[elbe-devel] [PATCH v2 5/8] schema: switch to hashed passwords for users

Bastian Germann bage at linutronix.de
Fri Jun 24 12:12:21 CEST 2022 

Am 16.06.22 um 12:10 schrieb Holger Dengler:
> Replace the plain-text user passwords with their hashed variants in the
> XML schema. Adapt the password processing for adduser accordingly.
> 
> Signed-off-by: Holger Dengler <holger at hdengler.de>

Reviewed-by: Bastian Germann <bage at linutronix.de>

> ---
>   elbepack/finetuning.py | 6 +++---
>   schema/dbsfed.xsd      | 4 ++--
>   2 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/elbepack/finetuning.py b/elbepack/finetuning.py
> index 920d7bba3..a036d3e87 100644
> --- a/elbepack/finetuning.py
> +++ b/elbepack/finetuning.py
> @@ -275,9 +275,9 @@ class AddUserAction(FinetuningAction):
>                                                    self.node.et.text)
>               chroot(target.path, cmd)
>   
> -            if 'passwd' in att:
> -                stdin = "%s:%s" % (self.node.et.text, att["passwd"])
> -                chroot(target.path, "chpasswd", stdin=stdin)
> +            if 'passwd_hashed' in att:
> +                stdin = "%s:%s" % (self.node.et.text, att["passwd_hashed"])
> +                chroot(target.path, "chpasswd --encrypted", stdin=stdin)
>   
>   
>   @FinetuningAction.register('addgroup')
> diff --git a/schema/dbsfed.xsd b/schema/dbsfed.xsd
> index 0cf23e660..c815ffc82 100644
> --- a/schema/dbsfed.xsd
> +++ b/schema/dbsfed.xsd
> @@ -2525,7 +2525,7 @@
>           describes an additional user account, the following parameters are
>   	available:
>   	'shell' - the login shell for the user.
> -	'passwd' - the (optional) password for the user.
> +	'passwd_hashed' - the (optional) hashed password for the user.
>   	'groups' - a comma separated list of groups the user is member of.
>   	'uid' - (optional) user of the user.
>   	'gid' - (optional) primary group, may be numeric or a name.
> @@ -2539,7 +2539,7 @@
>       <simpleContent>
>         <extension base="rfs:string">
>           <attribute name="shell" type="string" use="required" />
> -        <attribute name="passwd" type="string" use="optional" />
> +        <attribute name="passwd_hashed" type="string" use="optional" />
>           <attribute name="groups" type="string" use="optional" />
>           <attribute name="uid" type="string" use="optional" />
>           <attribute name="gid" type="string" use="optional" />

More information about the elbe-devel mailing list