diff options
| -rw-r--r-- | Makefile.am | 4 | ||||
| -rw-r--r-- | etc/profile.d/vyatta-login.sh | 1 | ||||
| -rwxr-xr-x | scripts/install-system | 8 | ||||
| -rwxr-xr-x | scripts/install/install-functions | 7 | ||||
| -rwxr-xr-x | scripts/vyatta-first-login-passwd.sh | 127 | ||||
| -rw-r--r-- | templates/system/login/user/node.tag/authentication/plaintext-password/node.def | 5 |
6 files changed, 2 insertions, 150 deletions
diff --git a/Makefile.am b/Makefile.am index 1919b44b..8329e30b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,7 +4,6 @@ bin_sudo_usersdir = $(bindir)/sudo-users curverdir = $(sysconfdir)/config-migrate/current checkparamsonrebootdir = $(bindir)/sudo-users/check-params-on-reboot.d initddir = /etc/init.d -profiledir = /etc/profile.d netplugupdir = /etc/netplug/linkup.d netplugdowndir = /etc/netplug/linkdown.d modprobedir = /etc/modprobe.d @@ -14,7 +13,6 @@ bin_SCRIPTS = sbin_SCRIPTS = sysconf_DATA = initd_SCRIPTS = -profile_SCRIPTS = checkparamsonreboot_SCRIPTS = checkparamsonreboot_DATA = @@ -23,7 +21,6 @@ checkparamsonreboot_DATA += scripts/check-params-on-reboot.d/README initd_SCRIPTS += etc/init.d/vyatta-config-reboot-params checkparamsonreboot_SCRIPTS += scripts/check-params-on-reboot.d/ipv6_disable_blacklist -profile_SCRIPTS += etc/profile.d/vyatta-login.sh netplugup_SCRIPTS = scripts/netplug/linkup/dhclient netplugdown_SCRIPTS = scripts/netplug/linkdown/dhclient @@ -31,7 +28,6 @@ netplugdown_SCRIPTS = scripts/netplug/linkdown/dhclient bin_SCRIPTS += scripts/progress-indicator bin_SCRIPTS += scripts/vyatta-functions -sbin_SCRIPTS += scripts/vyatta-first-login-passwd.sh sbin_SCRIPTS += scripts/check_file_in_config_dir sbin_SCRIPTS += scripts/init-floppy sbin_SCRIPTS += scripts/rl-system.init diff --git a/etc/profile.d/vyatta-login.sh b/etc/profile.d/vyatta-login.sh deleted file mode 100644 index 924295e3..00000000 --- a/etc/profile.d/vyatta-login.sh +++ /dev/null @@ -1 +0,0 @@ -/opt/vyatta/sbin/vyatta-first-login-passwd.sh diff --git a/scripts/install-system b/scripts/install-system index 80e58f6c..5dd06256 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -1094,7 +1094,7 @@ change_password() { local pwd1="1" local pwd2="2" - until [[ "$pwd1" == "$pwd2" && "$pwd1" != "vyatta" ]] + until [[ "$pwd1" == "$pwd2" ]] do read -p "Enter password for user '$user': " -r -s pwd1 <>/dev/tty 2>&0 echo @@ -1108,12 +1108,6 @@ change_password() { if [ "$pwd1" != "$pwd2" ] then echo "Passwords do not match" - continue - fi - if [ "$pwd1" == "vyatta" ] - then - echo "'vyatta' is not a valid password" - continue fi done diff --git a/scripts/install/install-functions b/scripts/install/install-functions index 99d39dc9..1929d1b3 100755 --- a/scripts/install/install-functions +++ b/scripts/install/install-functions @@ -236,7 +236,7 @@ change_password() { local pwd1="1" local pwd2="2" - until [[ "$pwd1" == "$pwd2" && "$pwd1" != "vyatta" ]]; do + until [[ "$pwd1" == "$pwd2" ]]; do read -p "Enter password for user '$user':" -r -s pwd1 <>/dev/tty 2>&0 echo if [[ "$pwd1" == "" ]]; then @@ -248,12 +248,7 @@ change_password() { if [ "$pwd1" != "$pwd2" ]; then echo "Passwords do not match" - continue fi - if [[ "$pwd1" == "vyatta" ]]; then - echo "'vyatta' is not a vaild password" - continue - fi done # escape any slashes in resulting password diff --git a/scripts/vyatta-first-login-passwd.sh b/scripts/vyatta-first-login-passwd.sh deleted file mode 100755 index 1db6e7ca..00000000 --- a/scripts/vyatta-first-login-passwd.sh +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/bash -trap '' INT KILL - -# don't run as operators -if ! groups | grep -q vyattacfg; then - exit 0 -fi - -# don't run if we've already done this, -# the commit system will handle the invalid password -if [ -e /opt/vyatta/etc/.nofirstpasswd ]; then - exit 0 -fi - -# don't run on livecd installer will do the check -if egrep -q -e '^(union|overlay)fs.