creds_msdos revision 1.2
11.1Smrg#!/bin/sh 21.1Smrg# 31.2Smrg# $NetBSD: creds_msdos,v 1.2 2019/06/12 00:28:56 mrg Exp $ 41.1Smrg# 51.1Smrg# Copyright (c) 2019 Matthew R. Green 61.1Smrg# All rights reserved. 71.1Smrg# 81.1Smrg# Redistribution and use in source and binary forms, with or without 91.1Smrg# modification, are permitted provided that the following conditions 101.1Smrg# are met: 111.1Smrg# 1. Redistributions of source code must retain the above copyright 121.1Smrg# notice, this list of conditions and the following disclaimer. 131.1Smrg# 2. Redistributions in binary form must reproduce the above copyright 141.1Smrg# notice, this list of conditions and the following disclaimer in the 151.1Smrg# documentation and/or other materials provided with the distribution. 161.1Smrg# 3. The name of the author may not be used to endorse or promote products 171.1Smrg# derived from this software without specific prior written permission. 181.1Smrg# 191.1Smrg# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 201.1Smrg# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 211.1Smrg# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 221.1Smrg# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 231.1Smrg# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 241.1Smrg# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 251.1Smrg# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 261.1Smrg# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 271.1Smrg# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 281.1Smrg# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 291.1Smrg# SUCH DAMAGE. 301.1Smrg 311.1Smrg# 321.1Smrg# If "creds_msdos_partition" is an msdos partition and has a creds.txt 331.1Smrg# in it, perform these commands: 341.1Smrg# "sshkeyfile <user> <path on msdos>" 351.1Smrg# "sshkey <user> <entry>" 361.1Smrg# "useraddhash <user> <passwd hash>" 371.1Smrg# "useradd <user> <passwd>" 381.1Smrg# If the "useradd" method is used, this the creds.txt file will be 391.1Smrg# shredded and deleted with rm -P. 401.1Smrg 411.1Smrg# PROVIDE: creds_msdos 421.1Smrg# REQUIRE: mountall 431.1Smrg 441.1Smrg$_rc_subr_loaded . /etc/rc.subr 451.1Smrg 461.1Smrgname="creds_msdos" 471.1Smrgstart_cmd="creds_msdos_start" 481.1Smrgstop_cmd=":" 491.1Smrgfstab_file=/etc/fstab 501.1Smrg 511.1Smrgfail() { 521.1Smrg echo "$@" 1>&2 531.1Smrg exit 1 541.1Smrg} 551.1Smrg 561.1Smrgsshkey_setup() { 571.1Smrg local user="$1" 581.1Smrg local group="wheel" 591.1Smrg 601.1Smrg # don't create existing users 611.1Smrg id=$(id -u $user 2>/dev/null) 621.1Smrg if [ $? -ne 0 ]; then 631.1Smrg useradd -m -G "${group}" "$user" || fail "Useradd failed." 641.1Smrg fi 651.1Smrg 661.1Smrg eval sshdir=~"${user}/.ssh" 671.1Smrg eval mkdir -p -m 755 "${sshdir}" || fail "mkdir ~/.ssh failed." 