Add login class support; based on a diff from Peter Werner

2 files changed, 100 insertions, 28 deletions

diff --git a/usr.sbin/adduser/adduser.8 b/usr.sbin/adduser/adduser.8
index 46d8a31e6a0..cc3e99794a4 100644
--- a/usr.sbin/adduser/adduser.8
+++ b/usr.sbin/adduser/adduser.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: adduser.8,v 1.28 2003/05/13 01:23:10 millert Exp $
+.\"	$OpenBSD: adduser.8,v 1.29 2003/06/10 21:55:02 millert Exp $
 .\"
 .\" Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin.
 .\" All rights reserved.
@@ -43,6 +43,7 @@
 .Op Ar password
 .Oc
 .Op Fl check_only
+.Op Fl class Ar login_class
 .Op Fl config_create
 .Op Fl dotdir Ar directory
 .Oo
@@ -87,6 +88,13 @@ By default the password is assumed to already be properly encrypted.
 .It Fl check_only
 Check the passwd, group, and shells databases for consistency and problems
 then exit without performing any other operation.
+.It Fl class Ar login_class
+Use the specified
+.Ar login_class
+as the default login class.
+See
+.Xr login.conf 5
+for further details.
 .It Fl config_create
 Create or edit default configuration information and message file before
 proceeding with the normal interactive adduser procedure.
@@ -143,7 +151,7 @@ Use UIDs from
 .Ar uid
 up when automatically generating UIDs.
 .It Fl uid_end Ar uid
-Do not use UIDs higher than 
+Do not use UIDs higher than
 .Ar uid
 when generating UIDs.
 .It Fl unencrypted
@@ -217,9 +225,9 @@ politely refuses to remove users whose UID is 0 (typically root).
 .Bl -tag -width Ds
 .It Sy username
 It is recommended that login names contain only lowercase characters
-and digits. They may also contain uppercase characters, non-leading 
-hyphens, periods, and a trailing '$'. 
-Login names may not be longer than 31 characters (see BUGS section of 
+and digits. They may also contain uppercase characters, non-leading
+hyphens, periods, and a trailing '$'.
+Login names may not be longer than 31 characters (see BUGS section of
 .Xr setlogin 2 ) .
 .\" The reasons for this limit are "Historical".
 .\" Given that people have traditionally wanted to break this
@@ -237,6 +245,10 @@ This should contain the user's first name and surname.
 The
 .Ql \&:
 is not permitted.
+.It Sy login_class
+The specified user login class
+must exist in
+.Pa /etc/login.conf .
 .It Sy shell
 Only valid entries from the
 .Xr shells 5
@@ -380,6 +392,7 @@ log file for
 .Xr setlogin 2 ,
 .Xr aliases 5 ,
 .Xr group 5 ,
+.Xr login.conf 5 ,
 .Xr passwd 5 ,
 .Xr passwd.conf 5 ,
 .Xr shells 5 ,
diff --git a/usr.sbin/adduser/adduser.perl b/usr.sbin/adduser/adduser.perl
index 25898159603..9f1d3c81749 100644
--- a/usr.sbin/adduser/adduser.perl
+++ b/usr.sbin/adduser/adduser.perl
@@ -1,6 +1,6 @@
 #!/usr/bin/perl
 #
-#	$OpenBSD: adduser.perl,v 1.44 2003/06/09 00:33:52 millert Exp $
+#	$OpenBSD: adduser.perl,v 1.45 2003/06/10 21:55:02 millert Exp $
 #
 # Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin.
 # All rights reserved.
@@ -56,6 +56,7 @@ $changes = 0;
 &variable_check;		# check for valid variables
 &passwd_check;			# check for valid passwdb
 &shells_read;			# read /etc/shells
+&login_conf_read;		# read /etc/login.conf
 &passwd_read;			# read /etc/master.passwd
 &group_read;			# read /etc/group
 &group_check;			# check for incon*
@@ -87,9 +88,10 @@ sub variables {
     $etc_passwd = "/etc/master.passwd";
     $etc_ptmp = "/etc/ptmp";
     $group = "/etc/group";
+    $etc_login_conf = "/etc/login.conf";
     @pwd_mkdb = ("pwd_mkdb", "-p");	# program for building passwd database
     $encryptionmethod = "blowfish";
-    $rcsid = '$OpenBSD: adduser.perl,v 1.44 2003/06/09 00:33:52 millert Exp $';
+    $rcsid = '$OpenBSD: adduser.perl,v 1.45 2003/06/10 21:55:02 millert Exp $';
 
     # List of directories where shells located
     @path = ('/bin', '/usr/bin', '/usr/local/bin');
@@ -101,6 +103,7 @@ sub variables {
     $defaultshell = 'sh';	# defaultshell if not empty
     $group_uniq = 'USER';
     $defaultgroup = $group_uniq;# login groupname, $group_uniq means username
+    $defaultclass = 'default';  # default user login class
 
