diff options
| author |   Joseph Reynolds <joseph-reynolds@charter.net> | 2020-11-10 11:56:42 +0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-11-11 10:08:07 +0000 |
| commit | 1bdcfa4b0d378947a6759fb91872a4edc9a42622 (patch) | |
| tree | a6d2925eb0262a5a9bd836b75eea9728f97f2b93 | |
| parent | e434627b29a1a01b06473efeb291783a4afdd50f (diff) | |
| download | openembedded-core-contrib-1bdcfa4b0d378947a6759fb91872a4edc9a42622.tar.gz | |
add new extrausers command passwd-expire
This enhances extrausers with a new passwd-expire command that causes
a local user's password to be expired as if the `passwd --expire`
command was run, so the password needs to be changed on initial login.
Example: EXTRA_USERS_PARAMS += " useradd ... USER; passwd-expire USER;"
Tested: on useradd accounts
When configured with Linux-PAM, console login prompts for and can
successfully change the password. OpenSSH server works. Dropbear
SSH server notes the password must be changed but does not offer a
password change dialog and rejects the login request.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/classes/extrausers.bbclass | 3 | ||||
| -rw-r--r-- | meta/classes/useradd_base.bbclass | 18 |
2 files changed, 21 insertions, 0 deletions
diff --git a/meta/classes/extrausers.bbclass b/meta/classes/extrausers.bbclass index 32569e97db..90811bfe2a 100644 --- a/meta/classes/extrausers.bbclass +++ b/meta/classes/extrausers.bbclass @@ -46,6 +46,9 @@ set_user_group () { usermod) perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} $opts" ;; + passwd-expire) + perform_passwd_expire "${IMAGE_ROOTFS}" "$opts" + ;; groupmod) perform_groupmod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} $opts" ;; diff --git a/meta/classes/useradd_base.bbclass b/meta/classes/useradd_base.bbclass index 0d0bdb80f5..7f5b9b7219 100644 --- a/meta/classes/useradd_base.bbclass +++ b/meta/classes/useradd_base.bbclass @@ -145,3 +145,21 @@ perform_usermod () { fi set -e } + +perform_passwd_expire () { + local rootdir="$1" + local opts="$2" + bbnote "${PN}: Performing equivalent of passwd --expire with [$opts]" + # Directly set sp_lstchg to 0 without using the passwd command: Only root can do that + local username=`echo "$opts" | awk '{ print $NF }'` + local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`" + if test "x$user_exists" != "x"; then + eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed -i \''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' $rootdir/etc/shadow \" || true + local passwd_lastchanged="`grep "^$username:" $rootdir/etc/shadow | cut -d: -f3`" + if test "x$passwd_lastchanged" != "x0"; then + bbfatal "${PN}: passwd --expire operation did not succeed." + fi + else + bbnote "${PN}: user $username doesn't exist, not expiring its password" + fi +} |