[elbe-devel] [PATCH v3 5/7] schema: switch to hashed passwords for users

Holger Dengler holger at hdengler.de
Thu Jun 30 08:00:05 CEST 2022 

Replace the plain-text user passwords with their hashed variants in the
XML schema. Adapt the password processing for adduser accordingly.

Signed-off-by: Holger Dengler <holger at hdengler.de>
Reviewed-by: Bastian Germann <bage at linutronix.de>
---
 elbepack/finetuning.py | 6 +++---
 schema/dbsfed.xsd      | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/elbepack/finetuning.py b/elbepack/finetuning.py
index 920d7bba3..a036d3e87 100644
--- a/elbepack/finetuning.py
+++ b/elbepack/finetuning.py
@@ -275,9 +275,9 @@ class AddUserAction(FinetuningAction):
                                                  self.node.et.text)
             chroot(target.path, cmd)
 
-            if 'passwd' in att:
-                stdin = "%s:%s" % (self.node.et.text, att["passwd"])
-                chroot(target.path, "chpasswd", stdin=stdin)
+            if 'passwd_hashed' in att:
+                stdin = "%s:%s" % (self.node.et.text, att["passwd_hashed"])
+                chroot(target.path, "chpasswd --encrypted", stdin=stdin)
 
 
 @FinetuningAction.register('addgroup')
diff --git a/schema/dbsfed.xsd b/schema/dbsfed.xsd
index 497bc5d05..b2732539e 100644
--- a/schema/dbsfed.xsd
+++ b/schema/dbsfed.xsd
@@ -2524,7 +2524,7 @@
         describes an additional user account, the following parameters are
 	available:
 	'shell' - the login shell for the user.
-	'passwd' - the (optional) password for the user.
+	'passwd_hashed' - the (optional) hashed password for the user.
 	'groups' - a comma separated list of groups the user is member of.
 	'uid' - (optional) user of the user.
 	'gid' - (optional) primary group, may be numeric or a name.
@@ -2538,7 +2538,7 @@
     <simpleContent>
       <extension base="rfs:string">
         <attribute name="shell" type="string" use="required" />
-        <attribute name="passwd" type="string" use="optional" />
+        <attribute name="passwd_hashed" type="string" use="optional" />
         <attribute name="groups" type="string" use="optional" />
         <attribute name="uid" type="string" use="optional" />
         <attribute name="gid" type="string" use="optional" />
-- 
2.36.1

More information about the elbe-devel mailing list