Synnefo » snf-image

#! /bin/bash

# Copyright (C) 2011 GRNET S.A. 

#

# This program is free software; you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation; either version 2 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful, but

# WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

# General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

# 02110-1301, USA.

### BEGIN TASK INFO

# Provides:		ChangePassword

# RunBefore:            EnforcePersonality

# RunAfter:		InstallUnattend

# Short-Description:	Changes Password for specified users

### END TASK INFO

set -e

. "@commondir@/common.sh"

trap task_cleanup EXIT

report_task_start

# Check if the task should be prevented from running.

check_if_excluded

linux_shadow="/etc/shadow"

freebsd_shadow="/etc/master.passwd"

openbsd_shadow="/etc/master.passwd"

netbsd_shadow="/etc/master.passwd"

linux_change_shadow_entry() {

    local line encrypted

    line="$1"

    encrypted="$2"

    IFS=":" read -a entry <<< "$line"

    echo "${entry[0]}:$encrypted:15103:0:99999:7:::"

}

freebsd_change_shadow_entry() {

    local line encrypted

    line="$1"

    encrypted="$2"

    IFS=":" read -a entry <<< "$line"

    echo "${entry[0]}:$encrypted:${entry[2]}:${entry[3]}:${entry[4]}:${entry[5]}:0:${entry[7]}:${entry[8]}:${entry[9]}"

}

openbsd_change_shadow_entry() {

    freebsd_change_shadow_entry "$@"

}

netbsd_change_shadow_entry() {

    freebsd_change_shadow_entry "$@"

}

windows_password() {

    local target password

    target="$1"

    password="$2"

    echo "@echo off" > "$target/Windows/SnfScripts/ChangeAdminPassword.cmd"

    if [ -z "$SNF_IMAGE_PROPERTY_USERS" ]; then

        warn "Image property \`USERS' is missing or empty. " \

            "Changing the password for default user: \`Administrator'."

        SNF_IMAGE_PROPERTY_USERS="Administrator"

    fi

    for usr in $SNF_IMAGE_PROPERTY_USERS; do

        echo -n "Installing new password for user \`$usr'..."

        echo "net user $usr $password" >> \

            "$target/Windows/SnfScripts/ChangeAdminPassword.cmd"

        echo done

    done

}

unix_password() {

    local flavor target password hash users tmp_shadow

    flavor="$1"

    target="$2"

    password="$3"

    shadow="${flavor}_shadow"

    if [ ! -e "$target${!shadow}" ]; then

       log_error "No ${!shadow} found!"

    fi

    hash=$("@scriptsdir@/snf-passtohash.py" "$password")

    users=()

    if [ -n "$SNF_IMAGE_PROPERTY_USERS" ]; then

        for usr in $SNF_IMAGE_PROPERTY_USERS; do

            users+=("$usr")

        done

    else

        warn "Image property \`USERS' is missing or empty. " \

            "Changing the password for default user: \`root'."

        users+=("root")

    fi

    for i in $(seq 0 1 $((${#users[@]}-1))); do

        tmp_shadow="$(mktemp)"

        add_cleanup rm "$tmp_shadow"

        echo -n "Setting ${users[$i]} password..."

        entry=$(grep "^${users[$i]}:" "$target${!shadow}")

        if [ -z "$entry" ]; then

            log_error "User: \`${users[$i]}' does not exist."

        fi

        new_entry="$(${flavor}_change_shadow_entry "$entry" "$hash")"

        grep -v "${users[$i]}" "$target${!shadow}" > "$tmp_shadow"

        echo "$new_entry" >> "$tmp_shadow"

        cat "$tmp_shadow" > "$target${!shadow}"

        echo "done"

    done

}

freebsd_password() {

    local target password hash

    target="$1"

    password="$2"

    if [ ! -e "$target/etc/master.passwd" ]; then

        log_error "No /etc/master.passwd found!"

    fi

    hash=$("@scriptsdir@/snf-passtohash.py" "$password")

    for i in $(seq 0 1 $((${#users[@]}-1))); do

        tmp_master="$(mktemp)"

    done

}

if [ ! -d "$SNF_IMAGE_TARGET" ]; then

    log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing"

fi

if [ -z "$SNF_IMAGE_PASSWORD" ]; then

    log_error "Password is missing"

fi

#trim users var

SNF_IMAGE_PROPERTY_USERS=$(echo $SNF_IMAGE_PROPERTY_USERS)

if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "windows" ]; then

    windows_password "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD"

else

    unix_password "$SNF_IMAGE_PROPERTY_OSFAMILY" "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD"

fi

# For FreeBSD, OpenBSD and NetBSD we need to recreate the password database too

if [[ "$SNF_IMAGE_PROPERTY_OSFAMILY" == *bsd ]]; then

    rm -f "$SNF_IMAGE_TARGET/etc/spwd.db"

    # Make sure /etc/spwd.db is recreated on first boot

    rc_local=$(cat <<EOF

PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin

export PATH

pwd_mkdb -p /etc/master.passwd

EOF

)

    if [ -e "$SNF_IMAGE_TARGET/etc/rc.local" ]; then

        orig_local="/etc/rc.local.snf_image_$RANDOM"

        mv "$SNF_IMAGE_TARGET/etc/rc.local" "$SNF_IMAGE_TARGET$orig_local"

        cat > "$SNF_IMAGE_TARGET/etc/rc.local" <<EOF

$rc_local

mv $orig_local /etc/rc.local

. /etc/rc.local

EOF

    else

        cat > "$SNF_IMAGE_TARGET/etc/rc.local" <<EOF

$rc_local

rm -f /etc/rc.local

exit 0

EOF

    fi

fi

exit 0

# vim: set sta sts=4 shiftwidth=4 sw=4 et ai :