xref: /freebsd/usr.sbin/adduser/adduser.sh (revision fed1ca4b719c56c930f2259d80663cd34be812bb)
1#!/bin/sh
2#
3# Copyright (c) 2002-2004 Michael Telahun Makonnen. All rights reserved.
4#
5# Redistribution and use in source and binary forms, with or without
6# modification, are permitted provided that the following conditions
7# are met:
8# 1. Redistributions of source code must retain the above copyright
9#    notice, this list of conditions and the following disclaimer.
10# 2. Redistributions in binary form must reproduce the above copyright
11#    notice, this list of conditions and the following disclaimer in the
12#    documentation and/or other materials provided with the distribution.
13#
14# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24#
25#       Email: Mike Makonnen <mtm@FreeBSD.Org>
26#
27# $FreeBSD$
28#
29
30# err msg
31#	Display $msg on stderr, unless we're being quiet.
32#
33err() {
34	if [ -z "$quietflag" ]; then
35		echo 1>&2 ${THISCMD}: ERROR: $*
36	fi
37}
38
39# info msg
40#	Display $msg on stdout, unless we're being quiet.
41#
42info() {
43	if [ -z "$quietflag" ]; then
44		echo ${THISCMD}: INFO: $*
45	fi
46}
47
48# get_nextuid
49#	Output the value of $_uid if it is available for use. If it
50#	is not, output the value of the next higher uid that is available.
51#	If a uid is not specified, output the first available uid, as indicated
52#	by pw(8).
53#
54get_nextuid () {
55	_uid=$1
56	_nextuid=
57
58	if [ -z "$_uid" ]; then
59		_nextuid="`${PWCMD} usernext | cut -f1 -d:`"
60	else
61		while : ; do
62			${PWCMD} usershow $_uid > /dev/null 2>&1
63			if [ ! "$?" -eq 0 ]; then
64				_nextuid=$_uid
65				break
66			fi
67			_uid=$(($_uid + 1))
68		done
69	fi
70	echo $_nextuid
71}
72
73# show_usage
74#	Display usage information for this utility.
75#
76show_usage() {
77	echo "usage: ${THISCMD} [options]"
78	echo "  options may include:"
79	echo "  -C		save to the configuration file only"
80	echo "  -D		do not attempt to create the home directory"
81	echo "  -E		disable this account after creation"
82	echo "  -G		additional groups to add accounts to"
83	echo "  -L		login class of the user"
84	echo "  -M		file permission for home directory"
85	echo "  -N		do not read configuration file"
86	echo "  -S		a nonexistent shell is not an error"
87	echo "  -d		home directory"
88	echo "  -f		file from which input will be received"
89	echo "  -g		default login group"
90	echo "  -h		display this usage message"
91	echo "  -k		path to skeleton home directory"
92	echo "  -m		user welcome message file"
93	echo "  -q		absolute minimal user feedback"
94	echo "  -s		shell"
95	echo "  -u		uid to start at"
96	echo "  -w		password type: no, none, yes or random"
97}
98
99# valid_shells
100#	Outputs a list of valid shells from /etc/shells. Only the
101#	basename of the shell is output.
102#
103valid_shells() {
104	_prefix=
105	cat ${ETCSHELLS} |
106	while read _path _junk ; do
107		case $_path in
108		\#*|'')
109			;;
110		*)
111			echo -n "${_prefix}`basename $_path`"
112			_prefix=' '
113			;;
114		esac
115	done
116
117	# /usr/sbin/nologin is a special case
118	[ -x "${NOLOGIN_PATH}" ] && echo -n " ${NOLOGIN}"
119}
120
121# fullpath_from_shell shell
122#	Given $shell, which is either the full path to a shell or
123#	the basename component of a valid shell, get the
124#	full path to the shell from the /etc/shells file.
