xref: /freebsd/usr.sbin/adduser/adduser.sh (revision da5432eda807c4b7232d030d5157d5b417ea4f52)
1#!/bin/sh
2#
3# SPDX-License-Identifier: BSD-2-Clause
4#
5# Copyright (c) 2002-2004 Michael Telahun Makonnen. All rights reserved.
6#
7# Redistribution and use in source and binary forms, with or without
8# modification, are permitted provided that the following conditions
9# are met:
10# 1. Redistributions of source code must retain the above copyright
11#    notice, this list of conditions and the following disclaimer.
12# 2. Redistributions in binary form must reproduce the above copyright
13#    notice, this list of conditions and the following disclaimer in the
14#    documentation and/or other materials provided with the distribution.
15#
16# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26#
27#       Email: Mike Makonnen <mtm@FreeBSD.Org>
28#
29# $FreeBSD$
30#
31
32# err msg
33#	Display $msg on stderr, unless we're being quiet.
34#
35err() {
36	if [ -z "$quietflag" ]; then
37		echo 1>&2 ${THISCMD}: ERROR: $*
38	fi
39}
40
41# info msg
42#	Display $msg on stdout, unless we're being quiet.
43#
44info() {
45	if [ -z "$quietflag" ]; then
46		echo ${THISCMD}: INFO: $*
47	fi
48}
49
50# get_nextuid
51#	Output the value of $_uid if it is available for use. If it
52#	is not, output the value of the next higher uid that is available.
53#	If a uid is not specified, output the first available uid, as indicated
54#	by pw(8).
55#
56get_nextuid () {
57	_uid=$1
58	_nextuid=
59
60	if [ -z "$_uid" ]; then
61		_nextuid="`${PWCMD} usernext | cut -f1 -d:`"
62	else
63		while : ; do
64			${PWCMD} usershow $_uid > /dev/null 2>&1
65			if [ ! "$?" -eq 0 ]; then
66				_nextuid=$_uid
67				break
68			fi
69			_uid=$(($_uid + 1))
70		done
71	fi
72	echo $_nextuid
73}
74
75# show_usage
76#	Display usage information for this utility.
77#
78show_usage() {
79	echo "usage: ${THISCMD} [options]"
80	echo "  options may include:"
81	echo "  -C		save to the configuration file only"
82	echo "  -D		do not attempt to create the home directory"
83	echo "  -E		disable this account after creation"
84	echo "  -G		additional groups to add accounts to"
85	echo "  -L		login class of the user"
86	echo "  -M		file permission for home directory"
87	echo "  -N		do not read configuration file"
88	echo "  -S		a nonexistent shell is not an error"
89	echo "  -d		home directory"
90	echo "  -f		file from which input will be received"
91	echo "  -g		default login group"
92	echo "  -h		display this usage message"
93	echo "  -k		path to skeleton home directory"
94	echo "  -m		user welcome message file"
95	echo "  -q		absolute minimal user feedback"
96	echo "  -s		shell"
97	echo "  -u		uid to start at"
98	echo "  -w		password type: no, none, yes or random"
99}
100
101# valid_shells
102#	Outputs a list of valid shells from /etc/shells. Only the
103#	basename of the shell is output.
104#
105valid_shells() {
106	_prefix=
107	cat ${ETCSHELLS} |
108	while read _path _junk ; do
109		case $_path in
110		\#*|'')
111			;;
112		*)
113			echo -n "${_prefix}`basename $_path`"
114			_prefix=' '
115			;;
116		esac
117	done
118
119	# /usr/sbin/nologin is a special case
120	[ -x "${NOLOGIN_PATH}" ] && echo -n " ${NOLOGIN}"
121}
122
123# fullpath_from_shell shell
124#	Given $shell, which is either the full path to a shell or
125#	the basename component of a valid shell, get the
126#	full path to the shell from the /etc/shells file.
