2020-01-12 13:46:28 +03:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2019-2020, Jesse Buhagiar <jooster669@gmail.com>
|
2021-05-29 15:24:41 +03:00
|
|
|
* Copyright (c) 2021, Brandon Pruitt <brapru@pm.me>
|
2020-01-12 13:46:28 +03:00
|
|
|
*
|
2021-04-22 11:24:48 +03:00
|
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
2020-01-12 13:46:28 +03:00
|
|
|
*/
|
2021-05-15 02:27:09 +03:00
|
|
|
|
2021-05-29 15:24:41 +03:00
|
|
|
#include <AK/Base64.h>
|
|
|
|
|
#include <AK/Random.h>
|
2020-01-12 13:46:28 +03:00
|
|
|
#include <AK/String.h>
|
2020-02-06 17:04:03 +03:00
|
|
|
#include <LibCore/ArgsParser.h>
|
2021-05-29 15:24:41 +03:00
|
|
|
#include <crypt.h>
|
2020-01-12 13:46:28 +03:00
|
|
|
#include <ctype.h>
|
2021-05-14 17:32:57 +03:00
|
|
|
#include <errno.h>
|
2020-01-12 13:46:28 +03:00
|
|
|
#include <pwd.h>
|
2021-05-29 15:24:41 +03:00
|
|
|
#include <shadow.h>
|
2020-01-12 13:46:28 +03:00
|
|
|
#include <stdio.h>
|
2020-09-27 13:23:52 +03:00
|
|
|
#include <string.h>
|
2020-01-12 13:46:28 +03:00
|
|
|
#include <sys/stat.h>
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
|
|
|
|
|
constexpr uid_t BASE_UID = 1000;
|
|
|
|
|
constexpr gid_t USERS_GID = 100;
|
2021-05-29 15:18:11 +03:00
|
|
|
constexpr const char* DEFAULT_SHELL = "/bin/sh";
|
2020-01-12 13:46:28 +03:00
|
|
|
|
|
|
|
|
int main(int argc, char** argv)
|
|
|
|
|
{
|
2021-01-12 09:37:40 +03:00
|
|
|
if (pledge("stdio wpath rpath cpath chown", nullptr) < 0) {
|
|
|
|
|
perror("pledge");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-12 13:46:28 +03:00
|
|
|
const char* home_path = nullptr;
|
|
|
|
|
int uid = 0;
|
|
|
|
|
int gid = USERS_GID;
|
|
|
|
|
bool create_home_dir = false;
|
2020-12-21 11:14:44 +03:00
|
|
|
const char* password = "";
|
2020-01-12 13:46:28 +03:00
|
|
|
const char* shell = DEFAULT_SHELL;
|
|
|
|
|
const char* gecos = "";
|
|
|
|
|
const char* username = nullptr;
|
|
|
|
|
|
2020-02-02 14:34:39 +03:00
|
|
|
Core::ArgsParser args_parser;
|
2020-01-12 13:46:28 +03:00
|
|
|
args_parser.add_option(home_path, "Home directory for the new user", "home-dir", 'd', "path");
|
|
|
|
|
args_parser.add_option(uid, "User ID (uid) for the new user", "uid", 'u', "uid");
|
|
|
|
|
args_parser.add_option(gid, "Group ID (gid) for the new user", "gid", 'g', "gid");
|
2020-12-21 11:14:44 +03:00
|
|
|
args_parser.add_option(password, "Encrypted password of the new user", "password", 'p', "password");
|
2020-01-12 13:46:28 +03:00
|
|
|
args_parser.add_option(create_home_dir, "Create home directory if it does not exist", "create-home", 'm');
|
|
|
|
|
args_parser.add_option(shell, "Path to the default shell binary for the new user", "shell", 's', "path-to-shell");
|
|
|
|
|
args_parser.add_option(gecos, "GECOS name of the new user", "gecos", 'n', "general-info");
|
|
|
|
|
args_parser.add_positional_argument(username, "Login user identity (username)", "login");
|
|
|
|
|
|
|
|
|
|
args_parser.parse(argc, argv);
|
|
|
|
|
|
|
|
|
|
// Let's run a quick sanity check on username
|
|
|
|
|
if (strpbrk(username, "\\/!@#$%^&*()~+=`:\n")) {
|
2021-05-31 17:43:25 +03:00
|
|
|
warnln("invalid character in username, {}", username);
|
2020-01-12 13:46:28 +03:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Disallow names starting with _ and -
|
|
|
|
|
if (username[0] == '_' || username[0] == '-' || !isalpha(username[0])) {
|
2021-05-31 17:43:25 +03:00
|
|
|
warnln("invalid username, {}", username);
|
2020-01-12 13:46:28 +03:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-09 04:35:50 +03:00
|
|
|
if (getpwnam(username)) {
|
|
|
|
|
warnln("user {} already exists!", username);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-12 13:46:28 +03:00
|
|
|
if (uid < 0) {
|
2021-05-31 17:43:25 +03:00
|
|
|
warnln("invalid uid {}!", uid);
|
2020-01-12 13:46:28 +03:00
|
|
|
