1#!/bin/sh 2# 3# $NetBSD: creds_msdos,v 1.6 2024/01/29 05:46:55 mrg Exp $ 4# 5# Copyright (c) 2019 Matthew R. Green 6# All rights reserved. 7# 8# Redistribution and use in source and binary forms, with or without 9# modification, are permitted provided that the following conditions 10# are met: 11# 1. Redistributions of source code must retain the above copyright 12# notice, this list of conditions and the following disclaimer. 13# 2. Redistributions in binary form must reproduce the above copyright 14# notice, this list of conditions and the following disclaimer in the 15# documentation and/or other materials provided with the distribution. 16# 17# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 22# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 23# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 24# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 25# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27# SUCH DAMAGE. 28 29# 30# If "creds_msdos_partition" is an msdos partition and has a creds.txt 31# in it, perform these commands: 32# "sshkeyfile <user> <path on msdos>" 33# "sshkey <user> <entry>" 34# "useraddhash <user> <passwd hash>" 35# "useradd <user> <passwd>" 36# If the "useradd" method is used, this the creds.txt file will be 37# shredded and deleted with rm -P. 38 39# PROVIDE: creds_msdos 40# REQUIRE: mountall 41 42$_rc_subr_loaded . /etc/rc.subr 43 44name="creds_msdos" 45start_cmd="creds_msdos_start" 46stop_cmd=":" 47 48fail() { 49 echo "$@" 1>&2 50 exit 1 51} 52 53# This uses $ssh_userkeys global 54sshkey_setup() { 55 local user="$1" 56 local group="wheel" 57 58 # don't create existing users 59 if ! id -u "${user}" > /dev/null 2>&1; then 60 useradd -m -G "${group}" "${user}" || fail "Useradd failed." 61 fi 62 63 eval ssh_userdir=~"${user}/.ssh" 64 mkdir -p -m 755 "${ssh_userdir}" || fail "mkdir ~/.ssh failed." 65 chmod 755 "${ssh_userdir}" 66 chown "${user}" "${ssh_userdir}" 67 68 ssh_userkeys="${ssh_userdir}/authorized_keys" 69} 70 71sshkey_finish() { 72 local user="$1" 73 74 chmod 644 "${ssh_userkeys}" 75 chown "${user}" "${ssh_userkeys}" 76} 77 78do_sshkeyfile() { 79 local user="$1" 80 local newkeys="${creds_msdos_partition}/$2" 81 82 if [ ! -f "${newkeys}" ]; then 83 return 84 fi 85 86 sshkey_setup "${user}" 87 88 # check entry is not present 89 while read type keydata name; do 90 if fgrep -q "${keydata}" "${ssh_userkeys}" 2>/dev/null; then 91 continue 92 fi 93 echo "${type} ${keydata} ${name}" >> "${ssh_userkeys}" 94 done < "${newkeys}" 95 96 sshkey_finish "${user}" 97} 98 99do_sshkey() { 100 local user="$1" 101 local newkey="$2" 102 103 sshkey_setup "${user}" 104 105 echo "${newkey}" >> "${ssh_userkeys}" 106 107 sshkey_finish "${user}" 108} 109 110do_useraddpwhash() { 111 local user="$1" 112 local pwhash="$2" 113 local group="wheel" 114 115 # don't add to existing users 116 if id -u "${user}" > /dev/null 2>&1; then 117 return 118 fi 119 120 useradd -m -p "${pwhash}" -G "${group}" "${user}" || fail "Useradd failed." 121} 122 123do_useradd() { 124 local user="$1" 125 local password="$2" 126 127 local pwhash=$(pwhash "$password") 128 do_useraddpwhash "${user}" "${pwhash}" 129} 130 131creds_msdos_start() 132{ 133 local fstab_file=/etc/fstab 134 135 if [ -z "${creds_msdos_partition}" ]; then 136 echo "Not looking for credentials on msdos" 137 return 138 fi 139 while read junk1 mp fstype junk2; do 140 if [ "${mp}" != "${creds_msdos_partition}" ]; then 141 continue 142 fi 143 if [ "${fstype}" != "msdos" ]; then 144 echo "Not checking for creds on ${creds_msdos_partition}: not an msdos file system" 145 return 146 fi 147 break 148 done < "${fstab_file}" 149 150 local delete_creds=no 151 local creds_file="${creds_msdos_partition}/creds.txt" 152 153 if [ -f "${creds_file}" ]; then 154 while read type user args; do 155 # strip cr 156 local clean_args="$(echo "$args" | tr -d '\015')" 157 case "$type" in 158 \#*|'') 159 continue 160 ;; 161 sshkeyfile) 162 echo "Added user ${user} via ssh key file method." 163 do_sshkeyfile "${user}" "${clean_args}" 164 ;; 165 sshkey) 166 echo "Added user ${user} via ssh key string method." 167 do_sshkey "${user}" "${clean_args}" 168 ;; 169 useraddpwhash) 170 echo "Added user ${user} via password hash method." 171 do_useraddpwhash "${user}" "${clean_args}" 172 ;; 173 useradd) 174 echo "Added user ${user} via password method, shredding credentials file." 175 do_useradd "${user}" "${clean_args}" 176 delete_creds=yes 177 ;; 178 *) 179 echo "Do not understand '$type' creds" 1>&2 180 exit 1 181 ;; 182 esac 183 done < "${creds_file}" 184 fi 185 186 if [ $delete_creds = yes ]; then 187 rm -P -f "${creds_file}" 188 fi 189} 190 191load_rc_config $name 192run_rc_command "$1" 193