54 lines
1.3 KiB
Perl
54 lines
1.3 KiB
Perl
#! /bin/env perl
|
|
|
|
# unshift secrets values
|
|
# 3 secrets values (first one for encrypt, all 3 for decrypt)
|
|
# new value added each day as first one
|
|
|
|
use strict;
|
|
use warnings;
|
|
|
|
use esmith::ConfigDB;
|
|
|
|
sub gen_pwd {
|
|
use MIME::Base64 qw(encode_base64);
|
|
my $p = "not set due to error";
|
|
if ( open( RANDOM, "/dev/urandom" ) ){
|
|
my $buf;
|
|
# 57 bytes is a full line of Base64 coding, and contains
|
|
# 456 bits of randomness - given a perfectly random /dev/random
|
|
if ( read( RANDOM, $buf, 57 ) != 57 ){
|
|
warn("Short read from /dev/random: $!");
|
|
} else {
|
|
$p = encode_base64($buf);
|
|
chomp $p;
|
|
}
|
|
close RANDOM;
|
|
} else {
|
|
warn "Could not open /dev/urandom: $!";
|
|
}
|
|
return $p;
|
|
}
|
|
|
|
my $cdb = esmith::ConfigDB->open() || die "Couldn't open config db";
|
|
|
|
my $pwds = $cdb->get_prop('smanager','Secrets');
|
|
|
|
if ( $pwds ){
|
|
my @secrets = split /,/, $pwds;
|
|
my $newpwd = gen_pwd();
|
|
if ( $newpwd ) {
|
|
$secrets[2] = $secrets[1] if ( $secrets[1] );
|
|
$secrets[1] = $secrets[0];
|
|
$secrets[0] = $newpwd;
|
|
my $secret = join ',', @secrets;
|
|
$cdb->get('smanager')->set_prop('Secrets', $secret);
|
|
#print("Secret values unshifted\n");
|
|
} else {
|
|
print("Secret generation error\n");
|
|
}
|
|
} else {
|
|
print("Error while unshifting secrets values\n");
|
|
}
|
|
|
|
exit 0
|