free
/
freedombone
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull Requests 0 Versões 0 Wiki Atividade
2172 Commits
5 Branches
Tag: c8bad6ff58
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de c8bad6ff58
${ noResults }
freedombone/src/freedombone-adduser

freedombone-adduser 9.5KB
Histórico Original

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219 
  1. #!/bin/bash

  2. #

  3. # .---.                  .              .

  4. # |                      |              |

  5. # |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.

  6. # |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'

  7. # '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'

  8. #

  9. #                    Freedom in the Cloud

  10. #

  11. 

  12. # Adds an user to the system

  13. 

  14. # License

  15. # =======

  16. #

  17. # Copyright (C) 2015 Bob Mottram <bob@robotics.uk.to>

  18. #

  19. # This program is free software: you can redistribute it and/or modify

  20. # it under the terms of the GNU General Public License as published by

  21. # the Free Software Foundation, either version 3 of the License, or

  22. # (at your option) any later version.

  23. #

  24. # This program is distributed in the hope that it will be useful,

  25. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  26. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  27. # GNU General Public License for more details.

  28. #

  29. # You should have received a copy of the GNU General Public License

  30. # along with this program. If not, see <http://www.gnu.org/licenses/>.

  31. 

  32. MY_USERNAME=$1

  33. SSH_PUBLIC_KEY="$2"

  34. GPG_KEYSERVER='hkp://keys.gnupg.net'

  35. SSH_PORT=2222

  36. COMPLETION_FILE=$HOME/freedombone-completed.txt

  37. 

  38. if [ ! $MY_USERNAME ]; then

  39.     echo 'No username was given'

  40.     exit 1

  41. fi

  42. 

  43. if [ -d /home/$MY_USERNAME ]; then

  44.     echo "The user $MY_USERNAME already exists"

  45.     exit 2

  46. fi

  47. 

  48. if [ ! -f $COMPLETION_FILE ]; then

  49.     echo "$COMPLETION_FILE not found"

  50.     userdel -r $MY_USERNAME

  51.     exit 3

  52. fi

  53. 

  54. NEW_USER_PASSWORD="$(openssl rand -base64 10 | cut -c1-8)"

  55. useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $MY_USERNAME

  56. adduser $MY_USERNAME sasl

  57. 

  58. if [ ! -d /home/$MY_USERNAME ]; then

  59.     echo 'Home directory was not created'

  60.     exit 4

  61. fi

  62. 

  63. if [ "$SSH_PUBLIC_KEY" ]; then

  64.     if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then

  65.         if [ -f "$SSH_PUBLIC_KEY" ]; then

  66.             mkdir /home/$MY_USERNAME/.ssh

  67.             cp $SSH_PUBLIC_KEY /home/$MY_USERNAME/.ssh/authorized_keys

  68.             chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh

  69.             echo 'ssh public key installed'

  70.         else

  71.             if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then

  72.                 mkdir /home/$MY_USERNAME/.ssh

  73.                 echo "$SSH_PUBLIC_KEY" > /home/$MY_USERNAME/.ssh/authorized_keys

  74.                 chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh

  75.                 echo 'ssh public key installed'

  76.             else

  77.                 echo 'The second parameter does not look like an ssh key'

  78.                 exit 5

  79.             fi

  80.         fi

  81.     fi

  82. fi

  83. 

  84. if [ ! -d /home/$MY_USERNAME/Maildir ]; then

  85.     echo 'Email directory was not created'

  86.     userdel -r $MY_USERNAME

  87.     exit 6

  88. fi

  89. 

  90. if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then

  91.     sed -i "s|set from=.*|set from='$MY_USERNAME <$MY_USERNAME@$HOSTNAME>'|g" /home/$MY_USERNAME/.muttrc

  92. else

  93.     echo "set from='$MY_USERNAME <$MY_USERNAME@$HOSTNAME>'" >> /home/$MY_USERNAME/.muttrc

  94. fi

  95. 

  96. USERN='$USER@'

  97. sed -i "s|$USERN|$MY_USERNAME@|g" /home/$MY_USERNAME/.procmailrc

  98. 

  99. # generate a gpg key

  100. echo "Making a GPG key for $MY_USERNAME@$HOSTNAME"

  101. mkdir /home/$MY_USERNAME/.gnupg

  102. echo "keyserver $GPG_KEYSERVER" >> /home/$MY_USERNAME/.gnupg/gpg.conf

  103. echo 'keyserver-options auto-key-retrieve' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  104. echo '' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  105. echo '# default preferences' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  106. echo 'personal-digest-preferences SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  107. echo 'cert-digest-algo SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  108. echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  109. 