127#
128fullpath_from_shell() {
129	_shell=$1
130	[ -z "$_shell" ] && return 1
131
132	# /usr/sbin/nologin is a special case; it needs to be handled
133	# before the cat | while loop, since a 'return' from within
134	# a subshell will not terminate the function's execution, and
135	# the path to the nologin shell might be printed out twice.
136	#
137	if [ "$_shell" = "${NOLOGIN}" -o \
138	    "$_shell" = "${NOLOGIN_PATH}" ]; then
139		echo ${NOLOGIN_PATH}
140		return 0;
141	fi
142
143	cat ${ETCSHELLS} |
144	while read _path _junk ; do
145		case "$_path" in
146		\#*|'')
147			;;
148		*)
149			if [ "$_path" = "$_shell" -o \
150			    "`basename $_path`" = "$_shell" ]; then
151				echo $_path
152				return 0
153			fi
154			;;
155		esac
156	done
157
158	return 1
159}
160
161# shell_exists shell
162#	If the given shell is listed in ${ETCSHELLS} or it is
163#	the nologin shell this function will return 0.
164#	Otherwise, it will return 1. If shell is valid but
165#	the path is invalid or it is not executable it
166#	will emit an informational message saying so.
167#
168shell_exists() {
169	_sh="$1"
170	_shellchk="${GREPCMD} '^$_sh$' ${ETCSHELLS} > /dev/null 2>&1"
171
172	if ! eval $_shellchk; then
173		# The nologin shell is not listed in /etc/shells.
174		if [ "$_sh" != "${NOLOGIN_PATH}" ]; then
175			err "Invalid shell ($_sh) for user $username."
176			return 1
177		fi
178	fi
179	! [ -x "$_sh" ] &&
180	    info "The shell ($_sh) does not exist or is not executable."
181
182	return 0
183}
184
185# save_config
186#	Save some variables to a configuration file.
187#	Note: not all script variables are saved, only those that
188#	      it makes sense to save.
189#
190save_config() {
191	echo "# Configuration file for adduser(8)."     >  ${ADDUSERCONF}
192	echo "# NOTE: only *some* variables are saved." >> ${ADDUSERCONF}
193	echo "# Last Modified on `${DATECMD}`."		>> ${ADDUSERCONF}
194	echo ''				>> ${ADDUSERCONF}
195	echo "defaultHomePerm=$uhomeperm" >> ${ADDUSERCONF}
196	echo "defaultLgroup=$ulogingroup" >> ${ADDUSERCONF}
197	echo "defaultclass=$uclass"	>> ${ADDUSERCONF}
198	echo "defaultgroups=$ugroups"	>> ${ADDUSERCONF}
199	echo "passwdtype=$passwdtype" 	>> ${ADDUSERCONF}
200	echo "homeprefix=$homeprefix" 	>> ${ADDUSERCONF}
201	echo "defaultshell=$ushell"	>> ${ADDUSERCONF}
202	echo "udotdir=$udotdir"		>> ${ADDUSERCONF}
203	echo "msgfile=$msgfile"		>> ${ADDUSERCONF}
204	echo "disableflag=$disableflag" >> ${ADDUSERCONF}
205	echo "uidstart=$uidstart"       >> ${ADDUSERCONF}
206}
207
208# add_user
209#	Add a user to the user database. If the user chose to send a welcome
210#	message or lock the account, do so.
211#
212add_user() {
213
214	# Is this a configuration run? If so, don't modify user database.
