root / snf-image-helper / tasks / 50ChangePassword.in @ 287c1028
History | View | Annotate | Download (5.7 kB)
| 1 | 0a35a4ab | Nikos Skalkotos | #! /bin/bash |
|---|---|---|---|
| 2 | 54080484 | Nikos Skalkotos | |
| 3 | 7e5d635b | Nikos Skalkotos | # Copyright (C) 2011 GRNET S.A. |
| 4 | 7e5d635b | Nikos Skalkotos | # |
| 5 | 7e5d635b | Nikos Skalkotos | # This program is free software; you can redistribute it and/or modify |
| 6 | 7e5d635b | Nikos Skalkotos | # it under the terms of the GNU General Public License as published by |
| 7 | 7e5d635b | Nikos Skalkotos | # the Free Software Foundation; either version 2 of the License, or |
| 8 | 7e5d635b | Nikos Skalkotos | # (at your option) any later version. |
| 9 | 7e5d635b | Nikos Skalkotos | # |
| 10 | 7e5d635b | Nikos Skalkotos | # This program is distributed in the hope that it will be useful, but |
| 11 | 7e5d635b | Nikos Skalkotos | # WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | 7e5d635b | Nikos Skalkotos | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 13 | 7e5d635b | Nikos Skalkotos | # General Public License for more details. |
| 14 | 7e5d635b | Nikos Skalkotos | # |
| 15 | 7e5d635b | Nikos Skalkotos | # You should have received a copy of the GNU General Public License |
| 16 | 7e5d635b | Nikos Skalkotos | # along with this program; if not, write to the Free Software |
| 17 | 7e5d635b | Nikos Skalkotos | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
| 18 | 7e5d635b | Nikos Skalkotos | # 02110-1301, USA. |
| 19 | 7e5d635b | Nikos Skalkotos | |
| 20 | 54080484 | Nikos Skalkotos | ### BEGIN TASK INFO |
| 21 | 54080484 | Nikos Skalkotos | # Provides: ChangePassword |
| 22 | c50358a6 | Nikos Skalkotos | # RunBefore: EnforcePersonality |
| 23 | c349d1b3 | Nikos Skalkotos | # RunAfter: InstallUnattend |
| 24 | 54080484 | Nikos Skalkotos | # Short-Description: Changes Password for specified users |
| 25 | 6a95db10 | Vangelis Koukis | ### END TASK INFO |
| 26 | 54080484 | Nikos Skalkotos | |
| 27 | 54080484 | Nikos Skalkotos | set -e |
| 28 | bad5ca1f | Nikos Skalkotos | . "@commondir@/common.sh" |
| 29 | 54080484 | Nikos Skalkotos | |
| 30 | 2a0ab295 | Nikos Skalkotos | trap task_cleanup EXIT |
| 31 | a50a2bff | Nikos Skalkotos | report_task_start |
| 32 | 2a0ab295 | Nikos Skalkotos | |
| 33 | 2a0c492d | Nikos Skalkotos | # Check if the task should be prevented from running. |
| 34 | 2a0c492d | Nikos Skalkotos | check_if_excluded |
| 35 | 2a0c492d | Nikos Skalkotos | |
| 36 | b1cb73f2 | Nikos Skalkotos | linux_shadow="/etc/shadow" |
| 37 | b1cb73f2 | Nikos Skalkotos | freebsd_shadow="/etc/master.passwd" |
