xs/hkexpasswd/hkexpasswd.go

// Util to generate/store passwords for users in a file akin to /etc/passwd
// suitable for the demo hkexsh server, using bcrypt.
//
// Copyright (c) 2017-2018 Russell Magee
// Licensed under the terms of the MIT license (see LICENSE.mit in this
// distribution)
//
// golang implementation by Russ Magee (rmagee_at_gmail.com)
package main

import (
	"bytes"
	"encoding/csv"
	"flag"
	"fmt"
	"io/ioutil"
	"log"
	"os"
	"os/user"

	"github.com/jameskeane/bcrypt"
	hkexsh "blitter.com/go/hkexsh"
)

func main() {
	var pfName string
	var newpw string
	var confirmpw string
	var userName string

	flag.StringVar(&userName, "u", "", "username")
	flag.StringVar(&pfName, "f", "/etc/hkexsh.passwd", "passwd file")
	flag.Parse()

	var uname string
	if len(userName) == 0 {
		log.Println("specify username with -u")
		os.Exit(1)
	}

	u, err := user.Lookup(userName)
	if err != nil {
		log.Printf("Invalid user %s\n", userName)
		log.Fatal(err)
	}
	uname = u.Username

	fmt.Printf("New Password:")
	ab, err := hkexsh.ReadPassword(int(os.Stdin.Fd()))
	fmt.Printf("\r\n")
	if err != nil {
		log.Fatal(err)
		os.Exit(1)
	}
	newpw = string(ab)

	fmt.Printf("Confirm:")
	ab, err = hkexsh.ReadPassword(int(os.Stdin.Fd()))
	fmt.Printf("\r\n")
	if err != nil {
		log.Fatal(err)
		os.Exit(1)
	}
	confirmpw = string(ab)

	if confirmpw != newpw {
		log.Println("New passwords do not match.")
		os.Exit(1)
	}

	// generate a random salt with specific rounds of complexity
	// (default in jameskeane/bcrypt is 12 but we'll be explicit here)
	salt, err := bcrypt.Salt(12)
	if err != nil {
		fmt.Println("ERROR: bcrypt.Salt() failed.")
		os.Exit(2)
	}

	// hash and verify a password with explicit (random) salt
	hash, err := bcrypt.Hash(newpw, salt)
	if err != nil || !bcrypt.Match(newpw, hash) {
		fmt.Println("ERROR: bcrypt.Match() failed.")
		log.Fatal(err)
	}
	//fmt.Println("Salt:", salt, "Hash:", hash)

	b, err := ioutil.ReadFile(pfName)
	if err != nil {
		log.Fatal(err)
	}
	r := csv.NewReader(bytes.NewReader(b))

	r.Comma = ':'
	r.Comment = '#'
	r.FieldsPerRecord = 4 // username:salt:authCookie:disallowedCmdList (a,b,...)

	records, err := r.ReadAll()
	if err != nil {
		log.Fatal(err)
	}
	for i, _ := range records {
		//fmt.Println(records[i])
		if records[i][0] == uname {
			records[i][1] = salt
			records[i][2] = hash
		}
		//// csv lib doesn't preserve comment in record, so put it back
		//if records[i][0][0] == '!' {
		//	records[i][0] = "#" + records[i][0]
		//}
	}

	outFile, err := ioutil.TempFile("", "hkexsh-passwd")
	if err != nil {
		log.Fatal(err)
	}
	w := csv.NewWriter(outFile)
	w.Comma = ':'
	//w.FieldsPerRecord = 4 // username:salt:authCookie:disallowedCmdList (a,b,...)
	w.Write([]string{"#username", "salt", "authCookie", "disallowedCmdList"})
	w.WriteAll(records)
	if err = w.Error(); err != nil {
		log.Fatal(err)
	}

	err = os.Remove(pfName)
	if err != nil {
		log.Fatal(err)
	}
	err = os.Rename(outFile.Name(), pfName)
	if err != nil {
		log.Fatal(err)
	}
}
Added hkexpasswd util; moved minimal term stuff into hkexauth.go 2018-01-23 21:53:05 +00:00			`// Util to generate/store passwords for users in a file akin to /etc/passwd`
			`// suitable for the demo hkexsh server, using bcrypt.`
misc. cleanup, LICENSE.{gpl,mit} updates 2018-04-07 20:04:10 +00:00			`//`
			`// Copyright (c) 2017-2018 Russell Magee`
			`// Licensed under the terms of the MIT license (see LICENSE.mit in this`
			`// distribution)`
			`//`
			`// golang implementation by Russ Magee (rmagee_at_gmail.com)`
Added hkexpasswd util; moved minimal term stuff into hkexauth.go 2018-01-23 21:53:05 +00:00			`package main`

