|
|
|
#!/usr/bin/perl
|
|
|
|
#
|
|
|
|
# This removes a bad key from a
|
|
|
|
#
|
|
|
|
# This program is setuid 'admin' and calls a (new) peer to read its hostname and system UUID. It takes the
|
|
|
|
# target's password in via a file.
|
|
|
|
#
|
|
|
|
# Exit codes;
|
|
|
|
# 0 = Normal exit.
|
|
|
|
# 1 = No database connection.
|
|
|
|
# 2 = Job not found.
|
|
|
|
# 3 = No offending keys found.
|
|
|
|
#
|
|
|
|
# TODO: We might want to offer an option to remove all keys found for a given target. Somehow, at least in
|
|
|
|
# testing, multiple keys got into a single known_hosts file.
|
|
|
|
#
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use warnings;
|
|
|
|
use Anvil::Tools;
|
|
|
|
|
|
|
|
my $THIS_FILE = ($0 =~ /^.*\/(.*)$/)[0];
|
|
|
|
my $running_directory = ($0 =~ /^(.*?)\/$THIS_FILE$/)[0];
|
|
|
|
if (($running_directory =~ /^\./) && ($ENV{PWD}))
|
|
|
|
{
|
|
|
|
$running_directory =~ s/^\./$ENV{PWD}/;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Turn off buffering so that the pinwheel will display while waiting for the SSH call(s) to complete.
|
|
|
|
$| = 1;
|
|
|
|
|
|
|
|
my $anvil = Anvil::Tools->new();
|
|
|
|
$anvil->Log->level({set => 2});
|
|
|
|
$anvil->Log->secure({set => 1});
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, secure => 0, key => "log_0115", variables => { program => $THIS_FILE }});
|
|
|
|
|
|
|
|
# Read switches (target ([user@]host[:port]) and the file with the target's password. If the password is
|
|
|
|
# passed directly, it will be used. Otherwise, the password will be read from the database.
|
|
|
|
$anvil->Get->switches;
|
|
|
|
|
|
|
|
$anvil->Database->connect();
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 3, secure => 0, key => "log_0132"});
|
|
|
|
if (not $anvil->data->{sys}{database}{connections})
|
|
|
|
{
|
|
|
|
# No databases, update the job, sleep for a bit and then exit. The daemon will pick it up and try
|
|
|
|
# again after we exit.
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, priority => "err", key => "error_0077"});
|
|
|
|
sleep 10;
|
|
|
|
$anvil->nice_exit({exit_code => 1});
|
|
|
|
}
|
|
|
|
|
|
|
|
# Pick up the job details
|
|
|
|
$anvil->data->{switches}{'job-uuid'} = "";
|
|
|
|
$anvil->Get->switches;
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
|
|
|
|
'switches::job-uuid' => $anvil->data->{switches}{'job-uuid'},
|
|
|
|
}});
|
|
|
|
|
|
|
|
# Load data.
|
|
|
|
load_job_data($anvil);
|
|
|
|
|
|
|
|
# Process the bad keys
|
|
|
|
process_keys($anvil);
|
|
|
|
|
|
|
|
# Done.
|
|
|
|
update_progress($anvil, 100, "job_0051");
|
|
|
|
$anvil->nice_exit({code => 0});
|
|
|
|
|
|
|
|
|
|
|
|
#############################################################################################################
|
|
|
|
# Functions #
|
|
|
|
#############################################################################################################
|
|
|
|
|
|
|
|
sub process_keys
|
|
|
|
{
|
|
|
|
my ($anvil) = @_;
|
|
|
|
|
|
|
|
foreach my $state_uuid (@{$anvil->data->{state_uuids}})
|
|
|
|
{
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { state_uuid => $state_uuid }});
|
|
|
|
my $query = "
|
|
|
|
SELECT
|
|
|
|
state_host_uuid,
|
|
|
|
state_name,
|
|
|
|
state_note
|
|
|
|
FROM
|
|
|
|
states
|
|
|
|
WHERE
|
|
|
|
state_uuid = ".$anvil->Database->quote($state_uuid)."
