|
|
|
#!/usr/bin/perl
|
|
|
|
#
|
|
|
|
# This program sets/changes passwords on the Anvil! platform (nodes and dashboards).
|
|
|
|
#
|
|
|
|
# Exit codes;
|
|
|
|
# 0 = Normal exit.
|
|
|
|
# 1 = The program is not running as root.
|
|
|
|
# 2 = Failed to connect to database(s).
|
|
|
|
# 3 = User didn't enter a password or the passwords didn't match.
|
|
|
|
# 4 = The password file doesn't exist, wasn't readable or was empty.
|
|
|
|
#
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use warnings;
|
|
|
|
use Data::Dumper;
|
|
|
|
use Anvil::Tools;
|
|
|
|
|
|
|
|
my $THIS_FILE = ($0 =~ /^.*\/(.*)$/)[0];
|
|
|
|
my $running_directory = ($0 =~ /^(.*?)\/$THIS_FILE$/)[0];
|
|
|
|
if (($running_directory =~ /^\./) && ($ENV{PWD}))
|
|
|
|
{
|
|
|
|
$running_directory =~ s/^\./$ENV{PWD}/;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Turn off buffering so that the pinwheel will display while waiting for the SSH call(s) to complete.
|
|
|
|
$| = 1;
|
|
|
|
|
|
|
|
# Prevent a discrepency between UID/GID and EUID/EGID from throwing an error.
|
|
|
|
$< = $>;
|
|
|
|
$( = $);
|
|
|
|
|
|
|
|
my $anvil = Anvil::Tools->new();
|
|
|
|
$anvil->Log->level({set => 2});
|
|
|
|
$anvil->Log->secure({set => 1});
|
|
|
|
|
|
|
|
# Read switches
|
|
|
|
$anvil->Get->switches;
|
|
|
|
|
|
|
|
# Paths
|
|
|
|
$anvil->Storage->read_config({file => $anvil->data->{path}{configs}{'anvil.conf'}});
|
|
|
|
|
|
|
|
# Make sure we're running as 'root'
|
|
|
|
# $< == real UID, $> == effective UID
|
|
|
|
if (($< != 0) && ($> != 0))
|
|
|
|
{
|
|
|
|
# Not root
|
|
|
|
print $anvil->Words->string({key => "error_0005"})."\n";
|
|
|
|
$anvil->nice_exit({code => 1});
|
|
|
|
}
|
|
|
|
|
|
|
|
# Connect
|
|
|
|
my $connections = $anvil->Database->connect();
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, secure => 0, key => "log_0132", variables => { connections => $connections }});
|
|
|
|
if (not $connections)
|
|
|
|
{
|
|
|
|
# No databases, exit.
|
|
|
|
print $anvil->Words->string({key => "error_0003"})."\n";
|
|
|
|
$anvil->nice_exit({exit_code => 2});
|
|
|
|
}
|
|
|
|
|
|
|
|
my $user_uuid = $anvil->Database->insert_or_update_users({
|
|
|
|
debug => 2,
|
|
|
|
user_name => "admin",
|
|
|
|
user_password => "Initial2",
|
|
|
|
user_salt => "",
|
|
|
|
user_algorithm => "",
|
|
|
|
user_hash_count => "",
|
|
|
|
user_is_admin => 1,
|
|
|
|
user_is_experienced => 1,
|
|
|
|
user_is_trusted => 1,
|
|
|
|
});
|
|
|
|
print "User UUID: [".$user_uuid."]\n";
|
|
|
|
exit;
|
|
|
|
|
|
|
|
# The order that we pick up the new password is;
|
|
|
|
# 1. If we've been told of a password file, read it
|
|
|
|
# 2. If the user passed the password with --new-password <secret>, use that.
|
|
|
|
# 3. Ask the user for the new password.
|
|
|
|
if ($anvil->data->{switches}{'password-file'})
|
|
|
|
{
|
|
|
|
# Read the password in from the file.
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 0, list => { "switches::password-file" => $anvil->data->{switches}{'password-file'} }});
|
|
|
|
if (-e $anvil->data->{switches}{'password-file'})
|
|
|
|
{
|
|
|
|
# Read it in and remove the new-line(s), if it(they) exist.
|
|
|
|
$anvil->data->{switches}{'new-password'} = $anvil->Storage->read_file({file => $anvil->data->{switches}{'password-file'}});
|
|
|
|
$anvil->data->{switches}{'new-password'} =~ s/\n//gs;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
