Re: [Libguestfs] [PATCH 5/5] customize: use augeas to change passwords

On Thu, Sep 04, 2014 at 05:18:31PM +0200, Pino Toscano wrote: > Make use of augeas to load and edit /etc/shadow, now that we have > (either from upstream or by ourselves) a lens handling it. > --- > > customize/password.ml | 64 > +++++++++++++++++++++++---------------------------- 1 file > changed, 29 insertions(+), 35 deletions(-) > > diff --git a/customize/password.ml b/customize/password.ml > index 84af0c3..3437bf0 100644 > --- a/customize/password.ml > +++ b/customize/password.ml > @@ -87,42 +87,36 @@ let rec set_linux_passwords ~prog > ?password_crypto g root passwords => > | None -> default_crypto ~prog g root > | Some c -> c in > > - (* XXX Would like to use Augeas here, but Augeas doesn't support > - * /etc/shadow (as of 1.1.0). > - *) > + g#aug_init "/" 0; > + let users = Array.to_list (g#aug_ls "/files/etc/shadow") in > + List.iter ( > + fun userpath -> > + let user = > + let i = String.rindex userpath '/' in > + String.sub userpath (i+1) (String.length userpath -i-1) in > + try > + (* Each line is: "user:[!!]password:..." > + * !! at the front of the password field means the account > is locked. + *) > + let selector = Hashtbl.find passwords user in > + let pwfield = > + match selector with > + | { pw_locked = locked; > + pw_password = Password password } -> > + (if locked then "!!" else "") ^ encrypt password crypto > + | { pw_locked = locked; > + pw_password = Random_password } -> > + let password = make_random_password () in > + printf (f_"Setting random password of %s to %s\n%!") > + user password; > + (if locked then "!!" else "") ^ encrypt password crypto > + | { pw_locked = true; pw_password = Disabled_password } > -> "!!*" + | { pw_locked = false; pw_password = > Disabled_password } -> "*" in + g#aug_set (userpath ^ > "/password") pwfield > + with Not_found -> () > + ) users; > + g#aug_save (); So in fact Augeas doesn't model the '!!' (locked) field, it just includes it in the /files/etc/shadow/<user>/password?