2015-01-25 06:32:33 +03:00
|
|
|
// Copyright 2015 CoreOS, Inc.
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
2014-10-18 02:36:22 +04:00
|
|
|
|
2014-03-18 20:00:41 +04:00
|
|
|
package system
|
2014-03-13 21:56:59 +04:00
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"log"
|
|
|
|
"os/exec"
|
|
|
|
"strings"
|
|
|
|
|
2014-09-22 03:33:01 +04:00
|
|
|
"github.com/coreos/coreos-cloudinit/config"
|
|
|
|
)
|
2014-03-13 21:56:59 +04:00
|
|
|
|
2014-09-22 03:33:01 +04:00
|
|
|
func UserExists(u *config.User) bool {
|
2015-11-25 14:21:09 +03:00
|
|
|
return exec.Command("getent", "passwd", u.Name).Run() == nil
|
2014-03-13 21:56:59 +04:00
|
|
|
}
|
|
|
|
|
2014-09-22 03:33:01 +04:00
|
|
|
func CreateUser(u *config.User) error {
|
2014-03-13 21:56:59 +04:00
|
|
|
args := []string{}
|
|
|
|
|
|
|
|
if u.PasswordHash != "" {
|
|
|
|
args = append(args, "--password", u.PasswordHash)
|
2014-04-01 09:20:02 +04:00
|
|
|
} else {
|
|
|
|
args = append(args, "--password", "*")
|
2014-03-13 21:56:59 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if u.GECOS != "" {
|
|
|
|
args = append(args, "--comment", fmt.Sprintf("%q", u.GECOS))
|
|
|
|
}
|
|
|
|
|
|
|
|
if u.Homedir != "" {
|
|
|
|
args = append(args, "--home-dir", u.Homedir)
|
|
|
|
}
|
|
|
|
|
|
|
|
if u.NoCreateHome {
|
|
|
|
args = append(args, "--no-create-home")
|
|
|
|
} else {
|
|
|
|
args = append(args, "--create-home")
|
|
|
|
}
|
|
|
|
|
|
|
|
if u.PrimaryGroup != "" {
|
2014-05-08 01:06:51 +04:00
|
|
|
args = append(args, "--gid", u.PrimaryGroup)
|
2014-03-13 21:56:59 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if len(u.Groups) > 0 {
|
|
|
|
args = append(args, "--groups", strings.Join(u.Groups, ","))
|
|
|
|
}
|
|
|
|
|
|
|
|
if u.NoUserGroup {
|
|
|
|
args = append(args, "--no-user-group")
|
|
|
|
}
|
|
|
|
|
|
|
|
if u.System {
|
|
|
|
args = append(args, "--system")
|
|
|
|
}
|
|
|
|
|
|
|
|
if u.NoLogInit {
|
|
|
|
args = append(args, "--no-log-init")
|
|
|
|
}
|
|
|
|
|
2015-03-07 01:16:19 +03:00
|
|
|
if u.Shell != "" {
|
|
|
|
args = append(args, "--shell", u.Shell)
|
|
|
|
}
|
|
|
|
|
2014-03-13 21:56:59 +04:00
|
|
|
args = append(args, u.Name)
|
|
|
|
|
|
|
|
output, err := exec.Command("useradd", args...).CombinedOutput()
|
|
|
|
if err != nil {
|
|
|
|
log.Printf("Command 'useradd %s' failed: %v\n%s", strings.Join(args, " "), err, output)
|
2015-11-25 14:21:09 +03:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func IsLockedUser(u *config.User) bool {
|
|
|
|
output, err := exec.Command("getent", "shadow", u.Name).CombinedOutput()
|
|
|
|
if err == nil {
|
|
|
|
fields := strings.Split(string(output), ":")
|
|
|
|
if len(fields[1]) > 1 && fields[1][0] == '!' {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
func LockUnlockUser(u *config.User) error {
|
|
|
|
args := []string{}
|
|
|
|
|
|
|
|
if u.LockPasswd {
|
|
|
|
args = append(args, "-l")
|
|
|
|
} else {
|
|
|
|
if !IsLockedUser(u) {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
args = append(args, "-u")
|
|
|
|
}
|
|
|
|
|
|
|
|
args = append(args, u.Name)
|
|
|
|
|
|
|
|
output, err := exec.Command("passwd", args...).CombinedOutput()
|
|
|
|
if err != nil {
|
|
|
|
log.Printf("Command 'passwd %s' failed: %v\n%s", strings.Join(args, " "), err, output)
|
2014-03-13 21:56:59 +04:00
|
|
|
}
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
func SetUserPassword(user, hash string) error {
|
2015-11-25 14:21:09 +03:00
|
|
|
cmd := exec.Command("chpasswd", "-e")
|
2014-03-13 21:56:59 +04:00
|
|
|
|
|
|
|
stdin, err := cmd.StdinPipe()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
err = cmd.Start()
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
arg := fmt.Sprintf("%s:%s", user, hash)
|
|
|
|
_, err = stdin.Write([]byte(arg))
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
stdin.Close()
|
|
|
|
|
|
|
|
err = cmd.Wait()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
2015-11-25 14:21:09 +03:00
|
|
|
|
|
|
|
func UserHome(name string) (string, error) {
|
|
|
|
output, err := exec.Command("getent", "passwd", name).CombinedOutput()
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
passwd := strings.Split(string(output), ":")
|
|
|
|
return passwd[5], nil
|
|
|
|
}
|