[elbe-devel] [PATCH v2 6/8] proprocess: migrate root and user passwords

Holger Dengler holger at hdengler.de
Thu Jun 16 12:10:12 CEST 2022 

Support legacy XMLs by adding preprocessing for plain-text passwords for
root and users. The plain-text password elements or attributes will be
replaced with their hashed variants.

XMLs with only hashed passwords will not be changed by the
preprocessing.

Signed-off-by: Holger Dengler <holger at hdengler.de>
---
 elbepack/xmlpreprocess.py | 28 +++++++++++++++++++++++++---
 1 file changed, 25 insertions(+), 3 deletions(-)

diff --git a/elbepack/xmlpreprocess.py b/elbepack/xmlpreprocess.py
index f3c2f2a7f..947b3cfce 100644
--- a/elbepack/xmlpreprocess.py
+++ b/elbepack/xmlpreprocess.py
@@ -14,6 +14,7 @@ from optparse import OptionGroup
 from itertools import islice
 from urllib.error import HTTPError,URLError
 from urllib.request import urlopen
+from crypt import crypt, METHOD_SHA512
 
 from lxml import etree
 from lxml.etree import XMLParser, parse, Element
@@ -251,6 +252,25 @@ def preprocess_mirrors(xml):
             option.text = opt
             options.append(option)
 
+def preprocess_passwd(xml):
+    """Preprocess plain-text passwords. Plain-text passwords for root and
+       adduser will be replaced with their hashed values.
+    """
+
+    # migrate root password
+    for passwd in xml.iterfind(".//target/passwd"):
+        passwd_hashed = '%s' % crypt(passwd.text, METHOD_SHA512)
+        passwd.tag = "passwd_hashed"
+        passwd.text = passwd_hashed
+
+    # migrate user passwords
+    for adduser in xml.iterfind(".//target/finetuning/adduser[@passwd]"):
+        passwd = adduser.attrib['passwd']
+        passwd_hashed = crypt(passwd, METHOD_SHA512)
+
+        adduser.attrib['passwd_hashed'] = passwd_hashed
+        del adduser.attrib['passwd']
+
 def xmlpreprocess(fname, output, variants=None, proxy=None):
 
     # pylint: disable=too-many-locals
@@ -334,6 +354,8 @@ def xmlpreprocess(fname, output, variants=None, proxy=None):
 
         preprocess_mirrors(xml)
 
+        preprocess_passwd(xml)
+
         if schema.validate(xml):
             # if validation succedes write xml file
             xml.write(
@@ -349,9 +371,9 @@ def xmlpreprocess(fname, output, variants=None, proxy=None):
     except ArchivedirError:
         raise XMLPreprocessError("<archivedir> handling failed\n" +
                                  str(sys.exc_info()[1]))
-    except BaseException:
-        raise XMLPreprocessError(
-            "Unknown Exception during validation\n" + str(sys.exc_info()[1]))
+#     except BaseException:
+#         raise XMLPreprocessError(
+#             "Unknown Exception during validation\n" + str(sys.exc_info()[1]))
 
     # We have errors, return them in string form...
     raise XMLPreprocessError("\n".join(error_log_to_strings(schema.error_log)))
-- 
2.36.1

More information about the elbe-devel mailing list