[elbe-devel] [PATCH v1 08/15] xmlpreprocess: add password processing for adduser

[Holger Dengler]

Create or update the hashed passwords for users in adduser. Only
METHOD_SHA512 ($6) is currently supported.

Signed-off-by: Holger Dengler <holger at hdengler.de>
---
 elbepack/xmlpreprocess.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/elbepack/xmlpreprocess.py b/elbepack/xmlpreprocess.py
index 69642bc51..ecf0bbeda 100644
--- a/elbepack/xmlpreprocess.py
+++ b/elbepack/xmlpreprocess.py
@@ -279,6 +279,23 @@ def preprocess_root_password(xml):
     print('[INFO] update hashed password for root.')
 
 
+def preprocess_adduser_passwords(xml):
+    """Preprocess the plain-text passwords for addusers. A given plain-text
+    password will be hashed and updated in attribute. The attribute with the
+    plain-text password will be removed.
+    """
+
+    for adduser in xml.iterfind('target/finetuning/adduser[@passwd]'):
+        adduser.attrib['passwd_hashed'] = crypt(adduser.attrib['passwd'],
+                                                METHOD_SHA512)
+        print('[INFO] update hashed password for %s.'
+              % (adduser.text))
+
+        del adduser.attrib['passwd']
+        print('[INFO] Remove plain-text password for %s.'
+              % (adduser.text))
+
+
 def xmlpreprocess(fname, output, variants=None, proxy=None):
 
     # pylint: disable=too-many-locals
@@ -363,6 +380,7 @@ def xmlpreprocess(fname, output, variants=None, proxy=None):
         preprocess_mirrors(xml)
 
         preprocess_root_password(xml)
+        preprocess_adduser_passwords(xml)
 
         if schema.validate(xml):
             # if validation succedes write xml file
-- 
2.36.1