1#
2# Copyright OpenEmbedded Contributors
3#
4# SPDX-License-Identifier: MIT
5#
6
7# This bbclass provides basic functionality for user/group settings.
8# This bbclass is intended to be inherited by useradd.bbclass and
9# extrausers.bbclass.
10
11# The following functions basically have similar logic.
12# *) Perform necessary checks before invoking the actual command
13# *) Invoke the actual command with flock
14# *) Error out if an error occurs.
15
16# Note that before invoking these functions, make sure the global variable
17# PSEUDO is set up correctly.
18
19perform_groupadd () {
20	local rootdir="$1"
21	local opts="$2"
22	bbnote "${PN}: Performing groupadd with [$opts]"
23	local groupname=`echo "$opts" | awk '{ print $NF }'`
24	local group_exists="`grep "^$groupname:" $rootdir/etc/group || true`"
25	if test "x$group_exists" = "x"; then
26		eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO groupadd \$opts\" || true
27		group_exists="`grep "^$groupname:" $rootdir/etc/group || true`"
28		if test "x$group_exists" = "x"; then
29			bbfatal "${PN}: groupadd command did not succeed."
30		fi
31	else
32		bbnote "${PN}: group $groupname already exists, not re-creating it"
33	fi
34}
35
36perform_useradd () {
37	local rootdir="$1"
38	local opts="$2"
39	bbnote "${PN}: Performing useradd with [$opts]"
40	local username=`echo "$opts" | awk '{ print $NF }'`
41	local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`"
42	if test "x$user_exists" = "x"; then
43		eval flock -x $rootdir${sysconfdir} -c  \"$PSEUDO useradd \$opts\" || true
44		user_exists="`grep "^$username:" $rootdir/etc/passwd || true`"
45		if test "x$user_exists" = "x"; then
46			bbfatal "${PN}: useradd command did not succeed."
47		fi
48	else
49		bbnote "${PN}: user $username already exists, not re-creating it"
50	fi
51}
52
53perform_groupmems () {
54	local rootdir="$1"
55	local opts="$2"
56	bbnote "${PN}: Performing groupmems with [$opts]"
57	local groupname=`echo "$opts" | awk '{ for (i = 1; i < NF; i++) if ($i == "-g" || $i == "--group") print $(i+1) }'`
58	local username=`echo "$opts" | awk '{ for (i = 1; i < NF; i++) if ($i == "-a" || $i == "--add") print $(i+1) }'`
59	bbnote "${PN}: Running groupmems command with group $groupname and user $username"
60	local mem_exists="`grep "^$groupname:[^:]*:[^:]*:\([^,]*,\)*$username\(,[^,]*\)*$" $rootdir/etc/group || true`"
61	if test "x$mem_exists" = "x"; then
62		eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO groupmems \$opts\" || true
63		mem_exists="`grep "^$groupname:[^:]*:[^:]*:\([^,]*,\)*$username\(,[^,]*\)*$" $rootdir/etc/group || true`"
64		if test "x$mem_exists" = "x"; then
65			bbfatal "${PN}: groupmems command did not succeed."
66		fi
67	else
68		bbnote "${PN}: group $groupname already contains $username, not re-adding it"
69	fi
70}
71
72perform_groupdel () {
73	local rootdir="$1"
74	local opts="$2"
75	bbnote "${PN}: Performing groupdel with [$opts]"
76	local groupname=`echo "$opts" | awk '{ print $NF }'`
77	local group_exists="`grep "^$groupname:" $rootdir/etc/group || true`"
78
79	if test "x$group_exists" != "x"; then
80		local awk_input='BEGIN {FS=":"}; $1=="'$groupname'" { print $3 }'
81		local groupid=`echo "$awk_input" | awk -f- $rootdir/etc/group`
82		local awk_check_users='BEGIN {FS=":"}; $4=="'$groupid'" {print $1}'
83		local other_users=`echo "$awk_check_users" | awk -f- $rootdir/etc/passwd`
84
85		if test "x$other_users" = "x"; then
86			eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO groupdel \$opts\" || true
87			group_exists="`grep "^$groupname:" $rootdir/etc/group || true`"
88			if test "x$group_exists" != "x"; then
89				bbfatal "${PN}: groupdel command did not succeed."
90			fi
91		else
92			bbnote "${PN}: '$groupname' is primary group for users '$other_users', not removing it"
93		fi
94	else
95		bbnote "${PN}: group $groupname doesn't exist, not removing it"
96	fi
97}
98
99perform_userdel () {
100	local rootdir="$1"
101	local opts="$2"
102	bbnote "${PN}: Performing userdel with [$opts]"
103	local username=`echo "$opts" | awk '{ print $NF }'`
104	local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`"
105	if test "x$user_exists" != "x"; then
106		eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO userdel \$opts\" || true
107		user_exists="`grep "^$username:" $rootdir/etc/passwd || true`"
108		if test "x$user_exists" != "x"; then
109			bbfatal "${PN}: userdel command did not succeed."
110		fi
111	else
112		bbnote "${PN}: user $username doesn't exist, not removing it"
113	fi
114}
115
116perform_groupmod () {
117	# Other than the return value of groupmod, there's no simple way to judge whether the command
118	# succeeds, so we disable -e option temporarily
119	set +e
120	local rootdir="$1"
121	local opts="$2"
122	bbnote "${PN}: Performing groupmod with [$opts]"
123	local groupname=`echo "$opts" | awk '{ print $NF }'`
124	local group_exists="`grep "^$groupname:" $rootdir/etc/group || true`"
125	if test "x$group_exists" != "x"; then
126		eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO groupmod \$opts\"
127		if test $? != 0; then
128			bbwarn "${PN}: groupmod command did not succeed."
129		fi
130	else
131		bbwarn "${PN}: group $groupname doesn't exist, unable to modify it"
132	fi
133	set -e
134}
135
136perform_usermod () {
137	# Same reason with groupmod, temporarily disable -e option
138	set +e
139	local rootdir="$1"
140	local opts="$2"
141	bbnote "${PN}: Performing usermod with [$opts]"
142	local username=`echo "$opts" | awk '{ print $NF }'`
143	local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`"
144	if test "x$user_exists" != "x"; then
145		eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO usermod \$opts\"
146		if test $? != 0; then
147			bbfatal "${PN}: usermod command did not succeed."
148		fi
149	else
150		bbwarn "${PN}: user $username doesn't exist, unable to modify it"
151	fi
152	set -e
153}
154
155perform_passwd_expire () {
156	local rootdir="$1"
157	local opts="$2"
158	bbnote "${PN}: Performing equivalent of passwd --expire with [$opts]"
159	# Directly set sp_lstchg to 0 without using the passwd command: Only root can do that
160	local username=`echo "$opts" | awk '{ print $NF }'`
161	local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`"
162	if test "x$user_exists" != "x"; then
163		eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed -i \''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' $rootdir/etc/shadow \" || true
164		local passwd_lastchanged="`grep "^$username:" $rootdir/etc/shadow | cut -d: -f3`"
165		if test "x$passwd_lastchanged" != "x0"; then
166			bbfatal "${PN}: passwd --expire operation did not succeed."
167		fi
168	else
169		bbnote "${PN}: user $username doesn't exist, not expiring its password"
170	fi
171}
172