openkylin
/
user-setup
mirror of https://gitee.com/openkylin/user-setup.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Import Upstream version 1.63

This commit is contained in:
openKylinBot 2022-05-14 03:14:23 +08:00
commit 366c97fdf9
7 changed files with 900 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
finish-install.d/06user-setup Executable file
View File

@ -0,0 +1,3 @@
#! /bin/sh
set -e
user-setup-apply /target

67
functions.sh Normal file
View File

@ -0,0 +1,67 @@
# Returns a true value if there seems to be a system user account.
# OVERRIDE_SYSTEM_USER overrides this to assume that no system user account
# exists.
is_system_user () {
if [ "$OVERRIDE_SYSTEM_USER" ]; then
return 1
fi
if ! [ -e $ROOT/etc/passwd ]; then
return 1
fi
# Assume NIS, or any uid from 1000 to 59999, means there is a user.
if grep -q '^+:' $ROOT/etc/passwd || \
grep -q '^[^:]*:[^:]*:[1-9][0-9][0-9][0-9]:' $ROOT/etc/passwd || \
grep -q '^[^:]*:[^:]*:[1-5][0-9][0-9][0-9][0-9]:' $ROOT/etc/passwd; then
return 0
else
return 1
fi
}
# Returns a true value if root already has a password.
root_password () {
if ! [ -e $ROOT/etc/passwd ]; then
return 1
fi
# Assume there is a root password if NIS is being used.
if grep -q '^+:' $ROOT/etc/passwd; then
return 0
fi
# Be more careful than usual about test arguments in the following,
# just in case (for example) the encrypted password string is "!".
if [ -e $ROOT/etc/shadow ] && \
[ -n "`grep ^root: $ROOT/etc/shadow | cut -d : -f 2`" ] && \
[ "x`grep ^root: $ROOT/etc/shadow | cut -d : -f 2`" != 'x*' ] && \
[ "x`grep ^root: $ROOT/etc/shadow | cut -d : -f 2`" != 'x!' ]; then
return 0
fi
if [ -e $ROOT/etc/passwd ] && \
[ -n "`grep ^root: $ROOT/etc/passwd | cut -d : -f 2`" ] && \
[ "x`grep ^root: $ROOT/etc/passwd | cut -d : -f 2`" != 'xx' ]; then
return 0
fi
return 1
}
password_is_empty () {
db_get user-setup/allow-password-empty
if [ "$RET" = true ]; then
return 1 # don't consider this as empty if explicitly allowed
fi
[ -z "$1" ]
}
password_is_weak () {
db_get user-setup/allow-password-weak
if [ "$RET" = true ]; then
return 1 # don't consider this as weak if explicitly allowed
fi
[ "$(printf %s "$1" | wc -c)" -lt 8 ]
}

10
pre-pkgsel.d/10kdesudo Executable file
View File

@ -0,0 +1,10 @@
#! /bin/sh
set -e
. /usr/share/debconf/confmodule
if db_get passwd/root-login && [ "$RET" = false ] && \
db_get tasksel/desktop && [ "$RET" = kde ]; then
echo "kdesudo kdesudo/kdesu boolean true" | \
LANG=C chroot /target debconf-set-selections
fi

107
reserved-usernames Normal file
View File

@ -0,0 +1,107 @@
# Static users from base-passwd/passwd.master (3.5.11).
root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
proxy
www-data
backup
list
irc
gnats
nobody
# Other static groups from base-passwd/group.master (3.5.11).
adm
tty
disk
kmem
dialout
fax
voice
cdrom
floppy
tape
sudo
audio
dip
operator
src
shadow
utmp
video
sasl
plugdev
staff
users
nogroup
# Reserved usernames listed in base-passwd/README (3.5.11).
netplan
ftn
mysql
tac-plus
alias
qmail
qmaild
qmails
qmailr
qmailq
qmaill
qmailp
asterisk
vpopmail
vchkpw
# Ubuntu creates the admin group and adds the first user to it in order to
# grant them sudo privileges.
admin
# Other miscellaneous system users/groups created by common packages. While
# it's useful to add things here that people might run into, it's not
# absolutely critical; the worst that will happen is that the installation
# will fail at some later point.
Debian-exim
bind
crontab
cupsys
dcc
dhcp
dictd
dovecot
fetchmail
firebird
ftp
fuse
gdm
haldaemon
hplilp
identd
jwhois
klog
lpadmin
maas
messagebus
mythtv
netdev
powerdev
radvd
saned
sbuild
scanner
slocate
ssh
sshd
ssl-cert
sslwrap
statd
syslog
telnetd
tftpd

