From 9a44a928ccebdceb5a4dd9a4d67168cc04d1227f Mon Sep 17 00:00:00 2001
From: Ian Moffett <ian@osmora.org>
Date: Sat, 28 Sep 2024 01:10:13 -0400
Subject: ostp.d: auth: Add user authentication

Signed-off-by: Ian Moffett <ian@osmora.org>
---
 tools/pwcheck | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100755 tools/pwcheck

(limited to 'tools/pwcheck')

diff --git a/tools/pwcheck b/tools/pwcheck
new file mode 100755
index 0000000..85cd6c3
--- /dev/null
+++ b/tools/pwcheck
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# Get the current user's username
+USER=""
+PW=""
+
+if [[ $# -lt 2 ]]
+then
+    echo "Usage: pwcheck [username] [password]"
+    exit 1
+fi
+
+PW_HASH=""
+USER="$1"
+PW="$2"
+
+# Get the hashed password from /etc/shadow for the current user
+SHADOW_ENTRY=$(sudo grep "^$USER:" /etc/shadow)
+
+if [ -z "$SHADOW_ENTRY" ]; then
+    echo "User not found in /etc/shadow"
+    exit 1
+fi
+
+HASHED_PW=$(echo "$SHADOW_ENTRY" | cut -d':' -f2)
+SALT=$(echo "$HASHED_PW" | cut -d'$' -f3)
+ALGORITHM=$(echo "$HASHED_PW" | cut -d'$' -f2)
+
+# Yescrypt
+if [[ $ALGORITHM == "y" ]]
+then
+	HASHED_PW=$(echo "$SHADOW_ENTRY" | cut -d':' -f2)
+	SALT=$(echo "$HASHED_PW" | cut -d'$' -f4)
+	PW_HASH=$(mkpasswd "$PW" "\$y\$j9T\$$SALT")
+else
+	PW_HASH=$(echo "$PW" | openssl passwd -stdin -"$ALGORITHM" -salt "$SALT")
+fi
+
+if [ "$PW_HASH" == "$HASHED_PW" ]; then
+    exit 0
+else
+    exit 1
+fi
-- 
cgit v1.2.3