@ -15,7 +15,7 @@ my $THIS_FILE = "System.pm";
### Methods;
### Methods;
# call
# call
# change_apache_password
# (disabled) change_apache_password
# change_shell_user_password
# change_shell_user_password
# check_daemon
# check_daemon
# check_memory
# check_memory
@ -105,6 +105,10 @@ Parameters;
This is the line number of the source file that called this method . Useful for logging and debugging .
This is the line number of the source file that called this method . Useful for logging and debugging .
= head3 redirect_stderr ( optional , default '1' )
By default , C << STDERR >> is redirected to C << STDOUT >> . If this is set to C << 0 >> , this is disabled .
= head3 secure ( optional )
= head3 secure ( optional )
If set to 'C<< 1 >>' , the shell call will be treated as if it contains a password or other sensitive data for logging .
If set to 'C<< 1 >>' , the shell call will be treated as if it contains a password or other sensitive data for logging .
@ -125,11 +129,17 @@ sub call
my $ anvil = $ self - > parent ;
my $ anvil = $ self - > parent ;
my $ debug = defined $ parameter - > { debug } ? $ parameter - > { debug } : 3 ;
my $ debug = defined $ parameter - > { debug } ? $ parameter - > { debug } : 3 ;
my $ line = defined $ parameter - > { line } ? $ parameter - > { line } : __LINE__ ;
my $ line = defined $ parameter - > { line } ? $ parameter - > { line } : __LINE__ ;
my $ shell_call = defined $ parameter - > { shell_call } ? $ parameter - > { shell_call } : "" ;
my $ redirect_stderr = defined $ parameter - > { redirect_stderr } ? $ parameter - > { redirect_stderr } : 1 ;
my $ secure = defined $ parameter - > { secure } ? $ parameter - > { secure } : 0 ;
my $ shell_call = defined $ parameter - > { shell_call } ? $ parameter - > { shell_call } : "" ;
my $ source = defined $ parameter - > { source } ? $ parameter - > { source } : $ THIS_FILE ;
my $ secure = defined $ parameter - > { secure } ? $ parameter - > { secure } : 0 ;
$ anvil - > Log - > variables ( { source = > $ source , line = > $ line , level = > $ debug , secure = > $ secure , list = > { shell_call = > $ shell_call } } ) ;
my $ source = defined $ parameter - > { source } ? $ parameter - > { source } : $ THIS_FILE ;
my $ redirect = $ redirect_stderr ? " 2>&1" : "" ;
$ anvil - > Log - > variables ( { source = > $ source , line = > $ line , level = > $ debug , secure = > $ secure , list = > {
shell_call = > $ shell_call ,
redirect = > $ redirect ,
redirect_stderr = > $ redirect_stderr ,
} } ) ;
my $ output = "#!error!#" ;
my $ output = "#!error!#" ;
if ( not $ shell_call )
if ( not $ shell_call )
@ -168,7 +178,7 @@ sub call
# Make the system call
# Make the system call
$ output = "" ;
$ output = "" ;
$ anvil - > Log - > entry ( { source = > $ THIS_FILE , line = > __LINE__ , level = > $ debug , secure = > $ secure , key = > "log_0011" , variables = > { shell_call = > $ shell_call } } ) ;
$ anvil - > Log - > entry ( { source = > $ THIS_FILE , line = > __LINE__ , level = > $ debug , secure = > $ secure , key = > "log_0011" , variables = > { shell_call = > $ shell_call } } ) ;
open ( my $ file_handle , $ shell_call . " 2>&1 |" ) or $ anvil - > Log - > entry ( { source = > $ THIS_FILE , line = > __LINE__ , level = > 0 , secure = > $ secure , priority = > "err" , key = > "log_0014" , variables = > { shell_call = > $ shell_call , error = > $! } } ) ;
open ( my $ file_handle , $ shell_call . $ redirect . " |" ) or $ anvil - > Log - > entry ( { source = > $ THIS_FILE , line = > __LINE__ , level = > 0 , secure = > $ secure , priority = > "err" , key = > "log_0014" , variables = > { shell_call = > $ shell_call , error = > $! } } ) ;
while ( <$file_handle> )
while ( <$file_handle> )
{
{
chomp ;
chomp ;
@ -187,165 +197,261 @@ sub call
return ( $ output ) ;
return ( $ output ) ;
}
}
= head2 change_apache_password
# =head2 change_apache_password
#
This changes the password used to connet to Striker 's web interface. If the C<< .htpasswd >> file isn' t found , this method will effectively enable the password feature .
