/usr/lib/user-setup/user-setup-apply is in user-setup 1.42ubuntu3.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 | #! /bin/sh
set -e
. /usr/share/debconf/confmodule
if [ "$1" ]; then
export LANG=C # avoid locale errors from perl
ROOT="$1"
chroot=chroot
log='log-output -t user-setup'
else
ROOT=
chroot=
log=
fi
. /usr/lib/user-setup/functions.sh
# Set a password, via chpasswd.
# Use a heredoc rather than echo, to avoid the password
# showing in the process table. (However, this is normally
# only called when first installing the system, when root has no
# password at all, so that should be an unnecessary precaution).
#
# Pass in four arguments: the user, the password, 'true' if the
# password has been pre-crypted (by preseeding), and a 'true' if
# the home directory is encrypted
setpassword () {
local USER PASSWD PAM_SET_PWD
USER="$1"
PASSWD="$2"
local VERSION=$($chroot $ROOT dpkg-query -W -f '${Version}\n' passwd)
PAM_SET_PWD=false
if $chroot $ROOT dpkg --compare-versions "$VERSION" ge "1:4.1.4-1"; then
# support for versions with PAM support (Squeeze)
PAM_SET_PWD=true
if [ "$3" = true ]; then
$chroot $ROOT usermod --password=$PASSWD $USER
else
$chroot $ROOT chpasswd <<EOF
$USER:$PASSWD
EOF
fi
else
# compatibility support for versions without PAM support (Lenny)
local OPTS
if [ "$3" = true ]; then
OPTS=-e
else
OPTS=-m
fi
$chroot $ROOT chpasswd $OPTS <<EOF
$USER:$PASSWD
EOF
fi
# If the password was set using PAM, pam_ecryptfs will handle the initial
# passphrase wrapping. Otherwise, we need this hack...
if [ "$4" = true ] && [ "$PAM_SET_PWD" = false ]; then
local UNWRAPPED_PASSPHRASE_FILE WRAPPED_PASSPHRASE_FILE MOUNT_PASSPHRASE
UNWRAPPED_PASSPHRASE_FILE=/dev/shm/.ecryptfs-$USER
if [ -e "$UNWRAPPED_PASSPHRASE_FILE" ]; then
WRAPPED_PASSPHRASE_FILE=/home/$USER/.ecryptfs/wrapped-passphrase
MOUNT_PASSPHRASE=$($chroot $ROOT cat $UNWRAPPED_PASSPHRASE_FILE)
