#!/usr/bin/perl
#
-# (c) Copyright 1995 Wolfram Schneider. All rights reserved.
+# Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin.
+# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
-# 3. All advertising materials mentioning features or use of this software
-# must display the following acknowledgement:
-# This product includes software developed by Wolfram Schneider
-# 4. The name of the author may not be used to endorse or promote products
-# derived from this software without specific prior written permission
#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-# /usr/sbin/adduser - add new user(s)
-#
-# Bugs: my english, silly code
-# Email: Wolfram Schneider <wosch@cs.tu-berlin.de>
-#
-# $Id: adduser,v 1.57 1995/03/07 18:40:37 w Exp w $
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
#
+# $FreeBSD$
+
# read variables
sub variables {
$verbose = 1; # verbose = [0-2]
- $defaultpasswd = "yes"; # use password for new users
+ $usernameregexp = "^[a-z0-9_][a-z0-9_-]*\$"; # configurable
+ $defaultusernameregexp = $usernameregexp; # remains constant
+ $defaultusepassword = "yes"; # use password authentication for new users
+ $defaultenableaccount = "yes"; # enable the account by default
+ $defaultemptypassword = "no"; # don't create an empty password
$dotdir = "/usr/share/skel"; # copy dotfiles from this dir
$dotdir_bak = $dotdir;
$send_message = "/etc/adduser.message"; # send message to new user
- $send_message_bak = $send_message;
+ $send_message_bak = '/etc/adduser.message';
$config = "/etc/adduser.conf"; # config file for adduser
$config_read = 1; # read config file
$logfile = "/var/log/adduser"; # logfile
$etc_shells = "/etc/shells";
$etc_passwd = "/etc/master.passwd";
$group = "/etc/group";
- $pwd_mkdb = "pwd_mkdb -p"; # program for building passwd database
+ @pwd_mkdb = qw(pwd_mkdb -p); # program for building passwd database
# List of directories where shells located
@path = ('/bin', '/usr/bin', '/usr/local/bin');
# common shells, first element has higher priority
- @shellpref = ('bash', 'tcsh', 'ksh', 'csh', 'sh');
+ @shellpref = ('csh', 'sh', 'bash', 'tcsh', 'ksh');
- $defaultshell = 'bash'; # defaultshell if not empty
+ $defaultshell = 'sh'; # defaultshell if not empty
$group_uniq = 'USER';
$defaultgroup = $group_uniq;# login groupname, $group_uniq means username
+ $defaultclass = '';
$uid_start = 1000; # new users get this uid
$uid_end = 32000; # max. uid
$pwgid = ''; # $pwgid{pwgid} = username; gid from passwd db
$password = ''; # password for new users
+ $usepassword = ''; # use password-based auth
+ $useemptypassword = ''; # use an empty password
+ $enableaccount = ''; # enable or disable account password at creation
# group
$groupname =''; # $groupname{groupname} = gid
$groupmembers = ''; # $groupmembers{gid} = members of group/kommalist
$gid = ''; # $gid{gid} = groupname; gid form group db
+ @group_comments; # Comments in the group file
# shell
$shell = ''; # $shell{`basename sh`} = sh
- # only for me (=Wolfram)
- if ($test) {
- $home = "/home/w/tmp/adduser/home";
- $etc_shells = "./shells";
- $etc_passwd = "./master.passwd";
- $group = "./group";
- $pwd_mkdb = "pwd_mkdb -p -d .";
- $config = "adduser.conf";
- $send_message = "./adduser.message";
- $logfile = "./log.adduser";
- }
-
umask 022; # don't give login group write access
$ENV{'PATH'} = "/sbin:/bin:/usr/sbin:/usr/bin";
}
}
}
+
+ # Allow /nonexistent and /bin/date as a valid shell for system utils
+ push(@list, "/nonexistent");
+ push(@shellpref, "no") if !grep(/^no$/, @shellpref);
+ $shell{"no"} = "/nonexistent";
+
+ push(@list, "/bin/date");
+ push(@shellpref, "date") if !grep(/^date$/, @shellpref);
+ $shell{"date"} = "/bin/date";
+
return $err;
}
return 1 unless $verbose;
