blob: b75d19df00a46a79558169aca8860e77f40caa08 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
#!/bin/bash
# **** License ****
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# This code was originally developed by Vyatta, Inc.
# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc.
# All Rights Reserved.
#
# Author: Bob Gilligan <gilligan@vyatta.com>
# Description: Standalone script to set the admin passwd to new value
# value. Note: This script can ONLY be run as a standalone
# init program by grub.
#
# **** End License ****
# The Vyatta config file:
CF=/opt/vyatta/etc/config/config.boot
# Admin user name
ADMIN=vyatta
set_encrypted_password() {
sed -i \
-e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password \"$2\"/" $3
}
change_password() {
local user=$1
local pwd1="1"
local pwd2="2"
until [ "$pwd1" == "$pwd2" ]
do
read -p "Enter $user password: " -r -s pwd1
echo
read -p "Retype $user password: " -r -s pwd2
echo
if [ "$pwd1" != "$pwd2" ]
then echo "Passwords do not match"
fi
done
# escape any slashes in resulting password
local epwd=$(mkpasswd -H md5 "$pwd1" | sed 's:/:\\/:g')
set_encrypted_password $user $epwd $CF
}
echo "Standalone root password recovery tool."
echo
#
# Check to see if we are running in standalone mode. We'll
# know that we are if our pid is 1.
#
if [ "$$" != "1" ]; then
echo "This tool can only be run in standalone mode."
exit 1
fi
#
# OK, now we know we are running in standalone mode. Talk to the
# user.
#
echo "Do you wish to reset the admin password?"
read response
response=${response:0:1}
if [ "$response" != "y" -a "$response" != "Y" ]; then
echo "OK, the admin password will not be reset."
echo -n "Rebooting in 5 seconds..."
sleep 5
echo
/sbin/reboot -f
fi
echo "Starting process to reset the admin password..."
echo "Re-mounting root filesystem read/write..."
mount -o remount,rw /
# Leftover from V3.0
if grep -q /opt/vyatta/etc/config /etc/fstab
then
echo "Mounting the config filesystem..."
mount /opt/vyatta/etc/config/
fi
if ! grep -q " user $ADMIN " $CF
then
echo "Administrator account $ADMIN missing..."
exit 1
fi
echo "Saving backup copy of config.boot..."
cp $CF ${CF}.before_pwrecovery
echo "Setting the administrator ($ADMIN) password..."
change_password $ADMIN
echo $(date "+%b%e %T") $(hostname) "Admin password changed" \
| tee -a /var/log/auth.log >>/var/log/messages
sync
echo "System will reboot in 10 seconds..."
sleep 10
/sbin/reboot -f
|
