xref: /freebsd/usr.sbin/adduser/adduser.sh (revision af23369a6deaaeb612ab266eb88b8bb8d560c322) 
1#!/bin/sh
2#
3# SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4#
5# Copyright (c) 2002-2004 Michael Telahun Makonnen. All rights reserved.
6#
7# Redistribution and use in source and binary forms, with or without
8# modification, are permitted provided that the following conditions
9# are met:
10# 1. Redistributions of source code must retain the above copyright
11#    notice, this list of conditions and the following disclaimer.
12# 2. Redistributions in binary form must reproduce the above copyright
13#    notice, this list of conditions and the following disclaimer in the
14#    documentation and/or other materials provided with the distribution.
15#
16# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26#
27#       Email: Mike Makonnen <mtm@FreeBSD.Org>
28#
29# $FreeBSD$
30#
31
32# err msg
33#	Display $msg on stderr, unless we're being quiet.
34#
35err() {
36	if [ -z "$quietflag" ]; then
37		echo 1>&2 ${THISCMD}: ERROR: $*
38	fi
39}
40
41# info msg
42#	Display $msg on stdout, unless we're being quiet.
43#
44info() {
45	if [ -z "$quietflag" ]; then
46		echo ${THISCMD}: INFO: $*
47	fi
48}
49
50# get_nextuid
51#	Output the value of $_uid if it is available for use. If it
52#	is not, output the value of the next higher uid that is available.
53#	If a uid is not specified, output the first available uid, as indicated
54#	by pw(8).
55#
56get_nextuid () {
57	_uid=$1
58	_nextuid=
59
60	if [ -z "$_uid" ]; then
61		_nextuid="`${PWCMD} usernext | cut -f1 -d:`"
62	else
63		while : ; do
64			${PWCMD} usershow $_uid > /dev/null 2>&1
65			if [ ! "$?" -eq 0 ]; then
66				_nextuid=$_uid
67				break
68			fi
69			_uid=$(($_uid + 1))
70		done
71	fi
72	echo $_nextuid
73}
74
75# show_usage
76#	Display usage information for this utility.
77#
78show_usage() {
79	echo "usage: ${THISCMD} [options]"
80	echo "  options may include:"
81	echo "  -C		save to the configuration file only"
82	echo "  -D		do not attempt to create the home directory"
83	echo "  -E		disable this account after creation"
84	echo "  -G		additional groups to add accounts to"
85	echo "  -L		login class of the user"
86	echo "  -M		file permission for home directory"
87	echo "  -N		do not read configuration file"
88	echo "  -S		a nonexistent shell is not an error"
89	echo "  -d		home directory"
90	echo "  -f		file from which input will be received"
91	echo "  -g		default login group"
92	echo "  -h		display this usage message"
93	echo "  -k		path to skeleton home directory"
94	echo "  -m		user welcome message file"
95	echo "  -q		absolute minimal user feedback"
96	echo "  -s		shell"
97	echo "  -u		uid to start at"
98	echo "  -w		password type: no, none, yes or random"
99}
100
101# valid_shells
102#	Outputs a list of valid shells from /etc/shells. Only the
103#	basename of the shell is output.
104#
105valid_shells() {
106	_prefix=
107	cat ${ETCSHELLS} |
108	while read _path _junk ; do
109		case $_path in
110		\#*|'')
111			;;
112		*)
113			echo -n "${_prefix}`basename $_path`"
114			_prefix=' '
115			;;
116		esac
117	done
118
119	# /usr/sbin/nologin is a special case
120	[ -x "${NOLOGIN_PATH}" ] && echo -n " ${NOLOGIN}"
121}
122
123# fullpath_from_shell shell
124#	Given $shell, which is either the full path to a shell or
125#	the basename component of a valid shell, get the
126#	full path to the shell from the /etc/shells file.
