creds_msdos revision 1.3
11.1Smrg#!/bin/sh 21.1Smrg# 31.3Smrg# $NetBSD: creds_msdos,v 1.3 2019/06/12 03:06:48 mrg Exp $ 41.1Smrg# 51.1Smrg# Copyright (c) 2019 Matthew R. Green 61.1Smrg# All rights reserved. 71.1Smrg# 81.1Smrg# Redistribution and use in source and binary forms, with or without 91.1Smrg# modification, are permitted provided that the following conditions 101.1Smrg# are met: 111.1Smrg# 1. Redistributions of source code must retain the above copyright 121.1Smrg# notice, this list of conditions and the following disclaimer. 131.1Smrg# 2. Redistributions in binary form must reproduce the above copyright 141.1Smrg# notice, this list of conditions and the following disclaimer in the 151.1Smrg# documentation and/or other materials provided with the distribution. 161.1Smrg# 3. The name of the author may not be used to endorse or promote products 171.1Smrg# derived from this software without specific prior written permission. 181.1Smrg# 191.1Smrg# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 201.1Smrg# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 211.1Smrg# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 221.1Smrg# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 231.1Smrg# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 241.1Smrg# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 251.1Smrg# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 261.1Smrg# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 271.1Smrg# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 281.1Smrg# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 291.1Smrg# SUCH DAMAGE. 301.1Smrg 311.1Smrg# 321.1Smrg# If "creds_msdos_partition" is an msdos partition and has a creds.txt 331.1Smrg# in it, perform these commands: 341.1Smrg# "sshkeyfile <user> <path on msdos>" 351.1Smrg# "sshkey <user> <entry>" 361.1Smrg# "useraddhash <user> <passwd hash>" 371.1Smrg# "useradd <user> <passwd>" 381.1Smrg# If the "useradd" method is used, this the creds.txt file will be 391.1Smrg# shredded and deleted with rm -P. 401.1Smrg 411.1Smrg# PROVIDE: creds_msdos 421.1Smrg# REQUIRE: mountall 431.1Smrg 441.1Smrg$_rc_subr_loaded . /etc/rc.subr 451.1Smrg 461.1Smrgname="creds_msdos" 471.1Smrgstart_cmd="creds_msdos_start" 481.1Smrgstop_cmd=":" 491.1Smrg 501.1Smrgfail() { 511.1Smrg echo "$@" 1>&2 521.1Smrg exit 1 531.1Smrg} 541.1Smrg 551.3Smrg# This uses $ssh_userkeys global 561.1Smrgsshkey_setup() { 571.1Smrg local user="$1" 581.1Smrg local group="wheel" 591.1Smrg 601.1Smrg # don't create existing users 611.3Smrg if ! id -u "${user}" > /dev/null 2>&1; then 621.3Smrg useradd -m -G "${group}" "${user}" || fail "Useradd failed." 631.1Smrg fi 641.1Smrg 651.3Smrg eval ssh_userdir=~"${user}/.ssh" 661.3Smrg mkdir -p -m 755 "${ssh_userdir}" || fail "mkdir ~/.ssh failed." 