مشاهدة ملف: addgroup

#!/usr/bin/perl

# adduser: a utility to add users to the system
# addgroup: a utility to add groups to the system

# Copyright (C) 1997, 1998, 1999 Guy Maor <maor@debian.org>
# Copyright (C) 1995 Ted Hajek <tedhajek@boombox.micro.umn.edu>
#                     Ian A. Murdock <imurdock@gnu.ai.mit.edu>
# Bugfixes and other improvements Roland Bauerschmidt <rb@debian.org>
# General scheme of the program adapted by the original debian 'adduser'
#  program by Ian A. Murdock <imurdock@gnu.ai.mit.edu>.
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
#
#
####################
# See the usage subroutine for explanation about how the program can be called
####################

use warnings;
use strict;
use Debian::AdduserCommon;
use Getopt::Long;


my $version = "3.118ubuntu5";

###################
# return values

use constant RET_OK => 0; # OK
use constant RET_OBJECT_ALREADY_EXISTS => 1; # the user or group does already exist, so the requested action cannot be performed
use constant RET_INVALID_CHARS_IN_NAME => 1; # the provided name contains invalid characters
use constant RET_ADDUSER_ABORTED => 1;  # the program was aborted (eg via Ctrl+C)
use constant RET_INVALID_CALL => 1; # getopt returned with "false"




BEGIN {
    local $ENV{PERL_DL_NONLAZY}=1;
    eval 'use Locale::gettext';
    if ($@) {
	*gettext = sub { shift };
	*textdomain = sub { "" };
	*LC_MESSAGES = sub { 5 };
    }
    eval {
	require POSIX;
	import POSIX qw(setlocale);
    };
    if ($@) {
	*setlocale = sub { return 1 };
    }
    eval {
	require I18N::Langinfo;
	import I18N::Langinfo qw(langinfo YESEXPR NOEXPR);
    };
    if ($@) {
	*langinfo = sub { return shift; };
	*YESEXPR  = sub { "^[yY]" };
	*NOEXPR   = sub { "^[nN]" };
    }
}

setlocale(LC_MESSAGES, "");
textdomain("adduser");
my $yesexpr = langinfo(YESEXPR());

my %config;			# configuration hash

my @defaults = ("/etc/adduser.conf");
my $nogroup_id = getgrnam("nogroup") || 65534;
$0 =~ s+.*/++; 

our $verbose = 1;		# should we be verbose?
my $allow_badname = 0;		# should we allow bad names?
my $ask_passwd = 1;		# ask for a passwd? 
my $disabled_login = 0;		# leave the new account disabled?

our $configfile = undef;
our $found_group_opt = undef;
our $found_sys_opt = undef;
our $ingroup_name = undef;
our $new_firstuid = undef;
our $new_gecos = undef;
our $new_gid = undef;
our $new_lastuid = undef;
our $new_uid = undef;
our $no_create_home = undef;
our $special_home = undef;
our $special_shell = undef;
our $add_extra_groups = 0;
our $use_extrausers = 0;
our $encrypt_home = undef;

# Global variables we need later
my $existing_user = undef;
my $existing_group = undef;
my $new_name = undef;
my $make_group_also = 0;
my $home_dir = undef;
my $undohome = undef;
my $undouser = undef;
my $undogroup = undef;
my $shell = undef;
my $first_uid = undef;
my $last_uid = undef;
my $dir_mode = undef;
my $perm = undef;

our @names;

# Parse options, sanity checks
unless ( GetOptions ("quiet|q" => sub { $verbose = 0 },
            "force-badname" => \$allow_badname,
	    "help|h" => sub { &usage(); exit RET_OK },
	    "version|v" => sub { &version(); exit RET_OK },
	    "system" => \$found_sys_opt,
	    "group" => \$found_group_opt,
	    "ingroup=s" => \$ingroup_name,
	    "home=s" => \$special_home,
	    "gecos=s" => \$new_gecos,
	    "shell=s" => \$special_shell,
	    "disabled-password" => sub { $ask_passwd = 0 },
	    "disabled-login" => sub { $disabled_login = 1; $ask_passwd = 0 },
	    "uid=i" => \$new_uid,
	    "firstuid=i" => \$new_firstuid,
	    "lastuid=i" => \$new_lastuid,
	    "gid=i" => \$new_gid,
	    "conf=s" => \$configfile,
	    "no-create-home" => \$no_create_home,
	    "encrypt-home" => \$encrypt_home,
            "add_extra_groups" => \$add_extra_groups,
        "extrausers" => \$use_extrausers,
	    "debug" => sub { $verbose = 2 } ) ) {
    &usage();
    exit RET_INVALID_CALL;
}

# everyone can issue "--help" and "--version", but only root can go on
dief (gtx("Only root may add a user or group to the system.\n")) if ($> != 0);

if( defined($configfile) ) { @defaults = ($configfile); }

# detect the right mode
my $action = $0 eq "addgroup" ? "addgroup" : "adduser";
if (defined($found_sys_opt)) {
  $action = "addsysuser" if ($action eq "adduser");
  $action = "addsysgroup" if ($action eq "addgroup");
}