127#
128fullpath_from_shell() {
129	_shell=$1
130	[ -z "$_shell" ] && return 1
131
132	# /usr/sbin/nologin is a special case; it needs to be handled
133	# before the cat | while loop, since a 'return' from within
134	# a subshell will not terminate the function's execution, and
135	# the path to the nologin shell might be printed out twice.
136	#
137	if [ "$_shell" = "${NOLOGIN}" -o \
138	    "$_shell" = "${NOLOGIN_PATH}" ]; then
139		echo ${NOLOGIN_PATH}
140		return 0;
141	fi
142
143	cat ${ETCSHELLS} |
144	while read _path _junk ; do
145		case "$_path" in
146		\#*|'')
147			;;
148		*)
149			if [ "$_path" = "$_shell" -o \
150			    "`basename $_path`" = "$_shell" ]; then
151				echo $_path
152				return 0
153			fi
154			;;
155		esac
156	done
157
158	return 1
159}
160
161# shell_exists shell
162#	If the given shell is listed in ${ETCSHELLS} or it is
163#	the nologin shell this function will return 0.
164#	Otherwise, it will return 1. If shell is valid but
165#	the path is invalid or it is not executable it
166#	will emit an informational message saying so.
167#
168shell_exists() {
169	_sh="$1"
170	_shellchk="${GREPCMD} '^$_sh$' ${ETCSHELLS} > /dev/null 2>&1"
171
172	if ! eval $_shellchk; then
173		# The nologin shell is not listed in /etc/shells.
174		if [ "$_sh" != "${NOLOGIN_PATH}" ]; then
175			err "Invalid shell ($_sh) for user $username."
176			return 1
177		fi
178	fi
179	! [ -x "$_sh" ] &&
180	    info "The shell ($_sh) does not exist or is not executable."
181
182	return 0
183}
184
185# save_config
186#	Save some variables to a configuration file.
187#	Note: not all script variables are saved, only those that
188#	      it makes sense to save.
189#
190save_config() {
191	echo "# Configuration file for adduser(8)."     >  ${ADDUSERCONF}
192	echo "# NOTE: only *some* variables are saved." >> ${ADDUSERCONF}
193	echo "# Last Modified on `${DATECMD}`."		>> ${ADDUSERCONF}
194	echo ''				>> ${ADDUSERCONF}
195	echo "defaultHomePerm=$uhomeperm" >> ${ADDUSERCONF}
196	echo "defaultLgroup=$ulogingroup" >> ${ADDUSERCONF}
197	echo "defaultclass=$uclass"	>> ${ADDUSERCONF}
198	echo "defaultgroups=$ugroups"	>> ${ADDUSERCONF}
199	echo "passwdtype=$passwdtype" 	>> ${ADDUSERCONF}
200	echo "homeprefix=$homeprefix" 	>> ${ADDUSERCONF}
201	echo "defaultshell=$ushell"	>> ${ADDUSERCONF}
202	echo "udotdir=$udotdir"		>> ${ADDUSERCONF}
203	echo "msgfile=$msgfile"		>> ${ADDUSERCONF}
204	echo "disableflag=$disableflag" >> ${ADDUSERCONF}
205	echo "uidstart=$uidstart"       >> ${ADDUSERCONF}
206}
207
208# add_user
209#	Add a user to the user database. If the user chose to send a welcome
210#	message or lock the account, do so.
211#
212add_user() {
213
214	# Is this a configuration run? If so, don't modify user database.
