f+ UdZddlZddlZddlmZmZddlmZddlm Z ddl m Z m Z m Z ddlmZddlmZdd lmZmZdd lmZmZmZdd lmZdd lmZd ZdddeegeededggdZeed<eeZej@e!Z"djGeezDcgc] }|dvs| c}Z$de%de&de%fdZ'dZ(defdZ)de&ded ed!e%ddf d"Z*d$d#Z+ycc}w)%zFSet Passwords: Set user passwords and enable/disable SSH password authN) ascii_lettersdigits)dedent)List)featuressubputil)Cloud)Config) MetaSchema get_meta_doc) ALL_DISTROSDistroug_util) PER_INSTANCE)update_ssh_configaThis module consumes three top-level config keys: ``ssh_pwauth``, ``chpasswd`` and ``password``. The ``ssh_pwauth`` config key determines whether or not sshd will be configured to accept password authentication. The ``chpasswd`` config key accepts a dictionary containing either or both of ``users`` and ``expire``. The ``users`` key is used to assign a password to a corresponding pre-existing user. The ``expire`` key is used to set whether to expire all user passwords specified by this module, such that a password will need to be reset on the user's next login. .. note:: Prior to cloud-init 22.3, the ``expire`` key only applies to plain text (including ``RANDOM``) passwords. Post 22.3, the ``expire`` key applies to both plain text and hashed passwords. ``password`` config key is used to set the default user's password. It is ignored if the ``chpasswd`` ``users`` is used. Note: the ``list`` keyword is deprecated in favor of ``users``. cc_set_passwordsz Set Passwordsz7Set user passwords and enable/disable SSH password authz # Set a default password that would need to be changed # at first login ssh_pwauth: true password: password1 aU # Disable ssh password authentication # Don't require users to change their passwords on next login # Set the password for user1 to be 'password1' (OS does hashing) # Set the password for user2 to a pre-hashed password # Set the password for user3 to be a randomly generated password, # which will be written to the system console ssh_pwauth: false chpasswd: expire: false users: - name: user1 password: password1 type: text - name: user2 password: $6$rounds=4096$5DJ8a9WMTEzIo5J4$Yms6imfeBvf3Yfu84mQBerh18l7OR1Wm1BJXZqFSpJ6BVas0AYJqIjP7czkOaAZHZi1kxQ5Y1IhgWN8K9NgxR1 - name: user3 type: RANDOM )idnametitle descriptiondistros frequencyexamplesactivate_by_schema_keysmetaloLOI01 users_listpw_typereturnc|sgS|Dcgc].}|jdd|k(r|d|jddf0c}Scc}w)zDeither password or type: RANDOM is required, user is always requiredtypehashrpasswordRANDOM)get)rr items C/usr/lib/python3/dist-packages/cloudinit/config/cc_set_passwords.pyget_users_by_typer*`sZ  # xx'72&\488J9 :  s3?c |jd|tjdy#tj$r }tj d|Yd}~yd}~wwxYw)NrestartzRestarted the SSH daemon.zm'ssh_pwauth' configuration may not be applied. Cloud-init was unable to restart SSH daemon due to error: '%s')manage_serviceLOGdebugrProcessExecutionErrorwarning)distroservicees r)_restart_ssh_daemonr5msS i1 -.  % %   >    s'*AAAr2c|jdd}d}t|trtjdddtj |rd}nctj |rd }nKd |d }||jd k(rtjd||y tjd||y t||i}|stjd|y |jrStjddddd|gjj}|jdvr t!||y y t!