125#
126fullpath_from_shell() {
127	_shell=$1
128	[ -z "$_shell" ] && return 1
129
130	# /usr/sbin/nologin is a special case; it needs to be handled
131	# before the cat | while loop, since a 'return' from within
132	# a subshell will not terminate the function's execution, and
133	# the path to the nologin shell might be printed out twice.
134	#
135	if [ "$_shell" = "${NOLOGIN}" -o \
136	    "$_shell" = "${NOLOGIN_PATH}" ]; then
137		echo ${NOLOGIN_PATH}
138		return 0;
139	fi
140
141	cat ${ETCSHELLS} |
142	while read _path _junk ; do
143		case "$_path" in
144		\#*|'')
145			;;
146		*)
147			if [ "$_path" = "$_shell" -o \
148			    "`basename $_path`" = "$_shell" ]; then
149				echo $_path
150				return 0
151			fi
152			;;
153		esac
154	done
155
156	return 1
157}
158
159# shell_exists shell
160#	If the given shell is listed in ${ETCSHELLS} or it is
161#	the nologin shell this function will return 0.
162#	Otherwise, it will return 1. If shell is valid but
163#	the path is invalid or it is not executable it
164#	will emit an informational message saying so.
165#
166shell_exists() {
167	_sh="$1"
168	_shellchk="${GREPCMD} '^$_sh$' ${ETCSHELLS} > /dev/null 2>&1"
169
170	if ! eval $_shellchk; then
171		# The nologin shell is not listed in /etc/shells.
172		if [ "$_sh" != "${NOLOGIN_PATH}" ]; then
173			err "Invalid shell ($_sh) for user $username."
174			return 1
175		fi
176	fi
177	! [ -x "$_sh" ] &&
178	    info "The shell ($_sh) does not exist or is not executable."
179
180	return 0
181}
182
183# save_config
184#	Save some variables to a configuration file.
185#	Note: not all script variables are saved, only those that
186#	      it makes sense to save.
187#
188save_config() {
189	echo "# Configuration file for adduser(8)."     >  ${ADDUSERCONF}
190	echo "# NOTE: only *some* variables are saved." >> ${ADDUSERCONF}
191	echo "# Last Modified on `${DATECMD}`."		>> ${ADDUSERCONF}
192	echo ''				>> ${ADDUSERCONF}
193	echo "defaultHomePerm=$uhomeperm" >> ${ADDUSERCONF}
194	echo "defaultLgroup=$ulogingroup" >> ${ADDUSERCONF}
195	echo "defaultclass=$uclass"	>> ${ADDUSERCONF}
196	echo "defaultgroups=$ugroups"	>> ${ADDUSERCONF}
197	echo "passwdtype=$passwdtype" 	>> ${ADDUSERCONF}
198	echo "homeprefix=$homeprefix" 	>> ${ADDUSERCONF}
199	echo "defaultshell=$ushell"	>> ${ADDUSERCONF}
200	echo "udotdir=$udotdir"		>> ${ADDUSERCONF}
201	echo "msgfile=$msgfile"		>> ${ADDUSERCONF}
202	echo "disableflag=$disableflag" >> ${ADDUSERCONF}
203	echo "uidstart=$uidstart"       >> ${ADDUSERCONF}
204}
205
206# add_user
207#	Add a user to the user database. If the user chose to send a welcome
208#	message or lock the account, do so.
209#
210add_user() {
211
212	# Is this a configuration run? If so, don't modify user database.
