50ChangePassword.in 5.85 KB
Newer Older
1
#! /bin/bash
Nikos Skalkotos's avatar
Nikos Skalkotos committed
2

3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# Copyright (C) 2011 GRNET S.A. 
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301, USA.

Nikos Skalkotos's avatar
Nikos Skalkotos committed
20
21
### BEGIN TASK INFO
# Provides:		ChangePassword
22
# RunBefore:            EnforcePersonality
Nikos Skalkotos's avatar
Nikos Skalkotos committed
23
# RunAfter:		InstallUnattend
Nikos Skalkotos's avatar
Nikos Skalkotos committed
24
# Short-Description:	Changes Password for specified users
25
### END TASK INFO
Nikos Skalkotos's avatar
Nikos Skalkotos committed
26
27

set -e
28
. "@commondir@/common.sh"
Nikos Skalkotos's avatar
Nikos Skalkotos committed
29

30
trap task_cleanup EXIT
31
report_task_start
32

33
34
35
# Check if the task should be prevented from running.
check_if_excluded

Nikos Skalkotos's avatar
Nikos Skalkotos committed
36
37
linux_shadow="/etc/shadow"
freebsd_shadow="/etc/master.passwd"
38
39
openbsd_shadow="/etc/master.passwd"
netbsd_shadow="/etc/master.passwd"
Nikos Skalkotos's avatar
Nikos Skalkotos committed
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

linux_change_shadow_entry() {
    local line encrypted
    line="$1"
    encrypted="$2"

    IFS=":" read -a entry <<< "$line"

    echo "${entry[0]}:$encrypted:15103:0:99999:7:::"
}

freebsd_change_shadow_entry() {
    local line encrypted
    line="$1"
    encrypted="$2"

    IFS=":" read -a entry <<< "$line"

    echo "${entry[0]}:$encrypted:${entry[2]}:${entry[3]}:${entry[4]}:${entry[5]}:0:${entry[7]}:${entry[8]}:${entry[9]}"
}

61
62
63
64
65
66
67
68
openbsd_change_shadow_entry() {
    freebsd_change_shadow_entry "$@"
}

netbsd_change_shadow_entry() {
    freebsd_change_shadow_entry "$@"
}

Nikos Skalkotos's avatar
Nikos Skalkotos committed
69
windows_password() {
Nikos Skalkotos's avatar
Nikos Skalkotos committed
70
71
72
    local target password
    target="$1"
    password="$2"
Nikos Skalkotos's avatar
Nikos Skalkotos committed
73

Nikos Skalkotos's avatar
Nikos Skalkotos committed
74
    echo "@echo off" > "$target/Windows/SnfScripts/ChangeAdminPassword.cmd"
75
76

    if [ -z "$SNF_IMAGE_PROPERTY_USERS" ]; then
77
78
79
        warn "Image property \`USERS' is missing or empty. " \
            "Changing the password for default user: \`Administrator'."

80
81
82
83
84
85
86
87
88
        SNF_IMAGE_PROPERTY_USERS="Administrator"
    fi

    for usr in $SNF_IMAGE_PROPERTY_USERS; do
        echo -n "Installing new password for user \`$usr'..."
        echo "net user $usr $password" >> \
            "$target/Windows/SnfScripts/ChangeAdminPassword.cmd"
        echo done
    done
Nikos Skalkotos's avatar
Nikos Skalkotos committed
89
90
}

Nikos Skalkotos's avatar
Nikos Skalkotos committed
91
92
93
94
95
unix_password() {
    local flavor target password hash users tmp_shadow
    flavor="$1"
    target="$2"
    password="$3"
Nikos Skalkotos's avatar
Nikos Skalkotos committed
96

Nikos Skalkotos's avatar
Nikos Skalkotos committed
97
98
99
    shadow="${flavor}_shadow"
    if [ ! -e "$target${!shadow}" ]; then
       log_error "No ${!shadow} found!"
Nikos Skalkotos's avatar
Nikos Skalkotos committed
100
    fi
Nikos Skalkotos's avatar
Nikos Skalkotos committed
101

102
103
104
105
    case "$flavor" in
        linux|freebsd)
            hash=$("@scriptsdir@/snf-passtohash.py" "$password")
            ;;
106
        openbsd)
107
108
            hash=$("@scriptsdir@/snf-passtohash.py" -m blowfish "$password")
            ;;
109
110
111
        netbsd)
            hash=$("@scriptsdir@/snf-passtohash.py" -m sha1 "$password")
            ;;
112
113
114
115
116
        *)
            log_error "Unknown unix flavor: \`$flavor'"
            ;;
    esac

