xref: /freebsd/usr.sbin/adduser/adduser.sh (revision 7660b554bc59a07be0431c17e0e33815818baa69) 
1#!/bin/sh
2#
3# Copyright (c) 2002, 2003 Michael Telahun Makonnen. All rights reserved.
4#
5# Redistribution and use in source and binary forms, with or without
6# modification, are permitted provided that the following conditions
7# are met:
8# 1. Redistributions of source code must retain the above copyright
9#    notice, this list of conditions and the following disclaimer.
10# 2. Redistributions in binary form must reproduce the above copyright
11#    notice, this list of conditions and the following disclaimer in the
12#    documentation and/or other materials provided with the distribution.
13#
14# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24#
25#       Email: Mike Makonnen <mtm@FreeBSD.Org>
26#
27# $FreeBSD$
28#
29
30# err msg
31#       Display $msg on stderr, unless we're being quiet.
32#
33err() {
34	if [ -z "$quietflag" ]; then
35        	echo 1>&2 ${THISCMD}: ERROR: $*
36	fi
37}
38
39# info msg
40#       Display $msg on stdout, unless we're being quiet.
41#
42info() {
43	if [ -z "$quietflag" ]; then
44        	echo ${THISCMD}: INFO: $*
45	fi
46}
47
48# get_nextuid
49#	Output the value of $_uid if it is available for use. If it
50#	is not, output the value of the next higher uid that is available.
51#	If a uid is not specified, output the first available uid, as indicated
52#	by pw(8).
53#
54get_nextuid () {
55	_uid=$1
56	_nextuid=
57
58	if [ -z "$_uid" ]; then
59		_nextuid="`${PWCMD} usernext | cut -f1 -d:`"
60	else
61		while : ; do
62			${PWCMD} usershow $_uid > /dev/null 2>&1
63			if [ ! "$?" -eq 0 ]; then
64				_nextuid=$_uid
65				break
66			fi
67			_uid=$(($_uid + 1))
68		done
69	fi
70	echo $_nextuid
71}
72
73# show_usage
74#	Display usage information for this utility.
75#
76show_usage() {
77	echo "usage: ${THISCMD} [options]"
78	echo "  options may include:"
79	echo "  -C		save to the configuration file only"
80	echo "  -E		disable this account after creation"
81	echo "  -G		additional groups to add accounts to"
82	echo "  -L		login class of the user"
83	echo "  -N		do not read configuration file"
84	echo "  -d		home directory"
85	echo "  -f		file from which input will be received"
86	echo "  -g		default login group"
87	echo "  -h		display this usage message"
88	echo "  -k		path to skeleton home directory"
89	echo "  -m		user welcome message file"
90	echo "  -q		absolute minimal user feedback"
91	echo "  -s		shell"
92	echo "  -u		uid to start at"
93	echo "  -w		password type: no, none, yes or random"
94}
95
96# valid_shells
97#	Outputs a list of valid shells from /etc/shells. Only the
98#	basename of the shell is output.
99#
100valid_shells() {
101	_prefix=
102	cat ${ETCSHELLS} |
103	while read _path _junk ; do
104		case $_path in
105		\#*|'')
106			;;
107		*)
108			echo -n "${_prefix}`basename $_path`"
109			_prefix=' '
110			;;
111		esac
112	done
113
114	# /sbin/nologin is a special case
115	[ -x "${NOLOGIN_PATH}" ] && echo -n " ${NOLOGIN}"
116}
117
118# fullpath_from_shell shell
119#	Given $shell, the basename component of a valid shell, get the
120#	full path to the shell from the /etc/shells file.
121#
122fullpath_from_shell() {
123	_shell=$1
124	[ -z "$_shell" ] && return 1
125
126	cat ${ETCSHELLS} |
127	while read _path _junk ; do
128		case "$_path" in
129		\#*|'')
130			;;
131		*)
132			if [ "`basename $_path`" = "$_shell" ]; then
133				echo $_path
134				return 0
135			fi
136			;;
137		esac
138	done
139
140	# /sbin/nologin is a special case
141	if [ "$_shell" = "${NOLOGIN}" ]; then
142		echo ${NOLOGIN_PATH}
143		return 0;
144	fi
145
146	return 1
147}
148
149# shell_exists shell
150#	If the given shell is listed in ${ETCSHELLS} or it is
151#	the nologin shell this function will return 0.