$chroot $ROOT ecryptfs-wrap-passphrase $WRAPPED_PASSPHRASE_FILE - <<EOF
$MOUNT_PASSPHRASE
$PASSWD
EOF
$chroot $ROOT rm -f $UNWRAPPED_PASSPHRASE_FILE
$chroot $ROOT chown $USER:$USER $WRAPPED_PASSPHRASE_FILE
else
echo "$UNWRAPPED_PASSPHRASE_FILE does not exist, but should!" >&2
db_input critical user-setup/encrypt-home-failed || true
db_go || true
fi
fi
}
# Enable/disable shadow passwords.
db_get passwd/shadow
if [ "$RET" = true ]; then
$log $chroot $ROOT shadowconfig on
else
$log $chroot $ROOT shadowconfig off
fi
if ! root_password; then
# Was the root password preseeded encrypted?
if db_get passwd/root-password-crypted && [ "$RET" ]; then
# The root password was preseeded encrypted.
ROOT_PW="$RET"
PRECRYPTED=true
else
db_get passwd/root-password
ROOT_PW="$RET"
PRECRYPTED=false
fi
# Clear the root password from the database, and set the password.
db_set passwd/root-password-crypted ''
db_set passwd/root-password ''
db_set passwd/root-password-again ''
if [ "$ROOT_PW" ]; then
setpassword root "$ROOT_PW" "$PRECRYPTED"
fi
ROOT_PW=
else
# Just in case, clear any preseeded root password from the database
# anyway.
db_set passwd/root-password-crypted ''
db_set passwd/root-password ''
db_set passwd/root-password-again ''
fi
db_get passwd/make-user
if [ "$RET" = true ] && ! is_system_user; then
if db_get passwd/user-password-crypted && [ "$RET" ]; then
USER_PW="$RET"
USER_PW_CRYPTED=true
else
db_get passwd/user-password
USER_PW="$RET"
USER_PW_CRYPTED=false
fi
if db_get passwd/user-uid && [ "$RET" ]; then
if [ -x $ROOT/usr/sbin/adduser ]; then
UIDOPT="--uid $RET"
else
UIDOPT="-u $RET"
fi
else
UIDOPT=
fi
ENCRYPT_HOME="false"
ENCRYPT_HOME_OPT=
if [ "$OVERRIDE_ALREADY_ENCRYPTED_SWAP" ]; then
ENCRYPT_HOME="true"
ENCRYPT_HOME_OPT="--encrypt-home"
elif db_get user-setup/encrypt-home && [ "$RET" = true ]; then
ENCRYPT_HOME="true"
ENCRYPT_HOME_OPT="--encrypt-home"
if type anna-install >/dev/null 2>&1 && [ -d /lib/debian-installer ]; then
ANNA_QUIET=1 DEBIAN_FRONTEND=none $log anna-install crypto-modules || true
depmod -a >/dev/null 2>&1 || true
fi
for module in aes cbc ecb; do
modprobe -q "$module" || true
done
apt-install ecryptfs-utils 2>/dev/null
apt-install cryptsetup 2>/dev/null
umountproc=false
umountsys=false
umountdev=false
if [ ! -e $ROOT/proc/cmdline ]; then
$log $chroot $ROOT mount -t proc proc /proc
umountproc=:
fi
if [ ! -e $ROOT/sys/block ]; then
# We need /sys for devtmpfs to create block devices.
$log $chroot $ROOT mount -t sysfs sysfs /sys
umountsys=:
fi
if [ $(stat -c %d "$ROOT/dev") -eq $(stat -c %d "$ROOT") ]; then
mount --bind /dev $ROOT/dev
umountdev=:
else
$log $chroot $ROOT udevadm settle
fi
if ! $log $chroot $ROOT ecryptfs-setup-swap -f -n; then
echo "ecryptfs-setup-swap failed." >&2
db_input critical user-setup/encrypt-home-failed || true
db_go || true
ENCRYPT_HOME="false"
ENCRYPT_HOME_OPT=
fi
if $umountproc; then
$log $chroot $ROOT umount /proc
fi
if $umountsys; then
$log $chroot $ROOT umount /sys
fi
if $umountdev; then
umount $ROOT/dev
fi
fi
# Add the user to the database, using adduser in noninteractive
# mode.
db_get passwd/username
USER="$RET"
db_get passwd/user-fullname
HOME_EXISTED=
if [ -d "$ROOT/home/$USER" ]; then
HOME_EXISTED=1
# user-setup-ask shouldn't have allowed this, but for safety:
ENCRYPT_HOME="false"
ENCRYPT_HOME_OPT=
fi
umountsys=false
if [ -n "$ENCRYPT_HOME_OPT" ]; then
if [ ! -e $ROOT/sys/kernel ]; then
$log $chroot $ROOT mount -t sysfs sysfs /sys
umountsys=:
fi
mkdir -p $ROOT/dev/shm
$log $chroot $ROOT mount -t tmpfs tmpfs /dev/shm
fi
if [ -x $ROOT/usr/sbin/adduser ]; then
$log $chroot $ROOT adduser --disabled-password --gecos "$RET" $UIDOPT $ENCRYPT_HOME_OPT "$USER" >/dev/null || true
else
$log $chroot $ROOT useradd -c "$RET" -m "$USER" $UIDOPT >/dev/null || true
fi
# Clear the user password from the database.
db_set passwd/user-password-crypted ''
db_set passwd/user-password ''
db_set passwd/user-password-again ''
setpassword "$USER" "$USER_PW" "$USER_PW_CRYPTED" "$ENCRYPT_HOME"
