smeserver-manager/root/usr/share/smanager/script/secrets.pl

#! /bin/env perl

# unshift secrets values
# 3 secrets values (first one for encrypt, all 3 for decrypt)
# new value added each day as first one

use strict;
use warnings;

use esmith::ConfigDB;

sub gen_pwd {
    use MIME::Base64 qw(encode_base64);
    my $p = "not set due to error";
    if ( open( RANDOM, "/dev/urandom" ) ){
        my $buf;
        # 57 bytes is a full line of Base64 coding, and contains
        # 456 bits of randomness - given a perfectly random /dev/random
        if ( read( RANDOM, $buf, 57 ) != 57 ){
            warn("Short read from /dev/random: $!");
        } else {
            $p = encode_base64($buf);
            chomp $p;
        }
        close RANDOM;
    } else {
        warn "Could not open /dev/urandom: $!";
    }
    return $p;
}

my $cdb = esmith::ConfigDB->open() || die "Couldn't open config db";

my $pwds = $cdb->get_prop('smanager','Secrets');

if ( $pwds ){
    my @secrets = split /,/, $pwds;
    my $newpwd = gen_pwd();
    if ( $newpwd ) {
        $secrets[2] = $secrets[1] if ( $secrets[1] );
	$secrets[1] = $secrets[0];
	$secrets[0] = $newpwd;
	my $secret = join ',', @secrets;
        $cdb->get('smanager')->set_prop('Secrets', $secret);
	#print("Secret values unshifted\n");
    } else {
	print("Secret generation error\n");
    }
} else {
    print("Error while unshifting secrets values\n");
}

exit 0
initial commit of file from CVS for smeserver-manager on Fri Mar 22 14:54:28 AEDT 2024 2024-03-22 04:54:28 +01:00			`#! /bin/env perl`

			`# unshift secrets values`
			`# 3 secrets values (first one for encrypt, all 3 for decrypt)`
			`# new value added each day as first one`

			`use strict;`
			`use warnings;`

			`use esmith::ConfigDB;`

			`sub gen_pwd {`
			`use MIME::Base64 qw(encode_base64);`
			`my $p = "not set due to error";`
			`if ( open( RANDOM, "/dev/urandom" ) ){`
			`my $buf;`
			`# 57 bytes is a full line of Base64 coding, and contains`
			`# 456 bits of randomness - given a perfectly random /dev/random`
			`if ( read( RANDOM, $buf, 57 ) != 57 ){`
			`warn("Short read from /dev/random: $!");`
			`} else {`
			`$p = encode_base64($buf);`
			`chomp $p;`
			`}`
			`close RANDOM;`
			`} else {`
			`warn "Could not open /dev/urandom: $!";`
			`}`
			`return $p;`
			`}`

			`my $cdb = esmith::ConfigDB->open() \|\| die "Couldn't open config db";`

			`my $pwds = $cdb->get_prop('smanager','Secrets');`

			`if ( $pwds ){`
			`my @secrets = split /,/, $pwds;`
			`my $newpwd = gen_pwd();`
			`if ( $newpwd ) {`
			`$secrets[2] = $secrets[1] if ( $secrets[1] );`
			`$secrets[1] = $secrets[0];`
			`$secrets[0] = $newpwd;`
			`my $secret = join ',', @secrets;`
			`$cdb->get('smanager')->set_prop('Secrets', $secret);`
			`#print("Secret values unshifted\n");`
			`} else {`
			`print("Secret generation error\n");`
			`}`
			`} else {`
			`print("Error while unshifting secrets values\n");`
			`}`

			`exit 0`