܍~c/ UdZddlZddlmZddlmZmZddlmZddl m Z ddl m Z ddl m Zdd l mZmZdd lmZdd lmZdd lmZmZdd lmZmZmZddlmZddlmZdZdddeegeededggdZ ee!d<ee Zej"e#Z$d%deezDZ&de'de(de'fdZ)defdZ*d e(d!ed"ed#ed$e'ddf d%Z+d(d'Z,dS))zFSet Passwords: Set user passwords and enable/disable SSH password authN)Logger) ascii_lettersdigits)dedent)List)features)log)subputil)Cloud)Config) MetaSchema get_meta_doc) ALL_DISTROSDistroug_util) PER_INSTANCE)update_ssh_configaThis module consumes three top-level config keys: ``ssh_pwauth``, ``chpasswd`` and ``password``. The ``ssh_pwauth`` config key determines whether or not sshd will be configured to accept password authentication. The ``chpasswd`` config key accepts a dictionary containing either or both of ``users`` and ``expire``. The ``users`` key is used to assign a password to a corresponding pre-existing user. The ``expire`` key is used to set whether to expire all user passwords specified by this module, such that a password will need to be reset on the user's next login. .. note:: Prior to cloud-init 22.3, the ``expire`` key only applies to plain text (including ``RANDOM``) passwords. Post 22.3, the ``expire`` key applies to both plain text and hashed passwords. ``password`` config key is used to set the default user's password. It is ignored if the ``chpasswd`` ``users`` is used. Note: the ``list`` keyword is deprecated in favor of ``users``. cc_set_passwordsz Set Passwordsz7Set user passwords and enable/disable SSH password authz # Set a default password that would need to be changed # at first login ssh_pwauth: true password: password1 aU # Disable ssh password authentication # Don't require users to change their passwords on next login # Set the password for user1 to be 'password1' (OS does hashing) # Set the password for user2 to a pre-hashed password # Set the password for user3 to be a randomly generated password, # which will be written to the system console ssh_pwauth: false chpasswd: expire: false users: - name: user1 password: password1 type: text - name: user2 password: $6$rounds=4096$5DJ8a9WMTEzIo5J4$Yms6imfeBvf3Yfu84mQBerh18l7OR1Wm1BJXZqFSpJ6BVas0AYJqIjP7czkOaAZHZi1kxQ5Y1IhgWN8K9NgxR1 - name: user3 type: RANDOM )idnametitle descriptiondistros frequencyexamplesactivate_by_schema_keysmetacg|]}|dv| S)loLOI01).0xs C/usr/lib/python3/dist-packages/cloudinit/config/cc_set_passwords.py r&_s"JJJq 7I7I!7I7I7I users_listpw_typereturnc(|sgn fd|DS)zDeither password or type: RANDOM is required, user is always requiredcg|]:}|ddk|d|ddf;S)typehashrpasswordRANDOM)get)r#itemr)s r%r&z%get_users_by_type..gsS   xx''722&\488J99 :222r'r")r(r)s `r%get_users_by_typer3bs<     "   r'distrocl|dd}d} |d|n#tj$r}|}|st d||d}nz|jdkrt d||d}nP|jd kr"t d ||Yd }~d St d |||Yd }~d SYd }~nd }~wwxYwd }t|trt dtj |rd}nrtj |rd}n[d|d}||dkrt d||nt d||d St||i} | st d|d S|r2|d|t dd St dd S)zApply sshd PasswordAuthentication changes. @param pw_auth: config setting from 'pw_auth'. Best given as True, False, or "unchanged". @param distro: an instance of the distro class for the target distribution @return: None ssh_svcnamesshTstatuszsWriting config 'ssh_pwauth: %s'. SSH service '%s' will not be restarted because it is not running or not available.Fz^Writing config 'ssh_pwauth: %s'. SSH service '%s' will not be restarted because it is stopped.zDIgnoring config 'ssh_pwauth: %s'. SSH service '%s' is not installed.NzOIgnoring config 'ssh_pwauth: %s'. SSH service '%s' is not available. Error: %s.PasswordAuthenticationzDEPRECATION: The 'ssh_pwauth' config key should be set to a boolean value. The string format is deprecated and will be removed in a future version of cloud-init.yesnozLeaving SSH config 'z ' unchanged. unchangedz%s ssh_pwauth=%sz$%s Unrecognized value: ssh_pwauth=%sz/No need to restart SSH service, %s not updated.restartzRestarted the SSH daemon.z/Not restarting SSH service: service is stopped.) get_optionmanage_servicer ProcessExecutionError uses_systemdLOGdebug exit_codewarning isinstancestrr is_trueis_falselowerr) pw_authr4service restart_ssherCcfg_namecfg_valbmsgupdateds r%handle_ssh_pwauthrUos u55GK'h0000  %%%%**,, #  II     KK [A   II@      KK [A   KK6     FFFFF KKA     FFFFFK%N(H'3   9    |G  w  g N N N7 344G  CXNNNEi111 -..... CDDDDDs1C9BC4 C44C9rcfgcloudr argsct |j}|r |d}d|vrd|dvr |dd=ntj|dd}d}g}g} d|vr|d} tj| dg} d| vr| dr|dt | dt r,|d tj| d|}nU|d |d tj| d} | r| }tj | d |}| sS|sQ|rOtj ||\} } tj | \}}|r |d |g}n|dg}|s| rCt| d}d|D} t| d}d|D}g}t| dD]Y\}}t}| ||||f||d |Zt!jd}|D]}|d d\}}||1d |vr-|||f||a|dks|dkr(t}||d ||||f| || rq |d| ||dnB#t*$r5}||tj|d| Yd}~nd}~wwxYw|rq |d|||dnB#t*$r5}||tj|d|Yd}~nd}~wwxYwt/|r1dd|f}tjd|zdd |r| }t4jr||z }g}|D]o} ||||.#t*$r5}||tj|d!|Yd}~hd}~wwxYw|r|d"|t;|d#|t/|r+|d$t/||d%dS)&Nrchpasswdlistr/Tusers)defaultz8DEPRECATION: key 'lists' is now deprecated. Use 'users'.z$Handling input for chpasswd as list.zDEPRECATION: The chpasswd multiline string format is deprecated and will be removed from a future version of cloud-init. Use the list format instead.z0Handling input for chpasswd as multiline string.expire:z2No default or defined user to change password for.textcg|]\}}|Sr"r"r#user_s r%r&zhandle..s...'$...r'r.cg|]\}}|Sr"r"rbs r%r&zhandle..s<<<q<<>d6l> KKJ   $v,-- 3 @AAA0vuEE ?  LMMM 3D&AA 3%0022E)$&AA N%NXN"9#vFF&6u==|  N $hh/0EE KKL M M M F OL OL%Z88..X...+J??<> 2 2GD!)++H LL    OOT8, - - - OOt00h00 1 1 1 1z566 D::c1%%DAqzz!}}(S\\&&1v...##A&&&&88qH}}*,,AOOqqq!!$4555A''' Q    5u===7777    a    G     ;\JJJ====    a    I   x== 8 (##E NU"5U      L#O6 0</M$ I II((+++!((++++ IIIMM!$$$K%DaHHHHHHHHI L ;]KKKcggl++V444 6{{ ?VMMMRjsH-M N+M??N -N88 O7+O22O7*R S +R;;Sc8tj|tS)N) select_from)r rand_strPW_SET)pwlens r%rtrtJs =F 3 3 33r')r)-__doc__rvloggingrstringrrtextwraprtypingr cloudinitrr r r cloudinit.cloudr cloudinit.configr cloudinit.config.schemarrcloudinit.distrosrrrcloudinit.settingsrcloudinit.ssh_utilrMODULE_DESCRIPTIONr__annotations__ getLogger__name__rDr}rr[rIr3rUrrtr"r'r%rsMLL (((((((($$$$$$ !!!!!!######<<<<<<<<::::::::::++++++0000000   F%}       > "M''j'''R ,t  g!! JJ]V3JJJ K K $      PEvPEPEPEPEfE EE#(E/5E=AE EEEEP444444r'