foreach $sh (@shellpref) {
- # all knowned shells
+ # all known shells
if (!$shell{$sh}) {
# shell $sh is not defined as login shell
foreach $dir (@path) {
&append_file($etc_shells, @list) if $#list >= 0;
}
-# choise your favourite shell an return the shell
+# choose your favourite shell and return the shell
sub shell_default {
local($e,$i,$new_shell);
local($sh);
return $s;
}
-# return default home partition (f.e. "/home")
+# return default home partition (e.g. "/home")
# create base directory if nesseccary
sub home_partition {
local($home) = @_;
}
if (-e $h) {
- warn "$h exist, but is it not a directory or symlink!\n"
+ warn "$h exists, but is not a directory or symlink!\n"
unless -d $h || -l $h;
warn "$h is not writable!\n"
unless -w $h;
# check for valid passwddb
sub passwd_check {
- system("$pwd_mkdb $etc_passwd");
+ system(@pwd_mkdb, '-C', $etc_passwd);
die "\nInvalid $etc_passwd - cannot add any users!\n" if $?;
}
local($p_username, $pw, $p_uid, $p_gid, $sh, %shlist);
print "Check $etc_passwd\n" if $verbose;
- open(P, "$etc_passwd") || die "$passwd: $!\n";
+ open(P, "$etc_passwd") || die "$etc_passwd: $!\n";
while(<P>) {
chop;
push(@passwd_backup, $_);
+ # ignore comments
+ next if /^\s*$/;
+ next if /^\s*#/;
+
($p_username, $pw, $p_uid, $p_gid, $sh) = (split(/:/, $_))[0..3,9];
- print "$p_username already exist with uid: $username{$p_username}!\n"
+ print "$p_username already exists with uid: $username{$p_username}!\n"
if $username{$p_username} && $verbose;
$username{$p_username} = $p_uid;
- print "User $p_username: uid $p_uid exist twice: $uid{$p_uid}\n"
+ print "User $p_username: uid $p_uid exists twice: $uid{$p_uid}\n"
if $uid{$p_uid} && $verbose && $p_uid; # don't warn for uid 0
print "User $p_username: illegal shell: ``$sh''\n"
if ($verbose && $sh &&
!$shell{&basename($sh)} &&
- $p_username !~ /^(bin|uucp|falcon|nobody)$/ &&
- $sh !~ /\/(pppd|sliplogin)$/);
+ $p_username !~ /^(news|xten|bin|nobody|uucp)$/ &&
+ $sh !~ /\/(pppd|sliplogin|nologin|nonexistent)$/);
$uid{$p_uid} = $p_username;
$pwgid{$p_gid} = $p_username;
}
while(<G>) {
chop;
push(@group_backup, $_);
+ # Ignore empty lines
+ next if /^\s*$/;
+ # Save comments to restore later
+ if (/^\s*\#/) {
+ push(@group_comments, $_);
+ next;
+ }
+
($g_groupname, $pw, $g_gid, $memb) = (split(/:/, $_))[0..3];
$groupmembers{$g_gid} = $memb;
- warn "Groupname exist twice: $g_groupname:$g_gid -> $g_groupname:$groupname{$g_groupname}\n"
+ warn "Groupname exists twice: $g_groupname:$g_gid -> $g_groupname:$groupname{$g_groupname}\n"
if $groupname{$g_groupname} && $verbose;
$groupname{$g_groupname} = $g_gid;
- warn "Groupid exist twice: $g_groupname:$g_gid -> $gid{$g_gid}:$g_gid\n"
+ warn "Groupid exists twice: $g_groupname:$g_gid -> $gid{$g_gid}:$g_gid\n"
if $gid{$g_gid} && $verbose;
$gid{$g_gid} = $g_groupname;
}
local($name);
while(1) {
- $name = &confirm_list("Enter username", 1, "a-z0-9", "");
- last if (&new_users_name_valid($name) eq $name);
+ $name = &confirm_list("Enter username", 1, $usernameregexp, "");
+ last if (&new_users_name_valid($name));
}
return $name;
}
sub new_users_name_valid {
local($name) = @_;
- if ($name !~ /^[a-z0-9]+$/) {
- warn "Wrong username. " .
- "Please use only lowercase characters or digits\a\n";
+ if ($name eq $usernameregexp) { # user/admin just pressed <Return>
+ warn "Please enter a username\a\n";
+ return 0;
+ } elsif (length($name) > 16) {
+ warn "Username is longer than 16 characters.\a\n";
return 0;
- } elsif ($username{$name}) {
+ } elsif ($name =~ /[:\n]/) {
+ warn "Username cannot contain colon or newline characters.\a\n";
+ return 0;
+ } elsif ($name !~ /$usernameregexp/) {
+ if ($usernameregexp eq $defaultusernameregexp) {
+ warn "Illegal username.\n" .