|
|
|
|
;";
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { query => $query }});
|
|
|
|
my $results = $anvil->Database->query({query => $query, source => $THIS_FILE, line => __LINE__});
|
|
|
|
my $count = @{$results};
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
|
|
|
|
results => $results,
|
|
|
|
count => $count,
|
|
|
|
}});
|
|
|
|
if (not $count)
|
|
|
|
{
|
|
|
|
# No bad keys found on this host.
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, priority => "err", key => "error_0078"});
|
|
|
|
sleep 10;
|
|
|
|
$anvil->nice_exit({exit_code => 2});
|
|
|
|
}
|
|
|
|
foreach my $row (@{$results})
|
|
|
|
{
|
|
|
|
|
|
|
|
my $state_host_uuid = $row->[0];
|
|
|
|
my $state_name = $row->[1];
|
|
|
|
my $state_note = $row->[2];
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
|
|
|
|
's1:sys::host_uuid' => $anvil->data->{sys}{host_uuid},
|
|
|
|
's2:state_host_uuid' => $state_host_uuid,
|
|
|
|
's3:state_name' => $state_name,
|
|
|
|
's4:state_note' => $state_note,
|
|
|
|
}});
|
|
|
|
|
|
|
|
# Is this meant for us?
|
|
|
|
if ($state_host_uuid ne $anvil->data->{sys}{host_uuid})
|
|
|
|
{
|
|
|
|
# Um...
|
|
|
|
$anvil->data->{job}{progress} += 10;
|
|
|
|
update_progress($anvil, $anvil->data->{job}{progress}, "job_0058,!!state_uuid!".$state_uuid."!!,!!host_uuid!".$state_host_uuid."!!");
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0058", variables => {
|
|
|
|
state_uuid => $state_uuid,
|
|
|
|
host_uuid => $state_host_uuid,
|
|
|
|
}});
|
|
|
|
next;
|
|
|
|
}
|
|
|
|
|
|
|
|
### NOTE: We don't need the line anymore, but we're not removing it yet.
|
|
|
|
# Pull out the details.
|
|
|
|
my $bad_file = "";
|
|
|
|
my $bad_line = "";
|
|
|
|
foreach my $pair (split/,/, $state_note)
|
|
|
|
{
|
|
|
|
my ($variable, $value) = ($pair =~ /^(.*?)=(.*)$/);
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
|
|
|
|
pair => $pair,
|
|
|
|
variable => $variable,
|
|
|
|
value => $value,
|
|
|
|
}});
|
|
|
|
if ($variable eq "file")
|
|
|
|
{
|
|
|
|
$bad_file = $value;
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { bad_file => $bad_file }});
|
|
|
|
}
|
|
|
|
if ($variable eq "line")
|
|
|
|
{
|
|
|
|
$bad_line = $value;
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { bad_line => $bad_line }});
|
|
|
|
}
|
|
|
|
}
|
|
|
|
my ($target, $user) = ($state_name =~ /host_key_changed::(.*)::(.*)$/);
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
|
|
|
|
target => $target,
|
|
|
|
user => $user,
|
|
|
|
bad_file => $bad_file,
|
|
|
|
bad_line => $bad_line,
|
|
|
|
}});
|
|
|
|
|
|
|
|
$anvil->data->{job}{progress} += 5;
|
|
|
|
update_progress($anvil, $anvil->data->{job}{progress}, "job_0049,!!line!:".$bad_line."!!,!!file!".$bad_file."!!,!!target!".$target."!!");
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0049", variables => {
|
|
|
|
line => $bad_line,
|
|
|
|
file => $bad_file,
|
|
|
|
target => $target,
|
|
|
|
}});
|
|
|
|
|
|
|
|
# Read in the file, if it exists.
|
|
|
|
if (not -e $bad_file)
|
|
|
|
{
|
|
|
|
$anvil->data->{job}{progress} += 10;
|
|
|
|
update_progress($anvil, $anvil->data->{job}{progress}, "job_0050,!!file!".$bad_file."!!");
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0050", variables => { file => $bad_file }});
|
|
|
|
|
|
|
|
# Remove this job and go on to the next bad key (if any).
|
|
|
|
delete_state($anvil, $state_uuid);
|
|
|
|
next;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Read in the file
|
|
|
|
my ($old_body) = $anvil->Storage->read_file({file => $bad_file});
|
|
|
|
if ($old_body eq "!!error!!")
