smeserver-manager/root/usr/share/smanager/script/secrets.pl

54 lines
1.3 KiB
Perl
Raw Permalink Normal View History

#! /bin/env perl
# unshift secrets values
# 3 secrets values (first one for encrypt, all 3 for decrypt)
# new value added each day as first one
use strict;
use warnings;
use esmith::ConfigDB;
sub gen_pwd {
use MIME::Base64 qw(encode_base64);
my $p = "not set due to error";
if ( open( RANDOM, "/dev/urandom" ) ){
my $buf;
# 57 bytes is a full line of Base64 coding, and contains
# 456 bits of randomness - given a perfectly random /dev/random
if ( read( RANDOM, $buf, 57 ) != 57 ){
warn("Short read from /dev/random: $!");
} else {
$p = encode_base64($buf);
chomp $p;
}
close RANDOM;
} else {
warn "Could not open /dev/urandom: $!";
}
return $p;
}
my $cdb = esmith::ConfigDB->open() || die "Couldn't open config db";
my $pwds = $cdb->get_prop('smanager','Secrets');
if ( $pwds ){
my @secrets = split /,/, $pwds;
my $newpwd = gen_pwd();
if ( $newpwd ) {
$secrets[2] = $secrets[1] if ( $secrets[1] );
$secrets[1] = $secrets[0];
$secrets[0] = $newpwd;
my $secret = join ',', @secrets;
$cdb->get('smanager')->set_prop('Secrets', $secret);
#print("Secret values unshifted\n");
} else {
print("Secret generation error\n");
}
} else {
print("Error while unshifting secrets values\n");
}
exit 0