diff options
author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2008-10-01 17:54:54 +0200 |
---|---|---|
committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2008-10-01 17:54:54 +0200 |
commit | 73f0546e5f5c8d9bd367771ae0012797114ca340 (patch) | |
tree | e2e755db18a0506b21794cc3e213f58bedae6dfa /scripts | |
parent | 81cfe85c1b8ecdd25eb2735779a9a99b6c682da4 (diff) | |
download | vyatta-cfg-system-73f0546e5f5c8d9bd367771ae0012797114ca340.tar.gz vyatta-cfg-system-73f0546e5f5c8d9bd367771ae0012797114ca340.zip |
Standalone passwd reset prompt for password
Rather than resetting to factory default which continues
possible remote security hole, prompt (twice) for new value.
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/standalone_root_pw_reset | 37 |
1 files changed, 27 insertions, 10 deletions
diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset index 336d534d..eae5754e 100755 --- a/scripts/standalone_root_pw_reset +++ b/scripts/standalone_root_pw_reset @@ -23,6 +23,31 @@ # The Vyatta config file: CF=/opt/vyatta/etc/config/config.boot +change_password() { + local user=$1 + local pwd1="1" + local pwd2="2" + + until [ "$pwd1" == "$pwd2" ] + do + read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 1>&0 + echo + read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 1>&0 + echo + + if [ "$pwd1" != "$pwd2" ] + then echo "Passwords do not match" + fi + done + + # escape any slashes in resulting password + local epwd=$(mkpasswd -H md5 "$pwd1" | sed 's:/:\\/:g') + + sed -i \ + -e "/ user $user {/,/}/s/encrypted-password:.*\$/encrypted-password: \"$epwd\"/" \ + $CF +} + echo "Standalone root password recovery tool." echo # @@ -69,17 +94,9 @@ cp $CF ${CF}.before_pwrecovery echo "Reseting the root password..." -# change system first -newpwd=`mkpasswd -H md5 vyatta` -usermod --password "$newpwd" root - -# escape / in encrypted passwd -pw=$(echo $newpwd | sed 's:/:\\/:g') -sed -i \ - -e "/^.* user root {/,/}/s/encrypted-password .*\$/encrypted-password \"$pw\"/" \ - $CF +change_password root -echo $(date "+%b%e %T") $(hostname) "Root password reset to factory value" \ +echo $(date "+%b%e %T") $(hostname) "Root password changed" \ | tee -a /var/log/auth.log >>/var/log/messages sync |