+ "Please use only lowercase Roman, decimal, underscore, " .
+ "or hyphen characters.\n" .
+ "Additionally, a username should not start with a hyphen.\a\n";
+ } else {
+ warn "Username doesn't match the regexp /$usernameregexp/\a\n";
+ }
+ return 0;
+ } elsif (defined($username{$name})) {
warn "Username ``$name'' already exists!\a\n"; return 0;
}
- return $name;
+ return 1;
}
# return full name
return $shell{$sh};
}
+# return home (full path) for user
+# Note that the home path defaults to $home/$name for batch
+sub new_users_home {
+ local($name) = @_;
+ local($userhome);
+
+ while(1) {
+ $userhome = &confirm_list("Enter home directory (full path)", 1, "$home/$name", "");
+ last if $userhome =~ /^\//;
+ warn qq{Home directory "$userhome" is not a full path\a\n};
+ }
+ return $userhome;
+}
+
# return free uid and gid
sub new_users_id {
local($name) = @_;
! $uid{$u_id_tmp};
if ($uid{$u_id_tmp}) {
warn "Uid ``$u_id_tmp'' in use!\a\n";
+ $uid_start = $u_id_tmp;
+ ($u_id, $g_id) = &next_id($name);
+ next;
} else {
warn "Wrong uid.\a\n";
}
}
# use calculated uid
- return ($u_id_tmp, $g_id) if $u_id_tmp eq $u_id;
+ # return ($u_id_tmp, $g_id) if $u_id_tmp eq $u_id;
# recalculate gid
$uid_start = $u_id_tmp;
return &next_id($name);
}
+# return login class for user
+sub new_users_class {
+ local($def) = @_;
+ local($class);
+
+ $class = &confirm_list("Enter login class:", 1, $def, ($def, "default"));
+ $class = "" if $class eq "default";
+ return $class;
+}
+
# add user to group
sub add_group {
local($gid, $name) = @_;
warn "Group does not exist!\a\n";
}
- if (defined($groupname{$group_login})) {
- &add_group($groupname{$group_login}, $name);
- }
+ #if (defined($groupname{$group_login})) {
+ # &add_group($groupname{$group_login}, $name);
+ #}
return ($group_login, $group_uniq) if $group_login eq $name;
return ($group_login, $group_login);
}
-# return login group
-sub new_users_grplogin_batch {
- local($name, $defaultgroup) = @_;
- local($group_login, $group);
-
- $group_login = $name;
- $group_login = $defaultgroup if $defaultgroup ne $group_uniq;
-
- if (defined $gid{$group_login}) {
- # convert numeric groupname (gid) to groupname
- $group_login = $gid{$group_login};
- }
-
- if (defined($groupname{$group_login})) {
- &add_group($groupname{$group_login}, $name);
- }
-
- return $group_login
- if defined($groupname{$group_login}) || $group_login eq $name;
- warn "Group ``$group_login'' does not exist\a\n";
- return 0;
-}
-
# return other groups (string)
sub new_users_groups {
local($name, $other_groups) = @_;
$e = $gid{$e};
}
if (defined($groupname{$e})) {
- if (&add_group($groupname{$e}, $name)) {
+ if ($e eq $group_login) {
+ # do not add user to a group if this group
+ # is also the login group.
