11.1Smrg#!/bin/sh 21.1Smrg# 31.6Smrg# $NetBSD: creds_msdos,v 1.6 2024/01/29 05:46:55 mrg Exp $ 41.1Smrg# 51.1Smrg# Copyright (c) 2019 Matthew R. Green 61.1Smrg# All rights reserved. 71.1Smrg# 81.1Smrg# Redistribution and use in source and binary forms, with or without 91.1Smrg# modification, are permitted provided that the following conditions 101.1Smrg# are met: 111.1Smrg# 1. Redistributions of source code must retain the above copyright 121.1Smrg# notice, this list of conditions and the following disclaimer. 131.1Smrg# 2. Redistributions in binary form must reproduce the above copyright 141.1Smrg# notice, this list of conditions and the following disclaimer in the 151.1Smrg# documentation and/or other materials provided with the distribution. 161.1Smrg# 171.1Smrg# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 181.1Smrg# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 191.1Smrg# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 201.1Smrg# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 211.1Smrg# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 221.1Smrg# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 231.1Smrg# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 241.1Smrg# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 251.1Smrg# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 261.1Smrg# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 271.1Smrg# SUCH DAMAGE. 281.1Smrg 291.1Smrg# 301.1Smrg# If "creds_msdos_partition" is an msdos partition and has a creds.txt 311.1Smrg# in it, perform these commands: 321.1Smrg# "sshkeyfile <user> <path on msdos>" 331.1Smrg# "sshkey <user> <entry>" 341.1Smrg# "useraddhash <user> <passwd hash>" 351.1Smrg# "useradd <user> <passwd>" 361.1Smrg# If the "useradd" method is used, this the creds.txt file will be 371.1Smrg# shredded and deleted with rm -P. 381.1Smrg 391.1Smrg# PROVIDE: creds_msdos 401.1Smrg# REQUIRE: mountall 411.1Smrg 421.1Smrg$_rc_subr_loaded . /etc/rc.subr 431.1Smrg 441.1Smrgname="creds_msdos" 451.1Smrgstart_cmd="creds_msdos_start" 461.1Smrgstop_cmd=":" 471.1Smrg 481.1Smrgfail() { 491.1Smrg echo "$@" 1>&2 501.1Smrg exit 1 511.1Smrg} 521.1Smrg 531.3Smrg# This uses $ssh_userkeys global 541.1Smrgsshkey_setup() { 551.1Smrg local user="$1" 561.1Smrg local group="wheel" 571.1Smrg 581.1Smrg # don't create existing users 591.3Smrg if ! id -u "${user}" > /dev/null 2>&1; then 601.3Smrg useradd -m -G "${group}" "${user}" || fail "Useradd failed." 611.1Smrg fi 621.1Smrg 631.3Smrg eval ssh_userdir=~"${user}/.ssh" 641.3Smrg mkdir -p -m 755 "${ssh_userdir}" || fail "mkdir ~/.ssh failed." 651.3Smrg chmod 755 "${ssh_userdir}" 661.3Smrg chown "${user}" "${ssh_userdir}" 671.3Smrg 681.3Smrg ssh_userkeys="${ssh_userdir}/authorized_keys" 691.1Smrg} 701.1Smrg 711.1Smrgsshkey_finish() { 721.1Smrg local user="$1" 731.1Smrg 741.3Smrg chmod 644 "${ssh_userkeys}" 751.3Smrg chown "${user}" "${ssh_userkeys}" 761.1Smrg} 771.1Smrg 781.1Smrgdo_sshkeyfile() { 791.1Smrg local user="$1" 801.1Smrg local newkeys="${creds_msdos_partition}/$2" 811.1Smrg 821.1Smrg if [ ! -f "${newkeys}" ]; then 831.1Smrg return 841.1Smrg fi 851.1Smrg 861.3Smrg sshkey_setup "${user}" 