#!/bin/sh
#----------------------------------------------------------------------------
# /var/install/bin/add-user - add user
#
# Creation:     2001-11-04 fm
# Last Update:  $Id$
#
# Copyright (c) 2001-@@YEAR@@ the eisfair team, team(at)eisfair(dot)org
#
# usage: add-user
#    or: add-user [-d|-l|-r] user encrypted-password uid gid name home shell
#
#                 -d             - disable password
#                 -l             - lock password
#                 -r | --system  - create system user
#
# if password is empty, user will be prompted
# if gid is empty, values will be evaluated
# if uid is empty, the system will set itself
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#----------------------------------------------------------------------------

# include eislib etc.
. /var/install/include/eislib

ASK=/var/install/bin/ask
AWK=/usr/bin/gawk
CUT=/usr/bin/cut
GETENT=/usr/bin/getent
GREP=/usr/bin/grep
USERADD=/usr/sbin/useradd
GROUPADD=/usr/sbin/groupadd
PASSWD=/usr/bin/passwd
MKTEMP=/usr/bin/mktemp
RM=/usr/bin/rm

#----------------------------------------------------------------------------
# usage
#----------------------------------------------------------------------------
usage()
{
cat  <<EOF

 Usage:
 ${0}
                               - empty for interactive mode  
                -d             - disable password
                -l             - lock password
                -r | --system  - create system user
            
 Example: ${0} 
 Example: ${0} user '*' '' group name home shell
 Example: ${0} -r user '*' '' group name home shell
 Example: ${0} user encrypted-password uid gid name home shell       

EOF
}

# ---------------------------------------------------------------------------
# do exit, check for interactive
# ---------------------------------------------------------------------------
do_exit()
{
    if "${interactive:-false}"
    then
        mecho
        anykey
    fi
    exit $1
}

# ---------------------------------------------------------------------------
# sub: is_numeric
# check if numeric value
# input : $1 - value
# return:  0 - numeric
#          1 - no numeric
# ---------------------------------------------------------------------------
is_numeric()
{
    echo "${1}" | ${GREP} -q '^[0-9]*$'
}

# ---------------------------------------------------------------------------
# get optional flags
# ---------------------------------------------------------------------------
flags=''
noadd=0
systemswitch=''
while [ 1 ]
do
    case "$1" in
    -d)
        if [ $noadd -eq 0 ]
        then
            flags="$flags -d"
            noadd=1
        else
            mecho --warn "Redundant option '-d' will be ignored!"
        fi
        shift
        ;;
    -l)
        if [ $noadd -eq 0 ]
        then
            flags="$flags -l"
            noadd=1
        else
            mecho --warn "Redundant option '-l' will be ignored!"
        fi
        shift
        ;;
    -r|--system)
        systemswitch='-r'
        shift
        ;;
    -h|--help)
        usage
        do_exit 1
        ;;
    *)
        break
        ;;
    esac
done

# ---------------------------------------------------------------------------
# get parameter
# ---------------------------------------------------------------------------
case $# in
    0)
        interactive='true'

        user=""
        password=""
        uid=""
        gid=""
        name=""
        home=""
        shell=""
    ;;
    7)
        interactive='false'

        user="$1"
        password="$2"
        uid="$3"
        gid="$4"
        name="$5"
        home="$6"
        shell="$7"
    ;;
    *)
        usage
        do_exit 1
    ;;
esac

# ---------------------------------------------------------------------------
# clear screen
# ---------------------------------------------------------------------------
if "$interactive"
then
    clrhome
    mecho --info "Add user"
    echo
fi

# ---------------------------------------------------------------------------
# create uid
# ---------------------------------------------------------------------------
if [ -z "${uid}" ] && [ -z "${systemswitch}" ]
then
    oldifs="$IFS"
    IFS=':'
    uid=2000
    while read line
    do
        set -- $line
        if [ $3 -gt $uid -a $3 -lt 3000 ]
        then
            uid=$3
        fi
    done </etc/passwd
    IFS="$oldifs"

    uid=$((${uid} + 1))
else
    exists_uid=$(awk -F: '$3 == "'${uid}'" { print $3 }' /etc/passwd)

    if [ -n "${exists_uid}" ]
    then
        mecho --error "uid ${uid} already exists"
        echo
        do_exit 1
    fi
fi

# ---------------------------------------------------------------------------
# get user name
# ---------------------------------------------------------------------------
if [ -z "${user}" ]
then
    mecho "Information: The Username or Login should be written in lowercase"
    echo
    _ask_tmpfile=$(${MKTEMP} -t XXXXXXXXXXXXX)
    ${ASK} "Username or Login (e.g. 'newuser'):" '' '*' > ${_ask_tmpfile}
    rc=${?}
    read user < ${_ask_tmpfile}
    ${RM} -f ${_ask_tmpfile}
    if [ ${rc} = 255 ]
    then
        exit 1
    fi
fi

