password" "$shadow")
fi
if [ $? -ne 0 ]; then
echo "Error: password missmatch"
echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
exit 9
fi
else
# Generating hash
set -o noglob
hash=$($BIN/v-generate-password-hash "$method" "$salt" <<< "$password")
if [[ -z "$hash" ]]; then
echo "Error: password missmatch"
echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
exit 9
fi
fi
# Checking hash
result=$(grep "^$user:$hash:" /etc/shadow 2> /dev/null)
if [[ -z "$result" ]]; then
echo "Error: password missmatch"
echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
exit 9
fi
#----------------------------------------------------------#
# Hestia #
#----------------------------------------------------------#
if [ -n "$return_hash" ]; then
echo $hash
fi
# Logging
echo "$date $time $user $ip46 successfully logged in" >> $HESTIA/log/auth.log
exit