152#	Otherwise, it will return 1. If shell is valid but
153#	the path is invalid or it is not executable it
154#	will emit an informational message saying so.
155#
156shell_exists()
157{
158	_sh="$1"
159	_shellchk="${GREPCMD} '^$_sh$' ${ETCSHELLS} > /dev/null 2>&1"
160
161	if ! eval $_shellchk; then
162		# The nologin shell is not listed in /etc/shells.
163		if [ "$_sh" != "${NOLOGIN_PATH}" ]; then
164			err "Invalid shell ($_sh) for user $username."
165			return 1
166		fi
167	fi
168	! [ -x "$_sh" ] &&
169	    info "The shell ($_sh) does not exist or is not executable."
170
171	return 0
172}
173
174# save_config
175#	Save some variables to a configuration file.
176#	Note: not all script variables are saved, only those that
177#	      it makes sense to save.
178#
179save_config() {
180	echo "# Configuration file for adduser(8)."     >  ${ADDUSERCONF}
181	echo "# NOTE: only *some* variables are saved." >> ${ADDUSERCONF}
182	echo "# Last Modified on `${DATECMD}`."		>> ${ADDUSERCONF}
183	echo ''				>> ${ADDUSERCONF}
184	echo "defaultLgroup=$ulogingroup" >> ${ADDUSERCONF}
185	echo "defaultclass=$uclass"	>> ${ADDUSERCONF}
186	echo "defaultgroups=$ugroups"	>> ${ADDUSERCONF}
187	echo "passwdtype=$passwdtype" 	>> ${ADDUSERCONF}
188	echo "homeprefix=$homeprefix" 	>> ${ADDUSERCONF}
189	echo "defaultshell=$ushell"	>> ${ADDUSERCONF}
190	echo "udotdir=$udotdir"		>> ${ADDUSERCONF}
191	echo "msgfile=$msgfile"		>> ${ADDUSERCONF}
192	echo "disableflag=$disableflag" >> ${ADDUSERCONF}
193}
194
195# add_user
196#	Add a user to the user database. If the user chose to send a welcome
197#	message or lock the account, do so.
198#
199add_user() {
200
201	# Is this a configuration run? If so, don't modify user database.
202	#
203	if [ -n "$configflag" ]; then
204		save_config
205		return
206	fi
207
208	_uid=
209	_name=
210	_comment=
211	_gecos=
212	_home=
213	_group=
214	_grouplist=
215	_shell=
216	_class=
217	_dotdir=
218	_expire=
219	_pwexpire=
220	_passwd=
221	_upasswd=
222	_passwdmethod=
223
224	_name="-n '$username'"
225	[ -n "$uuid" ] && _uid='-u "$uuid"'
226	[ -n "$ulogingroup" ] && _group='-g "$ulogingroup"'
227	[ -n "$ugroups" ] && _grouplist='-G "$ugroups"'
228	[ -n "$ushell" ] && _shell='-s "$ushell"'
229	[ -n "$uhome" ] && _home='-m -d "$uhome"'
230	[ -n "$uclass" ] && _class='-L "$uclass"'
231	[ -n "$ugecos" ] && _comment='-c "$ugecos"'
232	[ -n "$udotdir" ] && _dotdir='-k "$udotdir"'
233	[ -n "$uexpire" ] && _expire='-e "$uexpire"'
234	[ -n "$upwexpire" ] && _pwexpire='-p "$upwexpire"'
235	case $passwdtype in
236	no)
237		_passwdmethod="-w no"
238		_passwd="-h -"
239		;;
240	yes)
241		# Note on processing the password: The outer double quotes
242		# make literal everything except ` and \ and $.
243		# The outer single quotes make literal ` and $.
244		# We can ensure the \ isn't treated specially by specifying
245		# the -r switch to the read command used to obtain the input.
