Re: [Libguestfs] [PATCH 5/5] customize: use augeas to change passwords

Make use of augeas to load and edit /etc/shadow, now that we have (either from upstream or by ourselves) a lens handling it. --- customize/password.ml | 64 +++++++++++++++++++++++---------------------------- 1 file changed, 29 insertions(+), 35 deletions(-) diff --git a/customize/password.ml b/customize/password.ml index 84af0c3..3437bf0 100644 --- a/customize/password.ml +++ b/customize/password.ml @@ -87,42 +87,36 @@ let rec set_linux_passwords ~prog ?password_crypto g root passwords = | None -> default_crypto ~prog g root | Some c -> c in - (* XXX Would like to use Augeas here, but Augeas doesn't support - * /etc/shadow (as of 1.1.0). - *) + g#aug_init "/" 0; + let users = Array.to_list (g#aug_ls "/files/etc/shadow") in + List.iter ( + fun userpath -> + let user = + let i = String.rindex userpath '/' in + String.sub userpath (i+1) (String.length userpath -i-1) in + try + (* Each line is: "user:[!!]password:..." + * !! at the front of the password field means the account is locked. + *) + let selector = Hashtbl.find passwords user in + let pwfield = + match selector with + | { pw_locked = locked; + pw_password = Password password } -> + (if locked then "!!" else "") ^ encrypt password crypto + | { pw_locked = locked; + pw_password = Random_password } -> + let password = make_random_password () in + printf (f_"Setting random password of %s to %s\n%!") + user password; + (if locked then "!!" else "") ^ encrypt password crypto + | { pw_locked = true; pw_password = Disabled_password } -> "!!*" + | { pw_locked = false; pw_password = Disabled_password } -> "*" in + g#aug_set (userpath ^ "/password") pwfield + with Not_found -> () + ) users; + g#aug_save ();