213	#
214	if [ -n "$configflag" ]; then
215		save_config
216		return
217	fi
218
219	_uid=
220	_name=
221	_comment=
222	_gecos=
223	_home=
224	_group=
225	_grouplist=
226	_shell=
227	_class=
228	_dotdir=
229	_expire=
230	_pwexpire=
231	_passwd=
232	_upasswd=
233	_passwdmethod=
234
235	_name="-n '$username'"
236	[ -n "$uuid" ] && _uid='-u "$uuid"'
237	[ -n "$ulogingroup" ] && _group='-g "$ulogingroup"'
238	[ -n "$ugroups" ] && _grouplist='-G "$ugroups"'
239	[ -n "$ushell" ] && _shell='-s "$ushell"'
240	[ -n "$uclass" ] && _class='-L "$uclass"'
241	[ -n "$ugecos" ] && _comment='-c "$ugecos"'
242	[ -n "$udotdir" ] && _dotdir='-k "$udotdir"'
243	[ -n "$uexpire" ] && _expire='-e "$uexpire"'
244	[ -n "$upwexpire" ] && _pwexpire='-p "$upwexpire"'
245	if [ -z "$Dflag" -a -n "$uhome" ]; then
246		# The /nonexistent home directory is special. It
247		# means the user has no home directory.
248		if [ "$uhome" = "$NOHOME" ]; then
249			_home='-d "$uhome"'
250		else
251			# Use home directory permissions if specified
252			if [ -n "$uhomeperm" ]; then
253				_home='-m -d "$uhome" -M "$uhomeperm"'
254			else
255				_home='-m -d "$uhome"'
256			fi
257		fi
258	elif [ -n "$Dflag" -a -n "$uhome" ]; then
259		_home='-d "$uhome"'
260	fi
261	case $passwdtype in
262	no)
263		_passwdmethod="-w no"
264		_passwd="-h -"
265		;;
266	yes)
267		# Note on processing the password: The outer double quotes
268		# make literal everything except ` and \ and $.
269		# The outer single quotes make literal ` and $.
270		# We can ensure the \ isn't treated specially by specifying
271		# the -r switch to the read command used to obtain the input.
272		#
273		_passwdmethod="-w yes"
274		_passwd="-h 0"
275		_upasswd='echo "$upass" |'
276		;;
277	none)
278		_passwdmethod="-w none"
279		;;
280	random)
281		_passwdmethod="-w random"
282		;;
283	esac
284
285	_pwcmd="$_upasswd ${PWCMD} useradd $_uid $_name $_group $_grouplist $_comment"
286	_pwcmd="$_pwcmd $_shell $_class $_home $_dotdir $_passwdmethod $_passwd"
287	_pwcmd="$_pwcmd $_expire $_pwexpire"
288
289	if ! _output=`eval $_pwcmd` ; then
290		err "There was an error adding user ($username)."
291		return 1
292	else
293		info "Successfully added ($username) to the user database."
294		if [ "random" = "$passwdtype" ]; then
295			randompass="$_output"
296			info "Password for ($username) is: $randompass"
297		fi
298	fi
299
300	if [ -n "$disableflag" ]; then
301		if ${PWCMD} lock $username ; then
302			info "Account ($username) is locked."
303		else
304			info "Account ($username) could NOT be locked."
305		fi
306	fi
307
308	_line=
309	_owner=
310	_perms=
311	if [ -n "$msgflag" ]; then
312		[ -r "$msgfile" ] && {
313			# We're evaluating the contents of an external file.
314			# Let's not open ourselves up for attack. _perms will
315			# be empty if it's writeable only by the owner. _owner
316			# will *NOT* be empty if the file is owned by root.
317			#
318			_dir="`dirname $msgfile`"
319			_file="`basename $msgfile`"
320			_perms=`/usr/bin/find $_dir -name $_file -perm +07022 -prune`
321			_owner=`/usr/bin/find $_dir -name $_file -user 0 -prune`
322			if [ -z "$_owner" -o -n "$_perms" ]; then
323				err "The message file ($msgfile) may be writeable only by root."
324				return 1
325			fi
326			cat "$msgfile" |
327			while read _line ; do
328				eval echo "$_line"
329			done | ${MAILCMD} -s"Welcome" ${username}
330			info "Sent welcome message to ($username)."
331		}
332	fi
333}
334
335# get_user
336#	Reads username of the account from standard input or from a global
337#	variable containing an account line from a file. The username is
338#	required. If this is an interactive session it will prompt in
339#	a loop until a username is entered. If it is batch processing from
340#	a file it will output an error message and return to the caller.