# NOTE: Likely to be removed.
#
The return code will be C << 255 >> on internal error . Otherwise , it will be the code returned from the C << passwd >> call .
# This changes the password used to connet to Striker's web interface. If the C<< .htpasswd >> file isn't found, this method will effectively enable the password feature.
#
Parameters ;
# The return code will be C<< 255 >> on internal error. Otherwise, it will be the code returned from the C<< passwd >> call.
#
= head3 new_password ( required )
# Parameters;
#
This is the new password to set . The user should be encouraged to select a good ( long ) password .
# =head3 new_password (required)
#
= head3 password ( optional )
# This is the new password to set. The user should be encouraged to select a good (long) password.
#
If you are changing the apache password on a remote machine , this is the password used to connect to that machine . If not passed , an attempt to connect with passwordless SSH will be made ( but this won ' t be the case in most instances ) . Ignored if C << target >> is not given .
# =head3 password (optional)
#
= head3 port ( optional , default 22 )
# If you are changing the apache password on a remote machine, this is the password used to connect to that machine. If not passed, an attempt to connect with passwordless SSH will be made (but this won't be the case in most instances). Ignored if C<< target >> is not given.
#
This is the TCP port number to use if connecting to a remote machine over SSH . Ignored if C << target >> is not given .
# =head3 port (optional, default 22)
#
= head3 remote_user ( optional , default root )
# This is the TCP port number to use if connecting to a remote machine over SSH. Ignored if C<< target >> is not given.
#
If C << target >> is set and we ' re changing the password for a remote user , this is the user we B << log into >> the remote machine as , B << not >> the user whose password we will change .
# =head3 remote_user (optional, default root)
#
= head3 target ( optional )
# If C<< target >> is set and we're changing the password for a remote user, this is the user we B<< log into >> the remote machine as, B<< not >> the user whose password we will change.
#
This is the IP address or ( resolvable ) host name of the target machine whose user account you want to change the password
# =head3 target (optional)
#
= head3 user ( optional , default 'sys::apache::user' or 'admin' )
# This is the IP address or (resolvable) host name of the target machine whose user account you want to change the password
#
This is the apache user name to use . If another name existed before in C << . htpasswd >> , that old user name will be removed .
# =head3 user (optional, default 'sys::apache::user' or 'admin')
#
= cut
# This is the apache user name to use. If another name existed before in C<< .htpasswd >>, that old user name will be removed.
sub change_apache_password
#
{
# =cut
my $ self = shift ;
# sub change_apache_password
my $ parameter = shift ;
# {
my $ anvil = $ self - > parent ;
# my $self = shift;
my $ debug = defined $ parameter - > { debug } ? $ parameter - > { debug } : 3 ;
# my $parameter = shift;
# my $anvil = $self->parent;
my $ new_password = defined $ parameter - > { new_password } ? $ parameter - > { new_password } : "" ;
# my $debug = defined $parameter->{debug} ? $parameter->{debug} : 3;
my $ password = defined $ parameter - > { password } ? $ parameter - > { password } : "" ;
#
my $ port = defined $ parameter - > { port } ? $ parameter - > { port } : "" ;
# my $new_password = defined $parameter->{new_password} ? $parameter->{new_password} : "";
my $ remote_user = defined $ parameter - > { remote_user } ? $ parameter - > { remote_user } : $ anvil - > data - > { sys } { apache } { user } ;
# my $password = defined $parameter->{password} ? $parameter->{password} : "";
my $ target = defined $ parameter - > { target } ? $ parameter - > { target } : "" ;
# my $port = defined $parameter->{port} ? $parameter->{port} : "";
my $ user = defined $ parameter - > { user } ? $ parameter - > { user } : "" ;
# my $remote_user = defined $parameter->{remote_user} ? $parameter->{remote_user} : "";
my $ return_code = 255 ;
# my $target = defined $parameter->{target} ? $parameter->{target} : "";
$ anvil - > Log - > variables ( { source = > $ THIS_FILE , line = > __LINE__ , level = > $ debug , secure = > 0 , list = > {
# my $user = defined $parameter->{user} ? $parameter->{user} : $anvil->data->{sys}{apache}{user};
user = > $ user ,
# my $return_code = 255;
target = > $ target ,
# $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => {
port = > $ port ,
# user => $user,
remote_user = > $ remote_user ,
# target => $target,
new_password = > $ anvil - > Log - > secure ? $ new_password : "--" ,
# port => $port,
password = > $ anvil - > Log - > secure ? $ password : "--" ,
# remote_user => $remote_user,
} } ) ;
