[elbe-devel] [PATCH v2 5/8] schema: switch to hashed passwords for users
Holger Dengler
holger at hdengler.de
Thu Jun 16 12:10:11 CEST 2022
Replace the plain-text user passwords with their hashed variants in the
XML schema. Adapt the password processing for adduser accordingly.
Signed-off-by: Holger Dengler <holger at hdengler.de>
---
elbepack/finetuning.py | 6 +++---
schema/dbsfed.xsd | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/elbepack/finetuning.py b/elbepack/finetuning.py
index 920d7bba3..a036d3e87 100644
--- a/elbepack/finetuning.py
+++ b/elbepack/finetuning.py
@@ -275,9 +275,9 @@ class AddUserAction(FinetuningAction):
self.node.et.text)
chroot(target.path, cmd)
- if 'passwd' in att:
- stdin = "%s:%s" % (self.node.et.text, att["passwd"])
- chroot(target.path, "chpasswd", stdin=stdin)
+ if 'passwd_hashed' in att:
+ stdin = "%s:%s" % (self.node.et.text, att["passwd_hashed"])
+ chroot(target.path, "chpasswd --encrypted", stdin=stdin)
@FinetuningAction.register('addgroup')
diff --git a/schema/dbsfed.xsd b/schema/dbsfed.xsd
index 0cf23e660..c815ffc82 100644
--- a/schema/dbsfed.xsd
+++ b/schema/dbsfed.xsd
@@ -2525,7 +2525,7 @@
describes an additional user account, the following parameters are
available:
'shell' - the login shell for the user.
- 'passwd' - the (optional) password for the user.
+ 'passwd_hashed' - the (optional) hashed password for the user.
'groups' - a comma separated list of groups the user is member of.
'uid' - (optional) user of the user.
'gid' - (optional) primary group, may be numeric or a name.
@@ -2539,7 +2539,7 @@
<simpleContent>
<extension base="rfs:string">
<attribute name="shell" type="string" use="required" />
- <attribute name="passwd" type="string" use="optional" />
+ <attribute name="passwd_hashed" type="string" use="optional" />
<attribute name="groups" type="string" use="optional" />
<attribute name="uid" type="string" use="optional" />
<attribute name="gid" type="string" use="optional" />
--
2.36.1
More information about the elbe-devel
mailing list