:
# ident "@(#)nadduser.sh	1.1 91/02/21"
# Copyright 1991, Altos Computer Systems
# All rights reserved.
#
# nadduser -- Add a UNIX user
# nadduser [-dflp] [-u uid] [-g groupname] [-s shell] [-h homedir] username
#
#   -d           Delete the user.
#   -f           Forced creation; do not complain if the user's home
#                directory already exists.
#   -l           Do not copy .profile, .login, and .cshrc to the user's
#                home directory.
#   -p           Do not prompt for the user's password.
#   -uuid        Create the user with the given uid. If the -u flag is
#                not specified, nadduser will choose the uid automatically.
#   -ggroupname  Set the user's group to groupname. If groupname does not
#                exist, nadduser will automatically create it. The default
#                groupname is "group."
#   -sshell      Set the user's login shell to shell. If -s is not specified,
#                nadduser will use /bin/sh. 
#   -hhomedir    Set the user's home directory to homedir. By default, home
#                directories are created in /usr
#


PATH=/bin:/usr/bin:/etc:$PATH:
COMMAND=`basename $0`
USAGE="usage: $COMMAND [-dflp] [-u uid] [-g group] [-s shell] [-h homedir] user"
OPTIONS="dflpg:h:s:u:"
PASSWD_FILE=/etc/passwd
GROUP_FILE=/etc/group
ADDGROUP=/altos/bin/naddgroup
TCBDIR=/tcb/files/auth
DEFAULT_USERS=/etc/auth/subsystems/dflt_users
MKUSER=/usr/lib/mkuser
MIN_UID=200
MAX_UID=60000
DEF_SHELL=/bin/sh
DEF_GROUP=group
DEF_HOMEDIR=/usr



#
# Parse the command line options
#

DFLAG=false
FFLAG=false
GFLAG=false
HFLAG=false
LFLAG=false
PFLAG=false
SFLAG=false
UFLAG=false

HOMEDIR=
GROUP=
LOGIN_SHELL=

while getopts $OPTIONS opt
do
	case $opt in
		 d)	DFLAG=true
			;;

		 f)	FFLAG=true
			;;

		 g)	GFLAG=true
			GROUP=$OPTARG
			;;

		 h)	HFLAG=true
			HOMEDIR=$OPTARG
			;;

		 l)	LFLAG=true
			;;

		 p)	PFLAG=true
			;;

		 s)	SFLAG=true
			LOGIN_SHELL=$OPTARG
			;;

		 u)	UFLAG=true
			if expr $OPTARG + 1 >/dev/null 2>&1 && \
			[ $OPTARG -ge 0 -a $OPTARG -lt $MAX_UID ]
			then
				UID=$OPTARG
			else
				echo "$COMMAND: bad uid ($OPTARG)"
				echo $USAGE
				exit 1
			fi
			;;

		\?)	echo $USAGE
			exit 1
			;;
	esac
done
shift `expr $OPTIND - 1`
USER=$1



if [ -z "$USER" ]
then
	echo $USAGE
	exit 1
elif echo $USER | fgrep : >/dev/null 2>&1
then
	echo "$COMMAND: colons (:) cannot be embedded in the user name."
	exit 1
fi

if $DFLAG && \
( $FFLAG || $GFLAG || $HFLAG || $LFLAG || $PFLAG || $SFLAG || $UFLAG )
then
	echo "The -d flag cannot be used with any other options."
	echo $USAGE
	exit 1
fi



#
# If the -d option was specified, delete the user.
# This includes removing the user's home directory.
#

if $DFLAG
then
	if grep "^$USER:" $PASSWD_FILE >/dev/null 2>&1
	then

		#
		# Save the user's home directory
		#

		HOMEDIR=`awk -F":" '$1 == user { print $6 }' user=$USER \
								 $PASSWD_FILE`


		#
		# Delete the user's entry from PASSWD_FILE
		#

		ed $PASSWD_FILE >/dev/null 2>&1 <<-EOF
			/^$USER:
			d
			w
			q
			EOF

		if [ $? -ne 0 ]
		then
			echo "$COMMAND: \c"
			echo "could not delete $USER from $PASSWD_FILE."
			exit 1
		fi


		#
		# Remove the user from DEFAULT_USERS
		#

		if [ -f $DEFAULT_USERS ]
		then
			ed $DEFAULT_USERS >/dev/null 2>&1 <<-EOF
				/^$USER$
				d
				w
				q
				EOF

			if [ $? -ne 0 ]
			then
				echo "$COMMAND: \c"
				echo "could not delete $USER from \c"
				echo "$DEFAULT_USERS."
				exit 1
			fi
		fi


		#
		# Remove the TCB entry for this user
		#

		TCBDIR=$TCBDIR/`expr $USER : '\(.\)' | tr "[A-Z]" "[a-z]"`
		TCB_FILE=$TCBDIR/$USER
		if [ -f $TCB_FILE ]
		then
			rm -f $TCB_FILE
		fi


		#
		# Remove the user's home directory
		#

		if [ -d $HOMEDIR ]
		then
			tput clear
			echo "\n"
			echo "User $USER has been deleted from $PASSWD_FILE."
			echo "Do you want to remove the home directory \c"
			echo "$HOMEDIR ? (y/n) \c"
			read ANSWER

			if [ "$ANSWER" = Y -o "$ANSWER" = y ]
			then
				rm -rf $HOMEDIR
			else
				echo "$HOMEDIR not removed.\n"
				sleep 3
			fi
		fi
	fi
else