341#
342get_user() {
343	_input=
344
345	# No need to take down user names if this is a configuration saving run.
346	[ -n "$configflag" ] && return
347
348	while : ; do
349		if [ -z "$fflag" ]; then
350			echo -n "Username: "
351			read _input
352		else
353			_input="`echo "$fileline" | cut -f1 -d:`"
354		fi
355
356		# There *must* be a username, and it must not exist. If
357		# this is an interactive session give the user an
358		# opportunity to retry.
359		#
360		if [ -z "$_input" ]; then
361			err "You must enter a username!"
362			[ -z "$fflag" ] && continue
363		fi
364		${PWCMD} usershow $_input > /dev/null 2>&1
365		if [ "$?" -eq 0 ]; then
366			err "User exists!"
367			[ -z "$fflag" ] && continue
368		fi
369		break
370	done
371	username="$_input"
372}
373
374# get_gecos
375#	Reads extra information about the user. Can be used both in interactive
376#	and batch (from file) mode.
377#
378get_gecos() {
379	_input=
380
381	# No need to take down additional user information for a configuration run.
382	[ -n "$configflag" ] && return
383
384	if [ -z "$fflag" ]; then
385		echo -n "Full name: "
386		read _input
387	else
388		_input="`echo "$fileline" | cut -f7 -d:`"
389	fi
390	ugecos="$_input"
391}
392
393# get_shell
394#	Get the account's shell. Works in interactive and batch mode. It
395#	accepts either the base name of the shell or the full path.
396#	If an invalid shell is entered it will simply use the default shell.
397#
398get_shell() {
399	_input=
400	_fullpath=
401	ushell="$defaultshell"
402
403	# Make sure the current value of the shell is a valid one
404	if [ -z "$Sflag" ]; then
405		if ! shell_exists $ushell ; then
406			info "Using default shell ${defaultshell}."
407			ushell="$defaultshell"
408		fi
409	fi
410
411	if [ -z "$fflag" ]; then
412		echo -n "Shell ($shells) [`basename $ushell`]: "
413		read _input
414	else
415		_input="`echo "$fileline" | cut -f9 -d:`"
416	fi
417	if [ -n "$_input" ]; then
418		if [ -n "$Sflag" ]; then
419			ushell="$_input"
420		else
421			_fullpath=`fullpath_from_shell $_input`
422			if [ -n "$_fullpath" ]; then
423				ushell="$_fullpath"
424			else
425				err "Invalid shell ($_input) for user $username."
426				info "Using default shell ${defaultshell}."
427				ushell="$defaultshell"
428			fi
429		fi
430	fi
431}
432
433# get_homedir
434#	Reads the account's home directory. Used both with interactive input
435#	and batch input.
436#
437get_homedir() {
438	_input=
439	if [ -z "$fflag" ]; then
440		echo -n "Home directory [${homeprefix}/${username}]: "
441		read _input
442	else
443		_input="`echo "$fileline" | cut -f8 -d:`"
444	fi
445
446	if [ -n "$_input" ]; then
447		uhome="$_input"
448		# if this is a configuration run, then user input is the home
449		# directory prefix. Otherwise it is understood to
450		# be $prefix/$user
451		#
452		[ -z "$configflag" ] && homeprefix="`dirname $uhome`" || homeprefix="$uhome"
453	else
454		uhome="${homeprefix}/${username}"
455	fi
456}
457
458# get_homeperm
459#	Reads the account's home directory permissions.