246		#
247		_passwdmethod="-w yes"
248		_passwd="-h 0"
249		_upasswd='echo "$upass" |'
250		;;
251	none)
252		_passwdmethod="-w none"
253		;;
254	random)
255		_passwdmethod="-w random"
256		;;
257	esac
258
259	_pwcmd="$_upasswd ${PWCMD} useradd $_uid $_name $_group $_grouplist $_comment"
260	_pwcmd="$_pwcmd $_shell $_class $_home $_dotdir $_passwdmethod $_passwd"
261	_pwcmd="$_pwcmd $_expire $_pwexpire"
262
263	if ! _output=`eval $_pwcmd` ; then
264		err "There was an error adding user ($username)."
265		return 1
266	else
267		info "Successfully added ($username) to the user database."
268		if [ "random" = "$passwdtype" ]; then
269			randompass="$_output"
270			info "Password for ($username) is: $randompass"
271		fi
272	fi
273
274	if [ -n "$disableflag" ]; then
275		if ${PWCMD} lock $username ; then
276			info "Account ($username) is locked."
277		else
278			info "Account ($username) could NOT be locked."
279		fi
280	fi
281
282	_line=
283	_owner=
284	_perms=
285	if [ -n "$msgflag" ]; then
286		[ -r "$msgfile" ] && {
287			# We're evaluating the contents of an external file.
288			# Let's not open ourselves up for attack. _perms will
289			# be empty if it's writeable only by the owner. _owner
290			# will *NOT* be empty if the file is owned by root.
291			#
292			_dir="`dirname $msgfile`"
293			_file="`basename $msgfile`"
294			_perms=`/usr/bin/find $_dir -name $_file -perm +07022 -prune`
295			_owner=`/usr/bin/find $_dir -name $_file -user 0 -prune`
296			if [ -z "$_owner" -o -n "$_perms" ]; then
297				err "The message file ($msgfile) may be writeable only by root."
298				return 1
299			fi
300			cat "$msgfile" |
301			while read _line ; do
302				eval echo "$_line"
303			done | ${MAILCMD} -s"Welcome" ${username}
304			info "Sent welcome message to ($username)."
305		}
306	fi
307}
308
309# get_user
310#	Reads username of the account from standard input or from a global
311#	variable containing an account line from a file. The username is
312#	required. If this is an interactive session it will prompt in
313#	a loop until a username is entered. If it is batch processing from
314#	a file it will output an error message and return to the caller.
315#
316get_user() {
317	_input=
318
319	# No need to take down user names if this is a configuration saving run.
320	[ -n "$configflag" ] && return
321
322	while : ; do
323		if [ -z "$fflag" ]; then
324			echo -n "Username: "
325			read _input
326		else
327			_input="`echo "$fileline" | cut -f1 -d:`"
328		fi
329
330		# There *must* be a username. If this is an interactive
331		# session give the user an opportunity to retry.
332		#
333		if [ -z "$_input" ]; then
334			err "You must enter a username!"
335			[ -z "$fflag" ] && continue
336		fi
337		break
338	done
339	username="$_input"
340}
341
342# get_gecos
343#	Reads extra information about the user. Can be used both in interactive
344#	and batch (from file) mode.
345#
346get_gecos() {
347	_input=
348
349	# No need to take down additional user information for a configuration run.
350	[ -n "$configflag" ] && return
351
352	if [ -z "$fflag" ]; then
353		echo -n "Full name: "
354		read _input
355	else
356		_input="`echo "$fileline" | cut -f7 -d:`"
357	fi
358	ugecos="$_input"
359}
360
361# get_shell
362#	Get the account's shell. Works in interactive and batch mode. It
363#	accepts only the base name of the shell, NOT the full path.
364#	If an invalid shell is entered it will simply use the default shell.
365#
366get_shell() {
367	_input=
368	_fullpath=
369	ushell="$defaultshell"
370
371	# Make sure the current value of the shell is a valid one
372	if ! shell_exists $ushell ; then
373		info "Using default shell ${defaultshell}."