if [ -n "$ENCRYPT_HOME_OPT" ]; then
if $umountsys; then
$log $chroot $ROOT umount /sys
fi
$log $chroot $ROOT umount /dev/shm
fi
if [ "$HOME_EXISTED" ]; then
# The user's home directory already existed before we called
# adduser. This often means that a mount point under
# /home/$USER was selected in (and thus created by) partman,
# and the home directory may have ended up owned by root.
$log $chroot $ROOT chown "$USER:$USER" "/home/$USER" >/dev/null || true
fi
if [ -n "$USER" ]; then
for group in lpadmin sambashare; do
$log $chroot $ROOT addgroup --system $group >/dev/null 2>&1 || true
done
if type archdetect >/dev/null 2>&1; then
SUBARCH="$(archdetect)"
case $SUBARCH in
powerpc/ps3|powerpc/cell)
$log $chroot $ROOT addgroup --system spu >/dev/null 2>&1 || true
;;
esac
fi
db_get passwd/user-default-groups
for group in $RET; do
$log $chroot $ROOT adduser "$USER" $group >/dev/null 2>&1 || true
done
# Configure desktop auto-login if instructed by preseeding
db_get passwd/auto-login
if [ "$RET" = true ]; then
db_get passwd/auto-login-backup
BACKUP="${RET:+.$RET}"
if [ -d "$ROOT/etc/gdm" ]; then
# Configure GDM autologin
GDMCustomFile=$ROOT/etc/gdm/custom.conf
if [ -e "$GDMCustomFile" ] && [ "$BACKUP" ]; then
cp "$GDMCustomFile" "${GDMCustomFile}$BACKUP"
fi
AutologinParameters="AutomaticLoginEnable=true\n\
AutomaticLogin=$USER\n\
TimedLoginEnable=true\n\
TimedLogin=$USER\n\
TimedLoginDelay=10"
# Prevent from updating if parameters already present (persistent usb key)
if ! `grep -qs "AutomaticLogin=$USER" $GDMCustomFile` ; then
if [ -e "$GDMCustomFile" ]; then
sed -i '/\(Automatic\|Timed\)Login/d' $GDMCustomFile
fi
if ! `grep -qs '\[daemon\]' $GDMCustomFile` ; then
echo '[daemon]' >> $GDMCustomFile
fi
sed -i "s/\[daemon\]/\[daemon\]\n$AutologinParameters/" $GDMCustomFile
fi
fi
if $chroot $ROOT [ -f /etc/kde4/kdm/kdmrc ]; then
# Configure KDM autologin
$log $chroot $ROOT sed -i$BACKUP -r \
-e "s/^#?AutoLoginEnable=.*\$/AutoLoginEnable=true/" \
-e "s/^#?AutoLoginUser=.*\$/AutoLoginUser=$USER/" \
-e "s/^#?AutoReLogin=.*\$/AutoReLogin=true/" \
/etc/kde4/kdm/kdmrc
fi
if $chroot $ROOT [ -f /etc/lxdm/lxdm.conf ]; then
# Configure LXDM autologin with LXDE session
$log $chroot $ROOT sed -i$BACKUP -r \
-e "s/^# autologin=dgod/autologin=$USER/" \
-e "s/^# session/session/" \
/etc/lxdm/lxdm.conf
fi
if $chroot $ROOT [ -f /etc/xdg/lubuntu/lxdm/lxdm.conf ]; then
# Configure LXDM autologin with Lubuntu session
$log $chroot $ROOT sed -i$BACKUP -r \
-e "s/^# autologin=dgod/autologin=$USER/" \
-e "s/^# session/session/" \
-e "s/startlxde/startlubuntu/" \
/etc/xdg/lubuntu/lxdm/lxdm.conf
fi
if $chroot $ROOT [ -d /etc/lightdm ]; then
# Configure LightDM autologin
LightDMCustomFile=$ROOT/etc/lightdm/lightdm.conf
AutologinParameters="autologin-guest=false\n\
autologin-user=$USER\n\
autologin-user-timeout=0\n\
autologin-session=lightdm-autologin"
if ! grep -qs '^autologin-user' $LightDMCustomFile; then
if ! grep -qs '^\[SeatDefaults\]' $LightDMCustomFile; then
echo '[SeatDefaults]' >> $LightDMCustomFile
fi
sed -i "s/\[SeatDefaults\]/\[SeatDefaults\]\n$AutologinParameters/" $LightDMCustomFile
#oem config scenario
else
sed -i "s/^\(\(str *\)\?autologin-user\)=.*$/\1=$USER/g;" $ROOT/etc/lightdm/lightdm.conf
