]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commitdiff
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e434627)
add new extrausers command passwd-expire
authorJoseph Reynolds <joseph-reynolds@charter.net>
Tue, 10 Nov 2020 03:56:42 +0000 (11:56 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 11 Nov 2020 10:08:07 +0000 (10:08 +0000)
This enhances extrausers with a new passwd-expire command that causes
a local user's password to be expired as if the `passwd --expire`
command was run, so the password needs to be changed on initial login.

Example: EXTRA_USERS_PARAMS += " useradd ... USER; passwd-expire USER;"

Tested: on useradd accounts
When configured with Linux-PAM, console login prompts for and can
successfully change the password.  OpenSSH server works.  Dropbear
SSH server notes the password must be changed but does not offer a
password change dialog and rejects the login request.

Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/classes/extrausers.bbclass patch | blob | blame | history
meta/classes/useradd_base.bbclass patch | blob | blame | history

diff --git a/meta/classes/extrausers.bbclass b/meta/classes/extrausers.bbclass
index 32569e97db874ece039a74a401be06bef5fab7fb..90811bfe2a53dd6eaf05a3fff3fee371b8b23a46 100644 (file)
--- a/meta/classes/extrausers.bbclass
+++ b/meta/classes/extrausers.bbclass
@@ -46,6 +46,9 @@ set_user_group () {
                        usermod)
                                perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} $opts"
                                ;;
+                       passwd-expire)
+                               perform_passwd_expire "${IMAGE_ROOTFS}" "$opts"
+                               ;;
                        groupmod)
                                perform_groupmod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} $opts"
                                ;;
diff --git a/meta/classes/useradd_base.bbclass b/meta/classes/useradd_base.bbclass
index 0d0bdb80f5bc81f61f881abc7dc05281d82249b5..7f5b9b721947d74c1d74e7887b11d98576390218 100644 (file)
--- a/meta/classes/useradd_base.bbclass
+++ b/meta/classes/useradd_base.bbclass
@@ -145,3 +145,21 @@ perform_usermod () {
        fi
        set -e
 }
+
+perform_passwd_expire () {
+       local rootdir="$1"
+       local opts="$2"
+       bbnote "${PN}: Performing equivalent of passwd --expire with [$opts]"
+       # Directly set sp_lstchg to 0 without using the passwd command: Only root can do that
+       local username=`echo "$opts" | awk '{ print $NF }'`
+       local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`"
+       if test "x$user_exists" != "x"; then
+               eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed -i \''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' $rootdir/etc/shadow \" || true
+               local passwd_lastchanged="`grep "^$username:" $rootdir/etc/shadow | cut -d: -f3`"
+               if test "x$passwd_lastchanged" != "x0"; then
+                       bbfatal "${PN}: passwd --expire operation did not succeed."
+               fi
+       else
+               bbnote "${PN}: user $username doesn't exist, not expiring its password"
+       fi
+}
Mirror of git://git.openembedded.org/openembedded-core-contrib