blob: b9a28c4bea088c3120ddbb58011aafa9e3fd372f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
#!/bin/bash
# **** License ****
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# This code was originally developed by Vyatta, Inc.
# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc.
# All Rights Reserved.
#
# Author: Bob Gilligan <gilligan@vyatta.com>
# Description: Standalone script to set the admin passwd to new value
# value. Note: This script can ONLY be run as a standalone
# init program by grub.
#
# **** End License ****
# The Vyatta config file:
CF=/opt/vyatta/etc/config/config.boot
# Admin user name
ADMIN=vyatta
set_encrypted_password() {
sed -i \
-e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password \"$2\"/" $3
}
# How long to wait for user to respond, in seconds
TIME_TO_WAIT=30
change_password() {
local user=$1
local pwd1="1"
local pwd2="2"
until [ "$pwd1" == "$pwd2" ]
do
read -p "Enter $user password: " -r -s pwd1
echo
read -p "Retype $user password: " -r -s pwd2
echo
if [ "$pwd1" != "$pwd2" ]
then echo "Passwords do not match"
fi
done
# escape any slashes in resulting password
local epwd=$(mkpasswd -H md5 "$pwd1" | sed 's:/:\\/:g')
set_encrypted_password $user $epwd $CF
}
echo "Standalone root password recovery tool."
echo
#
# Check to see if we are running in standalone mode. We'll
# know that we are if our pid is 1.
#
if [ "$$" != "1" ]; then
echo "This tool can only be run in standalone mode."
exit 1
fi
#
# OK, now we know we are running in standalone mode. Talk to the
# user.
#
echo "Do you wish to reset the admin password?"
read -t $TIME_TO_WAIT response
if [ "$?" != "0" ]; then
echo
echo "Response not received in time."
echo "The admin password will not be reset."
echo "Rebooting in 5 seconds..."
sleep 5
echo
/sbin/reboot -f
fi
response=${response:0:1}
if [ "$response" != "y" -a "$response" != "Y" ]; then
echo "OK, the admin password will not be reset."
echo -n "Rebooting in 5 seconds..."
sleep 5
echo
/sbin/reboot -f
fi
echo "Starting process to reset the admin password..."
echo "Re-mounting root filesystem read/write..."
mount -o remount,rw /
# Leftover from V3.0
if grep -q /opt/vyatta/etc/config /etc/fstab
then
echo "Mounting the config filesystem..."
mount /opt/vyatta/etc/config/
fi
if ! grep -q " user $ADMIN " $CF
then
echo "Administrator account $ADMIN missing..."
echo -n "Rebooting in 5 seconds..."
sleep 5
echo
/sbin/reboot -f
fi
echo "Saving backup copy of config.boot..."
cp $CF ${CF}.before_pwrecovery
echo "Setting the administrator ($ADMIN) password..."
change_password $ADMIN
echo $(date "+%b%e %T") $(hostname) "Admin password changed" \
| tee -a /var/log/auth.log >>/var/log/messages
sync
echo "System will reboot in 10 seconds..."
sleep 10
/sbin/reboot -f
|
