Commit 96de0366 authored by Nikos Skalkotos's avatar Nikos Skalkotos
Browse files

Merge branch 'master' into debian

parents fa335122 aa2fe10d
2013-11-04, v0.12
* Add support for OpenBSD and NetBSD images (partition resizing is not
supported yet)
* Fix a bug in ChangePassword task that could lead to the removal of
one or more user entries in the shadow file.
2013-10-21, v0.11.1
* Fix a bug in pithcat
* Minor updates in the documentation
......
......@@ -127,16 +127,21 @@ below for a description of each one of them:
**FixPartitionTable**: Enlarges the last partition in the partition table of
the instance, to consume all the available space and optionally adds a swap
partition in the end.
partition in the end. The task will fail if the environmental variable
*SNF_IMAGE_DEV*, which specifies the device file of the instance's hard disk,
is missing.
**FilesystemResizeUnmounted**: Extends the file system of the last partition to
cover up the whole partition. This only works for ext{2,3,4} file systems. Any
other file system type is ignored and a warning is triggered. The task will
fail if *SNF_IMAGE_DEV* environmental variable is missing.
**MountImage**: Mounts the nth partition of *SNF_IMAGE_DEV*, which is specified
by *SNF_IMAGE_PROPERTY_ROOT_PARTITION* variable under the directory specified
by *SNF_IMAGE_TARGET*. The script will fail if any of those 3 variables has a
cover up the whole partition. This only works for ext{2,3,4} and ufs2 file
systems. Any other file system type is ignored and a warning is triggered. The
task will fail if *SNF_IMAGE_DEV* environmental variable is missing.
**MountImage**: Mounts the root partition of the instance, specified by the
*SNF_IMAGE_PROPERTY_ROOT_PARTITION* variable. On Linux systems after the root
fs is mounted, the instance's ``/etc/fstab`` file is examined and the rest of
the disk file systems are mounted too, in a correct order. The script will fail
if any of the environmental variables *SNF_IMAGE_DEV*,
*SNF_IMAGE_PROPERTY_ROOT_PARTITION* or *SNF_IMAGE_TARGET* is unset or has a
non-sane value.
**AddSwap**: Formats the swap partition added by *FixPartitionTable* task and
......@@ -144,39 +149,42 @@ adds an appropriate swap entry in the system's ``/etc/fstab``. The script will
only run if *SNF_IMAGE_PROPERTY_SWAP* is present and will fail if
*SNF_IMAGE_TARGET* in not defined.
**DeleteSSHKeys**: For Linux images, this script will clear out any ssh keys
found in the image and for Debian, it will recreate them too. In order to find
the ssh keys, the script looks in default locations (/etc/ssh/ssh_*_key) and
also parses ``/etc/ssh/sshd_config`` file if present. The script will fail if
*SNF_IMAGE_TARGET* is not set.
**DeleteSSHKeys**: On Linux and \*BSD instances, this script will clear out any
ssh keys found in the instance's disk. For Debian and Ubuntu systems, the keys
are also recreated. Besides removing files that comply to the
``/etc/ssh/ssh_*_key`` pattern, the script will also parses
``/etc/ssh/sshd_config`` file for custom keys. The only variable this script
depends on is *SNF_IMAGE_TARGET*.
**DisableRemoteDesktopConnections**: This script temporary disables RDP
connections in windows instances by changing the value *fDenyTSConnection*
connections on windows instances by changing the value of *fDenyTSConnection*
registry key. RDP connections will be enabled back during the specialize pass
of the Windows setup. The task will fail if *SNF_IMAGE_TARGET* is not defined.
**InstallUnattend**: Installs the Unattend.xml files in windows images. This is
needed by windows in order to perform an unattended setup. The
**InstallUnattend**: Installs the Unattend.xml files on windows instances. This
is needed by windows in order to perform an unattended setup. The
*SNF_IMAGE_TARGET* variables needs to be present for this task to run.
**SELinuxAutorelabel**: Creates *.autorelabel* file in Red Hat images. This is
needed if SELinux is enabled to enforce an automatic file system relabeling at
the next boot. The only environmental variable required by this task is
needed if SELinux is enabled to enforce an automatic file system relabeling
during the first boot. The only environmental variable required by this task is
*SNF_IMAGE_TARGET*.
**AssignHostname**: Assigns or changes the hostname in a Linux or Windows
image. The task will fail if the Linux distribution is not supported. For now,
we support Debian, Red Hat, Slackware, SUSE and Gentoo derived distributions.
