#!/bin/sh #---------------------------------------------------------------------------- # /var/install/bin/mariadb-tools-userpass - change Admin and User password # # Creation: 2004-06-09 jv # Last Update: $Id$ # # Copyright (c) 2004 Jens Vehlhaber, jvehlhaber(at)buchenwald(dot)de # Copyright (c) 2012-@@YEAR@@ Holger Bruenjes, holgerbruenjes(at)gmx(dot)net # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. #---------------------------------------------------------------------------- #include eislib . /var/install/include/eislib # include passwdlib . /var/lib/mariadb/passwdlib # include config . /etc/config.d/mariadb #debug=true if ${debug:-false} then exec 2>/tmp/$(basename ${0})-trace$$.log set -x ask_debug=true export ask_debug fi # --------------------------------------------------------------------------- # defaults # --------------------------------------------------------------------------- get_defaults() { # default values . /var/lib/mysql/defaults.info run_user=mysql mysql_backupdir=${MARIADB_BACKUP_TARGET:-/var/lib/mysql_backup} admin_user='root' admin_pass='' # handling for old passwords, if required old_passwd='no' old_passwd_entry='' ask_passwd='o=OldPassword' interactive='true' password='' user_name='' PasswordParam='' MKTEMP=/bin/mktemp CAT=/bin/cat RM=/bin/rm ASK=/var/install/bin/ask } # --------------------------------------------------------------------------- # check status and access of MariaDB/MySQL Database # --------------------------------------------------------------------------- check_status() { if [ ! -f ${mysql_pid_file} ] then logger -t 'MariaDB/MYSQL-backup' 'Error MariaDB/MySQL Server not running' exit 1 fi ${mysql_basedir}/mysqladmin status >/dev/null 2>&1 if [ "${?}" -ne 0 ] then # set root password /var/install/bin/mariadb-tools-userpass -nu=root fi } # --------------------------------------------------------------------------- # show password setting # --------------------------------------------------------------------------- show_passwd_setting() { clrhome mecho --info "Change password for MariaDB/MySQL user" echo mecho -n --info "Current password setting: " mecho -n "Old Password style = " mecho "${old_passwd}" } # --------------------------------------------------------------------------- # get username # --------------------------------------------------------------------------- get_username() { show_passwd_setting _user=$(${mysql_basedir}/mysql \ -D mysql \ -u root ${PasswordParam} \ --skip-column-names \ -e "SELECT user FROM user ;" | sort -u) echo techo --begin '3 4r 1 18' techo --row "" No "" user echo idx=1 echo "${_user}" | while read user do techo --row "" "${idx}." "" "${user}" idx=$(/usr/bin/expr ${idx} + 1) done techo --end echo echo _ask_tmpfile=$( ${MKTEMP} -t .XXXXXXXXXXXXX ) ${ASK} "Select" "" "1-$(echo "${_user}" | wc -l)" "${ask_passwd}" "^$=Return" "0=Exit" >${_ask_tmpfile} rc=${?} read _user_change < ${_ask_tmpfile} ${RM} -f ${_ask_tmpfile} if [ ${rc} = 255 ] then _user_change=0 fi case ${_user_change} in '') exit 0 ;; 0) exit 127 ;; o|O) ask_passwd='n=NewPasswd' old_passwd='yes' old_passwd_entry='OLD_' echo mecho --warn 'Please, use Old Password style only' mecho --warn 'if you sure what you are doing.' echo anykey get_username ;; n|N) ask_passwd='o=OldPasswd' old_passwd='no' old_passwd_entry='' get_username ;; *) # get action line user_name="$(echo "${_user}" | sed -n "${_user_change}p" | sed 's/^ *//')" echo mecho -n --info "Selected user " mecho "'${user_name}'" ;; esac } # --------------------------------------------------------------------------- # check if there is a root password required # --------------------------------------------------------------------------- check_for_root_pw() { ${mysql_basedir}/mysqladmin \ -u root $PasswordParam status >/dev/null 2>&1 if [ ${?} -eq 1 ] then echo if [ "${user_name}" = "root" ] then _old="old " fi echo _ask_tmpfile=$(${MKTEMP} -t .XXXXXXXXXXXXX) ${ASK} "MariaDB/MySQL ${_old}root password required:" "" "+hidden+" >${_ask_tmpfile} rc=${?