[413] | 1 | #!/usr/bin/perl |
---|
| 2 | |
---|
| 3 | use strict; |
---|
| 4 | use warnings; |
---|
| 5 | use LATMOS::Accounts::Maintenance; |
---|
| 6 | use Getopt::Long; |
---|
| 7 | use Pod::Usage; |
---|
| 8 | use Term::ReadKey; |
---|
| 9 | use Crypt::RSA; |
---|
| 10 | |
---|
| 11 | =head1 NAME |
---|
| 12 | |
---|
| 13 | la-crypt-passwd - Tools to managed rsa crypted password in LATMOS Account system |
---|
| 14 | |
---|
| 15 | =head1 SYNOPSIS |
---|
| 16 | |
---|
[435] | 17 | la-crypt [--genkey|--regen] [--set BASE] |
---|
[413] | 18 | |
---|
| 19 | =cut |
---|
| 20 | |
---|
| 21 | GetOptions( |
---|
| 22 | 'c|config=s' => \my $config, |
---|
| 23 | 'help' => sub { pod2usage(0) }, |
---|
| 24 | 'genkey' => \my $genkey, |
---|
| 25 | 'regen' => \my $regen, |
---|
| 26 | 'set=s' => \my $set, |
---|
| 27 | ) or pod2usage(); |
---|
| 28 | |
---|
| 29 | =head1 OPTIONS |
---|
| 30 | |
---|
| 31 | =over 4 |
---|
| 32 | |
---|
| 33 | =item -c|--config configfile |
---|
| 34 | |
---|
| 35 | Use this cofngiuration file instead the default one |
---|
| 36 | |
---|
| 37 | =item --genkey |
---|
| 38 | |
---|
| 39 | Generate a RSA key and store it into database |
---|
| 40 | |
---|
| 41 | If one is already present, use regen to force generation of a new one |
---|
| 42 | |
---|
| 43 | =item --regen |
---|
| 44 | |
---|
| 45 | Like --genkey but a new key will replace the current one if already present. |
---|
| 46 | Stored password will be read and encrypted again using the new key. |
---|
| 47 | |
---|
| 48 | =item --set BASE |
---|
| 49 | |
---|
| 50 | Read password from database, decrypt it and then set it in BASE given as |
---|
| 51 | argument. |
---|
| 52 | |
---|
| 53 | =back |
---|
| 54 | |
---|
| 55 | =cut |
---|
| 56 | |
---|
| 57 | my $LA = LATMOS::Accounts::Maintenance->new($config); |
---|
| 58 | |
---|
| 59 | my $clear; |
---|
| 60 | |
---|
| 61 | sub get_clear_password { |
---|
| 62 | $clear and return $clear; |
---|
| 63 | my %encpasswd = $LA->get_rsa_password; |
---|
| 64 | scalar(keys %encpasswd) or return {}; |
---|
| 65 | ReadMode('noecho'); |
---|
| 66 | print "Enter password for current passphrase: "; |
---|
| 67 | my $password = ReadLine(0); |
---|
| 68 | ReadMode 0; |
---|
| 69 | print "\n"; |
---|
| 70 | my $private_key = $LA->private_key($password) or |
---|
| 71 | die "Cannot get private key\n"; |
---|
| 72 | my $rsa = new Crypt::RSA ES => 'PKCS1v15'; |
---|
| 73 | my %clear_passwd; |
---|
| 74 | foreach (keys %encpasswd) { |
---|
| 75 | my $clearp = $rsa->decrypt ( |
---|
| 76 | Cyphertext => $encpasswd{$_}, |
---|
| 77 | Key => $private_key, |
---|
| 78 | Armour => 1, |
---|
| 79 | ); |
---|
| 80 | if (defined $clearp) { |
---|
| 81 | $clear_passwd{$_} = $clearp; |
---|
| 82 | } else { |
---|
| 83 | warn "$_ :" . $rsa->errstr(); |
---|
| 84 | } |
---|
| 85 | } |
---|
| 86 | return \%clear_passwd; |
---|
| 87 | } |
---|
| 88 | |
---|
| 89 | if ($set) { |
---|
| 90 | if (!$LA->_base->get_global_value('rsa_private_key')) { |
---|
| 91 | warn "No rsa key found in database\n"; |
---|
| 92 | } |
---|
| 93 | my $destbase = $LA->base($set) or die "Cannot get base $set\n"; |
---|
| 94 | my $clearpasswd = get_clear_password(); |
---|
| 95 | foreach (keys %$clearpasswd) { |
---|
| 96 | my $obj = $destbase->get_object('user', $_) or do { |
---|
| 97 | warn "Cannot find user $_ in destination base, need sync ?\n"; |
---|
| 98 | next; |
---|
| 99 | }; |
---|
| 100 | $obj->set_password($clearpasswd->{$_}) and |
---|
| 101 | print "Password set for $_\n"; |
---|
| 102 | } |
---|
| 103 | $destbase->commit; |
---|
[434] | 104 | } elsif ($regen || $genkey) { |
---|
[413] | 105 | if ($LA->_base->get_global_value('rsa_private_key') && !$regen) { |
---|
| 106 | die <<EOF; |
---|
| 107 | A rsa key were found in database please use --regen to force a new key |
---|
| 108 | generation. Notice thiss will force decrypt current stored password to encypted |
---|
| 109 | it again |
---|
| 110 | EOF |
---|
| 111 | } |
---|
| 112 | |
---|
| 113 | my $clearpasswd = get_clear_password(); |
---|
| 114 | ReadMode('noecho'); |
---|
| 115 | print "Enter password for new passphrase: "; |
---|
| 116 | my $password = ReadLine(0); |
---|
| 117 | ReadMode 0; |
---|
| 118 | print "\n"; |
---|
| 119 | my ($public, $private) = $LA->generate_rsa_key($password); |
---|
| 120 | |
---|
| 121 | $LA->store_rsa_key($public, $private); |
---|
| 122 | my $base = $LA->_base; |
---|
| 123 | foreach (keys %$clearpasswd) { |
---|
| 124 | my $obj = $base->get_object('user', $_); |
---|
| 125 | $obj->set_password($clearpasswd->{$_}); |
---|
| 126 | } |
---|
| 127 | $base->commit; |
---|
[434] | 128 | } else { |
---|
| 129 | if ($LA->_base->get_global_value('rsa_private_key')) { |
---|
| 130 | my $clearpasswd = get_clear_password(); |
---|
| 131 | foreach (keys %$clearpasswd) { |
---|
| 132 | printf("%s: %s\n", $_, $clearpasswd->{$_}); |
---|
| 133 | } |
---|
| 134 | } else { |
---|
| 135 | warn "No rsa key found in database\n"; |
---|
| 136 | } |
---|
[413] | 137 | } |
---|