215	#
216	if [ -n "$configflag" ]; then
217		save_config
218		return
219	fi
220
221	_uid=
222	_name=
223	_comment=
224	_gecos=
225	_home=
226	_group=
227	_grouplist=
228	_shell=
229	_class=
230	_dotdir=
231	_expire=
232	_pwexpire=
233	_passwd=
234	_upasswd=
235	_passwdmethod=
236
237	_name="-n '$username'"
238	[ -n "$uuid" ] && _uid='-u "$uuid"'
239	[ -n "$ulogingroup" ] && _group='-g "$ulogingroup"'
240	[ -n "$ugroups" ] && _grouplist='-G "$ugroups"'
241	[ -n "$ushell" ] && _shell='-s "$ushell"'
242	[ -n "$uclass" ] && _class='-L "$uclass"'
243	[ -n "$ugecos" ] && _comment='-c "$ugecos"'
244	[ -n "$udotdir" ] && _dotdir='-k "$udotdir"'
245	[ -n "$uexpire" ] && _expire='-e "$uexpire"'
246	[ -n "$upwexpire" ] && _pwexpire='-p "$upwexpire"'
247	if [ -z "$Dflag" -a -n "$uhome" ]; then
248		# The /nonexistent home directory is special. It
249		# means the user has no home directory.
250		if [ "$uhome" = "$NOHOME" ]; then
251			_home='-d "$uhome"'
252		else
253			# Use home directory permissions if specified
254			if [ -n "$uhomeperm" ]; then
255				_home='-m -d "$uhome" -M "$uhomeperm"'
256			else
257				_home='-m -d "$uhome"'
258			fi
259		fi
260	elif [ -n "$Dflag" -a -n "$uhome" ]; then
261		_home='-d "$uhome"'
262	fi
263	case $passwdtype in
264	no)
265		_passwdmethod="-w no"
266		_passwd="-h -"
267		;;
268	yes)
269		# Note on processing the password: The outer double quotes
270		# make literal everything except ` and \ and $.
271		# The outer single quotes make literal ` and $.
272		# We can ensure the \ isn't treated specially by specifying
273		# the -r switch to the read command used to obtain the input.
274		#
275		_passwdmethod="-w yes"
276		_passwd="-h 0"
277		_upasswd='echo "$upass" |'
278		;;
279	none)
280		_passwdmethod="-w none"
281		;;
282	random)
283		_passwdmethod="-w random"
284		;;
285	esac
286
287	_pwcmd="$_upasswd ${PWCMD} useradd $_uid $_name $_group $_grouplist $_comment"
288	_pwcmd="$_pwcmd $_shell $_class $_home $_dotdir $_passwdmethod $_passwd"
289	_pwcmd="$_pwcmd $_expire $_pwexpire"
290
291	if ! _output=`eval $_pwcmd` ; then
292		err "There was an error adding user ($username)."
293		return 1
294	else
295		info "Successfully added ($username) to the user database."
296		if [ "random" = "$passwdtype" ]; then
297			randompass="$_output"
298			info "Password for ($username) is: $randompass"
299		fi
300	fi
301
302	if [ -n "$disableflag" ]; then
303		if ${PWCMD} lock $username ; then
304			info "Account ($username) is locked."
305		else
306			info "Account ($username) could NOT be locked."
307		fi
308	fi
309
310	_line=
311	_owner=
312	_perms=
313	if [ -n "$msgflag" ]; then
314		[ -r "$msgfile" ] && {
315			# We're evaluating the contents of an external file.
316			# Let's not open ourselves up for attack. _perms will
317			# be empty if it's writeable only by the owner. _owner
318			# will *NOT* be empty if the file is owned by root.
319			#
320			_dir="`dirname $msgfile`"
321			_file="`basename $msgfile`"
322			_perms=`/usr/bin/find $_dir -name $_file -perm +07022 -prune`
323			_owner=`/usr/bin/find $_dir -name $_file -user 0 -prune`
324			if [ -z "$_owner" -o -n "$_perms" ]; then
325				err "The message file ($msgfile) may be writeable only by root."
326				return 1
327			fi
328			cat "$msgfile" |
329			while read _line ; do
330				eval echo "$_line"
331			done | ${MAILCMD} -s"Welcome" ${username}
332			info "Sent welcome message to ($username)."
333		}
334	fi
335}
336
337# get_user
338#	Reads username of the account from standard input or from a global
339#	variable containing an account line from a file. The username is
340#	required. If this is an interactive session it will prompt in
341#	a loop until a username is entered. If it is batch processing from
342#	a file it will output an error message and return to the caller.