# new_password => $anvil->Log->secure ? $new_password : "--",
# password => $anvil->Log->secure ? $password : "--",
# Set the user to 'admin' if it's not set.
# }});
if ( not $ user )
#
{
# # Set the user to 'admin' if it's not set.
$ user = "admin" ;
# if (not $user)
$ anvil - > Log - > variables ( { source = > $ THIS_FILE , line = > __LINE__ , level = > $ debug , secure = > 0 , list = > { user = > $ user } } ) ;
# {
}
# $user = "admin";
# $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { user => $user }});
# OK, what about a password?
# }
if ( not $ new_password )
#
{
# # OK, what about a password?
# Um...
# if (not $new_password)
$ anvil - > Log - > entry ( { source = > $ THIS_FILE , line = > __LINE__ , level = > 0 , priority = > "err" , key = > "log_0020" , variables = > { method = > "Systeme->change_apache_password()" , parameter = > "new_password" } } ) ;
# {
return ( $ return_code ) ;
# # Um...
}
# $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0020", variables => { method => "Systeme->change_apache_password()", parameter => "new_password" }});
# return($return_code);
# Only the root user can do this!
# }
# $< == real UID, $> == effective UID
#
if ( ( $< != 0 ) && ( $> != 0 ) )
# # Only the root user can do this!
{
# # $< == real UID, $> == effective UID
# Not root
# if (($< != 0) && ($> != 0))
$ anvil - > Log - > entry ( { source = > $ THIS_FILE , line = > __LINE__ , level = > 0 , priority = > "err" , key = > "log_0156" , variables = > { method = > "Systeme->change_apache_password()" } } ) ;
# {
return ( $ return_code ) ;
# # Not root
}
# $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0156", variables => { method => "Systeme->change_apache_password()" }});
# return($return_code);
# Read httpd.conf and make sure apache is configured for .htpasswd.
# }
my $ httpd_conf = $ anvil - > Storage - > read_file ( {
#
file = > $ anvil - > data - > { path } { configs } { 'httpd.conf' } ,
# # Read httpd.conf and make sure apache is configured for .htpasswd.
debug = > $ debug ,
# my $httpd_conf = $anvil->Storage->read_file({
target = > $ target ,
# file => $anvil->data->{path}{configs}{'httpd.conf'},
port = > $ port ,
# debug => $debug,
remote_user = > $ remote_user ,
# target => $target,
password = > $ password ,
# port => $port,
} ) ;
# remote_user => $remote_user,
if ( $ httpd_conf eq "!!error!!" )
# password => $password,
{
# });
# We're done.
# if ($httpd_conf eq "!!error!!")
$ anvil - > Log - > variables ( { source = > $ THIS_FILE , line = > __LINE__ , level = > $ debug , secure = > 0 , list = > { httpd_conf = > $ httpd_conf } } ) ;
# {
return ( $ return_code ) ;
# # We're done.
}
# $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { httpd_conf => $httpd_conf }});
my $ rewrite = 0 ;
# return($return_code);
my $ new_file = "" ;
# }
my $ in_directory = 0 ;
# my $rewrite = 0;
foreach my $ line ( split /\n/ , $ httpd_conf )
# my $new_file = "";
{
# my $in_html_directory = 0;
$ anvil - > Log - > variables ( { source = > $ THIS_FILE , line = > __LINE__ , level = > $ debug , secure = > 0 , list = > { line = > $ line } } ) ;
# my $in_cgi_directory = 0;
# my $cgi_first_line = 0;
if ( $ in_directory )
# foreach my $line (split/\n/, $httpd_conf)
{
# {
if ( $ line =~ /^(\s+)AllowOverride None/i )
