root / snf-image-helper / tasks / 50ChangePassword.in @ 287c1028
History | View | Annotate | Download (5.7 kB)
1 | 0a35a4ab | Nikos Skalkotos | #! /bin/bash |
---|---|---|---|
2 | 54080484 | Nikos Skalkotos | |
3 | 7e5d635b | Nikos Skalkotos | # Copyright (C) 2011 GRNET S.A. |
4 | 7e5d635b | Nikos Skalkotos | # |
5 | 7e5d635b | Nikos Skalkotos | # This program is free software; you can redistribute it and/or modify |
6 | 7e5d635b | Nikos Skalkotos | # it under the terms of the GNU General Public License as published by |
7 | 7e5d635b | Nikos Skalkotos | # the Free Software Foundation; either version 2 of the License, or |
8 | 7e5d635b | Nikos Skalkotos | # (at your option) any later version. |
9 | 7e5d635b | Nikos Skalkotos | # |
10 | 7e5d635b | Nikos Skalkotos | # This program is distributed in the hope that it will be useful, but |
11 | 7e5d635b | Nikos Skalkotos | # WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | 7e5d635b | Nikos Skalkotos | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
13 | 7e5d635b | Nikos Skalkotos | # General Public License for more details. |
14 | 7e5d635b | Nikos Skalkotos | # |
15 | 7e5d635b | Nikos Skalkotos | # You should have received a copy of the GNU General Public License |
16 | 7e5d635b | Nikos Skalkotos | # along with this program; if not, write to the Free Software |
17 | 7e5d635b | Nikos Skalkotos | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
18 | 7e5d635b | Nikos Skalkotos | # 02110-1301, USA. |
19 | 7e5d635b | Nikos Skalkotos | |
20 | 54080484 | Nikos Skalkotos | ### BEGIN TASK INFO |
21 | 54080484 | Nikos Skalkotos | # Provides: ChangePassword |
22 | c50358a6 | Nikos Skalkotos | # RunBefore: EnforcePersonality |
23 | c349d1b3 | Nikos Skalkotos | # RunAfter: InstallUnattend |
24 | 54080484 | Nikos Skalkotos | # Short-Description: Changes Password for specified users |
25 | 6a95db10 | Vangelis Koukis | ### END TASK INFO |
26 | 54080484 | Nikos Skalkotos | |
27 | 54080484 | Nikos Skalkotos | set -e |
28 | bad5ca1f | Nikos Skalkotos | . "@commondir@/common.sh" |
29 | 54080484 | Nikos Skalkotos | |
30 | 2a0ab295 | Nikos Skalkotos | trap task_cleanup EXIT |
31 | a50a2bff | Nikos Skalkotos | report_task_start |
32 | 2a0ab295 | Nikos Skalkotos | |
33 | 2a0c492d | Nikos Skalkotos | # Check if the task should be prevented from running. |
34 | 2a0c492d | Nikos Skalkotos | check_if_excluded |
35 | 2a0c492d | Nikos Skalkotos | |
36 | b1cb73f2 | Nikos Skalkotos | linux_shadow="/etc/shadow" |
37 | b1cb73f2 | Nikos Skalkotos | freebsd_shadow="/etc/master.passwd" |
38 | b3c48174 | Nikos Skalkotos | openbsd_shadow="/etc/master.passwd" |
39 | b3c48174 | Nikos Skalkotos | netbsd_shadow="/etc/master.passwd" |
40 | b1cb73f2 | Nikos Skalkotos | |
41 | b1cb73f2 | Nikos Skalkotos | linux_change_shadow_entry() { |
42 | b1cb73f2 | Nikos Skalkotos | local line encrypted |
43 | b1cb73f2 | Nikos Skalkotos | line="$1" |
44 | b1cb73f2 | Nikos Skalkotos | encrypted="$2" |
45 | b1cb73f2 | Nikos Skalkotos | |
46 | b1cb73f2 | Nikos Skalkotos | IFS=":" read -a entry <<< "$line" |
47 | b1cb73f2 | Nikos Skalkotos | |
48 | b1cb73f2 | Nikos Skalkotos | echo "${entry[0]}:$encrypted:15103:0:99999:7:::" |
49 | b1cb73f2 | Nikos Skalkotos | } |
