X-Git-Url: https://git.cameronkatri.com/pw-darwin.git/blobdiff_plain/d8243ec3c8fec805425e327a19995a97a69018a9..9e9dc684797afab66559d22b1d69399d92f3d9f1:/adduser/adduser.perl diff --git a/adduser/adduser.perl b/adduser/adduser.perl index 256e27c..e70349c 100644 --- a/adduser/adduser.perl +++ b/adduser/adduser.perl @@ -24,13 +24,15 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $Id: adduser.perl,v 1.41 1998/08/17 18:50:29 wosch Exp $ +# $FreeBSD$ # read variables sub variables { $verbose = 1; # verbose = [0-2] - $defaultpasswd = "yes"; # use password for new users + $defaultusepassword = "yes"; # use password authentication for new users + $defaultenableaccount = "yes"; # enable the account by default + $defaultemptypassword = "no"; # don't create an empty password $dotdir = "/usr/share/skel"; # copy dotfiles from this dir $dotdir_bak = $dotdir; $send_message = "/etc/adduser.message"; # send message to new user @@ -65,11 +67,15 @@ sub variables { $pwgid = ''; # $pwgid{pwgid} = username; gid from passwd db $password = ''; # password for new users + $usepassword = ''; # use password-based auth + $useemptypassword = ''; # use an empty password + $enableaccount = ''; # enable or disable account password at creation # group $groupname =''; # $groupname{groupname} = gid $groupmembers = ''; # $groupmembers{gid} = members of group/kommalist $gid = ''; # $gid{gid} = groupname; gid form group db + @group_comments; # Comments in the group file # shell $shell = ''; # $shell{`basename sh`} = sh @@ -265,9 +271,13 @@ sub group_read { while() { chop; push(@group_backup, $_); - # ignore comments + # Ignore empty lines next if /^\s*$/; - next if /^\s*#/; + # Save comments to restore later + if (/^\s*\#/) { + push(@group_comments, $_); + next; + } ($g_groupname, $pw, $g_gid, $memb) = (split(/:/, $_))[0..3]; @@ -517,11 +527,24 @@ sub new_users_groups_valid { # your last change sub new_users_ok { + local ($newpasswd); + # Note that we either show "password disabled" or + # "****" .. we don't show "empty password" since + # the whole point of starring out the password in + # the first place is to stop people looking over your + # shoulder and seeing the password.. -- adrian + if ($usepassword eq "no") { + $newpasswd = "Password disabled"; + } elsif ($enableaccount eq "no") { + $newpasswd = "Password disabled"; + } else { + $newpasswd = "****"; + } print < $b} (keys %gid)) { push(@a, "$gid{$e}:*:$e:$groupmembers{$e}"); } @@ -631,9 +657,6 @@ sub sendmessage { sub new_users_password { - # empty password - return "" if $defaultpasswd ne "yes"; - local($password); while(1) { @@ -657,6 +680,29 @@ sub new_users_password { return $password; } +sub new_users_use_password { + local ($p) = $defaultusepassword; + $p = &confirm_yn("Use password-based authentication", $defaultusepassword); + return "yes" if (($defaultusepassword eq "yes" && $p) || + ($defaultusepassword eq "no" && !$p)); + return "no"; # otherwise +} + +sub new_users_enable_account { + local ($p) = $defaultenableaccount; + $p = &confirm_yn("Enable account password at creation", $defaultenableaccount); + return "yes" if (($defaultenableaccount eq "yes" && $p) || + ($defaultenableaccount eq "no" && !$p)); + return "no"; # otherwise +} + +sub new_users_empty_password { + local ($p) = $defaultemptypassword; + $p = &confirm_yn("Use an empty password", $defaultemptypassword); + return "yes" if (($defaultemptypassword eq "yes" && $p) || + ($defaultemptypassword eq "no" && !$p)); + return "no"; # otherwise +} sub new_users { @@ -695,15 +741,54 @@ sub new_users { # do not use uniq username and login group $g_id = $groupname{$group_login} if (defined($groupname{$group_login})); + + # The tricky logic: + # If $usepasswd is 0, we use a * as a password + # If $usepasswd is 1, then + # if $enableaccount is 0, we prepend * as a password + # else if $enableaccount is 1 we don't prepend anything + # if $useemptypassword is 0 we ask for a password, + # else we use a blank one + # + # The logic is tasty, I'll give you that, but its flexible and + # it'll stop people shooting themselves in the foot. + $new_groups = &new_users_groups($name, $new_groups); - $password = &new_users_password; + $usepassword = &new_users_use_password; + if ($usepassword eq "no") { + # note that the assignments to enableaccount and + # useemptypassword functionally do the same as + # usepasswd == "no". Just for consistency. + $password = ""; # no password! + $enableaccount = "no"; # doesn't matter here + $useemptypassword = "yes"; # doesn't matter here + } else { + $useemptypassword = &new_users_empty_password; + if ($useemptypassword