Nikos Skalkotos's avatar
Nikos Skalkotos committed
117
    users=()
118
119
120
121
122
123
    
    if [ -n "$SNF_IMAGE_PROPERTY_USERS" ]; then
        for usr in $SNF_IMAGE_PROPERTY_USERS; do
            users+=("$usr")
        done
    else
124
        warn "Image property \`USERS' is missing or empty. " \
125
            "Changing the password for default user: \`root'."
126
        users+=("root")
Nikos Skalkotos's avatar
Nikos Skalkotos committed
127
128
129
    fi

    for i in $(seq 0 1 $((${#users[@]}-1))); do
Nikos Skalkotos's avatar
Nikos Skalkotos committed
130
        tmp_shadow="$(mktemp)"
131
        add_cleanup rm "$tmp_shadow"
Nikos Skalkotos's avatar
Nikos Skalkotos committed
132
133

        echo -n "Setting ${users[$i]} password..."
Nikos Skalkotos's avatar
Nikos Skalkotos committed
134
135
        entry=$(grep "^${users[$i]}:" "$target${!shadow}")
        if [ -z "$entry" ]; then
136
137
            log_error "User: \`${users[$i]}' does not exist."
        fi
Nikos Skalkotos's avatar
Nikos Skalkotos committed
138
139
140
141
142

        new_entry="$(${flavor}_change_shadow_entry "$entry" "$hash")"
        grep -v "${users[$i]}" "$target${!shadow}" > "$tmp_shadow"
        echo "$new_entry" >> "$tmp_shadow"
        cat "$tmp_shadow" > "$target${!shadow}"
Nikos Skalkotos's avatar
Nikos Skalkotos committed
143
144
145
146
        echo "done"
    done
}

Nikos Skalkotos's avatar
Nikos Skalkotos committed
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
freebsd_password() {
    local target password hash
    target="$1"
    password="$2"

    if [ ! -e "$target/etc/master.passwd" ]; then
        log_error "No /etc/master.passwd found!"
    fi

    hash=$("@scriptsdir@/snf-passtohash.py" "$password")
    for i in $(seq 0 1 $((${#users[@]}-1))); do
        tmp_master="$(mktemp)"
    done
}

162
163
if [ ! -d "$SNF_IMAGE_TARGET" ]; then
    log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing"
Nikos Skalkotos's avatar
Nikos Skalkotos committed
164
165
166
167
168
169
fi

if [ -z "$SNF_IMAGE_PASSWORD" ]; then
    log_error "Password is missing"
fi

170
171
172
#trim users var
SNF_IMAGE_PROPERTY_USERS=$(echo $SNF_IMAGE_PROPERTY_USERS)

173
if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "windows" ]; then
174
    windows_password "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD"
175
176
177
else
    unix_password "$SNF_IMAGE_PROPERTY_OSFAMILY" "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD"
fi
Nikos Skalkotos's avatar
Nikos Skalkotos committed
178

179
# For FreeBSD, OpenBSD and NetBSD we need to recreate the password databases too
180
if [[ "$SNF_IMAGE_PROPERTY_OSFAMILY" == *bsd ]]; then
Nikos Skalkotos's avatar
Nikos Skalkotos committed
181
182
    rm -f "$SNF_IMAGE_TARGET/etc/spwd.db"

183
184
185
186
187
188
189
190
191
    # NetBSD is very strict about the existence & non-existence of the db files
    if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "netbsd" ]; then
        rm -f "$SNF_IMAGE_TARGET/etc/pwd.db.tmp"
        rm -f "$SNF_IMAGE_TARGET/etc/spwd.db.tmp"

        touch "$SNF_IMAGE_TARGET/etc/spwd.db"
    fi


Nikos Skalkotos's avatar
Nikos Skalkotos committed
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
    # Make sure /etc/spwd.db is recreated on first boot
    rc_local=$(cat <<EOF
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
export PATH

pwd_mkdb -p /etc/master.passwd
EOF
)
    if [ -e "$SNF_IMAGE_TARGET/etc/rc.local" ]; then
        orig_local="/etc/rc.local.snf_image_$RANDOM"
        mv "$SNF_IMAGE_TARGET/etc/rc.local" "$SNF_IMAGE_TARGET$orig_local"
        cat > "$SNF_IMAGE_TARGET/etc/rc.local" <<EOF
$rc_local
mv $orig_local /etc/rc.local
. /etc/rc.local
EOF
    else
        cat > "$SNF_IMAGE_TARGET/etc/rc.local" <<EOF
$rc_local
rm -f /etc/rc.local
exit 0
EOF
    fi
Nikos Skalkotos's avatar
Nikos Skalkotos committed
215
216
217
218
219
220
fi

exit 0

# vim: set sta sts=4 shiftwidth=4 sw=4 et ai :