[elbe-devel] [PATCH v1 10/15] xmlpreprocess: remove plain-text root password
Holger Dengler
holger at hdengler.de
Wed Jun 8 22:39:53 CEST 2022
Remove the plain-text password for root after the generation of the
hashed password, if not otherwise specified.
Signed-off-by: Holger Dengler <holger at hdengler.de>
---
elbepack/xmlpreprocess.py | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/elbepack/xmlpreprocess.py b/elbepack/xmlpreprocess.py
index ecf0bbeda..f11dfe72c 100644
--- a/elbepack/xmlpreprocess.py
+++ b/elbepack/xmlpreprocess.py
@@ -278,6 +278,13 @@ def preprocess_root_password(xml):
passwd_hashed.text = '%s' % crypt(passwd.text, METHOD_SHA512)
print('[INFO] update hashed password for root.')
+ # remove plain-text password element if attribute 'keep_plain' is not
+ # set or not true.
+ if 'keep_plain' not in passwd.attrib or \
+ passwd.attrib['keep_plain'] != 'true':
+ parent.remove(passwd)
+ print('[INFO] remove plain-text password for root.')
+
def preprocess_adduser_passwords(xml):
"""Preprocess the plain-text passwords for addusers. A given plain-text
--
2.36.1
More information about the elbe-devel
mailing list