# explicitly set PATH, because super (1) cleans up the path and makes adduser unusable;
# this is also a good idea for sudo (which doesn't clean up)
$ENV{"PATH"}="/bin:/usr/bin:/sbin:/usr/sbin";
$ENV{"IFS"}=" \t\n";

############################
# checks related to @names #
############################


while (defined(my $arg = shift(@ARGV))) {
  push (@names, $arg);
}

if ( (! defined $names[0]) || length($names[0]) == 0 || @names > 2) {
    dief (gtx("Only one or two names allowed.\n"));
}
	    

if (@names == 2) {	# must be addusertogroup
    dief (gtx("Specify only one name in this mode.\n"))
	if ($action eq "addsysuser" || $found_group_opt);
    $action = "addusertogroup";
    $existing_user = shift (@names);
    $existing_group = shift (@names);
}
else { # 1 parameter, must be adduser
    $new_name = shift (@names);
}

###################################
# check for consistent parameters #
###################################

if ($action ne "addgroup" &&
    defined($found_group_opt) +defined($ingroup_name) +defined($new_gid) > 1 ) {
    dief (gtx("The --group, --ingroup, and --gid options are mutually exclusive.\n"));
}


if ((defined($special_home)) && ($special_home !~ m+^/+ )) {
  dief (gtx("The home dir must be an absolute path.\n"));
}
	   
if (defined($special_home) && $verbose) {
    printf gtx("Warning: The home dir %s you specified already exists.\n"),$special_home
      if (!defined($no_create_home) && -d $special_home);
    printf gtx("Warning: The home dir %s you specified can't be accessed: %s\n"), $special_home, $!
      if (defined($no_create_home) && ! -d $special_home);
}


if ($found_group_opt) {
    if ($action eq "addsysuser") {
	$make_group_also = 1;
    }
    elsif ($found_sys_opt) {
	$action = "addsysgroup";
    }
    else {
	$action = "addgroup";
    }
}

my $ecryptfs_setup_private;
if (defined($encrypt_home)) {
	$ecryptfs_setup_private = &which('ecryptfs-setup-private');
}


$ENV{"VERBOSE"} = $verbose;
$ENV{"DEBUG"}   = $verbose;


# preseed configuration data and then read the config file
preseed_config(\@defaults,\%config);

&checkname($new_name, $found_sys_opt) if defined $new_name;
$SIG{'INT'} = $SIG{'QUIT'} = $SIG{'HUP'} = 'handler';

#####
# OK, we've processed the arguments.  $action equals one of the following,
# and the appropriate variables have been set:
#
# $action = "adduser"
#    $new_name                - the name of the new user.
#    $ingroup_name | $new_gid - the group to add the user to
#    $special_home, $new_uid, $new_gecos - optional overrides
# $action = "addgroup"
#    $new_name                - the name of the new group
#    $new_gid                 - optional override
# $action = "addsysgroup"
#    $new_name                - the name of the new group
#    $new_gid                 - optional override
# $action = "addsysuser"
#    $new_name                - the name of the new user
#    $make_group_also | $ingroup_name | $new_gid | 0  - which group
#    $special_home, $new_uid, $new_gecos - optional overrides
# $action = "addusertogroup"
#    $existing_user           - the user to be added
#    $existing_group          - the group to add her to
#####


#################
## addsysgroup ##
#################
if ($action eq "addsysgroup") {

    # Check if requested group already exists and we can exit safely
    my $ret = existing_group_ok($new_name, $new_gid);

    if ($ret == 3) {
        print STDERR "$0: " if $verbose;
	printf STDERR (gtx("The group `%s' already exists as a system group. Exiting.\n"), $new_name) if $verbose;
	exit RET_OK;
    }

    if ($ret == 1) {
        print STDERR "$0: " if $verbose;
	printf STDERR (gtx("The group `%s' already exists and is not a system group. Exiting.\n"), $new_name);
	exit RET_OBJECT_ALREADY_EXISTS;
    }

    if ($ret == 2) {
        print STDERR "$0: " if $verbose;
	printf STDERR (gtx("The group `%s' already exists, but has a different GID. Exiting.\n"), $new_name);
	exit RET_OBJECT_ALREADY_EXISTS;
    }

    dief (gtx("The GID `%s' is already in use.\n"),$new_gid)
	if (defined($new_gid) && defined(getgrgid($new_gid)));

    if (!defined($new_gid)) {
        $new_gid = &first_avail_gid($config{"first_system_gid"},
				   $config{"last_system_gid"});
        if ($new_gid == -1) {
	    print STDERR "$0: ";
	    printf STDERR gtx("No GID is available in the range %d-%d (FIRST_SYS_GID - LAST_SYS_GID).\n"),$config{"first_system_gid"},$config{"last_system_gid"};
            dief (gtx("The group `%s' was not created.\n"),$new_name);
        }
    }


    printf (gtx("Adding group `%s' (GID %d) ...\n"),$new_name,$new_gid) if $verbose;
    &invalidate_nscd("group");
    my $groupadd = &which('groupadd');
    if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
        &systemcall($groupadd, '--extrausers', '-g', $new_gid, $new_name);
    } else {
        &systemcall($groupadd, '-g', $new_gid, $new_name);
    }
    &invalidate_nscd("group");
    print (gtx("Done.\n")) if $verbose;
    exit RET_OK;
}


