Commit f3bc7bef authored by Nikos Skalkotos's avatar Nikos Skalkotos
Browse files

Add a new PASSWORD_HASHING_METHOD image property

This can be used to override the hashing function ChangePassword
task uses. By default for linux and freebsd images, sha512 is used.
For OpenBSD blowfish and for NetBSD sha1.
parent 63a3904a
......@@ -89,7 +89,7 @@ windows_password() {
}
unix_password() {
local flavor target password hash users tmp_shadow
local flavor target password encrypted users tmp_shadow method default_method
flavor="$1"
target="$2"
password="$3"
......@@ -101,19 +101,24 @@ unix_password() {
case "$flavor" in
linux|freebsd)
hash=$("@scriptsdir@/snf-passtohash.py" "$password")
default_method=sha512
;;
openbsd)
hash=$("@scriptsdir@/snf-passtohash.py" -m blowfish "$password")
default_method=blowfish
;;
netbsd)
hash=$("@scriptsdir@/snf-passtohash.py" -m sha1 "$password")
default_method=sha1
;;
*)
log_error "Unknown unix flavor: \`$flavor'"
;;
esac
method="${SNF_IMAGE_PROPERTY_PASSWORD_HASHING_METHOD:-$default_method}"
echo -n "Encrypting password with \`$method' method ... "
encrypted=$("@scriptsdir@/snf-passtohash.py" -m "$method" "$password")
echo "done"
users=()
if [ -n "$SNF_IMAGE_PROPERTY_USERS" ]; then
......@@ -130,13 +135,13 @@ unix_password() {
tmp_shadow="$(mktemp)"
add_cleanup rm "$tmp_shadow"
echo -n "Setting ${users[$i]} password..."
echo -n "Setting ${users[$i]} password ... "
entry=$(grep "^${users[$i]}:" "$target${!shadow}")
if [ -z "$entry" ]; then
log_error "User: \`${users[$i]}' does not exist."
fi
new_entry="$(${flavor}_change_shadow_entry "$entry" "$hash")"
new_entry="$(${flavor}_change_shadow_entry "$entry" "$encrypted")"
grep -v "${users[$i]}" "$target${!shadow}" > "$tmp_shadow"
echo "$new_entry" >> "$tmp_shadow"
cat "$tmp_shadow" > "$target${!shadow}"
......@@ -144,21 +149,6 @@ unix_password() {
done
}
freebsd_password() {
local target password hash
target="$1"
password="$2"
if [ ! -e "$target/etc/master.passwd" ]; then
log_error "No /etc/master.passwd found!"
fi
hash=$("@scriptsdir@/snf-passtohash.py" "$password")
for i in $(seq 0 1 $((${#users[@]}-1))); do
tmp_master="$(mktemp)"
done
}
if [ ! -d "$SNF_IMAGE_TARGET" ]; then
log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing"
fi
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment