Ovirt devel - Mar 2010 - [PATCH node] rootpw boot parameter

rootpw=<encrypted_password>
sets a temporary root password, change is forced on first login
password is crypted, same as Kickstart option rootpw --iscrypted

WARNING: use for debugging only, this is not secure!

Signed-off-by: Alan Pevec <apevec at redhat.com>
---
 scripts/ovirt-early |   22 ++++++++++++++++++++++
 1 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/scripts/ovirt-early b/scripts/ovirt-early
index 6e8e5b3..1ab0578 100755
--- a/scripts/ovirt-early
+++ b/scripts/ovirt-early
@@ -247,6 +247,12 @@ start() {
     # enter emergency shell for fixing configuration issues
     rescue 
+    #   rootpw=<encrypted_password>
+    # sets a temporary root password, change is forced on first login
+    # password is crypted, same as Kickstart option rootpw --iscrypted
+    # WARNING: use for debugging only, this is not secure!
+    rootpw+
     #   pxelinux format:
ip=<client-ip>:<boot-server-ip>:<gw-ip>:<netmask>
     #   anaconda format: ip=<client-ip> netmask=<netmask>
gateway=<gw-ip>
     #   ipv6=dhcp|auto
@@ -365,6 +371,9 @@ start() {
             rescue)
             rescue=1
             ;;
+            rootpw=*)
+            rootpw=${i#rootpw=}
+            ;;
 
             ovirt_overcommit*)
             i=${i#ovirt_overcommit=}
@@ -459,6 +468,19 @@ start() {
         fi
     fi
 
+    if [ -n "$rootpw" ]; then
+        log "Setting temporary root password: $rootpw"
+        unmount_config /etc/passwd /etc/shadow
+        /usr/sbin/usermod -p $rootpw root
+        chage -d 0 root
+        # PAM will force password change at first login
+        # so make sure we persist it after a successful login
+        cat >> /root/.bash_profile << EOF
+# added by ovirt-early
+persist /etc/passwd /etc/shadow
+EOF
+    fi
+
     if [ "$rescue" = 1 ]; then
         log "Rescue mode requested, starting emergency shell"
         stop_log
-- 
1.6.0.6

On Thu, 2010-03-04 at 22:24 +0100, Alan Pevec wrote:
> rootpw=<encrypted_password>
> sets a temporary root password, change is forced on first login
> password is crypted, same as Kickstart option rootpw --iscrypted
> 
> WARNING: use for debugging only, this is not secure!
> 
> Signed-off-by: Alan Pevec <apevec at redhat.com>
> ---
>  scripts/ovirt-early |   22 ++++++++++++++++++++++
>  1 files changed, 22 insertions(+), 0 deletions(-)
> 
> diff --git a/scripts/ovirt-early b/scripts/ovirt-early
> index 6e8e5b3..1ab0578 100755
> --- a/scripts/ovirt-early
> +++ b/scripts/ovirt-early
> @@ -247,6 +247,12 @@ start() {
>      # enter emergency shell for fixing configuration issues
>      rescue>  
> +    #   rootpw=<encrypted_password>
> +    # sets a temporary root password, change is forced on first login
> +    # password is crypted, same as Kickstart option rootpw --iscrypted
> +    # WARNING: use for debugging only, this is not secure!
> +    rootpw> +
>      #   pxelinux format:
ip=<client-ip>:<boot-server-ip>:<gw-ip>:<netmask>
>      #   anaconda format: ip=<client-ip> netmask=<netmask>
gateway=<gw-ip>
>      #   ipv6=dhcp|auto
> @@ -365,6 +371,9 @@ start() {
>              rescue)
>              rescue=1
>              ;;
> +            rootpw=*)
> +            rootpw=${i#rootpw=}
> +            ;;
>  
>              ovirt_overcommit*)
>              i=${i#ovirt_overcommit=}
> @@ -459,6 +468,19 @@ start() {
>          fi
>      fi
>  
> +    if [ -n "$rootpw" ]; then
> +        log "Setting temporary root password: $rootpw"
> +        unmount_config /etc/passwd /etc/shadow
> +        /usr/sbin/usermod -p $rootpw root
> +        chage -d 0 root
> +        # PAM will force password change at first login
> +        # so make sure we persist it after a successful login
> +        cat >> /root/.bash_profile << EOF
> +# added by ovirt-early
> +persist /etc/passwd /etc/shadow
> +EOF
> +    fi
> +
>      if [ "$rescue" = 1 ]; then
>          log "Rescue mode requested, starting emergency shell"
>          stop_log

ACK

this might be upon reboot in case of automated installed
with rootpw parameter
Unpersist temprorarily /etc/shaddow to let passwd work and persist
upon successful login.

Signed-off-by: Alan Pevec <apevec at redhat.com>
---
 scripts/ovirt-early |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/scripts/ovirt-early b/scripts/ovirt-early
index 4b85102..1c15792 100755
--- a/scripts/ovirt-early
+++ b/scripts/ovirt-early
@@ -478,11 +478,16 @@ start_ovirt_early () {
     if [ -n "$rootpw" ]; then
         log "Setting temporary root password: $rootpw"
         unmount_config /etc/passwd /etc/shadow
-        /usr/sbin/usermod -p $rootpw root
+        /usr/sbin/usermod -p "$rootpw" root
         chage -d 0 root
+    fi
+    # check if root password is expired, this might be upon reboot
+    # in case of automated installed with rootpw parameter!
+    if LC_ALL=C chage -l root | grep  -q "password must be changed";
then
+        unmount_config /etc/passwd /etc/shadow
         # PAM will force password change at first login
         # so make sure we persist it after a successful login
-        cat >> /root/.bash_profile << EOF
+        cat >> /etc/profile << EOF
 # added by ovirt-early
 persist /etc/passwd /etc/shadow
 EOF
-- 
1.6.0.6