Newer
Older
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
# Adds an user to the system
# License
# =======
#
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
ADD_USERNAME=$1
if [[ $(is_valid_user "$ADD_USERNAME") == '0' ]]; then
echo $'Invalid username'
exit 50
fi
password_param=
if [[ "$2" == "password="* ]]; then
SSH_PUBLIC_KEY=
password_param=$(echo "$2" | awk -F '=' '{print $2}')
fi
GPG_KEYSERVER='hkp://keys.gnupg.net'
SSH_PORT=2222
echo $"The user $ADD_USERNAME already exists"
# shellcheck disable=SC2126
no_of_users=$(find /home/ -maxdepth 1 -type d | grep -Fxv "/home/znc" | grep -Fxv "/home/turtl" | grep -Fxv "/home/go" | grep -Fxv "/home/gogs" | grep -Fxv "/home/git" | grep -Fxv "/home/pihole" | grep -Fxv "/home/" | grep -Fxv "/home/tahoelafs" | grep -Fxv "/home/sync" | wc -l)
# shellcheck disable=SC2086
echo $"Maximum number of users reached"
exit 4
fi
MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
if [ ! "$password_param" ]; then
NEW_USER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
else
NEW_USER_PASSWORD="$password_param"
fi
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash "$ADD_USERNAME"
adduser "$ADD_USERNAME" sasl
groupadd "$ADD_USERNAME"
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
mkdir "/home/$ADD_USERNAME/.ssh"
cp "$SSH_PUBLIC_KEY" "/home/$ADD_USERNAME/.ssh/authorized_keys"
chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh"
echo $'ssh public key installed'
else
mkdir "/home/$ADD_USERNAME/.ssh"
echo "$SSH_PUBLIC_KEY" > "/home/$ADD_USERNAME/.ssh/authorized_keys"
chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh"
echo $'ssh public key installed'
else
echo $'The second parameter does not look like an ssh key'
exit 5
fi
fi
if [ -d "/home/$ADD_USERNAME/Maildir" ]; then
if grep -q "set from=" "/home/$ADD_USERNAME/.muttrc"; then
sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" "/home/$ADD_USERNAME/.muttrc"
echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> "/home/$ADD_USERNAME/.muttrc"
sed -i "s|\$USER@|$ADD_USERNAME@|g" "/home/$ADD_USERNAME/.procmailrc"
echo "Making a GPG key for $ADD_USERNAME@$HOSTNAME"
if [[ "$GPG_KEYSERVER" != 'hkps://hkps.pool.sks-keyservers.net' ]]; then
{ echo "keyserver $GPG_KEYSERVER";
echo 'keyserver hkps://hkps.pool.sks-keyservers.net'; } >> "/home/$ADD_USERNAME/.gnupg/gpg.conf"
else
echo 'keyserver hkps://hkps.pool.sks-keyservers.net' >> "/home/$ADD_USERNAME/.gnupg/gpg.conf"
fi
{ echo 'keyserver-options auto-key-retrieve';
echo '';
echo '# default preferences';
echo 'personal-digest-preferences SHA256';
echo 'cert-digest-algo SHA256';
echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed'; } >> "/home/$ADD_USERNAME/.gnupg/gpg.conf"
chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
chmod 700 "/home/$ADD_USERNAME/.gnupg"
{ echo 'Key-Type: eddsa';
echo 'Key-Curve: Ed25519';
echo 'Subkey-Type: eddsa';
echo "Name-Real: $ADD_USERNAME";
echo "Name-Email: $ADD_USERNAME@$HOSTNAME";
echo 'Expire-Date: 0';
echo "Passphrase: $NEW_USER_PASSWORD"; } > "/home/$ADD_USERNAME/gpg-genkey.conf"
chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/gpg-genkey.conf"
su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - "$ADD_USERNAME"
chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME")
MY_GPG_PUBLIC_KEY="/home/$ADD_USERNAME/public_key.gpg"
su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - "$ADD_USERNAME"
echo "GPG public key was not generated for $ADD_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
if ! grep -q "pgp_encrypt_only_command" "/home/$ADD_USERNAME/.muttrc"; then
{ echo '';
echo $'# Encrypt items in the Sent folder';
echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\""; } >> "/home/$ADD_USERNAME/.muttrc"
sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc"
if ! grep -q "pgp_encrypt_sign_command" "/home/$ADD_USERNAME/.muttrc"; then
echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> "/home/$ADD_USERNAME/.muttrc"
sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc"
echo $'Detecting installed apps...'
detect_apps
get_apps_installed_names
# shellcheck disable=SC2068
for app_name in ${APPS_INSTALLED_NAMES[@]}
retval=$("add_user_${app_name}" "$ADD_USERNAME" "$NEW_USER_PASSWORD")
retval_last_value=$(echo "$retval" | tail -n 1)
if [[ $retval_last_value != '0' ]]; then
echo $"Failed with error code ${retval_last_value}"
if ! grep -q "${app_name}_${ADD_USERNAME}" "$APP_USERS_FILE"; then
echo "${app_name}_${ADD_USERNAME}" >> "$APP_USERS_FILE"
Bob Mottram
committed
fi
if [ -f /etc/nginx/.htpasswd ]; then
echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd "$ADD_USERNAME"
echo 'export PS1="\W \$"' >> "/home/$ADD_USERNAME/.bashrc"
# fix some gpg strangeness when searching for keys
printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > "/home/$ADD_USERNAME/.gnupg/S.dirmngr"
if [ -d "/home/$ADD_USERNAME/.gnupg/crls.d" ]; then
chmod +x "/home/$ADD_USERNAME/.gnupg/crls.d"
fi
"${PROJECT_NAME}-pass" -u "$ADD_USERNAME" -a login -p "$NEW_USER_PASSWORD"
echo "Updating web admin for $ADD_USERNAME"
web_admin_create_users
# create qrcode for the user's public key
local_hostname=$(grep 'host-name' /etc/avahi/avahi-daemon.conf | awk -F '=' '{print $2}').local
webadmin_install_dir="/var/www/${local_hostname}/htdocs/admin"
if [ -d "$webadmin_install_dir" ]; then
#pubkey_qrcode="$webadmin_install_dir/images/userprofile_${ADD_USERNAME}.png"
#su -c "gpg --armor --export \"$MY_GPG_PUBLIC_KEY_ID\"" - "$ADD_USERNAME" | qrencode -t PNG -o "$pubkey_qrcode"
xmpp_qrcode="$webadmin_install_dir/images/userprofile_${ADD_USERNAME}_xmpp.png"
if [ ! -f /usr/local/bin/myqr ]; then
echo -n "${ADD_USERNAME}@${HOSTNAME}" | qrencode -t PNG -o "$xmpp_qrcode"
else
myqr "${ADD_USERNAME}@${HOSTNAME}" -p /root/freedombone/img/android-app/xmpp.png -c -v 8 -n "$xmpp_qrcode"
${PROJECT_NAME}-notification -m $"A new user was added: $ADD_USERNAME $(date)" -s $"[${PROJECT_NAME}] New user added"
echo $"New user $ADD_USERNAME was created"
echo $"They can download their GPG keys with:"
echo " scp -P $SSH_PORT -r $ADD_USERNAME@$HOSTNAME:/home/$ADD_USERNAME/.gnupg ~/"
echo $"They should also run ${PROJECT_NAME}-client on their system to ensure"