diff options
author | millert <millert@openbsd.org> | 2003-06-10 21:55:02 +0000 |
---|---|---|
committer | millert <millert@openbsd.org> | 2003-06-10 21:55:02 +0000 |
commit | fa4eb53a217243c968e8f3dc461430e43784a2e4 (patch) | |
tree | 707a00925ed9288a87bffd3c4b0e852587e0eff6 /usr.sbin/adduser | |
parent | debug0 and debug1 are defined elsewhere -- make 'em extern here (diff) | |
download | wireguard-openbsd-fa4eb53a217243c968e8f3dc461430e43784a2e4.tar.xz wireguard-openbsd-fa4eb53a217243c968e8f3dc461430e43784a2e4.zip |
Add login class support; based on a diff from Peter Werner
Diffstat (limited to 'usr.sbin/adduser')
-rw-r--r-- | usr.sbin/adduser/adduser.8 | 23 | ||||
-rw-r--r-- | usr.sbin/adduser/adduser.perl | 105 |
2 files changed, 100 insertions, 28 deletions
diff --git a/usr.sbin/adduser/adduser.8 b/usr.sbin/adduser/adduser.8 index 46d8a31e6a0..cc3e99794a4 100644 --- a/usr.sbin/adduser/adduser.8 +++ b/usr.sbin/adduser/adduser.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: adduser.8,v 1.28 2003/05/13 01:23:10 millert Exp $ +.\" $OpenBSD: adduser.8,v 1.29 2003/06/10 21:55:02 millert Exp $ .\" .\" Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin. .\" All rights reserved. @@ -43,6 +43,7 @@ .Op Ar password .Oc .Op Fl check_only +.Op Fl class Ar login_class .Op Fl config_create .Op Fl dotdir Ar directory .Oo @@ -87,6 +88,13 @@ By default the password is assumed to already be properly encrypted. .It Fl check_only Check the passwd, group, and shells databases for consistency and problems then exit without performing any other operation. +.It Fl class Ar login_class +Use the specified +.Ar login_class +as the default login class. +See +.Xr login.conf 5 +for further details. .It Fl config_create Create or edit default configuration information and message file before proceeding with the normal interactive adduser procedure. @@ -143,7 +151,7 @@ Use UIDs from .Ar uid up when automatically generating UIDs. .It Fl uid_end Ar uid -Do not use UIDs higher than +Do not use UIDs higher than .Ar uid when generating UIDs. .It Fl unencrypted @@ -217,9 +225,9 @@ politely refuses to remove users whose UID is 0 (typically root). .Bl -tag -width Ds .It Sy username It is recommended that login names contain only lowercase characters -and digits. They may also contain uppercase characters, non-leading -hyphens, periods, and a trailing '$'. -Login names may not be longer than 31 characters (see BUGS section of +and digits. They may also contain uppercase characters, non-leading +hyphens, periods, and a trailing '$'. +Login names may not be longer than 31 characters (see BUGS section of .Xr setlogin 2 ) . .\" The reasons for this limit are "Historical". .\" Given that people have traditionally wanted to break this @@ -237,6 +245,10 @@ This should contain the user's first name and surname. The .Ql \&: is not permitted. +.It Sy login_class +The specified user login class +must exist in +.Pa /etc/login.conf . .It Sy shell Only valid entries from the .Xr shells 5 @@ -380,6 +392,7 @@ log file for .Xr setlogin 2 , .Xr aliases 5 , .Xr group 5 , +.Xr login.conf 5 , .Xr passwd 5 , .Xr passwd.conf 5 , .Xr shells 5 , diff --git a/usr.sbin/adduser/adduser.perl b/usr.sbin/adduser/adduser.perl index 25898159603..9f1d3c81749 100644 --- a/usr.sbin/adduser/adduser.perl +++ b/usr.sbin/adduser/adduser.perl @@ -1,6 +1,6 @@ #!/usr/bin/perl # -# $OpenBSD: adduser.perl,v 1.44 2003/06/09 00:33:52 millert Exp $ +# $OpenBSD: adduser.perl,v 1.45 2003/06/10 21:55:02 millert Exp $ # # Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin. # All rights reserved. @@ -56,6 +56,7 @@ $changes = 0; &variable_check; # check for valid variables &passwd_check; # check for valid passwdb &shells_read; # read /etc/shells +&login_conf_read; # read /etc/login.conf &passwd_read; # read /etc/master.passwd &group_read; # read /etc/group &group_check; # check for incon* @@ -87,9 +88,10 @@ sub variables { $etc_passwd = "/etc/master.passwd"; $etc_ptmp = "/etc/ptmp"; $group = "/etc/group"; + $etc_login_conf = "/etc/login.conf"; @pwd_mkdb = ("pwd_mkdb", "-p"); # program for building passwd database $encryptionmethod = "blowfish"; - $rcsid = '$OpenBSD: adduser.perl,v 1.44 2003/06/09 00:33:52 millert Exp $'; + $rcsid = '$OpenBSD: adduser.perl,v 1.45 2003/06/10 21:55:02 millert Exp $'; # List of directories where shells located @path = ('/bin', '/usr/bin', '/usr/local/bin'); @@ -101,6 +103,7 @@ sub variables { $defaultshell = 'sh'; # defaultshell if not empty $group_uniq = 'USER'; $defaultgroup = $group_uniq;# login groupname, $group_uniq means username + $defaultclass = 'default'; # default user login class $uid_start = 1000; # new users get this uid $uid_end = 2147483647; # max. uid @@ -139,10 +142,29 @@ sub variables { @passwd_backup = (); @group_backup = (); @message_buffer = (); + @login_classes = (); @user_variable_list = (); # user variables in /etc/adduser.conf $do_not_delete = '## DO NOT DELETE THIS LINE!'; } +sub login_conf_read { + local($cont); + + print "Reading $etc_login_conf\n" if $verbose; + open(S, $etc_login_conf) || die "$etc_login_conf: $!\n"; + + $cont = 0; + while(<S>) { + chomp; + s/^\s*//; + next if m/^(#|$)/; + if (!$cont && /^([^:]+):/) { + push(@login_classes, split(/\|/, $1)); + } + $cont = /\\$/; + } +} + # read shell database, see also: shells(5) sub shells_read { local($sh); @@ -239,7 +261,7 @@ sub shell_default_valid { } # return default home partition (f.e. "/home") -# create base directory if necessary +# create base directory if necessary sub home_partition { local($home) = @_; $home = &stripdir($home); @@ -418,6 +440,13 @@ sub new_users_shell { return $shell{$sh}; } +sub new_users_login_class { + local($log_cl); + + $log_cl = &confirm_list("Login class", 0, $defaultclass, @login_classes); + return($log_cl); +} + # return free uid and gid sub new_users_id { local($name) = @_; @@ -453,10 +482,10 @@ sub add_group { $groupmembers{$gid} .= "$name"; local(@l) = split(',', $groupmembers{$gid}); - # group(5): A group cannot have more than 200 members. - # The maximum line length of /etc/group is 1024 characters. + # group(5): A group cannot have more than 200 members. + # The maximum line length of /etc/group is 1024 characters. # Longer lines will be skipped. - if ($#l >= 200 || + if ($#l >= 200 || length($groupmembers{$gid}) > 1024 - 50) { # 50 is for group name warn "WARNING, group line ``$gid{$gid}'' is either too long or has\n" . "too many users in the group, see group(5)\a\n"; @@ -586,14 +615,15 @@ sub new_users_ok { print <<EOF; -Name: $name -Password: **** -Fullname: $fullname -Uid: $u_id -Gid: $g_id ($group_login) -Groups: $group_login $new_groups -HOME: $home/$name -Shell: $sh +Name: $name +Password: **** +Fullname: $fullname +Uid: $u_id +Gid: $g_id ($group_login) +Groups: $group_login $new_groups +Login Class: $log_cl +HOME: $home/$name +Shell: $sh EOF return &confirm_yn("OK?", "yes"); @@ -656,7 +686,7 @@ sub new_users_sendmessage { local($cc) = &confirm_list("Send message to ``$name'' and:", - 1, "no", ("root", "second_mail_address", + 1, "no", ("root", "second_mail_address", "no carbon copy")); local($e); $cc = "" if $cc eq "no"; @@ -742,7 +772,9 @@ sub new_users { # g_id: group id # group_login: groupname of g_id # new_groups: some other groups - local($name, $group_login, $fullname, $sh, $u_id, $g_id, $new_groups); + # log_cl: login class + local($name, $group_login, $fullname, $sh, $u_id, $g_id, $new_groups, + $log_cl); local($groupmembers_bak, $cryptpwd); local($new_users_ok) = 1; @@ -760,18 +792,20 @@ sub new_users { $g_id = $groupname{$group_login} if (defined($groupname{$group_login})); $new_groups = &new_users_groups($name, $new_groups); + $log_cl = &new_users_login_class; $password = &new_users_password; if (&new_users_ok) { $new_users_ok = 1; + $log_cl = "" if ($log_cl eq "default"); $cryptpwd = "*"; # Locked by default $cryptpwd = encrypt($password, &salt) if ($password ne ""); # obscure perl bug $new_entry = "$name\:" . "$cryptpwd" . - "\:$u_id\:$g_id\::0:0:$fullname:$home/$name:$sh"; + "\:$u_id\:$g_id\:$log_cl:0:0:$fullname:$home/$name:$sh"; &append_file($etc_passwd, "$new_entry"); &new_users_pwdmkdb("$new_entry"); &new_users_group_update; @@ -807,6 +841,7 @@ sub batch { $g_id = $groupname{$group_login} if (defined($groupname{$group_login})); ($flag, $new_groups) = &new_users_groups_valid($groups); return 0 if $flag; + $log_cl = ($defaultclass eq "default") ? "" : $defaultclass; $cryptpwd = "*"; # Locked by default if ($password ne "" && $password ne "*") { @@ -815,7 +850,7 @@ sub batch { } # obscure perl bug $new_entry = "$name\:" . "$cryptpwd" . - "\:$u_id\:$g_id\::0:0:$fullname:$home/$name:$sh"; + "\:$u_id\:$g_id\:$log_cl:0:0:$fullname:$home/$name:$sh"; &append_file($etc_passwd, "$new_entry"); &new_users_pwdmkdb("$new_entry"); &new_users_group_update; @@ -849,6 +884,17 @@ sub encryption_default { return($m); } +sub class_default { + local($c) = $defaultclass; + + if ($verbose) { + $c = &confirm_list("Default login class:", 0, + $defaultclass, @login_classes); + $changes++ if $c ne $defaultclass; + } + return($c); +} + # Confirm that we have a valid encryption method sub encryption_check { local($m) = $_[0]; @@ -856,7 +902,7 @@ sub encryption_check { foreach $i (@encryption_methods) { if ($m eq $i) { return 1; } } - + if ($m =~ /^blowfish,(\d+)$/) { return 1; } return 0; } @@ -875,6 +921,7 @@ usage: adduser [-dotdir dotdir] [-e|-encryption method] [-group login_group] + [-class login_class] [-h|-help] [-home home] [-message message_file] @@ -887,7 +934,8 @@ usage: adduser [-v|-verbose] home=$home shell=$defaultshell dotdir=$dotdir login_group=$defaultgroup -message_file=$send_message uid_start=$uid_start uid_end=$uid_end +login_class=$defaultclass message_file=$send_message uid_start=$uid_start +uid_end=$uid_end USAGE exit 1; } @@ -915,7 +963,7 @@ sub salt { warn "calculate salt\n" if $verbose > 1; for ($i = 0; $i < 8; $i++) { - srand(time + $rand + $$); + srand(time + $rand + $$); $rand = rand(25*29*17 + $rand); $salt .= $itoa64[$rand & $#itoa64]; } @@ -930,7 +978,7 @@ sub salt { $encryptionmethod = "blowfish"; $salt = 7; } - + warn "Salt is: $salt\n" if $verbose > 1; return $salt; @@ -980,6 +1028,7 @@ sub parse_arguments { elsif (/^--?(h|help|\?)$/) { &usage } elsif (/^--?(home)$/) { $home = $argv[0]; shift @argv } elsif (/^--?(shell)$/) { $defaultshell = $argv[0]; shift @argv } + elsif (/^--?(class)$/) { $defaultclass = $argv[0]; shift @argv } elsif (/^--?(dotdir)$/) { $dotdir = $argv[0]; shift @argv } elsif (/^--?(uid_start)$/) { $uid_start = $argv[0]; shift @argv } elsif (/^--?(uid_end)$/) { $uid_end = $argv[0]; shift @argv } @@ -1041,6 +1090,8 @@ sub create_conf { &shells_read; # Pull in /etc/shells info &shells_add; # maybe add some new shells $defaultshell = &shell_default; # enter default shell + &login_conf_read; # read /etc/login.conf + $defaultclass = &class_default; # default login.conf class $home = &home_partition($home); # find HOME partition $dotdir = &dotdir_default; # check $dotdir $send_message = &message_default; # send message to new user @@ -1453,6 +1504,7 @@ sub config_write { local($shpref) = "'" . join("', '", @shellpref) . "'"; local($shpath) = "'" . join("', '", @path) . "'"; local($user_var) = join('', @user_variable_list); + local($def_lc) = "'" . join("', '", @login_classes) . "'"; print C <<EOF; # @@ -1471,7 +1523,7 @@ verbose = $verbose # defaultpasswd = yes | no defaultpasswd = $defaultpasswd -# Default encryption method for user passwords +# Default encryption method for user passwords # Methods are all those listed in passwd.conf(5) encryptionmethod = "$defaultencryption" @@ -1508,6 +1560,13 @@ defaultgroup = $defaultgroup uid_start = $uid_start uid_end = $uid_end +# default login.conf(5) login class +defaultclass = $defaultclass + +# login classes available from login.conf(5) +# login_classes = ('default', 'daemon', 'staff') +login_classes = ($def_lc) + $do_not_delete ## your own variables, see /etc/adduser.message EOF |