seasharp
/
anvil
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Local modifications to ClusterLabs/Anvil by Alteeve
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
134 Commits
2 Branches
0 Tags
21 MiB
Tag: Branch: Tree: b42d4a6fea
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b42d4a6fea'
${ noResults }
anvil/tools/anvil-change-password

170 lines
5.3 KiB
Raw Normal View History Unescape

* Updated the database components to use the name 'anvil' and the user 'admin'. The 'database::x::user' and 'database::x::name' variables are still supported, but now hidden. * Fixed a bug where some '$anvil->{}' variables should have been '$anvil->data->{}'. * Started merging message keys on 'error_xxxx', 'warning_xxxx', etc. * The anvil-configure-network now configures the network. Commented out, the tool can reconfigure the entire network without a reboot, but a current issue with the post-configured system refusing to use the allocated interface as the default gateway is to be reviewed at a future time. For now, a closing reboot will be issued. * Started creating 'anvil-change-password' that will update passwords, including apache (and configure .htpasswd when needed). Signed-off-by: Digimer <digimer@alteeve.ca>
7 years ago
#!/usr/bin/perl
#
# This program sets/changes passwords on the Anvil! platform (nodes and dashboards).
#
# Exit codes;
# 0 = Normal exit.
# 1 = The program is not running as root.
# 2 = Failed to connect to database(s).
* Created the new Remote module, and in it, moved System->remote_call to Remote->call() and created the new add_target_to_known_hosts() method (and two private helper methods). These are adapted from the m2 code. * Updated Storage->read_file and Storage->write_file to support reading and writing on remote systems (untested though) * Created System->change_shell_user_password() that changes a shell user's password by manually generating an sha512 salted hash of the given password and uses the resulting hash to modify the target user's password, so the password should never be visible in the process list. Works on both local and remote systems, though it still needs testing. * Created Storage->rsync() to handle moving files between the local and a remote system. Signed-off-by: Digimer <digimer@alteeve.ca>
7 years ago
# 3 = User didn't enter a password or the passwords didn't match.
# 4 = The password file doesn't exist, wasn't readable or was empty.
* Updated the database components to use the name 'anvil' and the user 'admin'. The 'database::x::user' and 'database::x::name' variables are still supported, but now hidden. * Fixed a bug where some '$anvil->{}' variables should have been '$anvil->data->{}'. * Started merging message keys on 'error_xxxx', 'warning_xxxx', etc. * The anvil-configure-network now configures the network. Commented out, the tool can reconfigure the entire network without a reboot, but a current issue with the post-configured system refusing to use the allocated interface as the default gateway is to be reviewed at a future time. For now, a closing reboot will be issued. * Started creating 'anvil-change-password' that will update passwords, including apache (and configure .htpasswd when needed). Signed-off-by: Digimer <digimer@alteeve.ca>
7 years ago
#
use strict;
use warnings;
use Data::Dumper;
use Anvil::Tools;
my $THIS_FILE = ($0 =~ /^.*\/(.*)$/)[0];
my $running_directory = ($0 =~ /^(.*?)\/$THIS_FILE$/)[0];
if (($running_directory =~ /^\./) && ($ENV{PWD}))
{
$running_directory =~ s/^\./$ENV{PWD}/;
}
# Turn off buffering so that the pinwheel will display while waiting for the SSH call(s) to complete.
$| = 1;