5
user-setup Executable file
View File

@ -0,0 +1,5 @@
#! /bin/sh
set -e
export PATH="/usr/lib/user-setup:$PATH"
user-setup-ask
user-setup-apply

423
user-setup-apply Executable file
View File

@ -0,0 +1,423 @@
#! /bin/sh
set -e
. /usr/share/debconf/confmodule
if [ "$1" ]; then
export LANG=C # avoid locale errors from perl
ROOT="$1"
chroot=chroot
log='log-output -t user-setup'
else
ROOT=
chroot=
log=
fi
. /usr/lib/user-setup/functions.sh
# Set a password, via chpasswd.
# Use a heredoc rather than echo, to avoid the password
# showing in the process table. (However, this is normally
# only called when first installing the system, when root has no
# password at all, so that should be an unnecessary precaution).
#
# Pass in four arguments: the user, the password, 'true' if the
# password has been pre-crypted (by preseeding), and a 'true' if
# the home directory is encrypted
setpassword () {
local USER PASSWD PAM_SET_PWD
USER="$1"
PASSWD="$2"
local VERSION=$($chroot $ROOT dpkg-query -W -f '${Version}\n' passwd)
PAM_SET_PWD=false
if $chroot $ROOT dpkg --compare-versions "$VERSION" ge "1:4.1.4-1"; then
# support for versions with PAM support (Squeeze)
PAM_SET_PWD=true
if [ "$3" = true ]; then
$chroot $ROOT usermod --password=$PASSWD $USER
else
$chroot $ROOT chpasswd <<EOF
$USER:$PASSWD
EOF
fi
else
# compatibility support for versions without PAM support (Lenny)
local OPTS
if [ "$3" = true ]; then
OPTS=-e
else
OPTS=-m
fi
$chroot $ROOT chpasswd $OPTS <<EOF
$USER:$PASSWD
EOF
fi
# If the password was set using PAM, pam_ecryptfs will handle the initial
# passphrase wrapping. Otherwise, we need this hack...
if [ "$4" = true ] && [ "$PAM_SET_PWD" = false ]; then
local UNWRAPPED_PASSPHRASE_FILE WRAPPED_PASSPHRASE_FILE MOUNT_PASSPHRASE
UNWRAPPED_PASSPHRASE_FILE=/dev/shm/.ecryptfs-$USER
if [ -e "$UNWRAPPED_PASSPHRASE_FILE" ]; then
WRAPPED_PASSPHRASE_FILE=/home/$USER/.ecryptfs/wrapped-passphrase
MOUNT_PASSPHRASE=$($chroot $ROOT cat $UNWRAPPED_PASSPHRASE_FILE)
$chroot $ROOT ecryptfs-wrap-passphrase $WRAPPED_PASSPHRASE_FILE - <<EOF
$MOUNT_PASSPHRASE
$PASSWD
EOF
$chroot $ROOT rm -f $UNWRAPPED_PASSPHRASE_FILE
$chroot $ROOT chown $USER:$USER $WRAPPED_PASSPHRASE_FILE
else
echo "$UNWRAPPED_PASSPHRASE_FILE does not exist, but should!" >&2
db_input critical user-setup/encrypt-home-failed || true
db_go || true
fi
fi
}
# Enable/disable shadow passwords.
db_get passwd/shadow
if [ "$RET" = true ]; then
$log $chroot $ROOT shadowconfig on
else
$log $chroot $ROOT shadowconfig off
fi
if ! root_password; then
# Was the root password preseeded encrypted?
if db_get passwd/root-password-crypted && [ "$RET" ]; then
# The root password was preseeded encrypted.
ROOT_PW="$RET"
PRECRYPTED=true
else
db_get passwd/root-password
ROOT_PW="$RET"
PRECRYPTED=false
fi
# Clear the root password from the database, and set the password.
db_set passwd/root-password-crypted ''
db_set passwd/root-password ''
db_set passwd/root-password-again ''
if [ "$ROOT_PW" ]; then
setpassword root "$ROOT_PW" "$PRECRYPTED"
fi
ROOT_PW=
else
# Just in case, clear any preseeded root password from the database
# anyway.
db_set passwd/root-password-crypted ''
db_set passwd/root-password ''