+ } elsif (&add_group($groupname{$e}, $name)) {
$new_groups .= "$e ";
} else {
warn "$name is already member of group ``$e''\n";
# your last change
sub new_users_ok {
+ local ($newpasswd);
+ # Note that we either show "password disabled" or
+ # "****" .. we don't show "empty password" since
+ # the whole point of starring out the password in
+ # the first place is to stop people looking over your
+ # shoulder and seeing the password.. -- adrian
+ if ($usepassword eq "no") {
+ $newpasswd = "Password disabled";
+ } elsif ($enableaccount eq "no") {
+ $newpasswd = "Password disabled";
+ } else {
+ $newpasswd = "****";
+ }
print <<EOF;
Name: $name
-Password: $password
+Password: $newpasswd
Fullname: $fullname
Uid: $u_id
Gid: $g_id ($group_login)
+Class: $class
Groups: $group_login $new_groups
-HOME: $home/$name
+HOME: $userhome
Shell: $sh
EOF
- return &confirm_yn("Ok?", "yes");
+ return &confirm_yn("OK?", "yes");
}
# make password database
sub new_users_pwdmkdb {
- local($last) = @_;
+ local($last) = shift;
+ local($name) = shift;
- system("$pwd_mkdb $etc_passwd");
+ system(@pwd_mkdb, '-u', $name, $etc_passwd);
if ($?) {
- local($crash) = "$etc_passwd.crash$$";
warn "$last\n";
- warn "``$pwd_mkdb'' failed, try to restore ...\n";
-
- open(R, "> $crash") || die "Sorry, give up\n";
- $j = join("\n", @passwd_backup);
- $j =~ s/\n//;
- print R $j . "\n";
- close R;
-
- system("$pwd_mkdb $crash");
- die "Sorry, give up\n" if $?;
- die "Successfully restore $etc_passwd. Exit.\n";
+ warn "``@pwd_mkdb'' failed\n";
+ exit($? >> 8);
}
}
# Add *new* group
if (!defined($groupname{$group_login}) &&
!defined($gid{$groupname{$group_login}})) {
- push(@group_backup, "$group_login:*:$g_id:$group_login");
+ push(@group_backup, "$group_login:*:$g_id:");
$groupname{$group_login} = $g_id;
$gid{$g_id} = $group_login;
- $groupmembers{$g_id} = $group_login;
+ # $groupmembers{$g_id} = $group_login;
}
if ($new_groups || defined($groupname{$group_login}) ||
- defined($gid{$groupname{$group_login}})) {
+ defined($gid{$groupname{$group_login}}) &&
+ $gid{$groupname{$group_login}} ne "+") {
# new user is member of some groups
# new login group is already in name space
rename($group, "$group.bak");
#warn "$group_login $groupname{$group_login} $groupmembers{$groupname{$group_login}}\n";
+
+ # Restore comments from the top of the group file
+ @a = @group_comments;
foreach $e (sort {$a <=> $b} (keys %gid)) {
push(@a, "$gid{$e}:*:$e:$groupmembers{$e}");
}
&append_file($group, @a);
} else {
- &append_file($group, "$group_login:*:$g_id:$group_login");
+ &append_file($group, "$group_login:*:$g_id:");
}
}
print "\n";
local(@message_buffer_append) = ();
- if (!&confirm_yn("Add somethings to message", "no")) {
- print "Finish with beginning ``.'' or ^D\n";
+ if (!&confirm_yn("Add anything to default message", "no")) {
+ print "Use ``.'' or ^D alone on a line to finish your message.\n";
push(@message_buffer_append, "\n");
while($read = <STDIN>) {
last if $read eq "\.\n";
sub new_users_password {
- # empty password
- return "" if $defaultpasswd ne "yes";
-
local($password);
while(1) {
+ system("stty -echo");
$password = &confirm_list("Enter password", 1, "", "");
- last if $password ne "";
- last if &confirm_yn("Use empty password?", "yes");
+ system("stty echo");
+ print "\n";
+ if ($password ne "") {
+ system("stty -echo");
+ $newpass = &confirm_list("Enter password again", 1, "", "");
+ system("stty echo");
+ print "\n";
+ last if $password eq $newpass;
+ print "They didn't match, please try again\n";
+ }
+ elsif (&confirm_yn("Use an empty password?", "yes")) {
+ last;
+ }
}
return $password;
}
+sub new_users_use_password {
+ local ($p) = $defaultusepassword;
+ $p = &confirm_yn("Use password-based authentication", $defaultusepassword);
+ return "yes" if (($defaultusepassword eq "yes" && $p) ||
+ ($defaultusepassword eq "no" && !$p));
+ return "no"; # otherwise
+}
+
+sub new_users_enable_account {
+ local ($p) = $defaultenableaccount;
+ $p = &confirm_yn("Enable account password at creation", $defaultenableaccount);
+ return "yes" if (($defaultenableaccount eq "yes" && $p) ||
+ ($defaultenableaccount eq "no" && !$p));
+ return "no"; # otherwise
+}
+
+sub new_users_empty_password {
+ local ($p) = $defaultemptypassword;
+ $p = &confirm_yn("Use an empty password", $defaultemptypassword);
+ return "yes" if (($defaultemptypassword eq "yes" && $p) ||
+ ($defaultemptypassword eq "no" && !$p));
+ return "no"; # otherwise
+}
sub new_users {
print "\n" if $verbose;
print "Ok, let's go.\n" .
- "Don't worry about mistakes. I ask you later for " .
- "correct input.\n" if $verbose;
+ "Don't worry about mistakes. I will give you the chance later to " .
