From 73f0546e5f5c8d9bd367771ae0012797114ca340 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 1 Oct 2008 17:54:54 +0200 Subject: Standalone passwd reset prompt for password Rather than resetting to factory default which continues possible remote security hole, prompt (twice) for new value. --- scripts/standalone_root_pw_reset | 37 +++++++++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset index 336d534d..eae5754e 100755 --- a/scripts/standalone_root_pw_reset +++ b/scripts/standalone_root_pw_reset @@ -23,6 +23,31 @@ # The Vyatta config file: CF=/opt/vyatta/etc/config/config.boot +change_password() { + local user=$1 + local pwd1="1" + local pwd2="2" + + until [ "$pwd1" == "$pwd2" ] + do + read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 1>&0 + echo + read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 1>&0 + echo + + if [ "$pwd1" != "$pwd2" ] + then echo "Passwords do not match" + fi + done + + # escape any slashes in resulting password + local epwd=$(mkpasswd -H md5 "$pwd1" | sed 's:/:\\/:g') + + sed -i \ + -e "/ user $user {/,/}/s/encrypted-password:.*\$/encrypted-password: \"$epwd\"/" \ + $CF +} + echo "Standalone root password recovery tool." echo # @@ -69,17 +94,9 @@ cp $CF ${CF}.before_pwrecovery echo "Reseting the root password..." -# change system first -newpwd=`mkpasswd -H md5 vyatta` -usermod --password "$newpwd" root - -# escape / in encrypted passwd -pw=$(echo $newpwd | sed 's:/:\\/:g') -sed -i \ - -e "/^.* user root {/,/}/s/encrypted-password .*\$/encrypted-password \"$pw\"/" \ - $CF +change_password root -echo $(date "+%b%e %T") $(hostname) "Root password reset to factory value" \ +echo $(date "+%b%e %T") $(hostname) "Root password changed" \ | tee -a /var/log/auth.log >>/var/log/messages sync -- cgit v1.2.3