db_set passwd/root-password-again ''
fi
db_get passwd/make-user
if [ "$RET" = true ] && ! is_system_user; then
if db_get passwd/user-password-crypted && [ "$RET" ]; then
USER_PW="$RET"
USER_PW_CRYPTED=true
else
db_get passwd/user-password
USER_PW="$RET"
USER_PW_CRYPTED=false
fi
if db_get passwd/user-uid && [ "$RET" ]; then
if [ -x $ROOT/usr/sbin/adduser ]; then
UIDOPT="--uid $RET"
else
UIDOPT="-u $RET"
fi
else
UIDOPT=
fi
ENCRYPT_HOME="false"
ENCRYPT_HOME_OPT=
if [ "$OVERRIDE_ALREADY_ENCRYPTED_SWAP" ]; then
ENCRYPT_HOME="true"
ENCRYPT_HOME_OPT="--encrypt-home"
elif db_get user-setup/encrypt-home && [ "$RET" = true ]; then
ENCRYPT_HOME="true"
ENCRYPT_HOME_OPT="--encrypt-home"
if type anna-install >/dev/null 2>&1 && [ -d /lib/debian-installer ]; then
ANNA_QUIET=1 DEBIAN_FRONTEND=none $log anna-install crypto-modules || true
depmod -a >/dev/null 2>&1 || true
fi
for module in aes cbc ecb; do
modprobe -q "$module" || true
done
apt-install ecryptfs-utils 2>/dev/null
apt-install cryptsetup 2>/dev/null
umountproc=false
umountsys=false
umountdev=false
if [ ! -e $ROOT/proc/cmdline ]; then
$log $chroot $ROOT mount -t proc proc /proc
umountproc=:
fi
if [ ! -e $ROOT/sys/block ]; then
# We need /sys for devtmpfs to create block devices.
$log $chroot $ROOT mount -t sysfs sysfs /sys
umountsys=:
fi
if [ "$(stat -c %d "$ROOT/dev")" -eq "$(stat -c %d "$ROOT/")" ]; then
mount --bind /dev $ROOT/dev
umountdev=:
else
$log $chroot $ROOT udevadm settle
fi
if ! $log $chroot $ROOT ecryptfs-setup-swap -f -n; then
echo "ecryptfs-setup-swap failed." >&2
db_input critical user-setup/encrypt-home-failed || true
db_go || true
ENCRYPT_HOME="false"
ENCRYPT_HOME_OPT=
fi
if $umountproc; then
$log $chroot $ROOT umount /proc
fi
if $umountsys; then
$log $chroot $ROOT umount /sys
fi
if $umountdev; then
umount $ROOT/dev
fi
fi
# Add the user to the database, using adduser in noninteractive
# mode.
db_get passwd/username
USER="$RET"
db_get passwd/user-fullname
HOME_EXISTED=
if [ -d "$ROOT/home/$USER" ]; then
HOME_EXISTED=1
# user-setup-ask shouldn't have allowed this, but for safety:
ENCRYPT_HOME="false"
ENCRYPT_HOME_OPT=
fi
umountproc=false
umountsys=false
if [ -n "$ENCRYPT_HOME_OPT" ]; then
if [ ! -e $ROOT/sys/kernel ]; then
$log $chroot $ROOT mount -t sysfs sysfs /sys
umountsys=:
fi
mkdir -p $ROOT/dev/shm
$log $chroot $ROOT mount -t tmpfs tmpfs /dev/shm
if [ ! -e $ROOT/proc/cmdline ]; then
$log $chroot $ROOT mount -t proc proc /proc
umountproc=:
fi
fi
if [ -x $ROOT/usr/sbin/adduser ]; then
$log $chroot $ROOT adduser --disabled-password --gecos "$RET" $UIDOPT $ENCRYPT_HOME_OPT "$USER" >/dev/null || true
else
$log $chroot $ROOT useradd -c "$RET" -m "$USER" $UIDOPT >/dev/null || true
fi
# Clear the user password from the database.
db_set passwd/user-password-crypted ''
db_set passwd/user-password ''
db_set passwd/user-password-again ''
setpassword "$USER" "$USER_PW" "$USER_PW_CRYPTED" "$ENCRYPT_HOME"
if [ -n "$ENCRYPT_HOME_OPT" ]; then
if $umountsys; then
$log $chroot $ROOT umount /sys
fi
$log $chroot $ROOT umount /dev/shm
if $umountproc; then
$log $chroot $ROOT umount /proc
fi
fi
if [ "$HOME_EXISTED" ]; then
