Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #527 from YunoHost/migrate-pwd
Synchronize root and admin password
- Loading branch information
Showing
4 changed files
with
102 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
79 changes: 79 additions & 0 deletions
79
src/yunohost/data_migrations/0006_sync_admin_and_root_passwords.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
import spwd | ||
import crypt | ||
import random | ||
import string | ||
import subprocess | ||
|
||
from moulinette import m18n | ||
from moulinette.core import MoulinetteError | ||
from moulinette.utils.log import getActionLogger | ||
from moulinette.utils.process import run_commands, check_output | ||
from moulinette.utils.filesystem import append_to_file | ||
from moulinette.authenticators.ldap import Authenticator | ||
from yunohost.tools import Migration | ||
|
||
logger = getActionLogger('yunohost.migration') | ||
SMALL_PWD_LIST = ["yunohost", "olinuxino", "olinux", "raspberry", "admin", "root", "test", "rpi"] | ||
|
||
class MyMigration(Migration): | ||
"Synchronize admin and root passwords" | ||
|
||
def migrate(self): | ||
|
||
new_hash = self._get_admin_hash() | ||
self._replace_root_hash(new_hash) | ||
|
||
logger.info(m18n.n("migration_0006_done")) | ||
|
||
def backward(self): | ||
pass | ||
|
||
@property | ||
def mode(self): | ||
|
||
# If the root password is still a "default" value, | ||
# then this is an emergency and migration shall | ||
# be applied automatically | ||
# | ||
# Otherwise, as playing with root password is touchy, | ||
# we set this as a manual migration. | ||
return "auto" if self._is_root_pwd_listed(SMALL_PWD_LIST) else "manual" | ||
|
||
@property | ||
def disclaimer(self): | ||
if self._is_root_pwd_listed(SMALL_PWD_LIST): | ||
return None | ||
|
||
return m18n.n("migration_0006_disclaimer") | ||
|
||
def _get_admin_hash(self): | ||
""" | ||
Fetch the admin hash from the LDAP db using slapcat | ||
""" | ||
admin_hash = check_output("slapcat \ | ||
| grep 'dn: cn=admin,dc=yunohost,dc=org' -A20 \ | ||
| grep userPassword -A2 \ | ||
| tr -d '\n ' \ | ||
| tr ':' ' ' \ | ||
| awk '{print $2}' \ | ||
| base64 -d \ | ||
| sed 's/{CRYPT}//g'") | ||
return admin_hash | ||
|
||
def _replace_root_hash(self, new_hash): | ||
hash_root = spwd.getspnam("root").sp_pwd | ||
|
||
with open('/etc/shadow', 'r') as before_file: | ||
before = before_file.read() | ||
|
||
with open('/etc/shadow', 'w') as after_file: | ||
after_file.write(before.replace("root:" + hash_root, | ||
"root:" + new_hash)) | ||
|
||
def _is_root_pwd_listed(self, pwd_list): | ||
hash_root = spwd.getspnam("root").sp_pwd | ||
|
||
for password in pwd_list: | ||
if hash_root == crypt.crypt(password, hash_root): | ||
return True | ||
return False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters