summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2008-10-01 17:54:54 +0200
committerStephen Hemminger <stephen.hemminger@vyatta.com>2008-10-01 17:54:54 +0200
commit73f0546e5f5c8d9bd367771ae0012797114ca340 (patch)
treee2e755db18a0506b21794cc3e213f58bedae6dfa /scripts
parent81cfe85c1b8ecdd25eb2735779a9a99b6c682da4 (diff)
downloadvyatta-cfg-system-73f0546e5f5c8d9bd367771ae0012797114ca340.tar.gz
vyatta-cfg-system-73f0546e5f5c8d9bd367771ae0012797114ca340.zip
Standalone passwd reset prompt for password
Rather than resetting to factory default which continues possible remote security hole, prompt (twice) for new value.
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/standalone_root_pw_reset37
1 files changed, 27 insertions, 10 deletions
diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset
index 336d534d..eae5754e 100755
--- a/scripts/standalone_root_pw_reset
+++ b/scripts/standalone_root_pw_reset
@@ -23,6 +23,31 @@
# The Vyatta config file:
CF=/opt/vyatta/etc/config/config.boot
+change_password() {
+ local user=$1
+ local pwd1="1"
+ local pwd2="2"
+
+ until [ "$pwd1" == "$pwd2" ]
+ do
+ read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 1>&0
+ echo
+ read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 1>&0
+ echo
+
+ if [ "$pwd1" != "$pwd2" ]
+ then echo "Passwords do not match"
+ fi
+ done
+
+ # escape any slashes in resulting password
+ local epwd=$(mkpasswd -H md5 "$pwd1" | sed 's:/:\\/:g')
+
+ sed -i \
+ -e "/ user $user {/,/}/s/encrypted-password:.*\$/encrypted-password: \"$epwd\"/" \
+ $CF
+}
+
echo "Standalone root password recovery tool."
echo
#
@@ -69,17 +94,9 @@ cp $CF ${CF}.before_pwrecovery
echo "Reseting the root password..."
-# change system first
-newpwd=`mkpasswd -H md5 vyatta`
-usermod --password "$newpwd" root
-
-# escape / in encrypted passwd
-pw=$(echo $newpwd | sed 's:/:\\/:g')
-sed -i \
- -e "/^.* user root {/,/}/s/encrypted-password .*\$/encrypted-password \"$pw\"/" \
- $CF
+change_password root
-echo $(date "+%b%e %T") $(hostname) "Root password reset to factory value" \
+echo $(date "+%b%e %T") $(hostname) "Root password changed" \
| tee -a /var/log/auth.log >>/var/log/messages
sync