summaryrefslogtreecommitdiff
path: root/cloudinit/sources/helpers/vmware/imc/config_passwd.py
blob: 75cfbaaf260dc3f21015512c901f5b85834474a6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#    Copyright (C) 2016 Canonical Ltd.
#    Copyright (C) 2016 VMware INC.
#
#    Author: Maitreyee Saikia <msaikia@vmware.com>
#
#    This file is part of cloud-init. See LICENSE file for license information.


import logging
import os

from cloudinit import util

LOG = logging.getLogger(__name__)


class PasswordConfigurator(object):
    """
    Class for changing configurations related to passwords in a VM. Includes
    setting and expiring passwords.
    """
    def configure(self, passwd, resetPasswd, distro):
        """
        Main method to perform all functionalities based on configuration file
        inputs.
        @param passwd: encoded admin password.
        @param resetPasswd: boolean to determine if password needs to be reset.
        @return cfg: dict to be used by cloud-init set_passwd code.
        """
        LOG.info('Starting password configuration')
        if passwd:
            passwd = util.b64d(passwd)
        allRootUsers = []
        for line in open('/etc/passwd', 'r'):
            if line.split(':')[2] == '0':
                allRootUsers.append(line.split(':')[0])
        # read shadow file and check for each user, if its uid0 or root.
        uidUsersList = []
        for line in open('/etc/shadow', 'r'):
            user = line.split(':')[0]
            if user in allRootUsers:
                uidUsersList.append(user)
        if passwd:
            LOG.info('Setting admin password')
            distro.set_passwd('root', passwd)
        if resetPasswd:
            self.reset_password(uidUsersList)
        LOG.info('Configure Password completed!')

    def reset_password(self, uidUserList):
        """
        Method to reset password. Use passwd --expire command. Use chage if
        not succeeded using passwd command. Log failure message otherwise.
        @param: list of users for which to expire password.
        """
        LOG.info('Expiring password.')
        for user in uidUserList:
            try:
                out, err = util.subp(['passwd', '--expire', user])
            except util.ProcessExecutionError as e:
                if os.path.exists('/usr/bin/chage'):
                    out, e = util.subp(['chage', '-d', '0', user])
                else:
                    LOG.warning('Failed to expire password for %s with error: '
                                '%s', user, e)

# vi: ts=4 expandtab