root / snf-image-helper / tasks / 50ChangePassword.in @ b3c48174
History | View | Annotate | Download (5.2 kB)
1 |
#! /bin/bash |
---|---|
2 |
|
3 |
# Copyright (C) 2011 GRNET S.A. |
4 |
# |
5 |
# This program is free software; you can redistribute it and/or modify |
6 |
# it under the terms of the GNU General Public License as published by |
7 |
# the Free Software Foundation; either version 2 of the License, or |
8 |
# (at your option) any later version. |
9 |
# |
10 |
# This program is distributed in the hope that it will be useful, but |
11 |
# WITHOUT ANY WARRANTY; without even the implied warranty of |
12 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
13 |
# General Public License for more details. |
14 |
# |
15 |
# You should have received a copy of the GNU General Public License |
16 |
# along with this program; if not, write to the Free Software |
17 |
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
18 |
# 02110-1301, USA. |
19 |
|
20 |
### BEGIN TASK INFO |
21 |
# Provides: ChangePassword |
22 |
# RunBefore: EnforcePersonality |
23 |
# RunAfter: InstallUnattend |
24 |
# Short-Description: Changes Password for specified users |
25 |
### END TASK INFO |
26 |
|
27 |
set -e |
28 |
. "@commondir@/common.sh" |
29 |
|
30 |
trap task_cleanup EXIT |
31 |
report_task_start |
32 |
|
33 |
# Check if the task should be prevented from running. |
34 |
check_if_excluded |
35 |
|
36 |
linux_shadow="/etc/shadow" |
37 |
freebsd_shadow="/etc/master.passwd" |
38 |
openbsd_shadow="/etc/master.passwd" |
39 |
netbsd_shadow="/etc/master.passwd" |
40 |
|
41 |
linux_change_shadow_entry() { |
42 |
local line encrypted |
43 |
line="$1" |
44 |
encrypted="$2" |
45 |
|
46 |
IFS=":" read -a entry <<< "$line" |
47 |
|
48 |
echo "${entry[0]}:$encrypted:15103:0:99999:7:::" |
49 |
} |
50 |
|
51 |
freebsd_change_shadow_entry() { |
52 |
local line encrypted |
53 |
line="$1" |
54 |
encrypted="$2" |
55 |
|
56 |
IFS=":" read -a entry <<< "$line" |
57 |
|
58 |
echo "${entry[0]}:$encrypted:${entry[2]}:${entry[3]}:${entry[4]}:${entry[5]}:0:${entry[7]}:${entry[8]}:${entry[9]}" |
59 |
} |
60 |
|
61 |
openbsd_change_shadow_entry() { |
62 |
freebsd_change_shadow_entry "$@" |
63 |
} |
64 |
|
65 |
netbsd_change_shadow_entry() { |
66 |
freebsd_change_shadow_entry "$@" |
67 |
} |
68 |
|
69 |
windows_password() { |
70 |
local target password |
71 |
target="$1" |
72 |
password="$2" |
73 |
|
74 |
echo "@echo off" > "$target/Windows/SnfScripts/ChangeAdminPassword.cmd" |
75 |
|
76 |
if [ -z "$SNF_IMAGE_PROPERTY_USERS" ]; then |
77 |
warn "Image property \`USERS' is missing or empty. " \ |
78 |
"Changing the password for default user: \`Administrator'." |
79 |
|
80 |
SNF_IMAGE_PROPERTY_USERS="Administrator" |
81 |
fi |
82 |
|
83 |
for usr in $SNF_IMAGE_PROPERTY_USERS; do |
84 |
echo -n "Installing new password for user \`$usr'..." |
85 |
echo "net user $usr $password" >> \ |
86 |
"$target/Windows/SnfScripts/ChangeAdminPassword.cmd" |
87 |
echo done |
88 |
done |
89 |
} |
90 |
|
91 |
unix_password() { |
92 |
local flavor target password hash users tmp_shadow |
93 |
flavor="$1" |
94 |
target="$2" |
95 |
password="$3" |
96 |
|
97 |
shadow="${flavor}_shadow" |
98 |