215	#
216	if [ -n "$configflag" ]; then
217		save_config
218		return
219	fi
220
221	_uid=
222	_name=
223	_comment=
224	_gecos=
225	_home=
226	_group=
227	_grouplist=
228	_shell=
229	_class=
230	_dotdir=
231	_expire=
232	_pwexpire=
233	_passwd=
234	_upasswd=
235	_passwdmethod=
236
237	_name="-n '$username'"
238	[ -n "$uuid" ] && _uid='-u "$uuid"'
239	[ -n "$ulogingroup" ] && _group='-g "$ulogingroup"'
240	[ -n "$ugroups" ] && _grouplist='-G "$ugroups"'
241	[ -n "$ushell" ] && _shell='-s "$ushell"'
242	[ -n "$uclass" ] && _class='-L "$uclass"'
243	[ -n "$ugecos" ] && _comment='-c "$ugecos"'
244	[ -n "$udotdir" ] && _dotdir='-k "$udotdir"'
245	[ -n "$uexpire" ] && _expire='-e "$uexpire"'
246	[ -n "$upwexpire" ] && _pwexpire='-p "$upwexpire"'
247	if [ -z "$Dflag" -a -n "$uhome" ]; then
248		# The /nonexistent home directory is special. It
249		# means the user has no home directory.
250		if [ "$uhome" = "$NOHOME" ]; then
251			_home='-d "$uhome"'
252		else
253			# Use home directory permissions if specified
254			if [ -n "$uhomeperm" ]; then
255				_home='-m -d "$uhome" -M "$uhomeperm"'
256			else
257				_home='-m -d "$uhome"'
258			fi
259		fi
260	elif [ -n "$Dflag" -a -n "$uhome" ]; then
261		_home='-d "$uhome"'
262	fi
263	case $passwdtype in
264	no)
265		_passwdmethod="-w no"
266		_passwd="-h -"
267		;;
268	yes)
269		# Note on processing the password: The outer double quotes
270		# make literal everything except ` and \ and $.
271		# The outer single quotes make literal ` and $.
272		# We can ensure the \ isn't treated specially by specifying
273		# the -r switch to the read command used to obtain the input.
274		#
275		_passwdmethod="-w yes"
276		_passwd="-h 0"
277		_upasswd='echo "$upass" |'
278		;;
279	none)
280		_passwdmethod="-w none"
281		;;
282	random)
283		_passwdmethod="-w random"
284		;;
285	esac
286
287	_pwcmd="$_upasswd ${PWCMD} useradd $_uid $_name $_group $_grouplist $_comment"
288	_pwcmd="$_pwcmd $_shell $_class $_home $_dotdir $_passwdmethod $_passwd"
289	_pwcmd="$_pwcmd $_expire $_pwexpire"
290
291	if ! _output=`eval $_pwcmd` ; then
292		err "There was an error adding user ($username)."
293		return 1
294	else
295		info "Successfully added ($username) to the user database."
296		if [ "random" = "$passwdtype" ]; then
297			randompass="$_output"
298			info "Password for ($username) is: $randompass"
299		fi
300	fi
301
302	if [ -n "$disableflag" ]; then
303		if ${PWCMD} lock $username ; then
304			info "Account ($username) is locked."
305		else
306			info "Account ($username) could NOT be locked."
307		fi
308	fi
309
310	_line=
311	_owner=
312	_perms=
313	if [ -n "$msgflag" ]; then
314		[ -r "$msgfile" ] && {
315			# We're evaluating the contents of an external file.
316			# Let's not open ourselves up for attack. _perms will
317			# be empty if it's writeable only by the owner. _owner
318			# will *NOT* be empty if the file is owned by root.
319			#
320			_dir="`dirname $msgfile`"
321			_file="`basename $msgfile`"
322			_perms=`/usr/bin/find $_dir -name $_file -perm +07022 -prune`
323			_owner=`/usr/bin/find $_dir -name $_file -user 0 -prune`
324			if [ -z "$_owner" -o -n "$_perms" ]; then
325				err "The message file ($msgfile) may be writeable only by root."
326				return 1
327			fi
328			cat "$msgfile" |
329			while read _line ; do
330				eval echo "$_line"
331			done | ${MAILCMD} -s"Welcome" ${username}
332			info "Sent welcome message to ($username)."
333		}
334	fi
335}
336
337# get_user
338#	Reads username of the account from standard input or from a global
339#	variable containing an account line from a file. The username is
340#	required. If this is an interactive session it will prompt in
341#	a loop until a username is entered. If it is batch processing from
342#	a file it will output an error message and return to the caller.
