diff options
author | An-Cheng Huang <ancheng@sydney.vyatta.com> | 2007-10-19 11:26:15 -0700 |
---|---|---|
committer | An-Cheng Huang <ancheng@sydney.vyatta.com> | 2007-10-19 11:26:15 -0700 |
commit | 07183520f3f4d2f89e526055db418046d0d2450f (patch) | |
tree | 7968eac48a0a57ff97ec4769d999bf31348a2a12 /scripts/system/vyatta_update_login_user.pl | |
parent | 66b621cf7759c3448ae8bfe7d7479fb13ea04b65 (diff) | |
download | vyatta-cfg-system-07183520f3f4d2f89e526055db418046d0d2450f.tar.gz vyatta-cfg-system-07183520f3f4d2f89e526055db418046d0d2450f.zip |
move "system" configuration templates/scripts from vyatta-cfg.
Diffstat (limited to 'scripts/system/vyatta_update_login_user.pl')
-rwxr-xr-x | scripts/system/vyatta_update_login_user.pl | 172 |
1 files changed, 172 insertions, 0 deletions
diff --git a/scripts/system/vyatta_update_login_user.pl b/scripts/system/vyatta_update_login_user.pl new file mode 100755 index 00000000..86c0074c --- /dev/null +++ b/scripts/system/vyatta_update_login_user.pl @@ -0,0 +1,172 @@ +#!/usr/bin/perl + +use strict; +use Fcntl; +use POSIX qw(:unistd_h); + +# arg: login_name +# returns the next available uid if login_name doesn't exist. +# otherwise returns (undef, <passwd fields for login_name>). +sub next_uid_if_not_exist { + my $login = shift; + my $min_uid = 1000; + my $max_uid = 60000; + if (open(LOGIN_DEF, "/etc/login.defs")) { + while (<LOGIN_DEF>) { + if (m/^\s*UID_MIN\s+(\d+)/) { + $min_uid = $1; + next; + } + if (m/^\s*UID_MAX\s+(\d+)/) { + $max_uid = $1; + next; + } + } + close LOGIN_DEF; + } + + open(PASSWD, "/etc/passwd") or exit 1; + while (<PASSWD>) { + chomp; + my @passwd_fields = split /:/; + if ($passwd_fields[0] eq $login) { + close PASSWD; + return (undef, @passwd_fields); + } + if ($min_uid <= $passwd_fields[2]) { + next if ($passwd_fields[2] > $max_uid); + $min_uid = $passwd_fields[2] + 1; + next; + } + } + close PASSWD; + exit 2 if ($min_uid > $max_uid); + return ($min_uid); +} + +# arg: login_name +# returns the corresponding line in shadow or undef if login_name doesn't +# exist. +sub get_shadow_line { + my $login = shift; + open(SHADOW, "/etc/shadow") or exit 3; + while (<SHADOW>) { + chomp; + if (m/^$login:/) { + close SHADOW; + return $_; + } + } + close SHADOW; + return undef; +} + +my $user = shift; +my $full = shift; +my $encrypted = shift; + +# emulate lckpwdf(3). +# difference: we only try to lock it once (non-blocking). lckpwdf will block +# for up to 15 seconds waiting for the lock. +# note that the lock is released when file is closed (e.g., exit), so no need +# for explicit unlock. +my $flock = pack "ssa20", F_WRLCK, SEEK_SET, "\0"; +sysopen(PWDLCK, "/etc/.pwd.lock", O_WRONLY | O_CREAT, 0600) or exit 3; +fcntl(PWDLCK, F_SETLK, $flock) or exit 3; + +if ($user eq "-d") { + $user = $full; + exit 4 if (!defined($user)); + + # check if user is using the system + my @pslines = `ps -U $user -u $user u`; + if ($#pslines != 0) { + # user is using the system + print STDERR "Delete failed: user \"$user\" is using the system\n"; + exit 4; + } + + my $ret = system("sed -i '/^$user:/d' /etc/passwd"); + exit 5 if ($ret >> 8); + $ret = system("sed -i '/^$user:/d' /etc/shadow"); + exit 6 if ($ret >> 8); + $ret = system("rm -rf /home/$user"); + exit 7 if ($ret >> 8); + exit 0; +} + +exit 4 if (!defined($user) || !defined($full) || !defined($encrypted)); + +my $DEF_GROUP = "quagga"; +my $DEF_SHELL = "/bin/bash"; + +open(GRP, "/etc/group") or exit 5; +my $def_gid = undef; +while (<GRP>) { + my @group_fields = split /:/; + if ($group_fields[0] eq $DEF_GROUP) { + $def_gid = $group_fields[2]; + last; + } +} +exit 6 if (!defined($def_gid)); + +my @vals = next_uid_if_not_exist($user); +my ($new_user, $passwd_line, $shadow_line) = (0, "", ""); +if (defined($vals[0])) { + # add new user + $new_user = 1; + $passwd_line = "$user:x:$vals[0]:${def_gid}:$full:/home/$user:$DEF_SHELL"; + my $sline = get_shadow_line($user); + exit 7 if (defined($sline)); + my $seconds = `date +%s`; + my $days = int($seconds / 3600 / 24); + $shadow_line = "$user:$encrypted:$days:0:99999:7:::"; +} else { + # modify existing user + shift @vals; + $vals[4] = $full; + $passwd_line = join(':', @vals); + my $sline = get_shadow_line($user); + exit 8 if (!defined($sline)); + @vals = split /:/, $sline; + $vals[1] = $encrypted; + for (my $padding = (9 - $#vals - 1); $padding > 0; $padding--) { + push @vals, ''; + } + $shadow_line = join(':', @vals); +} + +my $ret = 0; +if (!$new_user) { + $ret = system("sed -i '/^$user:/d' /etc/passwd"); + exit 9 if ($ret >> 8); + $ret = system("sed -i '/^$user:/d' /etc/shadow"); + exit 10 if ($ret >> 8); +} + +open(PASSWD, ">>/etc/passwd") or exit 11; +print PASSWD "$passwd_line\n"; +close PASSWD; +open(SHADOW, ">>/etc/shadow") or exit 12; +print SHADOW "$shadow_line\n"; +close SHADOW; + +if (($new_user) && !(-e "/home/$user")) { + if (-d "/etc/skel") { + $ret = system("cp -a /etc/skel /home/$user"); + exit 13 if ($ret >> 8); + $ret = system("chmod 755 /home/$user"); + exit 14 if ($ret >> 8); + $ret = system("chown -R $user:$DEF_GROUP /home/$user"); + exit 15 if ($ret >> 8); + } else { + $ret = system("mkdir -p /home/$user"); + exit 16 if ($ret >> 8); + $ret = system("chmod 755 /home/$user"); + exit 17 if ($ret >> 8); + } +} + +exit 0; + |