The hostname is read from *SNF_IMAGE_HOSTNAME* variable. In addition to the
latter, *SNF_IMAGE_TARGET* is also required.
**ChangePassword**: Changes the password for a list of users. For Linux systems
this is accomplished by directly altering the image's ``/etc/shadow`` file. For
Windows systems a script is injected into the VM's hard disk. This script will
be executed during the specialize pass of the Windows setup. For FreeBSD
``/etc/master.passwd`` is altered, ``/etc/spwd.db`` is removed and a script is
injected into the VM's hard disk that will recreate the aforementioned file.
The list of users whose passwords will changed is determined by the
**AssignHostname**: Assigns or changes the hostname of the instance. The task
will fail if the Linux distribution is not supported and ``/etc/hostname`` is
not present on the file system. For now, we support Debian, Red Hat, Slackware,
SUSE and Gentoo derived distributions. The hostname is read from
*SNF_IMAGE_HOSTNAME* variable. In addition to the latter, *SNF_IMAGE_TARGET* is
also required.
**ChangePassword**: Changes the password for a list of existing users. On Linux
systems this is accomplished by directly altering the instance's
``/etc/shadow`` file. On Windows systems a script is injected into the VM's
hard disk. This script will be executed during the specialize pass of the
Windows setup. On \*BSD systems ``/etc/master.passwd`` is altered,
``/etc/spwd.db`` is removed and a script is injected into the VM's hard disk
that will recreate the aforementioned file during the first boot. The list of
users whose passwords will changed is determined by the
*SNF_IMAGE_PROPERTY_USERS* variable (see :ref:`image-properties`). For this
task to run *SNF_IMAGE_TARGET* and *SNF_IMAGE_PASSWORD* variables need to be
present.
......@@ -188,10 +196,10 @@ script will run during the specialize pass of the Windows setup. If the
**EnforcePersonality**: Injects the files specified by the
*SNF_IMAGE_PROPERTY_OSFAMILY* variable into the file system. If the variable is
missing a warning is produced. The only environmental variable required is
*SNF_IMAGE_TARGET*.
missing a warning is produced. Only *SNF_IMAGE_TARGET* is required for this
task to run.
**UmountImage**: Umounts the file system previously mounted by MountImage. The
**UmountImage**: Umounts the file systems previously mounted by MountImage. The
only environmental variable required is *SNF_IMAGE_TARGET*.
......
......@@ -45,9 +45,9 @@ copyright = u'2011, 2012, 2013 GRNET S.A. All rights reserved'
# built documents.
#
# The short X.Y version.
version = '0.11.1'
version = '0.12'
# The full version, including alpha/beta/rc tags.
release = '0.11.1'
release = '0.12'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
......
......@@ -27,7 +27,8 @@ snf-image also supports Image customization via hooks. Hooks allow for:
snf-image is being used in large scale production environments with Ganeti to
successfully deploy many major Linux distributions (Debian, Ubuntu/Kubuntu,
CentOS, Fedora, OpenSUSE), Windows 2008 R2 & Windows Server 2012, as well as
FreeBSD.
FreeBSD. Support for OpenBSD and NetBSD is also included with exception to
extending partitions.
The snf-image Ganeti OS Definition is released under
`GPLv2 <http://www.gnu.org/licenses/gpl-2.0.html>`_.
......
......@@ -42,10 +42,10 @@ Image ID (img_id)
^^^^^^^^^^^^^^^^^
The **img_id** OS parameter points to the actual Image that we want to deploy.
It is a URI and its prefix denotes the type of :ref:`backend <storage-backends>`
to be used. If no prefix is used, it defaults to the local backend:
It is a URI and its prefix denotes the type of :ref:`back-end <storage-backends>`
to be used. If no prefix is used, it defaults to the local back-end:
* **Local backend**:
* **Local back-end**:
To select it, the prefix should be ``local://``, followed by the name of the
image. All local images are expected to be found under a predefined image
directory (``/var/lib/snf-image`` by default).
......@@ -55,7 +55,7 @@ to be used. If no prefix is used, it defaults to the local backend:
| We need to assign:
| ``img_id=local://slackware.diskdump``
* **Network backend**:
* **Network back-end**:
If the **imd_id** starts with ``http:``, ``https:``, ``ftp:`` or ``ftps:``,
snf-image will treat the **img_id** as a remote URL and will try to fetch the
image using `cURL <http://curl.haxx.se/>`_.
