[packages/mkxauth.git] / mkxauth

#!/bin/sh
#
# mkxauth: script to make per-user Xauthority database
# formerly 'newcookie' script; modified 18-Jul-1996 jim knoble
#
########################################################################

#set -x

## default values for some variables
usr_umask=0077
# eventual exit status
sts=0
# verbose operation if blank
opt_vrbopr=''
# eventual string of non-option arguments
cmd_args=''
# filename for per-user Xauthority database
usrauth=.Xauthority
# username for whom to make per-user database
lclusr=`whoami`
# mode for making database; 
# valid values are 'create', 'merge-local', 
# 'merge-ftp', 'merge-rsh', 'merge-rzip',
# and 'none'
xauth_mode='none'
# actual path to target database
dstauth=''
# user to login as for rsh/rzip modes
rmtusr=`whoami`
# host to contact for remote Xauthority databases
rmthst=''
# local user to grab Xauthority from in merge mode
srcusr=''

########################################################################
# help message
function prthlp() {
	echo ""
	echo "  usage:  $0 [-q] [-u <login>] -m <login>"
	echo "          $0 [-q] [-u <login>] -f <host>"
	echo "          $0 [-q] [-u <login>] -r <host> [-l <login>]"
	echo "          $0 [-q] [-u <login>] -z <host> [-l <login>]"
	echo "          $0 [-q] [-u <login>] -c [<host> [<host> ... ]]"
	echo ""
	echo "  create or update an Xauthority database containing authentication"
	echo "  keys for the current user or a specified user on the local host."
	echo ""
	echo "  commands:"
	echo ""
	echo "  -m <login>    merge the Xauthority database from local user <login>"
	echo "                (if readable) with the target .Xauthority"
	echo ""
	echo "  -f <host>     merge a remote Xauthority database with the target"
	echo "                .Xauthority, using ncftp"
	echo ""
	echo "  -r <host>     merge a remote Xauthority database with the target"
	echo "                .Xauthority, using rsh"
	echo ""
	echo "  -z <host>     merge a remote Xauthority database with the target"
	echo "                .Xauthority, using rsh and gzip"
	echo ""
	echo "  -c <host>...  create a local Xauthority database, or add keys to an"
	echo "                existing one, for all hosts listed (uses md5sum).  if"
	echo "                no hosts are listed, assume the local host."
	echo ""
	echo "  options:"
	echo ""
	echo "  -q            quiet operation"
	echo ""
	echo "  -u <login>    create/merge .Xauthority for user <login>"
	echo ""
	echo "  -l <login>    for '-f', '-r' and '-z' modes, use <login> for the"
	echo "                remote login"
	echo ""

	exit 0
}

# check that current user is root
function chkroot() {
    if [ `whoami` != root ]; then
    	echo "sorry---you need to be root" "$*"
	exit 1
    fi
}

# write a message to stdout iff verbose mode on
function msg() {
	if [ -z "$opt_vrbopr" ]; then
		echo "$@"
	fi
}

# check that a command exists
function chkcmdexs() {
	for i in $*; do
		if [ -z `type -p $i` ]; then
			echo "`basename $0`: error: can't find command '$i'"
			exit 1
		fi
	done
}

# check that a file exists, and create it if it doesn't
# *and* if we have write permissions to its parent dir
function chkfilexs() {
    for i in $*; do
        if [ ! -f "$i" ]; then
            if [ -w `dirname $i` ]; then
                msg -n "creating file $i ... "
                touch $i
                msg "done"
            fi
        fi
    done
}

# check if a file is readable
function redabl() {
	local srcfil=$1
	if [ -r "$srcfil" ]; then
		sts=0
	else
		echo "`basename $0`: error: cannot read file $srcfil"
		sts=1
	fi
	return $sts
}

# check if a file is writable
function wrtabl() {
	local dstfil=$1
	if [ -w "$dstfil" ]; then
		sts=0
	else
		echo "`basename $0`: error: cannot write to file $dstfil"
		sts=1
	fi
	return $sts
}

# set the correct ownership for a file
function givusr() {
	local lststs=$1
	local usrnam=$2
	local dstfil=$3
	if [ $lststs = 0 ]; then
		chown $usrnam.$usrnam $dstfil
		sts=0
	else
		msg ""
		echo "`basename $0`: error writing to file $dstfil"
		sts=1
	fi
	return $sts
}

