From 686fcb96e7e77eee6e4fbe74c7ecbb0548d7e752 Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Wed, 15 Nov 2023 10:41:52 -0600 Subject: image: T4516: remove standalone_root_pw_reset, now in vyos-1x --- Makefile.am | 1 - scripts/standalone_root_pw_reset | 178 --------------------------------------- 2 files changed, 179 deletions(-) delete mode 100755 scripts/standalone_root_pw_reset diff --git a/Makefile.am b/Makefile.am index 13cd49bb..66204496 100644 --- a/Makefile.am +++ b/Makefile.am @@ -13,7 +13,6 @@ bin_SCRIPTS += scripts/progress-indicator bin_SCRIPTS += scripts/restricted-shell sbin_SCRIPTS += scripts/vyatta-grub-setup -sbin_SCRIPTS += scripts/standalone_root_pw_reset sbin_SCRIPTS += scripts/snmp/if-mib-alias sbin_SCRIPTS += scripts/vyatta-interfaces.pl sbin_SCRIPTS += scripts/install/install-get-partition diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset deleted file mode 100755 index c82cea32..00000000 --- a/scripts/standalone_root_pw_reset +++ /dev/null @@ -1,178 +0,0 @@ -#!/bin/bash -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. -# All Rights Reserved. -# -# Author: Bob Gilligan -# Description: Standalone script to set the admin passwd to new value -# value. Note: This script can ONLY be run as a standalone -# init program by grub. -# -# **** End License **** - -# The Vyatta config file: -CF=/opt/vyatta/etc/config/config.boot - -# Admin user name -ADMIN=vyos - -set_encrypted_password() { - sed -i \ - -e "/ user $1 {/,/encrypted-password/s/encrypted-password .*\$/encrypted-password \"$2\"/" $3 -} - - -# How long to wait for user to respond, in seconds -TIME_TO_WAIT=30 - -change_password() { - local user=$1 - local pwd1="1" - local pwd2="2" - - until [ "$pwd1" == "$pwd2" ] - do - read -p "Enter $user password: " -r -s pwd1 - echo - read -p "Retype $user password: " -r -s pwd2 - echo - - if [ "$pwd1" != "$pwd2" ] - then echo "Passwords do not match" - fi - done - - # set the password for the user then store it in the config - # so the user is recreated on the next full system boot. - local epwd=$(mkpasswd --method=sha-512 "$pwd1") - # escape any slashes in resulting password - local eepwd=$(sed 's:/:\\/:g' <<< $epwd) - set_encrypted_password $user $eepwd $CF -} - -# System is so messed up that doing anything would be a mistake -dead() { - echo $* - echo - echo "This tool can only recover missing admininistrator password." - echo "It is not a full system restore" - echo - echo -n "Hit return to reboot system: " - read - /sbin/reboot -f -} - -echo "Standalone root password recovery tool." -echo -# -# Check to see if we are running in standalone mode. We'll -# know that we are if our pid is 1. -# -if [ "$$" != "1" ]; then - echo "This tool can only be run in standalone mode." - exit 1 -fi - -# -# OK, now we know we are running in standalone mode. Talk to the -# user. -# -echo -n "Do you wish to reset the admin password? (y or n) " -read -t $TIME_TO_WAIT response -if [ "$?" != "0" ]; then - echo - echo "Response not received in time." - echo "The admin password will not be reset." - echo "Rebooting in 5 seconds..." - sleep 5 - echo - /sbin/reboot -f -fi - -response=${response:0:1} -if [ "$response" != "y" -a "$response" != "Y" ]; then - echo "OK, the admin password will not be reset." - echo -n "Rebooting in 5 seconds..." - sleep 5 - echo - /sbin/reboot -f -fi - -echo -en "Which admin account do you want to reset? [$ADMIN] " -read admin_user -ADMIN=${admin_user:-$ADMIN} - -echo "Starting process to reset the admin password..." - -echo "Re-mounting root filesystem read/write..." -mount -o remount,rw / - -if [ ! -f /etc/passwd ] -then dead "Missing password file" -fi - -if [ ! -d /opt/vyatta/etc/config ] -then dead "Missing VyOS config directory /opt/vyatta/etc/config" -fi - -# Leftover from V3.0 -if grep -q /opt/vyatta/etc/config /etc/fstab -then - echo "Mounting the config filesystem..." - mount /opt/vyatta/etc/config/ -fi - -if [ ! -f $CF ] -then dead "$CF file not found" -fi - -if ! grep -q 'system {' $CF -then dead "$CF file does not contain system settings" -fi - -if ! grep -q ' login {' $CF -then - # Recreate login section of system - sed -i -e '/system {/a\ - login {\ - }' $CF -fi - -if ! grep -q " user $ADMIN " $CF -then - echo "Recreating administrator $ADMIN in $CF..." - sed -i -e "/ login {/a\\ - user $ADMIN {\\ - authentication {\\ - encrypted-password \$6$IhbXHdwgYkLnt/$VRIsIN5c2f2v4L2l4F9WPDrRDEtWXzH75yBswmWGERAdX7oBxmq6m.sWON6pO6mi6mrVgYBxdVrFcCP5bI.nt.\\ - plaintext-password \"\"\\ - }\\ - level admin\\ - }" $CF -fi - -echo "Saving backup copy of config.boot..." -cp $CF ${CF}.before_pwrecovery -sync - -echo "Setting the administrator ($ADMIN) password..." -change_password $ADMIN - -echo $(date "+%b%e %T") $(hostname) "Admin password changed" \ - | tee -a /var/log/auth.log >>/var/log/messages - -sync - -echo "System will reboot in 10 seconds..." -sleep 10 -/sbin/reboot -f -- cgit v1.2.3