2020-10-16 00:32:37 +08:00
|
|
|
#! /usr/bin/env perl
|
|
|
|
|
# vim: set filetype=perl ts=4 sw=4 sts=4 et:
|
|
|
|
|
use common::sense;
|
|
|
|
|
|
|
|
|
|
use File::Basename;
|
|
|
|
|
use lib dirname(__FILE__) . '/../../../lib/perl';
|
|
|
|
|
use OVH::Result;
|
|
|
|
|
use OVH::Bastion;
|
|
|
|
|
use OVH::Bastion::Plugin qw( :DEFAULT help );
|
|
|
|
|
use OVH::Bastion::Plugin::generatePassword;
|
|
|
|
|
|
|
|
|
|
my $remainingOptions = OVH::Bastion::Plugin::begin(
|
|
|
|
|
argv => \@ARGV,
|
|
|
|
|
header => "generating a new egress password for your account",
|
|
|
|
|
options => {
|
|
|
|
|
"size=i" => \my $size,
|
|
|
|
|
"do-it" => \my $doIt,
|
|
|
|
|
},
|
|
|
|
|
helptext => <<'EOF'
|
|
|
|
|
Generate a new egress password for your account
|
|
|
|
|
|
|
|
|
|
Usage: --osh SCRIPT_NAME [--size SIZE] --do-it
|
|
|
|
|
|
|
|
|
|
--size SIZE Specify the number of characters of the password to generate
|
|
|
|
|
--do-it Required for the password to actually be generated, BEWARE: please read the note below
|
|
|
|
|
|
|
|
|
|
This plugin generates a new egress password to be used for ssh or telnet
|
|
|
|
|
|
|
|
|
|
NOTE: this is only needed for devices that don't support key-based SSH,
|
|
|
|
|
in most cases you should ignore this command completely, unless you
|
|
|
|
|
know that devices you need to access only support telnet or password-based SSH.
|
|
|
|
|
|
|
|
|
|
BEWARE: once a new password is generated this way, it'll be set as the new
|
|
|
|
|
egress password to use right away for your account, for any access that requires it.
|
|
|
|
|
A fallback mechanism exists that will auto-try the previous password if this one
|
|
|
|
|
doesn't work, but please ensure that this new password is deployed on the remote
|
|
|
|
|
devices as soon as possible.
|
|
|
|
|
EOF
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
# code
|
|
|
|
|
my $fnret;
|
|
|
|
|
|
|
|
|
|
$size = 16 if not defined $size;
|
|
|
|
|
|
2022-06-30 21:00:29 +08:00
|
|
|
$fnret = OVH::Bastion::Plugin::generatePassword::preconditions(
|
|
|
|
|
self => $self,
|
|
|
|
|
context => 'account',
|
|
|
|
|
account => $self,
|
|
|
|
|
size => $size
|
|
|
|
|
);
|
2020-10-16 00:32:37 +08:00
|
|
|
$fnret or osh_exit($fnret);
|
|
|
|
|
|
|
|
|
|
# get returned untainted value
|
|
|
|
|
$self = $fnret->value->{'account'};
|
|
|
|
|
|
|
|
|
|
$fnret = OVH::Bastion::plugin_config(plugin => $scriptName, key => "minPasswordSize");
|
|
|
|
|
if ($fnret && $fnret->value && $size < $fnret->value) {
|
2022-06-30 21:00:29 +08:00
|
|
|
osh_exit('ERR_INVALID_PARAMETER',
|
|
|
|
|
"The minimum allowed password size defined by policy is "
|
|
|
|
|
. $fnret->value
|
|
|
|
|
. " characters, you asked only $size");
|
2020-10-16 00:32:37 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (not $doIt) {
|
|
|
|
|
help();
|
|
|
|
|
osh_exit('ERR_MISSING_PARAMETER', "Missing mandatory parameter: please read the BEWARE note above.");
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-30 21:00:29 +08:00
|
|
|
$fnret =
|
|
|
|
|
OVH::Bastion::Plugin::generatePassword::act(self => $self, context => 'account', account => $self, size => $size);
|
2020-10-16 00:32:37 +08:00
|
|
|
$fnret or osh_exit($fnret);
|
|
|
|
|
|
|
|
|
|
osh_info "Generated a new password of length $size for your account, $self, hashes follow:";
|
|
|
|
|
osh_info "md5crypt: " . $fnret->value->{'hashes'}{'md5crypt'} . "\n";
|
|
|
|
|
osh_info "sha256crypt: " . $fnret->value->{'hashes'}{'sha256crypt'} . "\n";
|
|
|
|
|
osh_info "sha512crypt: " . $fnret->value->{'hashes'}{'sha512crypt'} . "\n";
|
|
|
|
|
osh_info "This new password will now be used by default.";
|
|
|
|
|
osh_exit $fnret;
|
