#!/usr/bin/python2
#
#Copyright (c) 2003, 2004, 2005, 2006, 2007 Olivier Sessink
#All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions
#are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * The names of its contributors may not be used to endorse or
# promote products derived from this software without specific
# prior written permission.
#
#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
#"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
#LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
#FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
#COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
#INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
#BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
#LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
#CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
#LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
#ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
#POSSIBILITY OF SUCH DAMAGE.
#
import os.path
import grp
import pwd
import sys
import getopt
INIPREFIX='/etc/jailkit'
LIBDIR='/usr/share/jailkit'
sys.path.append(LIBDIR)
import jk_lib
def usage():
print
print '*** jk_addjailuser is deprecated ***'
print
print 'please add the user like any other user, and use jk_jailuser to jail the user'
print
print 'Usage: '+sys.argv[0]+' [OPTIONS] chrootdir username'
print
print ' [-c comment] [-d home dir] [-e expire_date]'
print ' [-f inactive time] [-g initial group]'
print ' [-G group[,...]] [-h] | [-?] | [--help]'
print ' [-m [-k skeleton dir] | -M] [-n] [-o] '
print ' [-p passwd] -r [-s shell] [-u uid]'
print ' [-v] | [--verbose]'
print
def getjail_and_user(args):
if (len(args)==0):
return None,None
user=None
jail=None
if (len(args) > 2):
jk_lib.clean_exit(3,'could not understand all arguments',usage)
if (len(args) == 2):
if (os.path.exists(args[1])):
jail = args[1]
user = args[0]
elif (os.path.exists(args[0])):
jail = args[0]
user = args[1]
else:
return None,None
else:
if os.path.exists(args[0]):
jail = args[0]
else:
user = args[0]
# print 'returning',jail,user
return jail,user
def askforjail():
jail = None
while (jail == None):
print 'please enter the jail directory:'
tmp = raw_input()
if os.path.isdir(tmp):
jail = tmp
else:
print 'directory '+tmp+' does not exist..'
return jail
def checkuser(user, jail):
try:
pw= pwd.getpwnam(user)
return 0
except:
if (jk_lib.test_user_exist(user, jail+'/etc/passwd')):
return 0
return 1
def groupexists(group):
try:
gr = grp.getgrnam(group)
return 1
except:
return 0
def askforuser(jail):
user = None
while (user == None):
print 'please enter the username:'
tmp = raw_input()
if (checkuser(tmp, jail)):
user = tmp
else:
print 'user '+tmp+' exists already'
return user
def addusertojail(jail, user, group, home, shell, creategroup):
if (jail[-1] == '/'):
jail = jail[:-1]
pw = pwd.getpwnam(user)
if (sys.platform[4:7] == 'bsd'):
fd = open(jail+'/etc/master.passwd', 'a')
fd.write(user+':x:'+str(pw[2])+':'+str(pw[3])+'::0:0:'+pw[4]+':'+home+':'+shell+'\n')
fd.close()
os.system('pwd_mkdb -d '+jail+'/etc -u '+user+' /etc/master.passwd')
else:
#if (sys.platform[:5] == 'linux'):
fd = open(jail+'/etc/passwd', 'a')
fd.write(user+':x:'+str(pw[2])+':'+str(pw[3])+':'+pw[4]+':'+home+':'+shell+'\n')
fd.close()
if (not jk_lib.test_group_exist(group, jail+'/etc/group')):
gr = grp.getgrnam(group)
fd = open(jail+'/etc/group', 'a')
fd.write(group+':x:'+str(gr[2])+':\n')
fd.close()
# should be done by the -m option
# jk_lib.create_full_path(jail+home, 0)
# os.chmod(jail+home, 0700)
# os.chown(jail+home, pw[2], pw[3])
def configget(config, key):
try: return config[key]
except: return None
def addtheuser(jail,user,config):
jailpath = jail
if (jail[-1] != '/'):
jailpath = jailpath + '/'
execstr='useradd'
# "c:d:e:f:g:G:mk:Mnop:rs:u:vh?"
c = configget(config, 'c')
d = configget(config, 'd')
e = configget(config, 'e')
f = configget(config, 'f')
g = configget(config, 'g')
G = configget(config, 'G')
m = configget(config, 'm')
k = configget(config, 'k')
M = configget(config, 'M')
n = configget(config, 'n')
o = configget(config, 'o')
p = configget(config, 'p')
r = configget(config, 'r')
s = configget(config, 's')
u = configget(config, 'u')
if d: home = d
else: home = '/home/' + user
d = jailpath + '.' + home
if g: initialgroup = g
else: initialgroup = 'users'
g = initialgroup
if not groupexists(initialgroup):
print (
'the group '+
initialgroup+
' does not yet exist, creating it'
)
os.system('groupadd '+initialgroup)
creategroup = 1
else: creategroup = 0
if s: shell = s
else: shell = '/usr/sbin/jk_lsh'
if c: execstr = execstr + " -c \"" + c + "\""
execstr = execstr + " -d \"" + d + "\""
if e: execstr = execstr + " -e \"" + e + "\""
if f: execstr = execstr + " -f \"" + f + "\""
if g: execstr = execstr + " -g \"" + g + "\""
if G: execstr = execstr + " -G \"" + G + "\""
if m: execstr = execstr + " -m"
if k: execstr = execstr + " -k \"" + k + "\""
if M: execstr = execstr + " -M"
if n: execstr = execstr + " -n"
if o: execstr = execstr + " -o"
if p: execstr = execstr + " -p \"" + p + "\""
if r: execstr = execstr + " -r"
execstr = execstr + " -s /usr/sbin/jk_chrootsh"
if u: execstr = execstr + " -u \"" + u + "\""
execstr = execstr + " " + user
ret = os.system(execstr)
# This was cute, but I don't believe
# it is our responsibility to call it
#os.system('passwd '+user)
if (ret == 0):
addusertojail(jail,user,initialgroup,home,shell,creategroup)
def main():
try:
opts, args = getopt.getopt(
sys.argv[1:],
"c:d:e:f:g:G:mk:Mnop:rs:u:vh?",
["help", "verbose"]
)
except getopt.GetoptError:
usage()
sys.exit(1)
config = {}
config['verbose'] = 0
for o, a in opts:
if a=="" or not a: a = "true"
if o in ("-h", "-?", "--help"):
usage()
sys.exit()
elif o in ("-v", "--verbose"):
config['verbose'] = 1
else:
config[o[1:]] = a
jail,user = getjail_and_user(args)
if (jail == None):
jail = askforjail()
if ((user == None) or ( not checkuser(user, jail))):
user = askforuser(jail)
addtheuser(jail, user, config)
if __name__ == "__main__":
main()
|