# Prevent a discrepency between UID/GID and EUID/EGID from throwing an error.
$< = $>;
$( = $);
my $anvil = Anvil::Tools->new();
$anvil->Log->level({set => 2});
$anvil->Log->secure({set => 0});
# Read switches
$anvil->Get->switches;
# Paths
$anvil->Storage->read_config({file => $anvil->data->{path}{config}{'anvil.conf'}});
# Make sure we're running as 'root'
# $< == real UID, $> == effective UID
if (($< != 0) && ($> != 0))
{
# Not root
print $anvil->Words->string({key => "error_0005"})."\n";
$anvil->nice_exit({code => 1});
}
# Connect
my $connections = $anvil->Database->connect();
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, secure => 0, key => "log_0132", variables => { connections => $connections }});
if (not $connections)
{
# No databases, exit.
print $anvil->Words->string({key => "error_0003"});
$anvil->nice_exit({exit_code => 2});
}
* Created the new Remote module, and in it, moved System->remote_call to Remote->call() and created the new add_target_to_known_hosts() method (and two private helper methods). These are adapted from the m2 code. * Updated Storage->read_file and Storage->write_file to support reading and writing on remote systems (untested though) * Created System->change_shell_user_password() that changes a shell user's password by manually generating an sha512 salted hash of the given password and uses the resulting hash to modify the target user's password, so the password should never be visible in the process list. Works on both local and remote systems, though it still needs testing. * Created Storage->rsync() to handle moving files between the local and a remote system. Signed-off-by: Digimer <digimer@alteeve.ca>
7 years ago
# The order that we pick up the new password is;
# 1. If we've been told of a password file, read it
# 2. If the user passed the password with --new-password <secret>, use that.
# 3. Ask the user for the new password.
if ($anvil->data->{switches}{password_file})
{
# Read the password in from the file.
if (-e $anvil->data->{switches}{password_file})
{
$anvil->data->{switches}{'new-password'} = $anvil->Storage->read_file({file => $anvil->data->{switches}{password_file}});
}
else
{
# The file doesn't exist.
print $anvil->Words->string({key => "error_0008", variables => { file => $anvil->data->{switches}{password_file} }});
$anvil->nice_exit({exit_code => 4});
}
}
elsif (not $anvil->data->{switches}{'new-password'})
{
print $anvil->Words->string({key => "message_0018"})."\n";
# Turn off echo
my $old_stty = $anvil->System->call({shell_call => $anvil->data->{path}{exe}{stty}." --save"});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 0, list => { old_stty => $old_stty }});
$anvil->System->call({shell_call => $anvil->data->{path}{exe}{stty}." -echo"});
my $password1 = <STDIN>;
chomp($password1);
$password1 =~ s/^\s+//;
$password1 =~ s/\s+$//;
# Turn echo on
$anvil->System->call({shell_call => $anvil->data->{path}{exe}{stty}." ".$old_stty});
if (not $password1)
{
print $anvil->Words->string({key => "error_0006"})."\n";
$anvil->nice_exit({code => 3});
}
print $anvil->Words->string({key => "message_0019"})."\n";
# Turn off echo
$anvil->System->call({shell_call => $anvil->data->{path}{exe}{stty}." -echo"});
my $password2 = <STDIN>;
chomp($password2);
$password2 =~ s/^\s+//;
$password2 =~ s/\s+$//;
# Turn echo on
$anvil->System->call({shell_call => $anvil->data->{path}{exe}{stty}." ".$old_stty});
if ($password1 eq $password2)
{
$anvil->data->{switches}{'new-password'} = $password1;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 1, list => { "switches::new_password" => $anvil->data->{switches}{'new-password'} }});
}
else
{
print $anvil->Words->string({key => "error_0007"})."\n";
$anvil->nice_exit({code => 3});
}
}
* Updated the database components to use the name 'anvil' and the user 'admin'. The 'database::x::user' and 'database::x::name' variables are still supported, but now hidden. * Fixed a bug where some '$anvil->{}' variables should have been '$anvil->data->{}'. * Started merging message keys on 'error_xxxx', 'warning_xxxx', etc. * The anvil-configure-network now configures the network. Commented out, the tool can reconfigure the entire network without a reboot, but a current issue with the post-configured system refusing to use the allocated interface as the default gateway is to be reviewed at a future time. For now, a closing reboot will be issued. * Started creating 'anvil-change-password' that will update passwords, including apache (and configure .htpasswd when needed). Signed-off-by: Digimer <digimer@alteeve.ca>
7 years ago
### TODO: Check for access to all known Anvil! nodes and warn the user that they will have to manually update
### the password for us on any node we can't access
### NOTE: 'anvil' can be a name or UUID
# If we're called without an '--anvil' switch, then change the local password only.
if ($anvil->data->{switches}{anvil})
