seasharp
/
anvil
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Created System->change_apache_password() to update (and enable) Striker's apache user. For now, it simply enables it in httpd.conf, it doesn't actually set/update the password.

Browse Source 
Signed-off-by: Digimer <digimer@alteeve.ca>
main
Digimer 7 years ago
parent b8bb781c5e
commit de333704b5
4 changed files with 178 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      Anvil/Tools.pm
  2. 162
      Anvil/Tools/System.pm
  3. 3
      anvil.conf
  4. 8
      tools/anvil-change-password

6
Anvil/Tools.pm
Unescape View File

@ -664,6 +664,9 @@ sub _set_defaults
my ($anvil) = shift;
$anvil->data->{sys} = {
apache => {
user => "admin",
},
daemons => {
restart_firewalld => 1,
},
@ -751,6 +754,7 @@ sub _set_paths
'anvil.conf' => "/etc/anvil/anvil.conf",
'anvil.version' => "/etc/anvil/anvil.version",
'firewalld.conf' => "/etc/firewalld/firewalld.conf",
'httpd.conf' => "/etc/httpd/conf/httpd.conf",
'journald_anvil' => "/etc/systemd/journald.conf.d/anvil.conf",
'pg_hba.conf' => "/var/lib/pgsql/data/pg_hba.conf",
'postgresql.conf' => "/var/lib/pgsql/data/postgresql.conf",
@ -758,6 +762,7 @@ sub _set_paths
},
data => {
group => "/etc/group",
htpasswd => "/var/www/home/htpasswd",
host_uuid => "/etc/anvil/host.uuid",
passwd => "/etc/passwd",
},
@ -791,6 +796,7 @@ sub _set_paths
head => "/usr/bin/head",
hostname => "/usr/bin/hostname",
hostnamectl => "/usr/bin/hostnamectl",
htpasswd => "/usr/bin/htpasswd",
ifdown => "/sbin/ifdown",
ifup => "/sbin/ifup",
ip => "/usr/sbin/ip",

