OpenGrok

1.1      mrg #!/bin/sh
1.1      mrg #
1.6      mrg # $NetBSD: creds_msdos,v 1.6 2024/01/29 05:46:55 mrg Exp $
1.1      mrg #
1.1      mrg # Copyright (c) 2019 Matthew R. Green
1.1      mrg # All rights reserved.
1.1      mrg #
1.1      mrg # Redistribution and use in source and binary forms, with or without
1.1      mrg # modification, are permitted provided that the following conditions
1.1      mrg # are met:
1.1      mrg # 1. Redistributions of source code must retain the above copyright
1.1      mrg #    notice, this list of conditions and the following disclaimer.
1.1      mrg # 2. Redistributions in binary form must reproduce the above copyright
1.1      mrg #    notice, this list of conditions and the following disclaimer in the
1.1      mrg #    documentation and/or other materials provided with the distribution.
1.1      mrg #
1.1      mrg # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
1.1      mrg # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
1.1      mrg # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1.1      mrg # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
1.1      mrg # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
1.1      mrg # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1.1      mrg # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
1.1      mrg # AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
1.1      mrg # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.1      mrg # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.1      mrg # SUCH DAMAGE.
1.1      mrg
1.1      mrg #
1.1      mrg # If "creds_msdos_partition" is an msdos partition and has a creds.txt
1.1      mrg # in it, perform these commands:
1.1      mrg #	"sshkeyfile <user> <path on msdos>"
1.1      mrg #	"sshkey <user> <entry>"
1.1      mrg # 	"useraddhash <user> <passwd hash>"
1.1      mrg # 	"useradd <user> <passwd>"
1.1      mrg # If the "useradd" method is used, this the creds.txt file will be
1.1      mrg # shredded and deleted with rm -P.
1.1      mrg
1.1      mrg # PROVIDE: creds_msdos
1.1      mrg # REQUIRE: mountall
1.1      mrg
1.1      mrg $_rc_subr_loaded . /etc/rc.subr
1.1      mrg
1.1      mrg name="creds_msdos"
1.1      mrg start_cmd="creds_msdos_start"
1.1      mrg stop_cmd=":"
1.1      mrg
1.1      mrg fail() {
1.1      mrg 	echo "$@" 1>&2
1.1      mrg 	exit 1
1.1      mrg }
1.1      mrg
1.3      mrg # This uses $ssh_userkeys global
1.1      mrg sshkey_setup() {
1.1      mrg 	local user="$1"
1.1      mrg 	local group="wheel"
1.1      mrg
1.1      mrg 	# don't create existing users
1.3      mrg 	if ! id -u "${user}" > /dev/null 2>&1; then
1.3      mrg 		useradd -m -G "${group}" "${user}" || fail "Useradd failed."
1.1      mrg 	fi
1.1      mrg
1.3      mrg 	eval ssh_userdir=~"${user}/.ssh"
1.3      mrg 	mkdir -p -m 755 "${ssh_userdir}" || fail "mkdir ~/.ssh failed."
1.3      mrg 	chmod 755 "${ssh_userdir}"
1.3      mrg 	chown "${user}" "${ssh_userdir}"
1.3      mrg
1.3      mrg 	ssh_userkeys="${ssh_userdir}/authorized_keys"
1.1      mrg }
1.1      mrg
1.1      mrg sshkey_finish() {
1.1      mrg 	local user="$1"
1.1      mrg
1.3      mrg 	chmod 644 "${ssh_userkeys}"
1.3      mrg 	chown "${user}" "${ssh_userkeys}"
1.1      mrg }
1.1      mrg
1.1      mrg do_sshkeyfile() {
1.1      mrg 	local user="$1"
1.1      mrg 	local newkeys="${creds_msdos_partition}/$2"
1.1      mrg
1.1      mrg 	if [ ! -f "${newkeys}" ]; then
1.1      mrg 		return
1.1      mrg 	fi
1.1      mrg
1.3      mrg 	sshkey_setup "${user}"
1.1      mrg
1.1      mrg 	# check entry is not present
1.1      mrg 	while read type keydata name; do
1.3      mrg 		if fgrep -q "${keydata}" "${ssh_userkeys}" 2>/dev/null; then
1.1      mrg 			continue
1.1      mrg 		fi
1.3      mrg 		echo "${type} ${keydata} ${name}" >> "${ssh_userkeys}"
1.1      mrg 	done < "${newkeys}"
1.1      mrg
1.3      mrg 	sshkey_finish "${user}"
1.1      mrg }
1.1      mrg
1.1      mrg do_sshkey() {
1.1      mrg 	local user="$1"
1.1      mrg 	local newkey="$2"
1.1      mrg
1.3      mrg 	sshkey_setup "${user}"
1.1      mrg
1.3      mrg 	echo "${newkey}" >> "${ssh_userkeys}"
1.1      mrg
1.3      mrg 	sshkey_finish "${user}"
1.1      mrg }
1.1      mrg
1.1      mrg do_useraddpwhash() {
1.1      mrg 	local user="$1"
1.1      mrg 	local pwhash="$2"
1.1      mrg 	local group="wheel"
1.1      mrg
1.1      mrg 	# don't add to existing users
1.3      mrg 	if id -u "${user}" > /dev/null 2>&1; then
1.1      mrg 		return
1.1      mrg 	fi
1.1      mrg
1.1      mrg 	useradd -m -p "${pwhash}" -G "${group}" "${user}" || fail "Useradd failed."