} read RootPassword < ${_ask_tmpfile} ${RM} -f ${_ask_tmpfile} # if ask break, ask returned 255 if [ ${rc} = 255 ] then exit 127 fi echo PasswordParam="-p${RootPassword}" fi } # --------------------------------------------------------------------------- # check if user exists # --------------------------------------------------------------------------- check_user() { _check_user=$(${mysql_basedir}/mysql \ -D mysql \ -u root ${PasswordParam} \ -e "SELECT user FROM user WHERE user='${user_name}';") if [ -z "${_check_user}" ] then mecho --error "No user ${user_name} found!" exit 1 fi } # --------------------------------------------------------------------------- # get password # --------------------------------------------------------------------------- get_password() { if [ -f /usr/bin/pwgen ] then _ask_tmpfile=$(${MKTEMP} -t .XXXXXXXXXXXXX) ${ASK} "Create password with pwgen" "yes" >${_ask_tmpfile} rc=${?} read _passwd_pwgen < ${_ask_tmpfile} ${RM} -f ${_ask_tmpfile} if [ ${rc} = 255 ] then exit 127 fi fi if [ "${_passwd_pwgen:-no}" = "yes" ] then # entry in passwdlib # create password # pwgen --help # return password get_pwgen_passwd else # entry in passwdlib # get password from cmdline get_passwd --check fi } # --------------------------------------------------------------------------- # send mail # --------------------------------------------------------------------------- send_mail() { _ask_tmpfile=$( ${MKTEMP} -t .XXXXXXXXXXXXX ) echo 'Send e-mail with [ENTER] to the given user' ${ASK} 'or type in the address:' "${user_name}" "*" > ${_ask_tmpfile} rc=${?} read _send_mail < ${_ask_tmpfile} ${RM} -f ${_ask_tmpfile} if [ ${rc} = 255 ] then exit 127 fi # entry in passwdlib send_passwd --user ${user_name} \ --realm MariaDB \ --passwd ${password} \ --mail ${_send_mail:-root} \ --sender ${MARIADB_SEND_MAIL_FROM:-root} } # --------------------------------------------------------------------------- # change password # --------------------------------------------------------------------------- change_password() { ${mysql_basedir}/mysql \ -D mysql \ -u root ${PasswordParam} \ -e "update user set password=${old_passwd_entry}PASSWORD('${password}') \ where user='${user_name}'; \ flush privileges;" if [ ${?} -eq 0 ] then if ${interactive:-true} then mecho --info "done" fi if [ "${user_name}" = "root" ] then cat > /root/.my.cnf < ${mysql_datadir}/backup.pwd chmod 0600 ${mysql_datadir}/backup.pwd chown root:${run_user} ${mysql_datadir}/backup.pwd elif [ -n "${MARIADB_SEND_MAIL_FROM}" -a "${user_name}" != "root" ] then send_mail fi fi } # --------------------------------------------------------------------------- # get parameter # --------------------------------------------------------------------------- get_parameter() { while [ ${#} -ne 0 ] do case "${1}" in -nu=*) interactive='false' user_name=$(echo "${1}" | sed -e 's;-nu=;;') shift ;; -np=*) interactive='false' password=$(echo "${1}" | sed -e 's;-np=;;') shift ;; -u=*) interactive='false' admin_user=$(echo "${1}" | sed -e 's;-u=;;') shift ;; -p=*) interactive='false' passwd=$(echo "${1}" | sed -e 's;-p=;;') if [ -n "${passwd}" ] then PasswordParam="-p${passwd}" fi shift ;; *) echo "Unknown argument '${1}'" exit 1 ;; esac done } # --------------------------------------------------------------------------- # main # --------------------------------------------------------------------------- main() { param=${1} get_defaults get_parameter ${param} if [ "${user_name}" != "root" ] then check_status fi if [ -z "${user_name}" ] then get_username fi check_for_root_pw if [ "${user_name}" != "root" ] then check_user fi if [ -z "${password}" ] then get_password fi change_password if ${interactive:-true} then echo anykey fi exit 0 } # --------------------------------------------------------------------------- # call function main # --------------------------------------------------------------------------- main "${@}" # --------------------------------------------------------------------------- # end # ---------------------------------------------------------------------------