* [PATCH] add new extrausers command passwd-expire
@ 2020-10-26 20:41 Joseph Reynolds
2020-10-27 19:41 ` [OE-core] " Richard Purdie
0 siblings, 1 reply; 4+ messages in thread
From: Joseph Reynolds @ 2020-10-26 20:41 UTC (permalink / raw)
To: OE-core
This enhances extrausers with a new passwd-expire command that causes
a local user's password to be expired as if the `passwd --expire`
command was run, so the password needs to be changed on initial login.
Example: EXTRA_USERS_PARAMS += " useradd ... sofia; passwd-expire sofia;"
Tested: on useradd accounts
When configured with Linux-PAM, console login prompts for and can
successfully change the password. OpenSSH server works. Dropbear
SSH server notes the password must be changed but does not offer a
password change dialog and rejects the login request.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
---
meta/classes/extrausers.bbclass | 3 +++
meta/classes/useradd_base.bbclass | 18 ++++++++++++++++++
2 files changed, 21 insertions(+)
diff --git a/meta/classes/extrausers.bbclass
b/meta/classes/extrausers.bbclass
index 32569e9..90811bf 100644
--- a/meta/classes/extrausers.bbclass
+++ b/meta/classes/extrausers.bbclass
@@ -46,6 +46,9 @@ set_user_group () {
usermod)
perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS}
$opts"
;;
+ passwd-expire)
+ perform_passwd_expire "${IMAGE_ROOTFS}" "$opts"
+ ;;
groupmod)
perform_groupmod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS}
$opts"
;;
diff --git a/meta/classes/useradd_base.bbclass
b/meta/classes/useradd_base.bbclass
index 0d0bdb8..7f5b9b7 100644
--- a/meta/classes/useradd_base.bbclass
+++ b/meta/classes/useradd_base.bbclass
@@ -145,3 +145,21 @@ perform_usermod () {
fi
set -e
}
+
+perform_passwd_expire () {
+ local rootdir="$1"
+ local opts="$2"
+ bbnote "${PN}: Performing equivalent of passwd --expire with [$opts]"
+ # Directly set sp_lstchg to 0 without using the passwd command:
Only root can do that
+ local username=`echo "$opts" | awk '{ print $NF }'`
+ local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`"
+ if test "x$user_exists" != "x"; then
+ eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed -i
\''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' $rootdir/etc/shadow \" || tru
e
+ local passwd_lastchanged="`grep "^$username:"
$rootdir/etc/shadow | cut -d: -f3`"
+ if test "x$passwd_lastchanged" != "x0"; then
+ bbfatal "${PN}: passwd --expire operation did not succeed."
+ fi
+ else
+ bbnote "${PN}: user $username doesn't exist, not expiring its
password"
+ fi
+}
--
2.7.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [OE-core] [PATCH] add new extrausers command passwd-expire
2020-10-26 20:41 [PATCH] add new extrausers command passwd-expire Joseph Reynolds
@ 2020-10-27 19:41 ` Richard Purdie
2020-10-27 23:19 ` [OE-core] [PATCH] add new extrausers command passwd-expire - moved to PR 63 Joseph Reynolds
0 siblings, 1 reply; 4+ messages in thread
From: Richard Purdie @ 2020-10-27 19:41 UTC (permalink / raw)
To: Joseph Reynolds, OE-core
Hi Joseph,
On Mon, 2020-10-26 at 15:41 -0500, Joseph Reynolds wrote:
> This enhances extrausers with a new passwd-expire command that causes
> a local user's password to be expired as if the `passwd --expire`
> command was run, so the password needs to be changed on initial
> login.
>
> Example: EXTRA_USERS_PARAMS += " useradd ... sofia; passwd-expire
> sofia;"
>
> Tested: on useradd accounts
> When configured with Linux-PAM, console login prompts for and can
> successfully change the password. OpenSSH server works. Dropbear
> SSH server notes the password must be changed but does not offer a
> password change dialog and rejects the login request.
>
> Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
> ---
> meta/classes/extrausers.bbclass | 3 +++
> meta/classes/useradd_base.bbclass | 18 ++++++++++++++++++
> 2 files changed, 21 insertions(+)
>
> diff --git a/meta/classes/extrausers.bbclass
> b/meta/classes/extrausers.bbclass
> index 32569e9..90811bf 100644
> --- a/meta/classes/extrausers.bbclass
> +++ b/meta/classes/extrausers.bbclass
> @@ -46,6 +46,9 @@ set_user_group () {
> usermod)
> perform_usermod "${IMAGE_ROOTFS}" "-R
> ${IMAGE_ROOTFS}
> $opts"
Unfortunately this patch is coming through line wrapped which makes it
hard to apply. Can you resend it without the line wrapping, or point at
a git tree with the patch in please?
I do remember the patch from the last time around and I think this was
the issue last time as well, I couldn't get it to apply. It does seem
like a reasonable addition and it would be good to work with openBMC on
common issues like this!