	#
	# Were adding a new user
	#

		
	#
	# Set any defaults
	#

	[ -z "$HOMEDIR"     ] && HOMEDIR=$DEF_HOMEDIR/$USER
	[ -z "$GROUP"       ] && GROUP=$DEF_GROUP
	[ -z "$LOGIN_SHELL" ] && LOGIN_SHELL=$DEF_SHELL



	#
	# Make sure that USER does not already exist
	#

	if grep "^$USER:" $PASSWD_FILE >/dev/null 2>&1
	then
		echo "$COMMAND: user $USER already exists in $PASSWD_FILE."
		exit 1
	fi


	#
	# Generate the user's id
	# If the user specified specified a uid (with -u), 
	# verify that the id is not being used by some other account.
	#

	if $UFLAG 
	then
		if grep "\*:$UID:[0-9]" $PASSWD_FILE >/dev/null 2>&1
		then
			echo "$COMMAND: uid $UID already in use."
			exit 1
		fi
	else

		#
		# Choose the next available uid
		#

		UID=`awk -F":" '{ print $3 }' $PASSWD_FILE | sort -n | tail -1`
		UID=`expr $UID + 1`
		if [ $UID -lt $MIN_UID ]
		then
			UID=$MIN_UID
		fi
	fi



	#
	# Make sure that the user's login group exists
	#

	grep "^$GROUP:" $GROUP_FILE >/dev/null 2>&1 || {
		if [ -x $ADDGROUP ]
		then
			$ADDGROUP -m $USER $GROUP
			if [ $? -ne 0 ]
			then
				echo "$COMMAND: \c"
				echo "could not create group $GROUP in \c"
				echo "$GROUP_FILE."
				exit 1
			fi
		else
			echo "$COMMAND: could not execute $ADDGROUP."
			exit 1
		fi
	}


	#
	# Read the group's gid
	#

	GID=`awk -F":" '$1 == group { print $3 }' group=$GROUP $GROUP_FILE`
	if [ -z "$GID" ]
	then
		echo "$COMMAND: could not read the user's gid ($GROUP)."
		exit 1
	fi


	#
	# Unless -f was specified, abort if the user's home directory 
	# exists. Note that we don't create the directory here; we'll
	# do that step after we enter the password and tcb information.
	#

	if [ -d $HOMEDIR ]
	then
		$FFLAG || {
			echo "$COMMAND: user's home directory $HOMEDIR \c"
			echo "already exists."
			exit 1
		}
	fi

		

	#
	# Add the entry to PASSWD_FILE
	#

	echo $USER:\*:$UID:$GID:$USER:$HOMEDIR:$LOGIN_SHELL >> $PASSWD_FILE


	#
	# Add the user to DEFAULT_USERS
	#

	if [ -f $DEFAULT_USERS ]
	then
		echo $USER >> $DEFAULT_USERS
	fi


	#
	# Create the user's TCB file
	#

	TCBDIR=$TCBDIR/`expr $USER : '\(.\)' | tr "[A-Z]" "[a-z]"`
	if [ -d $TCBDIR ]
	then
		TCB_FILE=$TCBDIR/$USER
		TCB_ENTRY=$USER:u_name=$USER:u_id#$UID::u_pwd=\*:
		TCB_ENTRY=$TCB_ENTRY:u_type=general:u_pswduser=$USER:u_lock@:
		TCB_ENTRY=$TCB_ENTRY:chkent:
		echo $TCB_ENTRY > $TCB_FILE
		chown root $TCB_FILE
		chgrp auth $TCB_FILE
		chmod 660 $TCB_FILE
	fi


	#
	# If the user's home directory does not exist, create it.
	#

	if [ ! -d $HOMEDIR ]
	then
		mkdir -p -m0700 $HOMEDIR
		chown $USER $HOMEDIR
		chgrp $GROUP $HOMEDIR
	fi


	#
	# Unless -l was specified, copy the standard login files
	# to the user's home directory
	#

	$LFLAG || {

		LOGIN_SHELL=`basename $LOGIN_SHELL`
		MKUSER=$MKUSER/$LOGIN_SHELL
		if [ -d $MKUSER ]
		then
			case $LOGIN_SHELL in
				sh | rsh | ksh | rksh | odtsh )
					LOGIN_FILES=profile
					;;
				csh )
					LOGIN_FILES="login cshrc"
					;;
				\* )
					LOGIN_FILES=
					;;
			esac

			for FILE in $LOGIN_FILES
			do
				if [ -f $MKUSER/$FILE ]
				then
					if [ ! -f $HOMEDIR/.$FILE ]
					then
						cp $MKUSER/$FILE $HOMEDIR/.$FILE
						chown $USER $HOMEDIR/.$FILE
						chgrp $GROUP $HOMEDIR/.$FILE
						chmod 0600 $HOMEDIR/.$FILE
					else
						echo "$COMMAND: \c"
						echo "$HOMEDIR/.$FILE \c"
						echo "already exists."
						sleep 3
					fi
				else
					echo "$COMMAND: \c"
					echo "cannot read $MKUSER/$FILE."
					sleep 3
				fi
			done
		else
			echo "$COMMAND: directory $MKUSER does not exist."
			sleep 3
		fi
	}


	#
	# Unless -p was specified, prompt for the user's password
	#

	$PFLAG || {
		tput clear
		echo "\n"
		passwd $USER || sleep 3
	}

fi
tput clear
exit 0