##############
## addgroup ##
##############
if ($action eq "addgroup") {
    dief (gtx("The group `%s' already exists.\n"),$new_name)
	if (defined getgrnam($new_name));
    dief (gtx("The GID `%s' is already in use.\n"),$new_gid)
	if (defined($new_gid) && defined(getgrgid($new_gid)));
    if (!defined($new_gid)) {
        $new_gid = &first_avail_gid($config{"first_gid"},
				   $config{"last_gid"});

        if ($new_gid == -1) {
	    print STDERR "$0: ";
	    printf STDERR gtx("No GID is available in the range %d-%d (FIRST_GID - LAST_GID).\n"),$config{"first_gid"},$config{"last_gid"};
            dief (gtx("The group `%s' was not created.\n"),$new_name);
        }
    }

    printf (gtx("Adding group `%s' (GID %d) ...\n"),$new_name,$new_gid) if $verbose;
    &invalidate_nscd("group");
    my $groupadd = &which('groupadd');
    if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
        &systemcall($groupadd, '--extrausers', '-g', $new_gid, $new_name);
    } else {
        &systemcall($groupadd, '-g', $new_gid, $new_name);
    }
    &invalidate_nscd("group");
    print (gtx("Done.\n")) if $verbose;
    exit RET_OK;
}


####################
## addusertogroup ##
####################
if ($action eq "addusertogroup") {
    dief (gtx("The user `%s' does not exist.\n"),$existing_user)
	if (!defined getpwnam($existing_user));
    dief (gtx("The group `%s' does not exist.\n"),$existing_group)
	if (!defined getgrnam($existing_group));
    if (&user_is_member($existing_user, $existing_group)) {
	printf gtx("The user `%s' is already a member of `%s'.\n"),
                $existing_user,$existing_group if $verbose;
	exit RET_OK;		# not really an error
    }

    printf gtx("Adding user `%s' to group `%s' ...\n"),$existing_user,$existing_group
	if $verbose;
    &invalidate_nscd();
    my $gpasswd = &which('gpasswd');
    if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
        &systemcall($gpasswd, '--extrausers', '-a',$existing_user,$existing_group);
    } else {
        &systemcall($gpasswd, '-a',$existing_user,$existing_group);
    }
    &invalidate_nscd();
    print (gtx("Done.\n")) if $verbose;
    exit RET_OK;
}


################
## addsysuser ##
################
if ($action eq "addsysuser") {
    if (existing_user_ok($new_name, $new_uid) == 1) {

        # a user with this name already exists; it's a problem when it's not a system user
        my $tmp_u = getpwnam($new_name);
        if (($tmp_u >= $config{"first_system_uid"}) and ($tmp_u <= $config{"last_system_uid"})) {
	    printf (gtx("The system user `%s' already exists. Exiting.\n"), $new_name) if $verbose;
            exit RET_OK
        }
	warnf (gtx("The user `%s' already exists, but is not a system user. Exiting.\n"), $new_name);
	exit RET_OBJECT_ALREADY_EXISTS;
    }
    if (existing_user_ok($new_name, $new_uid) == 2) {
	warnf (gtx("The user `%s' already exists with a different UID. Exiting.\n"), $new_name);
	exit RET_OBJECT_ALREADY_EXISTS;
    }

    if (!$ingroup_name && !defined($new_gid) && !$make_group_also) {
      $new_gid = $nogroup_id;
    }
    check_user_group(1);

    if (!defined($new_uid) && $make_group_also) {
	$new_uid = &first_avail_uid($config{"first_system_uid"},
				   $config{"last_system_uid"});
        if ($new_uid == -1) {
	    print STDERR "$0: ";
	    printf STDERR gtx("No UID/GID pair is available in the range %d-%d (FIRST_SYS_UID - LAST_SYS_UID).\n"),$config{"first_system_uid"},$config{"last_system_uid"};
            dief (gtx("The user `%s' was not created.\n"),$new_name);
        }
        $new_gid = &first_avail_gid($config{"first_system_gid"},
	                            $config{"last_system_gid"});
	$ingroup_name = $new_name;
    }
    elsif (!defined($new_uid) && !$make_group_also) {
	$new_uid = &first_avail_uid($config{"first_system_uid"},
				   $config{"last_system_uid"});
        if ($new_uid == -1) {
	    print STDERR "$0: ";
	    printf STDERR gtx("No UID is available in the range %d-%d (FIRST_SYS_UID - LAST_SYS_UID).\n"),$config{"first_system_uid"},$config{"last_system_uid"};
	    dief (gtx("The user `%s' was not created.\n"),$new_name);
        }
        if (defined($new_gid)) { $ingroup_name = getgrgid($new_gid); }
	elsif ($ingroup_name) { $new_gid = getgrnam($ingroup_name); }
	else { dief (gtx("Internal error")); }
    }
    else {
	if (defined($new_gid)) { $ingroup_name = getgrgid($new_gid); }
	elsif ($ingroup_name) { $new_gid = getgrnam($ingroup_name); }
	elsif ($make_group_also){ $new_gid=$new_uid; $ingroup_name=$new_name; }
	else { dief (gtx("Internal error")); }
    }
    printf (gtx("Adding system user `%s' (UID %d) ...\n"),$new_name,$new_uid) if $verbose;