......@@ -63,7 +63,7 @@ to be used. If no prefix is used, it defaults to the local backend:
| For example, if we want to deploy an image from an http location:
| ``img_id=http://www.synnefo.org/path/to/image/slackware-image``
* **Pithos backend**:
* **Pithos back-end**:
If the **img_id** is prefixed with ``pithos://`` or ``pithosmap://`` the
image is considered to reside on a Pithos deployment. For ``pithosmap://``
images, the user needs to have set a valid value for the
......@@ -77,8 +77,8 @@ to be used. If no prefix is used, it defaults to the local backend:
| or if we already know the map:
| ``img_id=pithosmap://<slackware-image-map-name>``
* **Null backend**:
To select the Null backend and skip the fetching and extraction step, we set
* **Null back-end**:
To select the Null back-end and skip the fetching and extraction step, we set
``img_id=null``.
.. _image-properties:
......@@ -103,8 +103,8 @@ A list of all properties follows:
Mandatory properties (for diskdump only)
++++++++++++++++++++++++++++++++++++++++
* **OSFAMILY={linux,windows}**
This specifies whether the image is a Linux or a Windows Image.
* **OSFAMILY=linux|windows|freebsd|netbsd|openbsd**
This specifies whether the image is a Linux, a Windows or a \*BSD Image.
{ext,ntfs}dump formats are self descriptive regarding this property.
* **ROOT_PARTITION=n**
This specifies the partition number of the root partition. As mentioned
......@@ -122,7 +122,22 @@ Optional properties
The rules we currently use are listed below:
* For Windows images, the *Administrator*'s password is reset.
* For Linux and FreeBSD images, the *root* password is reset.
* For Linux and \*BSD images, the *root* password is reset.
* **DO_SYNC=yes**
By default in ResizeUnmounted task, when ``resize2fs`` is executed to
enlarge a ext[234] file system, ``fsync()`` is disabled to speed up the
whole process. I for some reason you need to disable this behavior, use the
*DO_SYNC* image property.
* **PASSWORD_HASHING_METHOD=md5|sha1|blowfish|sha256|sha512**
This property can be used on Unix instances to specify the method to be used
to hash the users password. By default this is determined by the type of the
instance. For Linux and FreeBSD instances ``sha512`` is used, for OpenBSD
``blowfish`` and for NetBSD ``sha1``. Use this property with care. Most
systems don't support all hashing methods (see
`here <http://pythonhosted.org/passlib/modular_crypt_format.html#mcf-identifiers>`_
for more info).
* **EXCLUDE_ALL_TASKS=yes**
If this property is defined with a value other than null, then during the
......
......@@ -7,7 +7,7 @@ SUBDIRS = tasks
dist_doc_DATA = COPYING AUTHORS
dist_bin_SCRIPTS = snf-image-helper
dist_scripts_SCRIPTS= snf-passtohash.py inject-files.py decode-properties.py
dist_scripts_SCRIPTS= hashpwd.py inject-files.py decode-properties.py
dist_common_DATA = common.sh unattend.xml
edit = sed \
......
......@@ -193,6 +193,18 @@ get_base_distro() {
echo "arch"
elif [ -e "$root_dir/etc/freebsd-update.conf" ]; then
echo "freebsd"
elif [ -e "$root_dir/etc/release" ]; then
if grep -in netbsd "$root_dir/etc/release" &> /dev/null; then
echo "netbsd"
else
warn "Unknown Unix flavor."
fi
elif [ -e "$root_dir/etc/magic" ]; then
if grep -in openbsd "$root_dir/etc/magic" &> /dev/null; then
echo "openbsd"
else
warn "Unknown Unix flavor"
fi
else
warn "Unknown base distro."
fi
......@@ -227,12 +239,23 @@ get_distro() {
echo "arch"
elif [ -e "$root_dir/etc/freebsd-update.conf" ]; then
echo "freebsd"
elif [ -e "$root_dir/etc/release" ]; then
if grep -in netbsd "$root_dir/etc/release" &> /dev/null; then
echo "netbsd"
else
warn "Unknown Unix flavor"
fi
elif [ -e "$root_dir/etc/magic" ]; then
if grep -in openbsd "$root_dir/etc/magic" &> /dev/null; then
echo "openbsd"
else
warn "Unknown Unix flavor"
fi
else
warn "Unknown distro."
