# Copyright (C) 2016 Canonical Ltd. # Copyright (C) 2016 VMware INC. # # Author: Maitreyee Saikia # # This file is part of cloud-init. See LICENSE file for license information. import logging import os from cloudinit import subp, util LOG = logging.getLogger(__name__) class PasswordConfigurator(object): """ Class for changing configurations related to passwords in a VM. Includes setting and expiring passwords. """ def configure(self, passwd, resetPasswd, distro): """ Main method to perform all functionalities based on configuration file inputs. @param passwd: encoded admin password. @param resetPasswd: boolean to determine if password needs to be reset. @return cfg: dict to be used by cloud-init set_passwd code. """ LOG.info("Starting password configuration") if passwd: passwd = util.b64d(passwd) allRootUsers = [] for line in open("/etc/passwd", "r"): if line.split(":")[2] == "0": allRootUsers.append(line.split(":")[0]) # read shadow file and check for each user, if its uid0 or root. uidUsersList = [] for line in open("/etc/shadow", "r"): user = line.split(":")[0] if user in allRootUsers: uidUsersList.append(user) if passwd: LOG.info("Setting admin password") distro.set_passwd("root", passwd) if resetPasswd: self.reset_password(uidUsersList) LOG.info("Configure Password completed!") def reset_password(self, uidUserList): """ Method to reset password. Use passwd --expire command. Use chage if not succeeded using passwd command. Log failure message otherwise. @param: list of users for which to expire password. """ LOG.info("Expiring password.") for user in uidUserList: try: subp.subp(["passwd", "--expire", user]) except subp.ProcessExecutionError as e: if os.path.exists("/usr/bin/chage"): subp.subp(["chage", "-d", "0", user]) else: LOG.warning( "Failed to expire password for %s with error: %s", user, e, ) # vi: ts=4 expandtab