#!/bin/bash

# Get the current user's username
USER=""
PW=""

if [[ $# -lt 2 ]]
then
    echo "Usage: pwcheck [username] [password]"
    exit 1
fi

PW_HASH=""
USER="$1"
PW="$2"

# Get the hashed password from /etc/shadow for the current user
SHADOW_ENTRY=$(sudo grep "^$USER:" /etc/shadow)

if [ -z "$SHADOW_ENTRY" ]; then
    echo "User not found in /etc/shadow"
    exit 1
fi

HASHED_PW=$(echo "$SHADOW_ENTRY" | cut -d':' -f2)
SALT=$(echo "$HASHED_PW" | cut -d'$' -f3)
ALGORITHM=$(echo "$HASHED_PW" | cut -d'$' -f2)

# Yescrypt
if [[ $ALGORITHM == "y" ]]
then
	HASHED_PW=$(echo "$SHADOW_ENTRY" | cut -d':' -f2)
	SALT=$(echo "$HASHED_PW" | cut -d'$' -f4)
	PW_HASH=$(mkpasswd "$PW" "\$y\$j9T\$$SALT")
else
	PW_HASH=$(echo "$PW" | openssl passwd -stdin -"$ALGORITHM" -salt "$SALT")
fi

if [ "$PW_HASH" == "$HASHED_PW" ]; then
    exit 0
else
    exit 1
fi