[PATCH 0/1] Resend the patch from Joseph

[PATCH 0/1] Resend the patch from Joseph

[kai]

From: Kai Kang <kai.kang@windriver.com>

The original patch can't applied with 'git am'. And it is useful for me,
so resend the patch from:

https://github.com/openembedded/openembedded-core/pull/63


Joseph Reynolds (1):
  add new extrausers command passwd-expire

 meta/classes/extrausers.bbclass   |  3 +++
 meta/classes/useradd_base.bbclass | 18 ++++++++++++++++++
 2 files changed, 21 insertions(+)

-- 
2.17.1

[PATCH] add new extrausers command passwd-expire

[kai]

From: Joseph Reynolds <joseph-reynolds@charter.net>

This enhances extrausers with a new passwd-expire command that causes
a local user's password to be expired as if the `passwd --expire`
command was run, so the password needs to be changed on initial login.

Example: EXTRA_USERS_PARAMS += " useradd ... USER; passwd-expire USER;"

Tested: on useradd accounts
When configured with Linux-PAM, console login prompts for and can
successfully change the password.  OpenSSH server works.  Dropbear
SSH server notes the password must be changed but does not offer a
password change dialog and rejects the login request.

Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
 meta/classes/extrausers.bbclass   |  3 +++
 meta/classes/useradd_base.bbclass | 18 ++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/meta/classes/extrausers.bbclass b/meta/classes/extrausers.bbclass
index 32569e97db..90811bfe2a 100644
--- a/meta/classes/extrausers.bbclass
+++ b/meta/classes/extrausers.bbclass
@@ -46,6 +46,9 @@ set_user_group () {
 			usermod)
 				perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} $opts"
 				;;
+			passwd-expire)
+				perform_passwd_expire "${IMAGE_ROOTFS}" "$opts"
+				;;
 			groupmod)
 				perform_groupmod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} $opts"
 				;;
diff --git a/meta/classes/useradd_base.bbclass b/meta/classes/useradd_base.bbclass
index 0d0bdb80f5..7f5b9b7219 100644
--- a/meta/classes/useradd_base.bbclass
+++ b/meta/classes/useradd_base.bbclass
@@ -145,3 +145,21 @@ perform_usermod () {
 	fi
 	set -e
 }
+
+perform_passwd_expire () {
+	local rootdir="$1"
+	local opts="$2"
+	bbnote "${PN}: Performing equivalent of passwd --expire with [$opts]"
+	# Directly set sp_lstchg to 0 without using the passwd command: Only root can do that
+	local username=`echo "$opts" | awk '{ print $NF }'`
+	local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`"
+	if test "x$user_exists" != "x"; then
+		eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed -i \''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' $rootdir/etc/shadow \" || true
+		local passwd_lastchanged="`grep "^$username:" $rootdir/etc/shadow | cut -d: -f3`"
+		if test "x$passwd_lastchanged" != "x0"; then
+			bbfatal "${PN}: passwd --expire operation did not succeed."
+		fi
+	else
+		bbnote "${PN}: user $username doesn't exist, not expiring its password"
+	fi
+}
-- 
2.17.1

[PATCH] add new extrausers command passwd-expire

[Joseph Reynolds]

This enhances extrausers with a new passwd-expire command that causes
a local user's password to be expired as if the `passwd --expire`
command was run, so the password needs to be changed on initial login.

Example: EXTRA_USERS_PARAMS += " useradd ... sofia; passwd-expire sofia;"

Tested: on useradd accounts
When configured with Linux-PAM, console login prompts for and can
successfully change the password.  OpenSSH server works.  Dropbear
SSH server notes the password must be changed but does not offer a
password change dialog and rejects the login request.

Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
---
  meta/classes/extrausers.bbclass   |  3 +++
  meta/classes/useradd_base.bbclass | 18 ++++++++++++++++++
  2 files changed, 21 insertions(+)

diff --git a/meta/classes/extrausers.bbclass 
b/meta/classes/extrausers.bbclass
index 32569e9..90811bf 100644
--- a/meta/classes/extrausers.bbclass
+++ b/meta/classes/extrausers.bbclass
@@ -46,6 +46,9 @@ set_user_group () {
              usermod)
                  perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} 
$opts"
                  ;;
+            passwd-expire)
+                perform_passwd_expire "${IMAGE_ROOTFS}" "$opts"
+                ;;
              groupmod)
                  perform_groupmod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} 
$opts"
                  ;;
diff --git a/meta/classes/useradd_base.bbclass 
b/meta/classes/useradd_base.bbclass
index 0d0bdb8..7f5b9b7 100644
--- a/meta/classes/useradd_base.bbclass
+++ b/meta/classes/useradd_base.bbclass
@@ -145,3 +145,21 @@ perform_usermod () {
      fi
      set -e
  }
+
+perform_passwd_expire () {
+    local rootdir="$1"
+    local opts="$2"
+    bbnote "${PN}: Performing equivalent of passwd --expire with [$opts]"
+    # Directly set sp_lstchg to 0 without using the passwd command: 
Only root can do that
+    local username=`echo "$opts" | awk '{ print $NF }'`
+    local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`"
+    if test "x$user_exists" != "x"; then
+        eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed -i 
\''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' $rootdir/etc/shadow \" || tru
e
+        local passwd_lastchanged="`grep "^$username:" 
$rootdir/etc/shadow | cut -d: -f3`"
+        if test "x$passwd_lastchanged" != "x0"; then
+            bbfatal "${PN}: passwd --expire operation did not succeed."
+        fi
+    else
+        bbnote "${PN}: user $username doesn't exist, not expiring its 
password"
+    fi
+}
-- 
2.7.2