fi
}
get_partition_table() {
local dev output
dev="$1"
......@@ -474,6 +497,26 @@ umount_all() {
done
}
get_ufstype() {
local device ufs
device="$1"
ufs="$($DUMPFS_UFS "$device" | head -1 | awk -F "[()]" '{ for (i=2; i<NF; i+=2) print $i }')"
case "$ufs" in
UFS1)
echo 44bsd
;;
UFS2)
echo ufs2
;;
*)
log_error "Unsupported UFS type: \`$ufs' in device $device"
echo ""
;;
esac
}
cleanup() {
# if something fails here, it shouldn't call cleanup again...
trap - EXIT
......@@ -530,7 +573,6 @@ check_if_excluded() {
return 0
}
return_success() {
send_result_${HYPERVISOR} "SUCCESS"
}
......
#!/usr/bin/env python
# Copyright (C) 2011 GRNET S.A.
# Copyright (C) 2011, 2013 GRNET S.A.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
......@@ -19,14 +19,14 @@
"""Generate a hash from a given password
This program takes a password as an argument and
returns to standard output a hash followed by a newline.
To do this, it generates a random salt internally.
This program takes a password as an argument and returns to standard output a
hash followed by a newline.
"""
import sys
import crypt
import passlib.hash
from string import ascii_letters, digits
from random import choice
......@@ -34,31 +34,33 @@ from os.path import basename
from optparse import OptionParser
# This dictionary maps the hashing algorithm method
# with its <ID> as documented in:
# http://www.akkadia.org/drepper/SHA-crypt.txt
HASH_ID_FROM_METHOD = {
'md5': '1',
'blowfish': '2a',
'sun-md5': 'md5',
'sha256': '5',
'sha512': '6'
}
def random_salt(length=8):
pool = ascii_letters + digits + "/" + "."
return ''.join(choice(pool) for i in range(length))
METHOD = {
# Name: (algoritm, options)
'md5': (passlib.hash.md5_crypt, {}),
'blowfish': (passlib.hash.bcrypt, {}),
'sha256': (
passlib.hash.sha256_crypt,
{'rounds': 5000, 'implicit_rounds': True, 'salt': random_salt()}),
'sha512': (
passlib.hash.sha512_crypt,
{'rounds': 5000, 'implicit_rounds': True, 'salt': random_salt()}),
'sha1': (passlib.hash.sha1_crypt, {})
}
def parse_arguments(input_args):
usage = "usage: %prog [-h] [-m encrypt-method] <password>"
parser = OptionParser(usage=usage)
parser.add_option(
"-m", "--encrypt-method", dest="encrypt_method", type='choice',
default="sha512", choices=HASH_ID_FROM_METHOD.keys(),
default="sha512", choices=METHOD.keys(),
help="encrypt password with ENCRYPT_METHOD [%default] (supported: " +
", ".join(HASH_ID_FROM_METHOD.keys()) + ")"
", ".join(METHOD.keys()) + ")"
)
(opts, args) = parser.parse_args(input_args)
......@@ -71,9 +73,10 @@ def parse_arguments(input_args):
def main():
(passwd, method) = parse_arguments(sys.argv[1:])
salt = random_salt()
hash = crypt.crypt(passwd, "$" + HASH_ID_FROM_METHOD[method] + "$" + salt)
sys.stdout.write("%s\n" % (hash))
algorithm, options = METHOD[method]
print algorithm.encrypt(passwd, **options)
return 0
if __name__ == "__main__":
......
......@@ -109,8 +109,8 @@ if [ -z "$SNF_IMAGE_PROPERTY_EXCLUDE_ALL_TASKS" ]; then
log_error "Required image property \`ROOT_PARTITION' is missing or empty."
fi
if [[ ! "$SNF_IMAGE_PROPERTY_OSFAMILY" =~ ^(linux|windows|freebsd)$ ]]; then
log_error "Supported values for OSFAMILY property are: linux|windows|freebsd"
if [[ ! "$SNF_IMAGE_PROPERTY_OSFAMILY" =~ ^(linux|windows|freebsd|openbsd|netbsd)$ ]]; then
log_error "Supported values for OSFAMILY property are: linux|windows|freebsd|openbsd|netbsd"
fi
SNF_IMAGE_RESIZE_PART="$(get_partition_to_resize "$SNF_IMAGE_DEV")"
......
