summaryrefslogtreecommitdiffstats
path: root/libaccount
blob: 73f354796c24e4118150612903d39e5fff69ed5c (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
#!/bin/bash
#---------------------------------------------------------------------
##
## @Synopsis Functions for dealing with account and group generation etc.
## @Copyright Copyright (C) 2004 The Source Mage Team <http://www.sourcemage.org>
## A library to help deal with managing accounts, particularly creating 
## new accounts.
##
#---------------------------------------------------------------------

ACCOUNT_LIST=$GRIMOIRE/accounts
GROUP_LIST=$GRIMOIRE/groups

#---------------------------------------------------------------------
## Tests account and group list if there are no duplicate ID's. In
## case there are, exits since this is serious problem
#---------------------------------------------------------------------
function sanity_checks() {
  local COUNT1=$( cut -d : -f2 "$ACCOUNT_LIST" | wc -l )
  local COUNT2=$( cut -d : -f2 "$ACCOUNT_LIST" | sort -u | wc -l )
  if [ $COUNT1 != $COUNT2 ]; then
    message "${PROBLEM_COLOR}Fatal error, $ACCOUNT_LIST contains duplicate UID's${DEFAULT_COLOR}"
    exit 1
  fi

  COUNT1=$( cut -d : -f2 "$GROUP_LIST" | wc -l )
  COUNT2=$( cut -d : -f2 "$GROUP_LIST" | sort -u | wc -l )
  if [ $COUNT1 != $COUNT2 ]; then
    message "${PROBLEM_COLOR}Fatal error, $GROUP_LIST contains duplicate GID's${DEFAULT_COLOR}"
    exit 1
  fi
}

#---------------------------------------------------------------------
## @param system account
## @param [home directory] - default used when not defined or empty
## @param [shell] - default used when not defined or empty
## @param [secondary gids] - comma separated list with
##                           no intervening whitespace
##
## Creates account (if account has been defined).
## @return 0 if success (or account already exists).
## @return 1 if failed (or account has not been defined).
##
#---------------------------------------------------------------------
function create_account() {

#  sanity_checks

  local HOME_DIR=/var/run/$1
  if [ -n "$2" ]; then
    HOME_DIR="$2"
  fi

  local USER_SHELL=/bin/false
  if [ -n "$3" ]; then
    USER_SHELL="$3"
  fi

  local SECONDARY_GIDS=''
  if [ -n "$4" ]; then
    SECONDARY_GIDS="-G $4"
  fi

  if ! exists_account "$1" ; then
    debug "libgrimoire" "create_account() - $1 not defined!"
    return 0  # should return 0 to gracefully continue casting.
  fi

  local ACCOUNT_UID=`get_uid_for_account $1`
  local PRIMARY_GID=`get_primary_gid_for_account $1`
  local PRIMARY_GNAME=`get_group_name $PRIMARY_GID`

  debug "libgrimoire" "create_account() - $1, UID=$ACCOUNT_UID, GID=$PRIMARY_GID:$PRIMARY_GNAME, HOME=$HOME_DIR, SHELL=$USER_SHELL, SECONDARY_GIDS=$4"

  # selinux/pam doesn't like it when LD_PRELOAD is set during group/user
  # manipulations. These files aren't tracked anyway so this won't matter.

  LD_PRELOAD_BAK="$LD_PRELOAD"
  unset LD_PRELOAD
  groupadd -g $PRIMARY_GID -f $PRIMARY_GNAME

  # check for adding user problems and try to notify user.
  useradd -u $ACCOUNT_UID -g $PRIMARY_GNAME $SECONDARY_GIDS -d "$HOME_DIR" -s "$USER_SHELL" $1
  export LD_PRELOAD="$LD_PRELOAD_BAK"
  unset LD_PRELOAD_BAK

  local USERADD_RETURN=$?
  debug "libgrimoire.create_account()" "useradd return code was: $USERADD_RETURN"

  if    [  $USERADD_RETURN  ==  0  ] ; then
    message "${MESSAGE_COLOR}The user id $ACCOUNT_UID created!${DEFAULT_COLOR}"
  elif  [  $USERADD_RETURN  ==  4  ] ; then
    message "${MESSAGE_COLOR}The user id $ACCOUNT_UID already exists, so continuing...${DEFAULT_COLOR}"
    return 0
  elif  [  $USERADD_RETURN  ==  9  ] ; then
    message "${MESSAGE_COLOR}The user name $1 already exists, so continuing...${DEFAULT_COLOR}"
    return 0
  else
    debug "libgrimoire.create_account()"  "useradd fails with strange code : $USERADD_RETURN"
    message "${MESSAGE_COLOR}Something went wrong with adding the user $1 with uid $ACCOUNT_UID"
    message "and gid $PRIMARY_GNAME so going to stop here...${DEFAULT_COLOR}"
    return 1
  fi
}

