From e668da729a0f9cd5d93d909a9b44d74cf6925dd5 Mon Sep 17 00:00:00 2001
From: Scott Moser <smoser@ubuntu.com>
Date: Thu, 15 Aug 2013 13:16:01 -0400
Subject: do not set 'password', but set 'passwd' to crypt'd value

'password' was the wrong key.  It should have been setting the default
user's "plain_text_password".

Instead of doing that, though, we're encrypting the value and putting it in
'passwd', which will then be passed on to useradd.  The key value in doing
this is that the plain text password will not be stored in obj.pkl.

(admittedly it is still in plain text in the ovf-env.xml file).
---
 cloudinit/sources/DataSourceAzure.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'cloudinit/sources')

diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index 1a74de21..7ec622bf 100644
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -17,6 +17,7 @@
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import base64
+import crypt
 import os
 import os.path
 import time
@@ -424,7 +425,7 @@ def read_azure_ovf(contents):
     if username:
         defuser['name'] = username
     if password:
-        defuser['password'] = password
+        defuser['passwd'] = encrypt_pass(password)
         defuser['lock_passwd'] = False
 
     if defuser:
@@ -436,6 +437,10 @@ def read_azure_ovf(contents):
     return (md, ud, cfg)
 
 
+def encrypt_pass(password, salt_id="$6$"):
+    return crypt.crypt(password, salt_id + util.rand_str(strlen=16))
+
+
 def list_possible_azure_ds_devs():
     # return a sorted list of devices that might have a azure datasource
     devlist = []
-- 
cgit v1.2.3