# The file doesn't exist.
|
|
|
|
print $anvil->Words->string({key => "error_0008", variables => { file => $anvil->data->{switches}{'password-file'} }});
|
|
|
|
$anvil->nice_exit({exit_code => 4});
|
|
|
|
}
|
|
|
|
}
|
|
|
|
elsif (not $anvil->data->{switches}{'new-password'})
|
|
|
|
{
|
|
|
|
print $anvil->Words->string({key => "message_0018"})."\n";
|
|
|
|
# Turn off echo
|
|
|
|
$anvil->System->stty_echo({set => "off"});
|
|
|
|
my $password1 = <STDIN>;
|
|
|
|
chomp($password1);
|
|
|
|
$password1 =~ s/^\s+//;
|
|
|
|
$password1 =~ s/\s+$//;
|
|
|
|
# Turn echo on
|
|
|
|
$anvil->System->stty_echo({set => "on"});
|
|
|
|
|
|
|
|
if (not $password1)
|
|
|
|
{
|
|
|
|
print $anvil->Words->string({key => "error_0006"})."\n";
|
|
|
|
$anvil->nice_exit({code => 3});
|
|
|
|
}
|
|
|
|
|
|
|
|
print $anvil->Words->string({key => "message_0019"})."\n";
|
|
|
|
# Turn off echo
|
|
|
|
$anvil->System->stty_echo({set => "off"});
|
|
|
|
my $password2 = <STDIN>;
|
|
|
|
chomp($password2);
|
|
|
|
$password2 =~ s/^\s+//;
|
|
|
|
$password2 =~ s/\s+$//;
|
|
|
|
# Turn echo on
|
|
|
|
$anvil->System->stty_echo({set => "on"});
|
|
|
|
|
|
|
|
if ($password1 eq $password2)
|
|
|
|
{
|
|
|
|
$anvil->data->{switches}{'new-password'} = $password1;
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 1, list => { "switches::new-password" => $anvil->data->{switches}{'new-password'} }});
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
print $anvil->Words->string({key => "error_0007"})."\n";
|
|
|
|
$anvil->nice_exit({code => 3});
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
### TODO: Check for access to all known Anvil! nodes and warn the user that they will have to manually update
|
|
|
|
### the password for us on any node we can't access
|
|
|
|
### NOTE: 'anvil' can be a name or UUID
|
|
|
|
# If we're called without an '--anvil' switch, then change the local password only.
|
|
|
|
if ($anvil->data->{switches}{anvil})
|
|
|
|
{
|
|
|
|
# Find the Anvil! and verify access to both nodes. If neither are accessible, abort.
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
### TODO: Support '--peers' to also update the peer dashboards.
|
|
|
|
# Updating just ourself
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 1, list => { "switches::new-password" => $anvil->data->{switches}{'new-password'} }});
|
|
|
|
if (($anvil->data->{switches}{y}) or ($anvil->data->{switches}{yes}))
|
|
|
|
{
|
|
|
|
print $anvil->Words->string({key => "message_0023"})."\n";
|
|
|
|
update_local_passwords($anvil);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
print $anvil->Words->string({key => "message_0020"})."\n";
|
|
|
|
print $anvil->Words->string({key => "message_0021"})." ";
|
|
|
|
my $answer = <STDIN>;
|
|
|
|
chomp($answer);
|
|
|
|
if ($answer =~ /^y/)
|
|
|
|
{
|
|
|
|
update_local_passwords($anvil);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
# Abort.
|
|
|
|
print $anvil->Words->string({key => "message_0022"})."\n";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$anvil->nice_exit({code => 0});
|
|
|
|
|
|
|
|
#############################################################################################################
|
|
|
|
# Functions #
|
|
|
|
#############################################################################################################
|
|
|
|
|
|
|
|
# This updates the local passwords.
|
|
|
|
sub update_local_passwords
|
|
|
|
{
|
|
|
|
my ($anvil) = @_;
|
|
|
|
|
|
|
|
# Update the local users.
|
|
|
|
foreach my $user ("admin", "root")
|
|
|
|
{
|
|
|
|
print "Updating: [$user] with password: [".$anvil->data->{switches}{'new-password'}."]\n";
|
|
|
|
# $anvil->System->change_shell_user_password({debug => 2, user => $user, new_password => $anvil->data->{switches}{'new-password'}});
|
|
|
|
}
|
|
|
|
|
|
|
|
### TODO: Put the database into maintenance mode, then check for any known nodes and update their
|
|
|
|
### password for us.
|
|
|
|
|
|
|
|
|
|
|
|
# Update the database password.
|
|
|
|
#my $apache_user = $anvil->data->{sys}{apache}{user} ? $anvil->data->{sys}{apache}{user} : "admin";
|
|
|
|
#$anvil->System->change_apache_password({debug => 2, new_password => $anvil->data->{switches}{'new-password'}});
|
|
|
|
|
|
|
|
|
|
|
|
return(0);
|
|
|
|
}
|