return 3;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// First, let's sort out the uid for the user
|
|
|
|
|
if (uid > 0) {
|
|
|
|
|
if (getpwuid(static_cast<uid_t>(uid))) {
|
2021-05-31 17:43:25 +03:00
|
|
|
warnln("uid {} already exists!", uid);
|
2020-01-12 13:46:28 +03:00
|
|
|
return 4;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
for (uid = BASE_UID; getpwuid(static_cast<uid_t>(uid)); uid++) {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (gid < 0) {
|
2021-05-31 17:43:25 +03:00
|
|
|
warnln("invalid gid {}", gid);
|
2020-01-12 13:46:28 +03:00
|
|
|
return 3;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
FILE* pwfile = fopen("/etc/passwd", "a");
|
|
|
|
|
if (!pwfile) {
|
|
|
|
|
perror("failed to open /etc/passwd");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-29 15:24:41 +03:00
|
|
|
FILE* spwdfile = fopen("/etc/shadow", "a");
|
|
|
|
|
if (!spwdfile) {
|
|
|
|
|
perror("failed to open /etc/shadow");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-12 13:46:28 +03:00
|
|
|
String home;
|
|
|
|
|
if (!home_path)
|
2021-04-21 23:49:27 +03:00
|
|
|
home = String::formatted("/home/{}", username);
|
2020-01-12 13:46:28 +03:00
|
|
|
else
|
|
|
|
|
home = home_path;
|
|
|
|
|
|
|
|
|
|
if (create_home_dir) {
|
|
|
|
|
if (mkdir(home.characters(), 0700) < 0) {
|
2021-04-21 23:49:27 +03:00
|
|
|
auto saved_errno = errno;
|
|
|
|
|
warnln("Failed to create directory {}: {}", home, strerror(saved_errno));
|
2020-01-12 13:46:28 +03:00
|
|
|
return 12;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (chown(home.characters(), static_cast<uid_t>(uid), static_cast<gid_t>(gid)) < 0) {
|
2021-04-21 23:49:27 +03:00
|
|
|
warnln("Failed to change owner of {} to {}:{}: {}", home, uid, gid, strerror(errno));
|
2020-01-12 13:46:28 +03:00
|
|
|
|
|
|
|
|
if (rmdir(home.characters()) < 0) {
|
2021-04-21 23:49:27 +03:00
|
|
|
warnln("Failed to remove directory {}: {}", home, strerror(errno));
|
2020-01-12 13:46:28 +03:00
|
|
|
return 12;
|
|
|
|
|
}
|
|
|
|
|
return 12;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-29 15:24:41 +03:00
|
|
|
auto get_salt = []() {
|
|
|
|
|
char random_data[12];
|
|
|
|
|
fill_with_random(random_data, sizeof(random_data));
|
|
|
|
|
|
|
|
|
|
StringBuilder builder;
|
|
|
|
|
builder.append("$5$");
|
|
|
|
|
builder.append(encode_base64(ReadonlyBytes(random_data, sizeof(random_data))));
|
|
|
|
|
|
|
|
|
|
return builder.build();
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
char* hash = crypt(password, get_salt().characters());
|
|
|
|
|
|
2020-01-12 13:46:28 +03:00
|
|
|
struct passwd p;
|
|
|
|
|
p.pw_name = const_cast<char*>(username);
|
2021-05-29 15:24:41 +03:00
|
|
|
p.pw_passwd = const_cast<char*>("!");
|
2020-01-12 13:46:28 +03:00
|
|
|
p.pw_dir = const_cast<char*>(home.characters());
|
|
|
|
|
p.pw_uid = static_cast<uid_t>(uid);
|
|
|
|
|
p.pw_gid = static_cast<gid_t>(gid);
|
|
|
|
|
p.pw_shell = const_cast<char*>(shell);
|
|
|
|
|
p.pw_gecos = const_cast<char*>(gecos);
|
|
|
|
|
|
2021-05-29 15:24:41 +03:00
|
|
|
struct spwd s;
|
|
|
|
|
s.sp_namp = const_cast<char*>(username);
|
|
|
|
|
s.sp_pwdp = const_cast<char*>(hash);
|
|
|
|
|
s.sp_lstchg = 18727;
|
|
|
|
|
s.sp_min = 0;
|
|
|
|
|
s.sp_max = 99999;
|
|
|
|
|
s.sp_warn = -1;
|
|
|
|
|
s.sp_inact = -1;
|
|
|
|
|
s.sp_expire = -1;
|
|
|
|
|
s.sp_flag = -1;
|
|
|
|
|
|
2020-01-12 13:46:28 +03:00
|
|
|
if (putpwent(&p, pwfile) < 0) {
|
|
|
|
|
perror("putpwent");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-29 15:24:41 +03:00
|
|
|
if (putspent(&s, spwdfile) < 0) {
|
|
|
|
|
perror("putspent");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-12 13:46:28 +03:00
|
|
|
fclose(pwfile);
|
2021-05-29 15:24:41 +03:00
|
|
|
fclose(spwdfile);
|
2020-01-12 13:46:28 +03:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