374		ushell="$defaultshell"
375	fi
376
377	if [ -z "$fflag" ]; then
378		echo -n "Shell ($shells) [`basename $ushell`]: "
379		read _input
380	else
381		_input="`echo "$fileline" | cut -f9 -d:`"
382	fi
383	if [ -n "$_input" ]; then
384		_fullpath=`fullpath_from_shell $_input`
385		if [ -n "$_fullpath" ]; then
386			ushell="$_fullpath"
387		else
388			err "Invalid shell ($_input) for user $username."
389			info "Using default shell ${defaultshell}."
390			ushell="$defaultshell"
391		fi
392	fi
393}
394
395# get_homedir
396#	Reads the account's home directory. Used both with interactive input
397#	and batch input.
398#
399get_homedir() {
400	_input=
401	if [ -z "$fflag" ]; then
402		echo -n "Home directory [${homeprefix}/${username}]: "
403		read _input
404	else
405		_input="`echo "$fileline" | cut -f8 -d:`"
406	fi
407
408	if [ -n "$_input" ]; then
409		uhome="$_input"
410		# if this is a configuration run, then user input is the home
411		# directory prefix. Otherwise it is understood to
412		# be $prefix/$user
413		#
414		[ -z "$configflag" ] && homeprefix="`dirname $uhome`" || homeprefix="$uhome"
415	else
416		uhome="${homeprefix}/${username}"
417	fi
418}
419
420# get_uid
421#	Reads a numeric userid in an interactive or batch session. Automatically
422#	allocates one if it is not specified.
423#
424get_uid() {
425	uuid=${uidstart}
426	_input=
427	_prompt=
428
429	# No need to take down uids for a configuration saving run.
430	[ -n "$configflag" ] && return
431
432	if [ -n "$uuid" ]; then
433		_prompt="Uid [$uuid]: "
434	else
435		_prompt="Uid (Leave empty for default): "
436	fi
437	if [ -z "$fflag" ]; then
438		echo -n "$_prompt"
439		read _input
440	else
441		_input="`echo "$fileline" | cut -f2 -d:`"
442	fi
443
444	[ -n "$_input" ] && uuid=$_input
445	uuid=`get_nextuid $uuid`
446	uidstart=$uuid
447}
448
449# get_class
450#	Reads login class of account. Can be used in interactive or batch mode.
451#
452get_class() {
453	uclass="$defaultclass"
454	_input=
455	_class=${uclass:-"default"}
456
457	if [ -z "$fflag" ]; then
458		echo -n "Login class [$_class]: "
459		read _input
460	else
461		_input="`echo "$fileline" | cut -f4 -d:`"
462	fi
463
464	[ -n "$_input" ] && uclass="$_input"
465}
466
467# get_logingroup
468#	Reads user's login group. Can be used in both interactive and batch
469#	modes. The specified value can be a group name or its numeric id.
470#	This routine leaves the field blank if nothing is provided and
471#	a default login group has not been set. The pw(8) command
472#	will then provide a login group with the same name as the username.
473#
474get_logingroup() {
475	ulogingroup="$defaultLgroup"
476	_input=
477
478	if [ -z "$fflag" ]; then
479		echo -n "Login group [${ulogingroup:-$username}]: "
480		read _input
481	else
482		_input="`echo "$fileline" | cut -f3 -d:`"
483	fi
484
485	# Pw(8) will use the username as login group if it's left empty
486	[ -n "$_input" ] && ulogingroup="$_input"
487}
488
489# get_groups
490#	Read additional groups for the user. It can be used in both interactive
491#	and batch modes.
492#
493get_groups() {
494	ugroups="$defaultgroups"
495	_input=
496	_group=${ulogingroup:-"${username}"}
497
498	if [ -z "$configflag" ]; then
499		[ -z "$fflag" ] && echo -n "Login group is $_group. Invite $username"
500		[ -z "$fflag" ] && echo -n " into other groups? [$ugroups]: "
501	else
502		[ -z "$fflag" ] && echo -n "Enter additional groups [$ugroups]: "
503	fi
504	read _input
505
506	[ -n "$_input" ] && ugroups="$_input"
507}
508
509# get_expire_dates
510#	Read expiry information for the account and also for the password. This
511#	routine is used only from batch processing mode.