343#
344get_user() {
345	_input=
346
347	# No need to take down user names if this is a configuration saving run.
348	[ -n "$configflag" ] && return
349
350	while : ; do
351		if [ -z "$fflag" ]; then
352			echo -n "Username: "
353			read _input
354		else
355			_input="`echo "$fileline" | cut -f1 -d:`"
356		fi
357
358		# There *must* be a username, and it must not exist. If
359		# this is an interactive session give the user an
360		# opportunity to retry.
361		#
362		if [ -z "$_input" ]; then
363			err "You must enter a username!"
364			[ -z "$fflag" ] && continue
365		fi
366		${PWCMD} usershow $_input > /dev/null 2>&1
367		if [ "$?" -eq 0 ]; then
368			err "User exists!"
369			[ -z "$fflag" ] && continue
370		fi
371		break
372	done
373	username="$_input"
374}
375
376# get_gecos
377#	Reads extra information about the user. Can be used both in interactive
378#	and batch (from file) mode.
379#
380get_gecos() {
381	_input=
382
383	# No need to take down additional user information for a configuration run.
384	[ -n "$configflag" ] && return
385
386	if [ -z "$fflag" ]; then
387		echo -n "Full name: "
388		read _input
389	else
390		_input="`echo "$fileline" | cut -f7 -d:`"
391	fi
392	ugecos="$_input"
393}
394
395# get_shell
396#	Get the account's shell. Works in interactive and batch mode. It
397#	accepts either the base name of the shell or the full path.
398#	If an invalid shell is entered it will simply use the default shell.
399#
400get_shell() {
401	_input=
402	_fullpath=
403	ushell="$defaultshell"
404
405	# Make sure the current value of the shell is a valid one
406	if [ -z "$Sflag" ]; then
407		if ! shell_exists $ushell ; then
408			info "Using default shell ${defaultshell}."
409			ushell="$defaultshell"
410		fi
411	fi
412
413	if [ -z "$fflag" ]; then
414		echo -n "Shell ($shells) [`basename $ushell`]: "
415		read _input
416	else
417		_input="`echo "$fileline" | cut -f9 -d:`"
418	fi
419	if [ -n "$_input" ]; then
420		if [ -n "$Sflag" ]; then
421			ushell="$_input"
422		else
423			_fullpath=`fullpath_from_shell $_input`
424			if [ -n "$_fullpath" ]; then
425				ushell="$_fullpath"
426			else
427				err "Invalid shell ($_input) for user $username."
428				info "Using default shell ${defaultshell}."
429				ushell="$defaultshell"
430			fi
431		fi
432	fi
433}
434
435# get_homedir
436#	Reads the account's home directory. Used both with interactive input
437#	and batch input.
438#
439get_homedir() {
440	_input=
441	if [ -z "$fflag" ]; then
442		echo -n "Home directory [${homeprefix}/${username}]: "
443		read _input
444	else
445		_input="`echo "$fileline" | cut -f8 -d:`"
446	fi
447
448	if [ -n "$_input" ]; then
449		uhome="$_input"
450		# if this is a configuration run, then user input is the home
451		# directory prefix. Otherwise it is understood to
452		# be $prefix/$user
453		#
454		[ -z "$configflag" ] && homeprefix="`dirname $uhome`" || homeprefix="$uhome"
455	else
456		uhome="${homeprefix}/${username}"
457	fi
458}
459
460# get_homeperm
461#	Reads the account's home directory permissions.
