3
\�me�+��������������� ���@���sH��U�d�Z�ddlZddlZddlmZmZ�ddlmZ�ddlm Z �ddl
m
Z
m
Z
m
Z
�ddlmZ�ddlmZ�dd lmZmZ�dd
lmZmZmZ�dd
lmZ�dd
lm
Z
�d
Z
ddde
egeed�ed�gg�d�Z
e
ee
�Z�ej e �Z!dj"dd��ee�D���Z#e$e%e$d�dd�Z&dd��Z'ed
�d
d
�Z(e%eee$dd �d d!�Z)d%d#d$�Z*dS�)&zFSet Passwords: Set user passwords and enable/disable SSH password auth�����N)�
ascii_letters�digits)�dedent)�List)�features�subp�util)�Cloud)�Config)�
MetaSchema�
get_meta_doc)�
ALL_DISTROS�Distro�ug_util)�
PER_INSTANCE)�update_ssh_configa���This module consumes three top-level config keys: ``ssh_pwauth``, ``chpasswd``
and ``password``.
The ``ssh_pwauth`` config key determines whether or not sshd will be configured
to accept password authentication.
The ``chpasswd`` config key accepts a dictionary containing either or both of
``users`` and ``expire``. The ``users`` key is used to assign a password to a
corresponding pre-existing user. The ``expire`` key is used to set
whether to expire all user passwords specified by this module,
such that a password will need to be reset on the user's next login.
.. note::
Prior to cloud-init 22.3, the ``expire`` key only applies to plain text
(including ``RANDOM``) passwords. Post 22.3, the ``expire`` key applies to
both plain text and hashed passwords.
``password`` config key is used to set the default user's password. It is
ignored if the ``chpasswd`` ``users`` is used. Note: the ``list`` keyword is
deprecated in favor of ``users``.
Zcc_set_passwordsz
Set Passwordsz7Set user passwords and enable/disable SSH password authz� # Set a default password that would need to be changed
# at first login
ssh_pwauth: true
password: password1
aU�� # Disable ssh password authentication
# Don't require users to change their passwords on next login
# Set the password for user1 to be 'password1' (OS does hashing)
# Set the password for user2 to a pre-hashed password
# Set the password for user3 to be a randomly generated password,
# which will be written to the system console
ssh_pwauth: false
chpasswd:
expire: false
users:
- name: user1
password: password1
type: text
- name: user2
password: $6$rounds=4096$5DJ8a9WMTEzIo5J4$Yms6imfeBvf3Yfu84mQBerh18l7OR1Wm1BJXZqFSpJ6BVas0AYJqIjP7czkOaAZHZi1kxQ5Y1IhgWN8K9NgxR1
- name: user3
type: RANDOM
)�id�name�title�
descriptionZdistrosZ frequencyZexamplesZactivate_by_schema_keys��c�������������C���s���g�|�]}|d�kr|�qS�)ZloLOI01��)�.0�xr���r����&/usr/lib/python3.6/cc_set_passwords.py�
<listcomp>]���s����r���)�
users_list�pw_type�returnc����������������s���|�sg�S���fdd�|�D��S�)zDeither password or type: RANDOM is required, user is always requiredc����������������s0���g�|�](}|j�d�d���kr|d�|j�dd�f�qS�)�type�hashr����password�RANDOM)�get)r����item)r
���r���r���r���f���s���z%get_users_by_type.<locals>.<listcomp>r���)r
���r
���r���)r
���r����get_users_by_type`���s����
r%���c�������������C���sP���y|�j�d|��tjd��W�n0�tjk
rJ�}�ztjd|��W�Y�d�d�}~X�nX�d�S�)NZrestartzRestarted the SSH daemon.zm'ssh_pwauth' configuration may not be applied. Cloud-init was unable to restart SSH daemon due to error: '%s')Zmanage_service�LOG�debugr���ZProcessExecutionError�warning)�distro�service�er���r���r����_restart_ssh_daemonm���s����
r,���)r)���c�������������C���s����|j�dd�}d}t|�t�r*tjdddd��tj|��r:d}nRtj|��rJd }nBd
|��d
�}|�d
ksj|�j��d
krztj d||���ntj
d||���d
S�t
||i�}|s�tj d|��d
S�|j
��r�t
j
ddddd|g�jj��}|j��dkr�t||��n
t||��d
S�)z�Apply sshd PasswordAuthentication changes.
@param pw_auth: config setting from 'pw_auth'.
Best given as True, False, or "unchanged".
