Add support for password aging on Solaris (#4372)

* Add support for password aging on Solaris

* Fix shadow file editing when {MIN,MAX,WARN}WEEKS is not set in /etc/default/passwd

* Un-break with python3

* _Really_ un-break with python3
This commit is contained in:
Lars Engels 2016-09-20 16:42:27 +02:00 committed by Matt Clay
parent f33828e753
commit 8010b7f980

View file

@ -1237,6 +1237,29 @@ class SunOS(User):
distribution = None distribution = None
SHADOWFILE = '/etc/shadow' SHADOWFILE = '/etc/shadow'
def get_password_defaults(self):
# Read password aging defaults
try:
minweeks = ''
maxweeks = ''
warnweeks = ''
for line in open("/etc/default/passwd", 'r'):
line = line.strip()
if (line.startswith('#') or line == ''):
continue
key, value = line.split('=')
if key == "MINWEEKS":
minweeks = value.rstrip('\n')
elif key == "MAXWEEKS":
maxweeks = value.rstrip('\n')
elif key == "WARNWEEKS":
warnweeks = value.rstrip('\n')
except Exception:
err = get_exception()
self.module.fail_json(msg="failed to read /etc/default/passwd: %s" % str(err))
return (minweeks, maxweeks, warnweeks)
def remove_user(self): def remove_user(self):
cmd = [self.module.get_bin_path('userdel', True)] cmd = [self.module.get_bin_path('userdel', True)]
if self.remove: if self.remove:
@ -1294,6 +1317,7 @@ class SunOS(User):
if not self.module.check_mode: if not self.module.check_mode:
# we have to set the password by editing the /etc/shadow file # we have to set the password by editing the /etc/shadow file
if self.password is not None: if self.password is not None:
minweeks, maxweeks, warnweeks = self.get_password_defaults()
try: try:
lines = [] lines = []
for line in open(self.SHADOWFILE, 'rb').readlines(): for line in open(self.SHADOWFILE, 'rb').readlines():
@ -1303,6 +1327,12 @@ class SunOS(User):
continue continue
fields[1] = self.password fields[1] = self.password
fields[2] = str(int(time.time() / 86400)) fields[2] = str(int(time.time() / 86400))
if minweeks:
fields[3] = str(int(minweeks) * 7)
if maxweeks:
fields[4] = str(int(maxweeks) * 7)
if warnweeks:
fields[5] = str(int(warnweeks) * 7)
line = ':'.join(fields) line = ':'.join(fields)
lines.append('%s\n' % line) lines.append('%s\n' % line)
open(self.SHADOWFILE, 'w+').writelines(lines) open(self.SHADOWFILE, 'w+').writelines(lines)
@ -1381,6 +1411,7 @@ class SunOS(User):
if self.update_password == 'always' and self.password is not None and info[1] != self.password: if self.update_password == 'always' and self.password is not None and info[1] != self.password:
(rc, out, err) = (0, '', '') (rc, out, err) = (0, '', '')
if not self.module.check_mode: if not self.module.check_mode:
minweeks, maxweeks, warnweeks = self.get_password_defaults()
try: try:
lines = [] lines = []
for line in open(self.SHADOWFILE, 'rb').readlines(): for line in open(self.SHADOWFILE, 'rb').readlines():
@ -1390,6 +1421,12 @@ class SunOS(User):
continue continue
fields[1] = self.password fields[1] = self.password
fields[2] = str(int(time.time() / 86400)) fields[2] = str(int(time.time() / 86400))
if minweeks:
fields[3] = str(int(minweeks) * 7)
if maxweeks:
fields[4] = str(int(maxweeks) * 7)
if warnweeks:
fields[5] = str(int(warnweeks) * 7)
line = ':'.join(fields) line = ':'.join(fields)
lines.append('%s\n' % line) lines.append('%s\n' % line)
open(self.SHADOWFILE, 'w+').writelines(lines) open(self.SHADOWFILE, 'w+').writelines(lines)