96 lines
3.0 KiB
Bash
96 lines
3.0 KiB
Bash
# ------------------------------------------------------------------------------
|
|
# Add local or remote users
|
|
# This file is part of the init.sh project
|
|
# Copyright (c) 2019-2021 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
|
|
# ------------------------------------------------------------------------------
|
|
# This file is distributed under 3-clause BSD license.
|
|
# The complete license agreement can be obtained at:
|
|
# https://opensource.org/licenses/BSD-3-Clause
|
|
# ------------------------------------------------------------------------------
|
|
# Variable:
|
|
# * WITH_LDAP_KERB: Shall we install requirements for LDAP/Kerberos auth ?
|
|
# * REMOTE_USERS: List of remote users to add
|
|
# * LOCAL_USERS: List of local users to create
|
|
# * DEFAULT_SHELL: The shell to use when creating new users
|
|
# ------------------------------------------------------------------------------
|
|
|
|
export VER_authnz=0.1.3
|
|
export DEP_authnz="upgrade_dist"
|
|
|
|
# Users (from Ldap)
|
|
add_remote_user()
|
|
{
|
|
backupdist /etc/passwd /etc/shadow /etc/group
|
|
#sed -i -e '/^fatal/d' /etc/passwd /etc/shadow /etc/group
|
|
echo "+$1::::::" >> /etc/passwd
|
|
echo "+$1::::::::" >> /etc/shadow
|
|
}
|
|
|
|
# Create a local user
|
|
create_user()
|
|
{
|
|
if [[ $(noerror --noout id $1) != 0 ]]; then
|
|
prnt I "Création de l'utilisateur $1 ..."
|
|
useradd --create-home --shell $DEFAULT_SHELL --user-group $1
|
|
else
|
|
prnt W "L'utilisateur $1 existe déjà. Rien à faire..."
|
|
fi
|
|
}
|
|
|
|
# Authentication
|
|
authnz()
|
|
{
|
|
if [[ $WITH_LDAP_KERB == yes ]]; then
|
|
pkginst krb5-user libpam-krb5 libnss-ldap libpam-ldap nscd
|
|
|
|
backupdist /etc/krb5.conf /etc/libnss-ldap.conf /etc/pam_ldap.conf \
|
|
/etc/nsswitch.conf /etc/pam.d/common-session \
|
|
/etc/pam.d/common-account /etc/pam.d/common-password \
|
|
/etc/pam.d/common-auth
|
|
installfile krb5.conf libnss-ldap.conf pam_ldap.conf nsswitch.conf /etc
|
|
installfile common-session common-account common-password common-auth \
|
|
/etc/pam.d
|
|
|
|
scv_restart nscd
|
|
|
|
for usr in $REMOTE_USERS; do
|
|
add_remote_user $usr
|
|
done
|
|
fi
|
|
|
|
if [[ -z $LOCAL_USERS ]]; then
|
|
return 0
|
|
fi
|
|
|
|
for usr in $LOCAL_USERS; do
|
|
prnt I "Création de l'utilisateur $usr..."
|
|
create_user $usr
|
|
done
|
|
}
|
|
|
|
precheck_authnz()
|
|
{
|
|
if [[ $WITH_LDAP_KERB == "yes" ]]; then
|
|
if [[ -n $REMOTE_USERS ]]; then
|
|
prnt I "Les utilisateurs distants suivants seront accessible :"
|
|
prnt m "\t* $REMOTE_USERS"
|
|
else
|
|
prnt W "Pas d'utilisateur distant bien que LDAP/Kerberos soit activé !"
|
|
fi
|
|
else
|
|
if [[ -n $REMOTE_USERS ]]; then
|
|
prnt E "Impossible d'ajouter des utilisateurs distants sans les méchanismes d'authentication."
|
|
die 109
|
|
fi
|
|
fi
|
|
if [[ -n $LOCAL_USERS ]]; then
|
|
prnt I "Les utilisateurs locaux suivants seront créés :"
|
|
prnt m "\t* $LOCAL_USERS"
|
|
fi
|
|
}
|
|
|
|
export -f authnz
|
|
export -f precheck_authnz
|
|
|
|
# EOF
|