+ "correct any input.\n" if $verbose;
# name: Username
# fullname: Full name
# sh: shell
+ # userhome: home path for user
# u_id: user id
# g_id: group id
+ # class: login class
# group_login: groupname of g_id
# new_groups: some other groups
- local($name, $group_login, $fullname, $sh, $u_id, $g_id, $new_groups);
+ local($name, $group_login, $fullname, $sh, $u_id, $g_id, $class, $new_groups);
+ local($userhome);
local($groupmembers_bak, $cryptpwd);
local($new_users_ok) = 1;
$name = &new_users_name;
$fullname = &new_users_fullname($name);
$sh = &new_users_shell;
+ $userhome = &new_users_home($name);
($u_id, $g_id) = &new_users_id($name);
+ $class = &new_users_class($defaultclass);
($group_login, $defaultgroup) =
&new_users_grplogin($name, $defaultgroup, $new_users_ok);
# do not use uniq username and login group
$g_id = $groupname{$group_login} if (defined($groupname{$group_login}));
+
+ # The tricky logic:
+ # If $usepasswd is 0, we use a * as a password
+ # If $usepasswd is 1, then
+ # if $enableaccount is 0, we prepend * as a password
+ # else if $enableaccount is 1 we don't prepend anything
+ # if $useemptypassword is 0 we ask for a password,
+ # else we use a blank one
+ #
+ # The logic is tasty, I'll give you that, but its flexible and
+ # it'll stop people shooting themselves in the foot.
+
$new_groups = &new_users_groups($name, $new_groups);
- $password = &new_users_password;
+ $usepassword = &new_users_use_password;
+ if ($usepassword eq "no") {
+ # note that the assignments to enableaccount and
+ # useemptypassword functionally do the same as
+ # usepasswd == "no". Just for consistency.
+ $password = ""; # no password!
+ $enableaccount = "no"; # doesn't matter here
+ $useemptypassword = "yes"; # doesn't matter here
+ } else {
+ $useemptypassword = &new_users_empty_password;
+ if ($useemptypassword eq "no") {
+ $password = &new_users_password;
+ }
+ $enableaccount = &new_users_enable_account;
+ }
if (&new_users_ok) {
$new_users_ok = 1;
$cryptpwd = "";
$cryptpwd = crypt($password, &salt) if $password ne "";
- # obskure perl bug
+
+ if ($usepassword eq "no") {
+ $cryptpwd = "*";
+ } else {
+ # cryptpwd is valid before this if mess, so if
+ # blankpasswd is no we don't blank the cryptpwd
+ if ($useemptypassword eq "yes") {
+ $cryptpwd = "";
+ }
+ if ($enableaccount eq "no") {
+ $cryptpwd = "*" . $cryptpwd;
+ }
+ }
+ # obscure perl bug
$new_entry = "$name\:" . "$cryptpwd" .
- "\:$u_id\:$g_id\::0:0:$fullname:$home/$name:$sh";
+ "\:$u_id\:$g_id\:$class\:0:0:$fullname:$userhome:$sh";
&append_file($etc_passwd, "$new_entry");
- &new_users_pwdmkdb("$new_entry");
+ &new_users_pwdmkdb("$new_entry", $name);
&new_users_group_update;
&new_users_passwd_update; print "Added user ``$name''\n";
&new_users_sendmessage;
&adduser_log("$name:*:$u_id:$g_id($group_login):$fullname");
- &home_create($name, $group_login);
+ &home_create($userhome, $name, $group_login);
} else {
$new_users_ok = 0;
}
- if (!&confirm_yn("Continue with next user?", "yes")) {
- print "Good bye.\n" if $verbose;
+ if (!&confirm_yn("Add another user?", "yes")) {
+ print "Goodbye!\n" if $verbose;
last;
}
print "\n" if !$verbose;
}
}
-sub batch {
- local($name, $groups, $fullname, $password) = @_;
- local($sh);
-
- $defaultshell = &shell_default_valid($defaultshell);
- return 0 unless $home = &home_partition_valid($home);
- return 0 if $dotdir ne &dotdir_default_valid($dotdir);
- $send_message = &message_default;
-
- return 0 if $name ne &new_users_name_valid($name);
- $sh = $shell{$defaultshell};
- ($u_id, $g_id) = &next_id($name);
- $group_login = &new_users_grplogin_batch($name, $defaultgroup);
- return 0 unless $group_login;
- $g_id = $groupname{$group_login} if (defined($groupname{$group_login}));
- ($flag, $new_groups) = &new_users_groups_valid($groups);
- return 0 if $flag;
-
- $cryptpwd = "";
- $cryptpwd = crypt($password, &salt) if $password ne "";
- # obskure perl bug
- $new_entry = "$name\:" . "$cryptpwd" .
