# Copyright (C) 2019-2020 Gonéri Le Bouder # # This file is part of cloud-init. See LICENSE file for license information. import crypt import os import platform import cloudinit.distros.bsd from cloudinit import log as logging from cloudinit import util LOG = logging.getLogger(__name__) class Distro(cloudinit.distros.bsd.BSD): ci_sudoers_fn = '/usr/pkg/etc/sudoers.d/90-cloud-init-users' group_add_cmd_prefix = ["groupadd"] pkg_cmd_install_prefix = ["pkg_add", "-U"] pkg_cmd_remove_prefix = ['pkg_delete'] def _get_add_member_to_group_cmd(self, member_name, group_name): return ['usermod', '-G', group_name, member_name] def add_user(self, name, **kwargs): if util.is_user(name): LOG.info("User %s already exists, skipping.", name) return False adduser_cmd = ['useradd'] log_adduser_cmd = ['useradd'] adduser_opts = { "homedir": '-d', "gecos": '-c', "primary_group": '-g', "groups": '-G', "shell": '-s', } adduser_flags = { "no_user_group": '--no-user-group', "system": '--system', "no_log_init": '--no-log-init', } for key, val in kwargs.items(): if key in adduser_opts and val and isinstance(val, str): adduser_cmd.extend([adduser_opts[key], val]) elif key in adduser_flags and val: adduser_cmd.append(adduser_flags[key]) log_adduser_cmd.append(adduser_flags[key]) if 'no_create_home' not in kwargs or 'system' not in kwargs: adduser_cmd += ['-m'] log_adduser_cmd += ['-m'] adduser_cmd += [name] log_adduser_cmd += [name] # Run the command LOG.info("Adding user %s", name) try: util.subp(adduser_cmd, logstring=log_adduser_cmd) except Exception: util.logexc(LOG, "Failed to create user %s", name) raise # Set the password if it is provided # For security consideration, only hashed passwd is assumed passwd_val = kwargs.get('passwd', None) if passwd_val is not None: self.set_passwd(name, passwd_val, hashed=True) def set_passwd(self, user, passwd, hashed=False): if hashed: hashed_pw = passwd elif not hasattr(crypt, 'METHOD_BLOWFISH'): # crypt.METHOD_BLOWFISH comes with Python 3.7 which is available # on NetBSD 7 and 8. LOG.error(( 'Cannot set non-encrypted password for user %s. ' 'Python >= 3.7 is required.'), user) return else: method = crypt.METHOD_BLOWFISH # pylint: disable=E1101 hashed_pw = crypt.crypt( passwd, crypt.mksalt(method)) try: util.subp(['usermod', '-C', 'no', '-p', hashed_pw, user]) except Exception: util.logexc(LOG, "Failed to set password for %s", user) raise def force_passwd_change(self, user): try: util.subp(['usermod', '-F', user]) except Exception: util.logexc(LOG, "Failed to set pw expiration for %s", user) raise def lock_passwd(self, name): try: util.subp(['usermod', '-C', 'yes', name]) except Exception: util.logexc(LOG, "Failed to lock user %s", name) raise def apply_locale(self, locale, out_fn=None): LOG.debug('Cannot set the locale.') def apply_network_config_names(self, netconfig): LOG.debug('NetBSD cannot rename network interface.') def _get_pkg_cmd_environ(self): """Return environment vars used in *BSD package_command operations""" os_release = platform.release() os_arch = platform.machine() e = os.environ.copy() e['PKG_PATH'] = ( 'http://cdn.netbsd.org/pub/pkgsrc/' 'packages/NetBSD/%s/%s/All') % (os_arch, os_release) return e def update_package_sources(self): pass # vi: ts=4 expandtab