671.3Smrg chmod 755 "${ssh_userdir}" 681.3Smrg chown "${user}" "${ssh_userdir}" 691.3Smrg 701.3Smrg ssh_userkeys="${ssh_userdir}/authorized_keys" 711.1Smrg} 721.1Smrg 731.1Smrgsshkey_finish() { 741.1Smrg local user="$1" 751.1Smrg 761.3Smrg chmod 644 "${ssh_userkeys}" 771.3Smrg chown "${user}" "${ssh_userkeys}" 781.1Smrg} 791.1Smrg 801.1Smrgdo_sshkeyfile() { 811.1Smrg local user="$1" 821.1Smrg local newkeys="${creds_msdos_partition}/$2" 831.1Smrg 841.1Smrg if [ ! -f "${newkeys}" ]; then 851.1Smrg return 861.1Smrg fi 871.1Smrg 881.3Smrg sshkey_setup "${user}" 891.1Smrg 901.1Smrg # check entry is not present 911.1Smrg while read type keydata name; do 921.3Smrg if fgrep -q "${keydata}" "${ssh_userkeys}" 2>/dev/null; then 931.1Smrg continue 941.1Smrg fi 951.3Smrg echo "${type} ${keydata} ${name}" >> "${ssh_userkeys}" 961.1Smrg done < "${newkeys}" 971.1Smrg 981.3Smrg sshkey_finish "${user}" 991.1Smrg} 1001.1Smrg 1011.1Smrgdo_sshkey() { 1021.1Smrg local user="$1" 1031.1Smrg local newkey="$2" 1041.1Smrg 1051.3Smrg sshkey_setup "${user}" 1061.1Smrg 1071.3Smrg echo "${newkey}" >> "${ssh_userkeys}" 1081.1Smrg 1091.3Smrg sshkey_finish "${user}" 1101.1Smrg} 1111.1Smrg 1121.1Smrgdo_useraddpwhash() { 1131.1Smrg local user="$1" 1141.1Smrg local pwhash="$2" 1151.1Smrg local group="wheel" 1161.1Smrg 1171.1Smrg # don't add to existing users 1181.3Smrg if id -u "${user}" > /dev/null 2>&1; then 1191.1Smrg return 1201.1Smrg fi 1211.1Smrg 1221.1Smrg useradd -m -p "${pwhash}" -G "${group}" "${user}" || fail "Useradd failed." 1231.1Smrg} 1241.1Smrg 1251.1Smrgdo_useradd() { 1261.1Smrg local user="$1" 1271.1Smrg local password="$2" 1281.1Smrg 1291.1Smrg local pwhash=$(pwhash "$password") 1301.1Smrg do_useraddpwhash "${user}" "${pwhash}" 1311.1Smrg} 1321.1Smrg 1331.1Smrgcreds_msdos_start() 1341.1Smrg{ 1351.3Smrg local fstab_file=/etc/fstab 1361.3Smrg 1371.1Smrg if [ -z "${creds_msdos_partition}" ]; then 1381.1Smrg echo "Not looking for credientials on msdos" 1391.3Smrg return 1401.1Smrg fi 1411.1Smrg while read junk1 mp fstype junk2; do 1421.1Smrg if [ "${mp}" != "${creds_msdos_partition}" ]; then 1431.1Smrg continue 1441.1Smrg fi 1451.1Smrg if [ "${fstype}" != "msdos" ]; then 1461.1Smrg echo "Not checking for creds on ${creds_msdos_partition}: not an msdos file system" 1471.3Smrg return 1481.1Smrg fi 1491.1Smrg break 1501.1Smrg done < "${fstab_file}" 1511.1Smrg 1521.3Smrg local delete_creds=no 1531.3Smrg local creds_file="${creds_msdos_partition}/creds.txt" 1541.1Smrg 1551.1Smrg if [ -f "${creds_file}" ]; then 1561.3Smrg while read type user args; do 1571.2Smrg # strip cr 1581.3Smrg local clean_args=$(echo "$args" | tr -d '\015') 1591.1Smrg case "$type" in 1601.1Smrg \#*|'') 1611.1Smrg continue 1621.1Smrg ;; 1631.1Smrg sshkeyfile) 1641.1Smrg echo "Added user ${user} via ssh key file method." 1651.3Smrg do_sshkeyfile "${user}" "${clean_args}" 1661.1Smrg ;; 1671.1Smrg sshkey) 1681.1Smrg echo "Added user ${user} via ssh key string method." 1691.3Smrg do_sshkey "${user}" "${clean_args}" 1701.1Smrg ;; 1711.1Smrg useraddpwhash) 1721.1Smrg echo "Added user ${user} via password hash method." 1731.3Smrg do_useraddpwhash "${user}" "${clean_args}" 1741.1Smrg ;; 1751.1Smrg useradd) 1761.1Smrg echo "Added user ${user} via password method, shredding credentials file." 1771.3Smrg do_useradd "${user}" "${clean_args}" 1781.1Smrg delete_creds=yes 1791.1Smrg ;; 1801.1Smrg *) 1811.1Smrg echo "Do not understand '$type' creds" 1>&2 1821.1Smrg exit 1 1831.1Smrg ;; 1841.1Smrg esac 1851.1Smrg done < "${creds_file}" 1861.1Smrg fi 1871.1Smrg 1881.1Smrg if [ $delete_creds = yes ]; then 1891.1Smrg rm -P -f "${creds_file}" 1901.1Smrg fi 1911.1Smrg} 1921.1Smrg 1931.1Smrgload_rc_config $name 1941.1Smrgrun_rc_command "$1" 195