# $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { line => $line, in_cgi_directory => $in_cgi_directory }});
{
#
# We need to update.
# if ($in_html_directory)
my $ space = $ 1 ;
# {
$ rewrite = 1 ;
# if ($line =~ /^(\s+)AllowOverride None/i)
$ new_file . = $ space . "AllowOverride AuthConfig\n" ;
# {
next ;
# # We need to update.
}
# my $space = $1;
elsif ( $ line eq "</Directory>" )
# $rewrite = 1;
{
# $new_file .= $space."AllowOverride AuthConfig\n";
$ in_directory = 0 ;
# next;
$ anvil - > Log - > variables ( { source = > $ THIS_FILE , line = > __LINE__ , level = > $ debug , secure = > 0 , list = > { in_directory = > $ in_directory } } ) ;
# }
}
# elsif ($line eq "</Directory>")
}
# {
elsif ( $ line eq '<Directory "/var/www/html">' )
# $in_html_directory = 0;
{
# $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { in_html_directory => $in_html_directory }});
$ in_directory = 1 ;
# }
$ anvil - > Log - > variables ( { source = > $ THIS_FILE , line = > __LINE__ , level = > $ debug , secure = > 0 , list = > { in_directory = > $ in_directory } } ) ;
# }
}
# elsif ($line eq '<Directory "/var/www/html">')
# {
$ new_file . = $ line . "\n" ;
# $in_html_directory = 1;
}
# $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { in_html_directory => $in_html_directory }});
# }
if ( $ rewrite )
#
{
# if ($in_cgi_directory)
# Back it up first.
# {
my $ backup_file = $ anvil - > Storage - > backup ( {
# $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { cgi_first_line => $cgi_first_line, line => $line }});
file = > $ anvil - > data - > { path } { configs } { 'httpd.conf' } ,
# if ((not $cgi_first_line) && ($line =~ /^(\s+)AllowOverride None/i))
debug = > $ debug ,
# {
target = > $ target ,
# # We need to update.
port = > $ port ,
# my $space = $1;
remote_user = > $ remote_user ,
# $rewrite = 1;
password = > $ password ,
# $new_file .= $space."# Password login\n";
} ) ;
# $new_file .= $space."AuthType Basic\n";
$ anvil - > Log - > variables ( { source = > $ THIS_FILE , line = > __LINE__ , level = > $ debug , list = > { backup_file = > $ backup_file } } ) ;
# $new_file .= $space."AuthName \"Striker - The Anvil! Dashboard\"\n";
# $new_file .= $space."AuthUserFile ".$anvil->data->{path}{data}{'.htpasswd'}."\n";
if ( $ backup_file )
# $new_file .= $space."Require valid-user \n";
{
#
# Proceed.
# $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { space => $space, rewrite => $rewrite }});
$ anvil - > Storage - > write_file ( {
# }
body = > $ new_file ,
# elsif ($line eq "</Directory>")
debug = > $ debug ,
# {
file = > $ anvil - > data - > { path } { configs } { 'httpd.conf' } ,
# $in_cgi_directory = 0;
overwrite = > 1 ,
# $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { in_cgi_directory => $in_cgi_directory }});
secure = > 0 ,
# }
target = > $ target ,
# elsif ($line =~ /Require all granted/)
port = > $ port ,
# {
remote_user = > $ remote_user ,
# # We don't want this line.
password = > $ password ,
# $rewrite = 1;
} ) ;
# $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { rewrite => $rewrite }});
}
# next;
}
# }
# $cgi_first_line = 1;
return ( $ return_code ) ;