    &invalidate_nscd();
    # if we reach this point, and the group does already exist, we can use it.
    if ($make_group_also && !getgrnam($new_name)) {
	printf (gtx("Adding new group `%s' (GID %d) ...\n"),$new_name,$new_gid) if $verbose;
	$undogroup = $new_name;
       my $groupadd = &which('groupadd');
    if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
        &systemcall($groupadd, '--extrausers', '-g', $new_gid, $new_name);
    } else {
        &systemcall($groupadd, '-g', $new_gid, $new_name);
    }
	&invalidate_nscd("group");
    }

    printf gtx("Adding new user `%s' (UID %d) with group `%s' ...\n"),$new_name,$new_uid,$ingroup_name
	if $verbose;
    $home_dir = $special_home || &homedir($new_name, $ingroup_name);
    $shell = $special_shell || '/usr/sbin/nologin';
    $undouser = $new_name;
    my $useradd = &which('useradd');
    if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
        &systemcall($useradd, '--extrausers', '-d', $home_dir, '-g', $ingroup_name, '-s',
        $shell, '-u', $new_uid, $new_name);
    } else {
        &systemcall($useradd, '-d', $home_dir, '-g', $ingroup_name, '-s',
        $shell, '-u', $new_uid, $new_name);
    }
    if(!$disabled_login) {
        my $usermod = &which('usermod');
        &systemcall($usermod, '-p', '*', $new_name);
    }
    my $chage = &which('chage');
    print "$chage -M 99999 $new_name\n" if ($verbose > 1);
    # do _not_ use systemcall() here, since systemcall() dies on
    # non-zero exit code and we need to do special handling here!
    if (system($chage, '-M', '99999', $new_name)) {
	if( ($?>>8) ne 15 ) {
	    &cleanup(sprintf((gtx("`%s' returned error code %d. Exiting.\n")), "$chage -M 99999 $new_name", $?>>8))
	      if ($?>>8);
	    &cleanup(sprintf((gtx("`%s' exited from signal %d. Exiting.\n")), "$chage -M 99999 $new_name", $?&255));
	} else {
            printf STDERR (gtx("%s failed with return code 15, shadow not enabled, password aging cannot be set. Continuing.\n"), $chage);
	}
    }
    &invalidate_nscd();

    if(defined($new_gecos)) {
	&ch_gecos($new_gecos);
    }
    create_homedir (0);

    exit RET_OK;
}


#############
## adduser ##
#############
if ($action eq "adduser") {
    if (!$ingroup_name && !defined($new_gid)) {
	if ($config{"usergroups"} =~  /yes/i) { $make_group_also = 1; }
	else { $new_gid = $config{"users_gid"}; }
    }
    check_user_group(0);
    $first_uid = $new_firstuid || $config{"first_uid"};
    $last_uid = $new_lastuid || $config{"last_uid"};
    printf (gtx("Adding user `%s' ...\n"),$new_name) if $verbose;

    if (!defined($new_uid) && $make_group_also) {
	$new_uid = &first_avail_uid($first_uid,
				   $last_uid);
				
        if ($new_uid == -1) {
	    print STDERR "$0: ";
            printf STDERR gtx("No UID/GID pair is available in the range %d-%d (FIRST_UID - LAST_UID).\n"),$first_uid,$last_uid;
	    dief (gtx("The user `%s' was not created.\n"),$new_name);
        }
	$new_gid = &first_avail_gid($config{"first_gid"}, 
	                            $config{"last_gid"});
	$ingroup_name = $new_name;
    }
    elsif (!defined($new_uid) && !$make_group_also) {
	$new_uid = &first_avail_uid($first_uid,
				   $last_uid);
	if ($new_uid == -1) {
	    print STDERR "$0: ";
	    printf STDERR gtx("No UID is available in the range %d-%d (FIRST_UID - LAST_UID).\n"),$config{"first_uid"},$config{"last_uid"};
            dief (gtx("The user `%s' was not created.\n"),$new_name);
        }
	if (defined($new_gid)) { $ingroup_name = getgrgid($new_gid); }
	elsif ($ingroup_name) { $new_gid = getgrnam($ingroup_name); }
	else { dief (gtx("Internal error")); }
    }
    else {
	if (defined($new_gid)) { $ingroup_name = getgrgid($new_gid); }
	elsif ($ingroup_name) { $new_gid = getgrnam($ingroup_name); }
	elsif ($make_group_also){ $new_gid=$new_uid; $ingroup_name=$new_name; }
	else { dief (gtx("Internal error")); }
    }

