cloudinit/sources/helpers/vmware/imc/config_passwd.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

#    Copyright (C) 2016 Canonical Ltd.
#    Copyright (C) 2016 VMware INC.
#
#    Author: Maitreyee Saikia <msaikia@vmware.com>
#
#    This file is part of cloud-init. See LICENSE file for license information.


import logging
import os

from cloudinit import subp, util

LOG = logging.getLogger(__name__)


class PasswordConfigurator(object):
    """
    Class for changing configurations related to passwords in a VM. Includes
    setting and expiring passwords.
    """

    def configure(self, passwd, resetPasswd, distro):
        """
        Main method to perform all functionalities based on configuration file
        inputs.
        @param passwd: encoded admin password.
        @param resetPasswd: boolean to determine if password needs to be reset.
        @return cfg: dict to be used by cloud-init set_passwd code.
        """
        LOG.info("Starting password configuration")
        if passwd:
            passwd = util.b64d(passwd)
        allRootUsers = []
        for line in open("/etc/passwd", "r"):
            if line.split(":")[2] == "0":
                allRootUsers.append(line.split(":")[0])
        # read shadow file and check for each user, if its uid0 or root.
        uidUsersList = []
        for line in open("/etc/shadow", "r"):
            user = line.split(":")[0]
            if user in allRootUsers:
                uidUsersList.append(user)
        if passwd:
            LOG.info("Setting admin password")
            distro.set_passwd("root", passwd)
        if resetPasswd:
            self.reset_password(uidUsersList)
        LOG.info("Configure Password completed!")

    def reset_password(self, uidUserList):
        """
        Method to reset password. Use passwd --expire command. Use chage if
        not succeeded using passwd command. Log failure message otherwise.
        @param: list of users for which to expire password.
        """
        LOG.info("Expiring password.")
        for user in uidUserList:
            try:
                subp.subp(["passwd", "--expire", user])
            except subp.ProcessExecutionError as e:
                if os.path.exists("/usr/bin/chage"):
                    subp.subp(["chage", "-d", "0", user])
                else:
                    LOG.warning(
                        "Failed to expire password for %s with error: %s",
                        user,
                        e,
                    )


# vi: ts=4 expandtab