blob: bb3fc0553e7e79e1408086a41c5debcb64614532 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
#!/bin/sh
set_authorized_keys(){
# Add authorized_keys for a user.
# $1 = username
# $2 = newline-separated string of authorized keys
_sak_homedir=$(eval echo "~${1}")
_sak_group=$(getent passwd "$1" | awk -F: '{ print $4}')
# Create authorized keys file and set permissions.
install_directory -o "$1" -g "$_sak_group" -m 0700 "${_sak_homedir}/.ssh"
[ -f "${_sak_homedir}/.ssh/authorized_keys" ] || touch "${_sak_homedir}/.ssh/authorized_keys"
chown "$1" "${_sak_homedir}/.ssh/authorized_keys"
chgrp "$_sak_group" "${_sak_homedir}/.ssh/authorized_keys"
chmod 600 "${_sak_homedir}/.ssh/authorized_keys"
printf '%s\n' "${2}" > "${_sak_homedir}/.ssh/authorized_keys"
log "added authorized_keys for ${1}:"$'\n'"$2"
}
set_password(){
# Set password for a local user.
# $1 = username
# $2 = password
printf '%s\n%s\n' "$2" "$2" | passwd "$1" > /dev/null
}
add_user(){
# Add a local user if it doesn't exist.
# options: mostly same as `pw useradd`
# $1 = username
_bcau_homedir_mode=700
_bcau_create_homedir=
_bcau_homedir=
_bcau_comment=
_bcau_shell=/sbin/nologin
_bcau_pgroup=
_bcau_grouplist=
_bcau_uid=
_bcau_password=
while getopts c:d:G:g:mM:p:s:u: _bcau_opt; do
case $_bcau_opt in
c) _bcau_comment=$OPTARG ;;
d) _bcau_homedir=$OPTARG ;;
G) _bcau_grouplist=$OPTARG ;;
g) _bcau_pgroup=$OPTARG ;;
M) _bcau_homedir_mode=$OPTARG ;;
m) _bcau_create_homedir=true ;;
p) _bcau_password=$OPTARG ;;
s) _bcau_shell=$OPTARG ;;
u) _bcau_uid=$OPTARG ;;
esac
done
shift $((OPTIND - 1))
_bcau_username=$1
: ${_bcau_homedir:="/home/${_bcau_username}"}
: ${_bcau_comment:="${_bcau_username} user"}
case $BOXCONF_OS in
freebsd)
if pw usershow "$_bcau_username" > /dev/null 2>&1; then
log "local user ${_bcau_username} already exists"
return 0
fi
pw useradd \
-n "$_bcau_username" \
-c "$_bcau_comment" \
-s "$_bcau_shell" \
-M "$_bcau_homedir_mode" \
-d "$_bcau_homedir" \
${_bcau_create_homedir:+-m} \
${_bcau_grouplist:+-G ${_bcau_grouplist}} \
${_bcau_pgroup:+-g ${_bcau_pgroup}} \
${_bcau_uid:+-u ${_bcau_uid}}
log "added local user ${_bcau_username}"
;;
*)
die "add_user unimplemented for ${BOXCONF_OS}"
;;
esac
if [ -n "${_bcau_password}" ]; then
set_password "$_bcau_user" "$_bcau_password"
fi
}
add_group(){
# Add a local group if it doesn't exist.
# options: mostly same as `pw groupadd`
# $1 = groupname
_bcag_gid=
while getopts g: _bcag_opt; do
case $_bcag_opt in
g) _bcag_gid=$OPTARG ;;
esac
done
shift $((OPTIND - 1))
_bcag_groupname=$1
case $BOXCONF_OS in
freebsd)
if pw groupshow "$_bcag_groupname" > /dev/null 2>&1; then
log "local group ${_bcag_groupname} already exists"
return 0
fi
pw groupadd -n "$_bcag_groupname" ${_bcag_gid:+-g ${_bcag_gid}}
log "added local group ${_bcag_groupname}"
;;
*)
die "add_group unimplemented for ${BOXCONF_OS}"
;;
esac
}
|