			`import (`
			`"bytes"`
			`"encoding/csv"`
			`"flag"`
			`"fmt"`
			`"io/ioutil"`
			`"log"`
			`"os"`
			`"os/user"`

			`"github.com/jameskeane/bcrypt"`
-Added error checking for all stages of hkex.Conn.Accept() and GetStream() -Server will log such errors without panic/exit -Const added but not yet used for 'chaff' packets 2018-04-28 23:05:33 +00:00			`hkexsh "blitter.com/go/hkexsh"`
Added hkexpasswd util; moved minimal term stuff into hkexauth.go 2018-01-23 21:53:05 +00:00			`)`

			`func main() {`
			`var pfName string`
			`var newpw string`
			`var confirmpw string`
			`var userName string`

			`flag.StringVar(&userName, "u", "", "username")`
			`flag.StringVar(&pfName, "f", "/etc/hkexsh.passwd", "passwd file")`
			`flag.Parse()`

			`var uname string`
			`if len(userName) == 0 {`
			`log.Println("specify username with -u")`
			`os.Exit(1)`
			`}`

			`u, err := user.Lookup(userName)`
			`if err != nil {`
			`log.Printf("Invalid user %s\n", userName)`
			`log.Fatal(err)`
			`}`
			`uname = u.Username`

			`fmt.Printf("New Password:")`
MSYS+mintty support; pkg renaming to hkexsh 2018-04-04 22:43:27 +00:00			`ab, err := hkexsh.ReadPassword(int(os.Stdin.Fd()))`
Added hkexpasswd util; moved minimal term stuff into hkexauth.go 2018-01-23 21:53:05 +00:00			`fmt.Printf("\r\n")`
			`if err != nil {`
			`log.Fatal(err)`
			`os.Exit(1)`
			`}`
			`newpw = string(ab)`

			`fmt.Printf("Confirm:")`
MSYS+mintty support; pkg renaming to hkexsh 2018-04-04 22:43:27 +00:00			`ab, err = hkexsh.ReadPassword(int(os.Stdin.Fd()))`
Added hkexpasswd util; moved minimal term stuff into hkexauth.go 2018-01-23 21:53:05 +00:00			`fmt.Printf("\r\n")`
			`if err != nil {`
			`log.Fatal(err)`
			`os.Exit(1)`
			`}`
			`confirmpw = string(ab)`

			`if confirmpw != newpw {`
			`log.Println("New passwords do not match.")`
			`os.Exit(1)`
			`}`

			`// generate a random salt with specific rounds of complexity`
			`// (default in jameskeane/bcrypt is 12 but we'll be explicit here)`
			`salt, err := bcrypt.Salt(12)`
			`if err != nil {`
			`fmt.Println("ERROR: bcrypt.Salt() failed.")`
			`os.Exit(2)`
			`}`

			`// hash and verify a password with explicit (random) salt`
			`hash, err := bcrypt.Hash(newpw, salt)`
			`if err != nil \|\| !bcrypt.Match(newpw, hash) {`
			`fmt.Println("ERROR: bcrypt.Match() failed.")`
			`log.Fatal(err)`
			`}`
			`//fmt.Println("Salt:", salt, "Hash:", hash)`

			`b, err := ioutil.ReadFile(pfName)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`r := csv.NewReader(bytes.NewReader(b))`

			`r.Comma = ':'`
			`r.Comment = '#'`
			`r.FieldsPerRecord = 4 // username:salt:authCookie:disallowedCmdList (a,b,...)`

			`records, err := r.ReadAll()`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`for i, _ := range records {`
			`//fmt.Println(records[i])`
			`if records[i][0] == uname {`
			`records[i][1] = salt`
			`records[i][2] = hash`
			`}`
			`//// csv lib doesn't preserve comment in record, so put it back`
			`//if records[i][0][0] == '!' {`
			`// records[i][0] = "#" + records[i][0]`
			`//}`
			`}`

			`outFile, err := ioutil.TempFile("", "hkexsh-passwd")`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`w := csv.NewWriter(outFile)`
			`w.Comma = ':'`
			`//w.FieldsPerRecord = 4 // username:salt:authCookie:disallowedCmdList (a,b,...)`
			`w.Write([]string{"#username", "salt", "authCookie", "disallowedCmdList"})`
			`w.WriteAll(records)`
			`if err = w.Error(); err != nil {`
			`log.Fatal(err)`
			`}`

			`err = os.Remove(pfName)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`err = os.Rename(outFile.Name(), pfName)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`}`