diff options
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/install-system | 11 | ||||
| -rwxr-xr-x | scripts/install/install-functions | 7 | ||||
| -rwxr-xr-x | scripts/vyatta-first-login-passwd.sh | 103 |
3 files changed, 118 insertions, 3 deletions
diff --git a/scripts/install-system b/scripts/install-system index 3dd9e422..860bdd1e 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -1094,7 +1094,7 @@ change_password() { local pwd1="1" local pwd2="2" - until [ "$pwd1" == "$pwd2" ] + until [[ "$pwd1" == "$pwd2" && "$pwd1" != "vyatta" ]] do read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 2>&0 echo @@ -1102,7 +1102,14 @@ change_password() { echo if [ "$pwd1" != "$pwd2" ] - then echo "Passwords do not match" + then + echo "Passwords do not match" + continue + fi + if [ "$pwd1" == "vyatta" ] + then + echo "'vyatta' is not a valid password" + continue fi done diff --git a/scripts/install/install-functions b/scripts/install/install-functions index 042ef5bb..9290d88b 100755 --- a/scripts/install/install-functions +++ b/scripts/install/install-functions @@ -236,7 +236,7 @@ change_password() { local pwd1="1" local pwd2="2" - until [ "$pwd1" == "$pwd2" ]; do + until [[ "$pwd1" == "$pwd2" && "$pwd1" != "vyatta" ]]; do read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 2>&0 echo read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 2>&0 @@ -244,7 +244,12 @@ change_password() { if [ "$pwd1" != "$pwd2" ]; then echo "Passwords do not match" + continue fi + if [[ "$pwd1" == "vyatta" ]]; then + echo "'vyatta' is not a vaild password" + continue + fi done # escape any slashes in resulting password diff --git a/scripts/vyatta-first-login-passwd.sh b/scripts/vyatta-first-login-passwd.sh new file mode 100755 index 00000000..ff28c57d --- /dev/null +++ b/scripts/vyatta-first-login-passwd.sh @@ -0,0 +1,103 @@ +#!/bin/bash +trap '' INT KILL + +# don't run as operators +if ! groups | grep -q vyattacfg; then + exit 0 +fi + +# don't run if we've already done this, +# the commit system will handle the invalid password +if [ -e /opt/vyatta/etc/.nofirstpasswd ]; then + exit 0 +fi + +# don't run on livecd installer will do the check +if grep -q -e '^unionfs.*/filesystem.squashfs' /proc/mounts; then + exit 0 +fi + +API=/bin/cli-shell-api + +session_env=$($API getSessionEnv $PPID) +eval $session_env +$API setupSession + +exit_configure () +{ + $API teardownSession + echo -n 'export -n VYATTA_CONFIG_TMP; ' + echo -n 'export -n VYATTA_CHANGES_ONLY_DIR; ' + echo -n 'export -n VYATTA_ACTIVE_CONFIGURATION_DIR; ' + echo -n 'export -n VYATTA_TEMPLATE_LEVEL; ' + echo -n 'export -n VYATTA_CONFIG_TEMPLATE; ' + echo -n 'export -n VYATTA_TEMP_CONFIG_DIR; ' + echo -n 'export -n VYATTA_EDIT_LEVEL; ' +} + +set () +{ + /opt/vyatta/sbin/my_set $* +} + +commit () +{ + /opt/vyatta/sbin/my_commit "$@" +} + +save () +{ + /opt/vyatta/sbin/vyatta-save-config.pl +} + +show () +{ + $API showCfg "$@" +} + +change_password() { + local user=$1 + local pwd1="1" + local pwd2="2" + + echo "Invalid password detected for user $user" + echo "Please enter a new password" + until [[ "$pwd1" == "$pwd2" && "$pwd1" != "vyatta" ]]; do + read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 2>&0 + echo + if [[ "$pwd1" == "" ]]; then + echo "'' is not a valid password" + continue + fi + read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 2>&0 + echo + + if [[ "$pwd1" != "$pwd2" ]]; then + echo "Passwords do not match" + continue + fi + if [[ "$pwd1" == "vyatta" ]]; then + echo "'vyatta' is not a vaild password" + continue + fi + done + + # escape any slashes in resulting password + local epwd=$(mkpasswd -H md5 "$pwd1" | sed 's:/:\\/:g') + set system login user $user authentication plaintext-password "$pwd1" + commit + save +} + +for user in $($API listEffectiveNodes system login user); do + user=${user//\'/} + epwd=$(show system login user $user authentication encrypted-password) + epwd=$(awk '{ print $2 }' <<<$epwd) + salt=$(awk 'BEGIN{ FS="$" }; { print $3 }' <<<$epwd) + vyatta_epwd=$(mkpasswd -H md5 -S $salt vyatta) + if [[ $epwd == $vyatta_epwd ]]; then + change_password $user + fi +done +eval $(exit_configure) +sudo touch /opt/vyatta/etc/.nofirstpasswd |