462#
463get_homeperm() {
464	uhomeperm=$defaultHomePerm
465	_input=
466	_prompt=
467
468	if [ -n "$uhomeperm" ]; then
469		_prompt="Home directory permissions [${uhomeperm}]: "
470	else
471		_prompt="Home directory permissions (Leave empty for default): "
472	fi
473	if [ -z "$fflag" ]; then
474		echo -n "$_prompt"
475		read _input
476	fi
477
478	if [ -n "$_input" ]; then
479		uhomeperm="$_input"
480	fi
481}
482
483# get_uid
484#	Reads a numeric userid in an interactive or batch session. Automatically
485#	allocates one if it is not specified.
486#
487get_uid() {
488	uuid=${uidstart}
489	_input=
490	_prompt=
491
492	if [ -n "$uuid" ]; then
493		uuid=`get_nextuid $uuid`
494		_prompt="Uid [$uuid]: "
495	else
496		_prompt="Uid (Leave empty for default): "
497	fi
498	if [ -z "$fflag" ]; then
499		echo -n "$_prompt"
500		read _input
501	else
502		_input="`echo "$fileline" | cut -f2 -d:`"
503	fi
504
505	[ -n "$_input" ] && uuid=$_input
506	uuid=`get_nextuid $uuid`
507	uidstart=$uuid
508}
509
510# get_class
511#	Reads login class of account. Can be used in interactive or batch mode.
512#
513get_class() {
514	uclass="$defaultclass"
515	_input=
516	_class=${uclass:-"default"}
517
518	if [ -z "$fflag" ]; then
519		echo -n "Login class [$_class]: "
520		read _input
521	else
522		_input="`echo "$fileline" | cut -f4 -d:`"
523	fi
524
525	[ -n "$_input" ] && uclass="$_input"
526}
527
528# get_logingroup
529#	Reads user's login group. Can be used in both interactive and batch
530#	modes. The specified value can be a group name or its numeric id.
531#	This routine leaves the field blank if nothing is provided and
532#	a default login group has not been set. The pw(8) command
533#	will then provide a login group with the same name as the username.
534#
535get_logingroup() {
536	ulogingroup="$defaultLgroup"
537	_input=
538
539	if [ -z "$fflag" ]; then
540		echo -n "Login group [${ulogingroup:-$username}]: "
541		read _input
542	else
543		_input="`echo "$fileline" | cut -f3 -d:`"
544	fi
545
546	# Pw(8) will use the username as login group if it's left empty
547	[ -n "$_input" ] && ulogingroup="$_input"
548}
549
550# get_groups
551#	Read additional groups for the user. It can be used in both interactive
552#	and batch modes.
553#
554get_groups() {
555	ugroups="$defaultgroups"
556	_input=
557	_group=${ulogingroup:-"${username}"}
558
559	if [ -z "$configflag" ]; then
560		[ -z "$fflag" ] && echo -n "Login group is $_group. Invite $username"
561		[ -z "$fflag" ] && echo -n " into other groups? [$ugroups]: "
562	else
563		[ -z "$fflag" ] && echo -n "Enter additional groups [$ugroups]: "
564	fi
565	read _input
566
567	[ -n "$_input" ] && ugroups="$_input"
568}
569
570# get_expire_dates
571#	Read expiry information for the account and also for the password. This
572#	routine is used only from batch processing mode.
573#
574get_expire_dates() {
575	upwexpire="`echo "$fileline" | cut -f5 -d:`"
576	uexpire="`echo "$fileline" | cut -f6 -d:`"
577}
578
579# get_password
580#	Read the password in batch processing mode. The password field matters
581#	only when the password type is "yes" or "random". If the field is empty and the
582#	password type is "yes", then it assumes the account has an empty passsword
583#	and changes the password type accordingly. If the password type is "random"
584#	and the password field is NOT empty, then it assumes the account will NOT
585#	have a random password and set passwdtype to "yes."
586#
587get_password() {
588	# We may temporarily change a password type. Make sure it's changed
589	# back to whatever it was before we process the next account.