50 | b1cb73f2 | Nikos Skalkotos | |
51 | b1cb73f2 | Nikos Skalkotos | freebsd_change_shadow_entry() { |
52 | b1cb73f2 | Nikos Skalkotos | local line encrypted |
53 | b1cb73f2 | Nikos Skalkotos | line="$1" |
54 | b1cb73f2 | Nikos Skalkotos | encrypted="$2" |
55 | b1cb73f2 | Nikos Skalkotos | |
56 | b1cb73f2 | Nikos Skalkotos | IFS=":" read -a entry <<< "$line" |
57 | b1cb73f2 | Nikos Skalkotos | |
58 | b1cb73f2 | Nikos Skalkotos | echo "${entry[0]}:$encrypted:${entry[2]}:${entry[3]}:${entry[4]}:${entry[5]}:0:${entry[7]}:${entry[8]}:${entry[9]}" |
59 | b1cb73f2 | Nikos Skalkotos | } |
60 | b1cb73f2 | Nikos Skalkotos | |
61 | 84d01e3e | Nikos Skalkotos | openbsd_change_shadow_entry() { |
62 | 84d01e3e | Nikos Skalkotos | freebsd_change_shadow_entry "$@" |
63 | 84d01e3e | Nikos Skalkotos | } |
64 | 84d01e3e | Nikos Skalkotos | |
65 | 84d01e3e | Nikos Skalkotos | netbsd_change_shadow_entry() { |
66 | 84d01e3e | Nikos Skalkotos | freebsd_change_shadow_entry "$@" |
67 | 84d01e3e | Nikos Skalkotos | } |
68 | 84d01e3e | Nikos Skalkotos | |
69 | 54080484 | Nikos Skalkotos | windows_password() { |
70 | 995a47c9 | Nikos Skalkotos | local target password |
71 | 995a47c9 | Nikos Skalkotos | target="$1" |
72 | 995a47c9 | Nikos Skalkotos | password="$2" |
73 | 54080484 | Nikos Skalkotos | |
74 | 6196f457 | Nikos Skalkotos | echo "@echo off" > "$target/Windows/SnfScripts/ChangeAdminPassword.cmd" |
75 | 9912db89 | Nikos Skalkotos | |
76 | 9912db89 | Nikos Skalkotos | if [ -z "$SNF_IMAGE_PROPERTY_USERS" ]; then |
77 | 90db2151 | Nikos Skalkotos | warn "Image property \`USERS' is missing or empty. " \ |
78 | 90db2151 | Nikos Skalkotos | "Changing the password for default user: \`Administrator'." |
79 | 90db2151 | Nikos Skalkotos | |
80 | 9912db89 | Nikos Skalkotos | SNF_IMAGE_PROPERTY_USERS="Administrator" |
81 | 9912db89 | Nikos Skalkotos | fi |
82 | 9912db89 | Nikos Skalkotos | |
83 | 9912db89 | Nikos Skalkotos | for usr in $SNF_IMAGE_PROPERTY_USERS; do |
84 | 9912db89 | Nikos Skalkotos | echo -n "Installing new password for user \`$usr'..." |
85 | 9912db89 | Nikos Skalkotos | echo "net user $usr $password" >> \ |
86 | 9912db89 | Nikos Skalkotos | "$target/Windows/SnfScripts/ChangeAdminPassword.cmd" |
87 | 9912db89 | Nikos Skalkotos | echo done |
88 | 9912db89 | Nikos Skalkotos | done |
89 | 54080484 | Nikos Skalkotos | } |
90 | 54080484 | Nikos Skalkotos | |
91 | b1cb73f2 | Nikos Skalkotos | unix_password() { |
92 | f3bc7bef | Nikos Skalkotos | local flavor target password encrypted users tmp_shadow method default_method |
93 | b1cb73f2 | Nikos Skalkotos | flavor="$1" |
94 | b1cb73f2 | Nikos Skalkotos | target="$2" |
95 | b1cb73f2 | Nikos Skalkotos | password="$3" |
96 | 54080484 | Nikos Skalkotos | |
97 | b1cb73f2 | Nikos Skalkotos | shadow="${flavor}_shadow" |
98 | b1cb73f2 | Nikos Skalkotos | if [ ! -e "$target${!shadow}" ]; then |
99 | b1cb73f2 | Nikos Skalkotos | log_error "No ${!shadow} found!" |
100 | 54080484 | Nikos Skalkotos | fi |
101 | b1cb73f2 | Nikos Skalkotos | |
102 | b0e6727c | Nikos Skalkotos | case "$flavor" in |
103 | b0e6727c | Nikos Skalkotos | linux|freebsd) |
104 | f3bc7bef | Nikos Skalkotos | default_method=sha512 |
105 | b0e6727c | Nikos Skalkotos | ;; |