# The user's home directory already existed before we called
# adduser. This often means that a mount point under
# /home/$USER was selected in (and thus created by) partman,
# and the home directory may have ended up owned by root.
$log $chroot $ROOT chown "$USER:$USER" "/home/$USER" >/dev/null || true
fi
if [ -n "$USER" ]; then
for group in lpadmin sambashare; do
$log $chroot $ROOT addgroup --system $group >/dev/null 2>&1 || true
done
if type archdetect >/dev/null 2>&1; then
SUBARCH="$(archdetect)"
case $SUBARCH in
powerpc/ps3|powerpc/cell)
$log $chroot $ROOT addgroup --system spu >/dev/null 2>&1 || true
;;
esac
fi
db_get passwd/user-default-groups
for group in $RET; do
$log $chroot $ROOT adduser "$USER" $group >/dev/null 2>&1 || true
done
# Configure desktop auto-login if instructed by preseeding
db_get passwd/auto-login
if [ "$RET" = true ]; then
db_get passwd/auto-login-backup
BACKUP="${RET:+.$RET}"
if [ -d "$ROOT/etc/gdm3" ]; then
# Configure GDM autologin
GDMCustomFile=$ROOT/etc/gdm3/custom.conf
if [ -e "$GDMCustomFile" ] && [ "$BACKUP" ]; then
cp "$GDMCustomFile" "${GDMCustomFile}$BACKUP"
fi
AutologinParameters="AutomaticLoginEnable=true\n\
AutomaticLogin=$USER\n"
# Prevent from updating if parameters already present (persistent usb key)
if ! `grep -qs "AutomaticLogin=$USER" $GDMCustomFile` ; then
if [ -e "$GDMCustomFile" ]; then
sed -i '/\(Automatic\)Login/d' $GDMCustomFile
fi
if ! `grep -qs '\[daemon\]' $GDMCustomFile` ; then
echo '[daemon]' >> $GDMCustomFile
fi
sed -i "s/\[daemon\]/\[daemon\]\n$AutologinParameters/" $GDMCustomFile
fi
fi
if $chroot $ROOT [ -f /etc/kde4/kdm/kdmrc ]; then
# Configure KDM autologin
$log $chroot $ROOT sed -i$BACKUP -r \
-e "s/^#?AutoLoginEnable=.*\$/AutoLoginEnable=true/" \
-e "s/^#?AutoLoginUser=.*\$/AutoLoginUser=$USER/" \
-e "s/^#?AutoReLogin=.*\$/AutoReLogin=true/" \
/etc/kde4/kdm/kdmrc
fi
if $chroot $ROOT [ -f /etc/lxdm/lxdm.conf ]; then
# Configure LXDM autologin with LXDE session
$log $chroot $ROOT sed -i$BACKUP -r \
-e "s/^# autologin=dgod/autologin=$USER/" \
-e "s/^# session/session/" \
/etc/lxdm/lxdm.conf
fi
if $chroot $ROOT [ -f /etc/xdg/lubuntu/lxdm/lxdm.conf ]; then
# Configure LXDM autologin with Lubuntu session
$log $chroot $ROOT sed -i$BACKUP -r \
-e "s/^# autologin=dgod/autologin=$USER/" \
-e "s/^# session/session/" \
-e "s/startlxde/startlubuntu/" \
/etc/xdg/lubuntu/lxdm/lxdm.conf
fi
if $chroot $ROOT [ -f /usr/bin/sddm ]; then
# Configure SDDM autologin with an appropiate session
$log $chroot $ROOT /bin/sh -c "cat > /etc/sddm.conf" << EOF
[Autologin]
User=$USER
Session=PLACEHOLDER
EOF
if $chroot $ROOT [ -f /usr/share/xsessions/plasma.desktop ]; then
sed -i 's/PLACEHOLDER/plasma.desktop/' $ROOT/etc/sddm.conf
elif $chroot $ROOT [ -f /usr/share/xsessions/Lubuntu.desktop ]; then
sed -i 's/PLACEHOLDER/Lubuntu.desktop/' $ROOT/etc/sddm.conf
elif $chroot $ROOT [ -f /usr/share/xsessions/lxqt.desktop ]; then
sed -i 's/PLACEHOLDER/lxqt.desktop/' $ROOT/etc/sddm.conf
else #fallback if some other DE/WM is used
SDDMSESSION=$(ls /usr/share/xsessions | head -1)
sed -i "s/PLACEHOLDER/$SDDMSESSION/" $ROOT/etc/sddm.conf
fi
fi
if $chroot $ROOT [ -d /etc/lightdm ]; then
# Configure LightDM autologin
LightDMCustomFile=$ROOT/etc/lightdm/lightdm.conf
