| 
									
										
										
										
											2024-03-22 14:54:28 +11:00
										 |  |  | #! /bin/env perl | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | # unshift secrets values | 
					
						
							|  |  |  | # 3 secrets values (first one for encrypt, all 3 for decrypt) | 
					
						
							|  |  |  | # new value added each day as first one | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | use strict; | 
					
						
							|  |  |  | use warnings; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-06-09 23:49:25 -04:00
										 |  |  | use esmith::ConfigDB::UTF8; | 
					
						
							| 
									
										
										
										
											2024-03-22 14:54:28 +11:00
										 |  |  | 
 | 
					
						
							|  |  |  | sub gen_pwd { | 
					
						
							|  |  |  |     use MIME::Base64 qw(encode_base64); | 
					
						
							|  |  |  |     my $p = "not set due to error"; | 
					
						
							|  |  |  |     if ( open( RANDOM, "/dev/urandom" ) ){ | 
					
						
							|  |  |  |         my $buf; | 
					
						
							|  |  |  |         # 57 bytes is a full line of Base64 coding, and contains | 
					
						
							|  |  |  |         # 456 bits of randomness - given a perfectly random /dev/random | 
					
						
							|  |  |  |         if ( read( RANDOM, $buf, 57 ) != 57 ){ | 
					
						
							|  |  |  |             warn("Short read from /dev/random: $!"); | 
					
						
							|  |  |  |         } else { | 
					
						
							|  |  |  |             $p = encode_base64($buf); | 
					
						
							|  |  |  |             chomp $p; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         close RANDOM; | 
					
						
							|  |  |  |     } else { | 
					
						
							|  |  |  |         warn "Could not open /dev/urandom: $!"; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |     return $p; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-06-09 23:49:25 -04:00
										 |  |  | my $cdb = esmith::ConfigDB::UTF8->open() || die "Couldn't open config db"; | 
					
						
							| 
									
										
										
										
											2024-03-22 14:54:28 +11:00
										 |  |  | 
 | 
					
						
							|  |  |  | my $pwds = $cdb->get_prop('smanager','Secrets'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | if ( $pwds ){ | 
					
						
							|  |  |  |     my @secrets = split /,/, $pwds; | 
					
						
							|  |  |  |     my $newpwd = gen_pwd(); | 
					
						
							|  |  |  |     if ( $newpwd ) { | 
					
						
							|  |  |  |         $secrets[2] = $secrets[1] if ( $secrets[1] ); | 
					
						
							|  |  |  | 	$secrets[1] = $secrets[0]; | 
					
						
							|  |  |  | 	$secrets[0] = $newpwd; | 
					
						
							|  |  |  | 	my $secret = join ',', @secrets; | 
					
						
							|  |  |  |         $cdb->get('smanager')->set_prop('Secrets', $secret); | 
					
						
							|  |  |  | 	#print("Secret values unshifted\n"); | 
					
						
							|  |  |  |     } else { | 
					
						
							|  |  |  | 	print("Secret generation error\n"); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | } else { | 
					
						
							|  |  |  |     print("Error while unshifting secrets values\n"); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | exit 0 |