{
# Find the Anvil! and verify access to both nodes. If neither are accessible, abort.
}
else
{
### TODO: Support '--peers' to also update the peer dashboards.
# Updating just ourself
* Created the new Remote module, and in it, moved System->remote_call to Remote->call() and created the new add_target_to_known_hosts() method (and two private helper methods). These are adapted from the m2 code. * Updated Storage->read_file and Storage->write_file to support reading and writing on remote systems (untested though) * Created System->change_shell_user_password() that changes a shell user's password by manually generating an sha512 salted hash of the given password and uses the resulting hash to modify the target user's password, so the password should never be visible in the process list. Works on both local and remote systems, though it still needs testing. * Created Storage->rsync() to handle moving files between the local and a remote system. Signed-off-by: Digimer <digimer@alteeve.ca>
7 years ago
print $anvil->Words->string({key => "message_0020"})."\n";
print $anvil->Words->string({key => "message_0021"})." ";
my $answer = <STDIN>;
chomp($answer);
if ($answer =~ /^y/)
{
update_local_passwords($anvil);
}
else
{
# Abort.
print $anvil->Words->string({key => "message_0022"})."\n";
}
* Updated the database components to use the name 'anvil' and the user 'admin'. The 'database::x::user' and 'database::x::name' variables are still supported, but now hidden. * Fixed a bug where some '$anvil->{}' variables should have been '$anvil->data->{}'. * Started merging message keys on 'error_xxxx', 'warning_xxxx', etc. * The anvil-configure-network now configures the network. Commented out, the tool can reconfigure the entire network without a reboot, but a current issue with the post-configured system refusing to use the allocated interface as the default gateway is to be reviewed at a future time. For now, a closing reboot will be issued. * Started creating 'anvil-change-password' that will update passwords, including apache (and configure .htpasswd when needed). Signed-off-by: Digimer <digimer@alteeve.ca>
7 years ago
}
$anvil->nice_exit({code => 0});
#############################################################################################################
# Functions #
#############################################################################################################
# This updates the local passwords.
sub update_local_passwords
{
my ($anvil) = @_;
# Update the local users.
* Created the new Remote module, and in it, moved System->remote_call to Remote->call() and created the new add_target_to_known_hosts() method (and two private helper methods). These are adapted from the m2 code. * Updated Storage->read_file and Storage->write_file to support reading and writing on remote systems (untested though) * Created System->change_shell_user_password() that changes a shell user's password by manually generating an sha512 salted hash of the given password and uses the resulting hash to modify the target user's password, so the password should never be visible in the process list. Works on both local and remote systems, though it still needs testing. * Created Storage->rsync() to handle moving files between the local and a remote system. Signed-off-by: Digimer <digimer@alteeve.ca>
7 years ago
foreach my $user ("admin", "root")
{
print "Updating: [$user] with password: [".$anvil->data->{switches}{'new-password'}."]\n";
$anvil->System->change_shell_user_password({user => $user, new_password => $anvil->data->{switches}{'new-password'}});
}
* Updated the database components to use the name 'anvil' and the user 'admin'. The 'database::x::user' and 'database::x::name' variables are still supported, but now hidden. * Fixed a bug where some '$anvil->{}' variables should have been '$anvil->data->{}'. * Started merging message keys on 'error_xxxx', 'warning_xxxx', etc. * The anvil-configure-network now configures the network. Commented out, the tool can reconfigure the entire network without a reboot, but a current issue with the post-configured system refusing to use the allocated interface as the default gateway is to be reviewed at a future time. For now, a closing reboot will be issued. * Started creating 'anvil-change-password' that will update passwords, including apache (and configure .htpasswd when needed). Signed-off-by: Digimer <digimer@alteeve.ca>
7 years ago
# Update the database password.
return(0);
}