512#
513get_expire_dates() {
514	upwexpire="`echo "$fileline" | cut -f5 -d:`"
515	uexpire="`echo "$fileline" | cut -f6 -d:`"
516}
517
518# get_password
519#	Read the password in batch processing mode. The password field matters
520#	only when the password type is "yes" or "random". If the field is empty and the
521#	password type is "yes", then it assumes the account has an empty passsword
522#	and changes the password type accordingly. If the password type is "random"
523#	and the password field is NOT empty, then it assumes the account will NOT
524#	have a random password and set passwdtype to "yes."
525#
526get_password() {
527	# We may temporarily change a password type. Make sure it's changed
528	# back to whatever it was before we process the next account.
529	#
530	[ -n "$savedpwtype" ] && {
531		passwdtype=$savedpwtype
532		savedpwtype=
533	}
534
535	# There may be a ':' in the password
536	upass=${fileline#*:*:*:*:*:*:*:*:*:}
537
538	if [ -z "$upass" ]; then
539		case $passwdtype in
540		yes)
541			# if it's empty, assume an empty password
542			passwdtype=none
543			savedpwtype=yes
544			;;
545		esac
546	else
547		case $passwdtype in
548		random)
549			passwdtype=yes
550			savedpwtype=random
551			;;
552		esac
553	fi
554}
555
556# input_from_file
557#	Reads a line of account information from standard input and
558#	adds it to the user database.
559#
560input_from_file() {
561	_field=
562
563	while read -r fileline ; do
564		case "$fileline" in
565		\#*|'')
566			return 0
567			;;
568		esac
569
570		get_user || continue
571		get_gecos
572		get_uid
573		get_logingroup
574		get_class
575		get_shell
576		get_homedir
577		get_password
578		get_expire_dates
579
580		add_user
581	done
582}
583
584# input_interactive
585#	Prompts for user information interactively, and commits to
586#	the user database.
587#
588input_interactive() {
589
590	_disable=
591	_pass=
592	_passconfirm=
593	_random="no"
594	_emptypass="no"
595	_usepass="yes"
596	_logingroup_ok="no"
597	_groups_ok="no"
598	case $passwdtype in
599	none)
600		_emptypass="yes"
601		_usepass="yes"
602		;;
603	no)
604		_usepass="no"
605		;;
606	random)
607		_random="yes"
608		;;
609	esac
610
611	get_user
612	get_gecos
613	get_uid
614
615	# The case where group = user is handled elsewhere, so
616	# validate any other groups the user is invited to.
617	until [ "$_logingroup_ok" = yes ]; do
618		get_logingroup
619		_logingroup_ok=yes
620		if [ -n "$ulogingroup" -a "$username" != "$ulogingroup" ]; then
621			if ! ${PWCMD} show group $ulogingroup > /dev/null 2>&1; then
622				echo "Group $ulogingroup does not exist!"
623				_logingroup_ok=no
624			fi
625		fi
626	done
627	until [ "$_groups_ok" = yes ]; do
628		get_groups
629		_groups_ok=yes
630		for i in $ugroups; do
631			if [ "$username" != "$i" ]; then
632				if ! ${PWCMD} show group $i > /dev/null 2>&1; then
633					echo "Group $i does not exist!"
