creds_msdos revision 1.3
1 1.1 mrg #!/bin/sh 2 1.1 mrg # 3 1.3 mrg # $NetBSD: creds_msdos,v 1.3 2019/06/12 03:06:48 mrg Exp $ 4 1.1 mrg # 5 1.1 mrg # Copyright (c) 2019 Matthew R. Green 6 1.1 mrg # All rights reserved. 7 1.1 mrg # 8 1.1 mrg # Redistribution and use in source and binary forms, with or without 9 1.1 mrg # modification, are permitted provided that the following conditions 10 1.1 mrg # are met: 11 1.1 mrg # 1. Redistributions of source code must retain the above copyright 12 1.1 mrg # notice, this list of conditions and the following disclaimer. 13 1.1 mrg # 2. Redistributions in binary form must reproduce the above copyright 14 1.1 mrg # notice, this list of conditions and the following disclaimer in the 15 1.1 mrg # documentation and/or other materials provided with the distribution. 16 1.1 mrg # 3. The name of the author may not be used to endorse or promote products 17 1.1 mrg # derived from this software without specific prior written permission. 18 1.1 mrg # 19 1.1 mrg # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20 1.1 mrg # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 1.1 mrg # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 1.1 mrg # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23 1.1 mrg # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 24 1.1 mrg # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 25 1.1 mrg # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 26 1.1 mrg # AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 1.1 mrg # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 1.1 mrg # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 1.1 mrg # SUCH DAMAGE. 30 1.1 mrg 31 1.1 mrg # 32 1.1 mrg # If "creds_msdos_partition" is an msdos partition and has a creds.txt 33 1.1 mrg # in it, perform these commands: 34 1.1 mrg # "sshkeyfile <user> <path on msdos>" 35 1.1 mrg # "sshkey <user> <entry>" 36 1.1 mrg # "useraddhash <user> <passwd hash>" 37 1.1 mrg # "useradd <user> <passwd>" 38 1.1 mrg # If the "useradd" method is used, this the creds.txt file will be 39 1.1 mrg # shredded and deleted with rm -P. 40 1.1 mrg 41 1.1 mrg # PROVIDE: creds_msdos 42 1.1 mrg # REQUIRE: mountall 43 1.1 mrg 44 1.1 mrg $_rc_subr_loaded . /etc/rc.subr 45 1.1 mrg 46 1.1 mrg name="creds_msdos" 47 1.1 mrg start_cmd="creds_msdos_start" 48 1.1 mrg stop_cmd=":" 49 1.1 mrg 50 1.1 mrg fail() { 51 1.1 mrg echo "$@" 1>&2 52 1.1 mrg exit 1 53 1.1 mrg } 54 1.1 mrg 55 1.3 mrg # This uses $ssh_userkeys global 56 1.1 mrg sshkey_setup() { 57 1.1 mrg local user="$1" 58 1.1 mrg local group="wheel" 59 1.1 mrg 60 1.1 mrg # don't create existing users 61 1.3 mrg if ! id -u "${user}" > /dev/null 2>&1; then 62 1.3 mrg useradd -m -G "${group}" "${user}" || fail "Useradd failed." 63 1.1 mrg fi 64 1.1 mrg 65 1.3 mrg eval ssh_userdir=~"${user}/.ssh" 66 1.3 mrg mkdir -p -m 755 "${ssh_userdir}" || fail "mkdir ~/.ssh failed." 67 1.3 mrg chmod 755 "${ssh_userdir}" 68 1.3 mrg chown "${user}" "${ssh_userdir}" 69 1.3 mrg 70 1.3 mrg ssh_userkeys="${ssh_userdir}/authorized_keys" 71 1.1 mrg } 72 1.1 mrg 73 1.1 mrg sshkey_finish() { 74 1.1 mrg local user="$1" 75 1.1 mrg 76 1.3 mrg chmod 644 "${ssh_userkeys}" 77 1.3 mrg chown "${user}" "${ssh_userkeys}" 78 1.1 mrg } 79 1.1 mrg 80 1.1 mrg do_sshkeyfile() { 81 1.1 mrg local user="$1" 82 1.1 mrg local newkeys="${creds_msdos_partition}/$2" 83 1.1 mrg 84 1.1 mrg if [ ! -f "${newkeys}" ]; then 