path: root/lib/40-user

#!/bin/sh

set_authorized_keys(){
  # Add authorized_keys for a user.
  # $1 = username
  # $2 = newline-separated string of authorized keys
  _sak_homedir=$(eval echo "~${1}")
  _sak_group=$(getent passwd "$1" | awk -F: '{ print $4}')

  # Create authorized keys file and set permissions.
  install_directory -o "$1" -g "$_sak_group" -m 0700 "${_sak_homedir}/.ssh"
  [ -f "${_sak_homedir}/.ssh/authorized_keys" ] || touch "${_sak_homedir}/.ssh/authorized_keys"
  chown "$1" "${_sak_homedir}/.ssh/authorized_keys"
  chgrp "$_sak_group" "${_sak_homedir}/.ssh/authorized_keys"
  chmod 600 "${_sak_homedir}/.ssh/authorized_keys"

  printf '%s\n' "${2}" > "${_sak_homedir}/.ssh/authorized_keys"
  log "added authorized_keys for ${1}:"$'\n'"$2"
}

set_password(){
  # Set password for a local user.
  # $1 = username
  # $2 = password
  printf '%s\n%s\n' "$2" "$2" | passwd "$1" > /dev/null
}

add_user(){
  # Add a local user if it doesn't exist.
  # options: mostly same as `pw useradd`
  # $1 = username
  _bcau_homedir_mode=700
  _bcau_create_homedir=
  _bcau_homedir=
  _bcau_comment=
  _bcau_shell=/sbin/nologin
  _bcau_pgroup=
  _bcau_grouplist=
  _bcau_uid=
  _bcau_password=

  while getopts c:d:G:g:mM:p:s:u: _bcau_opt; do
    case $_bcau_opt in
      c) _bcau_comment=$OPTARG ;;
      d) _bcau_homedir=$OPTARG ;;
      G) _bcau_grouplist=$OPTARG ;;
      g) _bcau_pgroup=$OPTARG ;;
      M) _bcau_homedir_mode=$OPTARG ;;
      m) _bcau_create_homedir=true ;;
      p) _bcau_password=$OPTARG ;;
      s) _bcau_shell=$OPTARG ;;
      u) _bcau_uid=$OPTARG ;;
    esac
  done
  shift $((OPTIND - 1))

  _bcau_username=$1
  : ${_bcau_homedir:="/home/${_bcau_username}"}
  : ${_bcau_comment:="${_bcau_username} user"}

  case $BOXCONF_OS in
    freebsd)
      if pw usershow "$_bcau_username" > /dev/null 2>&1; then
        log "local user ${_bcau_username} already exists"
        return 0
      fi

      pw useradd \
        -n "$_bcau_username" \
        -c "$_bcau_comment" \
        -s "$_bcau_shell" \
        -M "$_bcau_homedir_mode" \
        -d "$_bcau_homedir" \
        ${_bcau_create_homedir:+-m} \
        ${_bcau_grouplist:+-G ${_bcau_grouplist}} \
        ${_bcau_pgroup:+-g ${_bcau_pgroup}} \
        ${_bcau_uid:+-u ${_bcau_uid}}

        log "added local user ${_bcau_username}"
      ;;
    *)
      die "add_user unimplemented for ${BOXCONF_OS}"
      ;;
  esac

  if [ -n "${_bcau_password}" ]; then
    set_password "$_bcau_user" "$_bcau_password"
  fi
}

add_group(){
  # Add a local group if it doesn't exist.
  # options: mostly same as `pw groupadd`
  # $1 = groupname
  _bcag_gid=

  while getopts g: _bcag_opt; do
    case $_bcag_opt in
      g) _bcag_gid=$OPTARG ;;
    esac
  done
  shift $((OPTIND - 1))

  _bcag_groupname=$1

  case $BOXCONF_OS in
    freebsd)
      if pw groupshow "$_bcag_groupname" > /dev/null 2>&1; then
        log "local group ${_bcag_groupname} already exists"
        return 0
      fi

      pw groupadd -n "$_bcag_groupname" ${_bcag_gid:+-g ${_bcag_gid}}
      log "added local group ${_bcag_groupname}"
      ;;
    *)
      die "add_group unimplemented for ${BOXCONF_OS}"
      ;;
  esac
}