590	#
591	[ -n "$savedpwtype" ] && {
592		passwdtype=$savedpwtype
593		savedpwtype=
594	}
595
596	# There may be a ':' in the password
597	upass=${fileline#*:*:*:*:*:*:*:*:*:}
598
599	if [ -z "$upass" ]; then
600		case $passwdtype in
601		yes)
602			# if it's empty, assume an empty password
603			passwdtype=none
604			savedpwtype=yes
605			;;
606		esac
607	else
608		case $passwdtype in
609		random)
610			passwdtype=yes
611			savedpwtype=random
612			;;
613		esac
614	fi
615}
616
617# input_from_file
618#	Reads a line of account information from standard input and
619#	adds it to the user database.
620#
621input_from_file() {
622	_field=
623
624	while read -r fileline ; do
625		case "$fileline" in
626		\#*|'')
627			;;
628		*)
629			get_user || continue
630			get_gecos
631			get_uid
632			get_logingroup
633			get_class
634			get_shell
635			get_homedir
636			get_homeperm
637			get_password
638			get_expire_dates
639			ugroups="$defaultgroups"
640
641			add_user
642			;;
643		esac
644	done
645}
646
647# input_interactive
648#	Prompts for user information interactively, and commits to
649#	the user database.
650#
651input_interactive() {
652	_disable=
653	_pass=
654	_passconfirm=
655	_random="no"
656	_emptypass="no"
657	_usepass="yes"
658	_logingroup_ok="no"
659	_groups_ok="no"
660	case $passwdtype in
661	none)
662		_emptypass="yes"
663		_usepass="yes"
664		;;
665	no)
666		_usepass="no"
667		;;
668	random)
669		_random="yes"
670		;;
671	esac
672
673	get_user
674	get_gecos
675	get_uid
676
677	# The case where group = user is handled elsewhere, so
678	# validate any other groups the user is invited to.
679	until [ "$_logingroup_ok" = yes ]; do
680		get_logingroup
681		_logingroup_ok=yes
682		if [ -n "$ulogingroup" -a "$username" != "$ulogingroup" ]; then
683			if ! ${PWCMD} show group $ulogingroup > /dev/null 2>&1; then
684				echo "Group $ulogingroup does not exist!"
685				_logingroup_ok=no
686			fi
687		fi
688	done
689	until [ "$_groups_ok" = yes ]; do
690		get_groups
691		_groups_ok=yes
692		for i in $ugroups; do
693			if [ "$username" != "$i" ]; then
694				if ! ${PWCMD} show group $i > /dev/null 2>&1; then
695					echo "Group $i does not exist!"
696					_groups_ok=no
697				fi
698			fi
699		done
700	done
701
702	get_class
703	get_shell
704	get_homedir
705	get_homeperm
706
707	while : ; do
708		echo -n "Use password-based authentication? [$_usepass]: "
709		read _input
710		[ -z "$_input" ] && _input=$_usepass
711		case $_input in
712		[Nn][Oo]|[Nn])
713			passwdtype="no"
714			;;
715		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
716			while : ; do
717				echo -n "Use an empty password? (yes/no) [$_emptypass]: "
718				read _input
719				[ -n "$_input" ] && _emptypass=$_input
720				case $_emptypass in
721				[Nn][Oo]|[Nn])
722					echo -n "Use a random password? (yes/no) [$_random]: "
723					read _input
724					[ -n "$_input" ] && _random="$_input"
725					case $_random in
726					[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
727						passwdtype="random"
728						break
729						;;
730					esac
731					passwdtype="yes"
732					[ -n "$configflag" ] && break
733					trap 'stty echo; exit' 0 1 2 3 15
734					stty -echo
735					echo -n "Enter password: "
736					IFS= read -r upass
737					echo''
738					echo -n "Enter password again: "
739					IFS= read -r _passconfirm
740					echo ''
741					stty echo
742					# if user entered a blank password
743					# explicitly ask again.
744					[ -z "$upass" -a -z "$_passconfirm" ] \
745					    && continue
746					;;
747				[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
748					passwdtype="none"
749					break;
750					;;
751				*)
752					# invalid answer; repeat the loop
753					continue
754					;;
755				esac
756				if [ "$upass" != "$_passconfirm" ]; then
757					echo "Passwords did not match!"
