initial commit of file from CVS for smeserver-manager on Fri Mar 22 14:54:28 AEDT 2024

2024-03-22 14:54:28 +11:00
parent eed507434f
commit db139626ba
242 changed files with 25308 additions and 2 deletions
--- a/root/usr/share/smanager/script/secrets.pl
+++ b/root/usr/share/smanager/script/secrets.pl
@@ -0,0 +1,53 @@
+#! /bin/env perl
+
+# unshift secrets values
+# 3 secrets values (first one for encrypt, all 3 for decrypt)
+# new value added each day as first one
+
+use strict;
+use warnings;
+
+use esmith::ConfigDB;
+
+sub gen_pwd {
+    use MIME::Base64 qw(encode_base64);
+    my $p = "not set due to error";
+    if ( open( RANDOM, "/dev/urandom" ) ){
+        my $buf;
+        # 57 bytes is a full line of Base64 coding, and contains
+        # 456 bits of randomness - given a perfectly random /dev/random
+        if ( read( RANDOM, $buf, 57 ) != 57 ){
+            warn("Short read from /dev/random: $!");
+        } else {
+            $p = encode_base64($buf);
+            chomp $p;
+        }
+        close RANDOM;
+    } else {
+        warn "Could not open /dev/urandom: $!";
+    }
+    return $p;
+}
+
+my $cdb = esmith::ConfigDB->open() || die "Couldn't open config db";
+
+my $pwds = $cdb->get_prop('smanager','Secrets');
+
+if ( $pwds ){
+    my @secrets = split /,/, $pwds;
+    my $newpwd = gen_pwd();
+    if ( $newpwd ) {
+        $secrets[2] = $secrets[1] if ( $secrets[1] );
+	$secrets[1] = $secrets[0];
+	$secrets[0] = $newpwd;
+	my $secret = join ',', @secrets;
+        $cdb->get('smanager')->set_prop('Secrets', $secret);
+	#print("Secret values unshifted\n");
+    } else {
+	print("Secret generation error\n");
+    }
+} else {
+    print("Error while unshifting secrets values\n");
+}
+
+exit 0