add new extrausers command passwd-expire

This enhances extrausers with a new passwd-expire command that causes a local user's password to be expired as if the `passwd --expire` command was run, so the password needs to be changed on initial login. Example: EXTRA_USERS_PARAMS += " useradd ... USER; passwd-expire USER;" Tested: on useradd accounts When configured with Linux-PAM, console login prompts for and can successfully change the password. OpenSSH server works. Dropbear SSH server notes the password must be changed but does not offer a password change dialog and rejects the login request. (From OE-Core rev: 1bdcfa4b0d378947a6759fb91872a4edc9a42622) Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net> Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Joseph Reynolds <joseph-reynolds@charter.net> 2020-11-10 11:56:42 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-11-11 10:08:12 +0000
commit: 834ef343b3694ccc4d44999771d49fb316f242e0 (patch)
tree: a9b3835e852c909dfc81e6f25d41392d74b50ace
parent: 2b5e7e42769a47fddf9e6cb2fc63b504717c43b2 (diff)
download: poky-834ef343b3694ccc4d44999771d49fb316f242e0.tar.gz
2 files changed, 21 insertions, 0 deletions
diff --git a/meta/classes/extrausers.bbclass b/meta/classes/extrausers.bbclass
index 32569e97db..90811bfe2a 100644
--- a/meta/classes/extrausers.bbclass
+++ b/meta/classes/extrausers.bbclass
@@ -46,6 +46,9 @@ set_user_group () {
                        usermod)
                                perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} $opts"
                                ;;
+                        passwd-expire)
+                                perform_passwd_expire "${IMAGE_ROOTFS}" "$opts"
+                                ;;
                        groupmod)
                                perform_groupmod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} $opts"
                                ;;
diff --git a/meta/classes/useradd_base.bbclass b/meta/classes/useradd_base.bbclass
index 0d0bdb80f5..7f5b9b7219 100644
--- a/meta/classes/useradd_base.bbclass
+++ b/meta/classes/useradd_base.bbclass
@@ -145,3 +145,21 @@ perform_usermod () {
        fi
        set -e
 }
+perform_passwd_expire () {
+        local rootdir="$1"
+        local opts="$2"
+        bbnote "${PN}: Performing equivalent of passwd --expire with [$opts]"
+        # Directly set sp_lstchg to 0 without using the passwd command: Only root can do that
+        local username=`echo "$opts" | awk '{ print $NF }'`
+        local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`"
+        if test "x$user_exists" != "x"; then
+                eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed -i \''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' $rootdir/etc/shadow \" || true
+                local passwd_lastchanged="`grep "^$username:" $rootdir/etc/shadow | cut -d: -f3`"
+                if test "x$passwd_lastchanged" != "x0"; then
+                        bbfatal "${PN}: passwd --expire operation did not succeed."
+                fi
+        else
+                bbnote "${PN}: user $username doesn't exist, not expiring its password"
+        fi
+}
author	Joseph Reynolds <joseph-reynolds@charter.net>	2020-11-10 11:56:42 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-11-11 10:08:12 +0000
commit	834ef343b3694ccc4d44999771d49fb316f242e0 (patch)
tree	a9b3835e852c909dfc81e6f25d41392d74b50ace
parent	2b5e7e42769a47fddf9e6cb2fc63b504717c43b2 (diff)
download	poky-834ef343b3694ccc4d44999771d49fb316f242e0.tar.gz

diff --git a/meta/classes/extrausers.bbclass b/meta/classes/extrausers.bbclass index 32569e97db..90811bfe2a 100644 --- a/meta/classes/extrausers.bbclass +++ b/meta/classes/extrausers.bbclass
@@ -46,6 +46,9 @@ set_user_group () {
46	usermod)	46	usermod)
47	perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} $opts"	47	perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} $opts"
48	;;	48	;;
		49	passwd-expire)
		50	perform_passwd_expire "${IMAGE_ROOTFS}" "$opts"
		51	;;
49	groupmod)	52	groupmod)
50	perform_groupmod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} $opts"	53	perform_groupmod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} $opts"
51	;;	54	;;


diff --git a/meta/classes/useradd_base.bbclass b/meta/classes/useradd_base.bbclass index 0d0bdb80f5..7f5b9b7219 100644 --- a/meta/classes/useradd_base.bbclass +++ b/meta/classes/useradd_base.bbclass
@@ -145,3 +145,21 @@ perform_usermod () {
145	fi	145	fi
146	set -e	146	set -e
147	}	147	}
		148
		149	perform_passwd_expire () {
		150	local rootdir="$1"
		151	local opts="$2"
		152	bbnote "${PN}: Performing equivalent of passwd --expire with [$opts]"
		153	# Directly set sp_lstchg to 0 without using the passwd command: Only root can do that
		154	local username=`echo "$opts" \| awk '{ print $NF }'`
		155	local user_exists="`grep "^$username:" $rootdir/etc/passwd \|\| true`"
		156	if test "x$user_exists" != "x"; then
		157	eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed -i \''s/^\('$username':[^:]\):[^:]:/\1:0:/'\' $rootdir/etc/shadow \" \|\| true
		158	local passwd_lastchanged="`grep "^$username:" $rootdir/etc/shadow \| cut -d: -f3`"
		159	if test "x$passwd_lastchanged" != "x0"; then
		160	bbfatal "${PN}: passwd --expire operation did not succeed."
		161	fi
		162	else
		163	bbnote "${PN}: user $username doesn't exist, not expiring its password"
		164	fi
		165	}