460#
461get_homeperm() {
462	uhomeperm=$defaultHomePerm
463	_input=
464	_prompt=
465
466	if [ -n "$uhomeperm" ]; then
467		_prompt="Home directory permissions [${uhomeperm}]: "
468	else
469		_prompt="Home directory permissions (Leave empty for default): "
470	fi
471	if [ -z "$fflag" ]; then
472		echo -n "$_prompt"
473		read _input
474	fi
475
476	if [ -n "$_input" ]; then
477		uhomeperm="$_input"
478	fi
479}
480
481# get_uid
482#	Reads a numeric userid in an interactive or batch session. Automatically
483#	allocates one if it is not specified.
484#
485get_uid() {
486	uuid=${uidstart}
487	_input=
488	_prompt=
489
490	if [ -n "$uuid" ]; then
491		uuid=`get_nextuid $uuid`
492		_prompt="Uid [$uuid]: "
493	else
494		_prompt="Uid (Leave empty for default): "
495	fi
496	if [ -z "$fflag" ]; then
497		echo -n "$_prompt"
498		read _input
499	else
500		_input="`echo "$fileline" | cut -f2 -d:`"
501	fi
502
503	[ -n "$_input" ] && uuid=$_input
504	uuid=`get_nextuid $uuid`
505	uidstart=$uuid
506}
507
508# get_class
509#	Reads login class of account. Can be used in interactive or batch mode.
510#
511get_class() {
512	uclass="$defaultclass"
513	_input=
514	_class=${uclass:-"default"}
515
516	if [ -z "$fflag" ]; then
517		echo -n "Login class [$_class]: "
518		read _input
519	else
520		_input="`echo "$fileline" | cut -f4 -d:`"
521	fi
522
523	[ -n "$_input" ] && uclass="$_input"
524}
525
526# get_logingroup
527#	Reads user's login group. Can be used in both interactive and batch
528#	modes. The specified value can be a group name or its numeric id.
529#	This routine leaves the field blank if nothing is provided and
530#	a default login group has not been set. The pw(8) command
531#	will then provide a login group with the same name as the username.
532#
533get_logingroup() {
534	ulogingroup="$defaultLgroup"
535	_input=
536
537	if [ -z "$fflag" ]; then
538		echo -n "Login group [${ulogingroup:-$username}]: "
539		read _input
540	else
541		_input="`echo "$fileline" | cut -f3 -d:`"
542	fi
543
544	# Pw(8) will use the username as login group if it's left empty
545	[ -n "$_input" ] && ulogingroup="$_input"
546}
547
548# get_groups
549#	Read additional groups for the user. It can be used in both interactive
550#	and batch modes.
551#
552get_groups() {
553	ugroups="$defaultgroups"
554	_input=
555	_group=${ulogingroup:-"${username}"}
556
557	if [ -z "$configflag" ]; then
558		[ -z "$fflag" ] && echo -n "Login group is $_group. Invite $username"
559		[ -z "$fflag" ] && echo -n " into other groups? [$ugroups]: "
560	else
561		[ -z "$fflag" ] && echo -n "Enter additional groups [$ugroups]: "
562	fi
563	read _input
564
565	[ -n "$_input" ] && ugroups="$_input"
566}
567
568# get_expire_dates
569#	Read expiry information for the account and also for the password. This
570#	routine is used only from batch processing mode.
571#
572get_expire_dates() {
573	upwexpire="`echo "$fileline" | cut -f5 -d:`"
574	uexpire="`echo "$fileline" | cut -f6 -d:`"
575}
576
577# get_password
578#	Read the password in batch processing mode. The password field matters
579#	only when the password type is "yes" or "random". If the field is empty and the
580#	password type is "yes", then it assumes the account has an empty passsword
581#	and changes the password type accordingly. If the password type is "random"
582#	and the password field is NOT empty, then it assumes the account will NOT
583#	have a random password and set passwdtype to "yes."
584#
585get_password() {
586	# We may temporarily change a password type. Make sure it's changed
587	# back to whatever it was before we process the next account.