758					continue
759				fi
760				break
761			done
762			;;
763		*)
764			# invalid answer; repeat loop
765			continue
766			;;
767		esac
768		break;
769	done
770	_disable=${disableflag:-"no"}
771	while : ; do
772		echo -n "Lock out the account after creation? [$_disable]: "
773		read _input
774		[ -z "$_input" ] && _input=$_disable
775		case $_input in
776		[Nn][Oo]|[Nn])
777			disableflag=
778			;;
779		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
780			disableflag=yes
781			;;
782		*)
783			# invalid answer; repeat loop
784			continue
785			;;
786		esac
787		break
788	done
789
790	# Display the information we have so far and prompt to
791	# commit it.
792	#
793	_disable=${disableflag:-"no"}
794	[ -z "$configflag" ] && printf "%-10s : %s\n" Username $username
795	case $passwdtype in
796	yes)
797		_pass='*****'
798		;;
799	no)
800		_pass='<disabled>'
801		;;
802	none)
803		_pass='<blank>'
804		;;
805	random)
806		_pass='<random>'
807		;;
808	esac
809	[ -z "$configflag" ] && printf "%-10s : %s\n" "Password" "$_pass"
810	[ -n "$configflag" ] && printf "%-10s : %s\n" "Pass Type" "$passwdtype"
811	[ -z "$configflag" ] && printf "%-10s : %s\n" "Full Name" "$ugecos"
812	[ -z "$configflag" ] && printf "%-10s : %s\n" "Uid" "$uuid"
813	printf "%-10s : %s\n" "Class" "$uclass"
814	printf "%-10s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups"
815	printf "%-10s : %s\n" "Home" "$uhome"
816	printf "%-10s : %s\n" "Home Mode" "$uhomeperm"
817	printf "%-10s : %s\n" "Shell" "$ushell"
818	printf "%-10s : %s\n" "Locked" "$_disable"
819	while : ; do
820		echo -n "OK? (yes/no): "
821		read _input
822		case $_input in
823		[Nn][Oo]|[Nn])
824			return 1
825			;;
826		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
827			add_user
828			;;
829		*)
830			continue
831			;;
832		esac
833		break
834	done
835	return 0
836}
837
838#### END SUBROUTINE DEFINITION ####
839
840THISCMD=`/usr/bin/basename $0`
841DEFAULTSHELL=/bin/sh
842ADDUSERCONF="${ADDUSERCONF:-/etc/adduser.conf}"
843PWCMD="${PWCMD:-/usr/sbin/pw}"
844MAILCMD="${MAILCMD:-mail}"
845ETCSHELLS="${ETCSHELLS:-/etc/shells}"
846NOHOME="/nonexistent"
847NOLOGIN="nologin"
848NOLOGIN_PATH="/usr/sbin/nologin"
849GREPCMD="/usr/bin/grep"
850DATECMD="/bin/date"
851
852# Set default values
853#
854username=
855uuid=
856uidstart=
857ugecos=
858ulogingroup=
859uclass=
860uhome=
861uhomeperm=
862upass=
863ushell=
864udotdir=/usr/share/skel
865ugroups=
866uexpire=
867upwexpire=
868shells="`valid_shells`"
869passwdtype="yes"
870msgfile=/etc/adduser.msg
871msgflag=
872quietflag=
873configflag=
874fflag=
875infile=
876disableflag=
877Dflag=
878Sflag=
879readconfig="yes"
880homeprefix="/home"
881randompass=
882fileline=
883savedpwtype=
884defaultclass=
885defaultLgroup=
886defaultgroups=
887defaultshell="${DEFAULTSHELL}"
888defaultHomePerm=
889
890# Make sure the user running this program is root. This isn't a security
891# measure as much as it is a useful method of reminding the user to
892# 'su -' before he/she wastes time entering data that won't be saved.
