$id$salt$encrypted ID | Method ----------------------------------

1. $id$salt$encrypted
2.  
3. ID | Method
4. ---------------------------------------------------------
5. 1 | MD5
6. 2a | Blowfish (not in mainline glibc; added in some
7. | Linux distributions)
8. 5 | SHA-256 (since glibc 2.7)
9. 6 | SHA-512 (since glibc 2.7)
10.  
11. mkpasswd -5 <the_salt> <the_password>
12.  
13. #!/bin/bash
14. #
15. # login.sh $USERNAME $PASSWORD
16.  
17. #this script doesn't work if it is run as root, since then we don't have to specify a pw for 'su'
18. if [ $(id -u) -eq 0 ]; then
19. echo "This script can't be run as root." 1>&2
20. exit 1
21. fi
22.  
23. if [ ! $# -eq 2 ]; then
24. echo "Wrong Number of Arguments (expected 2, got $#)" 1>&2
25. exit 1
26. fi
27.  
28. USERNAME=$1
29. PASSWORD=$2
30.  
31. #since we use expect inside a bash-script, we have to escape tcl-$.
32. expect << EOF
33. spawn su $USERNAME -c "exit"
34. expect "Password:"
35. send "$PASSWORDr"
36. #expect eof
37.  
38. set wait_result [wait]
39.  
40. # check if it is an OS error or a return code from our command
41. # index 2 should be -1 for OS erro, 0 for command return code
42. if {[lindex $wait_result 2] == 0} {
43. exit [lindex $wait_result 3]
44. }
45. else {
46. exit 1
47. }
48. EOF
49.  
50. #! /bin/bash
51. # (GPL3+) Alberto Salvia Novella (es20490446e)
52.  
53.  
54. passwordHash () {
55. password=${1}
56. salt=${2}
57. encryption=${3}
58.  
59. hashes=$(echo ${password} | openssl passwd -${encryption} -salt ${salt} -stdin)
60. echo $(substring ${hashes} "$" "3")
61. }
62.  
63.  
64. passwordIsValid () {
65. user=${1}
66. password=${2}
67.  
68. encryption=$(secret "encryption" ${user})
69. salt=$(secret "salt" ${user})
70. salted=$(secret "salted" ${user})
71. hash=$(passwordHash ${password} ${salt} ${encryption})
72.  
73. [ ${salted} = ${hash} ] && echo "true" || echo "false"
74. }
75.  
76.  
77. secret () {
78. secret=${1}
79. user=${2}
80. shadow=$(shadow ${user})
81.  
82. if [ ${secret} = "encryption" ]; then
83. position=1
84. elif [ ${secret} = "salt" ]; then
85. position=2
86. elif [ ${secret} = "salted" ]; then
87. position=3
88. fi
89.  
90. echo $(substring ${shadow} "$" ${position})
91. }
92.  
93.  
94. shadow () {
95. user=${1}
96. shadow=$(cat /etc/shadow | grep ${user})
97. shadow=$(substring ${shadow} ":" "1")
98. echo ${shadow}
99. }
100.  
101.  
102. substring () {
103. string=${1}
104. separator=${2}
105. position=${3}
106.  
107. substring=${string//"${separator}"/$'2'}
108. IFS=$'2' read -a substring <<< "${substring}"
109. echo ${substring[${position}]}
110. }
111.  
112.  
113. passwordIsValid ${@}