[Ovirt-devel] [PATCH node] Provides a means to toggle SSH password auth from the firstboot menu. rhbz#509842

[Darryl L. Pierce]

The password option now goes to a submenu. This submenu lets the user
chose to either set the administrator password or else toggle SSH
password authentication on or off.

The submenu also reports whether password authentication is current
enabled.

Signed-off-by: Darryl L. Pierce <dpierce at redhat.com>
---
 scripts/ovirt-config-password |   74 ++++++++++++++++++++++++++++++++++------
 1 files changed, 63 insertions(+), 11 deletions(-)

diff --git a/scripts/ovirt-config-password b/scripts/ovirt-config-password
index 03b41e1..78ec5ba 100755
--- a/scripts/ovirt-config-password
+++ b/scripts/ovirt-config-password
@@ -37,14 +37,66 @@ function prompt_sasl_user {
     done
 }
 
-printf "\n\n Password Configuration\n\n"
-
-# prompt user
-# Set the password for the root user first
-printf "\nSystem Administrator (root):\n"
-unmount_config /etc/shadow
-passwd root
-ovirt_store_config /etc/shadow
-printf "\nAdding users for libvirt remote access"
-# TODO list existing users in /etc/libvirt/passwd.db
-while prompt_sasl_user; do :; done
+set_password () {
+    printf "\n\n Password Configuration\n\n"
+
+    # prompt user
+    # Set the password for the root user first
+    printf "\nSystem Administrator (root):\n"
+    unmount_config /etc/shadow
+    passwd root
+    ovirt_store_config /etc/shadow
+    printf "\nAdding users for libvirt remote access"
+    # TODO list existing users in /etc/libvirt/passwd.db
+    while prompt_sasl_user; do :; done
+}
+
+toggle_ssh_access ()
+{
+    local allowed=$1
+    local config=$WORKDIR/augeas-ssh
+
+    if $allowed; then permit="yes"; else permit="no"; fi
+    augtool <<EOF
+set /files/etc/ssh/sshd_config/PasswordAuthentication ${permit}
+EOF
+
+    service sshd reload
+}
+
+toggle_ssh () {
+    local prompt=$1
+
+    printf "\nToggle SSH\n\n"
+
+    if ask_yes_or_no "${prompt} (y/n)?"; then
+        toggle_ssh_access true
+    else
+        toggle_ssh_access false
+    fi
+}
+
+PASSWORD="Set administrator password"
+SSH="Toggle SSH password authentication"
+QUIT="Quit and Return To Menu"
+
+while true; do
+    state="disabled"
+    augtool get /files/etc/ssh/sshd_config/PasswordAuthentication|grep -q yes$
+    if [ $? == 0 ]; then
+        state="enabled"
+     fi
+    printf "\nSSH password authentication is currently ${state}.\n\n"
+
+    PS3="Please select an option: "
+    select option in "$PASSWORD" "$SSH" "$QUIT"
+    do
+        case $option in
+            $PASSWORD) set_password; break;;
+            $SSH) toggle_ssh "$prompt"; break;;
+            $QUIT) exit;;
+        esac
+    done
+
+    printf "\n"
+done
-- 
1.6.2.5