# }
}
# elsif ($line eq '<Directory "/var/www/cgi-bin">')
# {
# $in_cgi_directory = 1;
# $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { in_cgi_directory => $in_cgi_directory }});
# }
#
# $new_file .= $line."\n";
# }
#
# # Update the file if needed.
# if ($rewrite)
# {
# # Back it up first.
# my $backup_file = $anvil->Storage->backup({
# file => $anvil->data->{path}{configs}{'httpd.conf'},
# debug => $debug,
# target => $target,
# port => $port,
# remote_user => $remote_user,
# password => $password,
# });
# $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { backup_file => $backup_file }});
#
# if ($backup_file)
# {
# # Proceed.
# $anvil->Storage->write_file({
# body => $new_file,
# debug => $debug,
# file => $anvil->data->{path}{configs}{'httpd.conf'},
# overwrite => 1,
# secure => 0,
# target => $target,
# port => $port,
# remote_user => $remote_user,
# password => $password,
# });
# }
# }
#
# # Generate the htpasswd md5 (special flavour) hash string.
# # See: https://httpd.apache.org/docs/2.4/misc/password_encryptions.html
#
# # <user>:$apr1$<salt>$<hash>
# #admin:$apr1$Upbg/ujf$SJNCufHfq76uo2t0rZTZI/
#
# # my $salt = $anvil->System->call({debug => $debug, shell_call => $anvil->data->{path}{exe}{openssl}." rand 1000 | ".$anvil->data->{path}{exe}{strings}." | ".$anvil->data->{path}{exe}{'grep'}." -io [0-9A-Za-z\.\/] | ".$anvil->data->{path}{exe}{head}." -n 16 | ".$anvil->data->{path}{exe}{'tr'}." -d '\n'" });
# # my $new_hash = crypt($new_password,"\$6\$".$salt."\$");
# # $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => {
# # salt => $salt,
# # new_hash => $new_hash,
# # }});
#
# # htpasswd -cb /etc/httpd/.htpasswd admin Initial2
# # chown apache:apache /etc/httpd/.htpasswd
# # chmod 0660 /etc/httpd/.htpasswd
#
#
# # (re)write the htpasswd file.
# ### TODO: Temporary!
# $new_password =~ s/"/\"/g;
# my $shell_call = $anvil->data->{path}{exe}{htpasswd}." -nb ".$user." \"".$new_password."\"";
# my $output = $anvil->System->call({debug => $debug, secure => 1, shell_call => $shell_call});
# my $hash_string = "";
# $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { output => $output }});
# foreach my $line (split/\n/, $output)
# {
# $hash_string = $line;
# $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { hash_string => $hash_string }});
# last;
# }
#
# # Write out the file.
# $return_code = $anvil->Storage->write_file({
# body => $hash_string."\n\n",
# debug => $debug,
# file => $anvil->data->{path}{data}{'.htpasswd'},
# group => "apache",
# mode => "0660",
# overwrite => 1,
# secure => 0,
# target => $target,
# user => "apache",
# port => $port,
# remote_user => $remote_user,
# password => $password,
# });
# $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { return_code => $return_code }});
#
# if (not $return_code)
# {
# # Restart apache
# $anvil->System->reload_daemon({debug => $debug, daemon => "httpd"});
# }
#
# return($return_code);
# }
= head2 change_shell_user_password
= head2 change_shell_user_password
@ -1686,13 +1792,13 @@ sub stty_echo
if ( $ set eq "off" )
if ( $ set eq "off" )
{
{
$ anvil - > data - > { sys } { stty } = $ anvil - > System - > call ( { shell_call = > $ anvil - > data - > { path } { exe } { stty } . " --save" } ) ;
$ anvil - > data - > { sys } { terminal } { stty } = $ anvil - > System - > call ( { shell_call = > $ anvil - > data - > { path } { exe } { stty } . " --save" } ) ;
$ anvil - > Log - > variables ( { source = > $ THIS_FILE , line = > __LINE__ , level = > 2 , secure = > 0 , list = > { 'sys::stty' = > $ anvil - > data - > { sys } { stty } } } ) ;
$ anvil - > Log - > variables ( { source = > $ THIS_FILE , line = > __LINE__ , level = > 2 , secure = > 0 , list = > { 'sys::terminal:: stty' = > $ anvil - > data - > { sys } { terminal } { stty } } } ) ;
$ anvil - > System - > call ( { shell_call = > $ anvil - > data - > { path } { exe } { stty } . " -echo" } ) ;
$ anvil - > System - > call ( { shell_call = > $ anvil - > data - > { path } { exe } { stty } . " -echo" } ) ;
}
}
elsif ( ( $ set eq "on" ) && ( $ anvil - > data - > { sys } { stty } ) )
elsif ( ( $ set eq "on" ) && ( $ anvil - > data - > { sys } { terminal } { stty } ) )
{
{
$ anvil - > System - > call ( { shell_call = > $ anvil - > data - > { path } { exe } { stty } . " " . $ anvil - > data - > { sys } { stty } } ) ;
$ anvil - > System - > call ( { shell_call = > $ anvil - > data - > { path } { exe } { stty } . " " . $ anvil - > data - > { sys } { terminal } { stty } } ) ;
}
}
return ( 0 ) ;
return ( 0 ) ;