634					_groups_ok=no
635				fi
636			fi
637		done
638	done
639
640	get_class
641	get_shell
642	get_homedir
643
644	while : ; do
645		echo -n "Use password-based authentication? [$_usepass]: "
646		read _input
647		[ -z "$_input" ] && _input=$_usepass
648		case $_input in
649		[Nn][Oo]|[Nn])
650			passwdtype="no"
651			;;
652		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
653			while : ; do
654				echo -n "Use an empty password? (yes/no) [$_emptypass]: "
655				read _input
656				[ -n "$_input" ] && _emptypass=$_input
657				case $_emptypass in
658				[Nn][Oo]|[Nn])
659					echo -n "Use a random password? (yes/no) [$_random]: "
660					read _input
661					[ -n "$_input" ] && _random="$_input"
662					case $_random in
663					[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
664						passwdtype="random"
665						break
666						;;
667					esac
668					passwdtype="yes"
669					[ -n "$configflag" ] && break
670					trap 'stty echo; exit' 0 1 2 3 15
671					stty -echo
672					echo -n "Enter password: "
673					read -r upass
674					echo''
675					echo -n "Enter password again: "
676					read -r _passconfirm
677					echo ''
678					stty echo
679					# if user entered a blank password
680					# explicitly ask again.
681					[ -z "$upass" -a -z "$_passconfirm" ] \
682					    && continue
683					;;
684				[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
685					passwdtype="none"
686					break;
687					;;
688				*)
689					# invalid answer; repeat the loop
690					continue
691					;;
692				esac
693				if [ "$upass" != "$_passconfirm" ]; then
694					echo "Passwords did not match!"
695					continue
696				fi
697				break
698			done
699			;;
700		*)
701			# invalid answer; repeat loop
702			continue
703			;;
704		esac
705		break;
706	done
707	_disable=${disableflag:-"no"}
708	while : ; do
709		echo -n "Lock out the account after creation? [$_disable]: "
710		read _input
711		[ -z "$_input" ] && _input=$_disable
712		case $_input in
713		[Nn][Oo]|[Nn])
714			disableflag=
715			;;
716		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
717			disableflag=yes
718			;;
719		*)
720			# invalid answer; repeat loop
721			continue
722			;;
723		esac
724		break
725	done
726
727	# Display the information we have so far and prompt to
728	# commit it.
729	#
730	_disable=${disableflag:-"no"}
731	[ -z "$configflag" ] && printf "%-10s : %s\n" Username $username
732	case $passwdtype in
733	yes)
734		_pass='*****'
735		;;
736	no)
737		_pass='<disabled>'
738		;;
739	none)
740		_pass='<blank>'
741		;;
742	random)
743		_pass='<random>'
744		;;
745	esac
746	[ -z "$configflag" ] && printf "%-10s : %s\n" "Password" "$_pass"
747	[ -n "$configflag" ] && printf "%-10s : %s\n" "Pass Type" "$passwdtype"
748	[ -z "$configflag" ] && printf "%-10s : %s\n" "Full Name" "$ugecos"
749	[ -z "$configflag" ] && printf "%-10s : %s\n" "Uid" "$uuid"
750	printf "%-10s : %s\n" "Class" "$uclass"
751	printf "%-10s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups"
752	printf "%-10s : %s\n" "Home" "$uhome"
753	printf "%-10s : %s\n" "Shell" "$ushell"
754	printf "%-10s : %s\n" "Locked" "$_disable"
755	while : ; do
756		echo -n "OK? (yes/no): "
757		read _input
758		case $_input in
759		[Nn][Oo]|[Nn])
760			return 1
761			;;
762		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
763			add_user
764			;;
765		*)
766			continue
767			;;
768		esac
769		break
770	done
771	return 0
772}
773
774#### END SUBROUTINE DEFENITION ####
775
776THISCMD=`/usr/bin/basename $0`
777DEFAULTSHELL=/bin/sh
778ADDUSERCONF="${ADDUSERCONF:-/etc/adduser.conf}"
779PWCMD="${PWCMD:-/usr/sbin/pw}"
780MAILCMD="${MAILCMD:-mail}"
781ETCSHELLS="${ETCSHELLS:-/etc/shells}"
782NOLOGIN="nologin"
783NOLOGIN_PATH="/sbin/nologin"
784GREPCMD="/usr/bin/grep"
785DATECMD="/bin/date"
786
787# Set default values
788#
789username=
790uuid=
791uidstart=
792ugecos=
793ulogingroup=
794uclass=
795uhome=
796upass=
797ushell=
798udotdir=/usr/share/skel
799ugroups=
800uexpire=
801upwexpire=
802shells="`valid_shells`"
803passwdtype="yes"
804msgfile=/etc/adduser.msg
805msgflag=
806quietflag=
807configflag=
808fflag=
809infile=
810disableflag=
811readconfig="yes"
812homeprefix="/home"
813randompass=
814fileline=
815savedpwtype=
816defaultclass=
817defaultLgroup=
818defaultgroups=
819defaultshell="${DEFAULTSHELL}"
820
821# Make sure the user running this program is root. This isn't a security
822# measure as much as it is a usefull method of reminding the user to
823# 'su -' before he/she wastes time entering data that won't be saved.
