1 | #!/usr/bin/perl |
---|
2 | |
---|
3 | use strict; |
---|
4 | use warnings; |
---|
5 | use LATMOS::Accounts::Maintenance; |
---|
6 | use Getopt::Long; |
---|
7 | use Pod::Usage; |
---|
8 | use Term::ReadKey; |
---|
9 | use Crypt::RSA; |
---|
10 | |
---|
11 | =head1 NAME |
---|
12 | |
---|
13 | la-crypt-passwd - Tools to managed rsa crypted password in LATMOS Account system |
---|
14 | |
---|
15 | =head1 SYNOPSIS |
---|
16 | |
---|
17 | la-crypt-passwd [options] [--genkey|--regen] [--set BASE] |
---|
18 | |
---|
19 | =cut |
---|
20 | |
---|
21 | GetOptions( |
---|
22 | 'c|config=s' => \my $config, |
---|
23 | 'help' => sub { pod2usage(0) }, |
---|
24 | 'genkey' => \my $genkey, |
---|
25 | 'regen' => \my $regen, |
---|
26 | 'set=s' => \my $set, |
---|
27 | ) or pod2usage(); |
---|
28 | |
---|
29 | =head1 OPTIONS |
---|
30 | |
---|
31 | =over 4 |
---|
32 | |
---|
33 | =item -c|--config configfile |
---|
34 | |
---|
35 | Use this configuration file instead of the default one. |
---|
36 | |
---|
37 | =item --genkey |
---|
38 | |
---|
39 | Generate a RSA key and store it into database |
---|
40 | |
---|
41 | If one is already present, use regen to force generation of a new one |
---|
42 | |
---|
43 | =item --regen |
---|
44 | |
---|
45 | Like --genkey but a new key will replace the current one if already present. |
---|
46 | Stored password will be read and encrypted again using the new key. |
---|
47 | |
---|
48 | =item --set BASE |
---|
49 | |
---|
50 | Read password from database, decrypt it and then set it in BASE given as |
---|
51 | argument. |
---|
52 | |
---|
53 | =back |
---|
54 | |
---|
55 | =cut |
---|
56 | |
---|
57 | my $LA = LATMOS::Accounts::Maintenance->new($config); |
---|
58 | $LA->wexported(1); |
---|
59 | |
---|
60 | my $clear; |
---|
61 | |
---|
62 | sub get_clear_password { |
---|
63 | $clear and return $clear; |
---|
64 | my %encpasswd = $LA->get_rsa_password; |
---|
65 | scalar(keys %encpasswd) or return {}; |
---|
66 | ReadMode('noecho'); |
---|
67 | print "Enter password for current passphrase: "; |
---|
68 | my $password = ReadLine(0); |
---|
69 | ReadMode 0; |
---|
70 | print "\n"; |
---|
71 | my $private_key = $LA->private_key($password) or |
---|
72 | die "Cannot get private key\n"; |
---|
73 | my $rsa = new Crypt::RSA ES => 'PKCS1v15'; |
---|
74 | my %clear_passwd; |
---|
75 | foreach (keys %encpasswd) { |
---|
76 | my $clearp = $rsa->decrypt ( |
---|
77 | Cyphertext => $encpasswd{$_}, |
---|
78 | Key => $private_key, |
---|
79 | Armour => 1, |
---|
80 | ); |
---|
81 | if (defined $clearp) { |
---|
82 | $clear_passwd{$_} = $clearp; |
---|
83 | } else { |
---|
84 | warn "$_ :" . $rsa->errstr(); |
---|
85 | } |
---|
86 | } |
---|
87 | return \%clear_passwd; |
---|
88 | } |
---|
89 | |
---|
90 | if ($set) { |
---|
91 | if (!$LA->_base->get_global_value('rsa_private_key')) { |
---|
92 | warn "No rsa key found in database\n"; |
---|
93 | } |
---|
94 | my $destbase = $LA->base($set) or die "Cannot get base $set\n"; |
---|
95 | my $clearpasswd = get_clear_password(); |
---|
96 | foreach (keys %$clearpasswd) { |
---|
97 | my $obj = $destbase->get_object('user', $_) or do { |
---|
98 | warn "Cannot find user $_ in destination base, need sync ?\n"; |
---|
99 | next; |
---|
100 | }; |
---|
101 | $obj->set_password($clearpasswd->{$_}) and |
---|
102 | print "Password set for $_\n"; |
---|
103 | } |
---|
104 | $destbase->commit; |
---|
105 | } elsif ($regen || $genkey) { |
---|
106 | if ($LA->_base->get_global_value('rsa_private_key') && !$regen) { |
---|
107 | die <<EOF; |
---|
108 | A rsa key were found in database please use --regen to force a new key |
---|
109 | generation. Notice thiss will force decrypt current stored password to encypted |
---|
110 | it again |
---|
111 | EOF |
---|
112 | } |
---|
113 | |
---|
114 | my $clearpasswd = get_clear_password(); |
---|
115 | ReadMode('noecho'); |
---|
116 | print "Enter password for new passphrase: "; |
---|
117 | my $password = ReadLine(0); |
---|
118 | ReadMode 0; |
---|
119 | print "\n"; |
---|
120 | my ($public, $private) = $LA->generate_rsa_key($password); |
---|
121 | |
---|
122 | $LA->store_rsa_key($public, $private); |
---|
123 | my $base = $LA->_base; |
---|
124 | $base->wexported(1); |
---|
125 | foreach (keys %$clearpasswd) { |
---|
126 | my $obj = $base->get_object('user', $_); |
---|
127 | $obj->set_password($clearpasswd->{$_}); |
---|
128 | } |
---|
129 | $base->commit; |
---|
130 | } else { |
---|
131 | if ($LA->_base->get_global_value('rsa_private_key')) { |
---|
132 | my $clearpasswd = get_clear_password(); |
---|
133 | foreach (keys %$clearpasswd) { |
---|
134 | printf("%s: %s\n", $_, $clearpasswd->{$_}); |
---|
135 | } |
---|
136 | } else { |
---|
137 | warn "No rsa key found in database\n"; |
---|
138 | } |
---|
139 | } |
---|