     $uid_start = 1000;		# new users get this uid
     $uid_end   = 2147483647;	# max. uid
@@ -139,10 +142,29 @@ sub variables {
     @passwd_backup = ();
     @group_backup = ();
     @message_buffer = ();
+    @login_classes = ();
     @user_variable_list = ();	# user variables in /etc/adduser.conf
     $do_not_delete = '## DO NOT DELETE THIS LINE!';
 }
 
+sub login_conf_read {
+     local($cont);
+
+     print "Reading $etc_login_conf\n" if $verbose;
+     open(S, $etc_login_conf) || die "$etc_login_conf: $!\n";
+
+     $cont = 0;
+     while(<S>) {
+	chomp;
+	s/^\s*//;
+        next if m/^(#|$)/;
+	if (!$cont && /^([^:]+):/) {
+	    push(@login_classes, split(/\|/, $1));
+	}
+	$cont = /\\$/;
+    }
+}
+
 # read shell database, see also: shells(5)
 sub shells_read {
     local($sh);
@@ -239,7 +261,7 @@ sub shell_default_valid {
 }
 
 # return default home partition (f.e. "/home")
-# create base directory if necessary 
+# create base directory if necessary
 sub home_partition {
     local($home) = @_;
     $home = &stripdir($home);
@@ -418,6 +440,13 @@ sub new_users_shell {
     return $shell{$sh};
 }
 
+sub new_users_login_class {
+    local($log_cl);
+	
+    $log_cl = &confirm_list("Login class", 0, $defaultclass, @login_classes);
+    return($log_cl);
+}
+
 # return free uid and gid
 sub new_users_id {
     local($name) = @_;
@@ -453,10 +482,10 @@ sub add_group {
     $groupmembers{$gid} .= "$name";
 
     local(@l) = split(',', $groupmembers{$gid});
-    # group(5): A group cannot have more than 200 members. 
-    # The maximum line length of /etc/group is 1024 characters. 
+    # group(5): A group cannot have more than 200 members.
+    # The maximum line length of /etc/group is 1024 characters.
     # Longer lines will be skipped.
-    if ($#l >= 200 || 
+    if ($#l >= 200 ||
 	length($groupmembers{$gid}) > 1024 - 50) { # 50 is for group name
 	warn "WARNING, group line ``$gid{$gid}'' is either too long or has\n" .
 	    "too many users in the group, see group(5)\a\n";
@@ -586,14 +615,15 @@ sub new_users_ok {
 
     print <<EOF;
 
-Name:	  $name
-Password: ****
-Fullname: $fullname
-Uid:	  $u_id
-Gid:	  $g_id ($group_login)
-Groups:	  $group_login $new_groups
-HOME:	  $home/$name
-Shell:	  $sh
+Name:	     $name
+Password:    ****
+Fullname:    $fullname
+Uid:	     $u_id
+Gid:	     $g_id ($group_login)
+Groups:	     $group_login $new_groups
+Login Class: $log_cl
+HOME:	     $home/$name
+Shell:	     $sh
 EOF
 
     return &confirm_yn("OK?", "yes");
@@ -656,7 +686,7 @@ sub new_users_sendmessage {
 
     local($cc) =
 	&confirm_list("Send message to ``$name'' and:",
-		      1, "no", ("root", "second_mail_address", 
+		      1, "no", ("root", "second_mail_address",
 		      "no carbon copy"));
     local($e);
     $cc = "" if $cc eq "no";
@@ -742,7 +772,9 @@ sub new_users {
     # g_id: group id
     # group_login: groupname of g_id
     # new_groups: some other groups
-    local($name, $group_login, $fullname, $sh, $u_id, $g_id, $new_groups);
+    # log_cl: login class
+    local($name, $group_login, $fullname, $sh, $u_id, $g_id, $new_groups,
+	$log_cl);
     local($groupmembers_bak, $cryptpwd);
     local($new_users_ok) = 1;
 
@@ -760,18 +792,20 @@ sub new_users {
 	$g_id = $groupname{$group_login} if (defined($groupname{$group_login}));
 
 	$new_groups = &new_users_groups($name, $new_groups);
+	$log_cl = &new_users_login_class;
 	$password = &new_users_password;
 
 
 	if (&new_users_ok) {
 	    $new_users_ok = 1;
 
+	    $log_cl = "" if ($log_cl eq "default");
 	    $cryptpwd = "*";	# Locked by default
 	    $cryptpwd = encrypt($password, &salt) if ($password ne "");
 
 	    # obscure perl bug
 	    $new_entry = "$name\:" . "$cryptpwd" .
-		"\:$u_id\:$g_id\::0:0:$fullname:$home/$name:$sh";
+		"\:$u_id\:$g_id\:$log_cl:0:0:$fullname:$home/$name:$sh";
 	    &append_file($etc_passwd, "$new_entry");
 	    &new_users_pwdmkdb("$new_entry");
 	    &new_users_group_update;
@@ -807,6 +841,7 @@ sub batch {
     $g_id = $groupname{$group_login} if (defined($groupname{$group_login}));
     ($flag, $new_groups) = &new_users_groups_valid($groups);
     return 0 if $flag;
+    $log_cl = ($defaultclass eq "default") ? "" : $defaultclass;
 