162
Anvil/Tools/System.pm
Unescape View File

@ -15,6 +15,7 @@ my $THIS_FILE = "System.pm";
### Methods;
# call
# change_apache_password
# change_shell_user_password
# check_daemon
# check_memory
@ -186,6 +187,167 @@ sub call
return($output);
}
=head2 change_apache_password
This changes the password used to connet to Striker's web interface. If the C<< .htpasswd >> file isn't found, this method will effectively enable the password feature.
The return code will be C<< 255 >> on internal error. Otherwise, it will be the code returned from the C<< passwd >> call.
Parameters;
=head3 new_password (required)
This is the new password to set. The user should be encouraged to select a good (long) password.
=head3 password (optional)
If you are changing the apache password on a remote machine, this is the password used to connect to that machine. If not passed, an attempt to connect with passwordless SSH will be made (but this won't be the case in most instances). Ignored if C<< target >> is not given.
=head3 port (optional, default 22)
This is the TCP port number to use if connecting to a remote machine over SSH. Ignored if C<< target >> is not given.
=head3 remote_user (optional, default root)
If C<< target >> is set and we're changing the password for a remote user, this is the user we B<< log into >> the remote machine as, B<< not >> the user whose password we will change.
=head3 target (optional)
This is the IP address or (resolvable) host name of the target machine whose user account you want to change the password
=head3 user (optional, default 'sys::apache::user' or 'admin')
This is the apache user name to use. If another name existed before in C<< .htpasswd >>, that old user name will be removed.
=cut
sub change_apache_password
{
my $self = shift;
my $parameter = shift;
my $anvil = $self->parent;
my $debug = defined $parameter->{debug} ? $parameter->{debug} : 3;
my $new_password = defined $parameter->{new_password} ? $parameter->{new_password} : "";
my $password = defined $parameter->{password} ? $parameter->{password} : "";
my $port = defined $parameter->{port} ? $parameter->{port} : "";
my $remote_user = defined $parameter->{remote_user} ? $parameter->{remote_user} : $anvil->data->{sys}{apache}{user};
my $target = defined $parameter->{target} ? $parameter->{target} : "";
my $user = defined $parameter->{user} ? $parameter->{user} : "";
my $return_code = 255;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => {
user => $user,
target => $target,
port => $port,
remote_user => $remote_user,
new_password => $anvil->Log->secure ? $new_password : "--",
password => $anvil->Log->secure ? $password : "--",
}});
# Set the user to 'admin' if it's not set.
if (not $user)
{
$user = "admin";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { user => $user }});
}
# OK, what about a password?
if (not $new_password)
{
# Um...
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0020", variables => { method => "Systeme->change_apache_password()", parameter => "new_password" }});
return($return_code);
}
# Only the root user can do this!
# $< == real UID, $> == effective UID
if (($< != 0) && ($> != 0))
{
# Not root
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0156", variables => { method => "Systeme->change_apache_password()" }});
return($return_code);
}
# Read httpd.conf and make sure apache is configured for .htpasswd.
my $httpd_conf = $anvil->Storage->read_file({
file => $anvil->data->{path}{configs}{'httpd.conf'},
debug => $debug,
target => $target,
port => $port,
remote_user => $remote_user,
password => $password,
});
if ($httpd_conf eq "!!error!!")
{
# We're done.
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { httpd_conf => $httpd_conf }});
return($return_code);
}
my $rewrite = 0;
my $new_file = "";
my $in_directory = 0;
foreach my $line (split/\n/, $httpd_conf)
{
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { line => $line }});
if ($in_directory)
{
if ($line =~ /^(\s+)AllowOverride None/i)
{
# We need to update.
my $space = $1;
$rewrite = 1;
$new_file .= $space."AllowOverride AuthConfig\n";
next;
}
elsif ($line eq "</Directory>")
{
$in_directory = 0;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { in_directory => $in_directory }});
}
}
elsif ($line eq '<Directory "/var/www/html">')
{
$in_directory = 1;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { in_directory => $in_directory }});
}
$new_file .= $line."\n";
}
if ($rewrite)
{
# Back it up first.
my $backup_file = $anvil->Storage->backup({
file => $anvil->data->{path}{configs}{'httpd.conf'},
debug => $debug,
target => $target,
port => $port,
remote_user => $remote_user,
password => $password,
});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { backup_file => $backup_file }});
if ($backup_file)
{
# Proceed.
$anvil->Storage->write_file({
body => $new_file,
debug => $debug,
file => $anvil->data->{path}{configs}{'httpd.conf'},
overwrite => 1,
secure => 0,
target => $target,
port => $port,
remote_user => $remote_user,
password => $password,
});
}
}
return($return_code);
}
=head2 change_shell_user_password
This changes the password for a shell user account. It can change the password on either the local or a remote machine.

3
anvil.conf
Unescape View File

@ -79,6 +79,9 @@ sys::database::schema = /usr/sbin/anvil/anvil.sql
# transaction can take and how much memory is used.
#sys::database::maximum_batch_size = 25000
### Apache stuff
#sys::apache::user = admin
# By default, we try to determine the host type using the host name. The rules used for this can be seen in
# 'perldoc Anvil::Tools::System -> determine_host_type'. If you are using non-standard host names, or for some
# other reason want to statically assign the host type, you can do so with this variable. Note that this sets

8
tools/anvil-change-password
Unescape View File

@ -54,7 +54,7 @@ $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, secure =
if (not $connections)
{
# No databases, exit.
print $anvil->Words->string({key => "error_0003"});
print $anvil->Words->string({key => "error_0003"})."\n";
$anvil->nice_exit({exit_code => 2});
}
@ -173,7 +173,13 @@ sub update_local_passwords
print "Updating: [$user] with password: [".$anvil->data->{switches}{'new-password'}."]\n";
$anvil->System->change_shell_user_password({debug => 2, user => $user, new_password => $anvil->data->{switches}{'new-password'}});
}
### TODO: Put the database into maintenance mode, then check for any known nodes and update their
### password for us.
# Update the database password.
my $apache_user = $anvil->data->{sys}{apache}{user} ? $anvil->data->{sys}{apache}{user} : "admin";
$anvil->System->change_apache_password({debug => 2, new_password => $anvil->data->{switches}{'new-password'}});
return(0);
}

Write Preview
Loading…
Cancel
Save