security: fail to start if using the old default password

FrankAnk · Apr 6, 2020 · 768b6c4 · 768b6c4
1 parent 40cadf5
commit 768b6c4
Show file tree

Hide file tree

Showing 5 changed files with 57 additions and 0 deletions.
diff --git a/jibri/rootfs/etc/cont-init.d/10-config b/jibri/rootfs/etc/cont-init.d/10-config
@@ -5,6 +5,18 @@ if [[ -z $JIBRI_RECORDER_PASSWORD || -z $JIBRI_XMPP_PASSWORD ]]; then
     exit 1
 fi
 
+OLD_JIBRI_RECORDER_PASSWORD=passw0rd
+if [[ "$JIBRI_RECORDER_PASSWORD" == "$OLD_JIBRI_RECORDER_PASSWORD" ]]; then
+    echo 'FATAL ERROR: Jibri recorder password must be changed, check the README'
+    exit 1
+fi
+
+OLD_JIBRI_XMPP_PASSWORD=passw0rd
+if [[ "$JIBRI_XMPP_PASSWORD" == "$OLD_JIBRI_XMPP_PASSWORD" ]]; then
+    echo 'FATAL ERROR: Jibri auth password must be changed, check the README'
+    exit 1
+fi
+
 # DISPLAY is necessary for start
 [ -z "${DISPLAY}" ] \
 && ( echo -e "\e[31mERROR: Please set DISPLAY variable.\e[39m"; kill 1; exit 1 )

diff --git a/jicofo/rootfs/etc/cont-init.d/10-config b/jicofo/rootfs/etc/cont-init.d/10-config
@@ -5,6 +5,18 @@ if [[ -z $JICOFO_COMPONENT_SECRET || -z $JICOFO_AUTH_PASSWORD ]]; then
     exit 1
 fi
 
+OLD_JICOFO_COMPONENT_SECRET=s3cr37
+if [[ "$JICOFO_COMPONENT_SECRET" == "$OLD_JICOFO_COMPONENT_SECRET" ]]; then
+    echo 'FATAL ERROR: Jicofo component secret must be changed, check the README'
+    exit 1
+fi
+
+OLD_JICOFO_AUTH_PASSWORD=passw0rd
+if [[ "$JICOFO_AUTH_PASSWORD" == "$OLD_JICOFO_AUTH_PASSWORD" ]]; then
+    echo 'FATAL ERROR: Jicofo auth password must be changed, check the README'
+    exit 1
+fi
+
 if [[ ! -f /config/sip-communicator.properties ]]; then
     tpl /defaults/sip-communicator.properties > /config/sip-communicator.properties
 fi

diff --git a/jigasi/rootfs/etc/cont-init.d/10-config b/jigasi/rootfs/etc/cont-init.d/10-config
@@ -5,6 +5,12 @@ if [[ -z $JIGASI_XMPP_PASSWORD ]]; then
     exit 1
 fi
 
+OLD_JIGASI_XMPP_PASSWORD=passw0rd
+if [[ "$JIGASI_XMPP_PASSWORD" == "$OLD_JIGASI_XMPP_PASSWORD" ]]; then
+    echo 'FATAL ERROR: Jigasi auth password must be changed, check the README'
+    exit 1
+fi
+
 if [[ ! -f /config/sip-communicator.properties ]]; then
     tpl /defaults/sip-communicator.properties > /config/sip-communicator.properties
 fi

diff --git a/jvb/rootfs/etc/cont-init.d/10-config b/jvb/rootfs/etc/cont-init.d/10-config
@@ -5,6 +5,12 @@ if [[ -z $JVB_AUTH_PASSWORD ]]; then
     exit 1
 fi
 
+OLD_JVB_AUTH_PASSWORD=passw0rd
+if [[ "$JVB_AUTH_PASSWORD" == "$OLD_JVB_AUTH_PASSWORD" ]]; then
+    echo 'FATAL ERROR: JVB auth password must be changed, check the README'
+    exit 1
+fi
+
 if [[ ! -f /config/sip-communicator.properties ]]; then
     tpl /defaults/sip-communicator.properties > /config/sip-communicator.properties
 fi

diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config
@@ -46,17 +46,38 @@ if [[ ! -f $PROSODY_CFG ]]; then
         exit 1
     fi
 
+    OLD_JVB_AUTH_PASSWORD=passw0rd
+    if [[ "$JVB_AUTH_PASSWORD" == "$OLD_JVB_AUTH_PASSWORD" ]]; then
+        echo 'FATAL ERROR: JVB auth password must be changed, check the README'
+        exit 1
+    fi
+
     prosodyctl --config $PROSODY_CFG register $JVB_AUTH_USER $XMPP_AUTH_DOMAIN $JVB_AUTH_PASSWORD
 
     if [[ ! -z $JIBRI_XMPP_USER ]] && [[ ! -z $JIBRI_XMPP_PASSWORD ]]; then
+        OLD_JIBRI_XMPP_PASSWORD=passw0rd
+        if [[ "$JIBRI_XMPP_PASSWORD" == "$OLD_JIBRI_XMPP_PASSWORD" ]]; then
+            echo 'FATAL ERROR: Jibri auth password must be changed, check the README'
+            exit 1
+        fi
         prosodyctl --config $PROSODY_CFG register $JIBRI_XMPP_USER $XMPP_AUTH_DOMAIN $JIBRI_XMPP_PASSWORD
     fi
 
     if [[ ! -z $JIBRI_RECORDER_USER ]] && [[ ! -z $JIBRI_RECORDER_PASSWORD ]]; then
+        OLD_JIBRI_RECORDER_PASSWORD=passw0rd
+        if [[ "$JIBRI_RECORDER_PASSWORD" == "$OLD_JIBRI_RECORDER_PASSWORD" ]]; then
+            echo 'FATAL ERROR: Jibri recorder password must be changed, check the README'
+            exit 1
+        fi
         prosodyctl --config $PROSODY_CFG register $JIBRI_RECORDER_USER $XMPP_RECORDER_DOMAIN $JIBRI_RECORDER_PASSWORD
     fi
 
     if [[ ! -z $JIGASI_XMPP_USER ]] && [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then
+        OLD_JIGASI_XMPP_PASSWORD=passw0rd
+        if [[ "$JIGASI_XMPP_PASSWORD" == "$OLD_JIGASI_XMPP_PASSWORD" ]]; then
+            echo 'FATAL ERROR: Jigasi auth password must be changed, check the README'
+            exit 1
+        fi
         prosodyctl --config $PROSODY_CFG register $JIGASI_XMPP_USER $XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD
     fi
 fi