| 38 | b3c48174 | Nikos Skalkotos | openbsd_shadow="/etc/master.passwd" |
| 39 | b3c48174 | Nikos Skalkotos | netbsd_shadow="/etc/master.passwd" |
| 40 | b1cb73f2 | Nikos Skalkotos | |
| 41 | b1cb73f2 | Nikos Skalkotos | linux_change_shadow_entry() {
|
| 42 | b1cb73f2 | Nikos Skalkotos | local line encrypted |
| 43 | b1cb73f2 | Nikos Skalkotos | line="$1" |
| 44 | b1cb73f2 | Nikos Skalkotos | encrypted="$2" |
| 45 | b1cb73f2 | Nikos Skalkotos | |
| 46 | b1cb73f2 | Nikos Skalkotos | IFS=":" read -a entry <<< "$line" |
| 47 | b1cb73f2 | Nikos Skalkotos | |
| 48 | b1cb73f2 | Nikos Skalkotos | echo "${entry[0]}:$encrypted:15103:0:99999:7:::"
|
| 49 | b1cb73f2 | Nikos Skalkotos | } |
| 50 | b1cb73f2 | Nikos Skalkotos | |
| 51 | b1cb73f2 | Nikos Skalkotos | freebsd_change_shadow_entry() {
|
| 52 | b1cb73f2 | Nikos Skalkotos | local line encrypted |
| 53 | b1cb73f2 | Nikos Skalkotos | line="$1" |
| 54 | b1cb73f2 | Nikos Skalkotos | encrypted="$2" |
| 55 | b1cb73f2 | Nikos Skalkotos | |
| 56 | b1cb73f2 | Nikos Skalkotos | IFS=":" read -a entry <<< "$line" |
| 57 | b1cb73f2 | Nikos Skalkotos | |
| 58 | b1cb73f2 | Nikos Skalkotos | echo "${entry[0]}:$encrypted:${entry[2]}:${entry[3]}:${entry[4]}:${entry[5]}:0:${entry[7]}:${entry[8]}:${entry[9]}"
|
| 59 | b1cb73f2 | Nikos Skalkotos | } |
| 60 | b1cb73f2 | Nikos Skalkotos | |
| 61 | 84d01e3e | Nikos Skalkotos | openbsd_change_shadow_entry() {
|
| 62 | 84d01e3e | Nikos Skalkotos | freebsd_change_shadow_entry "$@" |
| 63 | 84d01e3e | Nikos Skalkotos | } |
| 64 | 84d01e3e | Nikos Skalkotos | |
| 65 | 84d01e3e | Nikos Skalkotos | netbsd_change_shadow_entry() {
|
| 66 | 84d01e3e | Nikos Skalkotos | freebsd_change_shadow_entry "$@" |
| 67 | 84d01e3e | Nikos Skalkotos | } |
| 68 | 84d01e3e | Nikos Skalkotos | |
| 69 | 54080484 | Nikos Skalkotos | windows_password() {
|
| 70 | 995a47c9 | Nikos Skalkotos | local target password |
| 71 | 995a47c9 | Nikos Skalkotos | target="$1" |
| 72 | 995a47c9 | Nikos Skalkotos | password="$2" |
| 73 | 54080484 | Nikos Skalkotos | |
| 74 | 6196f457 | Nikos Skalkotos | echo "@echo off" > "$target/Windows/SnfScripts/ChangeAdminPassword.cmd" |
| 75 | 9912db89 | Nikos Skalkotos | |
| 76 | 9912db89 | Nikos Skalkotos | if [ -z "$SNF_IMAGE_PROPERTY_USERS" ]; then |
| 77 | 90db2151 | Nikos Skalkotos | warn "Image property \`USERS' is missing or empty. " \ |
| 78 | 90db2151 | Nikos Skalkotos | "Changing the password for default user: \`Administrator'." |
| 79 | 90db2151 | Nikos Skalkotos | |
| 80 | 9912db89 | Nikos Skalkotos | SNF_IMAGE_PROPERTY_USERS="Administrator" |
| 81 | 9912db89 | Nikos Skalkotos | fi |
| 82 | 9912db89 | Nikos Skalkotos | |
| 83 | 9912db89 | Nikos Skalkotos | for usr in $SNF_IMAGE_PROPERTY_USERS; do |