588	#
589	[ -n "$savedpwtype" ] && {
590		passwdtype=$savedpwtype
591		savedpwtype=
592	}
593
594	# There may be a ':' in the password
595	upass=${fileline#*:*:*:*:*:*:*:*:*:}
596
597	if [ -z "$upass" ]; then
598		case $passwdtype in
599		yes)
600			# if it's empty, assume an empty password
601			passwdtype=none
602			savedpwtype=yes
603			;;
604		esac
605	else
606		case $passwdtype in
607		random)
608			passwdtype=yes
609			savedpwtype=random
610			;;
611		esac
612	fi
613}
614
615# input_from_file
616#	Reads a line of account information from standard input and
617#	adds it to the user database.
618#
619input_from_file() {
620	_field=
621
622	while read -r fileline ; do
623		case "$fileline" in
624		\#*|'')
625			;;
626		*)
627			get_user || continue
628			get_gecos
629			get_uid
630			get_logingroup
631			get_class
632			get_shell
633			get_homedir
634			get_homeperm
635			get_password
636			get_expire_dates
637			ugroups="$defaultgroups"
638
639			add_user
640			;;
641		esac
642	done
643}
644
645# input_interactive
646#	Prompts for user information interactively, and commits to
647#	the user database.
648#
649input_interactive() {
650	_disable=
651	_pass=
652	_passconfirm=
653	_random="no"
654	_emptypass="no"
655	_usepass="yes"
656	_logingroup_ok="no"
657	_groups_ok="no"
658	case $passwdtype in
659	none)
660		_emptypass="yes"
661		_usepass="yes"
662		;;
663	no)
664		_usepass="no"
665		;;
666	random)
667		_random="yes"
668		;;
669	esac
670
671	get_user
672	get_gecos
673	get_uid
674
675	# The case where group = user is handled elsewhere, so
676	# validate any other groups the user is invited to.
677	until [ "$_logingroup_ok" = yes ]; do
678		get_logingroup
679		_logingroup_ok=yes
680		if [ -n "$ulogingroup" -a "$username" != "$ulogingroup" ]; then
681			if ! ${PWCMD} show group $ulogingroup > /dev/null 2>&1; then
682				echo "Group $ulogingroup does not exist!"
683				_logingroup_ok=no
684			fi
685		fi
686	done
687	until [ "$_groups_ok" = yes ]; do
688		get_groups
689		_groups_ok=yes
690		for i in $ugroups; do
691			if [ "$username" != "$i" ]; then
692				if ! ${PWCMD} show group $i > /dev/null 2>&1; then
693					echo "Group $i does not exist!"
694					_groups_ok=no
695				fi
696			fi
697		done
698	done
699
700	get_class
701	get_shell
702	get_homedir
703	get_homeperm
704
705	while : ; do
706		echo -n "Use password-based authentication? [$_usepass]: "
707		read _input
708		[ -z "$_input" ] && _input=$_usepass
709		case $_input in
710		[Nn][Oo]|[Nn])
711			passwdtype="no"
712			;;
713		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
714			while : ; do
715				echo -n "Use an empty password? (yes/no) [$_emptypass]: "
716				read _input
717				[ -n "$_input" ] && _emptypass=$_input
718				case $_emptypass in
719				[Nn][Oo]|[Nn])
720					echo -n "Use a random password? (yes/no) [$_random]: "
721					read _input
722					[ -n "$_input" ] && _random="$_input"
723					case $_random in
724					[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
725						passwdtype="random"
726						break
727						;;
728					esac
729					passwdtype="yes"
730					[ -n "$configflag" ] && break
731					trap 'stty echo; exit' 0 1 2 3 15
732					stty -echo
733					echo -n "Enter password: "
734					read -r upass
735					echo''
736					echo -n "Enter password again: "
737					read -r _passconfirm
738					echo ''
739					stty echo
740					# if user entered a blank password
741					# explicitly ask again.
742					[ -z "$upass" -a -z "$_passconfirm" ] \
743					    && continue
744					;;
745				[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
746					passwdtype="none"
747					break;
748					;;
749				*)
750					# invalid answer; repeat the loop
751					continue
752					;;
753				esac
754				if [ "$upass" != "$_passconfirm" ]; then
755					echo "Passwords did not match!"