if [ ! -e "$target${!shadow}" ]; then |
99 |
log_error "No ${!shadow} found!" |
100 |
fi |
101 |
|
102 |
hash=$("@scriptsdir@/snf-passtohash.py" "$password") |
103 |
|
104 |
users=() |
105 |
|
106 |
if [ -n "$SNF_IMAGE_PROPERTY_USERS" ]; then |
107 |
for usr in $SNF_IMAGE_PROPERTY_USERS; do |
108 |
users+=("$usr") |
109 |
done |
110 |
else |
111 |
warn "Image property \`USERS' is missing or empty. " \ |
112 |
"Changing the password for default user: \`root'." |
113 |
users+=("root") |
114 |
fi |
115 |
|
116 |
for i in $(seq 0 1 $((${#users[@]}-1))); do |
117 |
tmp_shadow="$(mktemp)" |
118 |
add_cleanup rm "$tmp_shadow" |
119 |
|
120 |
echo -n "Setting ${users[$i]} password..." |
121 |
entry=$(grep "^${users[$i]}:" "$target${!shadow}") |
122 |
if [ -z "$entry" ]; then |
123 |
log_error "User: \`${users[$i]}' does not exist." |
124 |
fi |
125 |
|
126 |
new_entry="$(${flavor}_change_shadow_entry "$entry" "$hash")" |
127 |
grep -v "${users[$i]}" "$target${!shadow}" > "$tmp_shadow" |
128 |
echo "$new_entry" >> "$tmp_shadow" |
129 |
cat "$tmp_shadow" > "$target${!shadow}" |
130 |
echo "done" |
131 |
done |
132 |
} |
133 |
|
134 |
freebsd_password() { |
135 |
local target password hash |
136 |
target="$1" |
137 |
password="$2" |
138 |
|
139 |
if [ ! -e "$target/etc/master.passwd" ]; then |
140 |
log_error "No /etc/master.passwd found!" |
141 |
fi |
142 |
|
143 |
hash=$("@scriptsdir@/snf-passtohash.py" "$password") |
144 |
for i in $(seq 0 1 $((${#users[@]}-1))); do |
145 |
tmp_master="$(mktemp)" |
146 |
done |
147 |
} |
148 |
|
149 |
if [ ! -d "$SNF_IMAGE_TARGET" ]; then |
150 |
log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing" |
151 |
fi |
152 |
|
153 |
if [ -z "$SNF_IMAGE_PASSWORD" ]; then |
154 |
log_error "Password is missing" |
155 |
fi |
156 |
|
157 |
#trim users var |
158 |
SNF_IMAGE_PROPERTY_USERS=$(echo $SNF_IMAGE_PROPERTY_USERS) |
159 |
|
160 |
if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "windows" ]; then |
161 |
windows_password "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD" |
162 |
else |
163 |
unix_password "$SNF_IMAGE_PROPERTY_OSFAMILY" "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD" |
164 |
fi |
165 |
|
166 |
# For FreeBSD, OpenBSD and NetBSD we need to recreate the password database too |
167 |
if [[ "$SNF_IMAGE_PROPERTY_OSFAMILY" == *bsd ]]; then |
168 |
rm -f "$SNF_IMAGE_TARGET/etc/spwd.db" |
169 |
|
170 |
# Make sure /etc/spwd.db is recreated on first boot |
171 |
rc_local=$(cat <<EOF |
172 |
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin |
173 |
export PATH |
174 |
|
175 |
pwd_mkdb -p /etc/master.passwd |
176 |
EOF |
177 |
) |
178 |
if [ -e "$SNF_IMAGE_TARGET/etc/rc.local" ]; then |
179 |
orig_local="/etc/rc.local.snf_image_$RANDOM" |
180 |
mv "$SNF_IMAGE_TARGET/etc/rc.local" "$SNF_IMAGE_TARGET$orig_local" |
181 |
cat > "$SNF_IMAGE_TARGET/etc/rc.local" <<EOF |
182 |
$rc_local |
183 |
mv $orig_local /etc/rc.local |
184 |
. /etc/rc.local |
185 |
EOF |
186 |
else |
187 |
cat > "$SNF_IMAGE_TARGET/etc/rc.local" <<EOF |
188 |
$rc_local |
189 |
rm -f /etc/rc.local |
190 |
exit 0 |
191 |
EOF |
192 |
fi |
193 |
fi |
194 |
|
195 |
exit 0 |
196 |
|
197 |
# vim: set sta sts=4 shiftwidth=4 sw=4 et ai : |
198 |
|