fatalerrors/init.sh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
fcffe52866dde6142a4cbfc416bb029720581f02
init.sh/modules/authnz.sh
levasseur 40d3cf70ac fixed some typos
2021-09-13 17:13:32 +02:00

88 lines
2.7 KiB
Bash
Raw Blame History

# ------------------------------------------------------------------------------
# Add local or remote users
# This file is part of the init.sh project
# Copyright (c) 2019-2021 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
# https://opensource.org/licenses/BSD-3-Clause
# ------------------------------------------------------------------------------
# Variable:
# * WITH_LDAP_KERB: Shall we install requirements for LDAP/Kerberos auth ?
# * REMOTE_USERS: List of remote users to add
# * LOCAL_USERS: List of local users to create
# ------------------------------------------------------------------------------
export VER_authnz=0.1.2
# Users (from Ldap)
add_remote_user()
{
backupdist /etc/passwd /etc/shadow /etc/group
#sed -i -e '/^fatal/d' /etc/passwd /etc/shadow /etc/group
echo "+$1::::::" >> /etc/passwd
echo "+$1::::::::" >> /etc/shadow
}
# Create a local user
create_user()
{
if [[ $(noerror --noout id $1) != 0 ]]; then
useradd -Um $1
else
prnt W "L'utilisateur $1 existe déjà. Rien à faire..."
fi
}
# Authentication
authnz()
{
if [[ $WITH_LDAP_KERB == yes ]]; then
pkginst krb5-user libpam-krb5 libnss-ldap libpam-ldap nscd
backupdist /etc/krb5.conf /etc/libnss-ldap.conf /etc/pam_ldap.conf \
/etc/nsswitch.conf /etc/pam.d/common-session \
/etc/pam.d/common-account /etc/pam.d/common-password \
/etc/pam.d/common-auth
installfile krb5.conf libnss-ldap.conf pam_ldap.conf nsswitch.conf /etc
installfile common-session common-account common-password common-auth \
/etc/pam.d
scv_restart nscd
for usr in $REMOTE_USERS; do
add_remote_user $usr
done
fi
if [[ -z $LOCAL_USERS ]]; then
return 0
fi
for usr in $LOCAL_USERS; do
prnt I "Création de l'utilisateur $usr..."
create_user $usr
done
}
precheck_authnz()
{
if [[ $WITH_LDAP_KERB == "yes" ]]; then
if [[ -n $REMOTE_USERS ]]; then
prnt I "Les utilisateurs distants suivants seront accessible :"
prnt m "\t* $REMOTE_USERS"
else
prnt W "Pas d'utilisateur distant bien que LDAP/Kerberos soit activé !"
fi
else
if [[ -n $REMOTE_USERS ]]; then
prnt E "Impossible d'ajouter des utilisateurs distants sans les méchanismes d'authentication."
die 109
fi
fi
if [[ -n $LOCAL_USERS ]]; then
prnt I "Les utilisateurs locaux suivants seront créés :"
prnt m "\t* $LOCAL_USERS"
fi
}
Reference in New Issue View Git Blame Copy Permalink