You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
219 lines
8.1 KiB
219 lines
8.1 KiB
#!/usr/bin/perl |
|
# |
|
# This program is setuid 'admin' and calls a (new) peer to read its hostname and system UUID. It takes the |
|
# target's password in via a file. |
|
# |
|
# Exit codes; |
|
# 0 = Normal exit. |
|
# 1 = No database connection. |
|
# 2 = Password not found in the database. |
|
# 3 = Peer not accessible |
|
# 4 = Unable to find the peer's host UUID |
|
# 5 = |
|
# |
|
|
|
use strict; |
|
use warnings; |
|
use Anvil::Tools; |
|
|
|
my $THIS_FILE = ($0 =~ /^.*\/(.*)$/)[0]; |
|
my $running_directory = ($0 =~ /^(.*?)\/$THIS_FILE$/)[0]; |
|
if (($running_directory =~ /^\./) && ($ENV{PWD})) |
|
{ |
|
$running_directory =~ s/^\./$ENV{PWD}/; |
|
} |
|
|
|
# Turn off buffering so that the pinwheel will display while waiting for the SSH call(s) to complete. |
|
$| = 1; |
|
|
|
my $anvil = Anvil::Tools->new(); |
|
$anvil->Log->level({set => 2}); |
|
$anvil->Log->secure({set => 1}); |
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, secure => 0, key => "log_0115", variables => { program => $THIS_FILE }}); |
|
|
|
# Read switches (target ([user@]host[:port]) and the file with the target's password. |
|
$anvil->data->{switches}{target} = ""; |
|
$anvil->data->{switches}{'state-uuid'} = ""; |
|
$anvil->Get->switches; |
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { |
|
'switches::target' => $anvil->data->{switches}{target}, |
|
'switches::state-uuid' => $anvil->data->{switches}{'state-uuid'}, |
|
}}); |
|
|
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, secure => 0, key => "log_0435", variables => { |
|
program => $THIS_FILE, |
|
real_user => getpwuid($<), |
|
real_uid => $<, |
|
effective_user => getpwuid($>), |
|
effective_uid => $>, |
|
}}); |
|
|
|
$anvil->data->{target}{user} = "admin"; |
|
$anvil->data->{target}{host} = $anvil->data->{switches}{target}; |
|
$anvil->data->{target}{port} = 22; |
|
$anvil->data->{target}{password} = get_password($anvil); |
|
if ($anvil->data->{target}{host} =~ /^(.*?)@/) |
|
{ |
|
$anvil->data->{target}{user} = $1; |
|
$anvil->data->{target}{host} =~ s/^(.*?)@//; |
|
} |
|
if ($anvil->data->{target}{host} =~ /:(\d+)$/) |
|
{ |
|
$anvil->data->{target}{port} = $1; |
|
$anvil->data->{target}{host} =~ s/:(\d+)$//; |
|
} |
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { |
|
'target::user' => $anvil->data->{target}{user}, |
|
'target::target' => $anvil->data->{target}{host}, |
|
'target::port' => $anvil->data->{target}{port}, |
|
'target::password' => $anvil->Log->is_secure($anvil->data->{target}{password}), |
|
}}); |
|
|
|
my $host_uuid = get_host_uuid($anvil); |
|
my $host_name = get_host_name($anvil); |
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { |
|
host_uuid => $host_uuid, |
|
host_name => $host_name, |
|
}}); |
|
print "host_name=".$host_name."\n"; |
|
print "host_uuid=".$host_uuid."\n"; |
|
|
|
$anvil->nice_exit({code => 0}); |
|
|
|
|
|
############################################################################################################# |
|
# Functions # |
|
############################################################################################################# |
|
|
|
# This tries to read the target's UUID either via host.uuid or via dmidecode. |
|
sub get_host_name |
|
{ |
|
my ($anvil) = @_; |
|
|
|
my ($host_name, $error, $return_code) = $anvil->Remote->call({ |
|
debug => 2, |
|
shell_call => $anvil->data->{path}{exe}{hostnamectl}." --static", |
|
user => $anvil->data->{target}{user}, |
|
target => $anvil->data->{target}{host}, |
|
port => $anvil->data->{target}{port}, |
|
password => $anvil->data->{target}{password}, |
|
}); |
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { |
|
host_name => $host_name, |
|
error => $error, |
|
return_code => $return_code, |
|
}}); |
|
|
|
return($host_name); |
|
} |
|
|
|
# This tries to read the target's UUID either via host.uuid or via dmidecode. |
|
sub get_host_uuid |
|
{ |
|
my ($anvil) = @_; |
|
|
|
# This is the first thing called, so start by verifying we can talk to the target at all. |
|