......@@ -35,6 +35,12 @@ if [ ! -b "$SNF_IMAGE_DEV" ]; then
log_error "Device file:\`${SNF_IMAGE_DEV}' is not a block device"
fi
if [[ "$SNF_IMAGE_PROPERTY_OSFAMILY" =~ (net)|(open)bsd ]]; then
os=${SNF_IMAGE_PROPERTY_OSFAMILY^^[bsd]}
warn "Partition resizing currently not supported for ${os^?}"
exit 0
fi
table=$(get_partition_table "$SNF_IMAGE_DEV")
if [ $(get_partition_count "$table") -eq 0 ]; then
......@@ -52,7 +58,8 @@ if [ "$table_type" == "gpt" ]; then
"$SGDISK" --move-second-header "$SNF_IMAGE_DEV"
elif [ "$table_type" != "msdos" ]; then
log_error "Device: \'${SNF_IMAGE_DEV}' contains unsupported partition " \
"table type: \`$table_type'. Only msdos & gpt partitions are supported."
"table type: \`$table_type'. Only msdos & gpt partitions are" \
"supported."
fi
last_part=$(get_last_partition "$table")
......
......@@ -41,10 +41,16 @@ if [ -z "$SNF_IMAGE_RESIZE_PART" ]; then
exit 0
fi
if [ -n "$SNF_IMAGE_PROPERTY_DO_SYNC" ]; then
if [ "x$SNF_IMAGE_PROPERTY_DO_SYNC" = "xyes" ]; then
unset EATMYDATA
fi
if [[ "$SNF_IMAGE_PROPERTY_OSFAMILY" =~ (net)|(open)bsd ]]; then
os=${SNF_IMAGE_PROPERTY_OSFAMILY^^[bsd]}
warn "File sytem resizing currently not supported for ${os^?}"
exit 0
fi
table=$(get_partition_table "$SNF_IMAGE_DEV")
partition=$(get_partition_by_num "$table" "$SNF_IMAGE_RESIZE_PART")
id=$(cut -d: -f1 <<< "$partition")
......
......@@ -45,11 +45,16 @@ if [ ! -b "$rootdev" ]; then
"(=$SNF_IMAGE_PROPERTY_ROOT_PARTITION) is valid."
fi
if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "freebsd" ]; then
if [[ "$SNF_IMAGE_PROPERTY_OSFAMILY" == *bsd ]]; then
if ! $DUMPFS_UFS "$rootdev" &> /dev/null; then
log_error "For FreeBSD images only UFS root partitions are supported."
os=${SNF_IMAGE_PROPERTY_OSFAMILY^^[bsd]}
log_error "For ${os^?} images only UFS root partitions are supported."
fi
$MOUNT -t ufs -o ufstype=ufs2,rw "$rootdev" "$SNF_IMAGE_TARGET"
ufstype="$(get_ufstype "$rootdev")"
if [ "x$ufstype" = "x" ]; then
exit 1
fi
$MOUNT -t ufs -o ufstype="$ufstype,rw" "$rootdev" "$SNF_IMAGE_TARGET"
else
$MOUNT -o rw "$rootdev" "$SNF_IMAGE_TARGET"
fi
......
......@@ -37,11 +37,13 @@ if [ ! -d "$SNF_IMAGE_TARGET" ]; then
log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing."
fi
if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" != "linux" -a "$SNF_IMAGE_PROPERTY_OSFAMILY" != "freebsd" ]; then
if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "windows" ]; then
exit 0
fi
distro=$(get_base_distro "$SNF_IMAGE_TARGET")
if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "linux" ]; then
distro=$(get_base_distro "$SNF_IMAGE_TARGET")
fi
HOST_KEY="/etc/ssh/ssh_host_key"
RSA_KEY="/etc/ssh/ssh_host_rsa_key"
......@@ -50,10 +52,12 @@ ECDSA_KEY="/etc/ssh/ssh_host_ecdsa_key"
target="$SNF_IMAGE_TARGET"
mount -o bind /proc "$target/proc"
add_cleanup umount "$target/proc"
mount -o bind /dev "$target/dev"
add_cleanup umount "$target/dev"
if [ "x$distro" = "xdebian" ]; then
mount -o bind /proc "$target/proc"
add_cleanup umount "$target/proc"
mount -o bind /dev "$target/dev"
add_cleanup umount "$target/dev"
fi
#Remove the default keys
for pair in "$HOST_KEY@rsa1" "$RSA_KEY@rsa" "$DSA_KEY@dsa" "$ECDSA_KEY@ecdsa"; do
......