- "\:$u_id\:$g_id\::0:0:$fullname:$home/$name:$sh";
- &append_file($etc_passwd, "$new_entry");
- &new_users_pwdmkdb("$new_entry");
- &new_users_group_update;
- &new_users_passwd_update; print "Added user ``$name''\n";
- &sendmessage($name, @message_buffer) if $send_message ne "no";
- &adduser_log("$name:*:$u_id:$g_id($group_login):$fullname");
- &home_create($name, $group_login);
-}
-
# ask for password usage
sub password_default {
- local($p) = $defaultpasswd;
+ local($p) = $defaultusepassword;
if ($verbose) {
- $p = &confirm_yn("Use passwords", $defaultpasswd);
+ $p = &confirm_yn("Use password-based authentication", $defaultusepassword);
$changes++ unless $p;
}
- return "yes" if (($defaultpasswd eq "yes" && $p) ||
- ($defaultpasswd eq "no" && !$p));
+ return "yes" if (($defaultusepassword eq "yes" && $p) ||
+ ($defaultusepassword eq "no" && !$p));
+ return "no"; # otherwise
+}
+
+# ask for account enable usage
+sub enable_account_default {
+ local ($p) = $defaultenableaccount;
+ if ($verbose) {
+ $p = &confirm_yn("Enable account password at creation", $defaultenableaccount);
+ $changes++ unless $p;
+ }
+ return "yes" if (($defaultenableaccount eq "yes" && $p) ||
+ ($defaultenableaccount eq "no" && !$p));
return "no"; # otherwise
}
+# ask for empty password
+sub enable_empty_password {
+ local ($p) = $defaultemptypassword;
+ if ($verbose) {
+ $p = &confirm_yn("Use an empty password", $defaultemptypassword);
+ $changes++ unless $p;
+ }
+ return "yes" if (($defaultemptypassword eq "yes" && $p) ||
+ ($defaultemptypassword eq "no" && !$p));
+ return "no"; # otherwise
+}
+
# misc
sub check_root {
die "You are not root!\n" if $< && !$test;
sub usage {
warn <<USAGE;
usage: adduser
- [-batch username [group[,group]...] [fullname] [password]]
[-check_only]
+ [-class login_class]
[-config_create]
[-dotdir dotdir]
[-group login_group]
[-message message_file]
[-noconfig]
[-shell shell]
- [-s|-silent|-q|-quit]
+ [-s|-silent|-q|-quiet]
[-uid uid_start]
[-v|-verbose]
home=$home shell=$defaultshell dotdir=$dotdir login_group=$defaultgroup
-message_file=$send_message uid_start=$uid_start
+login_class=$defaultclass message_file=$send_message uid_start=$uid_start
USAGE
exit 1;
}
return @array;
}
-# see /usr/src/usr.bin/passwd/local_passwd.c or librcypt
+# see /usr/src/usr.bin/passwd/local_passwd.c or librcypt, crypt(3)
sub salt {
- local($salt) = '_';
- local($i);
-
- srand;
+ local($salt); # initialization
+ local($i, $rand);
+ local(@itoa64) = ( '0' .. '9', 'a' .. 'z', 'A' .. 'Z' ); # 0 .. 63
+ warn "calculate salt\n" if $verbose > 1;
# to64
- while(1) {
- $i = sprintf("%c", rand(256));
- $salt .= $i if $i =~ /[A-Za-z0-9]/;
- last if length($salt) == 8;
+ for ($i = 0; $i < 27; $i++) {
+ srand(time + $rand + $$);
+ $rand = rand(25*29*17 + $rand);
+ $salt .= $itoa64[$rand & $#itoa64];
}
+ warn "Salt is: $salt\n" if $verbose > 1;
return $salt;
}
+
# print banner
sub copyright {
- print <<'EOF';
-(c) Copyright 1995 Wolfram Schneider <wosch@cs.tu-berlin.de>
-EOF
+ return;
}
# hints
sub hints {
if ($verbose) {
- print "Use option ``-silent'' if you don't want see " .
- "some warnings & questions.\n\n";
+ print "Use option ``-silent'' if you don't want to see " .
+ "all warnings and questions.\n\n";
} else {
- print "Use option ``-verbose'' if you want see more warnings & " .
+ print "Use option ``-verbose'' if you want to see more warnings and " .