893#
894procowner=${procowner:-`/usr/bin/id -u`}
895if [ "$procowner" != "0" ]; then
896	err 'you must be the super-user (uid 0) to use this utility.'
897	exit 1
898fi
899
900# Override from our conf file
901# Quickly go through the commandline line to see if we should read
902# from our configuration file. The actual parsing of the commandline
903# arguments happens after we read in our configuration file (commandline
904# should override configuration file).
905#
906for _i in $* ; do
907	if [ "$_i" = "-N" ]; then
908		readconfig=
909		break;
910	fi
911done
912if [ -n "$readconfig" ]; then
913	# On a long-lived system, the first time this script is run it
914	# will barf upon reading the configuration file for its perl predecessor.
915	if ( . ${ADDUSERCONF} > /dev/null 2>&1 ); then
916		[ -r ${ADDUSERCONF} ] && . ${ADDUSERCONF} > /dev/null 2>&1
917	fi
918fi
919
920# Process command-line options
921#
922for _switch ; do
923	case $_switch in
924	-L)
925		defaultclass="$2"
926		shift; shift
927		;;
928	-C)
929		configflag=yes
930		shift
931		;;
932	-D)
933		Dflag=yes
934		shift
935		;;
936	-E)
937		disableflag=yes
938		shift
939		;;
940	-k)
941		udotdir="$2"
942		shift; shift
943		;;
944	-f)
945		[ "$2" != "-" ] && infile="$2"
946		fflag=yes
947		shift; shift
948		;;
949	-g)
950		defaultLgroup="$2"
951		shift; shift
952		;;
953	-G)
954		defaultgroups="$2"
955		shift; shift
956		;;
957	-h)
958		show_usage
959		exit 0
960		;;
961	-d)
962		homeprefix="$2"
963		shift; shift
964		;;
965	-m)
966		case "$2" in
967		[Nn][Oo])
968			msgflag=
969			;;
970		*)
971			msgflag=yes
972			msgfile="$2"
973			;;
974		esac
975		shift; shift
976		;;
977	-M)
978		defaultHomePerm=$2
979		shift; shift
980		;;
981	-N)
982		readconfig=
983		shift
984		;;
985	-w)
986		case "$2" in
987		no|none|random|yes)
988			passwdtype=$2
989			;;
990		*)
991			show_usage
992			exit 1
993			;;
994		esac
995		shift; shift
996		;;
997	-q)
998		quietflag=yes
999		shift
1000		;;
1001	-s)
1002		defaultshell="`fullpath_from_shell $2`"
1003		shift; shift
1004		;;
1005	-S)
1006		Sflag=yes
1007		shift
1008		;;
1009	-u)
1010		uidstart=$2
1011		shift; shift
1012		;;
1013	esac
1014done
1015
1016# If the -f switch was used, get input from a file. Otherwise,
1017# this is an interactive session.
1018#
1019if [ -n "$fflag" ]; then
1020	if [ -z "$infile" ]; then
1021		input_from_file
1022	elif [ -n "$infile" ]; then
1023		if [ -r "$infile" ]; then
1024			input_from_file < $infile
1025		else
1026			err "File ($infile) is unreadable or does not exist."
1027		fi
1028	fi
1029else
1030	input_interactive
1031	while : ; do
1032		if [ -z "$configflag" ]; then
1033			echo -n "Add another user? (yes/no): "
1034		else
1035			echo -n "Re-edit the default configuration? (yes/no): "
1036		fi
1037		read _input
1038		case $_input in
1039		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
1040			uidstart=`get_nextuid $uidstart`
1041			input_interactive
1042			continue
1043			;;
1044		[Nn][Oo]|[Nn])
1045			echo "Goodbye!"
1046			;;
1047		*)
1048			continue
1049			;;
1050		esac
1051		break
1052	done
1053fi
1054