| 84 | 9912db89 | Nikos Skalkotos | echo -n "Installing new password for user \`$usr'..." |
| 85 | 9912db89 | Nikos Skalkotos | echo "net user $usr $password" >> \ |
| 86 | 9912db89 | Nikos Skalkotos | "$target/Windows/SnfScripts/ChangeAdminPassword.cmd" |
| 87 | 9912db89 | Nikos Skalkotos | echo done |
| 88 | 9912db89 | Nikos Skalkotos | done |
| 89 | 54080484 | Nikos Skalkotos | } |
| 90 | 54080484 | Nikos Skalkotos | |
| 91 | b1cb73f2 | Nikos Skalkotos | unix_password() {
|
| 92 | f3bc7bef | Nikos Skalkotos | local flavor target password encrypted users tmp_shadow method default_method |
| 93 | b1cb73f2 | Nikos Skalkotos | flavor="$1" |
| 94 | b1cb73f2 | Nikos Skalkotos | target="$2" |
| 95 | b1cb73f2 | Nikos Skalkotos | password="$3" |
| 96 | 54080484 | Nikos Skalkotos | |
| 97 | b1cb73f2 | Nikos Skalkotos | shadow="${flavor}_shadow"
|
| 98 | b1cb73f2 | Nikos Skalkotos | if [ ! -e "$target${!shadow}" ]; then
|
| 99 | b1cb73f2 | Nikos Skalkotos | log_error "No ${!shadow} found!"
|
| 100 | 54080484 | Nikos Skalkotos | fi |
| 101 | b1cb73f2 | Nikos Skalkotos | |
| 102 | b0e6727c | Nikos Skalkotos | case "$flavor" in |
| 103 | b0e6727c | Nikos Skalkotos | linux|freebsd) |
| 104 | f3bc7bef | Nikos Skalkotos | default_method=sha512 |
| 105 | b0e6727c | Nikos Skalkotos | ;; |
| 106 | d1628244 | Nikos Skalkotos | openbsd) |
| 107 | f3bc7bef | Nikos Skalkotos | default_method=blowfish |
| 108 | b0e6727c | Nikos Skalkotos | ;; |
| 109 | d1628244 | Nikos Skalkotos | netbsd) |
| 110 | f3bc7bef | Nikos Skalkotos | default_method=sha1 |
| 111 | d1628244 | Nikos Skalkotos | ;; |
| 112 | b0e6727c | Nikos Skalkotos | *) |
| 113 | b0e6727c | Nikos Skalkotos | log_error "Unknown unix flavor: \`$flavor'" |
| 114 | b0e6727c | Nikos Skalkotos | ;; |
| 115 | b0e6727c | Nikos Skalkotos | esac |
| 116 | b0e6727c | Nikos Skalkotos | |
| 117 | f3bc7bef | Nikos Skalkotos | method="${SNF_IMAGE_PROPERTY_PASSWORD_HASHING_METHOD:-$default_method}"
|
| 118 | f3bc7bef | Nikos Skalkotos | echo -n "Encrypting password with \`$method' method ... " |
| 119 | 0925f23a | Nikos Skalkotos | encrypted=$("@scriptsdir@/hashpwd.py" -m "$method" "$password")
|
| 120 | f3bc7bef | Nikos Skalkotos | echo "done" |
| 121 | f3bc7bef | Nikos Skalkotos | |
| 122 | 995a47c9 | Nikos Skalkotos | users=() |
| 123 | f884ffac | Nikos Skalkotos | |
| 124 | f884ffac | Nikos Skalkotos | if [ -n "$SNF_IMAGE_PROPERTY_USERS" ]; then |
| 125 | f884ffac | Nikos Skalkotos | for usr in $SNF_IMAGE_PROPERTY_USERS; do |
| 126 | f884ffac | Nikos Skalkotos | users+=("$usr")
|
| 127 | f884ffac | Nikos Skalkotos | done |
| 128 | f884ffac | Nikos Skalkotos | else |