    &invalidate_nscd();
    if ($make_group_also) {
	printf (gtx("Adding new group `%s' (%d) ...\n"),$new_name,$new_gid) if $verbose;
	$undogroup = $new_name;
        my $groupadd = &which('groupadd');
    if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
        &systemcall($groupadd, '--extrausers', '-g', $new_gid, $new_name);
    } else {
        &systemcall($groupadd, '-g', $new_gid, $new_name);
    }
	&invalidate_nscd();
    }

    printf gtx("Adding new user `%s' (%d) with group `%s' ...\n"),$new_name,$new_uid,$ingroup_name
	if $verbose;
    $home_dir = $special_home || &homedir($new_name, $ingroup_name);
	$shell = $special_shell || $config{"dshell"};
    $undouser = $new_name;
    my $useradd = &which('useradd');
    if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
        &systemcall($useradd, '--extrausers', '-d', $home_dir, '-g', $ingroup_name, '-s',
        $shell, '-u', $new_uid, $new_name);
    } else {
        &systemcall($useradd, '-d', $home_dir, '-g', $ingroup_name, '-s',
        $shell, '-u', $new_uid, $new_name);
    }
    &invalidate_nscd();

    create_homedir (1); # copy skeleton data

    # useradd without -p has left the account disabled (password string is '!')
    my $yesexpr = langinfo(YESEXPR());
    if ($ask_passwd) {
	for (;;) {
          my $passwd = &which('passwd');
	  # do _not_ use systemcall() here, since systemcall() dies on
	  # non-zero exit code and we need to do special handling here!
          system($passwd, $new_name);
	  my $ok = $?>>8;
	  if ($ok != 0) {
            my $answer;
            # hm, error, should we break now?
	    print (gtx("Permission denied\n")) if ($ok == 1);
	    print (gtx("invalid combination of options\n")) if ($ok == 2);
	    print (gtx("unexpected failure, nothing done\n")) if ($ok == 3);
	    print (gtx("unexpected failure, passwd file missing\n")) if ($ok == 4);
	    print (gtx("passwd file busy, try again\n")) if ($ok == 5);
	    print (gtx("invalid argument to option\n")) if ($ok == 6);
	    
	    # Translators: [y/N] has to be replaced by values defined in your
	    # locale.  You can see by running "locale noexpr" which regular
	    # expression will be checked to find positive answer.
	    print (gtx("Try again? [y/N] "));
	    chop ($answer=<STDIN>);
	    last if ($answer !~ m/$yesexpr/o);
	  }
	  else {
	    last; ## passwd ok
	  }
	}
    } else {
	if(!$disabled_login) {
           my $usermod = &which('usermod');
	    &systemcall($usermod, '-p', '*', $new_name);
	}
    }

    if (defined($new_gecos)) {
	&ch_gecos($new_gecos);
    }
    else {
	my $noexpr = langinfo(NOEXPR());
	for (;;) {
           my $chfn = &which('chfn');
        if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
    	    &systemcall($chfn, '--extrausers', $new_name);
        } else {
    	    &systemcall($chfn, $new_name);
        }
	    # Translators: [y/N] has to be replaced by values defined in your
	    # locale.  You can see by running "locale yesexpr" which regular
	    # expression will be checked to find positive answer.
	    print (gtx("Is the information correct? [Y/n] "));
	    chop (my $answer=<STDIN>);
	    last if ($answer !~ m/$noexpr/o);
	}
    }

    if ( ( $add_extra_groups || $config{"add_extra_groups"} ) && defined($config{"extra_groups"}) ) {
        printf (gtx("Adding new user `%s' to extra groups ...\n"), $new_name);
        foreach my $newgrp ( split ' ', $config{"extra_groups"} ) {
            if (!defined getgrnam($newgrp)) {
                warnf (gtx("The group `%s' does not exist.\n"),$newgrp);
                next;
            }
            if (&user_is_member($new_name, $newgrp)) {
                printf gtx("The user `%s' is already a member of `%s'.\n"),
                        $new_name,$newgrp if $verbose;
                next;

            }

            printf gtx("Adding user `%s' to group `%s' ...\n"),$new_name,$newgrp
                if $verbose;
            &invalidate_nscd();
            my $gpasswd = &which('gpasswd');
            if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
                &systemcall($gpasswd, '--extrausers', '-M',
                            join(',', get_group_members($newgrp), $new_name),
                            $newgrp);
            } else {
                &systemcall($gpasswd, '-M',
                            join(',', get_group_members($newgrp), $new_name),
                            $newgrp);
            }
            &invalidate_nscd();
        }
    }


    if ($config{"quotauser"}) {
	printf (gtx("Setting quota for user `%s' to values of user `%s' ...\n"), $new_name, $config{quotauser});
	my $edquota = &which('edquota');
	&systemcall($edquota, '-p', $config{quotauser}, $new_name);
    }

    &systemcall('/usr/local/sbin/adduser.local', $new_name, $new_uid,
		$new_gid, $home_dir) if (-x "/usr/local/sbin/adduser.local");
    
    exit RET_OK;
}

#
# we never go here
#


# calculate home directory
sub homedir {
    my $dir = $config{"dhome"};
    $dir .= '/' . $_[1] if ($config{"grouphomes"} =~ /yes/i);
    $dir .= '/' . substr($_[0],0,1) if ($config{"letterhomes"} =~ /yes/i);
    $dir .= '/' . $_[0];
    return $dir;
}