@param distro: an instance of the distro class for the target distribution
@return: NoneZ
ssh_svcnameZsshZPasswordAuthenticationz-Using a string value for the 'ssh_pwauth' keyz22.2z&Use a boolean value with 'ssh_pwauth'.)�
deprecated�deprecated_version�
extra_message�yes�nozLeaving SSH config 'z
' unchanged.NZ unchangedz%s ssh_pwauth=%sz$%s Unrecognized value: ssh_pwauth=%sz/No need to restart SSH service, %s not updated.Z systemctlZshowz
--propertyZ
ActiveStatez--value�active�
activating� reloading)r2���r3���r4���)Z
get_option�
isinstance�strr���� deprecateZis_trueZis_false�lowerr&���r'���r(���r���Z
uses_systemdr����stdout�stripr,���)Zpw_authr)���r*���Zcfg_nameZcfg_valZbmsg�updated�stater���r���r����handle_ssh_pwauthy���s>����
r=���)r����cfg�cloud�argsr
���c�������
���-���C���s2��|j�}|r2|d�}d|kr@d|d�kr@|d�d=�ntj|dd��}d}g�}g�}d|kr�|d�} tj| dg�d�}d| kr�| d�r�tjdd d
d
��t| d�t�r�tjd
��tj| d|�}n2tjd
ddd
��tjd��tj| d�}
|
r�|
j ��}tj
| d|�}|p�|
��rD|�rDt
j
||�\}
}
t
j
|
�\}
}|
�r:d|
|f�g}n
tjd��g�}|�sT|�r�t|d�}dd��|D��}
t|d�}dd��|D��}g�}xJt|d�D�]<\}
}t��}|
j|
��|j|
|f��|j|
��d|������q�W�tjd�}x�|D�]�}|jdd
�\}}|j|�d�k �r,d|k�r,|j||f��|j|��nD|d
k�s@|dk�rXt��}|jd||f���|j||f��|
j|���q�W�|
�r�y
tjd
|
��|j|d d ��W�n<�tk
�r��}�z
|j|��tjtd!|
��W�Y�d�d�}~X�nX�|�r:y
tjd"|��|j|dd ��W�n<�tk
�r8�}�z
|j|��tjtd#|��W�Y�d�d�}~X�nX�t|��rfd$d%j|�f}tjd&|�d d d'��|�r�|
}t
j
�r�||7�}g�}
xd|D�]\}y|j
|��|
j|��W�n<�tk
�r��}�z
|j|��tjtd(|��W�Y�d�d�}~X�nX��q�W�|
�r�tjd)|
��t |j d*�|��t|��r.tjd+t|���|d,��d�S�)-Nr����chpasswd�listr!���T�users)�defaultzConfig key 'lists'z22.3zUse 'users' instead.)r-���r.���r/���z$Handling input for chpasswd as list.z
The chpasswd multiline stringz22.2zUse string type instead.z0Handling input for chpasswd as multiline string.�expirez%s:%sz2No default or defined user to change password for.�textc�������������S���s���g�|�]
\}}|�qS�r���r���)r����user�_r���r���r���r�������s����zhandle.<locals>.<listcomp>r ���c�������������S���s���g�|�]
\}}|�qS�r���r���)r���rG���rH���r���r���r���r�������s����r"����:z\$(1|2a|2y|5|6)(\$.+){2}�����RzChanging password for %s:F)Zhashedz,Failed to set passwords with chpasswd for %sz Setting hashed password for %s:z3Failed to set hashed passwords with chpasswd for %sz%Set the following 'random' passwords
�
z%s
%s
)�stderrZfallback_to_stdoutz
Failed to set 'expire' for %sz Expired passwords for: %s usersZ
ssh_pwauthz+%s errors occurred, re-raising the last one���)!r)���r���Zget_cfg_option_strZget_cfg_option_listr7���r5���rB���r&���r'����
splitlinesZget_cfg_option_boolr���Znormalize_users_groupsZextract_defaultr(���r%����rand_user_password�append�re�compile�split�matchrA���� ExceptionZlogexc�len�joinZ multi_logr���Z
EXPIRE_APPLIES_TO_HASHED_USERSZ
expire_passwdr=���r#���)
r���r>���r?���r@���r)���r!���rE���Zplistr
���ZchfgZ multilinerC���Z_groupsrG���Z
_user_config�errorsZplist_inZhashed_plist_inZ
hashed_usersZrandlistrH����prog�line�u�pr+���ZblurbZusers_to_expireZ
expired_usersr���r���r����handle����s�����
&
r^�������c�������������C���s���t�j|�td�S�)N)Z
select_from)r���Zrand_str�PW_SET)Zpwlenr���r���r���rP���5��s����rP���)r_���)+�__doc__ZloggingrR����stringr���r����textwrapr���Ztypingr���Z cloudinitr���r���r���Zcloudinit.cloudr ���Zcloudinit.configr
���Zcloudinit.config.schemar
���r
���Zcloudinit.distrosr
���r���r���Zcloudinit.settingsr���Zcloudinit.ssh_utilr���ZMODULE_DESCRIPTION�metaZ getLogger�__name__r&���rX���r`���rB���r6���r%���r,���r=���r^���rP���r���r���r���r����<module>���sB���
4