115 lines
3.4 KiB
Bash
115 lines
3.4 KiB
Bash
# ------------------------------------------------------------------------------
|
|
# Add local or remote users
|
|
# This file is part of the init.sh project
|
|
# Copyright (c) 2019-2021 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
|
|
# ------------------------------------------------------------------------------
|
|
# This file is distributed under 3-clause BSD license.
|
|
# The complete license agreement can be obtained at:
|
|
# https://opensource.org/licenses/BSD-3-Clause
|
|
# ------------------------------------------------------------------------------
|
|
# Variable:
|
|
# * WITH_LDAP_KERB: Shall we install requirements for LDAP/Kerberos auth ?
|
|
# * REMOTE_USERS: List of remote users to add
|
|
# * LOCAL_USERS: List of local users to create
|
|
# * REMOVE_USERS: List of username to remove
|
|
# * DEFAULT_SHELL: The shell to use when creating new users
|
|
# ------------------------------------------------------------------------------
|
|
|
|
export VER_authnz=0.1.4
|
|
export DEP_authnz="upgrade_dist"
|
|
|
|
# Users (from Ldap)
|
|
add_remote_user()
|
|
{
|
|
echo "+$1::::::" >> /etc/passwd
|
|
echo "+$1::::::::" >> /etc/shadow
|
|
}
|
|
|
|
# Remove users
|
|
remove_user()
|
|
{
|
|
# Using sed is more universal than any distro commands
|
|
sed -i -e "/^$1/d" /etc/passwd /etc/shadow /etc/group
|
|
}
|
|
|
|
# Create a local user
|
|
create_user()
|
|
{
|
|
if [[ $(noerror --noout id $1) != 0 ]]; then
|
|
prnt I "Creating user $1..."
|
|
useradd --create-home --shell $DEFAULT_SHELL --user-group $1
|
|
else
|
|
prnt W "The user $1 already exists. Nothing to do..."
|
|
fi
|
|
}
|
|
|
|
# Authentication
|
|
authnz()
|
|
{
|
|
backupdist /etc/passwd /etc/shadow /etc/group
|
|
for usr in $REMOVE_USERS; do
|
|
prnt I "Removing user $usr..."
|
|
remove_user $usr
|
|
done
|
|
|
|
if [[ $WITH_LDAP_KERB == yes ]]; then
|
|
pkginst krb5-user libpam-krb5 libnss-ldap libpam-ldap nscd
|
|
|
|
backupdist /etc/krb5.conf /etc/libnss-ldap.conf /etc/pam_ldap.conf \
|
|
/etc/nsswitch.conf /etc/pam.d/common-session \
|
|
/etc/pam.d/common-account /etc/pam.d/common-password \
|
|
/etc/pam.d/common-auth
|
|
installfile krb5.conf libnss-ldap.conf pam_ldap.conf nsswitch.conf /etc
|
|
installfile common-session common-account common-password common-auth \
|
|
/etc/pam.d
|
|
|
|
scv_restart nscd
|
|
|
|
for usr in $REMOTE_USERS; do
|
|
prnt I "Adding remote user $usr..."
|
|
add_remote_user $usr
|
|
done
|
|
fi
|
|
|
|
if [[ -z $LOCAL_USERS ]]; then
|
|
return 0
|
|
fi
|
|
|
|
for usr in $LOCAL_USERS; do
|
|
prnt I "Creating user $usr..."
|
|
create_user $usr
|
|
done
|
|
}
|
|
|
|
precheck_authnz()
|
|
{
|
|
if [[ $WITH_LDAP_KERB == "yes" ]]; then
|
|
if [[ -n $REMOTE_USERS ]]; then
|
|
prnt I "The following distant users will be accessible:"
|
|
prnt m "\t* $REMOTE_USERS"
|
|
else
|
|
prnt W "No distant user but LDAP/Kerberos is activated!"
|
|
fi
|
|
file_exists auth/{krb5,libnss-ldap,pam_ldap,nsswitch}.conf
|
|
pam/common-{session,account,password,auth}
|
|
else
|
|
if [[ -n $REMOTE_USERS ]]; then
|
|
prnt E "Impossible to add distant users authentication mechanism."
|
|
die 109
|
|
fi
|
|
fi
|
|
if [[ -n $LOCAL_USERS ]]; then
|
|
prnt I "The following local users will be created:"
|
|
prnt m "\t* $LOCAL_USERS"
|
|
fi
|
|
if [[ -n $REMOvE_USERS ]]; then
|
|
prnt I "The following users will be removed:"
|
|
prnt m "\t* $REMOVE_USERS"
|
|
fi
|
|
}
|
|
|
|
export -f authnz
|
|
export -f precheck_authnz
|
|
|
|
# EOF
|