auth.tcl Annotations

User and password management. Including procedures to: * Change & validate user paswords * Add & delete a user accounts * Login a user

Procedure Detail

adduser

proc adduser { user shell {pass {}} }

Create a new user account

Parameters:

user - The username string.

shell - The user shell. MikroConf shell is used if not provided.

pass - The cleartext password string for the new user. Login is dissabled if not provided.

Returns:

The MD5 checksum of the new password, or nothing if no password was provided. @error

Defined in:

auth.tcl, line 393

crypt

proc crypt { pass {salt {}} }

Compute the MD5 checksum of a string. The resultant form is appropriate for the shadow file: $1$8ch_salt$24ch_encrypted_pass

Parameters:

pass - The password cleartext string

salt - A string to use as a salt as per 'cryptpw'. If not specified 'cryptpw' will select one randomly.

Returns:

The encrypted and appropriate formated password @error

Defined in:

auth.tcl, line 204

deluser

proc deluser { user }

Delete a user account from the system

Parameters:

user - The username string

Returns:

nothing for success @error

Defined in:

auth.tcl, line 422

islocked

proc islocked { user }

Find if a user account is locked/unlocked.

Parameters:

user - User name.

Returns:

true if locked, false if unlocked or non-existent.

Defined in:

auth.tcl, line 377

lock

proc lock { user }

Lock a user account: Cannot be used to login. Ignore if user account already locked. @depend on 'passwd' output.

Parameters:

user - User name. @error

Defined in:

auth.tcl, line 339

login

proc login { {user {}} }

Returns:

1 on successful login, 0 otherwise and reason is logged

Defined in:

auth.tcl, line 142

makeroot

proc makeroot { user }

Give root privileges to a user account. @assume The requested user belongs to a group with same name as the username.

Parameters:

user - The username string. @error

Defined in:

auth.tcl, line 313

name_is_ok

proc name_is_ok { user }

Verify that username string is syntactically correct (length, character composition, etc). It logs if something is wrong with the input.

Parameters:

user - The username string

Returns:

1 if username is ok, otherwise 0 and log reason

Defined in:

auth.tcl, line 83

pass_is_ok

proc pass_is_ok { pass }

Verify that password string is syntactically correct (length, character composition, etc). It logs if something is wrong with the input. This procedure also makes sure that the password string does not start with the magic prefix $1$, which signifies within MikroConf an encrypted password.

Parameters:

pass - The password string

Returns:

1 if username is ok, otherwise 0 and log reason

Defined in:

auth.tcl, line 111

passwd

proc passwd { user newpass {nocrypt {}} }

Change user password, without asking for the old one. No need to unlock a locked account. @assume We use shadow passwords

Parameters:

user - The username string.

newpass - The new password string (cleartext) to change to.

nocrypt - When set to something then password is assumed to be already encrypted.

Returns:

The MD5 checksum of the new password. @error

Defined in:

auth.tcl, line 251

unlock

proc unlock { user }

Unlock a user account: Can be used to login. Ignore if user account already unlocked. @depend on 'passwd' output.

Parameters:

user - User name. @error

Defined in:

auth.tcl, line 359

user_exists

proc user_exists { user }

Check if a username is used in the system

Parameters:

user - The username string

Returns:

'1' if username exist, otherwise '0 and log (including error conditions)

Defined in:

auth.tcl, line 225

verify

proc verify { user pass }

Verify that supplied username and password is correct.

Parameters:

user - The username string

pass - The password string

Returns:

1 for successful verification, 0 otherwise and log reason @error

Defined in:

auth.tcl, line 38