########################################################################
# set our umask so that no one else can read our files
umask $usr_umask

# test some command-line args
while [ "$*" ]; do
    case $1 in
        -h | --help)
            shift
            prthlp
            ;;
        -q | --quiet)
            shift
            opt_vrbopr='-q'
            ;;
        -u | --user)
            shift
            lclusr="$1"
            shift
            ;;
        -l | --login)
            shift
            rmtusr="$1"
            shift
            ;;
        -c | --create)
            shift
            xauth_mode='create'
            ;;
        -m | --merge)
            shift
            xauth_mode='merge-local'
            srcusr="$1"
            shift
            ;;
        -f | --ftp)
            shift
            xauth_mode='merge-ftp'
            rmthst="$1"
            shift
            ;;
        -r | --rsh)
            shift
            xauth_mode='merge-rsh'
            rmthst="$1"
            shift
            ;;
        -z | --rzip)
            shift
            xauth_mode='merge-rzip'
            rmthst="$1"
            shift
            ;;
        -*)
        	echo "`basename $0`: invalid option '$1'"
            shift
            prthlp
            ;;
        *)
            cmd_args="$cmd_args $1"
            shift
            ;;
    esac
done

# if called without a valid command, follow path of least surprise
if [ "$xauth_mode" = "none" ]; then
    prthlp
fi

# figure out if we're allowed to do what we said we wanted to
if [ `whoami` != $lclusr ]; then
    chkroot "to change another user's .Xauthority."
fi

# make sure xauth is available
chkcmdexs xauth

# set name for target Xauthority database
dstauth=`eval echo ~$lclusr/$usrauth`

# figure out what action to take
case $xauth_mode in
    create)
        # create an Xauthority database for user 'userid'.
        # (requires md5sum, xauth)
        chkcmdexs uptime dd md5sum cut
        # create an empty database if one doesn't exist
        chkfilexs $dstauth
        # generate a random key -- depends on md5sum, among others
        key=`(
                whoami
                uptime
		[ \`type -p mcookie\` ] && mcookie
		[ -f /proc/meminfo ] && cat /proc/meminfo
                [ -f /dev/urandom ] && dd if=/dev/urandom bs=16 count=1
            ) 2>&1 | md5sum | cut -f 1 -d ' '`
        # add all hosts specified on command line;
	# if none specified, assume local host.
        authhosts=`hostname`
        if [ "$cmd_args" ]; then
            authhosts="$cmd_args"
        fi
        if wrtabl $dstauth; then
            for i in $authhosts; do 
                msg -n "adding key for $i to $dstauth ... "
                xauth -f $dstauth add $i/unix:0 . $key
                xauth -f $dstauth add $i:0      . $key
                if [ $? != 0 ]; then
                    break
                fi
                msg "done"
            done
            # make sure the user owns the file
            givusr $? $lclusr $dstauth
        fi
        ;;
    merge-local)
        # merge a local Xauthority database (if readable) 
        # from a specified user with the database for local user.
        # (requires xauth)
        srcauth=`eval echo ~$srcusr/$usrauth`
        if redabl $srcauth; then
            mrgcmd="xauth -f $dstauth merge $srcauth"
            mrgmsg="merging $srcauth into $dstauth"
        else
            exit $sts
        fi
        ;;
    merge-ftp)
        # merge a remote Xauthority database with the local one
        # for local user, using ncftp.
        # (requires ncftp, xauth)
        chkcmdexs ncftp
        srcauth="$rmtusr@$rmthst:$usrauth"
        if [ -z "$opt_vrbopr" ]; then
            ftp_vrbopr="-V quiet"
        else
            ftp_vrbopr="-V quiet"
        fi
        mrgcmd='ncftp $ftp_vrbopr <<-ENDFTPCMD
		open -ui $rmthst
		$rmtusr
		get $usrauth "|xauth -f $dstauth merge -"
		quit
		ENDFTPCMD'
        mrgmsg="merging $srcauth into $dstauth"
        ;;
    merge-rsh)
        # merge a remote Xauthority database with the local one
        # for local user, using rsh
        # (requires rsh, xauth)
        chkcmdexs rsh
        srcauth="$rmtusr@$rmthst:$usrauth"
        mrgcmd="{ rsh -l $rmtusr $rmthst cat $usrauth } \
            | { xauth -f $dstauth merge - }"
        mrgmsg="merging $srcauth into $dstauth"
        ;;
    merge-rzip)
        # merge a remote Xauthority database with the local one
        # for local user, using rsh and gzip.
        # (requires rsh, gzip, xauth)
        chkcmdexs rsh gzip
        srcauth="$rmtusr@$rmthst:$usrauth"
        mrgcmd="{ rsh -l $rmtusr $rmthst gzip -c $usrauth } \
            | { gzip -dc } \
            | { xauth -f $dstauth merge - }"
        mrgmsg="merging $srcauth into $dstauth"
        ;;
    *)
        # something's hosed
    	echo "oops!  xauth_mode = '$xauth_mode' - this shouldn't happen."
        sts=1
        ;;
esac