# create_homedir -- create the homedirectory
# parameter 
#   1: $copy_skeleton: 
#     if 0  -> don't copy the skeleton data
#     if 1  -> copy the files in /etc/skel to the newly created home directory
# return values:
#   none
sub create_homedir {
  my ($copy_skeleton) = @_;

  if ($no_create_home) {
      printf gtx("Not creating home directory `%s'.\n"), $home_dir if $verbose;
  }
  elsif (-e $home_dir) {
      printf gtx("The home directory `%s' already exists.  Not copying from `%s'.\n"),
      $home_dir,$config{skel} if $verbose && !$no_create_home;
      my @homedir_stat = stat($home_dir);
      my $home_uid = $homedir_stat[4];
      my $home_gid = $homedir_stat[5];
      if (($home_uid != $new_uid) || ($home_gid != $new_gid)) {
	  warnf gtx("Warning: The home directory `%s' does not belong to the user you are currently creating.\n"), $home_dir;
      }
      undef @homedir_stat; undef $home_uid; undef $home_gid;
  }
  else {
      printf gtx("Creating home directory `%s' ...\n"),$home_dir if $verbose;
      $undohome = $home_dir;
      &mktree($home_dir) || &cleanup(sprintf(gtx("Couldn't create home directory `%s': %s.\n"), $home_dir, $!));
      chown($new_uid, $new_gid, $home_dir)
	  || &cleanup("chown $new_uid:$new_gid $home_dir: $!\n");
      $dir_mode = get_dir_mode($make_group_also);
      chmod ($dir_mode, $home_dir) ||
	  &cleanup("chmod $dir_mode $home_dir: $!\n");

      if ($action eq "adduser") {
          # Mute the command
          system('sh' => ( '-c' => '"$@" >/dev/null 2>&1', '--', '/usr/sbin/zsysctl', 'userdata', 'create', $new_name, $home_dir,));
          chown($new_uid, $new_gid, $home_dir)
    	  || &cleanup("chown $new_uid:$new_gid $home_dir: $!\n");
          $dir_mode = get_dir_mode($make_group_also);
          chmod ($dir_mode, $home_dir) ||
    	  &cleanup("chmod $dir_mode $home_dir: $!\n");
      }

      if (defined($encrypt_home)) {
	printf gtx("Setting up encryption ...\n") if $verbose;
	&systemcall($ecryptfs_setup_private, '-b', '-u', $new_name);
      }

      if ($config{"skel"} && $copy_skeleton) {
	  printf gtx("Copying files from `%s' ...\n"),$config{skel} if $verbose;
	  open(my $FIND, "cd $config{skel}; find .  -print |")
	      || &cleanup(sprintf(gtx("fork for `find' failed: %s\n"), $!));
	  while (<$FIND>) {
	      chop;
	      next if ($_ eq ".");
	      next if ($_ =~ qr/$config{skel_ignore_regex}/ );
	      &copy_to_dir($config{"skel"}, $_, $home_dir, $new_uid,
			    $new_gid, ($config{"setgid_home"} =~ /yes/i));
	  }
      }

      if (defined($encrypt_home)) {
	  &systemcall("/bin/umount", $home_dir);
      }
  }
}

# mktree: create a directory and all parent directories, we don't care about the rights and so on
# parameters:
#   tree: the path 
# return values:
#   none
sub mktree {
    my($tree) = @_;
    my($done, @path);
    my $default_dir_mode = 0755;

    $tree =~ s:^/*(.*)/*$:$1:; # chop off leading & trailing slashes
    @path = split(/\//, $tree);

    $done = "";
    while (@path) {
	$done .= '/' . shift(@path);
	-d $done || mkdir($done, $default_dir_mode) || return 0;
    }
    return 1;
}

# existing_user_ok: check if there's already a user present on the system which satisfies the requirements
# parameter:
#   new_name: the name of the user to check
#   new_uid : the UID of the user
# return values:
#   0 if the the user doesn't exist 
#   1 if the user already exists with the specified uid (or $new_uid wasn't specified)
#   2 if the user already exists, but $new_uid doesn't matches its uid 
sub existing_user_ok {
    my($new_name,$new_uid) = @_;
    my ($dummy1,$dummy2,$uid);
    if (($dummy1,$dummy2,$uid) = getpwnam($new_name)) {
	if( defined($new_uid) && $uid == $new_uid ) {
	    return 1;
	}
	if (! defined($new_uid)) { 
		return 1;
	}
        # TODO: do we really need this code? Range check shouldn't performed here
	if( $uid >= $config{"first_system_uid"} &&
	    $uid <= $config{"last_system_uid" } ) {
		return 2;
	}
    } else {
	return 0;
    }
}

# existing_group_ok: check if there's already a group which satiesfies the requirements
# parameter:
#   new_name: the name of the group
#   new_gid : the UID of the group
# return values:
#   0 if the group doesn't exist
#   1 if the group already exists with the specified gid (or $new_gid wasn't specified)
#   2 if the group already exists, but $new_gid doesn't match its gid 
#   3 if the group already exists inside the system range
sub existing_group_ok {
    my($new_name,$new_gid) = @_;
    my ($dummy1,$dummy2,$gid);
    if (($dummy1,$dummy2,$gid) = getgrnam($new_name)) {

        # TODO: is this check required? There shouldn't be any gid outside of our allowed range anyways ...
	if( $gid >= $config{"first_system_gid"} &&
	    $gid <= $config{"last_system_gid" } ) {
		return 3;
	}
	if (! defined($new_gid)) {
		return 1;
	}
        if ($gid == $new_gid) {
            return 1;
	} else {
            return 2;
        }
    } else {
	return 0;
    }
}



