usermngr: define static tr181 roles

usermngr/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=usermngr
-PKG_VERSION:=1.2.14
+PKG_VERSION:=1.2.15
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
@@ -46,9 +46,10 @@ define Package/usermngr/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/etc/init.d/users $(1)/etc/init.d/users
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/etc/uci-defaults/90-indicate-bootstrap $(1)/etc/uci-defaults/90-indicate-bootstrap
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/etc/uci-defaults/91-sync-shells $(1)/etc/uci-defaults/91-sync-shells
+	$(INSTALL_DIR) $(1)/etc/users/roles
+	$(INSTALL_BIN) ./files/etc/uci-defaults/90-indicate-bootstrap $(1)/etc/uci-defaults/90-indicate-bootstrap
+	$(INSTALL_BIN) ./files/etc/uci-defaults/91-sync-shells $(1)/etc/uci-defaults/91-sync-shells
+	$(INSTALL_BIN) ./files/etc/init.d/users $(1)/etc/init.d/users
 	$(INSTALL_BIN) ./files/etc/config/users $(1)/etc/config/users
 	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libusermngr.so $(1) $(PKG_NAME)
 endef

usermngr/files/etc/init.d/users

@@ -0,0 +1,148 @@
+#!/bin/sh /etc/rc.common
+
+START=11
+STOP=90
+USE_PROCD=1
+
+create_group() {
+	local group="$1"
+	local enabled deleted old_name
+	config_get enabled "$group" enabled ""
+	config_get deleted "$group" deleted ""
+	config_get old_name "$group" old_name ""
+	
+	groupname=${group#*_}
+
+	if [ "$deleted" = "1" ]; then
+		groupdel -f "$groupname"
+		uci -q delete users."$group"
+		return 0
+	fi
+
+	if [ -n "$old_name" ]; then
+		del_group=${old_name#*_}
+		grep -rq "^$del_group:" /etc/group
+		if [ "$?" = "0" ]; then
+			groupdel -f "$del_group"
+		fi
+		uci -q delete users."$group".old_name
+	fi
+
+	if [ "$enabled" = "1" ]; then
+		grep -rq "^$groupname:" /etc/group
+		if [ "$?" = "1" ]; then
+			groupadd -f "$groupname"
+		fi
+	else
+		grep -rq "^$groupname:" /etc/group
+		if [ "$?" = "0" ]; then
+			groupdel -f "$groupname"
+		fi
+	fi
+}
+
+create_user() {
+        local user="$1"
+        local enabled password member_groups shell old_name deleted encrypted_password
+	config_get password "$user" password ""
+	config_get enabled "$user" enabled ""
+	config_get old_name "$user" old_name ""
+	config_get member_groups "$user" member_groups ""
+	config_get shell "$user" shell ""
+	config_get deleted "$user" deleted ""
+	config_get encrypted_password "$user" encrypted_password ""
+
+	if [ "$deleted" = "1" ]; then
+		userdel -f "$user"
+		uci -q delete users."$user"
+		return 0
+	fi
+
+	if [ -n "$old_name" ]; then
+		cat /etc/passwd | cut -d: -f1 | grep -qE "^$old_name$"
+		if [ "$?" = "0" ]; then
+			usermod -b -l "$user" "$old_name"
+		fi
+		uci -q delete users."$user".old_name
+	fi
+
+	grep -rq "^$user:" /etc/passwd
+	if [ "$?" = "1" ]; then
+		adduser -D -H -s /bin/false "$user"
+	fi
+
+	# set password
+	if [ -n "$password" ]; then
+		echo "$user:$password" | chpasswd
+		uci -q delete users."$user".password
+	fi
+
+	# set encrypted_password
+	if [ -n "$encrypted_password" ]; then
+		str=$(ubus call bbf.secure decode "{'data':'$encrypted_password'}" |jsonfilter -e @.value)
+		if [ -n "$str" ]; then
+			echo "$user:$str" | chpasswd
+		fi
+	fi
+
+	# set shell
+	usermod -s /bin/false "$user"
+	if [ -n "$shell" ] && [ "$shell" != "false" ]; then
+		shellname=$(cat /etc/shells | grep -r "/$shell$")
+		if [ -n "$shellname" ]; then
+			shell_sec=""
+			shell_en=""
+			uci_param=$(uci -q show users | grep -E "^users\.@shell\[[0-9]+\]\.name=\'$shell\'$")
+			if [ -n "$uci_param" ]; then
+				shell_sec=$(echo "$uci_param" | cut -d= -f1 | cut -d. -f2)
+			fi
+
+			if [ -n "$shell_sec" ]; then
+				shell_en=$(uci -q get users."$shell_sec".enabled)
+			fi
+
+			if [ "$shell_en" = "1" ]; then
+				usermod -s "$shellname" "$user"
+			fi
+		fi
+	fi
+
+	# add groups
+	usermod -G "" "$user"
+	if [ -n "$member_groups" ]; then
+		for i in ${member_groups//,/ }
+		do
+			group=${i#*_}
+			grep -rq "^$group:" /etc/group
+			if [ "$?" = "0" ]; then
+				usermod -aG "$group" "$user"
+			fi
+		done
+	fi
+
+	if [ "$enabled" = "1" ]; then
+		usermod -U "$user"
+	else
+		usermod -L "$user"
+	fi
+}
+
+start_service() {
+	config_load users
+
+	# creation of non-static groups and users
+	config_foreach create_group group
+	config_foreach create_user user
+	uci commit users
+}
+
+reload_service() {
+	stop
+	start
+}
+
+service_triggers()
+{
+	procd_add_reload_trigger "users"
+}
+

usermngr/files/etc/uci-defaults/90-indicate-bootstrap

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+touch /var/run/user_bootstrap
+touch /var/run/group_bootstrap

usermngr/files/etc/uci-defaults/91-sync-shells

@@ -0,0 +1,63 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+add_system_shells() {
+	system_shells=$(cat /etc/shells)
+	for line in $system_shells
+	do
+		shell_name=$(basename "${line}")
+		# Add the shell in UCI if not exists
+		sec=$(uci -q show users | grep -E "^users\.@shell\[[0-9]+\]\.name=\'$shell_name\'$")
+		if [ -z "${sec}" ]; then
+			sec=$(uci -q add users shell)
+			uci -q set users."${sec}".name="${shell_name}"
+			uci -q set users."${sec}.enabled=1"
+			uci commit users
+		fi
+	done
+}
+
+#Now remove the shell from users if assigned
+remove_user_shell() {
+	local shell
+	config_get shell "$1" shell ""
+
+	if [ -n "${shell}" ]; then
+		if [ "${shell}" = "${2}" ]; then
+			uci -q set users."${1}.shell="
+		fi
+	fi
+}
+
+# Now remove non existing shell from UCI
+remove_shell() {
+	local name
+	local exist=0
+	config_get name "$1" name ""
+	system_shells=$(cat /etc/shells)
+
+	if [ -n "${name}" ]; then
+		# Remove if not exist in system
+		exist=0
+		for line in $system_shells
+		do
+			shell=$(basename "${line}")
+			if [ "${shell}" = "${name}" ]; then
+				exist=1
+				break
+			fi
+		done
+
+		if [ "${exist}" -eq 0 ]; then
+			uci -q delete users."$1"
+			# Remove this shell from users if assigned
+			config_foreach remove_user_shell user "${name}"
+		fi
+	fi
+}
+
+config_load users
+add_system_shells
+config_foreach remove_shell shell
+uci commit users