824#
825procowner=${procowner:-`/usr/bin/id -u`}
826if [ "$procowner" != "0" ]; then
827	err 'you must be the super-user (uid 0) to use this utility.'
828	exit 1
829fi
830
831# Overide from our conf file
832# Quickly go through the commandline line to see if we should read
833# from our configuration file. The actual parsing of the commandline
834# arguments happens after we read in our configuration file (commandline
835# should override configuration file).
836#
837for _i in $* ; do
838	if [ "$_i" = "-N" ]; then
839		readconfig=
840		break;
841	fi
842done
843if [ -n "$readconfig" ]; then
844	# On a long-lived system, the first time this script is run it
845	# will barf upon reading the configuration file for its perl predecessor.
846	if ( . ${ADDUSERCONF} > /dev/null 2>&1 ); then
847		[ -r ${ADDUSERCONF} ] && . ${ADDUSERCONF} > /dev/null 2>&1
848	fi
849fi
850
851# Proccess command-line options
852#
853for _switch ; do
854	case $_switch in
855	-L)
856		defaultclass="$2"
857		shift; shift
858		;;
859	-C)
860		configflag=yes
861		shift
862		;;
863	-E)
864		disableflag=yes
865		shift
866		;;
867	-k)
868		udotdir="$2"
869		shift; shift
870		;;
871	-f)
872		[ "$2" != "-" ] && infile="$2"
873		fflag=yes
874		shift; shift
875		;;
876	-g)
877		defaultLgroup="$2"
878		shift; shift
879		;;
880	-G)
881		defaultgroups="$2"
882		shift; shift
883		;;
884	-h)
885		show_usage
886		exit 0
887		;;
888	-d)
889		homeprefix="$2"
890		shift; shift
891		;;
892	-m)
893		case "$2" in
894		[Nn][Oo])
895			msgflag=
896			;;
897		*)
898			msgflag=yes
899			msgfile="$2"
900			;;
901		esac
902		shift; shift
903		;;
904	-N)
905		readconfig=
906		shift
907		;;
908	-w)
909		case "$2" in
910		no|none|random|yes)
911			passwdtype=$2
912			;;
913		*)
914			show_usage
915			exit 1
916			;;
917		esac
918		shift; shift
919		;;
920	-q)
921		quietflag=yes
922		shift
923		;;
924	-s)
925		defaultshell="`fullpath_from_shell $2`"
926		shift; shift
927		;;
928	-u)
929		uidstart=$2
930		shift; shift
931		;;
932	esac
933done
934
935# If the -f switch was used, get input from a file. Otherwise,
936# this is an interactive session.
937#
938if [ -n "$fflag" ]; then
939	if [ -z "$infile" ]; then
940		input_from_file
941	elif [ -n "$infile" ]; then
942		if [ -r "$infile" ]; then
943			input_from_file < $infile
944		else
945			err "File ($infile) is unreadable or does not exist."
946		fi
947	fi
948else
949	input_interactive
950	while : ; do
951		if [ -z "$configflag" ]; then
952			echo -n "Add another user? (yes/no): "
953		else
954			echo -n "Re-edit the default configuration? (yes/no): "
955		fi
956		read _input
957		case $_input in
958		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
959			uidstart=`get_nextuid $uidstart`
960			input_interactive
961			continue
962			;;
963		[Nn][Oo]|[Nn])
964			echo "Goodbye!"
965			;;
966		*)
967			continue
968			;;
969		esac
970		break
971	done
972fi
973