projects / snf-image / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix a Windows security risk
[snf-image] / snf-image-helper / tasks / 50ChangePassword.in
1 #! /bin/bash
2
3 ### BEGIN TASK INFO
4 # Provides:             ChangePassword
5 # RunBefore:            UmountImage
6 # RunAfter:             InstallUnattend
7 # Short-Description:    Changes Password for specified users
8 ### END TASK INFO
9
10 set -e
11 . "@commondir@/common.sh"
12
13 windows_password() {
14     local target="$1"
15     local password="$2"
16
17     echo -n "Installing new admin password..."
18
19     echo "@echo off" > "$target/Windows/SnfScripts/ChangeAdminPassword.cmd"
20     echo "net user Administrator $password" >> \
21         "$target/Windows/SnfScripts/ChangeAdminPassword.cmd"
22     echo done
23 }
24
25 linux_password() {
26     local target="$1"
27     local password="$2"
28
29     local hash=$("@scriptsdir@/snf-passtohash.py" "$password")
30     if [ ! -e "$target/etc/shadow" ]; then
31        log_error "No /etc/shadow found!" 
32     fi
33     
34     declare -a users
35     
36     if [ -n "$SNF_IMAGE_PROPERTY_USERS" ]; then
37         for usr in $SNF_IMAGE_PROPERTY_USERS; do
38             users+=("$usr")
39         done
40     else
41         users+=("root")
42
43         local distro=$(get_distro $target)
44
45         if [ "x$distro" = "xubuntu" -o \
46              "x$distro" = "xfedora" ] ; then
47             users+=("user")
48         fi
49     fi
50
51     for i in $(seq 0 1 $((${#users[@]}-1))); do
52         local tmp_shadow="$(mktemp)"
53         add_cleanup rm "$tmp_shadow"
54
55         echo -n "Setting ${users[$i]} password..."
56     
57         echo "${users[$i]}:$hash:15103:0:99999:7:::" > "$tmp_shadow"
58         grep -v "${users[$i]}" "$target/etc/shadow" >> "$tmp_shadow"
59         cat "$tmp_shadow" > "$target/etc/shadow"
60         echo "done"
61     done
62 }
63
64 if [ ! -d "$SNF_IMAGE_TARGET" ]; then
65     log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing"
66 fi
67
68 if [ -z "$SNF_IMAGE_PASSWORD" ]; then
69     log_error "Password is missing"
70 fi
71
72 if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "windows" ]; then
73     windows_password "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD"
74 elif [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "linux" ]; then
75     linux_password "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD"
76 fi
77
78 echo "done"
79
80 exit 0
81
82 # vim: set sta sts=4 shiftwidth=4 sw=4 et ai :
83
Unnamed repository; edit this file 'description' to name the repository.