|
Packit Service |
a04d08 |
# Copyright (C) 2016 Canonical Ltd.
|
|
Packit Service |
a04d08 |
# Copyright (C) 2016 VMware INC.
|
|
Packit Service |
a04d08 |
#
|
|
Packit Service |
a04d08 |
# Author: Maitreyee Saikia <msaikia@vmware.com>
|
|
Packit Service |
a04d08 |
#
|
|
Packit Service |
a04d08 |
# This file is part of cloud-init. See LICENSE file for license information.
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
import logging
|
|
Packit Service |
a04d08 |
import os
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
9bfd13 |
from cloudinit import subp
|
|
Packit Service |
a04d08 |
from cloudinit import util
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
LOG = logging.getLogger(__name__)
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
class PasswordConfigurator(object):
|
|
Packit Service |
a04d08 |
"""
|
|
Packit Service |
a04d08 |
Class for changing configurations related to passwords in a VM. Includes
|
|
Packit Service |
a04d08 |
setting and expiring passwords.
|
|
Packit Service |
a04d08 |
"""
|
|
Packit Service |
a04d08 |
def configure(self, passwd, resetPasswd, distro):
|
|
Packit Service |
a04d08 |
"""
|
|
Packit Service |
a04d08 |
Main method to perform all functionalities based on configuration file
|
|
Packit Service |
a04d08 |
inputs.
|
|
Packit Service |
a04d08 |
@param passwd: encoded admin password.
|
|
Packit Service |
a04d08 |
@param resetPasswd: boolean to determine if password needs to be reset.
|
|
Packit Service |
a04d08 |
@return cfg: dict to be used by cloud-init set_passwd code.
|
|
Packit Service |
a04d08 |
"""
|
|
Packit Service |
a04d08 |
LOG.info('Starting password configuration')
|
|
Packit Service |
a04d08 |
if passwd:
|
|
Packit Service |
a04d08 |
passwd = util.b64d(passwd)
|
|
Packit Service |
a04d08 |
allRootUsers = []
|
|
Packit Service |
a04d08 |
for line in open('/etc/passwd', 'r'):
|
|
Packit Service |
a04d08 |
if line.split(':')[2] == '0':
|
|
Packit Service |
a04d08 |
allRootUsers.append(line.split(':')[0])
|
|
Packit Service |
a04d08 |
# read shadow file and check for each user, if its uid0 or root.
|
|
Packit Service |
a04d08 |
uidUsersList = []
|
|
Packit Service |
a04d08 |
for line in open('/etc/shadow', 'r'):
|
|
Packit Service |
a04d08 |
user = line.split(':')[0]
|
|
Packit Service |
a04d08 |
if user in allRootUsers:
|
|
Packit Service |
a04d08 |
uidUsersList.append(user)
|
|
Packit Service |
a04d08 |
if passwd:
|
|
Packit Service |
a04d08 |
LOG.info('Setting admin password')
|
|
Packit Service |
a04d08 |
distro.set_passwd('root', passwd)
|
|
Packit Service |
a04d08 |
if resetPasswd:
|
|
Packit Service |
a04d08 |
self.reset_password(uidUsersList)
|
|
Packit Service |
a04d08 |
LOG.info('Configure Password completed!')
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
def reset_password(self, uidUserList):
|
|
Packit Service |
a04d08 |
"""
|
|
Packit Service |
a04d08 |
Method to reset password. Use passwd --expire command. Use chage if
|
|
Packit Service |
a04d08 |
not succeeded using passwd command. Log failure message otherwise.
|
|
Packit Service |
a04d08 |
@param: list of users for which to expire password.
|
|
Packit Service |
a04d08 |
"""
|
|
Packit Service |
a04d08 |
LOG.info('Expiring password.')
|
|
Packit Service |
a04d08 |
for user in uidUserList:
|
|
Packit Service |
a04d08 |
try:
|
|
Packit Service |
9bfd13 |
subp.subp(['passwd', '--expire', user])
|
|
Packit Service |
9bfd13 |
except subp.ProcessExecutionError as e:
|
|
Packit Service |
a04d08 |
if os.path.exists('/usr/bin/chage'):
|
|
Packit Service |
9bfd13 |
subp.subp(['chage', '-d', '0', user])
|
|
Packit Service |
a04d08 |
else:
|
|
Packit Service |
a04d08 |
LOG.warning('Failed to expire password for %s with error: '
|
|
Packit Service |
a04d08 |
'%s', user, e)
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
# vi: ts=4 expandtab
|