AutologinParameters="autologin-guest=false\n\
autologin-user=$USER\n\
autologin-user-timeout=0"
if ! grep -qs '^autologin-user' $LightDMCustomFile; then
if ! grep -qs '^\[Seat:\*\]' $LightDMCustomFile; then
echo '[Seat:*]' >> $LightDMCustomFile
fi
sed -i "s/\[Seat:\*\]/\[Seat:\*\]\n$AutologinParameters/" $LightDMCustomFile
#oem config scenario
else
sed -i "s/^\(\(str *\)\?autologin-user\)=.*$/\1=$USER/g;" $ROOT/etc/lightdm/lightdm.conf
fi
fi
fi
fi
db_get passwd/root-login
if [ "$RET" = false ] && [ -n "$USER" ]; then
# Ensure sudo is installed, and set up the user to be able
# to use it.
if [ ! -e $ROOT/etc/sudoers ]; then
# try to work in d-i and out; it's better to
# use apt-install in d-i
apt-install sudo 2>/dev/null || $log $chroot $ROOT apt-get -q -y install sudo || true
fi
if [ -e $ROOT/etc/sudoers ]; then
# Test if we can add the user to the sudo group
# (possible if sudo >= 1.7.2-2 is installed on the target system)
# If we can, do it this way, otherwise add the user to sudoers
# See #597239
if ! $log $chroot $ROOT adduser "$USER" sudo >/dev/null 2>&1; then
echo "$USER ALL=(ALL) ALL" >> $ROOT/etc/sudoers
fi
else
# sudo failed to install, system won't be usable
exit 1
fi
# Configure gksu to use sudo, via an alternative, if it's
# installed and the alternative is registered.
if $chroot $ROOT update-alternatives --display libgksu-gconf-defaults >/dev/null 2>&1; then
$log $chroot $ROOT update-alternatives --set libgksu-gconf-defaults /usr/share/libgksu/debian/gconf-defaults.libgksu-sudo
$log $chroot $ROOT update-gconf-defaults || true
fi
# Configure aptitude to use sudo.
echo 'Aptitude::Get-Root-Command "sudo:/usr/bin/sudo";' > $ROOT/etc/apt/apt.conf.d/00aptitude
else
# Configure gksu to use su, via an alternative, if it's
# installed and the alternative is registered.
if $chroot $ROOT update-alternatives --display libgksu-gconf-defaults >/dev/null 2>&1; then
$log $chroot $ROOT update-alternatives --set libgksu-gconf-defaults /usr/share/libgksu/debian/gconf-defaults.libgksu-su
$log $chroot $ROOT update-gconf-defaults || true
fi
fi
if [ -z "$OVERRIDE_ALREADY_ENCRYPTED_SWAP" ] && \
[ -n "$ENCRYPT_HOME_OPT" ] && [ -e $ROOT/etc/crypttab ]; then
# Zero out all encrypted swap partitions. It is assumed that
# passwords are not used beyond this point in the install.
# cryptswap0 /dev/sda5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
# Ideally we would set up a new progress bar here, but we're
# inside finish-install's and cdebconf doesn't support nested
# progress bars.
db_progress INFO user-setup/progress/wipe-swap
while read name device source options; do
if echo "$options" | grep -q "swap"; then
if swapoff $device; then
if [ ! -b $device ]; then
ONE_MEG=$((1024*1024))
size=$(($(stat -c %s ${device})/${ONE_MEG}))
dd if=/dev/zero of=$device bs=${ONE_MEG} count=$size 2>/dev/null || true
else
dd if=/dev/zero of=$device bs=16M 2>/dev/null || true
fi
fi
fi
done < $ROOT/etc/crypttab
fi
else
# Just in case, clear any preseeded user password from the database
# anyway.
db_set passwd/user-password-crypted ''
db_set passwd/user-password ''
db_set passwd/user-password-again ''
fi
exit 0

