From a43269d3a776fe8eb2a71543613d787f66971fa3 Mon Sep 17 00:00:00 2001 From: Rick Elrod Date: Mon, 27 Jul 2020 18:33:03 -0500 Subject: [PATCH] Edit /etc/shadow instead Signed-off-by: Rick Elrod --- lib/ansible/modules/user.py | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/lib/ansible/modules/user.py b/lib/ansible/modules/user.py index 5ea7b24a316..e1f0edd60c7 100644 --- a/lib/ansible/modules/user.py +++ b/lib/ansible/modules/user.py @@ -2730,6 +2730,27 @@ class BusyBox(User): - modify_user() """ + # This can probably just move out to User, it might be useful in + # other strategies some day. + def _disable_password_in_shadow_or_fail(self, username): + try: + self.backup_shadow() + out_lines = [] + with open(self.SHADOWFILE, 'r') as f: + for line in f.readlines(): + components = line.split(':') + if components[0] == self.name: + components[1] = '*' + out_lines.append(':'.join(components)) + else: + out_lines.append(line) + with open(self.SHADOWFILE, 'w') as f: + f.writelines(out_lines) + except Exception as e: + self.module.fail_json( + msg="Something went wrong when trying to modify %s: %s" % + (self.SHADOWFILE, to_native(e))) + def create_user(self): cmd = [self.module.get_bin_path('adduser', True)] @@ -2782,12 +2803,7 @@ class BusyBox(User): # https://github.com/ansible/ansible/issues/68676 # https://bugs.busybox.net/show_bug.cgi?id=10981 if self.password is None: - cmd = [self.module.get_bin_path('passwd', True)] - cmd += ['-u', self.name] - rc, out, err = self.execute_command(cmd) - - if rc is not None and rc != 0: - self.module.fail_json(name=self.name, msg=err, rc=rc) + self._disable_password_in_shadow_or_fail(self.name) else: cmd = [self.module.get_bin_path('chpasswd', True)] cmd.append('--encrypted')