# check_user_group: ???
# parameters:
#   system: 0 if the user isn't a system user, 1 otherwise
# return values:
#   
sub check_user_group {
    my ($system) = @_;
    if( !$system || !existing_user_ok($new_name, $new_uid) ) {
	if( defined getpwnam($new_name) ) {
	    if( $system ) {
		dief (gtx("The user `%s' already exists, and is not a system user.\n"),$new_name);
	    } else {
		dief (gtx("The user `%s' already exists.\n"),$new_name);
	    }
	}
	dief (gtx("The UID %d is already in use.\n"),$new_uid)
	  if (defined($new_uid) && getpwuid($new_uid));
    }
    if ($make_group_also) {
	if( !$system || !existing_group_ok($new_name, $new_uid) ) {
	    dief (gtx("The group `%s' already exists.\n"),$new_name)
	      if (defined getgrnam($new_name));
	    dief (gtx("The GID %d is already in use.\n"),$new_uid)
	      if (defined($new_uid) && defined(getgrgid($new_uid)));
	}
    }
    else {
	dief (gtx("The group `%s' does not exist.\n"),$ingroup_name)
	    if ($ingroup_name && !defined(getgrnam($ingroup_name)));
	dief (gtx("The GID %d does not exist.\n"),$new_gid)
	    if (defined($new_gid) && !defined(getgrgid($new_gid)));
    }
}


# copy_to_dir :
# parameters:
#   fromdir
#   file
#   todir
#   newi
#   newg
#   sgiddir
# return values:
#   none
sub copy_to_dir {
    my($fromdir, $file, $todir, $newu, $newg, $sgiddir) = @_;

    if (-l "$fromdir/$file") {
	my $target=readlink("$fromdir/$file") or &cleanup("readlink: $!\n");
	my $curgid="$)";
	my $curuid="$>";
	my $error="";
	$)="$newg";
	$>="$newu";
	symlink("$target", "$todir/$file") or $error="$!";
        $>="$curuid";
        $)="$curgid";
	if( "$error" ne "" ) {
	    &cleanup("symlink: $!\n");
	}
	return;
    }
    elsif (-f "$fromdir/$file") {
	open (FILE, "$fromdir/$file") || &cleanup("open $fromdir/$file: $!");
	open (NEWFILE, ">$todir/$file") || &cleanup("open >$todir/$file: $!");

	(print NEWFILE <FILE>) || &cleanup("print $todir/$file: $!");
	close FILE;
	close(NEWFILE)  || &cleanup("close $todir/$file ");

    }
    elsif (-d "$fromdir/$file") {
	mkdir("$todir/$file", 700) || &cleanup("mkdir: $!");
    }
    else {
	&cleanup(sprintf((gtx("Cannot deal with %s.\nIt is not a dir, file, or symlink.\n")), "$fromdir/$file"));
    }
    
    chown($newu, $newg, "$todir/$file")
	|| &cleanup("chown $newu:$newg $todir/$file: $!\n");
    $perm = (stat("$fromdir/$file"))[2] & 07777;
    $perm |= 02000 if (-d "$fromdir/$file" && ($perm & 010) && $sgiddir);
    chmod($perm, "$todir/$file") || &cleanup("chmod $todir/$file: $!\n");
}
       

# checkname: perform some sanity checks
# parameters:
#   name: the name to check
#   system: 0 if the user isn't a system user, 1 otherwise
# return values:
#   none (exits on error)
sub checkname {
    my ($name, $system) = @_;
    if ($name !~ /^[_.A-Za-z0-9][-\@_.A-Za-z0-9]*\$?$/) {
	printf STDERR
(gtx("%s: To avoid problems, the username should consist only of
letters, digits, underscores, periods, at signs and dashes, and not start with
a dash (as defined by IEEE Std 1003.1-2001). For compatibility with Samba
machine accounts \$ is also supported at the end of the username\n"), $0);
        exit RET_INVALID_CHARS_IN_NAME;;
    }
    if ($system
        ? $name !~ qr/$config{"name_regex_system"}/
        : $name !~ qr/$config{"name_regex"}/) {
      if ($allow_badname) {
	print (gtx("Allowing use of questionable username.\n")) if ($verbose);
      }
      else {
        printf STDERR
(gtx("%s: Please enter a username matching the regular expression configured
via the NAME_REGEX[_SYSTEM] configuration variable.  Use the `--force-badname'
option to relax this check or reconfigure NAME_REGEX.\n"), $0);
        exit RET_INVALID_CHARS_IN_NAME;
      }
    }
}

# first_avail_uid: return the first available uid in given range
# parameters:
#   min, max: the range
# return values:
#   -1 if no free uid is available
#  otherwise the choosen uid
sub first_avail_uid {
    my ($min, $max) = @_;
    printf (gtx("Selecting UID from range %d to %d ...\n"),$min,$max) if ($verbose > 1);

    my $t = $min;
    while ($t <= $max) {
       return $t if (!defined(getpwuid($t)));
       $t++;
    }
    return -1; # nothing available
}