| 129 | 90db2151 | Nikos Skalkotos | warn "Image property \`USERS' is missing or empty. " \ |
| 130 | 0c541fe8 | Nikos Skalkotos | "Changing the password for default user: \`root'." |
| 131 | f884ffac | Nikos Skalkotos | users+=("root")
|
| 132 | 54080484 | Nikos Skalkotos | fi |
| 133 | 54080484 | Nikos Skalkotos | |
| 134 | 54080484 | Nikos Skalkotos | for i in $(seq 0 1 $((${#users[@]}-1))); do
|
| 135 | 995a47c9 | Nikos Skalkotos | tmp_shadow="$(mktemp)" |
| 136 | bad5ca1f | Nikos Skalkotos | add_cleanup rm "$tmp_shadow" |
| 137 | 54080484 | Nikos Skalkotos | |
| 138 | f3bc7bef | Nikos Skalkotos | echo -n "Setting ${users[$i]} password ... "
|
| 139 | b1cb73f2 | Nikos Skalkotos | entry=$(grep "^${users[$i]}:" "$target${!shadow}")
|
| 140 | b1cb73f2 | Nikos Skalkotos | if [ -z "$entry" ]; then |
| 141 | f44a30e6 | Nikos Skalkotos | log_error "User: \`${users[$i]}' does not exist."
|
| 142 | f44a30e6 | Nikos Skalkotos | fi |
| 143 | b1cb73f2 | Nikos Skalkotos | |
| 144 | f3bc7bef | Nikos Skalkotos | new_entry="$(${flavor}_change_shadow_entry "$entry" "$encrypted")"
|
| 145 | 23f62254 | Nikos Skalkotos | grep -v "^${users[$i]}:" "$target${!shadow}" > "$tmp_shadow"
|
| 146 | b1cb73f2 | Nikos Skalkotos | echo "$new_entry" >> "$tmp_shadow" |
| 147 | b1cb73f2 | Nikos Skalkotos | cat "$tmp_shadow" > "$target${!shadow}"
|
| 148 | 54080484 | Nikos Skalkotos | echo "done" |
| 149 | 54080484 | Nikos Skalkotos | done |
| 150 | 54080484 | Nikos Skalkotos | } |
| 151 | 54080484 | Nikos Skalkotos | |
| 152 | 8704ee47 | Nikos Skalkotos | if [ ! -d "$SNF_IMAGE_TARGET" ]; then |
| 153 | 8704ee47 | Nikos Skalkotos | log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing" |
| 154 | 54080484 | Nikos Skalkotos | fi |
| 155 | 54080484 | Nikos Skalkotos | |
| 156 | 54080484 | Nikos Skalkotos | if [ -z "$SNF_IMAGE_PASSWORD" ]; then |
| 157 | 54080484 | Nikos Skalkotos | log_error "Password is missing" |
| 158 | 54080484 | Nikos Skalkotos | fi |
| 159 | 54080484 | Nikos Skalkotos | |
| 160 | 9912db89 | Nikos Skalkotos | #trim users var |
| 161 | 9912db89 | Nikos Skalkotos | SNF_IMAGE_PROPERTY_USERS=$(echo $SNF_IMAGE_PROPERTY_USERS) |
| 162 | 9912db89 | Nikos Skalkotos | |
| 163 | 473f4fa5 | Nikos Skalkotos | if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "windows" ]; then |
| 164 | bad5ca1f | Nikos Skalkotos | windows_password "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD" |
| 165 | 84d01e3e | Nikos Skalkotos | else |
| 166 | 84d01e3e | Nikos Skalkotos | unix_password "$SNF_IMAGE_PROPERTY_OSFAMILY" "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD" |
| 167 | 84d01e3e | Nikos Skalkotos | fi |