#---------------------------------------------------------------------
## @param system group
##
## Creates group (if group has been defined).
## @return 0 if success (or group already exists).
## @return 1 if failed (or group has not been defined).
##
#---------------------------------------------------------------------
function create_group() {

#  sanity_checks

  if ! exists_group "$1" ; then
    debug "libgrimoire" "create_group() - $1 not defined!"
    return 0  # should return 0 to gracefully continue casting.
  fi

  local GROUP_GID=`get_gid_for_group $1`

  debug "libgrimoire" "create_group() - $1, GID=$GROUP_UID "

  # selinux/pam doesn't like it when you are doing user/group manipulations
  # with LD_PRELOAD set. the files changed aren't tracked anyway so this
  # shouldn't matter

  LD_PRELOAD_BAK="$LD_PRELOAD"
  unset LD_PRELOAD
  groupadd -g $GROUP_GID $1  > /dev/null 2>&1
  export LD_PRELOAD="$LD_PRELOAD_BAK"
  unset LD_PRELOAD_BAK

  local GROUPADD_RETURN=$?
  debug "libgrimoire.create_group()" "groupadd return code was: $GROUPADD_RETURN"

  if    [  $GROUPADD_RETURN  ==  0  ] ; then
    message "${MESSAGE_COLOR}The group name $1 with id $GROUP_GID has been created!${DEFAULT_COLOR}"
  elif  [  $GROUPADD_RETURN  ==  4  ] ; then
    message "${MESSAGE_COLOR}The group id $GROUP_GID already exists, stopping here...${DEFAULT_COLOR}"
    return 1
  elif  [  $GROUPADD_RETURN  ==  9  ] ; then
    message "${MESSAGE_COLOR}The group name $1 already exists, so continuing...${DEFAULT_COLOR}"
    return 0
  else
    debug "libgrimoire.create_group()"  "groupadd fails with strange code : $GROUPADD_RETURN"
    message "${MESSAGE_COLOR}Something went wrong with adding the group $1 with gid $GROUP_GID"
    message "so going to stop here...${DEFAULT_COLOR}"
    return 1
  fi
}


#---------------------------------------------------------------------
## @param gid
##
## @Stdout group name
## returns that name assigned to a group id.
##
#---------------------------------------------------------------------
function get_group_name() {

  if  grep  -q  ":$1:"  $GROUP_LIST;  then
    grep ":$1:" $GROUP_LIST | cut -d : -f1
  fi

}


#---------------------------------------------------------------------
## @param system account
##
## @Stdout group ids
## Return list of group id's assigned to account name.
## All except primary
##
#---------------------------------------------------------------------
function get_gids_for_account() {

  if  grep  -q  "^$1:"  $ACCOUNT_LIST;  then
    ENTRY=`grep "^1:" $ACCOUNT_LIST`
    i=4
    while  [[  `echo $ENTRY | cut -d : -f$i` ]] ; do
     NEW=`echo $ENTRY | cut -d : -f$i`
     GROUPS="$GROUPS $NEW"
      let i++
    done
  fi
  return $GROUPS
}


#---------------------------------------------------------------------
## @param system account
## @return 0 if exists
## @return 1 if not
##
#---------------------------------------------------------------------
function exists_account() {

  grep  -q  "^$1:"  $ACCOUNT_LIST

}


#---------------------------------------------------------------------
## @param named system account
## @Stdout UID
## Outputs the UID for the named system account
##
#---------------------------------------------------------------------
function get_uid_for_account()  {

  if  grep  -q  "$1:"  $ACCOUNT_LIST;  then
    grep "^$1:" $ACCOUNT_LIST | cut -d : -f2
  fi

}

#---------------------------------------------------------------------
## @param named system group
## @Stdout GID
## Outputs the GID for the named system group
##
#---------------------------------------------------------------------
function get_gid_for_group()  {

  if  grep  -q  "$1:"  $GROUP_LIST;  then
    grep "^$1:" $GROUP_LIST | cut -d : -f2
  fi

}

#---------------------------------------------------------------------
## @param named system account
## @Stdout GID
##
## Outputs the GID for the named system account
##
#---------------------------------------------------------------------
function get_primary_gid_for_account()  {

  if  grep  -q  "$1:"  $ACCOUNT_LIST;  then
    grep "^$1:" $ACCOUNT_LIST | cut -d : -f3
  fi

}

#---------------------------------------------------------------------
## @param system group
## @return 0 if exists
## @return 1 if not
##
#---------------------------------------------------------------------
function exists_group() {

  grep  -q  "^$1:"  $GROUP_LIST

}

#---------------------------------------------------------------------
## @License
##
## This software is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or
## (at your option) any later version.
##
## This software is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
## GNU General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with this software; if not, write to the Free Software
## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
##
#---------------------------------------------------------------------