"questions \nor try to repair bugs.\n\n";
}
}
shift @argv;
last if /^--$/;
if (/^--?(v|verbose)$/) { $verbose = 1 }
- elsif (/^--?(s|silent|q|quit)$/) { $verbose = 0 }
+ elsif (/^--?(s|silent|q|quiet)$/) { $verbose = 0 }
elsif (/^--?(debug)$/) { $verbose = 2 }
elsif (/^--?(h|help|\?)$/) { &usage }
elsif (/^--?(home)$/) { $home = $argv[0]; shift @argv }
elsif (/^--?(shell)$/) { $defaultshell = $argv[0]; shift @argv }
elsif (/^--?(dotdir)$/) { $dotdir = $argv[0]; shift @argv }
elsif (/^--?(uid)$/) { $uid_start = $argv[0]; shift @argv }
+ elsif (/^--?(class)$/) { $defaultclass = $argv[0]; shift @argv }
elsif (/^--?(group)$/) { $defaultgroup = $argv[0]; shift @argv }
elsif (/^--?(check_only)$/) { $check_only = 1 }
elsif (/^--?(message)$/) { $send_message = $argv[0]; shift @argv;
$sendmessage = 1; }
elsif (/^--?(batch)$/) {
- @batch = splice(@argv, 0, 4); $verbose = 0;
- die "batch: to few arguments\n" if $#batch < 0;
+ warn "The -batch option is not supported anymore.\n",
+ "Please use the pw(8) command line tool!\n";
+ exit(0);
}
# see &config_read
elsif (/^--?(config_create)$/) { &create_conf; }
# create configuration files and exit
sub create_conf {
$create_conf = 1;
- &message_create($send_message);
+ if ($send_message ne 'no') {
+ &message_create($send_message);
+ } else {
+ &message_create($send_message_bak);
+ }
&config_write(1);
exit(0);
}
return 1 if $logfile eq "no";
local($sec, $min, $hour, $mday, $mon, $year) = localtime;
+ $year += 1900;
$mon++;
foreach $e ('sec', 'min', 'hour', 'mday', 'mon', 'year') {
# create HOME directory, copy dotfiles from $dotdir to $HOME
sub home_create {
- local($name, $group) = @_;
- local($homedir) = "$home/$name";
+ local($homedir, $name, $group) = @_;
+ local($rootdir);
if (-e "$homedir") {
warn "HOME Directory ``$homedir'' already exist\a\n";
return 0;
}
+ # if the home directory prefix doesn't exist, create it
+ # First, split the directory into a list; then remove the user's dir
+ @dir = split('/', $homedir); pop(@dir);
+ # Put back together & strip to get directory prefix
+ $rootdir = &stripdir(join('/', @dir));
+
+ if (!&mkdirhier("$rootdir")) {
+ # warn already displayed
+ return 0;
+ }
+
+ if ($dotdir eq 'no') {
+ if (!mkdir("$homedir", 0755)) {
+ warn "$dir: $!\n"; return 0;
+ }
+ system 'chown', "$name:$group", $homedir;
+ return !$?;
+ }
+
# copy files from $dotdir to $homedir
# rename 'dot.foo' files to '.foo'
print "Copy files from $dotdir to $homedir\n" if $verbose;
- system("cp -r $dotdir $homedir");
- system("chmod -R u+wrX,go-w $homedir");
- system("chown -R $name:$group $homedir");
+ system('cp', '-R', $dotdir, $homedir);
+ system('chmod', '-R', 'u+wrX,go-w', $homedir);
+ system('chown', '-Rh', "$name:$group", $homedir);
# security
opendir(D, $homedir);
local($user_partition) = "/usr";
local($dirname) = &dirname($dir);
-
-e $dirname || &mkdirhier($dirname);
if (((stat($dirname))[0]) == ((stat("/"))[0])){
return 0;
}
+# allow configuring usernameregexp
+sub usernameregexp_default {
+ local($r) = $usernameregexp;
+
+ while ($verbose) {
+ $r = &confirm_list("Usernames must match regular expression:", 1,
+ $r, "");
+ eval "'foo' =~ /$r/";
+ last unless $@;
+ warn "Invalid regular expression\a\n";
+ }
+ $changes++ if $r ne $usernameregexp;
+ return $r;
+}
+
# test if $dotdir exist
# return "no" if $dotdir not exist or dotfiles should not copied
sub dotdir_default {
#
# Message file for adduser(8)
# comment: ``#''
-# defaultvariables: \$name, \$fullname, \$password
+# default variables: \$name, \$fullname, \$password
# other variables: see /etc/adduser.conf after
# line ``$do_not_delete''
#
\$fullname,
-your account ``\$name'' was created. Your password is ``\$password''.