756					continue
757				fi
758				break
759			done
760			;;
761		*)
762			# invalid answer; repeat loop
763			continue
764			;;
765		esac
766		break;
767	done
768	_disable=${disableflag:-"no"}
769	while : ; do
770		echo -n "Lock out the account after creation? [$_disable]: "
771		read _input
772		[ -z "$_input" ] && _input=$_disable
773		case $_input in
774		[Nn][Oo]|[Nn])
775			disableflag=
776			;;
777		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
778			disableflag=yes
779			;;
780		*)
781			# invalid answer; repeat loop
782			continue
783			;;
784		esac
785		break
786	done
787
788	# Display the information we have so far and prompt to
789	# commit it.
790	#
791	_disable=${disableflag:-"no"}
792	[ -z "$configflag" ] && printf "%-10s : %s\n" Username $username
793	case $passwdtype in
794	yes)
795		_pass='*****'
796		;;
797	no)
798		_pass='<disabled>'
799		;;
800	none)
801		_pass='<blank>'
802		;;
803	random)
804		_pass='<random>'
805		;;
806	esac
807	[ -z "$configflag" ] && printf "%-10s : %s\n" "Password" "$_pass"
808	[ -n "$configflag" ] && printf "%-10s : %s\n" "Pass Type" "$passwdtype"
809	[ -z "$configflag" ] && printf "%-10s : %s\n" "Full Name" "$ugecos"
810	[ -z "$configflag" ] && printf "%-10s : %s\n" "Uid" "$uuid"
811	printf "%-10s : %s\n" "Class" "$uclass"
812	printf "%-10s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups"
813	printf "%-10s : %s\n" "Home" "$uhome"
814	printf "%-10s : %s\n" "Home Mode" "$uhomeperm"
815	printf "%-10s : %s\n" "Shell" "$ushell"
816	printf "%-10s : %s\n" "Locked" "$_disable"
817	while : ; do
818		echo -n "OK? (yes/no): "
819		read _input
820		case $_input in
821		[Nn][Oo]|[Nn])
822			return 1
823			;;
824		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
825			add_user
826			;;
827		*)
828			continue
829			;;
830		esac
831		break
832	done
833	return 0
834}
835
836#### END SUBROUTINE DEFINITION ####
837
838THISCMD=`/usr/bin/basename $0`
839DEFAULTSHELL=/bin/sh
840ADDUSERCONF="${ADDUSERCONF:-/etc/adduser.conf}"
841PWCMD="${PWCMD:-/usr/sbin/pw}"
842MAILCMD="${MAILCMD:-mail}"
843ETCSHELLS="${ETCSHELLS:-/etc/shells}"
844NOHOME="/nonexistent"
845NOLOGIN="nologin"
846NOLOGIN_PATH="/usr/sbin/nologin"
847GREPCMD="/usr/bin/grep"
848DATECMD="/bin/date"
849
850# Set default values
851#
852username=
853uuid=
854uidstart=
855ugecos=
856ulogingroup=
857uclass=
858uhome=
859uhomeperm=
860upass=
861ushell=
862udotdir=/usr/share/skel
863ugroups=
864uexpire=
865upwexpire=
866shells="`valid_shells`"
867passwdtype="yes"
868msgfile=/etc/adduser.msg
869msgflag=
870quietflag=
871configflag=
872fflag=
873infile=
874disableflag=
875Dflag=
876Sflag=
877readconfig="yes"
878homeprefix="/home"
879randompass=
880fileline=
881savedpwtype=
882defaultclass=
883defaultLgroup=
884defaultgroups=
885defaultshell="${DEFAULTSHELL}"
886defaultHomePerm=
887
888# Make sure the user running this program is root. This isn't a security
889# measure as much as it is a useful method of reminding the user to
890# 'su -' before he/she wastes time entering data that won't be saved.