85 1.1 mrg return 86 1.1 mrg fi 87 1.1 mrg 88 1.3 mrg sshkey_setup "${user}" 89 1.1 mrg 90 1.1 mrg # check entry is not present 91 1.1 mrg while read type keydata name; do 92 1.3 mrg if fgrep -q "${keydata}" "${ssh_userkeys}" 2>/dev/null; then 93 1.1 mrg continue 94 1.1 mrg fi 95 1.3 mrg echo "${type} ${keydata} ${name}" >> "${ssh_userkeys}" 96 1.1 mrg done < "${newkeys}" 97 1.1 mrg 98 1.3 mrg sshkey_finish "${user}" 99 1.1 mrg } 100 1.1 mrg 101 1.1 mrg do_sshkey() { 102 1.1 mrg local user="$1" 103 1.1 mrg local newkey="$2" 104 1.1 mrg 105 1.3 mrg sshkey_setup "${user}" 106 1.1 mrg 107 1.3 mrg echo "${newkey}" >> "${ssh_userkeys}" 108 1.1 mrg 109 1.3 mrg sshkey_finish "${user}" 110 1.1 mrg } 111 1.1 mrg 112 1.1 mrg do_useraddpwhash() { 113 1.1 mrg local user="$1" 114 1.1 mrg local pwhash="$2" 115 1.1 mrg local group="wheel" 116 1.1 mrg 117 1.1 mrg # don't add to existing users 118 1.3 mrg if id -u "${user}" > /dev/null 2>&1; then 119 1.1 mrg return 120 1.1 mrg fi 121 1.1 mrg 122 1.1 mrg useradd -m -p "${pwhash}" -G "${group}" "${user}" || fail "Useradd failed." 123 1.1 mrg } 124 1.1 mrg 125 1.1 mrg do_useradd() { 126 1.1 mrg local user="$1" 127 1.1 mrg local password="$2" 128 1.1 mrg 129 1.1 mrg local pwhash=$(pwhash "$password") 130 1.1 mrg do_useraddpwhash "${user}" "${pwhash}" 131 1.1 mrg } 132 1.1 mrg 133 1.1 mrg creds_msdos_start() 134 1.1 mrg { 135 1.3 mrg local fstab_file=/etc/fstab 136 1.3 mrg 137 1.1 mrg if [ -z "${creds_msdos_partition}" ]; then 138 1.1 mrg echo "Not looking for credientials on msdos" 139 1.3 mrg return 140 1.1 mrg fi 141 1.1 mrg while read junk1 mp fstype junk2; do 142 1.1 mrg if [ "${mp}" != "${creds_msdos_partition}" ]; then 143 1.1 mrg continue 144 1.1 mrg fi 145 1.1 mrg if [ "${fstype}" != "msdos" ]; then 146 1.1 mrg echo "Not checking for creds on ${creds_msdos_partition}: not an msdos file system" 147 1.3 mrg return 148 1.1 mrg fi 149 1.1 mrg break 150 1.1 mrg done < "${fstab_file}" 151 1.1 mrg 152 1.3 mrg local delete_creds=no 153 1.3 mrg local creds_file="${creds_msdos_partition}/creds.txt" 154 1.1 mrg 155 1.1 mrg if [ -f "${creds_file}" ]; then 156 1.3 mrg while read type user args; do 157 1.2 mrg # strip cr 158 1.3 mrg local clean_args=$(echo "$args" | tr -d '\015') 159 1.1 mrg case "$type" in 160 1.1 mrg \#*|'') 161 1.1 mrg continue 162 1.1 mrg ;; 163 1.1 mrg sshkeyfile) 164 1.1 mrg echo "Added user ${user} via ssh key file method." 165 1.3 mrg do_sshkeyfile "${user}" "${clean_args}" 166 1.1 mrg ;; 167 1.1 mrg sshkey) 168 1.1 mrg echo "Added user ${user} via ssh key string method." 169 1.3 mrg do_sshkey "${user}" "${clean_args}" 170 1.1 mrg ;; 171 1.1 mrg useraddpwhash) 172 1.1 mrg echo "Added user ${user} via password hash method." 173 1.3 mrg do_useraddpwhash "${user}" "${clean_args}" 174 1.1 mrg ;; 175 1.1 mrg useradd) 176 1.1 mrg echo "Added user ${user} via password method, shredding credentials file." 177 1.3 mrg do_useradd "${user}" "${clean_args}" 178 1.1 mrg delete_creds=yes 179 1.1 mrg ;; 180 1.1 mrg *) 181 1.1 mrg echo "Do not understand '$type' creds" 1>&2 182 1.1 mrg exit 1 183 1.1 mrg ;; 184 1.1 mrg esac 185 1.1 mrg done < "${creds_file}" 186 1.1 mrg fi 187 1.1 mrg 188 1.1 mrg if [ $delete_creds = yes ]; then 189 1.1 mrg rm -P -f "${creds_file}" 190 1.1 mrg fi 191 1.1 mrg } 192 1.1 mrg 193 1.1 mrg load_rc_config $name 194 1.1 mrg run_rc_command "$1" 195
Indexes created Fri Sep 26 20:09:58 GMT 2025