285
user-setup-ask Executable file
View File

@ -0,0 +1,285 @@
#!/bin/sh -e
. /usr/share/debconf/confmodule
db_capb "backup"
if [ "$1" ]; then
ROOT="$1"
else
ROOT=
fi
export ROOT
. /usr/lib/user-setup/functions.sh
# For the convenience of heavy testers
set_special_users() {
local realname
case "$fullname" in
bubulle) realname="Christian PERRIER" ;;
tbm) realname="Martin Michlmayr" ;;
*) return 1 ;;
esac
db_set passwd/user-fullname "$realname"
userdefault=$fullname
db_fset passwd/username seen true
return 0
}
# Main loop starts here. Use a state machine to allow jumping back to
# previous questions.
STATE=0
while :; do
case "$STATE" in
0)
# Ask how the password files should be set up.
db_input low passwd/shadow || true
# Ask if root should be allowed to login.
db_input medium passwd/root-login || true
;;
1)
db_get passwd/root-login
if [ "$RET" = false ]; then
# root password will be locked
db_set passwd/root-password ""
db_set passwd/root-password-crypted "!"
elif ! root_password; then
# First check whether the root password was preseeded
# crypted to an actual password (not locked)
db_get passwd/root-password-crypted || true
if ! test "$RET" || [ "x$RET" = "x!" ]; then
# No preseed of the root password hash
# we will prompt the user
db_set passwd/root-password-crypted ""
db_input critical passwd/root-password || true
db_input critical passwd/root-password-again || true
fi
fi
;;
2)
db_get passwd/root-login
if [ "$RET" = false ]; then
# root password will be locked
db_set passwd/root-password-again ""
elif ! root_password; then
# First check whether the root password was preseeded crypted
db_get passwd/root-password-crypted || true
if ! test "$RET" ; then
# Compare the two passwords, loop back if not
# identical, or if empty.
db_get passwd/root-password
ROOT_PW="$RET"
if [ -z "$ROOT_PW" ]; then
db_set passwd/root-login false
STATE=1
continue
elif password_is_weak "$ROOT_PW"; then
db_set user-setup/password-weak false
db_fset user-setup/password-weak seen false
db_input critical user-setup/password-weak
# TODO would be better to extend state machine
if ! db_go; then
STATE=1
continue
fi
db_get user-setup/password-weak || RET=
if [ "$RET" != true ]; then
# user doesn't want to force
# weak password
db_fset passwd/root-password seen false
db_fset passwd/root-password-again seen false
STATE=1
continue
fi
fi
db_get passwd/root-password-again
if [ "$ROOT_PW" != "$RET" ]; then
db_fset user-setup/password-mismatch seen false
db_input critical user-setup/password-mismatch
db_fset passwd/root-password seen false
db_fset passwd/root-password-again seen false
STATE=1
continue
fi
ROOT_PW=''
fi
fi
;;
3)
# Ask if a non-root user should be made, if there is not
# already one.
db_get passwd/root-login
if [ "$RET" = false ]; then
# always make non-root user; this user will be able
# to sudo to root
db_set passwd/make-user true
elif ! is_system_user; then
db_input medium passwd/make-user || true
fi
;;
4)
# Prompt for user info.
db_get passwd/make-user
if [ "$RET" = true ] && ! is_system_user; then
db_input critical passwd/user-fullname || true
fi
;;
5)
# Prompt for user info.
db_get passwd/make-user
if [ "$RET" = true ] && ! is_system_user; then
LOOP=""
db_get passwd/username
if [ -z "$RET" ]; then
db_get passwd/user-fullname
fullname=$RET
if ! set_special_users; then