Cheers,
Richard
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core] [PATCH] add new extrausers command passwd-expire - moved to PR 63
2020-10-27 19:41 ` [OE-core] " Richard Purdie
@ 2020-10-27 23:19 ` Joseph Reynolds
2020-10-27 23:40 ` Richard Purdie
0 siblings, 1 reply; 4+ messages in thread
From: Joseph Reynolds @ 2020-10-27 23:19 UTC (permalink / raw)
To: Richard Purdie, OE-core
On 10/27/20 2:41 PM, Richard Purdie wrote:
> Hi Joseph,
>
> On Mon, 2020-10-26 at 15:41 -0500, Joseph Reynolds wrote:
>> This enhances extrausers with a new passwd-expire command that causes
>> a local user's password to be expired as if the `passwd --expire`
>> command was run, so the password needs to be changed on initial
>> login.
>>
>> Example: EXTRA_USERS_PARAMS += " useradd ... sofia; passwd-expire
>> sofia;"
>>
>> Tested: on useradd accounts
>> When configured with Linux-PAM, console login prompts for and can
>> successfully change the password. OpenSSH server works. Dropbear
>> SSH server notes the password must be changed but does not offer a
>> password change dialog and rejects the login request.
>>
>> Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
>> ---
>> meta/classes/extrausers.bbclass | 3 +++
>> meta/classes/useradd_base.bbclass | 18 ++++++++++++++++++
>> 2 files changed, 21 insertions(+)
>>
>> diff --git a/meta/classes/extrausers.bbclass
>> b/meta/classes/extrausers.bbclass
>> index 32569e9..90811bf 100644
>> --- a/meta/classes/extrausers.bbclass
>> +++ b/meta/classes/extrausers.bbclass
>> @@ -46,6 +46,9 @@ set_user_group () {
>> usermod)
>> perform_usermod "${IMAGE_ROOTFS}" "-R
>> ${IMAGE_ROOTFS}
>> $opts"
> Unfortunately this patch is coming through line wrapped which makes it
> hard to apply. Can you resend it without the line wrapping, or point at
> a git tree with the patch in please?
Thanks. The PR work flow is much easier for me. I didn't realize OE
was on github.com.
I hereby withdraw & abandon my email patch request and replace it with:
https://github.com/openembedded/openembedded-core/pull/63
- Joseph
>
> I do remember the patch from the last time around and I think this was
> the issue last time as well, I couldn't get it to apply. It does seem
> like a reasonable addition and it would be good to work with openBMC on
> common issues like this!
>
> Cheers,
>
> Richard
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core] [PATCH] add new extrausers command passwd-expire - moved to PR 63
2020-10-27 23:19 ` [OE-core] [PATCH] add new extrausers command passwd-expire - moved to PR 63 Joseph Reynolds
@ 2020-10-27 23:40 ` Richard Purdie
0 siblings, 0 replies; 4+ messages in thread
From: Richard Purdie @ 2020-10-27 23:40 UTC (permalink / raw)
To: Joseph Reynolds, OE-core
On Tue, 2020-10-27 at 18:19 -0500, Joseph Reynolds wrote:
> On 10/27/20 2:41 PM, Richard Purdie wrote:
> > Hi Joseph,
> >
> > On Mon, 2020-10-26 at 15:41 -0500, Joseph Reynolds wrote:
> > > This enhances extrausers with a new passwd-expire command that
> > > causes
> > > a local user's password to be expired as if the `passwd --expire`
> > > command was run, so the password needs to be changed on initial
> > > login.
> > >
> > > Example: EXTRA_USERS_PARAMS += " useradd ... sofia; passwd-expire
> > > sofia;"
> > >
> > > Tested: on useradd accounts
> > > When configured with Linux-PAM, console login prompts for and can
> > > successfully change the password. OpenSSH server
> > > works. Dropbear
> > > SSH server notes the password must be changed but does not offer
> > > a
> > > password change dialog and rejects the login request.
> > >
> > > Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
> > > ---
> > > meta/classes/extrausers.bbclass | 3 +++
> > > meta/classes/useradd_base.bbclass | 18 ++++++++++++++++++
> > > 2 files changed, 21 insertions(+)
> > >
> > > diff --git a/meta/classes/extrausers.bbclass
> > > b/meta/classes/extrausers.bbclass
> > > index 32569e9..90811bf 100644
> > > --- a/meta/classes/extrausers.bbclass
> > > +++ b/meta/classes/extrausers.bbclass
> > > @@ -46,6 +46,9 @@ set_user_group () {
> > > usermod)
> > > perform_usermod "${IMAGE_ROOTFS}" "-R
> > > ${IMAGE_ROOTFS}
> > > $opts"
> > Unfortunately this patch is coming through line wrapped which makes
> > it
> > hard to apply. Can you resend it without the line wrapping, or
> > point at
> > a git tree with the patch in please?
>
> Thanks. The PR work flow is much easier for me. I didn't realize
> OE
> was on github.com.
> I hereby withdraw & abandon my email patch request and replace it
> with:
> https://github.com/openembedded/openembedded-core/pull/63
We don't. In this case since its mangled, I'm willing to pull from
somewhere. We do need patches on the mailing list for review since that
is where people look to review them. github works fine for a single
maintainer, I can't merge pretty much anything without public peer
review though.
Cheers,
Richard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-10-27 23:40 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-10-26 20:41 [PATCH] add new extrausers command passwd-expire Joseph Reynolds
2020-10-27 19:41 ` [OE-core] " Richard Purdie
2020-10-27 23:19 ` [OE-core] [PATCH] add new extrausers command passwd-expire - moved to PR 63 Joseph Reynolds
2020-10-27 23:40 ` Richard Purdie
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox