shadow language

main.go

@@ -7,6 +7,7 @@
 //go:generate peg -strict popl04/F1.peg
 //go:generate peg rfc1459/rfc1459.peg
 //go:generate peg rfc2812/rfc2812.peg
+//go:generate peg -strict shadow/shadow.peg
 
 package main
 
@@ -25,6 +26,7 @@ import (
 	"github.com/heyitsanthony/grammars/popl04"
 	"github.com/heyitsanthony/grammars/rfc1459"
 	"github.com/heyitsanthony/grammars/rfc2812"
+	"github.com/heyitsanthony/grammars/shadow"
 )
 
 var (
@@ -47,6 +49,7 @@ func newPeg1(s string) g    { return &peg1.Grammar{Buffer: s, Pretty: true} }
 func newPopl04(s string) g  { return &popl04.Grammar{Buffer: s, Pretty: true} }
 func newRFC1459(s string) g { return &rfc1459.Grammar{Buffer: s, Pretty: true} }
 func newRFC2812(s string) g { return &rfc2812.Grammar{Buffer: s, Pretty: true} }
+func newShadow(s string) g  { return &shadow.Grammar{Buffer: s, Pretty: true} }
 
 var grammars = map[string](func(string) g){
 	"crontab": newCrontab,
@@ -58,6 +61,7 @@ var grammars = map[string](func(string) g){
 	"popl04":  newPopl04,
 	"rfc1459": newRFC1459,
 	"rfc2812": newRFC2812,
+	"shadow":  newShadow,
 }
 
 func do(g g) error {

shadow/shadow.peg

@@ -0,0 +1,107 @@
+# Adapted from the "File Formats and Conversions" shadow(5) manpage.
+# shadow - shadowed password file
+package shadow
+
+type Grammar Peg {}
+
+# shadow is a file which contains the password information for the system's accounts and optional aging information.
+shadow <- (line '\n')* !.
+
+# Each line of this file contains 9 fields, separated by colons (":").
+line <- login_name ':'
+	encrypted_password ':'
+	date_of_last_password_change ':'
+	minimum_password_age ':'
+	maximum_password_age ':'
+	password_warning_period ':'
+	password_inactivity_period ':'
+	account_expiration_date ':'
+	reserved_field
+
+# login name
+#
+# It must be a valid account name, which exist on the system.
+login_name <- (![:\n].)*
+
+# encrypted password
+#
+# Refer to crypt(3) for details on how this string is interpreted.
+#
+# the password field contains some string that is not a valid result of crypt(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means).
+#
+# This field may be empty, in which case no passwords are required to authenticate as the specified login name. However, some applications which read the /etc/shadow file may decide not to permit any access at all if the password field is empty.
+#
+# A password field which starts with a exclamation mark means that the password is locked. The remaining characters on the line represent the password field before the password was locked.
+encrypted_password <- _crypt3 / _locked / _noauth / _null
+
+# From crypt(3)
+_crypt3 <- '$' _id '$' _salt '$' _encrypted
+_id <- _md5/_blowfish/_sha256/_sha512
+_md5 <- '1'
+_blowfish <- '2a'
+_sha256 <- '5'
+_sha512 <- '6'
+# TODO: precisely match salt with expected number of characters
+_salt <- [a-zA-Z0-9./]+
+_encrypted <- [a-zA-Z0-9./]+
+
+_locked <- '!' encrypted_password
+_noauth <- '*'
+_null <- &':'
+
+# date of last password change
+#
+# The date of the last password change, expressed as the number of days since Jan 1, 1970.
+#
+# The value 0 has a special meaning, which is that the user should change her password the next time she will log in the system.
+#
+# An empty field means that password aging features are disabled.
+date_of_last_password_change <- [0-9]*
+
+# minimum password age
+#
+# The minimum password age is the number of days the user will have to wait before she will be allowed to change her password again.
+#
+# An empty field and value 0 mean that there are no minimum password age.
+minimum_password_age <- [0-9]*
+
+# maximum password age
+#
+# The maximum password age is the number of days after which the user will have to change her password.
+#
+# After this number of days is elapsed, the password may still be valid. The user should be asked to change her password the next time she will log in.
+# An empty field means that there are no maximum password age, no password warning period, and no password inactivity period (see below).
+#
+# If the maximum password age is lower than the minimum password age, the user cannot change her password.
+maximum_password_age <- [0-9]*
+
+# password warning period
+#
+# The number of days before a password is going to expire (see the maximum password age above) during which the user should be warned.
+#
+# An empty field and value 0 mean that there are no password warning period.
+password_warning_period <- [0-9]*
+
+# password inactivity period
+#
+# The number of days after a password has expired (see the maximum password age above) during which the password should still be accepted (and the user should update her password during the next login).
+#
+# After expiration of the password and this expiration period is elapsed, no login is possible using the current user's password. The user should contact her administrator.
+#
+# An empty field means that there are no enforcement of an inactivity period.
+password_inactivity_period <- [0-9]*
+
+# account expiration date
+#
+# The date of expiration of the account, expressed as the number of days since Jan 1, 1970.
+#
+# Note that an account expiration differs from a password expiration. In case of an acount expiration, the user shall not be allowed to login. In case of a password expiration, the user is not allowed to login using her password.
+#
+# An empty field means that the account will never expire.
+#
+# The value 0 should not be used as it is interpreted as either an account with no expiration, or as an expiration on Jan 1, 1970.
+account_expiration_date <- [0-9]*
+
+# reserved field
+# This field is reserved for future use.
+reserved_field <- &('\n'/!.)