343#
344get_user() {
345	_input=
346
347	# No need to take down user names if this is a configuration saving run.
348	[ -n "$configflag" ] && return
349
350	while : ; do
351		if [ -z "$fflag" ]; then
352			echo -n "Username: "
353			read _input
354		else
355			_input="`echo "$fileline" | cut -f1 -d:`"
356		fi
357
358		# There *must* be a username, and it must not exist. If
359		# this is an interactive session give the user an
360		# opportunity to retry.
361		#
362		if [ -z "$_input" ]; then
363			err "You must enter a username!"
364			[ -z "$fflag" ] && continue
365		fi
366		${PWCMD} usershow $_input > /dev/null 2>&1
367		if [ "$?" -eq 0 ]; then
368			err "User exists!"
369			[ -z "$fflag" ] && continue
370		fi
371		break
372	done
373	username="$_input"
374}
375
376# get_gecos
377#	Reads extra information about the user. Can be used both in interactive
378#	and batch (from file) mode.
379#
380get_gecos() {
381	_input=
382
383	# No need to take down additional user information for a configuration run.
384	[ -n "$configflag" ] && return
385
386	if [ -z "$fflag" ]; then
387		echo -n "Full name: "
388		read _input
389	else
390		_input="`echo "$fileline" | cut -f7 -d:`"
391	fi
392	ugecos="$_input"
393}
394
395# get_shell
396#	Get the account's shell. Works in interactive and batch mode. It
397#	accepts either the base name of the shell or the full path.
398#	If an invalid shell is entered it will simply use the default shell.
399#
400get_shell() {
401	_input=
402	_fullpath=
403	ushell="$defaultshell"
404
405	# Make sure the current value of the shell is a valid one
406	if [ -z "$Sflag" ]; then
407		if ! shell_exists $ushell ; then
408			info "Using default shell ${defaultshell}."
409			ushell="$defaultshell"
410		fi
411	fi
412
413	if [ -z "$fflag" ]; then
414		echo -n "Shell ($shells) [`basename $ushell`]: "
415		read _input
416	else
417		_input="`echo "$fileline" | cut -f9 -d:`"
418	fi
419	if [ -n "$_input" ]; then
420		if [ -n "$Sflag" ]; then
421			ushell="$_input"
422		else
423			_fullpath=`fullpath_from_shell $_input`
424			if [ -n "$_fullpath" ]; then
425				ushell="$_fullpath"
426			else
427				err "Invalid shell ($_input) for user $username."
428				info "Using default shell ${defaultshell}."
429				ushell="$defaultshell"
430			fi
431		fi
432	fi
433}
434
435# get_homedir
436#	Reads the account's home directory. Used both with interactive input
437#	and batch input.
438#
439get_homedir() {
440	_input=
441	if [ -z "$fflag" ]; then
442		echo -n "Home directory [${homeprefix}/${username}]: "
443		read _input
444	else
445		_input="`echo "$fileline" | cut -f8 -d:`"
446	fi
447
448	if [ -n "$_input" ]; then
449		uhome="$_input"
450		# if this is a configuration run, then user input is the home
451		# directory prefix. Otherwise it is understood to
452		# be $prefix/$user
453		#
454		[ -z "$configflag" ] && homeprefix="`dirname $uhome`" || homeprefix="$uhome"
455	else
456		uhome="${homeprefix}/${username}"
457	fi
458}
459
460# get_homeperm
461#	Reads the account's home directory permissions.
462#
463get_homeperm() {
464	uhomeperm=$defaultHomePerm
465	_input=
466	_prompt=
467
468	if [ -n "$uhomeperm" ]; then
469		_prompt="Home directory permissions [${uhomeperm}]: "
470	else
471		_prompt="Home directory permissions (Leave empty for default): "
472	fi
473	if [ -z "$fflag" ]; then
474		echo -n "$_prompt"
475		read _input
476	fi
477
478	if [ -n "$_input" ]; then
479		uhomeperm="$_input"
480	fi
481}
482
483# get_uid
484#	Reads a numeric userid in an interactive or batch session. Automatically
485#	allocates one if it is not specified.