my $access = $anvil->Remote->test_access({ |
|
user => $anvil->data->{target}{user}, |
|
target => $anvil->data->{target}{host}, |
|
port => $anvil->data->{target}{port}, |
|
password => $anvil->data->{target}{password}, |
|
}); |
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { access => $access }}); |
|
if (not $access) |
|
{ |
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, priority => "err", key => "error_0069", variables => { |
|
host => $anvil->data->{target}{user}.'@'.$anvil->data->{target}{host}.':'.$anvil->data->{target}{port}, |
|
}}); |
|
$anvil->nice_exit({exit_code => 3}); |
|
} |
|
|
|
# Try to read the host.uuid file on the target, if possible. |
|
my $host_uuid = ""; |
|
my $file_body = $anvil->Storage->read_file({ |
|
debug => 3, |
|
file => $anvil->data->{path}{data}{host_uuid}, |
|
user => $anvil->data->{target}{user}, |
|
target => $anvil->data->{target}{host}, |
|
port => $anvil->data->{target}{port}, |
|
password => $anvil->data->{target}{password}, |
|
}); |
|
$file_body =~ s/\n$//g; |
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { file_body => $file_body }}); |
|
if (($file_body eq "!!error!!") or (not $anvil->Validate->is_uuid({uuid => $file_body}))) |
|
{ |
|
# No good, Try dmidecode. |
|
my ($output, $error, $return_code) = $anvil->Remote->call({ |
|
debug => 2, |
|
shell_call => $anvil->data->{path}{exe}{dmidecode}." --string system-uuid", |
|
user => $anvil->data->{target}{user}, |
|
target => $anvil->data->{target}{host}, |
|
port => $anvil->data->{target}{port}, |
|
password => $anvil->data->{target}{password}, |
|
}); |
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { |
|
output => $output, |
|
error => $error, |
|
return_code => $return_code, |
|
}}); |
|
if ($anvil->Validate->is_uuid({uuid => $output})) |
|
{ |
|
# Got it. |
|
$host_uuid = $output; |
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { host_uuid => $host_uuid }}); |
|
} |
|
} |
|
else |
|
{ |
|
$host_uuid = $file_body; |
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { host_uuid => $host_uuid }}); |
|
} |
|
|
|
# Exit out if I failed to get the host's UUID. |
|
if (not $host_uuid) |
|
{ |
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, priority => "err", key => "error_0070", variables => { |
|
host => $anvil->data->{target}{user}.'@'.$anvil->data->{target}{host}.':'.$anvil->data->{target}{port}, |
|
}}); |
|
$anvil->nice_exit({exit_code => 4}); |
|
} |
|
|
|
return($host_uuid); |
|
} |
|
|
|
# This reads in the password from the password file, if possible. |
|
sub get_password |
|
{ |
|
my ($anvil) = @_; |
|
|
|
# We'll pick up the peer's password from the database. |
|
$anvil->Database->connect(); |
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 3, secure => 0, key => "log_0132"}); |
|
if (not $anvil->data->{sys}{database}{connections}) |
|
{ |
|
# No databases, exit. |
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, priority => "err", key => "error_0067"}); |
|
$anvil->nice_exit({exit_code => 1}); |
|
} |
|
|
|
my $query = "SELECT state_note FROM states WHERE state_uuid=".$anvil->Database->quote($anvil->data->{switches}{'state-uuid'}).";"; |
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { query => $query }}); |
|
|
|
my $password = $anvil->Database->query({uuid => $anvil->data->{sys}{host_uuid}, debug => 2, query => $query, source => $THIS_FILE, line => __LINE__})->[0]->[0]; |
|
$password = "" if not defined $password; |
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 1, list => { password => $password }}); |
|
if (not $password) |
|
{ |
|
# Well poo. |
|
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, priority => "err", key => "error_0068"}); |
|
$anvil->nice_exit({exit_code => 2}); |
|
} |
|
else |
|
{ |
|
# We have the password. Delete the entry now. |
|
my $query = "DELETE FROM states WHERE state_uuid=".$anvil->Database->quote($anvil->data->{switches}{'state-uuid'}).";"; |
|
$anvil->Database->write({uuid => $anvil->data->{sys}{host_uuid}, debug => 3, query => $query, source => $THIS_FILE, line => __LINE__}); |
|
} |
|
|
|
return($password); |
|
}
|
|
|