Compare commits

...

1 Commits

Author SHA1 Message Date
cd30bedd2b system: some user inmprovements
* not use cgo
* add lock/unlock user

Signed-off-by: Vasiliy Tolstov <v.tolstov@selfip.ru>
2015-11-25 11:26:00 +00:00
4 changed files with 59 additions and 11 deletions

View File

@ -164,7 +164,7 @@ func TestConfigCompile(t *testing.T) {
func TestCloudConfigUnknownKeys(t *testing.T) {
contents := `
coreos:
coreos:
etcd:
discovery: "https://discovery.etcd.io/827c73219eeb2fa5530027c37bf18877"
coreos_unknown:
@ -227,7 +227,7 @@ func TestCloudConfigEmpty(t *testing.T) {
// Assert that the parsing of a cloud config file "generally works"
func TestCloudConfig(t *testing.T) {
contents := `
coreos:
coreos:
etcd:
discovery: "https://discovery.etcd.io/827c73219eeb2fa5530027c37bf18877"
update:
@ -236,14 +236,14 @@ coreos:
- name: 50-eth0.network
runtime: yes
content: '[Match]
Name=eth47
[Network]
Address=10.209.171.177/19
'
oem:
id: rackspace
@ -367,6 +367,7 @@ users:
gecos: arbitrary comment
homedir: /home/place
no_create_home: yes
lock_passwd: false
primary_group: things
groups:
- ping

View File

@ -24,6 +24,7 @@ type User struct {
GECOS string `yaml:"gecos"`
Homedir string `yaml:"homedir"`
NoCreateHome bool `yaml:"no_create_home"`
LockPasswd bool `yaml:"lock_passwd"`
PrimaryGroup string `yaml:"primary_group"`
Groups []string `yaml:"groups"`
NoUserGroup bool `yaml:"no_user_group"`

View File

@ -73,6 +73,11 @@ func Apply(cfg config.CloudConfig, ifaces []network.InterfaceGenerator, env *Env
}
}
if err = system.LockUnlockUser(&user); err != nil {
log.Printf("Failed lock/unlock user '%s': %v", user.Name, err)
return err
}
if len(user.SSHAuthorizedKeys) > 0 {
log.Printf("Authorizing %d SSH keys for user '%s'", len(user.SSHAuthorizedKeys), user.Name)
if err := system.AuthorizeSSHKeys(user.Name, env.SSHKeyName(), user.SSHAuthorizedKeys); err != nil {

View File

@ -18,15 +18,13 @@ import (
"fmt"
"log"
"os/exec"
"os/user"
"strings"
"github.com/coreos/coreos-cloudinit/config"
)
func UserExists(u *config.User) bool {
_, err := user.Lookup(u.Name)
return err == nil
return exec.Command("getent", "passwd", u.Name).Run() == nil
}
func CreateUser(u *config.User) error {
@ -81,12 +79,46 @@ func CreateUser(u *config.User) error {
output, err := exec.Command("useradd", args...).CombinedOutput()
if err != nil {
log.Printf("Command 'useradd %s' failed: %v\n%s", strings.Join(args, " "), err, output)
return err
}
return nil
}
func IsLockedUser(u *config.User) bool {
output, err := exec.Command("getent", "shadow", u.Name).CombinedOutput()
if err == nil {
fields := strings.Split(string(output), ":")
if len(fields[1]) > 1 && fields[1][0] == '!' {
return true
}
}
return false
}
func LockUnlockUser(u *config.User) error {
args := []string{}
if u.LockPasswd {
args = append(args, "-l")
} else {
if !IsLockedUser(u) {
return nil
}
args = append(args, "-u")
}
args = append(args, u.Name)
output, err := exec.Command("passwd", args...).CombinedOutput()
if err != nil {
log.Printf("Command 'passwd %s' failed: %v\n%s", strings.Join(args, " "), err, output)
}
return err
}
func SetUserPassword(user, hash string) error {
cmd := exec.Command("/usr/sbin/chpasswd", "-e")
cmd := exec.Command("chpasswd", "-e")
stdin, err := cmd.StdinPipe()
if err != nil {
@ -112,3 +144,12 @@ func SetUserPassword(user, hash string) error {
return nil
}
func UserHome(name string) (string, error) {
output, err := exec.Command("getent", "passwd", name).CombinedOutput()
if err != nil {
return "", err
}
passwd := strings.Split(string(output), ":")
return passwd[5], nil
}