From 3a44763638e983125389af3b9b866273daaae16c Mon Sep 17 00:00:00 2001
From: Vlastimil Holer <vholer@opennebula.org>
Date: Tue, 14 Nov 2017 10:37:57 +0100
Subject: [PATCH] Default unprivileged sudo conf., password set fallback to
 passwd

Closes #88
---
 .../loc-20-set-username-password              | 29 +++++++++++++++----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/src/etc/one-context.d/loc-20-set-username-password b/src/etc/one-context.d/loc-20-set-username-password
index d2a196f..0bb8226 100755
--- a/src/etc/one-context.d/loc-20-set-username-password
+++ b/src/etc/one-context.d/loc-20-set-username-password
@@ -24,11 +24,14 @@ if ! getent passwd "${USERNAME}" > /dev/null 2>&1; then
     useradd -m "${USERNAME}"
 fi
 
-if [ "${GRANT_SUDO}" == "YES" -a "${USERNAME}" != "root" ]; then
-    if [ ! -f /etc/sudoers.d/${USERNAME} ]; then
-        echo "${USERNAME} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/${USERNAME}
-        chmod 644 /etc/sudoers.d/${USERNAME}
-    fi
+GRANT_SUDO=${GRANT_SUDO:-YES}
+GRANT_SUDO=$(echo "${GRANT_SUDO}" | tr '[:lower:]' '[:upper:]')
+
+if [ "${GRANT_SUDO}" == "YES" ] && [ "${USERNAME}" != "root" ]; then
+    echo "${USERNAME} ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/one-context
+    chmod 0440 /etc/sudoers.d/one-context
+elif [ -f /etc/sudoers.d/one-context ]; then
+    unlink /etc/sudoers.d/one-context
 fi
 
 if [ -n "${CRYPTED_PASSWORD_BASE64}" ]; then
@@ -37,8 +40,24 @@ if [ -n "${CRYPTED_PASSWORD_BASE64}" ]; then
 elif [ -n "${PASSWORD_BASE64}" ]; then
     PASSWORD=$(echo $PASSWORD_BASE64 | base64 -d)
     chpasswd <<< "${USERNAME}:${PASSWORD}"
+
+    if [ $? -ne 0 ]; then
+        passwd "${USERNAME}" <<EOF
+${PASSWORD}
+${PASSWORD}
+EOF
+	fi
 elif [ -n "${CRYPTED_PASSWORD}" ]; then
     usermod -p "${CRYPTED_PASSWORD}" "${USERNAME}"
 elif [ -n "${PASSWORD}" ]; then
     chpasswd <<< "${USERNAME}:${PASSWORD}"
+
+    if [ $? -ne 0 ]; then
+        passwd "${USERNAME}" <<EOF
+${PASSWORD}
+${PASSWORD}
+EOF
+	fi
+else
+    usermod -p '*' "${USERNAME}"
 fi