[elbe-devel] [PATCH v3 6/7] preprocess: migrate root and user passwords

Bastian Germann bage at linutronix.de
Thu Jun 30 10:22:38 CEST 2022 

Am 30.06.22 um 08:00 schrieb Holger Dengler:
> Support legacy XMLs by adding a preprocessing for plain-text passwords
> for root and users. The plain-text password elements or attributes will
> be replaced with their hashed variants.
> 
> XMLs with only hashed passwords will not be changed by the
> preprocessing.
> 
> Signed-off-by: Holger Dengler <holger at hdengler.de>

Reviewed-by: Bastian Germann <bage at linutronix.de>

> ---
>   elbepack/xmlpreprocess.py | 20 ++++++++++++++++++++
>   1 file changed, 20 insertions(+)
> 
> diff --git a/elbepack/xmlpreprocess.py b/elbepack/xmlpreprocess.py
> index f3c2f2a7f..0daa7b497 100644
> --- a/elbepack/xmlpreprocess.py
> +++ b/elbepack/xmlpreprocess.py
> @@ -14,6 +14,7 @@ from optparse import OptionGroup
>   from itertools import islice
>   from urllib.error import HTTPError,URLError
>   from urllib.request import urlopen
> +from passlib.hash import sha512_crypt
>   
>   from lxml import etree
>   from lxml.etree import XMLParser, parse, Element
> @@ -251,6 +252,23 @@ def preprocess_mirrors(xml):
>               option.text = opt
>               options.append(option)
>   
> +
> +def preprocess_passwd(xml):
> +    """Preprocess plain-text passwords. Plain-text passwords for root and
> +       adduser will be replaced with their hashed values.
> +    """
> +
> +    # migrate root password
> +    for passwd in xml.iterfind(".//target/passwd"):
> +        passwd.tag = "passwd_hashed"
> +        passwd.text = '%s' % sha512_crypt.hash(passwd.text)
> +
> +    # migrate user passwords
> +    for adduser in xml.iterfind(".//target/finetuning/adduser[@passwd]"):
> +        passwd = adduser.attrib['passwd']
> +        adduser.attrib['passwd_hashed'] = sha512_crypt.hash(passwd)
> +        del adduser.attrib['passwd']
> +
>   def xmlpreprocess(fname, output, variants=None, proxy=None):
>   
>       # pylint: disable=too-many-locals
> @@ -334,6 +352,8 @@ def xmlpreprocess(fname, output, variants=None, proxy=None):
>   
>           preprocess_mirrors(xml)
>   
> +        preprocess_passwd(xml)
> +
>           if schema.validate(xml):
>               # if validation succedes write xml file
>               xml.write(

More information about the elbe-devel mailing list