a ahiF)@sUdZddlZddlZddlZddlZddlmZddlmZm Z m Z m Z ddl m Z ddlmZddlmZddlmZmZmZdd lmZdd lmZdd lmZd egegd Zeed<eeZ e!e"e!dddZ#ee"e"dddZ$edddZ%e"ee e!ddddZ&dddZ'dS)zFSet Passwords: Set user passwords and enable/disable SSH password authN)List)features lifecyclesubputil)Cloud)Config) MetaSchema) ALL_DISTROSDistroug_util)log_util) PER_INSTANCE)update_ssh_configZcc_set_passwords)idZdistrosZ frequencyZactivate_by_schema_keysmeta) users_listpw_typereturncs|sgSfdd|DS)zDeither password or type: RANDOM is required, user is always requiredcs0g|](}|ddkr|d|ddfqS)typehashnamepasswordRANDOM)get).0itemrE/usr/lib/python3.9/site-packages/cloudinit/config/cc_set_passwords.py (sz%get_users_by_type..r)rrrrrget_users_by_type#s  r!)distroservice extra_argsc GsZz"|jd|g|RtdWn2tjyT}ztd|WYd}~n d}~00dS)NZrestartzRestarted the SSH daemon.zm'ssh_pwauth' configuration may not be applied. Cloud-init was unable to restart SSH daemon due to error: '%s')Zmanage_serviceLOGdebugrZProcessExecutionErrorwarning)r"r#r$errr_restart_ssh_daemon0sr))r"cCs|dd}d}t|tr*tjddddt|r:d}nRt|rJd }nBd |d }|d usj|d krzt d||nt d||d St ||i}|st d|d S| rtddddd|gj}|dvrt||dn t||d S)zApply sshd PasswordAuthentication changes. @param pw_auth: config setting from 'pw_auth'. Best given as True, False, or "unchanged". @param distro: an instance of the distro class for the target distribution @return: NoneZ ssh_svcnameZsshZPasswordAuthenticationz-Using a string value for the 'ssh_pwauth' key22.2z&Use a boolean value with 'ssh_pwauth'.Z deprecatedZdeprecated_versionZ extra_messageZyesnozLeaving SSH config 'z ' unchanged.NZ unchangedz%s ssh_pwauth=%sz$%s Unrecognized value: ssh_pwauth=%sz/No need to restart SSH service, %s not updated.Z systemctlZshowz --propertyZ ActiveStatez--value)ZactiveZ activatingZ reloadingz--job-mode=ignore-dependencies)Z get_option isinstancestrr deprecaterZis_trueZis_falselowerr%r&r'rZ uses_systemdrstdoutstripr))Zpw_authr"r#Zcfg_nameZcfg_valZbmsgupdatedstaterrrhandle_ssh_pwauth<sH        r5)rcfgcloudargsrc Cs,|j}|r2|d}d|vr@d|dvr@|dd=nt|dd}d}g}g}d|vr|d} tj| dgd}d| vr| drtjdd d d t| dtrt d t| d|}n2tjd ddd t dt| d} | r| }t | d|}|sD|sD|rDt ||\} } t | \} }| r:d| |fg}n tdg}|sT|rt|d}dd|D} t|d}dd|D}g}t|dD]<\} }t}| | || |f|| d|qtd}|D]}|dd\}}||dur&d|vr&|||f||nD|dks:|dkrRt}|d||f|||f| |q| rzt d| |j|dd Wn>ty}z$||ttd!| WYd}~n d}~00|r6zt d"||j|dd Wn>ty4}z$||ttd#|WYd}~n d}~00t|rbd$d%|f}tjd&|ddd'|r| }tjr|||7}g}|D]^}z| |||Wn>ty}z$||ttd(|WYd}~n d}~00q|rt d)|t!|"d*|t|r(t d+t||d,dS)-NrchpasswdlistrTusers)defaultzConfig key 'lists'z22.3zUse 'users' instead.r+z$Handling input for chpasswd as list.zThe chpasswd multiline stringr*zUse string type instead.z0Handling input for chpasswd as multiline string.expirez%s:%sz2No default or defined user to change password for.textcSsg|] \}}|qSrrruser_rrrr zhandle..rcSsg|] \}}|qSrrr?rrrr rBr:z\$(1|2a|2y|5|6)(\$.+){2}RzChanging password for %s:F)Zhashedz,Failed to set passwords with chpasswd for %szSetting hashed password for %s:z3Failed to set hashed passwords with chpasswd for %sz%Set the following 'random' passwords  z%s %s )stderrZfallback_to_stdoutzFailed to set 'expire' for %szExpired passwords for: %s usersZ ssh_pwauthz+%s errors occurred, re-raising the last one)#r"rZget_cfg_option_strZget_cfg_option_listrr/r-r:r%r& splitlinesZget_cfg_option_boolr Znormalize_users_groupsZextract_defaultr'r!rand_user_passwordappendrecompilesplitmatchr9 ExceptionZlogexclenjoinr Z multi_logrZEXPIRE_APPLIES_TO_HASHED_USERSZ expire_passwdr5r)rr6r7r8r"rr=ZplistrZchfgZ multiliner;Z_groupsr@Z _user_configerrorsZplist_inZhashed_plist_inZ hashed_usersZrandlistrAproglineupr(ZblurbZusers_to_expireZ expired_usersrrrhandle~s                   (  rXcCs|dkrtdttjttjttjttjg}|t t j |t |tjtjtjtjdt |d|S)Nz.Password length must be at least 4 characters.) select_from) ValueErrorrandomchoicestringdigitsZascii_lowercaseZascii_uppercaseZ punctuationextendr:rZrand_strrQZshufflerR)ZpwlenZ res_rand_listrrrrJs.      rJ)rY)(__doc__Zloggingr^rLr`typingrZ cloudinitrrrrZcloudinit.cloudrZcloudinit.configrZcloudinit.config.schemar Zcloudinit.distrosr r r Z cloudinit.logr Zcloudinit.settingsrZcloudinit.ssh_utilrr__annotations__Z getLogger__name__r%r:r.r!r)r5rXrJrrrrs2          B