# actually perform merge, if requested
case $xauth_mode in
    merge-*)
        # create an empty database if one doesn't exist
        chkfilexs $dstauth
        # perform the requested merge, if the target database is writable
        if wrtabl $dstauth; then
            msg "$mrgmsg ... "
            eval "$mrgcmd"
            # if successful, make sure the user owns the file
            if givusr $? $lclusr $dstauth; then
                msg "done"
            fi
        fi
        ;;
esac

exit $sts
Commit	Line	Data
7c40b729 JR	1	#!/bin/sh
	2	#
	3	# mkxauth: script to make per-user Xauthority database
	4	# formerly 'newcookie' script; modified 18-Jul-1996 jim knoble
	5	#
	6	########################################################################
7c40b729 JR	7
	8	#set -x
	9
	10	## default values for some variables
	11	usr_umask=0077
	12	# eventual exit status
	13	sts=0
	14	# verbose operation if blank
	15	opt_vrbopr=''
	16	# eventual string of non-option arguments
	17	cmd_args=''
	18	# filename for per-user Xauthority database
	19	usrauth=.Xauthority
	20	# username for whom to make per-user database
	21	lclusr=`whoami`
	22	# mode for making database;
	23	# valid values are 'create', 'merge-local',
	24	# 'merge-ftp', 'merge-rsh', 'merge-rzip',
	25	# and 'none'
	26	xauth_mode='none'
	27	# actual path to target database
	28	dstauth=''
	29	# user to login as for rsh/rzip modes
	30	rmtusr=`whoami`
	31	# host to contact for remote Xauthority databases
	32	rmthst=''
	33	# local user to grab Xauthority from in merge mode
	34	srcusr=''
	35
	36	########################################################################
	37	# help message
	38	function prthlp() {
8f870adb	39	echo ""
	40	echo " usage: $0 [-q] [-u <login>] -m <login>"
	41	echo " $0 [-q] [-u <login>] -f <host>"
	42	echo " $0 [-q] [-u <login>] -r <host> [-l <login>]"
	43	echo " $0 [-q] [-u <login>] -z <host> [-l <login>]"
	44	echo " $0 [-q] [-u <login>] -c [<host> [<host> ... ]]"
	45	echo ""
	46	echo " create or update an Xauthority database containing authentication"
	47	echo " keys for the current user or a specified user on the local host."
	48	echo ""
	49	echo " commands:"
	50	echo ""
	51	echo " -m <login> merge the Xauthority database from local user <login>"
	52	echo " (if readable) with the target .Xauthority"
	53	echo ""
	54	echo " -f <host> merge a remote Xauthority database with the target"
	55	echo " .Xauthority, using ncftp"
	56	echo ""
	57	echo " -r <host> merge a remote Xauthority database with the target"
	58	echo " .Xauthority, using rsh"
	59	echo ""
	60	echo " -z <host> merge a remote Xauthority database with the target"
	61	echo " .Xauthority, using rsh and gzip"
	62	echo ""
	63	echo " -c <host>... create a local Xauthority database, or add keys to an"
	64	echo " existing one, for all hosts listed (uses md5sum). if"
	65	echo " no hosts are listed, assume the local host."
	66	echo ""
	67	echo " options:"
	68	echo ""
	69	echo " -q quiet operation"
	70	echo ""
	71	echo " -u <login> create/merge .Xauthority for user <login>"
	72	echo ""
	73	echo " -l <login> for '-f', '-r' and '-z' modes, use <login> for the"
	74	echo " remote login"
	75	echo ""
7c40b729	76
8f870adb	77	exit 0
7c40b729 JR	78	}
	79
	80	# check that current user is root
	81	function chkroot() {
