free
/
freedombone
關注 1
收藏 0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
2143 提交
5 分支
目錄樹: 1713d292d1
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
from '1713d292d1'
${ noResults }
freedombone/src/freedombone-adduser

freedombone-adduser 8.3KB
歷史記錄 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187 
  1. #!/bin/bash

  2. MY_USERNAME=$1

  3. SSH_PUBLIC_KEY="$2"

  4. GPG_KEYSERVER='hkp://keys.gnupg.net'

  5. SSH_PORT=2222

  6. COMPLETION_FILE=$HOME/freedombone-completed.txt

  7. 

  8. if [ ! $MY_USERNAME ]; then

  9.     echo 'No username was given'

  10.     exit 1

  11. fi

  12. 

  13. if [ -d /home/$MY_USERNAME ]; then

  14.     echo "The user $MY_USERNAME already exists"

  15.     exit 2

  16. fi

  17. 

  18. if [ ! -f $COMPLETION_FILE ]; then

  19.     echo "$COMPLETION_FILE not found"

  20.     userdel -r $MY_USERNAME

  21.     exit 3

  22. fi

  23. 

  24. NEW_USER_PASSWORD="$(openssl rand -base64 10 | cut -c1-8)"

  25. useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $MY_USERNAME

  26. adduser $MY_USERNAME sasl

  27. 

  28. if [ ! -d /home/$MY_USERNAME ]; then

  29.     echo 'Home directory was not created'

  30.     exit 4

  31. fi

  32. 

  33. if [ "$SSH_PUBLIC_KEY" ]; then

  34.     if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then

  35.         if [ -f $SSH_PUBLIC_KEY ]; then

  36.             mkdir /home/$MY_USERNAME/.ssh

  37.             cp $SSH_PUBLIC_KEY /home/$MY_USERNAME/.ssh/authorized_keys

  38.             echo 'ssh public key installed'

  39.         else

  40.             if [[ $SSH_PUBLIC_KEY == "ssh-"* ]]; then

  41.                 mkdir /home/$MY_USERNAME/.ssh

  42.                 echo $SSH_PUBLIC_KEY > /home/$MY_USERNAME/.ssh/authorized_keys

  43.                 echo 'ssh public key installed'

  44.             else

  45.                 echo 'The second parameter does not look like an ssh key'

  46.                 exit 5

  47.             fi

  48.         fi

  49.     fi

  50. fi

  51. 

  52. if [ ! -d /home/$MY_USERNAME/Maildir ]; then

  53.     echo 'Email directory was not created'

  54.     userdel -r $MY_USERNAME

  55.     exit 6

  56. fi

  57. 

  58. if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then

  59.     sed -i "s|set from=.*|set from='$MY_USERNAME <$MY_USERNAME@$HOSTNAME>'|g" /home/$MY_USERNAME/.muttrc

  60. else

  61.     echo "set from='$MY_USERNAME <$MY_USERNAME@$HOSTNAME>'" >> /home/$MY_USERNAME/.muttrc

  62. fi

  63. 

  64. USERN='$USER@'

  65. sed -i "s|$USERN|$MY_USERNAME@|g" /home/$MY_USERNAME/.procmailrc

  66. 

  67. # generate a gpg key

  68. echo "Making a GPG key for $MY_USERNAME@$HOSTNAME"

  69. mkdir /home/$MY_USERNAME/.gnupg

  70. echo "keyserver $GPG_KEYSERVER" >> /home/$MY_USERNAME/.gnupg/gpg.conf

  71. echo 'keyserver-options auto-key-retrieve' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  72. echo '' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  73. echo '# default preferences' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  74. echo 'personal-digest-preferences SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  75. echo 'cert-digest-algo SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  76. echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  77. 

  78. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg

  79. chmod 700 /home/$MY_USERNAME/.gnupg

  80. chmod 600 /home/$MY_USERNAME/.gnupg/*

  81. 