*/filesystem\.squashfs' /proc/mounts; then - exit 0 -fi - -configdiff=$(cli-shell-api showConfig --show-cfg1 @ACTIVE --show-cfg2 /config/config.boot --show-context-diff) - -API=/bin/cli-shell-api - -session_env=$($API getSessionEnv $PPID) -eval $session_env -$API setupSession - -exit_configure () -{ - $API teardownSession - echo -n 'export -n VYATTA_CONFIG_TMP; ' - echo -n 'export -n VYATTA_CHANGES_ONLY_DIR; ' - echo -n 'export -n VYATTA_ACTIVE_CONFIGURATION_DIR; ' - echo -n 'export -n VYATTA_TEMPLATE_LEVEL; ' - echo -n 'export -n VYATTA_CONFIG_TEMPLATE; ' - echo -n 'export -n VYATTA_TEMP_CONFIG_DIR; ' - echo -n 'export -n VYATTA_EDIT_LEVEL; ' -} - -set () -{ - /opt/vyatta/sbin/my_set $* -} - -commit () -{ - /opt/vyatta/sbin/my_commit "$@" -} - -save () -{ - # do this the same way that vyatta-cfg does it - local save_cmd=/opt/vyatta/sbin/vyatta-save-config.pl - eval "sudo sg vyattacfg \"umask 0002 ; $save_cmd\"" -} - -show () -{ - $API showCfg "$@" -} - -change_password() { - local user=$1 - local pwd1="1" - local pwd2="2" - - echo "Invalid password detected for user $user" - echo "Please enter a new password" - until [[ "$pwd1" == "$pwd2" && "$pwd1" != "vyatta" ]]; do - read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 2>&0 - echo - if [[ "$pwd1" == "" ]]; then - echo "'' is not a valid password" - continue - fi - read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 2>&0 - echo - - if [[ "$pwd1" != "$pwd2" ]]; then - echo "Passwords do not match" - continue - fi - if [[ "$pwd1" == "vyatta" ]]; then - echo "'vyatta' is not a vaild password" - continue - fi - done - - # escape any slashes in resulting password - local epwd=$(mkpasswd -H md5 "$pwd1" | sed 's:/:\\/:g') - set system login user $user authentication plaintext-password "$pwd1" -} - -dpwd='"*"' -for user in $($API listEffectiveNodes system login user); do - user=${user//\'/} - epwd=$(show system login user $user authentication encrypted-password) - epwd=$(awk '{ print $2 }' <<<$epwd) - # check for old unsalted default password string. - if [[ $epwd == '$1$$Ht7gBYnxI1xCdO/JOnodh.' ]]; then - change_password $user - continue - fi - if [[ $epwd != $dpwd ]]; then - salt=$(awk 'BEGIN{ FS="$" }; { print $3 }' <<<$epwd) - if [[ $salt == '' ]];then - continue - fi - vyatta_epwd=$(mkpasswd -H md5 -S $salt vyatta) - if [[ $epwd == $vyatta_epwd ]]; then - change_password $user - fi - fi -done - -if $API sessionChanged; then - commit - if [[ -z $configdiff ]] ; then - save - else - echo "Warning: potential configuration issues exist." - echo "User passwords have been updated but the configuration has not been saved." - echo "Please review and validate the running configuration before saving." - fi -fi -eval $(exit_configure) -sudo touch /opt/vyatta/etc/.nofirstpasswd diff --git a/templates/system/login/user/node.tag/authentication/plaintext-password/node.def b/templates/system/login/user/node.tag/authentication/plaintext-password/node.def index 84fd972c..12a74a36 100644 --- a/templates/system/login/user/node.tag/authentication/plaintext-password/node.def +++ b/templates/system/login/user/node.tag/authentication/plaintext-password/node.def @@ -4,11 +4,6 @@ help: Plaintext password for encryption # and do nothing. to set password to empty, user needs to set the # "encrypted-password" to an empty string (which actually allows login without # password). -syntax:expression: exec "\ - if [[ -e /opt/vyatta/etc/.nofirstpasswd && '$VAR(@)' == 'vyatta' ]]; then \ - echo 'Invalid password [$VAR(@)]';\ - exit 1;\ - fi" update:expression: $VAR(@) == "" \ || ($VAR(../encrypted-password/@) \ = `/usr/bin/mkpasswd -H md5 '$VAR(@)' | tr -d \\\\n` \ |