|
|
|
|
{
|
|
|
|
# Failed to read the file
|
|
|
|
$anvil->data->{job}{progress} += 10;
|
|
|
|
update_progress($anvil, $anvil->data->{job}{progress}, "job_0052,!!file!".$bad_file."!!");
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0052", variables => { file => $bad_file }});
|
|
|
|
|
|
|
|
# Remove this job and go on to the next bad key (if any).
|
|
|
|
delete_state($anvil, $state_uuid);
|
|
|
|
next;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Find our key
|
|
|
|
my $line_number = 0;
|
|
|
|
my $new_body = "";
|
|
|
|
my $update = 0;
|
|
|
|
foreach my $line (split/\n/, $old_body)
|
|
|
|
{
|
|
|
|
$line_number++;
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
|
|
|
|
's1:line_number' => $line_number,
|
|
|
|
's2:bad_line' => $bad_line,
|
|
|
|
's3:line' => $line,
|
|
|
|
}});
|
|
|
|
|
|
|
|
# If the line starts with our target, remove it.
|
|
|
|
if ($line =~ /^$target /)
|
|
|
|
{
|
|
|
|
# Found it!
|
|
|
|
$anvil->data->{job}{progress} += 5;
|
|
|
|
update_progress($anvil, $anvil->data->{job}{progress}, "job_0053,!!line!".$line_number."!!");
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0053", variables => { line => $line_number }});
|
|
|
|
$update = 1;
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { update => $update }});
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
$new_body .= $line."\n";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
|
|
|
|
's1:old_body' => $old_body,
|
|
|
|
's2:new_body' => $new_body,
|
|
|
|
's3:update' => $update,
|
|
|
|
}});
|
|
|
|
if ($update)
|
|
|
|
{
|
|
|
|
# Write the file out.
|
|
|
|
$anvil->data->{job}{progress} += 5;
|
|
|
|
update_progress($anvil, $anvil->data->{job}{progress}, "job_0055,!!file!".$bad_file."!!");
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0055", variables => { file => $bad_file }});
|
|
|
|
|
|
|
|
# Get the owning user and group.
|
|
|
|
my ($owning_uid, $owning_gid) = (stat($bad_file))[4,5];
|
|
|
|
my $owning_user = getpwuid($owning_uid);
|
|
|
|
my $owning_group = getpwuid($owning_gid);
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
|
|
|
|
owning_uid => $owning_uid,
|
|
|
|
owning_gid => $owning_gid,
|
|
|
|
owning_user => $owning_user,
|
|
|
|
owning_group => $owning_group,
|
|
|
|
}});
|
|
|
|
|
|
|
|
my $error = $anvil->Storage->write_file({
|
|
|
|
body => $new_body,
|
|
|
|
debug => 2,
|
|
|
|
file => $bad_file,
|
|
|
|
overwrite => 1,
|
|
|
|
user => $owning_user,
|
|
|
|
group => $owning_group
|
|
|
|
});
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 0, list => { error => $error }});
|
|
|
|
if ($error)
|
|
|
|
{
|
|
|
|
$anvil->data->{job}{progress} += 5;
|
|
|
|
update_progress($anvil, $anvil->data->{job}{progress}, "job_0059,!!file!".$bad_file."!!");
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0059", variables => { file => $bad_file }});
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
# Success!
|
|
|
|
delete_state($anvil, $state_uuid);
|
|
|
|
$anvil->data->{job}{progress} += 5;
|
|
|
|
update_progress($anvil, $anvil->data->{job}{progress}, "job_0060,!!file!".$bad_file."!!");
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0060", variables => { file => $bad_file }});
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
# Load the job data or exit
|
|
|
|
sub load_job_data
|
|
|
|
{
|
|
|
|
my ($anvil) = @_;
|
|
|
|
|
|
|
|
if (not $anvil->data->{switches}{'job-uuid'})
|
|
|
|
{
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, priority => "err", key => "error_0080"});
|
|
|
|
$anvil->nice_exit({exit_code => 1});
|
|
|
|
}
|
|
|
|
|
|
|
|
my $query = "SELECT job_data FROM jobs WHERE job_uuid = ".$anvil->Database->quote($anvil->data->{switches}{'job-uuid'}).";";
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { query => $query }});
|
|
|
|
my $results = $anvil->Database->query({query => $query, source => $THIS_FILE, line => __LINE__});
|
|
|
|
my $count = @{$results};
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
|
|
|
|
results => $results,
|
|
|
|
count => $count,
|
|
|
|
}});
|
|
|
|
|
|
|
|
if (not $count)
|
|
|
|
{
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, priority => "err", key => "error_0079", variables => {
|
|
|
|
job_uuid => $anvil->data->{switches}{'job-uuid'},
|
|
|
|
}});
|
|
|
|
$anvil->nice_exit({exit_code => 1});