     $cryptpwd = "*";	# Locked by default
     if ($password ne "" && $password ne "*") {
@@ -815,7 +850,7 @@ sub batch {
     }
     # obscure perl bug
     $new_entry = "$name\:" . "$cryptpwd" .
-	"\:$u_id\:$g_id\::0:0:$fullname:$home/$name:$sh";
+	"\:$u_id\:$g_id\:$log_cl:0:0:$fullname:$home/$name:$sh";
     &append_file($etc_passwd, "$new_entry");
     &new_users_pwdmkdb("$new_entry");
     &new_users_group_update;
@@ -849,6 +884,17 @@ sub encryption_default {
     return($m);
 }
 
+sub class_default {
+    local($c) = $defaultclass;
+
+    if ($verbose) {
+	$c = &confirm_list("Default login class:", 0,
+		$defaultclass, @login_classes);
+	$changes++ if $c ne $defaultclass;
+    }
+    return($c);
+}
+
 # Confirm that we have a valid encryption method
 sub encryption_check {
     local($m) = $_[0];
@@ -856,7 +902,7 @@ sub encryption_check {
     foreach $i (@encryption_methods) {
         if ($m eq $i) { return 1; }
     }
-    
+
     if ($m =~ /^blowfish,(\d+)$/) { return 1; }
     return 0;
 }
@@ -875,6 +921,7 @@ usage: adduser
     [-dotdir dotdir]
     [-e|-encryption method]
     [-group login_group]
+    [-class login_class]
     [-h|-help]
     [-home home]
     [-message message_file]
@@ -887,7 +934,8 @@ usage: adduser
     [-v|-verbose]
 
 home=$home shell=$defaultshell dotdir=$dotdir login_group=$defaultgroup
-message_file=$send_message uid_start=$uid_start uid_end=$uid_end
+login_class=$defaultclass message_file=$send_message uid_start=$uid_start
+uid_end=$uid_end
 USAGE
     exit 1;
 }
@@ -915,7 +963,7 @@ sub salt {
         warn "calculate salt\n" if $verbose > 1;
 
         for ($i = 0; $i < 8; $i++) {
-	    srand(time + $rand + $$); 
+	    srand(time + $rand + $$);
 	    $rand = rand(25*29*17 + $rand);
 	    $salt .=  $itoa64[$rand & $#itoa64];
         }
@@ -930,7 +978,7 @@ sub salt {
 	$encryptionmethod = "blowfish";
 	$salt = 7;
     }
-        
+
     warn "Salt is: $salt\n" if $verbose > 1;
 
     return $salt;
@@ -980,6 +1028,7 @@ sub parse_arguments {
 	elsif (/^--?(h|help|\?)$/)	{ &usage }
 	elsif (/^--?(home)$/)	 { $home = $argv[0]; shift @argv }
 	elsif (/^--?(shell)$/)	 { $defaultshell = $argv[0]; shift @argv }
+	elsif (/^--?(class)$/)	 { $defaultclass = $argv[0]; shift @argv }
 	elsif (/^--?(dotdir)$/)	 { $dotdir = $argv[0]; shift @argv }
 	elsif (/^--?(uid_start)$/)	 { $uid_start = $argv[0]; shift @argv }
 	elsif (/^--?(uid_end)$/)	 { $uid_end = $argv[0]; shift @argv }
@@ -1041,6 +1090,8 @@ sub create_conf {
     &shells_read;			# Pull in /etc/shells info
     &shells_add;			# maybe add some new shells
     $defaultshell = &shell_default;	# enter default shell
+    &login_conf_read;			# read /etc/login.conf
+    $defaultclass = &class_default;	# default login.conf class
     $home = &home_partition($home);	# find HOME partition
     $dotdir = &dotdir_default;		# check $dotdir
     $send_message = &message_default;   # send message to new user
@@ -1453,6 +1504,7 @@ sub config_write {
     local($shpref) = "'" . join("', '", @shellpref) . "'";
     local($shpath) = "'" . join("', '", @path) . "'";
     local($user_var) = join('', @user_variable_list);
+    local($def_lc) = "'" . join("', '", @login_classes) . "'";
 
     print C <<EOF;
 #
@@ -1471,7 +1523,7 @@ verbose = $verbose
 # defaultpasswd =  yes | no
 defaultpasswd = $defaultpasswd
 
-# Default encryption method for user passwords 
+# Default encryption method for user passwords
 # Methods are all those listed in passwd.conf(5)
 encryptionmethod = "$defaultencryption"
 
@@ -1508,6 +1560,13 @@ defaultgroup = $defaultgroup
 uid_start = $uid_start
 uid_end = $uid_end
 
+# default login.conf(5) login class
+defaultclass = $defaultclass
+
+# login classes available from login.conf(5)
+# login_classes = ('default', 'daemon', 'staff')
+login_classes = ($def_lc)
+
 $do_not_delete
 ## your own variables, see /etc/adduser.message
 EOF