	82	if [ `whoami` != root ]; then
8f870adb	83	echo "sorry---you need to be root" "$*"
8f870adb	84	exit 1
7c40b729 JR	85	fi
	86	}
	87
	88	# write a message to stdout iff verbose mode on
	89	function msg() {
8f870adb	90	if [ -z "$opt_vrbopr" ]; then
	91	echo "$@"
	92	fi
7c40b729 JR	93	}
	94
	95	# check that a command exists
	96	function chkcmdexs() {
8f870adb	97	for i in $*; do
	98	if [ -z `type -p $i` ]; then
	99	echo "`basename $0`: error: can't find command '$i'"
	100	exit 1
	101	fi
	102	done
7c40b729 JR	103	}
	104
	105	# check that a file exists, and create it if it doesn't
	106	# and if we have write permissions to its parent dir
	107	function chkfilexs() {
	108	for i in $*; do
	109	if [ ! -f "$i" ]; then
	110	if [ -w `dirname $i` ]; then
	111	msg -n "creating file $i ... "
	112	touch $i
	113	msg "done"
	114	fi
	115	fi
	116	done
	117	}
	118
	119	# check if a file is readable
	120	function redabl() {
8f870adb	121	local srcfil=$1
	122	if [ -r "$srcfil" ]; then
	123	sts=0
	124	else
	125	echo "`basename $0`: error: cannot read file $srcfil"
	126	sts=1
	127	fi
	128	return $sts
7c40b729 JR	129	}
	130
	131	# check if a file is writable
	132	function wrtabl() {
8f870adb	133	local dstfil=$1
	134	if [ -w "$dstfil" ]; then
	135	sts=0
	136	else
	137	echo "`basename $0`: error: cannot write to file $dstfil"
	138	sts=1
	139	fi
	140	return $sts
7c40b729 JR	141	}
	142
	143	# set the correct ownership for a file
	144	function givusr() {
8f870adb	145	local lststs=$1
	146	local usrnam=$2
	147	local dstfil=$3
	148	if [ $lststs = 0 ]; then
	149	chown $usrnam.$usrnam $dstfil
	150	sts=0
	151	else
	152	msg ""
	153	echo "`basename $0`: error writing to file $dstfil"
	154	sts=1
	155	fi
	156	return $sts
7c40b729 JR	157	}
	158
	159	########################################################################
	160	# set our umask so that no one else can read our files
	161	umask $usr_umask
	162
	163	# test some command-line args
	164	while [ "$*" ]; do
	165	case $1 in
	166	-h \| --help)
	167	shift
	168	prthlp
	169	;;
	170	-q \| --quiet)
	171	shift
	172	opt_vrbopr='-q'
	173	;;
	174	-u \| --user)
	175	shift
	176	lclusr="$1"
	177	shift
	178	;;
	179	-l \| --login)
	180	shift
	181	rmtusr="$1"
	182	shift
	183	;;
	184	-c \| --create)
	185	shift
	186	xauth_mode='create'
	187	;;
	188	-m \| --merge)
	189	shift
	190	xauth_mode='merge-local'
	191	srcusr="$1"
	192	shift
	193	;;
	194	-f \| --ftp)
	195	shift
	196	xauth_mode='merge-ftp'
	197	rmthst="$1"
	198	shift
	199	;;
	200	-r \| --rsh)
	201	shift
	202	xauth_mode='merge-rsh'
	203	rmthst="$1"
	204	shift
	205	;;
	206	-z \| --rzip)
	207	shift
	208	xauth_mode='merge-rzip'
	209	rmthst="$1"
	210	shift
	211	;;
	212	-*)
8f870adb	213	echo "`basename $0`: invalid option '$1'"
7c40b729 JR	214	shift
	215	prthlp
	216	;;
	217	*)
	218	cmd_args="$cmd_args $1"
	219	shift
	220	;;
	221	esac
	222	done
	223
	224	# if called without a valid command, follow path of least surprise
	225	if [ "$xauth_mode" = "none" ]; then
	226	prthlp
	227	fi
	228
	229	# figure out if we're allowed to do what we said we wanted to
	230	if [ `whoami` != $lclusr ]; then
	231	chkroot "to change another user's .Xauthority."
	232	fi
	233
	234	# make sure xauth is available
	235	chkcmdexs xauth
	236
	237	# set name for target Xauthority database
	238	dstauth=`eval echo ~$lclusr/$usrauth`
	239