486#
487get_uid() {
488	uuid=${uidstart}
489	_input=
490	_prompt=
491
492	if [ -n "$uuid" ]; then
493		uuid=`get_nextuid $uuid`
494		_prompt="Uid [$uuid]: "
495	else
496		_prompt="Uid (Leave empty for default): "
497	fi
498	if [ -z "$fflag" ]; then
499		echo -n "$_prompt"
500		read _input
501	else
502		_input="`echo "$fileline" | cut -f2 -d:`"
503	fi
504
505	[ -n "$_input" ] && uuid=$_input
506	uuid=`get_nextuid $uuid`
507	uidstart=$uuid
508}
509
510# get_class
511#	Reads login class of account. Can be used in interactive or batch mode.
512#
513get_class() {
514	uclass="$defaultclass"
515	_input=
516	_class=${uclass:-"default"}
517
518	if [ -z "$fflag" ]; then
519		echo -n "Login class [$_class]: "
520		read _input
521	else
522		_input="`echo "$fileline" | cut -f4 -d:`"
523	fi
524
525	[ -n "$_input" ] && uclass="$_input"
526}
527
528# get_logingroup
529#	Reads user's login group. Can be used in both interactive and batch
530#	modes. The specified value can be a group name or its numeric id.
531#	This routine leaves the field blank if nothing is provided and
532#	a default login group has not been set. The pw(8) command
533#	will then provide a login group with the same name as the username.
534#
535get_logingroup() {
536	ulogingroup="$defaultLgroup"
537	_input=
538
539	if [ -z "$fflag" ]; then
540		echo -n "Login group [${ulogingroup:-$username}]: "
541		read _input
542	else
543		_input="`echo "$fileline" | cut -f3 -d:`"
544	fi
545
546	# Pw(8) will use the username as login group if it's left empty
547	[ -n "$_input" ] && ulogingroup="$_input"
548}
549
550# get_groups
551#	Read additional groups for the user. It can be used in both interactive
552#	and batch modes.
553#
554get_groups() {
555	ugroups="$defaultgroups"
556	_input=
557	_group=${ulogingroup:-"${username}"}
558
559	if [ -z "$configflag" ]; then
560		[ -z "$fflag" ] && echo -n "Login group is $_group. Invite $username"
561		[ -z "$fflag" ] && echo -n " into other groups? [$ugroups]: "
562	else
563		[ -z "$fflag" ] && echo -n "Enter additional groups [$ugroups]: "
564	fi
565	read _input
566
567	[ -n "$_input" ] && ugroups="$_input"
568}
569
570# get_expire_dates
571#	Read expiry information for the account and also for the password. This
572#	routine is used only from batch processing mode.
573#
574get_expire_dates() {
575	upwexpire="`echo "$fileline" | cut -f5 -d:`"
576	uexpire="`echo "$fileline" | cut -f6 -d:`"
577}
578
579# get_password
580#	Read the password in batch processing mode. The password field matters
581#	only when the password type is "yes" or "random". If the field is empty and the
582#	password type is "yes", then it assumes the account has an empty passsword
583#	and changes the password type accordingly. If the password type is "random"
584#	and the password field is NOT empty, then it assumes the account will NOT
585#	have a random password and set passwdtype to "yes."
586#
587get_password() {
588	# We may temporarily change a password type. Make sure it's changed
589	# back to whatever it was before we process the next account.
590	#
591	[ -n "$savedpwtype" ] && {
592		passwdtype=$savedpwtype
593		savedpwtype=
594	}
595
596	# There may be a ':' in the password
597	upass=${fileline#*:*:*:*:*:*:*:*:*:}
598
599	if [ -z "$upass" ]; then
600		case $passwdtype in
601		yes)
602			# if it's empty, assume an empty password
603			passwdtype=none
604			savedpwtype=yes
605			;;
606		esac
607	else
608		case $passwdtype in
609		random)
610			passwdtype=yes
611			savedpwtype=random
612			;;
613		esac
614	fi
615}
616
617# input_from_file
618#	Reads a line of account information from standard input and
619#	adds it to the user database.
