Wed Jun 12 03:06:49 2019 UTC ()
various cleanups inspired by reviews:
- clean up variable usage
- be explicit that $ssh_userkeys is global
- don't assig id output to a variable not used


(mrg)
diff -r1.2 -r1.3 src/distrib/utils/embedded/files/creds_msdos
cvs diff -r1.2 -r1.3 src/distrib/utils/embedded/files/creds_msdos (expand / switch to unified diff)

--- src/distrib/utils/embedded/files/creds_msdos 2019/06/12 00:28:56 1.2
+++ src/distrib/utils/embedded/files/creds_msdos 2019/06/12 03:06:48 1.3
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1#!/bin/sh 1#!/bin/sh
2# 2#
3# $NetBSD: creds_msdos,v 1.2 2019/06/12 00:28:56 mrg Exp $ 3# $NetBSD: creds_msdos,v 1.3 2019/06/12 03:06:48 mrg Exp $
4# 4#
5# Copyright (c) 2019 Matthew R. Green 5# Copyright (c) 2019 Matthew R. Green
6# All rights reserved. 6# All rights reserved.
7# 7#
8# Redistribution and use in source and binary forms, with or without 8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions 9# modification, are permitted provided that the following conditions
10# are met: 10# are met:
11# 1. Redistributions of source code must retain the above copyright 11# 1. Redistributions of source code must retain the above copyright
12# notice, this list of conditions and the following disclaimer. 12# notice, this list of conditions and the following disclaimer.
13# 2. Redistributions in binary form must reproduce the above copyright 13# 2. Redistributions in binary form must reproduce the above copyright
14# notice, this list of conditions and the following disclaimer in the 14# notice, this list of conditions and the following disclaimer in the
15# documentation and/or other materials provided with the distribution. 15# documentation and/or other materials provided with the distribution.
16# 3. The name of the author may not be used to endorse or promote products 16# 3. The name of the author may not be used to endorse or promote products
@@ -36,155 +36,155 @@ @@ -36,155 +36,155 @@
36# "useraddhash <user> <passwd hash>" 36# "useraddhash <user> <passwd hash>"
37# "useradd <user> <passwd>" 37# "useradd <user> <passwd>"
38# If the "useradd" method is used, this the creds.txt file will be 38# If the "useradd" method is used, this the creds.txt file will be
39# shredded and deleted with rm -P. 39# shredded and deleted with rm -P.
40 40
41# PROVIDE: creds_msdos 41# PROVIDE: creds_msdos
42# REQUIRE: mountall 42# REQUIRE: mountall
43 43
44$_rc_subr_loaded . /etc/rc.subr 44$_rc_subr_loaded . /etc/rc.subr
45 45
46name="creds_msdos" 46name="creds_msdos"
47start_cmd="creds_msdos_start" 47start_cmd="creds_msdos_start"
48stop_cmd=":" 48stop_cmd=":"
49fstab_file=/etc/fstab 
50 49
51fail() { 50fail() {
52 echo "$@" 1>&2 51 echo "$@" 1>&2
53 exit 1 52 exit 1
54} 53}
55 54
 55# This uses $ssh_userkeys global
56sshkey_setup() { 56sshkey_setup() {
57 local user="$1" 57 local user="$1"
58 local group="wheel" 58 local group="wheel"
59 59
60 # don't create existing users 60 # don't create existing users
61 id=$(id -u $user 2>/dev/null) 61 if ! id -u "${user}" > /dev/null 2>&1; then
62 if [ $? -ne 0 ]; then 62 useradd -m -G "${group}" "${user}" || fail "Useradd failed."
63 useradd -m -G "${group}" "$user" || fail "Useradd failed." 
64 fi 63 fi
65 64
66 eval sshdir=~"${user}/.ssh" 65 eval ssh_userdir=~"${user}/.ssh"
67 eval mkdir -p -m 755 "${sshdir}" || fail "mkdir ~/.ssh failed." 66 mkdir -p -m 755 "${ssh_userdir}" || fail "mkdir ~/.ssh failed."
