#!/bin/sh # # $NetBSD: creds_msdos,v 1.5.2.1 2024/02/04 10:59:54 martin Exp $ # # Copyright (c) 2019 Matthew R. Green # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED # AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # If "creds_msdos_partition" is an msdos partition and has a creds.txt # in it, perform these commands: # "sshkeyfile " # "sshkey " # "useraddhash " # "useradd " # If the "useradd" method is used, this the creds.txt file will be # shredded and deleted with rm -P. # PROVIDE: creds_msdos # REQUIRE: mountall $_rc_subr_loaded . /etc/rc.subr name="creds_msdos" start_cmd="creds_msdos_start" stop_cmd=":" fail() { echo "$@" 1>&2 exit 1 } # This uses $ssh_userkeys global sshkey_setup() { local user="$1" local group="wheel" # don't create existing users if ! id -u "${user}" > /dev/null 2>&1; then useradd -m -G "${group}" "${user}" || fail "Useradd failed." fi eval ssh_userdir=~"${user}/.ssh" mkdir -p -m 755 "${ssh_userdir}" || fail "mkdir ~/.ssh failed." chmod 755 "${ssh_userdir}" chown "${user}" "${ssh_userdir}" ssh_userkeys="${ssh_userdir}/authorized_keys" } sshkey_finish() { local user="$1" chmod 644 "${ssh_userkeys}" chown "${user}" "${ssh_userkeys}" } do_sshkeyfile() { local user="$1" local newkeys="${creds_msdos_partition}/$2" if [ ! -f "${newkeys}" ]; then return fi sshkey_setup "${user}" # check entry is not present while read type keydata name; do if fgrep -q "${keydata}" "${ssh_userkeys}" 2>/dev/null; then continue fi echo "${type} ${keydata} ${name}" >> "${ssh_userkeys}" done < "${newkeys}" sshkey_finish "${user}" } do_sshkey() { local user="$1" local newkey="$2" sshkey_setup "${user}" echo "${newkey}" >> "${ssh_userkeys}" sshkey_finish "${user}" } do_useraddpwhash() { local user="$1" local pwhash="$2" local group="wheel" # don't add to existing users if id -u "${user}" > /dev/null 2>&1; then return fi useradd -m -p "${pwhash}" -G "${group}" "${user}" || fail "Useradd failed." } do_useradd() { local user="$1" local password="$2" local pwhash=$(pwhash "$password") do_useraddpwhash "${user}" "${pwhash}" } creds_msdos_start() { local fstab_file=/etc/fstab if [ -z "${creds_msdos_partition}" ]; then echo "Not looking for credentials on msdos" return fi while read junk1 mp fstype junk2; do if [ "${mp}" != "${creds_msdos_partition}" ]; then continue fi if [ "${fstype}" != "msdos" ]; then echo "Not checking for creds on ${creds_msdos_partition}: not an msdos file system" return fi break done < "${fstab_file}" local delete_creds=no local creds_file="${creds_msdos_partition}/creds.txt" if [ -f "${creds_file}" ]; then while read type user args; do # strip cr local clean_args="$(echo "$args" | tr -d '\015')" case "$type" in \#*|'') continue ;; sshkeyfile) echo "Added user ${user} via ssh key file method." do_sshkeyfile "${user}" "${clean_args}" ;; sshkey) echo "Added user ${user} via ssh key string method." do_sshkey "${user}" "${clean_args}" ;; useraddpwhash) echo "Added user ${user} via password hash method." do_useraddpwhash "${user}" "${clean_args}" ;; useradd) echo "Added user ${user} via password method, shredding credentials file." do_useradd "${user}" "${clean_args}" delete_creds=yes ;; *) echo "Do not understand '$type' creds" 1>&2 exit 1 ;; esac done < "${creds_file}" fi if [ $delete_creds = yes ]; then rm -P -f "${creds_file}" fi } load_rc_config $name run_rc_command "$1"