106 | d1628244 | Nikos Skalkotos | openbsd) |
107 | f3bc7bef | Nikos Skalkotos | default_method=blowfish |
108 | b0e6727c | Nikos Skalkotos | ;; |
109 | d1628244 | Nikos Skalkotos | netbsd) |
110 | f3bc7bef | Nikos Skalkotos | default_method=sha1 |
111 | d1628244 | Nikos Skalkotos | ;; |
112 | b0e6727c | Nikos Skalkotos | *) |
113 | b0e6727c | Nikos Skalkotos | log_error "Unknown unix flavor: \`$flavor'" |
114 | b0e6727c | Nikos Skalkotos | ;; |
115 | b0e6727c | Nikos Skalkotos | esac |
116 | b0e6727c | Nikos Skalkotos | |
117 | f3bc7bef | Nikos Skalkotos | method="${SNF_IMAGE_PROPERTY_PASSWORD_HASHING_METHOD:-$default_method}" |
118 | f3bc7bef | Nikos Skalkotos | echo -n "Encrypting password with \`$method' method ... " |
119 | 0925f23a | Nikos Skalkotos | encrypted=$("@scriptsdir@/hashpwd.py" -m "$method" "$password") |
120 | f3bc7bef | Nikos Skalkotos | echo "done" |
121 | f3bc7bef | Nikos Skalkotos | |
122 | 995a47c9 | Nikos Skalkotos | users=() |
123 | f884ffac | Nikos Skalkotos | |
124 | f884ffac | Nikos Skalkotos | if [ -n "$SNF_IMAGE_PROPERTY_USERS" ]; then |
125 | f884ffac | Nikos Skalkotos | for usr in $SNF_IMAGE_PROPERTY_USERS; do |
126 | f884ffac | Nikos Skalkotos | users+=("$usr") |
127 | f884ffac | Nikos Skalkotos | done |
128 | f884ffac | Nikos Skalkotos | else |
129 | 90db2151 | Nikos Skalkotos | warn "Image property \`USERS' is missing or empty. " \ |
130 | 0c541fe8 | Nikos Skalkotos | "Changing the password for default user: \`root'." |
131 | f884ffac | Nikos Skalkotos | users+=("root") |
132 | 54080484 | Nikos Skalkotos | fi |
133 | 54080484 | Nikos Skalkotos | |
134 | 54080484 | Nikos Skalkotos | for i in $(seq 0 1 $((${#users[@]}-1))); do |
135 | 995a47c9 | Nikos Skalkotos | tmp_shadow="$(mktemp)" |
136 | bad5ca1f | Nikos Skalkotos | add_cleanup rm "$tmp_shadow" |
137 | 54080484 | Nikos Skalkotos | |
138 | f3bc7bef | Nikos Skalkotos | echo -n "Setting ${users[$i]} password ... " |
139 | b1cb73f2 | Nikos Skalkotos | entry=$(grep "^${users[$i]}:" "$target${!shadow}") |
140 | b1cb73f2 | Nikos Skalkotos | if [ -z "$entry" ]; then |
141 | f44a30e6 | Nikos Skalkotos | log_error "User: \`${users[$i]}' does not exist." |
142 | f44a30e6 | Nikos Skalkotos | fi |
143 | b1cb73f2 | Nikos Skalkotos | |
144 | f3bc7bef | Nikos Skalkotos | new_entry="$(${flavor}_change_shadow_entry "$entry" "$encrypted")" |
145 | 23f62254 | Nikos Skalkotos | grep -v "^${users[$i]}:" "$target${!shadow}" > "$tmp_shadow" |
146 | b1cb73f2 | Nikos Skalkotos | echo "$new_entry" >> "$tmp_shadow" |
147 | b1cb73f2 | Nikos Skalkotos | cat "$tmp_shadow" > "$target${!shadow}" |
148 | 54080484 | Nikos Skalkotos | echo "done" |
149 | 54080484 | Nikos Skalkotos | done |
150 | 54080484 | Nikos Skalkotos | } |
151 | 54080484 | Nikos Skalkotos | |
152 | 8704ee47 | Nikos Skalkotos | if [ ! -d "$SNF_IMAGE_TARGET" ]; then |
153 | 8704ee47 | Nikos Skalkotos | log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing" |
154 | 54080484 | Nikos Skalkotos | fi |
155 | 54080484 | Nikos Skalkotos | |
156 | 54080484 | Nikos Skalkotos | if [ -z "$SNF_IMAGE_PASSWORD" ]; then |
157 | 54080484 | Nikos Skalkotos | log_error "Password is missing" |
158 | 54080484 | Nikos Skalkotos | fi |
159 | 54080484 | Nikos Skalkotos | |