|
|
|
|
}
|
|
|
|
|
|
|
|
# Pick up the data.
|
|
|
|
my $job_data = $results->[0]->[0];
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { job_data => $job_data }});
|
|
|
|
if (not $job_data)
|
|
|
|
{
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, priority => "err", key => "error_0081", variables => {
|
|
|
|
job_uuid => $anvil->data->{switches}{'job-uuid'},
|
|
|
|
}});
|
|
|
|
$anvil->nice_exit({exit_code => 1});
|
|
|
|
}
|
|
|
|
|
|
|
|
# Pick up the job.
|
|
|
|
$anvil->data->{job}{progress} = 0;
|
|
|
|
update_progress($anvil, 0, "clear");
|
|
|
|
|
|
|
|
$anvil->data->{job}{progress} += 5;
|
|
|
|
update_progress($anvil, $anvil->data->{job}{progress}, "job_0048");
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0048"});
|
|
|
|
|
|
|
|
# Break the job up.
|
|
|
|
$anvil->data->{state_uuids} = [];
|
|
|
|
foreach my $state_uuid (split/,/, $job_data)
|
|
|
|
{
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { state_uuid => $state_uuid }});
|
|
|
|
if ($anvil->Validate->is_uuid({uuid => $state_uuid}))
|
|
|
|
{
|
|
|
|
push @{$anvil->data->{state_uuids}}, $state_uuid;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
# Invalid, skip it.
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, priority => "err", key => "error_0082", variables => {
|
|
|
|
state_uuid => $state_uuid,
|
|
|
|
}});
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
my $uuid_count = @{$anvil->data->{state_uuids}};
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { uuid_count => $uuid_count }});
|
|
|
|
|
|
|
|
# Did I find any actual UUIDs?
|
|
|
|
if (not $uuid_count)
|
|
|
|
{
|
|
|
|
# Nope.
|
|
|
|
update_progress($anvil, 100, "error_0083");
|
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "error_0083"});
|
|
|
|
}
|
|
|
|
|
|
|
|
return(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
# This deletes a state entry.
|
|
|
|
sub delete_state
|
|
|
|
{
|
|
|
|
my ($anvil, $state_uuid) = @_;
|
|
|
|
|
|
|
|
# Delete it so long as we have a UUID.
|
|
|
|
if ($state_uuid)
|
|
|
|
{
|
|
|
|
my $query = "DELETE FROM states WHERE state_uuid = ".$anvil->Database->quote($state_uuid).";";
|
|
|
|
$anvil->Database->write({debug => 2, query => $query, source => $THIS_FILE, line => __LINE__});
|
|
|
|
}
|
|
|
|
|
|
|
|
return(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
# This updates the progress if we were called with a job UUID.
|
|
|
|
sub update_progress
|
|
|
|
{
|
|
|
|
my ($anvil, $progress, $message) = @_;
|
|
|
|
|
|
|
|
$progress = 95 if $progress > 100;
|
|
|
|
|
|
|
|
# Log the progress percentage.
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
|
|
|
|
progress => $progress,
|
|
|
|
message => $message,
|
|
|
|
}});
|
|
|
|
|
|
|
|
$anvil->Job->update_progress({
|
|
|
|
debug => 3,
|
|
|
|
progress => $progress,
|
|
|
|
message => $message,
|
|
|
|
job_uuid => $anvil->data->{switches}{'job-uuid'},
|
|
|
|
});
|
|
|
|
|
|
|
|
return(0);
|
|
|
|
}
|