X-Git-Url: https://code.grnet.gr/git/snf-image/blobdiff_plain/7393e7e4054398e9195406cdbfe27fd661f471ec..876aef198b58c5904738d3fcd9cf31f244e87f37:/snf-image-helper/tasks/50ChangePassword.in diff --git a/snf-image-helper/tasks/50ChangePassword.in b/snf-image-helper/tasks/50ChangePassword.in index 4fd0c33..39f4961 100644 --- a/snf-image-helper/tasks/50ChangePassword.in +++ b/snf-image-helper/tasks/50ChangePassword.in @@ -1,8 +1,25 @@ #! /bin/bash +# Copyright (C) 2011 GRNET S.A. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. + ### BEGIN TASK INFO # Provides: ChangePassword -# RunBefore: UmountImage +# RunBefore: EnforcePersonality # RunAfter: InstallUnattend # Short-Description: Changes Password for specified users ### END TASK INFO @@ -10,54 +27,115 @@ set -e . "@commondir@/common.sh" -windows_password() { - local target="$1" - local password="$2" +trap task_cleanup EXIT +report_task_start - local tmp_unattend="$(mktemp)" - add_cleanup rm "$tmp_unattend" +# Check if the task should be prevented from running. +check_if_excluded - echo -n "Installing new admin password..." +linux_shadow="/etc/shadow" +freebsd_shadow="/etc/master.passwd" - local namespace="urn:schemas-microsoft-com:unattend" - - "$XMLSTARLET" ed -N x=$namespace -u "/x:unattend/x:settings/x:component/x:UserAccounts/x:AdministratorPassword/x:Value" -v "$password" "$target/Unattend.xml" > "$tmp_unattend" +linux_change_shadow_entry() { + local line encrypted + line="$1" + encrypted="$2" + + IFS=":" read -a entry <<< "$line" + + echo "${entry[0]}:$encrypted:15103:0:99999:7:::" +} + +freebsd_change_shadow_entry() { + local line encrypted + line="$1" + encrypted="$2" + + IFS=":" read -a entry <<< "$line" - cat "$tmp_unattend" > "$target/Unattend.xml" - echo done + echo "${entry[0]}:$encrypted:${entry[2]}:${entry[3]}:${entry[4]}:${entry[5]}:0:${entry[7]}:${entry[8]}:${entry[9]}" } -linux_password() { - local target="$1" - local password="$2" +windows_password() { + local target password + target="$1" + password="$2" + + echo "@echo off" > "$target/Windows/SnfScripts/ChangeAdminPassword.cmd" - local hash=$("@scriptsdir@/snf-passtohash.py" "$password") - if [ ! -e "$target/etc/shadow" ]; then - log_error "No /etc/shadow found!" + if [ -z "$SNF_IMAGE_PROPERTY_USERS" ]; then + warn "Image property \`USERS' is missing or empty. " \ + "Changing the password for default user: \`Administrator'." + + SNF_IMAGE_PROPERTY_USERS="Administrator" fi - - declare -a users=("root") - local distro=$(get_distro $target) + for usr in $SNF_IMAGE_PROPERTY_USERS; do + echo -n "Installing new password for user \`$usr'..." + echo "net user $usr $password" >> \ + "$target/Windows/SnfScripts/ChangeAdminPassword.cmd" + echo done + done +} + +unix_password() { + local flavor target password hash users tmp_shadow + flavor="$1" + target="$2" + password="$3" + + shadow="${flavor}_shadow" + if [ ! -e "$target${!shadow}" ]; then + log_error "No ${!shadow} found!" + fi - if [ "x$distro" = "xubuntu" -o \ - "x$distro" = "xfedora" ] ; then - users+=("user") + hash=$("@scriptsdir@/snf-passtohash.py" "$password") + + users=() + + if [ -n "$SNF_IMAGE_PROPERTY_USERS" ]; then + for usr in $SNF_IMAGE_PROPERTY_USERS; do + users+=("$usr") + done + else + warn "Image property \`USERS' is missing or empty. " \ + "Changing the password for default user: \`root'." + users+=("root") fi for i in $(seq 0 1 $((${#users[@]}-1))); do - local tmp_shadow="$(mktemp)" + tmp_shadow="$(mktemp)" add_cleanup rm "$tmp_shadow" echo -n "Setting ${users[$i]} password..." - - echo "${users[$i]}:$hash:15103:0:99999:7:::" > "$tmp_shadow" - grep -v "${users[$i]}" "$target/etc/shadow" >> "$tmp_shadow" - cat "$tmp_shadow" > "$target/etc/shadow" + entry=$(grep "^${users[$i]}:" "$target${!shadow}") + if [ -z "$entry" ]; then + log_error "User: \`${users[$i]}' does not exist." + fi + + new_entry="$(${flavor}_change_shadow_entry "$entry" "$hash")" + grep -v "${users[$i]}" "$target${!shadow}" > "$tmp_shadow" + echo "$new_entry" >> "$tmp_shadow" + cat "$tmp_shadow" > "$target${!shadow}" echo "done" done } +freebsd_password() { + local target password hash + target="$1" + password="$2" + + if [ ! -e "$target/etc/master.passwd" ]; then + log_error "No /etc/master.passwd found!" + fi + + hash=$("@scriptsdir@/snf-passtohash.py" "$password") + for i in $(seq 0 1 $((${#users[@]}-1))); do + tmp_master="$(mktemp)" + done +} + if [ ! -d "$SNF_IMAGE_TARGET" ]; then log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing" fi @@ -66,17 +144,43 @@ if [ -z "$SNF_IMAGE_PASSWORD" ]; then log_error "Password is missing" fi -if [ "$SNF_IMAGE_TYPE" = "ntfsdump" ]; then +#trim users var +SNF_IMAGE_PROPERTY_USERS=$(echo $SNF_IMAGE_PROPERTY_USERS) + +if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "windows" ]; then windows_password "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD" -elif [ "$SNF_IMAGE_TYPE" = "extdump" ]; then - linux_password "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD" +elif [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "linux" ]; then + unix_password linux "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD" +elif [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "freebsd" ]; then + unix_password freebsd "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD" + + rm -f "$SNF_IMAGE_TARGET/etc/spwd.db" + + # Make sure /etc/spwd.db is recreated on first boot + rc_local=$(cat < "$SNF_IMAGE_TARGET/etc/rc.local" < "$SNF_IMAGE_TARGET/etc/rc.local" <