# Check if the task should be prevented from running.
check_if_excluded
+linux_shadow="/etc/shadow"
+freebsd_shadow="/etc/master.passwd"
+openbsd_shadow="/etc/master.passwd"
+netbsd_shadow="/etc/master.passwd"
+
+linux_change_shadow_entry() {
+ local line encrypted
+ line="$1"
+ encrypted="$2"
+
+ IFS=":" read -a entry <<< "$line"
+
+ echo "${entry[0]}:$encrypted:15103:0:99999:7:::"
+}
+
+freebsd_change_shadow_entry() {
+ local line encrypted
+ line="$1"
+ encrypted="$2"
+
+ IFS=":" read -a entry <<< "$line"
+
+ echo "${entry[0]}:$encrypted:${entry[2]}:${entry[3]}:${entry[4]}:${entry[5]}:0:${entry[7]}:${entry[8]}:${entry[9]}"
+}
+
+openbsd_change_shadow_entry() {
+ freebsd_change_shadow_entry "$@"
+}
+
+netbsd_change_shadow_entry() {
+ freebsd_change_shadow_entry "$@"
+}
+
windows_password() {
local target password
target="$1"
done
}
-linux_password() {
- local target password hash users tmp_shadow
- target="$1"
- password="$2"
+unix_password() {
+ local flavor target password encrypted users tmp_shadow method default_method
+ flavor="$1"
+ target="$2"
+ password="$3"
- hash=$("@scriptsdir@/snf-passtohash.py" "$password")
- if [ ! -e "$target/etc/shadow" ]; then
- log_error "No /etc/shadow found!"
+ shadow="${flavor}_shadow"
+ if [ ! -e "$target${!shadow}" ]; then
+ log_error "No ${!shadow} found!"
fi
-
+
+ case "$flavor" in
+ linux|freebsd)
+ default_method=sha512
+ ;;
+ openbsd)
+ default_method=blowfish
+ ;;
+ netbsd)
+ default_method=sha1
+ ;;
+ *)
+ log_error "Unknown unix flavor: \`$flavor'"
+ ;;
+ esac
+
+ method="${SNF_IMAGE_PROPERTY_PASSWORD_HASHING_METHOD:-$default_method}"
+ echo -n "Encrypting password with \`$method' method ... "
+ encrypted=$("@scriptsdir@/snf-passtohash.py" -m "$method" "$password")
+ echo "done"
+
users=()
if [ -n "$SNF_IMAGE_PROPERTY_USERS" ]; then
tmp_shadow="$(mktemp)"
add_cleanup rm "$tmp_shadow"
- echo -n "Setting ${users[$i]} password..."
- if ! grep "^${users[$i]}:" "$target/etc/shadow" > /dev/null; then
+ echo -n "Setting ${users[$i]} password ... "
+ entry=$(grep "^${users[$i]}:" "$target${!shadow}")
+ if [ -z "$entry" ]; then
log_error "User: \`${users[$i]}' does not exist."
fi
-
- echo "${users[$i]}:$hash:15103:0:99999:7:::" > "$tmp_shadow"
- grep -v "${users[$i]}" "$target/etc/shadow" >> "$tmp_shadow"
- cat "$tmp_shadow" > "$target/etc/shadow"
+
+ new_entry="$(${flavor}_change_shadow_entry "$entry" "$encrypted")"
+ grep -v "^${users[$i]}:" "$target${!shadow}" > "$tmp_shadow"
+ echo "$new_entry" >> "$tmp_shadow"
+ cat "$tmp_shadow" > "$target${!shadow}"
echo "done"
done
}
if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "windows" ]; then
windows_password "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD"
-elif [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "linux" ]; then
- linux_password "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD"
+else
+ unix_password "$SNF_IMAGE_PROPERTY_OSFAMILY" "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD"
+fi
+
+# For FreeBSD, OpenBSD and NetBSD we need to recreate the password databases too
+if [[ "$SNF_IMAGE_PROPERTY_OSFAMILY" == *bsd ]]; then
+ rm -f "$SNF_IMAGE_TARGET/etc/spwd.db"
+
+ # NetBSD is very strict about the existence & non-existence of the db files
+ if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "netbsd" ]; then
+ rm -f "$SNF_IMAGE_TARGET/etc/pwd.db.tmp"
+ rm -f "$SNF_IMAGE_TARGET/etc/spwd.db.tmp"
+
+ touch "$SNF_IMAGE_TARGET/etc/spwd.db"
+ fi
+
+
+ # Make sure /etc/spwd.db is recreated on first boot
+ rc_local=$(cat <<EOF
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
+export PATH
+
+pwd_mkdb -p /etc/master.passwd
+EOF
+)
+ if [ -e "$SNF_IMAGE_TARGET/etc/rc.local" ]; then
+ orig_local="/etc/rc.local.snf_image_$RANDOM"
+ mv "$SNF_IMAGE_TARGET/etc/rc.local" "$SNF_IMAGE_TARGET$orig_local"
+ cat > "$SNF_IMAGE_TARGET/etc/rc.local" <<EOF
+$rc_local
+mv $orig_local /etc/rc.local
+. /etc/rc.local
+EOF
+ else
+ cat > "$SNF_IMAGE_TARGET/etc/rc.local" <<EOF
+$rc_local
+rm -f /etc/rc.local
+exit 0
+EOF
+ fi
fi
exit 0