#! /bin/bash
+# Copyright (C) 2011 GRNET S.A.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
### BEGIN TASK INFO
# Provides: ChangePassword
-# RunBefore: UmountImage
+# RunBefore: EnforcePersonality
# RunAfter: InstallUnattend
# Short-Description: Changes Password for specified users
-### END TAST INFO
+### END TASK INFO
set -e
-. @commondir@/common.sh
+. "@commondir@/common.sh"
-windows_password() {
- local target=$1
- local password=$2
+trap task_cleanup EXIT
+report_task_start
- local tmp_unattend=`mktemp` || exit 1
- CLEANUP+=("rm $tmp_unattend")
+# Check if the task should be prevented from running.
+check_if_excluded
- echo -n "Installing new admin password..."
+linux_shadow="/etc/shadow"
+freebsd_shadow="/etc/master.passwd"
+openbsd_shadow="/etc/master.passwd"
+netbsd_shadow="/etc/master.passwd"
- local namespace="urn:schemas-microsoft-com:unattend"
-
- $XMLSTARLET ed -N x=$namespace -u "/x:unattend/x:settings/x:component/x:UserAccounts/x:AdministratorPassword/x:Value" -v $password "$target/Unattend.xml" > $tmp_unattend
+linux_change_shadow_entry() {
+ local line encrypted
+ line="$1"
+ encrypted="$2"
+
+ IFS=":" read -a entry <<< "$line"
+
+ echo "${entry[0]}:$encrypted:15103:0:99999:7:::"
+}
+
+freebsd_change_shadow_entry() {
+ local line encrypted
+ line="$1"
+ encrypted="$2"
+
+ IFS=":" read -a entry <<< "$line"
- cat $tmp_unattend > "$target/Unattend.xml"
- echo done
+ echo "${entry[0]}:$encrypted:${entry[2]}:${entry[3]}:${entry[4]}:${entry[5]}:0:${entry[7]}:${entry[8]}:${entry[9]}"
}
-linux_password() {
- local target=$1
- local password=$2
+openbsd_change_shadow_entry() {
+ freebsd_change_shadow_entry "$@"
+}
- local hash=$(@scriptsdir@/snf-passtohash.py $password)
- if [ ! -e ${target}/etc/shadow ]; then
- log_error "No /etc/shadow found!"
+netbsd_change_shadow_entry() {
+ freebsd_change_shadow_entry "$@"
+}
+
+windows_password() {
+ local target password
+ target="$1"
+ password="$2"
+
+ echo "@echo off" > "$target/Windows/SnfScripts/ChangeAdminPassword.cmd"
+
+ if [ -z "$SNF_IMAGE_PROPERTY_USERS" ]; then
+ warn "Image property \`USERS' is missing or empty. " \
+ "Changing the password for default user: \`Administrator'."
+
+ SNF_IMAGE_PROPERTY_USERS="Administrator"
fi
-
- declare -a users=("root")
- local distro=$(get_distro $target)
+ for usr in $SNF_IMAGE_PROPERTY_USERS; do
+ echo -n "Installing new password for user \`$usr'..."
+ echo "net user $usr $password" >> \
+ "$target/Windows/SnfScripts/ChangeAdminPassword.cmd"
+ echo done
+ done
+}
+
+unix_password() {
+ local flavor target password hash users tmp_shadow
+ flavor="$1"
+ target="$2"
+ password="$3"
- if [ "x$disto" = "xubuntu" -o \
- "x$disto" = "xfedora" ] ; then
- users+=("user")
+ shadow="${flavor}_shadow"
+ if [ ! -e "$target${!shadow}" ]; then
+ log_error "No ${!shadow} found!"
+ fi
+
+ case "$flavor" in
+ linux|freebsd)
+ hash=$("@scriptsdir@/snf-passtohash.py" "$password")
+ ;;
+ openbsd)
+ hash=$("@scriptsdir@/snf-passtohash.py" -m blowfish "$password")
+ ;;
+ netbsd)
+ hash=$("@scriptsdir@/snf-passtohash.py" -m sha1 "$password")
+ ;;
+ *)
+ log_error "Unknown unix flavor: \`$flavor'"
+ ;;
+ esac
+
+ users=()
+
+ if [ -n "$SNF_IMAGE_PROPERTY_USERS" ]; then
+ for usr in $SNF_IMAGE_PROPERTY_USERS; do
+ users+=("$usr")
+ done
+ else
+ warn "Image property \`USERS' is missing or empty. " \
+ "Changing the password for default user: \`root'."
