#!/usr/bin/env bash script_name="$(basename $(realpath $0))" working_dir="$(dirname $(realpath $0))" conf_file="${working_dir}/conf/${script_name%%.*}.conf" LOCK_DIR="/tmp/$(basename $0).$$.LOCK" log_file="${LOCK_DIR}/${script_name%%.*}.log" # ---------- # Script settings # ---------- # - Give your default values here # - SALT_LENGTH=8 # ---------- # Base Function(s) # ---------- usage() { [[ -n "$1" ]] && error "$1" [[ $terminal ]] && echo -e " \033[1mUsage:\033[m $(basename $0) \033[1mDescription\033[m Script creates a saltet SHA-512 password hash for use in '/etc/shadow'. The length of salt is '8'. \033[1mOptions\033[m No Options needed. The clear password will be asked for. \033[1mFiles\033[m No configuration files needed \033[1mExample:\033[m Create a saltet SHA512 password hash $(basename $0) " clean_up 1 } clean_up() { # Perform program exit housekeeping rm -rf "$LOCK_DIR" blank_line exit $1 } echononl(){ if $terminal ; then echo X\\c > /tmp/shprompt$$ if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then echo -e -n " $*\\c" 1>&2 else echo -e -n " $*" 1>&2 fi rm /tmp/shprompt$$ fi } fatal(){ echo "" if $terminal ; then echo -e " [ \033[31m\033[1mFatal\033[m ] $*" else echo -e " [ Fatal ] $*" fi echo "" if $terminal ; then echo -e " \033[1mScript terminated\033[m.." else echo -e " Script terminated.." fi echo "" rm -rf $LOCK_DIR exit 1 } error (){ echo "" if $terminal ; then echo -e " [ \033[31m\033[1mError\033[m ] $*" else echo " [ Error ] $*" fi echo "" } warn (){ if $LOGGING || $terminal ; then echo "" if $terminal ; then echo -e " [ \033[33m\033[1mWarn\033[m ] $*" else echo " [ Warn ] $*" fi echo "" fi } info (){ if $LOGGING || $terminal ; then echo "" if $terminal ; then echo -e " [ \033[32m\033[1mInfo\033[m ] $*" else echo " [ Info ] $*" fi echo "" fi } ok (){ if $LOGGING || $terminal ; then echo "" if $terminal ; then echo -e " [ \033[32m\033[1mOk\033[m ] $*" else echo " [ Ok ] $*" fi echo "" fi } echo_done() { if $terminal ; then echo -e "\033[75G[ \033[32mdone\033[m ]" fi } echo_ok() { if $terminal ; then echo -e "\033[75G[ \033[32mok\033[m ]" fi } echo_failed(){ if $terminal ; then echo -e "\033[75G[ \033[1;31mfailed\033[m ]" fi } echo_skipped() { if $terminal ; then echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]" fi } echo_wait(){ if $terminal ; then echo -en "\033[75G[ \033[5m\033[1m...\033[m ]" fi } trim() { local var="$*" var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters echo -n "$var" } blank_line() { if $terminal ; then echo "" fi } # ---------- # - Jobhandling # ---------- # - Run 'clean_up' for signals SIGHUP SIGINT SIGTERM # - trap clean_up SIGHUP SIGINT SIGTERM # - Create lock directory '$LOCK_DIR" # mkdir "$LOCK_DIR" # ---------- # - Some checks .. # ---------- # - Running in a terminal? # - if [[ -t 1 ]] ; then terminal=true else fatal "Script must run in a terminal." fi # - Print help? # - if [[ "$(trim $*)" = "-h" ]] || [[ "$(trim $*)" = "--help" ]] ; then usage fi if [[ -z "$(which basename)" ]]; then fatal 'It seems "basename" is not installed, but needed!' fi if [[ -z "$(which realpath)" ]]; then fatal 'It seems "realpath" is not installed, but needed!' fi # ========== # - Begin Main Script # ========== # ---------- # - Headline # ---------- if $terminal ; then echo "" echo -e "\033[1m----------\033[m" echo -e "\033[32m\033[1mRunning script \033[m\033[1m$script_name\033[32m .. \033[m" echo -e "\033[1m----------\033[m" fi # ---------- # - Read in parameters given by user # ---------- echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert the password for which the password hash should be created." echo "" echo "" _CLEAR_PASSWD_1="X" _CLAER_PASSWD_2="Y" while [[ "$_CLEAR_PASSWD_1" != "$_CLEAR_PASSWD_2" ]] ; do echononl "\033[1mPassword :\033[m " read -s _CLEAR_PASSWD_1 blank_line if [[ "X$_CLEAR_PASSWD_1" = "X" ]]; then echo -e "\n \033[33m\033[1mA password is required!\033[m\n" continue fi echononl "\033[1mRepeat password:\033[m " read -s _CLEAR_PASSWD_2 if [[ "$_CLEAR_PASSWD_1" != "$_CLEAR_PASSWD_2" ]]; then echo -e "\n\n \033[33m\033[1mPasswords did not match!\033[m\n" else CLEAR_PASS="$_CLEAR_PASSWD_1" fi done echo "" echo "" echononl "Print a summary including the clear password? [\033[1myes/no\033[m]: " read OK while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do echononl "\033[33mWrong entry!\033[m [\033[1myes/no\033[m]: " read OK done if [[ "${OK,,}" = "yes" ]] ; then echo "" echo "" echo -e " \033[32m\033[1mParameter Summary:\033[m" echo "" echo " Clear password.............: $CLEAR_PASS" echo "" echononl "Continue with this parameters? [\033[1myes/no\033[m]: " read OK while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do echononl "\033[33mWrong entry!\033[m [\033[1myes/no\033[m]: " read OK done [[ "${OK,,}" = "yes" ]] || fatal "Canceled by user input." fi # ---------- # - Some pre-script tasks .. # ---------- # ---------- # - Main part of script # ---------- SALTED_HASH="$(mkpasswd -m sha-512 -S "$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $SALT_LENGTH | head -n 1)" -s <<< $CLEAR_PASS)" echo "" info "Salted SHA512 password hash:" echo -e "\t\033[1m${SALTED_HASH}\033[m\n" clean_up 0