Merge pull request #18971 from poettering/sysusers-creds

let's read LoadCredentials=/SetCredentials= style cred in sysusers/firstboot and when asking for passwords
author: Lennart Poettering <lennart@poettering.net> 2021-03-31 10:35:17 +0200
committer: GitHub <noreply@github.com> 2021-03-31 10:35:17 +0200
commit: f9d8325e69da7caf44a395446206a130939d6677 (patch)
tree: e40553a952bc3b7ca5b2dd65de724754033e9b75 /src/firstboot
parent: 4c31bfdf55c8065478a0fb1648b15b28d359c0e0 (diff)
parent: 9f17a03ae8e3b3b9a0a4fe7470f35a46622627f6 (diff)
download: systemd-f9d8325e69da7caf44a395446206a130939d6677.tar.gz
1 files changed, 64 insertions, 2 deletions
diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c
index aa7251d1ef..ba0b360cc1 100644
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -10,6 +10,7 @@
 #include "alloc-util.h"
 #include "ask-password-api.h"
 #include "copy.h"
+#include "creds-util.h"
 #include "dissect-image.h"
 #include "env-file.h"
 #include "fd-util.h"
@@ -43,8 +44,8 @@
 static char *arg_root = NULL;
 static char *arg_image = NULL;
 static char *arg_locale = NULL;  /* $LANG */
-static char *arg_keymap = NULL;
 static char *arg_locale_messages = NULL; /* $LC_MESSAGES */
+static char *arg_keymap = NULL;
 static char *arg_timezone = NULL;
 static char *arg_hostname = NULL;
 static sd_id128_t arg_machine_id = {};
@@ -232,11 +233,29 @@ static bool locale_is_ok(const char *name) {
 
 static int prompt_locale(void) {
         _cleanup_strv_free_ char **locales = NULL;
+        bool acquired_from_creds = false;
         int r;
 
         if (arg_locale || arg_locale_messages)
                 return 0;
 
+        r = read_credential("firstboot.locale", (void**) &arg_locale, NULL);
+        if (r < 0)
+                log_debug_errno(r, "Failed to read credential firstboot.locale, ignoring: %m");
+        else
+                acquired_from_creds = true;
+
+        r = read_credential("firstboot.locale-messages", (void**) &arg_locale_messages, NULL);
+        if (r < 0)
+                log_debug_errno(r, "Failed to read credential firstboot.locale-message, ignoring: %m");
+        else
+                acquired_from_creds = true;
+
+        if (acquired_from_creds) {
+                log_debug("Acquired locale from credentials.");
+                return 0;
+        }
+
         if (!arg_prompt_locale)
                 return 0;
 
@@ -336,6 +355,14 @@ static int prompt_keymap(void) {
         if (arg_keymap)
                 return 0;
 
+        r = read_credential("firstboot.keymap", (void**) &arg_keymap, NULL);
+        if (r < 0)
+                log_debug_errno(r, "Failed to read credential firstboot.keymap, ignoring: %m");
+        else {
+                log_debug("Acquired keymap from credential.");
+                return 0;
+        }
+
         if (!arg_prompt_keymap)
                 return 0;
 
@@ -407,6 +434,14 @@ static int prompt_timezone(void) {
         if (arg_timezone)
                 return 0;
 
+        r = read_credential("firstboot.timezone", (void**) &arg_timezone, NULL);
+        if (r < 0)
+                log_debug_errno(r, "Failed to read credential firstboot.timezone, ignoring: %m");
+        else {
+                log_debug("Acquired timezone from credential.");
+                return 0;
+        }
+
         if (!arg_prompt_timezone)
                 return 0;
 
@@ -558,6 +593,22 @@ static int prompt_root_password(void) {
         if (arg_root_password)
                 return 0;
 
+        r = read_credential("passwd.hashed-password.root", (void**) &arg_root_password, NULL);
+        if (r == -ENOENT) {
+                r = read_credential("passwd.plaintext-password.root", (void**) &arg_root_password, NULL);
+                if (r < 0)
+                        log_debug_errno(r, "Couldn't read credential 'passwd.{hashed|plaintext}-password.root', ignoring: %m");
+                else {
+                        arg_root_password_is_hashed = false;
+                        return 0;
+                }
+        } else if (r < 0)
+                log_debug_errno(r, "Couldn't read credential 'passwd.hashed-password.root', ignoring: %m");
+        else {
+                arg_root_password_is_hashed = true;
+                return 0;
+        }
+
         if (!arg_prompt_root_password)
                 return 0;
 
@@ -631,7 +682,18 @@ static int find_shell(const char *path, const char *root) {
 static int prompt_root_shell(void) {
         int r;
 
-        if (arg_root_shell || !arg_prompt_root_shell)
+        if (arg_root_shell)
+                return 0;
+
+        r = read_credential("passwd.shell.root", (void**) &arg_root_shell, NULL);
+        if (r < 0)
+                log_debug_errno(r, "Failed to read credential passwd.shell.root, ignoring: %m");
+        else {
+                log_debug("Acquired root shell from credential.");
+                return 0;
+        }
+
+        if (!arg_prompt_root_shell)
                 return 0;
 
         print_welcome();
author	Lennart Poettering <lennart@poettering.net>	2021-03-31 10:35:17 +0200
committer	GitHub <noreply@github.com>	2021-03-31 10:35:17 +0200
commit	f9d8325e69da7caf44a395446206a130939d6677 (patch)
tree	e40553a952bc3b7ca5b2dd65de724754033e9b75 /src/firstboot
parent	4c31bfdf55c8065478a0fb1648b15b28d359c0e0 (diff)
parent	9f17a03ae8e3b3b9a0a4fe7470f35a46622627f6 (diff)
download	systemd-f9d8325e69da7caf44a395446206a130939d6677.tar.gz