+ users+=("root")
fi
for i in $(seq 0 1 $((${#users[@]}-1))); do
- local tmp_shadow=$(mktemp)
- CLEANUP+=("rm $tmp_shadow")
+ tmp_shadow="$(mktemp)"
+ add_cleanup rm "$tmp_shadow"
echo -n "Setting ${users[$i]} password..."
-
- echo "${users[$i]}:$hash:15103:0:99999:7:::" > $tmp_shadow
- grep -v "${users[$i]}" ${TARGET}/etc/shadow >> $tmp_shadow
- cat $tmp_shadow > ${target}/etc/shadow
+ entry=$(grep "^${users[$i]}:" "$target${!shadow}")
+ if [ -z "$entry" ]; then
+ log_error "User: \`${users[$i]}' does not exist."
+ fi
+
+ new_entry="$(${flavor}_change_shadow_entry "$entry" "$hash")"
+ grep -v "${users[$i]}" "$target${!shadow}" > "$tmp_shadow"
+ echo "$new_entry" >> "$tmp_shadow"
+ cat "$tmp_shadow" > "$target${!shadow}"
echo "done"
done
}
+freebsd_password() {
+ local target password hash
+ target="$1"
+ password="$2"
+
+ if [ ! -e "$target/etc/master.passwd" ]; then
+ log_error "No /etc/master.passwd found!"
+ fi
+
+ hash=$("@scriptsdir@/snf-passtohash.py" "$password")
+ for i in $(seq 0 1 $((${#users[@]}-1))); do
+ tmp_master="$(mktemp)"
+ done
+}
+
if [ ! -d "$SNF_IMAGE_TARGET" ]; then
log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing"
fi
log_error "Password is missing"
fi
-if [ "$SNF_IMAGE_TYPE" = "ntfsdump" ]; then
- windows_password $SNF_IMAGE_TARGET $SNF_IMAGE_PASSWORD
-elif [ "$SNF_IMAGE_TYPE" = "extdump" ]; then
- linux_password $SNF_IMAGE_TARGET $SNF_IMAGE_PASSWORD
+#trim users var
+SNF_IMAGE_PROPERTY_USERS=$(echo $SNF_IMAGE_PROPERTY_USERS)
+
+if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "windows" ]; then
+ windows_password "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD"
+else
+ unix_password "$SNF_IMAGE_PROPERTY_OSFAMILY" "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD"
fi
-echo "done"
+# For FreeBSD, OpenBSD and NetBSD we need to recreate the password databases too
+if [[ "$SNF_IMAGE_PROPERTY_OSFAMILY" == *bsd ]]; then
+ rm -f "$SNF_IMAGE_TARGET/etc/spwd.db"
+
+ # NetBSD is very strict about the existence & non-existence of the db files
+ if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "netbsd" ]; then
+ rm -f "$SNF_IMAGE_TARGET/etc/pwd.db.tmp"
+ rm -f "$SNF_IMAGE_TARGET/etc/spwd.db.tmp"
+
+ touch "$SNF_IMAGE_TARGET/etc/spwd.db"
+ fi
-cleanup
-trap - EXIT
+
+ # Make sure /etc/spwd.db is recreated on first boot
+ rc_local=$(cat <<EOF
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
+export PATH
+
+pwd_mkdb -p /etc/master.passwd
+EOF
+)
+ if [ -e "$SNF_IMAGE_TARGET/etc/rc.local" ]; then
+ orig_local="/etc/rc.local.snf_image_$RANDOM"
+ mv "$SNF_IMAGE_TARGET/etc/rc.local" "$SNF_IMAGE_TARGET$orig_local"
+ cat > "$SNF_IMAGE_TARGET/etc/rc.local" <<EOF
+$rc_local
+mv $orig_local /etc/rc.local
+. /etc/rc.local
+EOF
+ else
+ cat > "$SNF_IMAGE_TARGET/etc/rc.local" <<EOF
+$rc_local
+rm -f /etc/rc.local
+exit 0
+EOF
+ fi
+fi
exit 0
projects / snf-image / blobdiff