| 168 | b1cb73f2 | Nikos Skalkotos | |
| 169 | d1628244 | Nikos Skalkotos | # For FreeBSD, OpenBSD and NetBSD we need to recreate the password databases too |
| 170 | 84d01e3e | Nikos Skalkotos | if [[ "$SNF_IMAGE_PROPERTY_OSFAMILY" == *bsd ]]; then |
| 171 | b1cb73f2 | Nikos Skalkotos | rm -f "$SNF_IMAGE_TARGET/etc/spwd.db" |
| 172 | b1cb73f2 | Nikos Skalkotos | |
| 173 | d1628244 | Nikos Skalkotos | # NetBSD is very strict about the existence & non-existence of the db files |
| 174 | d1628244 | Nikos Skalkotos | if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "netbsd" ]; then |
| 175 | d1628244 | Nikos Skalkotos | rm -f "$SNF_IMAGE_TARGET/etc/pwd.db.tmp" |
| 176 | d1628244 | Nikos Skalkotos | rm -f "$SNF_IMAGE_TARGET/etc/spwd.db.tmp" |
| 177 | d1628244 | Nikos Skalkotos | |
| 178 | d1628244 | Nikos Skalkotos | touch "$SNF_IMAGE_TARGET/etc/spwd.db" |
| 179 | d1628244 | Nikos Skalkotos | fi |
| 180 | d1628244 | Nikos Skalkotos | |
| 181 | d1628244 | Nikos Skalkotos | |
| 182 | b1cb73f2 | Nikos Skalkotos | # Make sure /etc/spwd.db is recreated on first boot |
| 183 | b1cb73f2 | Nikos Skalkotos | rc_local=$(cat <<EOF |
| 184 | b1cb73f2 | Nikos Skalkotos | PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin |
| 185 | b1cb73f2 | Nikos Skalkotos | export PATH |
| 186 | b1cb73f2 | Nikos Skalkotos | |
| 187 | b1cb73f2 | Nikos Skalkotos | pwd_mkdb -p /etc/master.passwd |
| 188 | b1cb73f2 | Nikos Skalkotos | EOF |
| 189 | b1cb73f2 | Nikos Skalkotos | ) |
| 190 | b1cb73f2 | Nikos Skalkotos | if [ -e "$SNF_IMAGE_TARGET/etc/rc.local" ]; then |
| 191 | b1cb73f2 | Nikos Skalkotos | orig_local="/etc/rc.local.snf_image_$RANDOM" |
| 192 | b1cb73f2 | Nikos Skalkotos | mv "$SNF_IMAGE_TARGET/etc/rc.local" "$SNF_IMAGE_TARGET$orig_local" |
| 193 | b1cb73f2 | Nikos Skalkotos | cat > "$SNF_IMAGE_TARGET/etc/rc.local" <<EOF |
| 194 | b1cb73f2 | Nikos Skalkotos | $rc_local |
| 195 | b1cb73f2 | Nikos Skalkotos | mv $orig_local /etc/rc.local |
| 196 | b1cb73f2 | Nikos Skalkotos | . /etc/rc.local |
| 197 | b1cb73f2 | Nikos Skalkotos | EOF |
| 198 | b1cb73f2 | Nikos Skalkotos | else |
| 199 | b1cb73f2 | Nikos Skalkotos | cat > "$SNF_IMAGE_TARGET/etc/rc.local" <<EOF |
| 200 | b1cb73f2 | Nikos Skalkotos | $rc_local |
| 201 | b1cb73f2 | Nikos Skalkotos | rm -f /etc/rc.local |
| 202 | b1cb73f2 | Nikos Skalkotos | exit 0 |
| 203 | b1cb73f2 | Nikos Skalkotos | EOF |
| 204 | b1cb73f2 | Nikos Skalkotos | fi |
| 205 | 54080484 | Nikos Skalkotos | fi |
| 206 | 54080484 | Nikos Skalkotos | |
| 207 | 54080484 | Nikos Skalkotos | exit 0 |
| 208 | 54080484 | Nikos Skalkotos | |
| 209 | 54080484 | Nikos Skalkotos | # vim: set sta sts=4 shiftwidth=4 sw=4 et ai : |