creds_msdos revision 1.3
1 #!/bin/sh 2 # 3 # $NetBSD: creds_msdos,v 1.3 2019/06/12 03:06:48 mrg Exp $ 4 # 5 # Copyright (c) 2019 Matthew R. Green 6 # All rights reserved. 7 # 8 # Redistribution and use in source and binary forms, with or without 9 # modification, are permitted provided that the following conditions 10 # are met: 11 # 1. Redistributions of source code must retain the above copyright 12 # notice, this list of conditions and the following disclaimer. 13 # 2. Redistributions in binary form must reproduce the above copyright 14 # notice, this list of conditions and the following disclaimer in the 15 # documentation and/or other materials provided with the distribution. 16 # 3. The name of the author may not be used to endorse or promote products 17 # derived from this software without specific prior written permission. 18 # 19 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20 # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23 # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 24 # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 25 # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 26 # AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 # SUCH DAMAGE. 30 31 # 32 # If "creds_msdos_partition" is an msdos partition and has a creds.txt 33 # in it, perform these commands: 34 # "sshkeyfile <user> <path on msdos>" 35 # "sshkey <user> <entry>" 36 # "useraddhash <user> <passwd hash>" 37 # "useradd <user> <passwd>" 38 # If the "useradd" method is used, this the creds.txt file will be 39 # shredded and deleted with rm -P. 40 41 # PROVIDE: creds_msdos 42 # REQUIRE: mountall 43 44 $_rc_subr_loaded . /etc/rc.subr 45 46 name="creds_msdos" 47 start_cmd="creds_msdos_start" 48 stop_cmd=":" 49 50 fail() { 51 echo "$@" 1>&2 52 exit 1 53 } 54 55 # This uses $ssh_userkeys global 56 sshkey_setup() { 57 local user="$1" 58 local group="wheel" 59 60 # don't create existing users 61 if ! id -u "${user}" > /dev/null 2>&1; then 62 useradd -m -G "${group}" "${user}" || fail "Useradd failed." 63 fi 64 65 eval ssh_userdir=~"${user}/.ssh" 66 mkdir -p -m 755 "${ssh_userdir}" || fail "mkdir ~/.ssh failed." 67 chmod 755 "${ssh_userdir}" 68 chown "${user}" "${ssh_userdir}" 69 70 ssh_userkeys="${ssh_userdir}/authorized_keys" 71 } 72 73 sshkey_finish() { 74 local user="$1" 75 76 chmod 644 "${ssh_userkeys}" 77 chown "${user}" "${ssh_userkeys}" 78 } 79 80 do_sshkeyfile() { 81 local user="$1" 82 local newkeys="${creds_msdos_partition}/$2" 83 84 if [ ! -f "${newkeys}" ]; then 85 return 86 fi 87 88 sshkey_setup "${user}" 89 90 # check entry is not present 91 while read type keydata name; do 92 if fgrep -q "${keydata}" "${ssh_userkeys}" 2>/dev/null; then 93 continue 94 fi 95 echo "${type} ${keydata} ${name}" >> "${ssh_userkeys}" 96 done < "${newkeys}" 97 98 sshkey_finish "${user}" 99 } 100 101 do_sshkey() { 102 local user="$1" 103 local newkey="$2" 104 105 sshkey_setup "${user}" 106 107 echo "${newkey}" >> "${ssh_userkeys}" 108 109 sshkey_finish "${user}" 110 } 111 112 do_useraddpwhash() { 113 local user="$1" 114 local pwhash="$2" 115 local group="wheel" 116 117 # don't add to existing users 118 if id -u "${user}" > /dev/null 2>&1; then 119 return 120 fi 121 122 useradd -m -p "${pwhash}" -G "${group}" "${user}" || fail "Useradd failed." 123 } 124 125 do_useradd() { 126 local user="$1" 127 local password="$2" 128 129 local pwhash=$(pwhash "$password") 130 do_useraddpwhash "${user}" "${pwhash}" 131 } 132 133 creds_msdos_start() 134 { 135 local fstab_file=/etc/fstab 136 137 if [ -z "${creds_msdos_partition}" ]; then 138 echo "Not looking for credientials on msdos" 139 return 140 fi 141 while read junk1 mp fstype junk2; do 142 if [ "${mp}" != "${creds_msdos_partition}" ]; then 143 continue 144 fi 145 if [ "${fstype}" != "msdos" ]; then 146 echo "Not checking for creds on ${creds_msdos_partition}: not an msdos file system" 147 return 148 fi 149 break 150 done < "${fstab_file}" 151 152 local delete_creds=no 153 local creds_file="${creds_msdos_partition}/creds.txt" 154 155 if [ -f "${creds_file}" ]; then 156 while read type user args; do 157 # strip cr 158 local clean_args=$(echo "$args" | tr -d '\015') 159 case "$type" in 160 \#*|'') 161 continue 162 ;; 163 sshkeyfile) 164 echo "Added user ${user} via ssh key file method." 165 do_sshkeyfile "${user}" "${clean_args}" 166 ;; 167 sshkey) 168 echo "Added user ${user} via ssh key string method." 169 do_sshkey "${user}" "${clean_args}" 170 ;; 171 useraddpwhash) 172 echo "Added user ${user} via password hash method." 173 do_useraddpwhash "${user}" "${clean_args}" 174 ;; 175 useradd) 176 echo "Added user ${user} via password method, shredding credentials file." 177 do_useradd "${user}" "${clean_args}" 178 delete_creds=yes 179 ;; 180 *) 181 echo "Do not understand '$type' creds" 1>&2 182 exit 1 183 ;; 184 esac 185 done < "${creds_file}" 186 fi 187 188 if [ $delete_creds = yes ]; then 189 rm -P -f "${creds_file}" 190 fi 191 } 192 193 load_rc_config $name 194 run_rc_command "$1" 195
Indexes created Sun Sep 28 12:09:53 GMT 2025