diff options
author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-07-21 22:20:40 -0700 |
---|---|---|
committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-07-21 22:20:40 -0700 |
commit | b420d76eebcda613c98caba3a5d0a60f7f91f9f6 (patch) | |
tree | 1517c73f27936a7e9e277033daf45b2cdbe54e52 /scripts/standalone_root_pw_reset | |
parent | af22a9fa03a4b23c085979561b4376b2b22850e6 (diff) | |
download | vyatta-cfg-system-b420d76eebcda613c98caba3a5d0a60f7f91f9f6.tar.gz vyatta-cfg-system-b420d76eebcda613c98caba3a5d0a60f7f91f9f6.zip |
Make standalone password recovery more robust
Add checks to see if Vyatta configuration even exists and might
be missing pieces needed to recover.
Add ability to recover totally missing account, if the config file
is intact.
Diffstat (limited to 'scripts/standalone_root_pw_reset')
-rwxr-xr-x | scripts/standalone_root_pw_reset | 51 |
1 files changed, 46 insertions, 5 deletions
diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset index b9a28c4b..e50312bc 100755 --- a/scripts/standalone_root_pw_reset +++ b/scripts/standalone_root_pw_reset @@ -25,6 +25,7 @@ CF=/opt/vyatta/etc/config/config.boot # Admin user name ADMIN=vyatta + set_encrypted_password() { sed -i \ -e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password \"$2\"/" $3 @@ -56,6 +57,18 @@ change_password() { set_encrypted_password $user $epwd $CF } +# System is so messed up that doing anything would be a mistake +dead() { + echo $* + echo + echo "This tool can only recover missing admininistrator password." + echo "It is not a full system restore" + echo + echo -n "Hit return to reboot system: " + read + /sbin/reboot -f +} + echo "Standalone root password recovery tool." echo # @@ -98,6 +111,14 @@ echo "Starting process to reset the admin password..." echo "Re-mounting root filesystem read/write..." mount -o remount,rw / +if ! -f /opt/vyatta/etc/config +then dead "Missing Vyatta config directory..." +fi + +if ! -f /etc/passwd +then dead "Missing password file..." +fi + # Leftover from V3.0 if grep -q /opt/vyatta/etc/config /etc/fstab then @@ -105,17 +126,37 @@ then mount /opt/vyatta/etc/config/ fi +if ! -f $CF +then dead "$CF file not found..." +fi + +if ! grep -q '^system {' $CF +then die "$CF file does not contain system settings..." +fi + +if ! grep -q ' login {' $CF +then + # Recreate login section of system + sed -i -e '/^system {/a\ + login { \ + }' $CF +fi + if ! grep -q " user $ADMIN " $CF then - echo "Administrator account $ADMIN missing..." - echo -n "Rebooting in 5 seconds..." - sleep 5 - echo - /sbin/reboot -f + echo "Recreating administrator $ADMIN in $CF..." + sed -i -e "/ login {/a\ + user $ADMIN { \ + authentication { \ + encrypted-password "$1$4XHPj9eT$G3ww9B/pYDLSXC8YVvazP0" \ + } \ + level admin \ + }" $CF fi echo "Saving backup copy of config.boot..." cp $CF ${CF}.before_pwrecovery +sync echo "Setting the administrator ($ADMIN) password..." change_password $ADMIN |