	240	# figure out what action to take
	241	case $xauth_mode in
	242	create)
	243	# create an Xauthority database for user 'userid'.
	244	# (requires md5sum, xauth)
	245	chkcmdexs uptime dd md5sum cut
	246	# create an empty database if one doesn't exist
	247	chkfilexs $dstauth
	248	# generate a random key -- depends on md5sum, among others
	249	key=`(
	250	whoami
	251	uptime
	252	[ \`type -p mcookie\` ] && mcookie
	253	[ -f /proc/meminfo ] && cat /proc/meminfo
	254	[ -f /dev/urandom ] && dd if=/dev/urandom bs=16 count=1
	255	) 2>&1 \| md5sum \| cut -f 1 -d ' '`
	256	# add all hosts specified on command line;
	257	# if none specified, assume local host.
	258	authhosts=`hostname`
	259	if [ "$cmd_args" ]; then
	260	authhosts="$cmd_args"
	261	fi
	262	if wrtabl $dstauth; then
	263	for i in $authhosts; do
	264	msg -n "adding key for $i to $dstauth ... "
	265	xauth -f $dstauth add $i/unix:0 . $key
	266	xauth -f $dstauth add $i:0 . $key
	267	if [ $? != 0 ]; then
	268	break
	269	fi
	270	msg "done"
	271	done
	272	# make sure the user owns the file
	273	givusr $? $lclusr $dstauth
	274	fi
	275	;;
	276	merge-local)
	277	# merge a local Xauthority database (if readable)
278	# from a specified user with the database for local user.
279	# (requires xauth)
280	srcauth=`eval echo ~$srcusr/$usrauth`
281	if redabl $srcauth; then
282	mrgcmd="xauth -f $dstauth merge $srcauth"
283	mrgmsg="merging $srcauth into $dstauth"
284	else
285	exit $sts
286	fi
287	;;
288	merge-ftp)
289	# merge a remote Xauthority database with the local one
290	# for local user, using ncftp.
291	# (requires ncftp, xauth)
292	chkcmdexs ncftp
293	srcauth="$rmtusr@$rmthst:$usrauth"
294	if [ -z "$opt_vrbopr" ]; then
295	ftp_vrbopr="-V quiet"
296	else
297	ftp_vrbopr="-V quiet"
298	fi
299	mrgcmd='ncftp $ftp_vrbopr <<-ENDFTPCMD
300	open -ui $rmthst
301	$rmtusr
302	get $usrauth "\|xauth -f $dstauth merge -"
303	quit
304	ENDFTPCMD'
305	mrgmsg="merging $srcauth into $dstauth"
306	;;
307	merge-rsh)
308	# merge a remote Xauthority database with the local one
309	# for local user, using rsh
310	# (requires rsh, xauth)
311	chkcmdexs rsh
312	srcauth="$rmtusr@$rmthst:$usrauth"
313	mrgcmd="{ rsh -l $rmtusr $rmthst cat $usrauth } \
314	\| { xauth -f $dstauth merge - }"
315	mrgmsg="merging $srcauth into $dstauth"
316	;;
317	merge-rzip)
318	# merge a remote Xauthority database with the local one
319	# for local user, using rsh and gzip.
320	# (requires rsh, gzip, xauth)
321	chkcmdexs rsh gzip
322	srcauth="$rmtusr@$rmthst:$usrauth"
323	mrgcmd="{ rsh -l $rmtusr $rmthst gzip -c $usrauth } \
324	\| { gzip -dc } \
325	\| { xauth -f $dstauth merge - }"
326	mrgmsg="merging $srcauth into $dstauth"
327	;;
328	*)
329	# something's hosed
8f870adb	330	echo "oops! xauth_mode = '$xauth_mode' - this shouldn't happen."
7c40b729 JR	331	sts=1
	332	;;
	333	esac
	334
	335	# actually perform merge, if requested
	336	case $xauth_mode in
	337	merge-*)
	338	# create an empty database if one doesn't exist
	339	chkfilexs $dstauth
	340	# perform the requested merge, if the target database is writable
	341	if wrtabl $dstauth; then
	342	msg "$mrgmsg ... "
	343	eval "$mrgcmd"
	344	# if successful, make sure the user owns the file
	345	if givusr $? $lclusr $dstauth; then
	346	msg "done"
	347	fi
	348	fi
	349	;;
	350	esac
	351
	352	exit $sts