681.1Smrg chown "${user}" "${sshdir}" 691.1Smrg eval userkeys="${sshdir}/authorized_keys" 701.1Smrg} 711.1Smrg 721.1Smrgsshkey_finish() { 731.1Smrg local user="$1" 741.1Smrg local userkeys="$2" 751.1Smrg 761.1Smrg chmod 644 "${userkeys}" 771.1Smrg chown "${user}" "${userkeys}" 781.1Smrg} 791.1Smrg 801.1Smrgdo_sshkeyfile() { 811.1Smrg local user="$1" 821.1Smrg local newkeys="${creds_msdos_partition}/$2" 831.1Smrg 841.1Smrg if [ ! -f "${newkeys}" ]; then 851.1Smrg return 861.1Smrg fi 871.1Smrg 881.1Smrg sshkey_setup "$user" 891.1Smrg 901.1Smrg # check entry is not present 911.1Smrg while read type keydata name; do 921.1Smrg if fgrep -q "${keydata}" "${userkeys}" 2>/dev/null; then 931.1Smrg continue 941.1Smrg fi 951.1Smrg echo "${type} ${keydata} ${name}" >> "${userkeys}" 961.1Smrg done < "${newkeys}" 971.1Smrg 981.1Smrg sshkey_finish "$user" "${userkeys}" 991.1Smrg} 1001.1Smrg 1011.1Smrgdo_sshkey() { 1021.1Smrg local user="$1" 1031.1Smrg local newkey="$2" 1041.1Smrg 1051.1Smrg sshkey_setup "$user" 1061.1Smrg 1071.1Smrg echo "${newkey}" >> "${userkeys}" 1081.1Smrg 1091.1Smrg sshkey_finish "$user" "${userkeys}" 1101.1Smrg} 1111.1Smrg 1121.1Smrgdo_useraddpwhash() { 1131.1Smrg local user="$1" 1141.1Smrg local pwhash="$2" 1151.1Smrg local group="wheel" 1161.1Smrg 1171.1Smrg # don't add to existing users 1181.1Smrg id=$(id -u "${user}" 2>/dev/null) 1191.1Smrg if [ $? -eq 0 ]; then 1201.1Smrg return 1211.1Smrg fi 1221.1Smrg 1231.1Smrg useradd -m -p "${pwhash}" -G "${group}" "${user}" || fail "Useradd failed." 1241.1Smrg} 1251.1Smrg 1261.1Smrgdo_useradd() { 1271.1Smrg local user="$1" 1281.1Smrg local password="$2" 1291.1Smrg 1301.1Smrg local pwhash=$(pwhash "$password") 1311.1Smrg do_useraddpwhash "${user}" "${pwhash}" 1321.1Smrg} 1331.1Smrg 1341.1Smrgcreds_msdos_start() 1351.1Smrg{ 1361.1Smrg if [ -z "${creds_msdos_partition}" ]; then 1371.1Smrg echo "Not looking for credientials on msdos" 1381.1Smrg return; 1391.1Smrg fi 1401.1Smrg check_fs= 1411.1Smrg while read junk1 mp fstype junk2; do 1421.1Smrg if [ "${mp}" != "${creds_msdos_partition}" ]; then 1431.1Smrg continue 1441.1Smrg fi 1451.1Smrg if [ "${fstype}" != "msdos" ]; then 1461.1Smrg echo "Not checking for creds on ${creds_msdos_partition}: not an msdos file system" 1471.1Smrg return; 1481.1Smrg fi 1491.1Smrg break 1501.1Smrg done < "${fstab_file}" 1511.1Smrg 1521.1Smrg delete_creds=no 1531.1Smrg creds_file="${creds_msdos_partition}/creds.txt" 1541.1Smrg 1551.1Smrg if [ -f "${creds_file}" ]; then 1561.1Smrg while read type user arg1; do 1571.2Smrg # strip cr 1581.2Smrg arg1=$(echo "$arg1" | tr -d '\015') 1591.1Smrg case "$type" in 1601.1Smrg \#*|'') 1611.1Smrg continue 1621.1Smrg ;; 1631.1Smrg sshkeyfile) 1641.1Smrg echo "Added user ${user} via ssh key file method." 1651.1Smrg do_sshkeyfile "${user}" "${arg1}" 1661.1Smrg ;; 1671.1Smrg sshkey) 1681.1Smrg echo "Added user ${user} via ssh key string method." 1691.1Smrg do_sshkey "${user}" "${arg1}" 1701.1Smrg ;; 1711.1Smrg useraddpwhash) 1721.1Smrg echo "Added user ${user} via password hash method." 1731.1Smrg do_useraddpwhash "${user}" "${arg1}" 1741.1Smrg ;; 1751.1Smrg useradd) 1761.1Smrg echo "Added user ${user} via password method, shredding credentials file." 1771.1Smrg do_useradd "${user}" "${arg1}" 1781.1Smrg delete_creds=yes 1791.1Smrg ;; 1801.1Smrg *) 1811.1Smrg echo "Do not understand '$type' creds" 1>&2 1821.1Smrg exit 1 1831.1Smrg ;; 1841.1Smrg esac 1851.1Smrg done < "${creds_file}" 1861.1Smrg fi 1871.1Smrg 1881.1Smrg if [ $delete_creds = yes ]; then 1891.1Smrg rm -P -f "${creds_file}" 1901.1Smrg fi 1911.1Smrg} 1921.1Smrg 1931.1Smrgload_rc_config $name 1941.1Smrgrun_rc_command "$1" 195