||y )zApply sshd PasswordAuthentication changes. @param pw_auth: config setting from 'pw_auth'. Best given as True, False, or "unchanged". @param distro: an instance of the distro class for the target distribution @return: None ssh_svcnamesshPasswordAuthenticationz-Using a string value for the 'ssh_pwauth' key22.2z&Use a boolean value with 'ssh_pwauth'. deprecateddeprecated_version extra_messageyesnozLeaving SSH config 'z ' unchanged.N unchangedz%s ssh_pwauth=%sz$%s Unrecognized value: ssh_pwauth=%sz/No need to restart SSH service, %s not updated. systemctlshowz --property ActiveStatez--value)active activating reloading) get_option isinstancestrr deprecateis_trueis_falselowerr.r/r1r uses_systemdrstdoutstripr5)pw_authr2r3cfg_namecfg_valbmsgupdatedstates r)handle_ssh_pwauthrXys< u5G'H'3 F%B  ||G w %hZ|< ?gmmo< II($ 8  KK>g N7 34G  CXN       &  ;;=A A  0 B FG,rcfgcloudargsc |j}|r|d}d|vr%d|dvr|dd=ntj|dd}d}g}g}d|vr|d} tj| dg}d| vr| drtjdd d t | dt r-tjd tj| d|}nUtjd dd tjdtj| d} | r| j}tj| d|}|sU|sS|rQtj||\} } tj| \} }| r | d|g}ntjdg}|s|rAt|d}|D cgc]\} }|  } } }t|d}|D cgc]\} }|  }} }g}t|dD]I\} }t!}| j#| |j#| |f|j#| d|Kt%j&d}|D]}|j)dd\}}|j+|)d|vr%|j#||f|j#|R|dk(s|dk(r t!}|j#|d||j#||f| j#|| r* tjd| |j-|d|r* tjd||j-|dt3|r.d d!j5|f}tj6d"|zdd#|r[| }t8j:r||z }g}|D]%} |j=||j#|'|rtjd%|t?|jAd&|t3|r$tjd't3||d(ycc}} wcc}} w#t.$r7}|j#|tj0td| Yd}~Td}~wwxYw#t.$r7}|j#|tj0td|Yd}~kd}~wwxYw#t.$r7}|j#|tj0td$|Yd}~Xd}~wwxYw))Nrchpasswdlistr%Tusers)defaultzConfig key 'lists'z22.3zUse 'users' instead.r;z$Handling input for chpasswd as list.zThe chpasswd multiline stringr:zUse string type instead.z0Handling input for chpasswd as multiline string.expire:z2No default or defined user to change password for.textr$r&z\$(1|2a|2y|5|6)(\$.+){2}RzChanging password for %s:F)hashedz,Failed to set passwords with chpasswd for %szSetting hashed password for %s:z3Failed to set hashed passwords with chpasswd for %sz%Set the following 'random' passwords  z%s %s )stderrfallback_to_stdoutzFailed to set 'expire' for %szExpired passwords for: %s users ssh_pwauthz+%s errors occurred, re-raising the last one)!r2r get_cfg_option_strget_cfg_option_listrKrIr_r.r/ splitlinesget_cfg_option_boolrnormalize_users_groupsextract_defaultr1r*rand_user_passwordappendrecompilesplitmatchr^ Exceptionlogexclenjoin multi_logrEXPIRE_APPLIES_TO_HASHED_USERS expire_passwdrXr')rrZr[r\r2r%rbplistrchfg multiliner`_groupsuser _user_configerrorsplist_in_hashed_plist_in hashed_usersrandlistproglineupr4blurbusers_to_expire expired_userss r)handlers\\F 7  3z?!:J'**3 DA FEJS:--dGRH T>d6l NN/#)4  $v,- @A00vuE>'-"<  LM 33D&A %002E))$&A %X"99#vF&66u=|  $h/0E KKL M F %Z8%-.'$..+J?,;<q< <(X> 2GD!)+H LL  OOT8, - OOtfAhZ0 1  2zz56 D::c1%DAqzz!}(S\&&1v.##A&8qH}*,AOOq!$45A' Q    5u=7   ;\J= x=8 (#E NNU"5U  #O66</M$ II((+!((+ I ;]Kcggl+V4 6{ ?VMRj]/<@  a  G   a  I  4!IMM!$KK%DaHHIsT P P!%)P')Q*"R-' Q'0,Q""Q'* R*3,R%%R*- S-6,S((S-c8tj|tS)N) select_from)r rand_strPW_SET)pwlens r)rsrs5s ==F 33rY)),__doc__loggingrustringrrtextwraprtypingr cloudinitrrr cloudinit.cloudr cloudinit.configr cloudinit.config.schemar r cloudinit.distrosrrrcloudinit.settingsrcloudinit.ssh_utilrMODULE_DESCRIPTIONr__annotations__ getLogger__name__r.r|rr_rJr*r5rXrrs)xs0r)rs5M (**!#<::+00   F%}     > "M'j'R t g! ]V3Jq 7I!J K $     1-v1-hEE6E%EtEEP4qKs ! C+C