891#
892procowner=${procowner:-`/usr/bin/id -u`}
893if [ "$procowner" != "0" ]; then
894	err 'you must be the super-user (uid 0) to use this utility.'
895	exit 1
896fi
897
898# Override from our conf file
899# Quickly go through the commandline line to see if we should read
900# from our configuration file. The actual parsing of the commandline
901# arguments happens after we read in our configuration file (commandline
902# should override configuration file).
903#
904for _i in $* ; do
905	if [ "$_i" = "-N" ]; then
906		readconfig=
907		break;
908	fi
909done
910if [ -n "$readconfig" ]; then
911	# On a long-lived system, the first time this script is run it
912	# will barf upon reading the configuration file for its perl predecessor.
913	if ( . ${ADDUSERCONF} > /dev/null 2>&1 ); then
914		[ -r ${ADDUSERCONF} ] && . ${ADDUSERCONF} > /dev/null 2>&1
915	fi
916fi
917
918# Process command-line options
919#
920for _switch ; do
921	case $_switch in
922	-L)
923		defaultclass="$2"
924		shift; shift
925		;;
926	-C)
927		configflag=yes
928		shift
929		;;
930	-D)
931		Dflag=yes
932		shift
933		;;
934	-E)
935		disableflag=yes
936		shift
937		;;
938	-k)
939		udotdir="$2"
940		shift; shift
941		;;
942	-f)
943		[ "$2" != "-" ] && infile="$2"
944		fflag=yes
945		shift; shift
946		;;
947	-g)
948		defaultLgroup="$2"
949		shift; shift
950		;;
951	-G)
952		defaultgroups="$2"
953		shift; shift
954		;;
955	-h)
956		show_usage
957		exit 0
958		;;
959	-d)
960		homeprefix="$2"
961		shift; shift
962		;;
963	-m)
964		case "$2" in
965		[Nn][Oo])
966			msgflag=
967			;;
968		*)
969			msgflag=yes
970			msgfile="$2"
971			;;
972		esac
973		shift; shift
974		;;
975	-M)
976		defaultHomePerm=$2
977		shift; shift
978		;;
979	-N)
980		readconfig=
981		shift
982		;;
983	-w)
984		case "$2" in
985		no|none|random|yes)
986			passwdtype=$2
987			;;
988		*)
989			show_usage
990			exit 1
991			;;
992		esac
993		shift; shift
994		;;
995	-q)
996		quietflag=yes
997		shift
998		;;
999	-s)
1000		defaultshell="`fullpath_from_shell $2`"
1001		shift; shift
1002		;;
1003	-S)
1004		Sflag=yes
1005		shift
1006		;;
1007	-u)
1008		uidstart=$2
1009		shift; shift
1010		;;
1011	esac
1012done
1013
1014# If the -f switch was used, get input from a file. Otherwise,
1015# this is an interactive session.
1016#
1017if [ -n "$fflag" ]; then
1018	if [ -z "$infile" ]; then
1019		input_from_file
1020	elif [ -n "$infile" ]; then
1021		if [ -r "$infile" ]; then
1022			input_from_file < $infile
1023		else
1024			err "File ($infile) is unreadable or does not exist."
1025		fi
1026	fi
1027else
1028	input_interactive
1029	while : ; do
1030		if [ -z "$configflag" ]; then
1031			echo -n "Add another user? (yes/no): "
1032		else
1033			echo -n "Re-edit the default configuration? (yes/no): "
1034		fi
1035		read _input
1036		case $_input in
1037		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
1038			uidstart=`get_nextuid $uidstart`
1039			input_interactive
1040			continue
1041			;;
1042		[Nn][Oo]|[Nn])
1043			echo "Goodbye!"
1044			;;
1045		*)
1046			continue
1047			;;
1048		esac
1049		break
1050	done
1051fi
1052