110 lines
2.8 KiB
Perl
110 lines
2.8 KiB
Perl
|
#!/usr/bin/perl
|
||
|
|
#
|
||
|
|
# bin/upgrading/gen-secrets.pl
|
||
|
|
#
|
||
|
|
# This script can generate items for %LJ::SECRETS
|
||
|
|
#
|
||
|
|
# Authors:
|
||
|
|
# Andrea Nall <anall@andreanall.com>
|
||
|
|
#
|
||
|
|
# Copyright (c) 2011 by Dreamwidth Studios, LLC.
|
||
|
|
#
|
||
|
|
# This program is free software; you may redistribute it and/or modify it under
|
||
|
|
# the same terms as Perl itself. For a copy of the license, please reference
|
||
|
|
# 'perldoc perlartistic' or 'perldoc perlgpl'.
|
||
|
|
#
|
||
|
|
use strict;
|
||
|
|
use Getopt::Long;
|
||
|
|
use POSIX;
|
||
|
|
use Data::Dumper;
|
||
|
|
|
||
|
|
BEGIN { require "$ENV{LJHOME}/cgi-bin/ljlib.pl"; }
|
||
|
|
|
||
|
|
my $tv = system('openssl version >/dev/null 2>/dev/null');
|
||
|
|
die "OpenSSL command line not found" if $tv;
|
||
|
|
|
||
|
|
sub usage {
|
||
|
|
die "Usage: gen-secrets.pl BLAH";
|
||
|
|
}
|
||
|
|
|
||
|
|
my $regen = 0;
|
||
|
|
my $no_rec = 0;
|
||
|
|
|
||
|
|
usage() unless GetOptions(
|
||
|
|
'regen' => \$regen,
|
||
|
|
'required' => \$no_rec,
|
||
|
|
);
|
||
|
|
|
||
|
|
my %sec_use;
|
||
|
|
%sec_use = %LJ::SECRETS unless $regen;
|
||
|
|
|
||
|
|
my %sec_out;
|
||
|
|
|
||
|
|
foreach my $secret ( sort keys %LJ::Secrets::secret ) {
|
||
|
|
my $def = $LJ::Secrets::secret{$secret};
|
||
|
|
|
||
|
|
next if defined $sec_use{$secret} && $sec_use{$secret};
|
||
|
|
next if $no_rec && !$def->{required};
|
||
|
|
|
||
|
|
if ( $def->{max_len} && $def->{min_len} && $def->{max_len} < $def->{min_len} ) {
|
||
|
|
warn "Invalid required length specifications ( max < min ) for '$secret'.\n";
|
||
|
|
next;
|
||
|
|
}
|
||
|
|
|
||
|
|
if ( $def->{rec_max_len} && $def->{rec_min_len} && $def->{rec_max_len} < $def->{rec_min_len} ) {
|
||
|
|
warn "Invalid recommended length specifications ( max < min ) for '$secret'.\n";
|
||
|
|
next;
|
||
|
|
}
|
||
|
|
|
||
|
|
my $req_len = $def->{len} || $def->{max_len} || $def->{min_len};
|
||
|
|
my $len = $req_len || $def->{rec_len} || $def->{rec_max_len} || $def->{rec_min_len};
|
||
|
|
|
||
|
|
if ( $len < 0 ) {
|
||
|
|
warn "Length for '$secret' is less then 0";
|
||
|
|
next;
|
||
|
|
}
|
||
|
|
|
||
|
|
my $gen_len = ceil( $len / 2 );
|
||
|
|
my $data = substr( `openssl rand -hex $gen_len`, 0, $len );
|
||
|
|
chomp $data;
|
||
|
|
die "Unable to get $len bytes of data from OpenSSL\n"
|
||
|
|
if length($data) < $len;
|
||
|
|
|
||
|
|
$sec_out{$secret} = $data;
|
||
|
|
}
|
||
|
|
|
||
|
|
unless (%sec_out) {
|
||
|
|
print "Your secrets are up to date.\n";
|
||
|
|
exit;
|
||
|
|
}
|
||
|
|
|
||
|
|
if ( !%LJ::SECRETS ) {
|
||
|
|
print "\nPlease add the following section to your etc/config-private.pl file,\n";
|
||
|
|
print "inside the LJ package:\n\n";
|
||
|
|
print "%LJ::SECRETS = (\n";
|
||
|
|
}
|
||
|
|
else {
|
||
|
|
print "\nPlease add or replace the following sections in LJ::SECRETS in your config\n";
|
||
|
|
print "file (probably etc/config-private.pl):\n\n";
|
||
|
|
}
|
||
|
|
|
||
|
|
foreach my $secret ( sort keys %sec_out ) {
|
||
|
|
my $value = $sec_out{$secret};
|
||
|
|
|
||
|
|
# FIXME: There has to be a better way to do this.
|
||
|
|
$value =~ s/\\/\\\\/g;
|
||
|
|
$value =~ s/'/\\'/g;
|
||
|
|
|
||
|
|
if ( $secret =~ m/^[a-zA-Z0-9_]+$/ ) {
|
||
|
|
print " $secret => '$value',\n";
|
||
|
|
}
|
||
|
|
else {
|
||
|
|
$secret =~ s/\\/\\\\/g;
|
||
|
|
$secret =~ s/'/\\'/g;
|
||
|
|
print " '$secret' => '$value',\n";
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
print ");\n" unless %LJ::SECRETS;
|
||
|
|
print "\n";
|