871.1Smrg 881.1Smrg # check entry is not present 891.1Smrg while read type keydata name; do 901.3Smrg if fgrep -q "${keydata}" "${ssh_userkeys}" 2>/dev/null; then 911.1Smrg continue 921.1Smrg fi 931.3Smrg echo "${type} ${keydata} ${name}" >> "${ssh_userkeys}" 941.1Smrg done < "${newkeys}" 951.1Smrg 961.3Smrg sshkey_finish "${user}" 971.1Smrg} 981.1Smrg 991.1Smrgdo_sshkey() { 1001.1Smrg local user="$1" 1011.1Smrg local newkey="$2" 1021.1Smrg 1031.3Smrg sshkey_setup "${user}" 1041.1Smrg 1051.3Smrg echo "${newkey}" >> "${ssh_userkeys}" 1061.1Smrg 1071.3Smrg sshkey_finish "${user}" 1081.1Smrg} 1091.1Smrg 1101.1Smrgdo_useraddpwhash() { 1111.1Smrg local user="$1" 1121.1Smrg local pwhash="$2" 1131.1Smrg local group="wheel" 1141.1Smrg 1151.1Smrg # don't add to existing users 1161.3Smrg if id -u "${user}" > /dev/null 2>&1; then 1171.1Smrg return 1181.1Smrg fi 1191.1Smrg 1201.1Smrg useradd -m -p "${pwhash}" -G "${group}" "${user}" || fail "Useradd failed." 1211.1Smrg} 1221.1Smrg 1231.1Smrgdo_useradd() { 1241.1Smrg local user="$1" 1251.1Smrg local password="$2" 1261.1Smrg 1271.1Smrg local pwhash=$(pwhash "$password") 1281.1Smrg do_useraddpwhash "${user}" "${pwhash}" 1291.1Smrg} 1301.1Smrg 1311.1Smrgcreds_msdos_start() 1321.1Smrg{ 1331.3Smrg local fstab_file=/etc/fstab 1341.3Smrg 1351.1Smrg if [ -z "${creds_msdos_partition}" ]; then 1361.4Smlelstv echo "Not looking for credentials on msdos" 1371.3Smrg return 1381.1Smrg fi 1391.1Smrg while read junk1 mp fstype junk2; do 1401.1Smrg if [ "${mp}" != "${creds_msdos_partition}" ]; then 1411.1Smrg continue 1421.1Smrg fi 1431.1Smrg if [ "${fstype}" != "msdos" ]; then 1441.1Smrg echo "Not checking for creds on ${creds_msdos_partition}: not an msdos file system" 1451.3Smrg return 1461.1Smrg fi 1471.1Smrg break 1481.1Smrg done < "${fstab_file}" 1491.1Smrg 1501.3Smrg local delete_creds=no 1511.3Smrg local creds_file="${creds_msdos_partition}/creds.txt" 1521.1Smrg 1531.1Smrg if [ -f "${creds_file}" ]; then 1541.3Smrg while read type user args; do 1551.2Smrg # strip cr 1561.6Smrg local clean_args="$(echo "$args" | tr -d '\015')" 1571.1Smrg case "$type" in 1581.1Smrg \#*|'') 1591.1Smrg continue 1601.1Smrg ;; 1611.1Smrg sshkeyfile) 1621.1Smrg echo "Added user ${user} via ssh key file method." 1631.3Smrg do_sshkeyfile "${user}" "${clean_args}" 1641.1Smrg ;; 1651.1Smrg sshkey) 1661.1Smrg echo "Added user ${user} via ssh key string method." 1671.3Smrg do_sshkey "${user}" "${clean_args}" 1681.1Smrg ;; 1691.1Smrg useraddpwhash) 1701.1Smrg echo "Added user ${user} via password hash method." 1711.3Smrg do_useraddpwhash "${user}" "${clean_args}" 1721.1Smrg ;; 1731.1Smrg useradd) 1741.1Smrg echo "Added user ${user} via password method, shredding credentials file." 1751.3Smrg do_useradd "${user}" "${clean_args}" 1761.1Smrg delete_creds=yes 1771.1Smrg ;; 1781.1Smrg *) 1791.1Smrg echo "Do not understand '$type' creds" 1>&2 1801.1Smrg exit 1 1811.1Smrg ;; 1821.1Smrg esac 1831.1Smrg done < "${creds_file}" 1841.1Smrg fi 1851.1Smrg 1861.1Smrg if [ $delete_creds = yes ]; then 1871.1Smrg rm -P -f "${creds_file}" 1881.1Smrg fi 1891.1Smrg} 1901.1Smrg 1911.1Smrgload_rc_config $name 1921.1Smrgrun_rc_command "$1" 193