1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
#! /bin/sh
# postinst for sash
#
# rewritten to use new "sashconfig"
. /usr/share/debconf/confmodule
# Lifted code from passwd.config:
# Set a password, via chpasswd.
# Use perl rather than echo, to avoid the password
# showing in the process table. (However, this is normally
# only called when first booting the system, when root has no
# password at all, so that should be an unnecessary precaution).
#
# Pass in two arguments: the user and the password.
setpassword () {
SETPASSWD_PW="$2"
export SETPASSWD_PW
# This is very annoying. chpasswd cannot handle generating md5
# passwords as it is not PAM-aware. Thus, I have to work around
# that by crypting the password myself if md5 is used.
db_get passwd/md5 || true
if [ "$RET" = true ]; then
USE_MD5=1
else
USE_MD5=''
fi
export USE_MD5
perl -e '
sub CreateCryptSalt {
my $md5 = shift;
my @valid = split(//, "./0123456789abcdefghijklmnopqrstu
vwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
my ($in, $out);
my $cryptsaltlen = ($md5 ? 8 : 2);
open (F, "</dev/urandom") || die "No /dev/urandom found!
";
foreach (1..$cryptsaltlen) {
read(F, $in, 1);
$out .= $valid[ord($in) % ($#valid + 1)];
}
close F;
return ($md5 ? "\$1\$$out\$" : $out);
}
open(P,"| chpasswd -e");
print P shift().":".
crypt($ENV{SETPASSWD_PW}, CreateCryptSalt($ENV{USE_MD5})
).
"\n";
close P;
' "$1"
SETPASSWD_PW=''
USE_MD5=''
}
# end of lifted code
clone_root_as_sashroot(){
if (
# /etc/shadow might not exist
if [ -e $1 ]; then
lockfile-create $1
if grep -q ^sashroot: $1; then
: sashroot already exists in $1
else
echo cloning root account entry to create sashroot account in $1
umask 077
perl -pe '
if (/^root:/ && !$found_root) {
$found_root++;
print;
s/^/sash/;
}
END{
die "no root account entry\n"
unless $found_root;
}
' $1 >$1-sashroot.tmp
chown --reference=$1 $1-sashroot.tmp
chmod --reference=$1 $1-sashroot.tmp
mv $1-sashroot.tmp $1
fi
lockfile-remove $1
fi
) ; then
echo Cloned sashroot from root in $1
else
# we died, attempt to clean up
lockfile-remove $1
exit 1
fi
}
set -e
PATH=$PATH:/usr/sbin
if [ -f /etc/shadow ]; then
chown root:shadow /etc/shadow
chmod 640 /etc/shadow
fi
if [ "$(getent passwd | grep ^sashroot:)" = "" ]; then
db_get sash/create_sashroot || true
if [ "$RET" = "true" ]; then
db_get sash/clone_root_passwd || true
if [ "$RET" = "true" ]; then
# ok, just make a copy of the root user
clone_root_as_sashroot /etc/passwd
clone_root_as_sashroot /etc/shadow
else
# Create user and set password, using lifted code from
# passwd.config
useradd -c 'emergency root shell' -d /root -g root \
-s /bin/sash -u 0 -o sashroot
db_get sash/sashroot_passwd || true
PWD="$RET"
setpassword sashroot "$PWD"
# Clear the password
db_set sash/sashroot_passwd ""
fi
chsh -s /bin/sash sashroot
else
db_get sash/change_root_shell || true
if [ "$RET" = "true" ]; then
chsh -s /bin/sash root
fi
fi
fi
if [ "$1" = "configure" -a "$2" = "" ]; then
# initial install
/usr/sbin/add-shell /bin/sash
fi
#DEBHELPER#
|