  82. # Generate a GPG key

  83. echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf

  84. echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf

  85. echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf

  86. echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf

  87. echo "Name-Real:  $MY_USERNAME" >> /home/$MY_USERNAME/gpg-genkey.conf

  88. echo "Name-Email: $MY_USERNAME@$HOSTNAME" >> /home/$MY_USERNAME/gpg-genkey.conf

  89. echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf

  90. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf

  91. su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME

  92. shred -zu /home/$MY_USERNAME/gpg-genkey.conf

  93. MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$HOSTNAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')

  94. MY_GPG_PUBLIC_KEY=/home/$MY_USERNAME/public_key.gpg

  95. su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME

  96. 

  97. if [ ! -f $MY_GPG_PUBLIC_KEY ]; then

  98.     echo "GPG public key was not generated for $MY_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"

  99.     userdel -r $MY_USERNAME

  100.     exit 7

  101. fi

  102. 

  103. # encrypt outgoing mail to the "sent" folder

  104. if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then

  105.     echo '' >> /home/$MY_USERNAME/.muttrc

  106.     echo '# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc

  107.     echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc

  108. else

  109.     sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc

  110. fi

  111. 

  112. if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then

  113.     echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc

  114. else

  115.     sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc

  116. fi

  117. 

  118. if ! grep -q "Change your GPG password" /home/$MY_USERNAME/README; then

  119.     echo '' >> /home/$MY_USERNAME/README

  120.     echo '' >> /home/$MY_USERNAME/README

  121.     echo 'Change your GPG password' >> /home/$MY_USERNAME/README

  122.     echo '========================' >> /home/$MY_USERNAME/README

  123.     echo "It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README

  124.     echo "if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README

  125.     echo 'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README

  126.     echo 'You can change the it with:' >> /home/$MY_USERNAME/README

  127.     echo '' >> /home/$MY_USERNAME/README

  128.     echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README

  129.     echo '  passwd' >> /home/$MY_USERNAME/README

  130.     echo '  save' >> /home/$MY_USERNAME/README

  131.     echo '  quit' >> /home/$MY_USERNAME/README

  132. fi

  133. 

  134. if ! grep -q "Publish your GPG public key" /home/$MY_USERNAME/README; then

  135.     echo '' >> /home/$MY_USERNAME/README

  136.     echo '' >> /home/$MY_USERNAME/README

  137.     echo 'Publish your GPG public key' >> /home/$MY_USERNAME/README

  138.     echo '===========================' >> /home/$MY_USERNAME/README

  139.     echo 'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README

  140.     echo 'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README

  141.     echo '' >> /home/$MY_USERNAME/README

  142.     echo "  gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README

  143. fi

  144. 

  145. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README

  146. chown $MY_USERNAME:$MY_USERNAME $MY_GPG_PUBLIC_KEY

  147. chmod 600 /home/$MY_USERNAME/README

  148. 

  149. echo "Adding an XMPP account for $MY_USERNAME"

  150. freedombone-addxmpp -e "$MY_USERNAME@$HOSTNAME" -p "$NEW_USER_PASSWORD"

  151. if [ ! "$?" = "0" ]; then

  152.     echo "XMPP account not created"

  153.     userdel -r $MY_USERNAME

  154.     exit 8

  155. fi

  156. 

  157. if grep -q "Blog domain" $COMPLETION_FILE; then

  158.     FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')

  159.     if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users ]; then

  160.         echo 'Blog users directory not found'

  161.         userdel -r $MY_USERNAME

  162.         exit 9

  163.     fi

  164.     echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  165.     echo "password = '$NEW_USER_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  166.     echo 'encryption = clear' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  167.     echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  168.     echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  169.     echo "$MY_USERNAME added as a blog user"

  170. fi

  171. 

  172. clear

  173. echo "New user $MY_USERNAME was created"

  174. echo "Their login password is $NEW_USER_PASSWORD"

  175. echo ''

  176. echo 'IMPORTANT: Make a note of the password, because it will not be saved'

  177. echo 'anywhere else. Preferably give it to them in person on paper or via'

  178. echo 'a secure channel, not in an unencrypted email.'

  179. echo ''

  180. echo "They can download their GPG keys with:"

  181. echo ''

  182. echo "    scp -P $SSH_PORT -r $MY_USERNAME@$HOSTNAME:/home/$MY_USERNAME/.gnupg ~/"

  183. echo ''

  184. echo 'They should also run freedombone-client on their system to ensure'

  185. echo 'the best security.'

  186. 

  187. exit 0