summaryrefslogtreecommitdiff
path: root/scripts/standalone_root_pw_reset
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2010-07-21 22:20:40 -0700
committerStephen Hemminger <stephen.hemminger@vyatta.com>2010-07-21 22:20:40 -0700
commitb420d76eebcda613c98caba3a5d0a60f7f91f9f6 (patch)
tree1517c73f27936a7e9e277033daf45b2cdbe54e52 /scripts/standalone_root_pw_reset
parentaf22a9fa03a4b23c085979561b4376b2b22850e6 (diff)
downloadvyatta-cfg-system-b420d76eebcda613c98caba3a5d0a60f7f91f9f6.tar.gz
vyatta-cfg-system-b420d76eebcda613c98caba3a5d0a60f7f91f9f6.zip
Make standalone password recovery more robust
Add checks to see if Vyatta configuration even exists and might be missing pieces needed to recover. Add ability to recover totally missing account, if the config file is intact.
Diffstat (limited to 'scripts/standalone_root_pw_reset')
-rwxr-xr-xscripts/standalone_root_pw_reset51
1 files changed, 46 insertions, 5 deletions
diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset
index b9a28c4b..e50312bc 100755
--- a/scripts/standalone_root_pw_reset
+++ b/scripts/standalone_root_pw_reset
@@ -25,6 +25,7 @@ CF=/opt/vyatta/etc/config/config.boot
# Admin user name
ADMIN=vyatta
+
set_encrypted_password() {
sed -i \
-e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password \"$2\"/" $3
@@ -56,6 +57,18 @@ change_password() {
set_encrypted_password $user $epwd $CF
}
+# System is so messed up that doing anything would be a mistake
+dead() {
+ echo $*
+ echo
+ echo "This tool can only recover missing admininistrator password."
+ echo "It is not a full system restore"
+ echo
+ echo -n "Hit return to reboot system: "
+ read
+ /sbin/reboot -f
+}
+
echo "Standalone root password recovery tool."
echo
#
@@ -98,6 +111,14 @@ echo "Starting process to reset the admin password..."
echo "Re-mounting root filesystem read/write..."
mount -o remount,rw /
+if ! -f /opt/vyatta/etc/config
+then dead "Missing Vyatta config directory..."
+fi
+
+if ! -f /etc/passwd
+then dead "Missing password file..."
+fi
+
# Leftover from V3.0
if grep -q /opt/vyatta/etc/config /etc/fstab
then
@@ -105,17 +126,37 @@ then
mount /opt/vyatta/etc/config/
fi
+if ! -f $CF
+then dead "$CF file not found..."
+fi
+
+if ! grep -q '^system {' $CF
+then die "$CF file does not contain system settings..."
+fi
+
+if ! grep -q ' login {' $CF
+then
+ # Recreate login section of system
+ sed -i -e '/^system {/a\
+ login { \
+ }' $CF
+fi
+
if ! grep -q " user $ADMIN " $CF
then
- echo "Administrator account $ADMIN missing..."
- echo -n "Rebooting in 5 seconds..."
- sleep 5
- echo
- /sbin/reboot -f
+ echo "Recreating administrator $ADMIN in $CF..."
+ sed -i -e "/ login {/a\
+ user $ADMIN { \
+ authentication { \
+ encrypted-password "$1$4XHPj9eT$G3ww9B/pYDLSXC8YVvazP0" \
+ } \
+ level admin \
+ }" $CF
fi
echo "Saving backup copy of config.boot..."
cp $CF ${CF}.before_pwrecovery
+sync
echo "Setting the administrator ($ADMIN) password..."
change_password $ADMIN