160 | 9912db89 | Nikos Skalkotos | #trim users var |
161 | 9912db89 | Nikos Skalkotos | SNF_IMAGE_PROPERTY_USERS=$(echo $SNF_IMAGE_PROPERTY_USERS) |
162 | 9912db89 | Nikos Skalkotos | |
163 | 473f4fa5 | Nikos Skalkotos | if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "windows" ]; then |
164 | bad5ca1f | Nikos Skalkotos | windows_password "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD" |
165 | 84d01e3e | Nikos Skalkotos | else |
166 | 84d01e3e | Nikos Skalkotos | unix_password "$SNF_IMAGE_PROPERTY_OSFAMILY" "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD" |
167 | 84d01e3e | Nikos Skalkotos | fi |
168 | b1cb73f2 | Nikos Skalkotos | |
169 | d1628244 | Nikos Skalkotos | # For FreeBSD, OpenBSD and NetBSD we need to recreate the password databases too |
170 | 84d01e3e | Nikos Skalkotos | if [[ "$SNF_IMAGE_PROPERTY_OSFAMILY" == *bsd ]]; then |
171 | b1cb73f2 | Nikos Skalkotos | rm -f "$SNF_IMAGE_TARGET/etc/spwd.db" |
172 | b1cb73f2 | Nikos Skalkotos | |
173 | d1628244 | Nikos Skalkotos | # NetBSD is very strict about the existence & non-existence of the db files |
174 | d1628244 | Nikos Skalkotos | if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "netbsd" ]; then |
175 | d1628244 | Nikos Skalkotos | rm -f "$SNF_IMAGE_TARGET/etc/pwd.db.tmp" |
176 | d1628244 | Nikos Skalkotos | rm -f "$SNF_IMAGE_TARGET/etc/spwd.db.tmp" |
177 | d1628244 | Nikos Skalkotos | |
178 | d1628244 | Nikos Skalkotos | touch "$SNF_IMAGE_TARGET/etc/spwd.db" |
179 | d1628244 | Nikos Skalkotos | fi |
180 | d1628244 | Nikos Skalkotos | |
181 | d1628244 | Nikos Skalkotos | |
182 | b1cb73f2 | Nikos Skalkotos | # Make sure /etc/spwd.db is recreated on first boot |
183 | b1cb73f2 | Nikos Skalkotos | rc_local=$(cat <<EOF |
184 | b1cb73f2 | Nikos Skalkotos | PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin |
185 | b1cb73f2 | Nikos Skalkotos | export PATH |
186 | b1cb73f2 | Nikos Skalkotos | |
187 | b1cb73f2 | Nikos Skalkotos | pwd_mkdb -p /etc/master.passwd |
188 | b1cb73f2 | Nikos Skalkotos | EOF |
189 | b1cb73f2 | Nikos Skalkotos | ) |
190 | b1cb73f2 | Nikos Skalkotos | if [ -e "$SNF_IMAGE_TARGET/etc/rc.local" ]; then |
191 | b1cb73f2 | Nikos Skalkotos | orig_local="/etc/rc.local.snf_image_$RANDOM" |
192 | b1cb73f2 | Nikos Skalkotos | mv "$SNF_IMAGE_TARGET/etc/rc.local" "$SNF_IMAGE_TARGET$orig_local" |
193 | b1cb73f2 | Nikos Skalkotos | cat > "$SNF_IMAGE_TARGET/etc/rc.local" <<EOF |
194 | b1cb73f2 | Nikos Skalkotos | $rc_local |
195 | b1cb73f2 | Nikos Skalkotos | mv $orig_local /etc/rc.local |
196 | b1cb73f2 | Nikos Skalkotos | . /etc/rc.local |
197 | b1cb73f2 | Nikos Skalkotos | EOF |
198 | b1cb73f2 | Nikos Skalkotos | else |
199 | b1cb73f2 | Nikos Skalkotos | cat > "$SNF_IMAGE_TARGET/etc/rc.local" <<EOF |
200 | b1cb73f2 | Nikos Skalkotos | $rc_local |
201 | b1cb73f2 | Nikos Skalkotos | rm -f /etc/rc.local |
202 | b1cb73f2 | Nikos Skalkotos | exit 0 |
203 | b1cb73f2 | Nikos Skalkotos | EOF |
204 | b1cb73f2 | Nikos Skalkotos | fi |
205 | 54080484 | Nikos Skalkotos | fi |
206 | 54080484 | Nikos Skalkotos | |
207 | 54080484 | Nikos Skalkotos | exit 0 |
208 | 54080484 | Nikos Skalkotos | |
209 | 54080484 | Nikos Skalkotos | # vim: set sta sts=4 shiftwidth=4 sw=4 et ai : |