eq "no") { + $password = &new_users_password; + } + $enableaccount = &new_users_enable_account; + } if (&new_users_ok) { $new_users_ok = 1; $cryptpwd = ""; $cryptpwd = crypt($password, &salt) if $password ne ""; + + if ($usepassword eq "no") { + $cryptpwd = "*"; + } else { + # cryptpwd is valid before this if mess, so if + # blankpasswd is no we don't blank the cryptpwd + if ($useemptypassword eq "yes") { + $cryptpwd = ""; + } + if ($enableaccount eq "no") { + $cryptpwd = "*" . $cryptpwd; + } + } # obscure perl bug $new_entry = "$name\:" . "$cryptpwd" . "\:$u_id\:$g_id\:$class\:0:0:$fullname:$userhome:$sh"; @@ -727,16 +812,40 @@ sub new_users { # ask for password usage sub password_default { - local($p) = $defaultpasswd; + local($p) = $defaultusepassword; if ($verbose) { - $p = &confirm_yn("Use passwords", $defaultpasswd); + $p = &confirm_yn("Use password-based authentication", $defaultusepassword); $changes++ unless $p; } - return "yes" if (($defaultpasswd eq "yes" && $p) || - ($defaultpasswd eq "no" && !$p)); + return "yes" if (($defaultusepassword eq "yes" && $p) || + ($defaultusepassword eq "no" && !$p)); + return "no"; # otherwise +} + +# ask for account enable usage +sub enable_account_default { + local ($p) = $defaultenableaccount; + if ($verbose) { + $p = &confirm_yn("Enable account password at creation", $defaultenableaccount); + $changes++ unless $p; + } + return "yes" if (($defaultenableaccount eq "yes" && $p) || + ($defaultenableaccount eq "no" && !$p)); return "no"; # otherwise } +# ask for empty password +sub enable_empty_password { + local ($p) = $defaultemptypassword; + if ($verbose) { + $p = &confirm_yn("Use an empty password", $defaultemptypassword); + $changes++ unless $p; + } + return "yes" if (($defaultemptypassword eq "yes" && $p) || + ($defaultemptypassword eq "no" && !$p)); + return "no"; # otherwise +} + # misc sub check_root { die "You are not root!\n" if $< && !$test; @@ -804,10 +913,10 @@ sub copyright { # hints sub hints { if ($verbose) { - print "Use option ``-silent'' if you don't want see " . - "all warnings & questions.\n\n"; + print "Use option ``-silent'' if you don't want to see " . + "all warnings and questions.\n\n"; } else { - print "Use option ``-verbose'' if you want see more warnings & " . + print "Use option ``-verbose'' if you want to see more warnings and " . "questions \nor try to repair bugs.\n\n"; } } @@ -1288,7 +1397,9 @@ sub config_write { # prepare some variables $send_message = "no" unless $send_message; - $defaultpasswd = "no" unless $defaultpasswd; + $defaultusepassword = "no" unless $defaultusepassword; + $defaultenableaccount = "yes" unless $defaultenableaccount; + $defaultemptypassword = "no" unless $defaultemptypassword; local($shpref) = "'" . join("', '", @shellpref) . "'"; local($shpath) = "'" . join("', '", @path) . "'"; local($user_var) = join('', @user_variable_list); @@ -1298,16 +1409,25 @@ sub config_write { # $config - automatic generated by adduser(8) # # Note: adduser read *and* write this file. -# You may change values, but don't add new things befor the +# You may change values, but don't add new things before the # line ``$do_not_delete'' # # verbose = [0-2] verbose = $verbose -# use password for new users -# defaultpasswd = yes | no -defaultpasswd = $defaultpasswd +# use password-based authentication for new users +# defaultusepassword = "yes" | "no" +defaultusepassword = "$defaultusepassword" + +# enable account password at creation +# (the password will be prepended with a star if the account isn't enabled) +# defaultenableaccount = "yes" | "no" +defaultenableaccount = "$defaultenableaccount" + +# allow blank passwords +# defaultemptypassword = "yes" | "no" +defaultemptypassword = "$defaultemptypassword" # copy dotfiles from this dir ("/usr/share/skel" or "no") dotdir = "$dotdir" @@ -1385,7 +1505,17 @@ $defaultshell = &shell_default; # enter default shell $home = &home_partition($home); # find HOME partition $dotdir = &dotdir_default; # check $dotdir $send_message = &message_default; # send message to new user -$defaultpasswd = &password_default; # maybe use password +$defaultusepassword = &password_default; # maybe use password +if ($defaultusepassword eq "no") { + if ($verbose) { + print "Creating accounts with a locked password.\n"; + } + $defaultenableaccount = "no"; + $defaultemptypassword = "yes"; +} else { + $defaultenableaccount = &enable_account_default; # enable or disable account + $defaultemptypassword = &enable_empty_password; # use empty password or not +} &config_write(!$verbose); # write variables in file # main loop for creating new users