......@@ -110,6 +110,26 @@ freebsd_hostname() {
fi
}
openbsd_hostname() {
local target hostname
target="$1"
hostname="$2"
echo "$hostname" > "$target/etc/myname"
}
netbsd_hostname() {
local target hostname
target="$1"
hostname="$2"
openbsd_hostname "$@"
if grep ^hostname= "$target/etc/rc.conf"; then
sed -i -e "s/^hostname=.*$/hostname=\"$(printf "%q" "$hostname")\"/" "$target/etc/rc.conf"
fi
}
if [ ! -d "$SNF_IMAGE_TARGET" ]; then
log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing"
fi
......@@ -118,13 +138,7 @@ if [ -z "$SNF_IMAGE_HOSTNAME" ]; then
log_error "Hostname is missing"
fi
if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "windows" ]; then
windows_hostname "$SNF_IMAGE_TARGET" "$SNF_IMAGE_HOSTNAME"
elif [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "linux" ]; then
linux_hostname "$SNF_IMAGE_TARGET" "$SNF_IMAGE_HOSTNAME"
elif [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "freebsd" ]; then
freebsd_hostname "$SNF_IMAGE_TARGET" "$SNF_IMAGE_HOSTNAME"
fi
${SNF_IMAGE_PROPERTY_OSFAMILY}_hostname "$SNF_IMAGE_TARGET" "$SNF_IMAGE_HOSTNAME"
exit 0
......
......@@ -35,6 +35,8 @@ check_if_excluded
linux_shadow="/etc/shadow"
freebsd_shadow="/etc/master.passwd"
openbsd_shadow="/etc/master.passwd"
netbsd_shadow="/etc/master.passwd"
linux_change_shadow_entry() {
local line encrypted
......@@ -56,6 +58,14 @@ freebsd_change_shadow_entry() {
echo "${entry[0]}:$encrypted:${entry[2]}:${entry[3]}:${entry[4]}:${entry[5]}:0:${entry[7]}:${entry[8]}:${entry[9]}"
}
openbsd_change_shadow_entry() {
freebsd_change_shadow_entry "$@"
}
netbsd_change_shadow_entry() {
freebsd_change_shadow_entry "$@"
}
windows_password() {
local target password
target="$1"
......@@ -79,7 +89,7 @@ windows_password() {
}
unix_password() {
local flavor target password hash users tmp_shadow
local flavor target password encrypted users tmp_shadow method default_method
flavor="$1"
target="$2"
password="$3"
......@@ -89,8 +99,26 @@ unix_password() {
log_error "No ${!shadow} found!"
fi
hash=$("@scriptsdir@/snf-passtohash.py" "$password")
case "$flavor" in
linux|freebsd)
default_method=sha512
;;
openbsd)
default_method=blowfish
;;
netbsd)
default_method=sha1
;;
*)
log_error "Unknown unix flavor: \`$flavor'"
;;
esac
method="${SNF_IMAGE_PROPERTY_PASSWORD_HASHING_METHOD:-$default_method}"
echo -n "Encrypting password with \`$method' method ... "
encrypted=$("@scriptsdir@/hashpwd.py" -m "$method" "$password")
echo "done"
users=()
if [ -n "$SNF_IMAGE_PROPERTY_USERS" ]; then
......@@ -107,35 +135,20 @@ unix_password() {
tmp_shadow="$(mktemp)"
add_cleanup rm "$tmp_shadow"
echo -n "Setting ${users[$i]} password..."
echo -n "Setting ${users[$i]} password ... "
entry=$(grep "^${users[$i]}:" "$target${!shadow}")
if [ -z "$entry" ]; then
log_error "User: \`${users[$i]}' does not exist."
fi
new_entry="$(${flavor}_change_shadow_entry "$entry" "$hash")"
grep -v "${users[$i]}" "$target${!shadow}" > "$tmp_shadow"
new_entry="$(${flavor}_change_shadow_entry "$entry" "$encrypted")"
grep -v "^${users[$i]}:" "$target${!shadow}" > "$tmp_shadow"
echo "$new_entry" >> "$tmp_shadow"
cat "$tmp_shadow" > "$target${!shadow}"
echo "done"
done
}