# first_avail_gid: return the first available gid in given range
# parameters:
#   min, max: the range
# return values:
#   -1 if no free gid is available
#   otherwise the choosen gid
sub first_avail_gid {
    my ($min, $max) = @_;
    printf (gtx("Selecting GID from range %d to %d ...\n"),$min,$max) if ($verbose > 1);

    my $t = $min;
    while ($t <= $max) {
       return $t if (!defined(getgrgid($t)));
       $t++;
    }
    return -1; # nothing available
}

sub ch_gecos {
    my $chfn = &which('chfn');
    my $gecos = shift;
    if($gecos =~ /,/)
      {
	  my($gecos_name,$gecos_room,$gecos_work,$gecos_home,$gecos_other)
	    = split(/,/,$gecos);

        if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
            &systemcall($chfn, '--extrausers', '-f', $gecos_name, '-r', $gecos_room, $new_name);
            &systemcall($chfn,'--extrausers','-w',$gecos_work,$new_name)
                if(defined($gecos_work));
            &systemcall($chfn,'--extrausers','-h',$gecos_home,$new_name)
                if(defined($gecos_home));
            &systemcall($chfn,'--extrausers','-o',$gecos_other,$new_name)
                if(defined($gecos_other));
        } else {
            &systemcall($chfn, '-f', $gecos_name, '-r', $gecos_room, $new_name);
            &systemcall($chfn,'-w',$gecos_work,$new_name)
                if(defined($gecos_work));
            &systemcall($chfn,'-h',$gecos_home,$new_name)
                if(defined($gecos_home));
            &systemcall($chfn,'-o',$gecos_other,$new_name)
                if(defined($gecos_other));
        } 
      }
    else
      {
        if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
            &systemcall($chfn, '--extrausers', '-f', $gecos, $new_name);
        } else {
            &systemcall($chfn, '-f', $gecos, $new_name);
        }
      }
}

# user is member of group?
sub user_is_member {
    my($user, $group) = @_;
    for (split(/ /, (getgrnam($group))[3])) {
	return 1 if ($user eq $_);
    }
    return 0;
}


sub cleanup {
    my ($msg) = @_;
    printf (gtx("Stopped: %s\n"),$msg);
    if ($undohome) {
	printf (gtx("Removing directory `%s' ...\n"),$undohome);
	&systemcall('rm', '-rf', $undohome);
    }
    if ($undouser) {
	printf (gtx("Removing user `%s' ...\n"),$undouser);
	&systemcall('userdel', $undouser);
    }
    if ($undogroup) {
	printf (gtx("Removing group `%s' ...\n"),$undogroup);
	&systemcall('groupdel', $undogroup);
    }
    # do we need to invalidate the nscd cache here, too?
    exit RET_ADDUSER_ABORTED;
}

sub handler {
    my($sig) = @_;
    # Translators: the variable %s is INT, QUIT, or HUP.
    # Please do not insert a space character between SIG and %s.
    &cleanup(sprintf(gtx("Caught a SIG%s.\n"), $sig));
}
    

sub version {
    printf (gtx("adduser version %s\n\n"), $version);
    print gtx("Adds a user or group to the system.
  
Copyright (C) 1997, 1998, 1999 Guy Maor <maor\@debian.org>
Copyright (C) 1995 Ian Murdock <imurdock\@gnu.ai.mit.edu>,
                   Ted Hajek <tedhajek\@boombox.micro.umn.edu>
\n");
    print gtx(
"This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at
your option) any later version.

This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
General Public License, /usr/share/common-licenses/GPL, for more details.
");
}

sub usage {
    printf gtx(
"adduser [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID]
[--firstuid ID] [--lastuid ID] [--gecos GECOS] [--ingroup GROUP | --gid ID]
[--disabled-password] [--disabled-login] [--add_extra_groups]
[--encrypt-home] USER
   Add a normal user

adduser --system [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID]
[--gecos GECOS] [--group | --ingroup GROUP | --gid ID] [--disabled-password]
[--disabled-login] [--add_extra_groups] USER
   Add a system user

adduser --group [--gid ID] GROUP
addgroup [--gid ID] GROUP
   Add a user group

addgroup --system [--gid ID] GROUP
   Add a system group

adduser USER GROUP
   Add an existing user to an existing group

general options:
  --quiet | -q      don't give process information to stdout
  --force-badname   allow usernames which do not match the
                    NAME_REGEX[_SYSTEM] configuration variable
  --extrausers      uses extra users as the database
  --help | -h       usage message
  --version | -v    version number and copyright
  --conf | -c FILE  use FILE as configuration file\n\n");
}

sub get_dir_mode
  {
      my $setgid = shift;
      # no longer make home directories setgid per default (closes: #64806)
      $setgid = 0 unless $config{"setgid_home"} =~  /yes/i;

      my $dir_mode = $config{"dir_mode"};
      if(!defined($dir_mode) || ! ($dir_mode =~ /[0-7]{3}/ ||
				   $dir_mode =~ /[0-7]{4}/))
	{
	    $dir_mode = $setgid ? 2755 : 0755;
	}
      else
	{
	    $dir_mode = $config{"dir_mode"};
	    if($setgid && (length($dir_mode) == 3 || $dir_mode =~ /^[0-1|4-5][0-7]{3}$/))
	      {
		  $dir_mode += 2000;
	      }
	}
      return oct($dir_mode);
  }

# Local Variables:
# mode:cperl
# cperl-indent-level:4
# End:

# vim:set ai et sts=4 sw=4 tw=0: