#!/bin/sh
#
# $NetBSD: creds_msdos,v 1.2 2019/06/12 00:28:56 mrg Exp $
#
# Copyright (c) 2019 Matthew R. Green
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
# 3. The name of the author may not be used to endorse or promote products
#    derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.

#
# If "creds_msdos_partition" is an msdos partition and has a creds.txt
# in it, perform these commands:
#	"sshkeyfile <user> <path on msdos>"
#	"sshkey <user> <entry>"
# 	"useraddhash <user> <passwd hash>"
# 	"useradd <user> <passwd>"
# If the "useradd" method is used, this the creds.txt file will be
# shredded and deleted with rm -P.

# PROVIDE: creds_msdos
# REQUIRE: mountall

$_rc_subr_loaded . /etc/rc.subr

name="creds_msdos"
start_cmd="creds_msdos_start"
stop_cmd=":"
fstab_file=/etc/fstab

fail() {
	echo "$@" 1>&2
	exit 1
}

sshkey_setup() {
	local user="$1"
	local group="wheel"

	# don't create existing users
	id=$(id -u $user 2>/dev/null)
	if [ $? -ne 0 ]; then
		useradd -m -G "${group}" "$user" || fail "Useradd failed."
	fi

	eval sshdir=~"${user}/.ssh"
	eval mkdir -p -m 755 "${sshdir}" || fail "mkdir ~/.ssh failed."
	chown "${user}" "${sshdir}"
	eval userkeys="${sshdir}/authorized_keys"
}

sshkey_finish() {
	local user="$1"
	local userkeys="$2"

	chmod 644 "${userkeys}"
	chown "${user}" "${userkeys}"
}

do_sshkeyfile() {
	local user="$1"
	local newkeys="${creds_msdos_partition}/$2"

	if [ ! -f "${newkeys}" ]; then
		return
	fi

	sshkey_setup "$user"

	# check entry is not present
	while read type keydata name; do
		if fgrep -q "${keydata}" "${userkeys}" 2>/dev/null; then
			continue
		fi
		echo "${type} ${keydata} ${name}" >> "${userkeys}"
	done < "${newkeys}"

	sshkey_finish "$user" "${userkeys}"
}

do_sshkey() {
	local user="$1"
	local newkey="$2"

	sshkey_setup "$user"

	echo "${newkey}" >> "${userkeys}"

	sshkey_finish "$user" "${userkeys}"
}

do_useraddpwhash() {
	local user="$1"
	local pwhash="$2"
	local group="wheel"

	# don't add to existing users
	id=$(id -u "${user}" 2>/dev/null)
	if [ $? -eq 0 ]; then
		return
	fi

	useradd -m -p "${pwhash}" -G "${group}" "${user}" || fail "Useradd failed."
}

do_useradd() {
	local user="$1"
	local password="$2"

	local pwhash=$(pwhash "$password")
	do_useraddpwhash "${user}" "${pwhash}"
}

creds_msdos_start()
{
	if [ -z "${creds_msdos_partition}" ]; then
		echo "Not looking for credientials on msdos"
		return;
	fi
	check_fs=
	while read junk1 mp fstype junk2; do
		if [ "${mp}" != "${creds_msdos_partition}" ]; then
			continue
		fi
		if [ "${fstype}" != "msdos" ]; then
			echo "Not checking for creds on ${creds_msdos_partition}: not an msdos file system"
			return;
		fi
		break
	done < "${fstab_file}"

	delete_creds=no
	creds_file="${creds_msdos_partition}/creds.txt"

	if [ -f "${creds_file}" ]; then
		while read type user arg1; do
			# strip cr
			arg1=$(echo "$arg1" | tr -d '\015')
			case "$type" in
			\#*|'')
				continue
				;;
			sshkeyfile)
				echo "Added user ${user} via ssh key file method."
				do_sshkeyfile "${user}" "${arg1}"
				;;
			sshkey)
				echo "Added user ${user} via ssh key string method."
				do_sshkey "${user}" "${arg1}"
				;;
			useraddpwhash)
				echo "Added user ${user} via password hash method."
				do_useraddpwhash "${user}" "${arg1}"
				;;
			useradd)
				echo "Added user ${user} via password method, shredding credentials file."
				do_useradd "${user}" "${arg1}"
				delete_creds=yes
				;;
			*)
				echo "Do not understand '$type' creds" 1>&2
				exit 1
				;;
			esac
		done < "${creds_file}"
	fi

	if [ $delete_creds = yes ]; then
		rm -P -f "${creds_file}"
	fi
}

load_rc_config $name
run_rc_command "$1"