smeserver/smeserver-manager
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
smeserver-manager/root/usr/share/smanager/script/secrets.pl
Jean-Philippe Pialasse c85022c49e * Mon Jun 09 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-87.sme 
- add datetime getYear_list [SME: 13031]
- use esmith::*DB::UTF8 to access db flat files [SME: 13027]
2025-06-09 23:49:25 -04:00

54 lines
1.3 KiB
Perl
Raw Blame History

#! /bin/env perl
# unshift secrets values
# 3 secrets values (first one for encrypt, all 3 for decrypt)
# new value added each day as first one
use strict;
use warnings;
use esmith::ConfigDB::UTF8;
sub gen_pwd {
use MIME::Base64 qw(encode_base64);
my $p = "not set due to error";
if ( open( RANDOM, "/dev/urandom" ) ){
my $buf;
# 57 bytes is a full line of Base64 coding, and contains
# 456 bits of randomness - given a perfectly random /dev/random
if ( read( RANDOM, $buf, 57 ) != 57 ){
warn("Short read from /dev/random: $!");
} else {
$p = encode_base64($buf);
chomp $p;
}
close RANDOM;
} else {
warn "Could not open /dev/urandom: $!";
}
return $p;
}
my $cdb = esmith::ConfigDB::UTF8->open() || die "Couldn't open config db";
my $pwds = $cdb->get_prop('smanager','Secrets');
if ( $pwds ){
my @secrets = split /,/, $pwds;
my $newpwd = gen_pwd();
if ( $newpwd ) {
$secrets[2] = $secrets[1] if ( $secrets[1] );
$secrets[1] = $secrets[0];
$secrets[0] = $newpwd;
my $secret = join ',', @secrets;
$cdb->get('smanager')->set_prop('Secrets', $secret);
#print("Secret values unshifted\n");
} else {
print("Secret generation error\n");
}
} else {
print("Error while unshifting secrets values\n");
}
exit 0
View Git Blame Copy Permalink