-Please expire your password. Have fun!
+your account ``\$name'' was created.
+Have fun!
See also chpass(1), finger(1), passwd(1)
EOF
local($file,@list) = @_;
local($e);
local($LOCK_EX) = 2;
+ local($LOCK_NB) = 4;
local($LOCK_UN) = 8;
open(F, ">> $file") || die "$file: $!\n";
print "Lock $file.\n" if $verbose > 1;
- flock(F, $LOCK_EX);
+ while(!flock(F, $LOCK_EX | $LOCK_NB)) {
+ warn "Cannot lock file: $file\a\n";
+ die "Sorry, give up\n"
+ unless &confirm_yn("Try again?", "yes");
+ }
print F join("\n", @list) . "\n";
close F;
print "Unlock $file.\n" if $verbose > 1;
# prepare some variables
$send_message = "no" unless $send_message;
- $defaultpasswd = "no" unless $defaultpasswd;
+ $defaultusepassword = "no" unless $defaultusepassword;
+ $defaultenableaccount = "yes" unless $defaultenableaccount;
+ $defaultemptypassword = "no" unless $defaultemptypassword;
local($shpref) = "'" . join("', '", @shellpref) . "'";
local($shpath) = "'" . join("', '", @path) . "'";
local($user_var) = join('', @user_variable_list);
# $config - automatic generated by adduser(8)
#
# Note: adduser read *and* write this file.
-# You may change values, but don't add new things befor the
+# You may change values, but don't add new things before the
# line ``$do_not_delete''
#
# verbose = [0-2]
verbose = $verbose
-# use password for new users
-# defaultpasswd = yes | no
-defaultpasswd = $defaultpasswd
+# regular expression usernames are checked against (see perlre(1))
+# usernameregexp = 'regexp'
+usernameregexp = '$usernameregexp'
+
+# use password-based authentication for new users
+# defaultusepassword = "yes" | "no"
+defaultusepassword = "$defaultusepassword"
+
+# enable account password at creation
+# (the password will be prepended with a star if the account isn't enabled)
+# defaultenableaccount = "yes" | "no"
+defaultenableaccount = "$defaultenableaccount"
+
+# allow blank passwords
+# defaultemptypassword = "yes" | "no"
+defaultemptypassword = "$defaultemptypassword"
# copy dotfiles from this dir ("/usr/share/skel" or "no")
dotdir = "$dotdir"
# defaultshell if not empty ("bash")
defaultshell = "$defaultshell"
-# defaultgroup ('USER' for same as username or any other valid group
+# defaultgroup ('USER' for same as username or any other valid group)
defaultgroup = $defaultgroup
+# defaultclass if not empty
+defaultclass = "$defaultclass"
+
# new users get this uid (1000)
-uid_start = 1000
+uid_start = "$uid_start"
$do_not_delete
## your own variables, see /etc/adduser.message
&config_read(@ARGV); # read variables form config-file
&parse_arguments(@ARGV); # parse arguments
-if (!$check_only && $#batch < 0) {
+if (!$check_only) {
©right; &hints;
}
&group_check; # check for incon*
exit 0 if $check_only; # only check consistence and exit
-exit(!&batch(@batch)) if $#batch >= 0; # batch mode
# interactive
# some questions
+$usernameregexp = &usernameregexp_default; # regexp to check usernames against
&shells_add; # maybe add some new shells
$defaultshell = &shell_default; # enter default shell
$home = &home_partition($home); # find HOME partition
$dotdir = &dotdir_default; # check $dotdir
$send_message = &message_default; # send message to new user
-$defaultpasswd = &password_default; # maybe use password
-&config_write(0); # write variables in file
+$defaultusepassword = &password_default; # maybe use password
+if ($defaultusepassword eq "no") {
+ if ($verbose) {
+ print "Creating accounts with a locked password.\n";
+ }
+ $defaultenableaccount = "no";
+ $defaultemptypassword = "yes";
+} else {
+ $defaultenableaccount = &enable_account_default; # enable or disable account
+ $defaultemptypassword = &enable_empty_password; # use empty password or not
+}
+&config_write(!$verbose); # write variables in file
# main loop for creating new users
&new_users; # add new users
git.ckatri.com / pw-darwin.git / blobdiff