Lock accounts if asked (#240059).

4 files changed, 34 insertions, 12 deletions

diff --git a/ChangeLog b/ChangeLog
index 5a1261b86..e6635779e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2007-06-07  Chris Lumens  <clumens@redhat.com>
+
+	* instdata (InstallData.write):  Lock accounts if asked (#240059).
+	* kickstart.py (RootPw):  Inherit from new F8 rootpw command to handle
+	--lock.
+	* users.py (Users.createUser, Users.setRootPassword):  Lock accounts
+	if asked.
+
 2007-06-06  Chris Lumens  <clumens@redhat.com>
 
 	* loader2/module-info:  Add support for Areca RAID controllers
diff --git a/instdata.py b/instdata.py
index 6191edd93..c07a87aff 100644
--- a/instdata.py
+++ b/instdata.py
@@ -61,7 +61,7 @@ class InstallData:
 	self.timezone = timezone.Timezone()
         self.timezone.setTimezoneInfo(self.instLanguage.getDefaultTimeZone())
         self.users = None
-        self.rootPassword = { "isCrypted": False, "password": "" }
+        self.rootPassword = { "isCrypted": False, "password": "", lock: False }
 	self.auth = "--enableshadow --enablemd5"
 	self.desktop = desktop.Desktop()
 	self.upgrade = None
@@ -160,7 +160,8 @@ class InstallData:
 
         # User should already exist, just without a password.
         self.users.setRootPassword(self.rootPassword["password"],
-                                   self.rootPassword["isCrypted"], useMD5)
+                                   self.rootPassword["isCrypted"], useMD5,
+                                   self.rootPassword["lock"])
 
         if anaconda.isKickstart:
             for svc in self.ksdata.services.disabled:
@@ -178,7 +179,8 @@ class InstallData:
             for ud in self.ksdata.user.userList:
                 if self.users.createUser(ud.name, ud.password, ud.isCrypted,
                                          ud.groups, ud.homedir, ud.shell,
-                                         ud.uid, root=anaconda.rootPath) == None:
+                                         ud.uid, ud.lock,
+                                         root=anaconda.rootPath) == None:
                     log.error("User %s already exists, not creating." % ud.name)
 
 
@@ -241,9 +243,14 @@ class InstallData:
 	self.zfcp.writeKS(f)
 
         if self.rootPassword["isCrypted"]:
-            f.write("rootpw --iscrypted %s\n" % self.rootPassword["password"])
+            args = " --iscrypted %s" % self.rootPassword["password"]
         else:
-            f.write("rootpw --iscrypted %s\n" % users.cryptPassword(self.rootPassword["password"], useMD5))
+            args = " --iscrypted %s" % users.cryptPassword(self.rootPassword["password"], useMD5))
+
+        if self.rootPassword["lock"]:
+            args += " --lock"
+
+        f.write("rootpw %s\n" % args)
 
 	self.firewall.writeKS(f)
 	if self.auth.strip() != "":
diff --git a/kickstart.py b/kickstart.py
index 6c1dd2ab6..6024b22aa 100644
--- a/kickstart.py
+++ b/kickstart.py
@@ -557,12 +557,13 @@ class Raid(commands.raid.F7_Raid):
         addPartRequest(self.handler.anaconda, request)
         self.handler.skipSteps.extend(["partition", "zfcpconfig", "parttype"])
 
-class RootPw(commands.rootpw.FC3_RootPw):
+class RootPw(commands.rootpw.F8_RootPw):
     def parse(self, args):
-        commands.rootpw.FC3_RootPw.parse(self, args)
+        commands.rootpw.F8_RootPw.parse(self, args)
 
         self.handler.id.rootPassword["password"] = self.password
         self.handler.id.rootPassword["isCrypted"] = self.isCrypted
+        self.handler.id.rootPassword["lock"] = self.lock
         self.handler.skipSteps.append("accounts")
 
 class SELinux(commands.selinux.FC3_SELinux):
@@ -701,7 +702,7 @@ commandMap = {
         "timezone": Timezone,
         "upgrade": Upgrade,
         "url": commands.method.FC6_Method,
-        "user": commands.user.FC6_User,
+        "user": commands.user.F8_User,
         "vnc": commands.vnc.FC6_Vnc,
         "volgroup": VolGroup,
         "xconfig": XConfig,
diff --git a/users.py b/users.py
index a9a4c251b..b4b29a3e3 100644
--- a/users.py
+++ b/users.py
@@ -3,7 +3,7 @@
 #
 # Chris Lumens <clumens@redhat.com>
 #
-# Copyright (c) 2006 Red Hat, Inc.
+# Copyright (c) 2006, 2007 Red Hat, Inc.
 #
 # This software may be freely redistributed under the terms of the GNU
 # general public license.
@@ -39,7 +39,6 @@ directory = %(instPath)s/etc
     os.close(fd)
 
     os.environ["LIBUSER_CONF"] = fn
-    
 
 def cryptPassword(password, useMD5):
     if useMD5:
@@ -60,7 +59,8 @@ class Users:
         self.admin = libuser.admin()
 
     def createUser (self, name, password=None, isCrypted=False, groups=[],
-                    homedir=None, shell=None, uid=None, root="/mnt/sysimage"):
+                    homedir=None, shell=None, uid=None, lock=False,
+                    root="/mnt/sysimage"):
         if self.admin.lookupUserByName(name):
             return None
 
@@ -98,11 +98,14 @@ class Users:
             else:
                 self.admin.setpassUser(userEnt, cryptPassword(password, True), isCrypted)
 
+        if lock:
+            self.admin.lockUser(userEnt)
+
         # Now set the correct home directory to fix up passwd.
         userEnt.set(libuser.HOMEDIRECTORY, homedir)
         self.admin.modifyUser(userEnt)
 
-    def setRootPassword(self, password, isCrypted, useMD5):
+    def setRootPassword(self, password, isCrypted, useMD5, lock):
         rootUser = self.admin.lookupUserByName("root")
 
         if isCrypted:
@@ -110,4 +113,7 @@ class Users:
         else:
             self.admin.setpassUser(rootUser, cryptPassword(password, useMD5), True)
 
+        if lock:
+            self.admin.lockUser(rootUser)
+
         self.admin.modifyUser(rootUser)