620#
621input_from_file() {
622	_field=
623
624	while read -r fileline ; do
625		case "$fileline" in
626		\#*|'')
627			;;
628		*)
629			get_user || continue
630			get_gecos
631			get_uid
632			get_logingroup
633			get_class
634			get_shell
635			get_homedir
636			get_homeperm
637			get_password
638			get_expire_dates
639			ugroups="$defaultgroups"
640
641			add_user
642			;;
643		esac
644	done
645}
646
647# input_interactive
648#	Prompts for user information interactively, and commits to
649#	the user database.
650#
651input_interactive() {
652	_disable=
653	_pass=
654	_passconfirm=
655	_random="no"
656	_emptypass="no"
657	_usepass="yes"
658	_logingroup_ok="no"
659	_groups_ok="no"
660	_all_ok="yes"
661	_another_user="no"
662	case $passwdtype in
663	none)
664		_emptypass="yes"
665		_usepass="yes"
666		;;
667	no)
668		_usepass="no"
669		;;
670	random)
671		_random="yes"
672		;;
673	esac
674
675	get_user
676	get_gecos
677	get_uid
678
679	# The case where group = user is handled elsewhere, so
680	# validate any other groups the user is invited to.
681	until [ "$_logingroup_ok" = yes ]; do
682		get_logingroup
683		_logingroup_ok=yes
684		if [ -n "$ulogingroup" -a "$username" != "$ulogingroup" ]; then
685			if ! ${PWCMD} show group $ulogingroup > /dev/null 2>&1; then
686				echo "Group $ulogingroup does not exist!"
687				_logingroup_ok=no
688			fi
689		fi
690	done
691	until [ "$_groups_ok" = yes ]; do
692		get_groups
693		_groups_ok=yes
694		for i in $ugroups; do
695			if [ "$username" != "$i" ]; then
696				if ! ${PWCMD} show group $i > /dev/null 2>&1; then
697					echo "Group $i does not exist!"
698					_groups_ok=no
699				fi
700			fi
701		done
702	done
703
704	get_class
705	get_shell
706	get_homedir
707	get_homeperm
708
709	while : ; do
710		echo -n "Use password-based authentication? [$_usepass]: "
711		read _input
712		[ -z "$_input" ] && _input=$_usepass
713		case $_input in
714		[Nn][Oo]|[Nn])
715			passwdtype="no"
716			;;
717		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
718			while : ; do
719				echo -n "Use an empty password? (yes/no) [$_emptypass]: "
720				read _input
721				[ -n "$_input" ] && _emptypass=$_input
722				case $_emptypass in
723				[Nn][Oo]|[Nn])
724					echo -n "Use a random password? (yes/no) [$_random]: "
725					read _input
726					[ -n "$_input" ] && _random="$_input"
727					case $_random in
728					[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
729						passwdtype="random"
730						break
731						;;
732					esac
733					passwdtype="yes"
734					[ -n "$configflag" ] && break
735					trap 'stty echo; exit' 0 1 2 3 15
736					stty -echo
737					echo -n "Enter password: "
738					IFS= read -r upass
739					echo''
740					echo -n "Enter password again: "
741					IFS= read -r _passconfirm
742					echo ''
743					stty echo
744					# if user entered a blank password
745					# explicitly ask again.
746					[ -z "$upass" -a -z "$_passconfirm" ] \
747					    && continue
748					;;
749				[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
750					passwdtype="none"
751					break;
752					;;
753				*)
754					# invalid answer; repeat the loop
755					continue
756					;;
757				esac
758				if [ "$upass" != "$_passconfirm" ]; then
759					echo "Passwords did not match!"
