From 0aabbfdb8bf8b51eb774f385f1ec8da0c599a2b4 Mon Sep 17 00:00:00 2001
From: John Southworth <john.southworth@vyatta.com>
Date: Tue, 25 Sep 2012 10:12:31 -0700
Subject: Bugfix 8290: Detect original unsalted password

---
 scripts/vyatta-first-login-passwd.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'scripts')

diff --git a/scripts/vyatta-first-login-passwd.sh b/scripts/vyatta-first-login-passwd.sh
index d75e5c0c..467eff4b 100755
--- a/scripts/vyatta-first-login-passwd.sh
+++ b/scripts/vyatta-first-login-passwd.sh
@@ -95,7 +95,15 @@ for user in $($API listEffectiveNodes system login user); do
   user=${user//\'/}
   epwd=$(show system login user $user authentication encrypted-password)
   epwd=$(awk '{ print $2 }' <<<$epwd)
+  # check for old unsalted default password string.
+  if [[ $epwd == '$1$$Ht7gBYnxI1xCdO/JOnodh.' ]]; then
+     change_password $user
+     continue
+  fi
   salt=$(awk 'BEGIN{ FS="$" }; { print $3 }' <<<$epwd)
+  if [[ $salt == '' ]];then
+    continue
+  fi
   vyatta_epwd=$(mkpasswd -H md5 -S $salt vyatta)
   if [[ $epwd == $vyatta_epwd ]]; then
      change_password $user
-- 
cgit v1.2.3