X-Git-Url: https://code.grnet.gr/git/snf-image/blobdiff_plain/f44a30e6127e98c12c0e175cc26d57a3fe0f5c27..d16282445984028e3194659c4cddde480ef0ade9:/snf-image-helper/tasks/50ChangePassword.in

diff --git a/snf-image-helper/tasks/50ChangePassword.in b/snf-image-helper/tasks/50ChangePassword.in
index 867dcac..46d1ab0 100644
--- a/snf-image-helper/tasks/50ChangePassword.in
+++ b/snf-image-helper/tasks/50ChangePassword.in
@@ -33,13 +33,50 @@ report_task_start
 # Check if the task should be prevented from running.
 check_if_excluded
 
+linux_shadow="/etc/shadow"
+freebsd_shadow="/etc/master.passwd"
+openbsd_shadow="/etc/master.passwd"
+netbsd_shadow="/etc/master.passwd"
+
+linux_change_shadow_entry() {
+    local line encrypted
+    line="$1"
+    encrypted="$2"
+
+    IFS=":" read -a entry <<< "$line"
+
+    echo "${entry[0]}:$encrypted:15103:0:99999:7:::"
+}
+
+freebsd_change_shadow_entry() {
+    local line encrypted
+    line="$1"
+    encrypted="$2"
+
+    IFS=":" read -a entry <<< "$line"
+
+    echo "${entry[0]}:$encrypted:${entry[2]}:${entry[3]}:${entry[4]}:${entry[5]}:0:${entry[7]}:${entry[8]}:${entry[9]}"
+}
+
+openbsd_change_shadow_entry() {
+    freebsd_change_shadow_entry "$@"
+}
+
+netbsd_change_shadow_entry() {
+    freebsd_change_shadow_entry "$@"
+}
+
 windows_password() {
-    local target="$1"
-    local password="$2"
+    local target password
+    target="$1"
+    password="$2"
 
     echo "@echo off" > "$target/Windows/SnfScripts/ChangeAdminPassword.cmd"
 
     if [ -z "$SNF_IMAGE_PROPERTY_USERS" ]; then
+        warn "Image property \`USERS' is missing or empty. " \
+            "Changing the password for default user: \`Administrator'."
+
         SNF_IMAGE_PROPERTY_USERS="Administrator"
     fi
 
@@ -51,41 +88,77 @@ windows_password() {
     done
 }
 
-linux_password() {
-    local target="$1"
-    local password="$2"
+unix_password() {
+    local flavor target password hash users tmp_shadow
+    flavor="$1"
+    target="$2"
+    password="$3"
 
-    local hash=$("@scriptsdir@/snf-passtohash.py" "$password")
-    if [ ! -e "$target/etc/shadow" ]; then
-       log_error "No /etc/shadow found!" 
+    shadow="${flavor}_shadow"
+    if [ ! -e "$target${!shadow}" ]; then
+       log_error "No ${!shadow} found!"
     fi
-    
-    declare -a users
+
+    case "$flavor" in
+        linux|freebsd)
+            hash=$("@scriptsdir@/snf-passtohash.py" "$password")
+            ;;
+        openbsd)
+            hash=$("@scriptsdir@/snf-passtohash.py" -m blowfish "$password")
+            ;;
+        netbsd)
+            hash=$("@scriptsdir@/snf-passtohash.py" -m sha1 "$password")
+            ;;
+        *)
+            log_error "Unknown unix flavor: \`$flavor'"
+            ;;
+    esac
+
+    users=()
     
     if [ -n "$SNF_IMAGE_PROPERTY_USERS" ]; then
         for usr in $SNF_IMAGE_PROPERTY_USERS; do
             users+=("$usr")
         done
     else
+        warn "Image property \`USERS' is missing or empty. " \
+            "Changing the password for default user: \`root'."
         users+=("root")
     fi
 
     for i in $(seq 0 1 $((${#users[@]}-1))); do
-        local tmp_shadow="$(mktemp)"
+        tmp_shadow="$(mktemp)"
         add_cleanup rm "$tmp_shadow"
 
         echo -n "Setting ${users[$i]} password..."
-        if ! grep "^${users[$i]}:" "$target/etc/shadow" > /dev/null; then
+        entry=$(grep "^${users[$i]}:" "$target${!shadow}")
+        if [ -z "$entry" ]; then
             log_error "User: \`${users[$i]}' does not exist."
         fi
-    
-        echo "${users[$i]}:$hash:15103:0:99999:7:::" > "$tmp_shadow"
-        grep -v "${users[$i]}" "$target/etc/shadow" >> "$tmp_shadow"
-        cat "$tmp_shadow" > "$target/etc/shadow"
+
+        new_entry="$(${flavor}_change_shadow_entry "$entry" "$hash")"
+        grep -v "${users[$i]}" "$target${!shadow}" > "$tmp_shadow"
+        echo "$new_entry" >> "$tmp_shadow"
+        cat "$tmp_shadow" > "$target${!shadow}"
         echo "done"
     done
 }
 
+freebsd_password() {
+    local target password hash
+    target="$1"
+    password="$2"
+
+    if [ ! -e "$target/etc/master.passwd" ]; then
+        log_error "No /etc/master.passwd found!"
+    fi
+
+    hash=$("@scriptsdir@/snf-passtohash.py" "$password")
+    for i in $(seq 0 1 $((${#users[@]}-1))); do
+        tmp_master="$(mktemp)"
+    done
+}
+
 if [ ! -d "$SNF_IMAGE_TARGET" ]; then
     log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing"
 fi
@@ -99,8 +172,46 @@ SNF_IMAGE_PROPERTY_USERS=$(echo $SNF_IMAGE_PROPERTY_USERS)
 
 if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "windows" ]; then
     windows_password "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD"
-elif [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "linux" ]; then
-    linux_password "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD"
+else
+    unix_password "$SNF_IMAGE_PROPERTY_OSFAMILY" "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD"
+fi
+
+# For FreeBSD, OpenBSD and NetBSD we need to recreate the password databases too
+if [[ "$SNF_IMAGE_PROPERTY_OSFAMILY" == *bsd ]]; then
+    rm -f "$SNF_IMAGE_TARGET/etc/spwd.db"
+
+    # NetBSD is very strict about the existence & non-existence of the db files
+    if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "netbsd" ]; then
+        rm -f "$SNF_IMAGE_TARGET/etc/pwd.db.tmp"
+        rm -f "$SNF_IMAGE_TARGET/etc/spwd.db.tmp"
+
+        touch "$SNF_IMAGE_TARGET/etc/spwd.db"
+    fi
+
+
+    # Make sure /etc/spwd.db is recreated on first boot
+    rc_local=$(cat <<EOF
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
+export PATH
+
+pwd_mkdb -p /etc/master.passwd
+EOF
+)
+    if [ -e "$SNF_IMAGE_TARGET/etc/rc.local" ]; then
+        orig_local="/etc/rc.local.snf_image_$RANDOM"
+        mv "$SNF_IMAGE_TARGET/etc/rc.local" "$SNF_IMAGE_TARGET$orig_local"
+        cat > "$SNF_IMAGE_TARGET/etc/rc.local" <<EOF
+$rc_local
+mv $orig_local /etc/rc.local
+. /etc/rc.local
+EOF
+    else
+        cat > "$SNF_IMAGE_TARGET/etc/rc.local" <<EOF
+$rc_local
+rm -f /etc/rc.local
+exit 0
+EOF
+    fi
 fi
 
 exit 0