#!/usr/bin/perl -wT # {{{ info # # putmpw.pl # # Created: 2003-05-29 by Andy Harrison # # putmpw.pl will reside on each server in the system for the purpose of # syncing the master.passwd file # # Usage: putmpw.pl --source # use when running on the source server # putmpw.pl --target # use when running on the target server # # $Id: putmpw.pl,v 1.8 2003/07/07 18:33:58 ajharrison Exp $ # # }}} # {{{ args $|++; use vars qw( $opt_source $opt_target $opt_v ); use Getopt::Long; GetOptions ( 'source' => \$opt_source, 'target' => \$opt_target, 'v!' => \$opt_v ); unless ( $opt_source || $opt_target ) { die "Arguments:\n\n Required:\n --source # use when running on the source server\n --target # use when running on the target server\n Optional:\n -v verbose\n "; } else { # }}} # {{{ modules/vars/handles use GnuPG::Interface; use IO::File; my $mpw = "master.passwd"; my $gpgmpw = "/root/master.passwd.asc"; # taint checking complained about insecure path $ENV{ 'PATH' } = "/usr/local/bin"; # }}} # {{{ main if ( $opt_target ) { # {{{ decrypt my $gnupg = GnuPG::Interface->new( passphrase => "" ); $gnupg->options->hash_init( armor => 1, homedir => '/root/.gnupg' ); # Note you can set the recipients even if you aren't encrypting! $gnupg->options->push_recipients( 'root@example.com' ); $gnupg->options->meta_interactive( 0 ); # Input file my $encrypted_pw_file = IO::File->new( "<$gpgmpw" ) || die "\n\nUnable to open encrypted master.passwd file. $!\n"; #Output file my $master_pw_file = IO::File->new( ">$mpw" ) || die "\n\nUnable to open master.passwd file. $!\n"; # This time we'll catch the standard error for our perusing # as well as passing in the passphrase manually # as well as the status information given by GnuPG my $handles = GnuPG::Handles->new( stdin => $encrypted_pw_file, stdout => $master_pw_file, #stderr => $error, #passphrase => $passphrase_fh, #status => $status_fh, ); $handles->options( 'stdin' ) -> { direct } = 1; $handles->options( 'stdout' ) -> { direct } = 1; # this sets up the communication my $pid = $gnupg->decrypt( handles => $handles ); # This passes in the passphrase, which is blank to use an empty # passphrase. Not the best idea, but you still can't extract the file # without access to the secret key in /root/.gnupg/ # this closes the communication channel, indicating we are done close $master_pw_file; close $encrypted_pw_file; waitpid $pid, 0; # clean up the finished GnuPG process # }}} } elsif ( $opt_source ) { # {{{ encrypt my $encrypted_file = IO::File->new( ">$gpgmpw" ) || die "\n\nUnable to open encrypted master.passwd file. $!\n"; my $mpw_file = IO::File->new( "<$mpw" ) || die "\n\nUnable to open master.passwd file. $!\n"; my $gnupg = GnuPG::Interface->new(); $gnupg->options->hash_init( armor => 1, homedir => '/root/.gnupg' ); $gnupg->options->push_recipients( 'root@example.com' ); $gnupg->options->meta_interactive( 0 ); #my @original_plaintext = <$mpw_file>; ##my $passphrase = "Three Little Pigs"; # We'll let the standard error of GnuPG pass through # to our own standard error, by not creating # a stderr-part of the $handles object. my $handles = GnuPG::Handles->new( stdin => $mpw_file, stdout => $encrypted_file #stderr => $error, #status => $status_fh ); # This is necessary for reading handles from an open file $handles->options( 'stdin' ) -> { direct } = 1; $handles->options( 'stdout' ) -> { direct } = 1; # this sets up the communication # Note that the recipients were specified earlier # in the 'options' data member of the $gnupg object. my $pid = $gnupg->encrypt( handles => $handles ); waitpid $pid, 0; # clean up the finished GnuPG process # }}} } } # }}}