# ---------------------------------------------------------------------------
# get password and append user to files
# ---------------------------------------------------------------------------
if "${interactive:-false}"
then
    echo
fi

    case "${user}" in
    "")
        mecho --warn "no user added"
        do_exit 1
        ;;
    *)
        if ${GETENT} passwd ${user} >/dev/null
        then
            mecho --error "user ${user} already exists"
            do_exit 1
        else
            if [ -z "$name" ]
            then
                _ask_tmpfile=$(${MKTEMP} -t XXXXXXXXXXXXX)
                ${ASK} "Name of user (comment field):" '' '*' > ${_ask_tmpfile}
                rc=${?}
                read name < ${_ask_tmpfile}
                ${RM} -f ${_ask_tmpfile}
                if [ ${rc} = 255 ]
                then
                    exit 1
                fi
            fi

            if ! ${GETENT} group users >/dev/null
            then
                ${GROUPADD} -g 100 users
            fi

            if [ -z "${gid}" ]
            then
                gid=100
            else
                if is_numeric ${gid}
                then
                    exists_gid=$(${AWK} -F: '$3 == "'${gid}'" { print $3 }' /etc/group)

                    gid_message='gid'

                    if [ "${gid}" -eq "${exists_gid}" ]
                    then
                        gidexists=true
                    fi
                else
                    exists_gid=$(${AWK} -F: '$1 == "'${gid}'" { print $1 }' /etc/group)

                    gid_message='group'

                    if [ "${gid}" = "${exists_gid}" ]
                    then
                        gidexists=true
                    fi
                fi

                if ! ${gidexists:-false}
                then
                    mecho --error "${gid_message} ${gid} doesn't exists"
                    do_exit 1
                fi
            fi

            if [ -z "$shell" ]
            then
                shell=/bin/bash
            fi

            # use -r if create a system acount
            homeswitch=""
                #old home handling used from eisfair-1 only
                homeswitch="-m"
                # set systemswitch
                if [ -n "${uid}" ] && [ "${uid}" -lt 500 ]
                then
                    systemswitch='-r'
                    sysswitch=true
                fi
                case "${home}" in
                "")
                    home="/home/${user}"
                    ;;
                "/dev/null")
                    home="/home/__dummyhome__"
                    homeswitch="-M"
                    ;;
                esac

            enc_passwd=''
            # check if password given and
            # password length more then 10 charaters and
            # begin with '$'
            # modern encrypted with '$' to begin
            # without '$' -> des, :-( unwanted, broken
            # $1$ -> md5, not a good idea, broken
            # $2$ -> blowfish
            # $5$ -> sha-256
            # $6$ -> sha-512, default in eisfair
            if [ -n "${password}" ] &&
               [ ${#password} -ge 10 ] &&
               echo ${password} | grep -q '^\$'
            then
                enc_passwd="-p ${password}"
            fi

            user_uid="-u ${uid}"
            # check if systemswitch given
            # if, then use automatic uid by useradd
            # defined in /etc/login.defs
            if [ -n "${systemswitch}" ] &&
                ! ${sysswitch:-false}
            then
                user_uid=''
            fi

            # add user with password
            ${USERADD} ${systemswitch} ${user_uid} -g ${gid} \
                              -c "${name}" -s ${shell} \
                              -d ${home} ${enc_passwd} ${homeswitch} ${user}

            case $flags in
            *-d)
                # disable password
                ${PASSWD} -d $user >/dev/null
                ;;
            *-l)
                # lock password
                ${PASSWD} -l ${user} >/dev/null
                ;;
            *)
                # get / set password
                if [ -z "$password" ]
                then
                    idx=1
                    while [ $idx -le 3 ]
                    do
                        ${PASSWD} $user
                        if [ $? = 0 ]
                        then
                            break
                        fi

                        idx=$((${idx} + 1))
                        if [ $idx -eq 4 ]
                        then
                            # disable password
                            ${PASSWD} -d $user >/dev/null
                            echo
                            mecho --error "Failed to get a valid password. Login for $user disabled."
                            mecho --std "Please use 'passwd $user' to change password manually."
                            if "${interactive:-false}"
                            then
                                anykey
                            fi
                        fi
                    done
                fi
                ;;
            esac
        fi
        ;;
    esac

do_exit 0
# ---------------------------------------------------------------------------
# end
# ---------------------------------------------------------------------------