760					continue
761				fi
762				break
763			done
764			;;
765		*)
766			# invalid answer; repeat loop
767			continue
768			;;
769		esac
770		break;
771	done
772	_disable=${disableflag:-"no"}
773	while : ; do
774		echo -n "Lock out the account after creation? [$_disable]: "
775		read _input
776		[ -z "$_input" ] && _input=$_disable
777		case $_input in
778		[Nn][Oo]|[Nn])
779			disableflag=
780			;;
781		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
782			disableflag=yes
783			;;
784		*)
785			# invalid answer; repeat loop
786			continue
787			;;
788		esac
789		break
790	done
791
792	# Display the information we have so far and prompt to
793	# commit it.
794	#
795	_disable=${disableflag:-"no"}
796	[ -z "$configflag" ] && printf "%-10s : %s\n" Username $username
797	case $passwdtype in
798	yes)
799		_pass='*****'
800		;;
801	no)
802		_pass='<disabled>'
803		;;
804	none)
805		_pass='<blank>'
806		;;
807	random)
808		_pass='<random>'
809		;;
810	esac
811	[ -z "$configflag" ] && printf "%-10s : %s\n" "Password" "$_pass"
812	[ -n "$configflag" ] && printf "%-10s : %s\n" "Pass Type" "$passwdtype"
813	[ -z "$configflag" ] && printf "%-10s : %s\n" "Full Name" "$ugecos"
814	[ -z "$configflag" ] && printf "%-10s : %s\n" "Uid" "$uuid"
815	printf "%-10s : %s\n" "Class" "$uclass"
816	printf "%-10s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups"
817	printf "%-10s : %s\n" "Home" "$uhome"
818	printf "%-10s : %s\n" "Home Mode" "$uhomeperm"
819	printf "%-10s : %s\n" "Shell" "$ushell"
820	printf "%-10s : %s\n" "Locked" "$_disable"
821	while : ; do
822		echo -n "OK? (yes/no) [$_all_ok]: "
823		read _input
824		if [ -z "$_input" ]; then
825			_input=$_all_ok
826		fi
827		case $_input in
828		[Nn][Oo]|[Nn])
829			return 1
830			;;
831		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
832			add_user
833			;;
834		*)
835			continue
836			;;
837		esac
838		break
839	done
840	return 0
841}
842
843#### END SUBROUTINE DEFINITION ####
844
845THISCMD=`/usr/bin/basename $0`
846DEFAULTSHELL=/bin/sh
847ADDUSERCONF="${ADDUSERCONF:-/etc/adduser.conf}"
848PWCMD="${PWCMD:-/usr/sbin/pw}"
849MAILCMD="${MAILCMD:-mail}"
850ETCSHELLS="${ETCSHELLS:-/etc/shells}"
851NOHOME="/nonexistent"
852NOLOGIN="nologin"
853NOLOGIN_PATH="/usr/sbin/nologin"
854GREPCMD="/usr/bin/grep"
855DATECMD="/bin/date"
856
857# Set default values
858#
859username=
860uuid=
861uidstart=
862ugecos=
863ulogingroup=
864uclass=
865uhome=
866uhomeperm=
867upass=
868ushell=
869udotdir=/usr/share/skel
870ugroups=
871uexpire=
872upwexpire=
873shells="`valid_shells`"
874passwdtype="yes"
875msgfile=/etc/adduser.msg
876msgflag=
877quietflag=
878configflag=
879fflag=
880infile=
881disableflag=
882Dflag=
883Sflag=
884readconfig="yes"
885homeprefix="/home"
886randompass=
887fileline=
888savedpwtype=
889defaultclass=
890defaultLgroup=
891defaultgroups=
892defaultshell="${DEFAULTSHELL}"
893defaultHomePerm=
894
895# Make sure the user running this program is root. This isn't a security
896# measure as much as it is a useful method of reminding the user to
897# 'su -' before he/she wastes time entering data that won't be saved.
