freedombone-adduser 9.5KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219
  1. #!/bin/bash
  2. #
  3. # .---. . .
  4. # | | |
  5. # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
  6. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
  7. # ' ' --' --' -' - -' ' ' -' -' -' ' - --'
  8. #
  9. # Freedom in the Cloud
  10. #
  11. # Adds an user to the system
  12. # License
  13. # =======
  14. #
  15. # Copyright (C) 2015 Bob Mottram <bob@robotics.uk.to>
  16. #
  17. # This program is free software: you can redistribute it and/or modify
  18. # it under the terms of the GNU General Public License as published by
  19. # the Free Software Foundation, either version 3 of the License, or
  20. # (at your option) any later version.
  21. #
  22. # This program is distributed in the hope that it will be useful,
  23. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  24. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  25. # GNU General Public License for more details.
  26. #
  27. # You should have received a copy of the GNU General Public License
  28. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  29. MY_USERNAME=$1
  30. SSH_PUBLIC_KEY="$2"
  31. GPG_KEYSERVER='hkp://keys.gnupg.net'
  32. SSH_PORT=2222
  33. COMPLETION_FILE=$HOME/freedombone-completed.txt
  34. if [ ! $MY_USERNAME ]; then
  35. echo 'No username was given'
  36. exit 1
  37. fi
  38. if [ -d /home/$MY_USERNAME ]; then
  39. echo "The user $MY_USERNAME already exists"
  40. exit 2
  41. fi
  42. if [ ! -f $COMPLETION_FILE ]; then
  43. echo "$COMPLETION_FILE not found"
  44. userdel -r $MY_USERNAME
  45. exit 3
  46. fi
  47. NEW_USER_PASSWORD="$(openssl rand -base64 10 | cut -c1-8)"
  48. useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $MY_USERNAME
  49. adduser $MY_USERNAME sasl
  50. if [ ! -d /home/$MY_USERNAME ]; then
  51. echo 'Home directory was not created'
  52. exit 4
  53. fi
  54. if [ "$SSH_PUBLIC_KEY" ]; then
  55. if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then
  56. if [ -f "$SSH_PUBLIC_KEY" ]; then
  57. mkdir /home/$MY_USERNAME/.ssh
  58. cp $SSH_PUBLIC_KEY /home/$MY_USERNAME/.ssh/authorized_keys
  59. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
  60. echo 'ssh public key installed'
  61. else
  62. if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then
  63. mkdir /home/$MY_USERNAME/.ssh
  64. echo "$SSH_PUBLIC_KEY" > /home/$MY_USERNAME/.ssh/authorized_keys
  65. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
  66. echo 'ssh public key installed'
  67. else
  68. echo 'The second parameter does not look like an ssh key'
  69. exit 5
  70. fi
  71. fi
  72. fi
  73. fi
  74. if [ ! -d /home/$MY_USERNAME/Maildir ]; then
  75. echo 'Email directory was not created'
  76. userdel -r $MY_USERNAME
  77. exit 6
  78. fi
  79. if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then
  80. sed -i "s|set from=.*|set from='$MY_USERNAME <$MY_USERNAME@$HOSTNAME>'|g" /home/$MY_USERNAME/.muttrc
  81. else
  82. echo "set from='$MY_USERNAME <$MY_USERNAME@$HOSTNAME>'" >> /home/$MY_USERNAME/.muttrc
  83. fi
  84. USERN='$USER@'
  85. sed -i "s|$USERN|$MY_USERNAME@|g" /home/$MY_USERNAME/.procmailrc
  86. # generate a gpg key
  87. echo "Making a GPG key for $MY_USERNAME@$HOSTNAME"
  88. mkdir /home/$MY_USERNAME/.gnupg
  89. echo "keyserver $GPG_KEYSERVER" >> /home/$MY_USERNAME/.gnupg/gpg.conf
  90. echo 'keyserver-options auto-key-retrieve' >> /home/$MY_USERNAME/.gnupg/gpg.conf
  91. echo '' >> /home/$MY_USERNAME/.gnupg/gpg.conf
  92. echo '# default preferences' >> /home/$MY_USERNAME/.gnupg/gpg.conf
  93. echo 'personal-digest-preferences SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf
  94. echo 'cert-digest-algo SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf
  95. echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$MY_USERNAME/.gnupg/gpg.conf
  96. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
  97. chmod 700 /home/$MY_USERNAME/.gnupg
  98. chmod 600 /home/$MY_USERNAME/.gnupg/*
  99. # Generate a GPG key
  100. echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
  101. echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
  102. echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
  103. echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
  104. echo "Name-Real: $MY_USERNAME" >> /home/$MY_USERNAME/gpg-genkey.conf
  105. echo "Name-Email: $MY_USERNAME@$HOSTNAME" >> /home/$MY_USERNAME/gpg-genkey.conf
  106. echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
