diff options
| author | John Southworth <john.southworth@vyatta.com> | 2012-09-25 10:16:57 -0700 |
|---|---|---|
| committer | John Southworth <john.southworth@vyatta.com> | 2012-09-25 10:16:57 -0700 |
| commit | ed7cdece4009646b7f2d67030c439108c3692485 (patch) | |
| tree | 8274096d8283f885ff2373976d7af97f9b557523 | |
| parent | 0aabbfdb8bf8b51eb774f385f1ec8da0c599a2b4 (diff) | |
| parent | 647f7b50a80925bed700525aebd225ad59319cf4 (diff) | |
| download | vyatta-cfg-system-ed7cdece4009646b7f2d67030c439108c3692485.tar.gz vyatta-cfg-system-ed7cdece4009646b7f2d67030c439108c3692485.zip | |
Bugfix 8290: Detect original unsalted password
| -rw-r--r-- | debian/changelog | 26 | ||||
| -rwxr-xr-x | scripts/install-system | 8 | ||||
| -rwxr-xr-x | scripts/install/install-functions | 8 | ||||
| -rwxr-xr-x | scripts/system/vyatta_update_hosts.pl | 5 | ||||
| -rwxr-xr-x | scripts/vyatta-first-login-passwd.sh | 17 | ||||
| -rw-r--r-- | templates/interfaces/vti/node.def | 2 |
6 files changed, 51 insertions, 15 deletions
diff --git a/debian/changelog b/debian/changelog index a8294d8e..29459faf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,29 @@ +vyatta-cfg-system (0.20.35) unstable; urgency=low + + * Do not check disabled accounts for default password + + -- James Davidson <james.davidson@vyatta.com> Fri, 21 Sep 2012 14:17:25 -0700 + +vyatta-cfg-system (0.20.34) unstable; urgency=low + + * Set hostname after updating hosts file + + -- James Davidson <james.davidson@vyatta.com> Wed, 19 Sep 2012 11:56:39 -0700 + +vyatta-cfg-system (0.20.33) unstable; urgency=low + + * fix for 8372 - Unclear which user ID the changed administrator + password applies to + + -- Deepti Kulkarni <deepti@vyatta.com> Tue, 18 Sep 2012 16:58:30 -0700 + +vyatta-cfg-system (0.20.32) unstable; urgency=low + + * Bugfix 8359: When deleteing vti interface use tunnel interface mode + ipip + + -- Saurabh Mohan <saurabh@vyatta.com> Tue, 18 Sep 2012 12:36:43 -0700 + vyatta-cfg-system (0.20.31) unstable; urgency=low * Update /etc/hosts when host name and domain name changes diff --git a/scripts/install-system b/scripts/install-system index 860bdd1e..80e58f6c 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -1096,9 +1096,13 @@ change_password() { until [[ "$pwd1" == "$pwd2" && "$pwd1" != "vyatta" ]] do - read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 2>&0 + read -p "Enter password for user '$user': " -r -s pwd1 <>/dev/tty 2>&0 echo - read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 2>&0 + if [[ "$pwd1" == "" ]]; then + echo "'' is not a valid password" + continue + fi + read -p "Retype password for user '$user':" -r -s pwd2 <>/dev/tty 2>&0 echo if [ "$pwd1" != "$pwd2" ] diff --git a/scripts/install/install-functions b/scripts/install/install-functions index 9290d88b..34ced705 100755 --- a/scripts/install/install-functions +++ b/scripts/install/install-functions @@ -237,9 +237,13 @@ change_password() { local pwd2="2" until [[ "$pwd1" == "$pwd2" && "$pwd1" != "vyatta" ]]; do - read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 2>&0 + read -p "Enter password for user '$user':" -r -s pwd1 <>/dev/tty 2>&0 echo - read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 2>&0 + if [[ "$pwd1" == "" ]]; then + echo "'' is not a valid password" + continue + fi + read -p "Retype password for user '$user':" -r -s pwd2 <>/dev/tty 2>&0 echo if [ "$pwd1" != "$pwd2" ]; then diff --git a/scripts/system/vyatta_update_hosts.pl b/scripts/system/vyatta_update_hosts.pl index 0fb2a914..7c8bc8e6 100755 --- a/scripts/system/vyatta_update_hosts.pl +++ b/scripts/system/vyatta_update_hosts.pl @@ -71,9 +71,6 @@ if (defined $domain_name) { } $hosts_line .= " $host_name\t #vyatta entry\n"; -set_hostname $host_name; -set_mailname $mail_name; - my ($out, $tempname) = tempfile($HOSTS_TMPL, UNLINK => 1) or die "Can't create temp file: $!"; @@ -97,3 +94,5 @@ close ($out); system("sudo cp $tempname $HOSTS_CFG") == 0 or die "Can't copy $tempname to $HOSTS_CFG: $!"; +set_hostname $host_name; +set_mailname $mail_name; diff --git a/scripts/vyatta-first-login-passwd.sh b/scripts/vyatta-first-login-passwd.sh index 467eff4b..bb37fcc8 100755 --- a/scripts/vyatta-first-login-passwd.sh +++ b/scripts/vyatta-first-login-passwd.sh @@ -91,6 +91,7 @@ change_password() { save } +dpwd='"*"' for user in $($API listEffectiveNodes system login user); do user=${user//\'/} epwd=$(show system login user $user authentication encrypted-password) @@ -100,13 +101,15 @@ for user in $($API listEffectiveNodes system login user); do change_password $user continue fi - salt=$(awk 'BEGIN{ FS="$" }; { print $3 }' <<<$epwd) - if [[ $salt == '' ]];then - continue - fi - vyatta_epwd=$(mkpasswd -H md5 -S $salt vyatta) - if [[ $epwd == $vyatta_epwd ]]; then - change_password $user + if [[ $epwd != $dpwd ]]; then + salt=$(awk 'BEGIN{ FS="$" }; { print $3 }' <<<$epwd) + if [[ $salt == '' ]];then + continue + fi + vyatta_epwd=$(mkpasswd -H md5 -S $salt vyatta) + if [[ $epwd == $vyatta_epwd ]]; then + change_password $user + fi fi done eval $(exit_configure) diff --git a/templates/interfaces/vti/node.def b/templates/interfaces/vti/node.def index 15ea2e3e..0b369f82 100644 --- a/templates/interfaces/vti/node.def +++ b/templates/interfaces/vti/node.def @@ -25,7 +25,7 @@ fi delete: if [ -d /sys/class/net/$VAR(@) ] ; then ip link set $VAR(@) down - ip tunnel del $VAR(@) mode esp + ip tunnel del $VAR(@) mode ipip fi end: |