898#
899procowner=${procowner:-`/usr/bin/id -u`}
900if [ "$procowner" != "0" ]; then
901	err 'you must be the super-user (uid 0) to use this utility.'
902	exit 1
903fi
904
905# Override from our conf file
906# Quickly go through the commandline line to see if we should read
907# from our configuration file. The actual parsing of the commandline
908# arguments happens after we read in our configuration file (commandline
909# should override configuration file).
910#
911for _i in $* ; do
912	if [ "$_i" = "-N" ]; then
913		readconfig=
914		break;
915	fi
916done
917if [ -n "$readconfig" ]; then
918	# On a long-lived system, the first time this script is run it
919	# will barf upon reading the configuration file for its perl predecessor.
920	if ( . ${ADDUSERCONF} > /dev/null 2>&1 ); then
921		[ -r ${ADDUSERCONF} ] && . ${ADDUSERCONF} > /dev/null 2>&1
922	fi
923fi
924
925# Process command-line options
926#
927for _switch ; do
928	case $_switch in
929	-L)
930		defaultclass="$2"
931		shift; shift
932		;;
933	-C)
934		configflag=yes
935		shift
936		;;
937	-D)
938		Dflag=yes
939		shift
940		;;
941	-E)
942		disableflag=yes
943		shift
944		;;
945	-k)
946		udotdir="$2"
947		shift; shift
948		;;
949	-f)
950		[ "$2" != "-" ] && infile="$2"
951		fflag=yes
952		shift; shift
953		;;
954	-g)
955		defaultLgroup="$2"
956		shift; shift
957		;;
958	-G)
959		defaultgroups="$2"
960		shift; shift
961		;;
962	-h)
963		show_usage
964		exit 0
965		;;
966	-d)
967		homeprefix="$2"
968		shift; shift
969		;;
970	-m)
971		case "$2" in
972		[Nn][Oo])
973			msgflag=
974			;;
975		*)
976			msgflag=yes
977			msgfile="$2"
978			;;
979		esac
980		shift; shift
981		;;
982	-M)
983		defaultHomePerm=$2
984		shift; shift
985		;;
986	-N)
987		readconfig=
988		shift
989		;;
990	-w)
991		case "$2" in
992		no|none|random|yes)
993			passwdtype=$2
994			;;
995		*)
996			show_usage
997			exit 1
998			;;
999		esac
1000		shift; shift
1001		;;
1002	-q)
1003		quietflag=yes
1004		shift
1005		;;
1006	-s)
1007		defaultshell="`fullpath_from_shell $2`"
1008		shift; shift
1009		;;
1010	-S)
1011		Sflag=yes
1012		shift
1013		;;
1014	-u)
1015		uidstart=$2
1016		shift; shift
1017		;;
1018	esac
1019done
1020
1021# If the -f switch was used, get input from a file. Otherwise,
1022# this is an interactive session.
1023#
1024if [ -n "$fflag" ]; then
1025	if [ -z "$infile" ]; then
1026		input_from_file
1027	elif [ -n "$infile" ]; then
1028		if [ -r "$infile" ]; then
1029			input_from_file < $infile
1030		else
1031			err "File ($infile) is unreadable or does not exist."
1032		fi
1033	fi
1034else
1035	input_interactive
1036	while : ; do
1037		if [ -z "$configflag" ]; then
1038			echo -n "Add another user? (yes/no) [$_another_user]: "
1039		else
1040			echo -n "Re-edit the default configuration? (yes/no) [$_another_user]: "
1041		fi
1042		read _input
1043		if [ -z "$_input" ]; then
1044			_input=$_another_user
1045		fi
1046		case $_input in
1047		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
1048			uidstart=`get_nextuid $uidstart`
1049			input_interactive
1050			continue
1051			;;
1052		[Nn][Oo]|[Nn])
1053			echo "Goodbye!"
1054			;;
1055		*)
1056			continue
1057			;;
1058		esac
1059		break
1060	done
1061fi
1062