  107. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
  108. su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
  109. shred -zu /home/$MY_USERNAME/gpg-genkey.conf
  110. MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$HOSTNAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
  111. MY_GPG_PUBLIC_KEY=/home/$MY_USERNAME/public_key.gpg
  112. su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
  113. if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
  114. echo "GPG public key was not generated for $MY_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
  115. userdel -r $MY_USERNAME
  116. exit 7
  117. fi
  118. # encrypt outgoing mail to the "sent" folder
  119. if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then
  120. echo '' >> /home/$MY_USERNAME/.muttrc
  121. echo '# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc
  122. echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
  123. else
  124. sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
  125. fi
  126. if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then
  127. echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
  128. else
  129. sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
  130. fi
  131. if ! grep -q "Change your GPG password" /home/$MY_USERNAME/README; then
  132. echo '' >> /home/$MY_USERNAME/README
  133. echo '' >> /home/$MY_USERNAME/README
  134. echo 'Change your GPG password' >> /home/$MY_USERNAME/README
  135. echo '========================' >> /home/$MY_USERNAME/README
  136. echo "It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README
  137. echo "if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README
  138. echo 'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README
  139. echo 'You can change the it with:' >> /home/$MY_USERNAME/README
  140. echo '' >> /home/$MY_USERNAME/README
  141. echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
  142. echo ' passwd' >> /home/$MY_USERNAME/README
  143. echo ' save' >> /home/$MY_USERNAME/README
  144. echo ' quit' >> /home/$MY_USERNAME/README
  145. fi
  146. if ! grep -q "Publish your GPG public key" /home/$MY_USERNAME/README; then
  147. echo '' >> /home/$MY_USERNAME/README
  148. echo '' >> /home/$MY_USERNAME/README
  149. echo 'Publish your GPG public key' >> /home/$MY_USERNAME/README
  150. echo '===========================' >> /home/$MY_USERNAME/README
  151. echo 'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README
  152. echo 'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README
  153. echo '' >> /home/$MY_USERNAME/README
  154. echo " gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
  155. fi
  156. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  157. chown $MY_USERNAME:$MY_USERNAME $MY_GPG_PUBLIC_KEY
  158. chmod 600 /home/$MY_USERNAME/README
  159. echo "Adding an XMPP account for $MY_USERNAME"
  160. freedombone-addxmpp -e "$MY_USERNAME@$HOSTNAME" -p "$NEW_USER_PASSWORD"
  161. if [ ! "$?" = "0" ]; then
  162. echo "XMPP account not created"
  163. userdel -r $MY_USERNAME
  164. exit 8
  165. fi
  166. if grep -q "Blog domain" $COMPLETION_FILE; then
  167. FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')
  168. if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users ]; then
  169. echo 'Blog users directory not found'
  170. userdel -r $MY_USERNAME
  171. exit 9
  172. fi
  173. echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
  174. echo "password = '$NEW_USER_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
  175. echo 'encryption = clear' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
  176. echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
  177. echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
  178. echo "$MY_USERNAME added as a blog user"
  179. fi
  180. clear
  181. echo "New user $MY_USERNAME was created"
  182. echo "Their login password is $NEW_USER_PASSWORD"
  183. echo ''
  184. echo 'IMPORTANT: Make a note of the password, because it will not be saved'
  185. echo 'anywhere else. Preferably give it to them in person on paper or via'
  186. echo 'a secure channel, not in an unencrypted email.'
  187. echo ''
  188. echo "They can download their GPG keys with:"
  189. echo ''
  190. echo " scp -P $SSH_PORT -r $MY_USERNAME@$HOSTNAME:/home/$MY_USERNAME/.gnupg ~/"
  191. echo ''
  192. echo 'They should also run freedombone-client on their system to ensure'
  193. echo 'the best security.'
  194. exit 0