68 chown "${user}" "${sshdir}" 67 chmod 755 "${ssh_userdir}"
69 eval userkeys="${sshdir}/authorized_keys" 68 chown "${user}" "${ssh_userdir}"
 69
 70 ssh_userkeys="${ssh_userdir}/authorized_keys"
70} 71}
71 72
72sshkey_finish() { 73sshkey_finish() {
73 local user="$1" 74 local user="$1"
74 local userkeys="$2" 
75 75
76 chmod 644 "${userkeys}" 76 chmod 644 "${ssh_userkeys}"
77 chown "${user}" "${userkeys}" 77 chown "${user}" "${ssh_userkeys}"
78} 78}
79 79
80do_sshkeyfile() { 80do_sshkeyfile() {
81 local user="$1" 81 local user="$1"
82 local newkeys="${creds_msdos_partition}/$2" 82 local newkeys="${creds_msdos_partition}/$2"
83 83
84 if [ ! -f "${newkeys}" ]; then 84 if [ ! -f "${newkeys}" ]; then
85 return 85 return
86 fi 86 fi
87 87
88 sshkey_setup "$user" 88 sshkey_setup "${user}"
89 89
90 # check entry is not present 90 # check entry is not present
91 while read type keydata name; do 91 while read type keydata name; do
92 if fgrep -q "${keydata}" "${userkeys}" 2>/dev/null; then 92 if fgrep -q "${keydata}" "${ssh_userkeys}" 2>/dev/null; then
93 continue 93 continue
94 fi 94 fi
95 echo "${type} ${keydata} ${name}" >> "${userkeys}" 95 echo "${type} ${keydata} ${name}" >> "${ssh_userkeys}"
96 done < "${newkeys}" 96 done < "${newkeys}"
97 97
98 sshkey_finish "$user" "${userkeys}" 98 sshkey_finish "${user}"
99} 99}
100 100
101do_sshkey() { 101do_sshkey() {
102 local user="$1" 102 local user="$1"
103 local newkey="$2" 103 local newkey="$2"
104 104
105 sshkey_setup "$user" 105 sshkey_setup "${user}"
106 106
107 echo "${newkey}" >> "${userkeys}" 107 echo "${newkey}" >> "${ssh_userkeys}"
108 108
109 sshkey_finish "$user" "${userkeys}" 109 sshkey_finish "${user}"
110} 110}
111 111
112do_useraddpwhash() { 112do_useraddpwhash() {
113 local user="$1" 113 local user="$1"
114 local pwhash="$2" 114 local pwhash="$2"
115 local group="wheel" 115 local group="wheel"
116 116
117 # don't add to existing users 117 # don't add to existing users
118 id=$(id -u "${user}" 2>/dev/null) 118 if id -u "${user}" > /dev/null 2>&1; then
119 if [ $? -eq 0 ]; then 
120 return 119 return
121 fi 120 fi
122 121
123 useradd -m -p "${pwhash}" -G "${group}" "${user}" || fail "Useradd failed." 122 useradd -m -p "${pwhash}" -G "${group}" "${user}" || fail "Useradd failed."
124} 123}
125 124
126do_useradd() { 125do_useradd() {
127 local user="$1" 126 local user="$1"
128 local password="$2" 127 local password="$2"
129 128
130 local pwhash=$(pwhash "$password") 129 local pwhash=$(pwhash "$password")
131 do_useraddpwhash "${user}" "${pwhash}" 130 do_useraddpwhash "${user}" "${pwhash}"
132} 131}
133 132
134creds_msdos_start() 133creds_msdos_start()
135{ 134{
 135 local fstab_file=/etc/fstab
 136
136 if [ -z "${creds_msdos_partition}" ]; then 137 if [ -z "${creds_msdos_partition}" ]; then
137 echo "Not looking for credientials on msdos" 138 echo "Not looking for credientials on msdos"
138 return; 139 return
139 fi 140 fi
140 check_fs= 
141 while read junk1 mp fstype junk2; do 141 while read junk1 mp fstype junk2; do
142 if [ "${mp}" != "${creds_msdos_partition}" ]; then 142 if [ "${mp}" != "${creds_msdos_partition}" ]; then
143 continue 143 continue
144 fi 144 fi
145 if [ "${fstype}" != "msdos" ]; then 145 if [ "${fstype}" != "msdos" ]; then
146 echo "Not checking for creds on ${creds_msdos_partition}: not an msdos file system" 146 echo "Not checking for creds on ${creds_msdos_partition}: not an msdos file system"
147 return; 147 return
148 fi 148 fi
149 break 149 break
150 done < "${fstab_file}" 150 done < "${fstab_file}"
151 151
152 delete_creds=no 152 local delete_creds=no
153 creds_file="${creds_msdos_partition}/creds.txt" 153 local creds_file="${creds_msdos_partition}/creds.txt"
154 154
155 if [ -f "${creds_file}" ]; then 155 if [ -f "${creds_file}" ]; then
156 while read type user arg1; do 156 while read type user args; do
157 # strip cr 157 # strip cr
158 arg1=$(echo "$arg1" | tr -d '\015') 158 local clean_args=$(echo "$args" | tr -d '\015')
159 case "$type" in 159 case "$type" in
160 \#*|'') 160 \#*|'')
161 continue 161 continue
162 ;; 162 ;;
163 sshkeyfile) 163 sshkeyfile)
164 echo "Added user ${user} via ssh key file method." 164 echo "Added user ${user} via ssh key file method."
165 do_sshkeyfile "${user}" "${arg1}" 165 do_sshkeyfile "${user}" "${clean_args}"
166 ;; 166 ;;
167 sshkey) 167 sshkey)
168 echo "Added user ${user} via ssh key string method." 168 echo "Added user ${user} via ssh key string method."
169 do_sshkey "${user}" "${arg1}" 169 do_sshkey "${user}" "${clean_args}"
170 ;; 170 ;;
171 useraddpwhash) 171 useraddpwhash)
172 echo "Added user ${user} via password hash method." 172 echo "Added user ${user} via password hash method."
173 do_useraddpwhash "${user}" "${arg1}" 173 do_useraddpwhash "${user}" "${clean_args}"
174 ;; 174 ;;
175 useradd) 175 useradd)
176 echo "Added user ${user} via password method, shredding credentials file." 176 echo "Added user ${user} via password method, shredding credentials file."
177 do_useradd "${user}" "${arg1}" 177 do_useradd "${user}" "${clean_args}"
178 delete_creds=yes 178 delete_creds=yes
179 ;; 179 ;;
180 *) 180 *)
181 echo "Do not understand '$type' creds" 1>&2 181 echo "Do not understand '$type' creds" 1>&2
182 exit 1 182 exit 1
183 ;; 183 ;;
184 esac 184 esac
185 done < "${creds_file}" 185 done < "${creds_file}"
186 fi 186 fi
187 187
188 if [ $delete_creds = yes ]; then 188 if [ $delete_creds = yes ]; then
189 rm -P -f "${creds_file}" 189 rm -P -f "${creds_file}"
190 fi 190 fi