fi
fi
fi
fi
db_get passwd/root-login
if [ "$RET" = false ] && [ -n "$USER" ]; then
# Ensure sudo is installed, and set up the user to be able
# to use it.
if [ ! -e $ROOT/etc/sudoers ]; then
# try to work in d-i and out; it's better to
# use apt-install in d-i
apt-install sudo 2>/dev/null || $log $chroot $ROOT apt-get -q -y install sudo || true
fi
if [ -e $ROOT/etc/sudoers ]; then
# Test if we can add the user to the sudo group
# (possible if sudo >= 1.7.2-2 is installed on the target system)
# If we can, do it this way, otherwise add the user to sudoers
# See #597239
if ! $log $chroot $ROOT adduser "$USER" sudo >/dev/null 2>&1; then
echo "$USER ALL=(ALL) ALL" >> $ROOT/etc/sudoers
fi
else
# sudo failed to install, system won't be usable
exit 1
fi
# Configure gksu to use sudo, via an alternative, if it's
# installed and the alternative is registered.
if $chroot $ROOT update-alternatives --display libgksu-gconf-defaults >/dev/null 2>&1; then
$log $chroot $ROOT update-alternatives --set libgksu-gconf-defaults /usr/share/libgksu/debian/gconf-defaults.libgksu-sudo
$log $chroot $ROOT update-gconf-defaults || true
fi
# Configure aptitude to use sudo.
echo 'Aptitude::Get-Root-Command "sudo:/usr/bin/sudo";' > $ROOT/etc/apt/apt.conf.d/00aptitude
else
# Configure gksu to use su, via an alternative, if it's
# installed and the alternative is registered.
if $chroot $ROOT update-alternatives --display libgksu-gconf-defaults >/dev/null 2>&1; then
$log $chroot $ROOT update-alternatives --set libgksu-gconf-defaults /usr/share/libgksu/debian/gconf-defaults.libgksu-su
$log $chroot $ROOT update-gconf-defaults || true
fi
fi
if [ -z "$OVERRIDE_ALREADY_ENCRYPTED_SWAP" ] && \
[ -n "$ENCRYPT_HOME_OPT" ] && [ -e $ROOT/etc/crypttab ]; then
# Zero out all encrypted swap partitions. It is assumed that
# passwords are not used beyond this point in the install.
# cryptswap0 /dev/sda5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
# Ideally we would set up a new progress bar here, but we're
# inside finish-install's and cdebconf doesn't support nested
# progress bars.
db_progress INFO user-setup/progress/wipe-swap
while read name device source options; do
if echo "$options" | grep -q "swap"; then
if swapoff $device; then
if [ ! -b $device ]; then
ONE_MEG=$((1024*1024))
size=$(($(stat -c %s ${device})/${ONE_MEG}))
dd if=/dev/zero of=$device bs=${ONE_MEG} count=$size 2>/dev/null || true
else
dd if=/dev/zero of=$device bs=16M 2>/dev/null || true
fi
fi
fi
done < $ROOT/etc/crypttab
fi
else
# Just in case, clear any preseeded user password from the database
# anyway.
db_set passwd/user-password-crypted ''
db_set passwd/user-password ''
db_set passwd/user-password-again ''
fi
exit 0
|