  110. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg

  111. chmod 700 /home/$MY_USERNAME/.gnupg

  112. chmod 600 /home/$MY_USERNAME/.gnupg/*

  113. 

  114. # Generate a GPG key

  115. echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf

  116. echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf

  117. echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf

  118. echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf

  119. echo "Name-Real:  $MY_USERNAME" >> /home/$MY_USERNAME/gpg-genkey.conf

  120. echo "Name-Email: $MY_USERNAME@$HOSTNAME" >> /home/$MY_USERNAME/gpg-genkey.conf

  121. echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf

  122. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf

  123. su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME

  124. shred -zu /home/$MY_USERNAME/gpg-genkey.conf

  125. MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$HOSTNAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')

  126. MY_GPG_PUBLIC_KEY=/home/$MY_USERNAME/public_key.gpg

  127. su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME

  128. 

  129. if [ ! -f $MY_GPG_PUBLIC_KEY ]; then

  130.     echo "GPG public key was not generated for $MY_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"

  131.     userdel -r $MY_USERNAME

  132.     exit 7

  133. fi

  134. 

  135. # encrypt outgoing mail to the "sent" folder

  136. if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then

  137.     echo '' >> /home/$MY_USERNAME/.muttrc

  138.     echo '# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc

  139.     echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc

  140. else

  141.     sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc

  142. fi

  143. 

  144. if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then

  145.     echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc

  146. else

  147.     sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc

  148. fi

  149. 

  150. if ! grep -q "Change your GPG password" /home/$MY_USERNAME/README; then

  151.     echo '' >> /home/$MY_USERNAME/README

  152.     echo '' >> /home/$MY_USERNAME/README

  153.     echo 'Change your GPG password' >> /home/$MY_USERNAME/README

  154.     echo '========================' >> /home/$MY_USERNAME/README

  155.     echo "It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README

  156.     echo "if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README

  157.     echo 'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README

  158.     echo 'You can change the it with:' >> /home/$MY_USERNAME/README

  159.     echo '' >> /home/$MY_USERNAME/README

  160.     echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README

  161.     echo '  passwd' >> /home/$MY_USERNAME/README

  162.     echo '  save' >> /home/$MY_USERNAME/README

  163.     echo '  quit' >> /home/$MY_USERNAME/README

  164. fi

  165. 

  166. if ! grep -q "Publish your GPG public key" /home/$MY_USERNAME/README; then

  167.     echo '' >> /home/$MY_USERNAME/README

  168.     echo '' >> /home/$MY_USERNAME/README

  169.     echo 'Publish your GPG public key' >> /home/$MY_USERNAME/README

  170.     echo '===========================' >> /home/$MY_USERNAME/README

  171.     echo 'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README

  172.     echo 'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README

  173.     echo '' >> /home/$MY_USERNAME/README

  174.     echo "  gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README

  175. fi

  176. 

  177. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README

  178. chown $MY_USERNAME:$MY_USERNAME $MY_GPG_PUBLIC_KEY

  179. chmod 600 /home/$MY_USERNAME/README

  180. 

  181. echo "Adding an XMPP account for $MY_USERNAME"

  182. freedombone-addxmpp -e "$MY_USERNAME@$HOSTNAME" -p "$NEW_USER_PASSWORD"

  183. if [ ! "$?" = "0" ]; then

  184.     echo "XMPP account not created"

  185.     userdel -r $MY_USERNAME

  186.     exit 8

  187. fi

  188. 

  189. if grep -q "Blog domain" $COMPLETION_FILE; then

  190.     FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')

  191.     if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users ]; then

  192.         echo 'Blog users directory not found'

  193.         userdel -r $MY_USERNAME

  194.         exit 9

  195.     fi

  196.     echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  197.     echo "password = '$NEW_USER_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  198.     echo 'encryption = clear' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  199.     echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  200.     echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  201.     echo "$MY_USERNAME added as a blog user"

  202. fi

  203. 

  204. clear

  205. echo "New user $MY_USERNAME was created"

  206. echo "Their login password is $NEW_USER_PASSWORD"

  207. echo ''

  208. echo 'IMPORTANT: Make a note of the password, because it will not be saved'

  209. echo 'anywhere else. Preferably give it to them in person on paper or via'

  210. echo 'a secure channel, not in an unencrypted email.'

  211. echo ''

  212. echo "They can download their GPG keys with:"

  213. echo ''

  214. echo "    scp -P $SSH_PORT -r $MY_USERNAME@$HOSTNAME:/home/$MY_USERNAME/.gnupg ~/"

  215. echo ''

  216. echo 'They should also run freedombone-client on their system to ensure'

  217. echo 'the best security.'

  218. 

  219. exit 0