Add support for using encrypted password strings when setting

the root / user passwords PR: bin/152868 Submitted by: kmoore Approved by: imp
2011-01-10 19:57:18 +00:00 · 2011-01-10 19:57:18 +00:00 · 9a29d48c18
commit 9a29d48c18
parent 4f7c775086
3 changed files with 40 additions and 10 deletions
--- a/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh
+++ b/usr.sbin/pc-sysinstall/backend/functions-cleanup.sh
@ -371,19 +371,32 @@ setup_gjournal()
 # Function which sets the root password from the install config
 set_root_pw()
 {
+  # Get the plaintext string
  get_value_from_cfg_with_spaces rootPass
-  PW="${VAL}"
+  local PW="${VAL}"
+
+  # Get the encrypted string
+  get_value_from_cfg_with_spaces rootEncPass
+  local ENCPW="${VAL}"

  # If we don't have a root pass, return
-  if [ -z "${PW}" ]
-  then
-    return 0
-  fi
+  if [ -z "${PW}" -a -z "${ENCPW}" ] ; then return 0 ; fi

  echo_log "Setting root password"
-  echo "${PW}" > ${FSMNT}/.rootpw
-  run_chroot_cmd "cat /.rootpw | pw usermod root -h 0"
-  rc_halt "rm ${FSMNT}/.rootpw"
+
+  # Check if setting plaintext password
+  if [ ! -z "${PW}" ] ; then
+    echo "${PW}" > ${FSMNT}/.rootpw
+    run_chroot_cmd "cat /.rootpw | pw usermod root -h 0"
+    rc_halt "rm ${FSMNT}/.rootpw"
+  fi
+
+  # Check if setting encrypted password
+  if [ ! -z "${ENCPW}" ] ; then
+    echo "${ENCPW}" > ${FSMNT}/.rootpw
+    run_chroot_cmd "cat /.rootpw | pw usermod root -H 0"
+    rc_halt "rm ${FSMNT}/.rootpw"
+  fi

 };

--- a/usr.sbin/pc-sysinstall/backend/functions-users.sh
+++ b/usr.sbin/pc-sysinstall/backend/functions-users.sh
@ -93,6 +93,13 @@ setup_users()
      USERPASS="$VAL"
    fi

+    echo $line | grep "^userEncPass=" >/dev/null 2>/dev/null
+    if [ "$?" = "0" ]
+    then
+      get_value_from_string "${line}"
+      USERENCPASS="$VAL"
+    fi
+
    echo $line | grep "^userShell=" >/dev/null 2>/dev/null
    if [ "$?" = "0" ]
    then
@ -135,6 +142,10 @@ setup_users()
        then
          ARGS="${ARGS} -h 0"
          echo "${USERPASS}" >${FSMNT}/.tmpPass
+	elif [ ! -z "${USERENCPASS}" ] 
+	then
+          ARGS="${ARGS} -H 0"
+          echo "${USERENCPASS}" >${FSMNT}/.tmpPass
        else
          ARGS="${ARGS} -h -"
          rm ${FSMNT}/.tmpPass 2>/dev/null 2>/dev/null
@ -160,7 +171,7 @@ setup_users()
        add_user "${ARGS}"

        # Unset our vars before looking for any more users
-        unset USERNAME USERCOMMENT USERPASS USERSHELL USERHOME USERGROUPS
+        unset USERNAME USERCOMMENT USERPASS USERENCPASS USERSHELL USERHOME USERGROUPS
      else
        exit_err "ERROR: commitUser was called without any userName= entry!!!" 
      fi
--- a/usr.sbin/pc-sysinstall/examples/README
+++ b/usr.sbin/pc-sysinstall/examples/README
@ -286,7 +286,11 @@ Options for setting up usernames and passwords on the installed system

 # rootPass=root

-Set the root password of the installed system to the specified string
+Set the root password of the installed system to the specified plaintext string
+
+# rootEncPass=<encryptedstring>
+
+Set the root password of the installed system to the specified encrypted string

 The below variables are used to setup a user on the installed system
 Be sure to call commitUser after after adding these values, and before
@ -295,6 +299,8 @@ starting another user block
 # userName=kris
 # userComment=Kris Moore
 # userPass=mypass
+or
+# userEncPass=<encryptedstring>
 # userShell=/bin/csh
 # userHome=/home/kris
 # userGroups=wheel,operator