[Libguestfs] [PATCH 5/5] customize: use augeas to change passwords
Richard W.M. Jones
rjones at redhat.com
Fri Sep 5 12:13:59 UTC 2014
On Thu, Sep 04, 2014 at 05:18:31PM +0200, Pino Toscano wrote:
> Make use of augeas to load and edit /etc/shadow, now that we have
> (either from upstream or by ourselves) a lens handling it.
> ---
> customize/password.ml | 64 +++++++++++++++++++++++----------------------------
> 1 file changed, 29 insertions(+), 35 deletions(-)
>
> diff --git a/customize/password.ml b/customize/password.ml
> index 84af0c3..3437bf0 100644
> --- a/customize/password.ml
> +++ b/customize/password.ml
> @@ -87,42 +87,36 @@ let rec set_linux_passwords ~prog ?password_crypto g root passwords =
> | None -> default_crypto ~prog g root
> | Some c -> c in
>
> - (* XXX Would like to use Augeas here, but Augeas doesn't support
> - * /etc/shadow (as of 1.1.0).
> - *)
> + g#aug_init "/" 0;
> + let users = Array.to_list (g#aug_ls "/files/etc/shadow") in
> + List.iter (
> + fun userpath ->
> + let user =
> + let i = String.rindex userpath '/' in
> + String.sub userpath (i+1) (String.length userpath -i-1) in
> + try
> + (* Each line is: "user:[!!]password:..."
> + * !! at the front of the password field means the account is locked.
> + *)
> + let selector = Hashtbl.find passwords user in
> + let pwfield =
> + match selector with
> + | { pw_locked = locked;
> + pw_password = Password password } ->
> + (if locked then "!!" else "") ^ encrypt password crypto
> + | { pw_locked = locked;
> + pw_password = Random_password } ->
> + let password = make_random_password () in
> + printf (f_"Setting random password of %s to %s\n%!")
> + user password;
> + (if locked then "!!" else "") ^ encrypt password crypto
> + | { pw_locked = true; pw_password = Disabled_password } -> "!!*"
> + | { pw_locked = false; pw_password = Disabled_password } -> "*" in
> + g#aug_set (userpath ^ "/password") pwfield
> + with Not_found -> ()
> + ) users;
> + g#aug_save ();
So in fact Augeas doesn't model the '!!' (locked) field, it just
includes it in the /files/etc/shadow/<user>/password?
ACK.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
More information about the Libguestfs
mailing list