1.1      mrg }
1.1      mrg
1.1      mrg do_useradd() {
1.1      mrg 	local user="$1"
1.1      mrg 	local password="$2"
1.1      mrg
1.1      mrg 	local pwhash=$(pwhash "$password")
1.1      mrg 	do_useraddpwhash "${user}" "${pwhash}"
1.1      mrg }
1.1      mrg
1.1      mrg creds_msdos_start()
1.1      mrg {
1.3      mrg 	local fstab_file=/etc/fstab
1.3      mrg
1.1      mrg 	if [ -z "${creds_msdos_partition}" ]; then
1.4  mlelstv 		echo "Not looking for credentials on msdos"
1.3      mrg 		return
1.1      mrg 	fi
1.1      mrg 	while read junk1 mp fstype junk2; do
1.1      mrg 		if [ "${mp}" != "${creds_msdos_partition}" ]; then
1.1      mrg 			continue
1.1      mrg 		fi
1.1      mrg 		if [ "${fstype}" != "msdos" ]; then
1.1      mrg 			echo "Not checking for creds on ${creds_msdos_partition}: not an msdos file system"
1.3      mrg 			return
1.1      mrg 		fi
1.1      mrg 		break
1.1      mrg 	done < "${fstab_file}"
1.1      mrg
1.3      mrg 	local delete_creds=no
1.3      mrg 	local creds_file="${creds_msdos_partition}/creds.txt"
1.1      mrg
1.1      mrg 	if [ -f "${creds_file}" ]; then
1.3      mrg 		while read type user args; do
1.2      mrg 			# strip cr
1.6      mrg 			local clean_args="$(echo "$args" | tr -d '\015')"
1.1      mrg 			case "$type" in
1.1      mrg 			\#*|'')
1.1      mrg 				continue
1.1      mrg 				;;
1.1      mrg 			sshkeyfile)
1.1      mrg 				echo "Added user ${user} via ssh key file method."
1.3      mrg 				do_sshkeyfile "${user}" "${clean_args}"
1.1      mrg 				;;
1.1      mrg 			sshkey)
1.1      mrg 				echo "Added user ${user} via ssh key string method."
1.3      mrg 				do_sshkey "${user}" "${clean_args}"
1.1      mrg 				;;
1.1      mrg 			useraddpwhash)
1.1      mrg 				echo "Added user ${user} via password hash method."
1.3      mrg 				do_useraddpwhash "${user}" "${clean_args}"
1.1      mrg 				;;
1.1      mrg 			useradd)
1.1      mrg 				echo "Added user ${user} via password method, shredding credentials file."
1.3      mrg 				do_useradd "${user}" "${clean_args}"
1.1      mrg 				delete_creds=yes
1.1      mrg 				;;
1.1      mrg 			*)
1.1      mrg 				echo "Do not understand '$type' creds" 1>&2
1.1      mrg 				exit 1
1.1      mrg 				;;
1.1      mrg 			esac
1.1      mrg 		done < "${creds_file}"
1.1      mrg 	fi
1.1      mrg
1.1      mrg 	if [ $delete_creds = yes ]; then
1.1      mrg 		rm -P -f "${creds_file}"
1.1      mrg 	fi
1.1      mrg }
1.1      mrg
1.1      mrg load_rc_config $name
1.1      mrg run_rc_command "$1"