userdefault=$(echo "$fullname" | \
sed 's/ .*//' | LC_ALL=C tr A-Z a-z)
fi
if test -n "$userdefault" && \
LC_ALL=C expr "$userdefault" : '[a-z][-a-z0-9]*$' >/dev/null; then
db_set passwd/username "$userdefault"
fi
fi
db_input critical passwd/username || true
fi
;;
6)
# Verify user.
db_get passwd/make-user
if [ "$RET" = true ] && ! is_system_user; then
# Verify the user name, loop with message if bad.
db_get passwd/username
USER="$RET"
if ! LC_ALL=C expr "$USER" : '[a-z][-a-z0-9_]*$' >/dev/null || \
! LC_ALL=C expr length "$USER" '<=' 32 >/dev/null; then
db_fset passwd/username seen false
db_fset passwd/username-bad seen false
db_input critical passwd/username-bad
STATE=3
continue
fi
if grep -v '^#' /usr/lib/user-setup/reserved-usernames | \
grep -q "^$USER\$"; then
db_fset passwd/username seen false
db_fset passwd/username-reserved seen false
db_subst passwd/username-reserved USERNAME "$USER"
db_input critical passwd/username-reserved
STATE=3
continue
fi
db_get passwd/user-password-crypted || true
if ! test "$RET" ; then
db_input critical passwd/user-password || true
db_input critical passwd/user-password-again || true
fi
fi
;;
7)
db_get passwd/make-user
if [ "$RET" = true ] && ! is_system_user; then
db_get passwd/user-password-crypted || true
if ! test "$RET" ; then
# Compare the two passwords, loop with message if not
# identical
db_get passwd/user-password
USER_PW="$RET"
db_get passwd/user-password-again
if [ "$USER_PW" != "$RET" ]; then
db_set passwd/user-password ""
db_set passwd/user-password-again ""
db_fset user-setup/password-mismatch seen false
db_input critical user-setup/password-mismatch
db_fset passwd/user-password seen false
db_fset passwd/user-password-again seen false
STATE=6
continue
fi
# Loop if the password is empty, and it's not
# specifically allowed by preseeding
if password_is_empty "$USER_PW"; then
db_set passwd/user-password ""
db_set passwd/user-password-again ""
db_fset user-setup/password-empty seen false
db_input critical user-setup/password-empty
db_fset passwd/user-password seen false
db_fset passwd/user-password-again seen false
STATE=6
continue
elif [ "$USER_PW" ] && password_is_weak "$USER_PW"; then
db_set user-setup/password-weak false
db_fset user-setup/password-weak seen false
db_input critical user-setup/password-weak
# TODO would be better to extend state machine
if ! db_go; then
STATE=6
continue
fi
db_get user-setup/password-weak || RET=
if [ "$RET" != true ]; then
# user doesn't want to force
# weak password
db_set passwd/user-password ""
db_set passwd/user-password-again ""
db_fset passwd/user-password seen false
db_fset passwd/user-password-again seen false
STATE=6
continue
fi
fi
fi
fi
;;
8)
db_get passwd/username
USER="$RET"
db_get passwd/make-user
if [ "$RET" = true ] && [ ! -d "$ROOT/home/$USER" ]; then
db_get user-setup/force-encrypt-home
if [ "$RET" = true ]; then
db_set user-setup/encrypt-home true
else
db_input medium user-setup/encrypt-home || true
fi
fi
;;
9)
ecryptfs_in_use=
for homedir in "$ROOT/home"/*; do
if [ -d "$homedir/.ecryptfs" ]; then
ecryptfs_in_use=1
break
fi
done
if [ "$ecryptfs_in_use" ] || \
(db_get user-setup/encrypt-home && [ "$RET" = true ]); then
# If the user wants an encrypted home, we *must* have the
# cleartext password here!
db_get passwd/user-password || true
if ! test "$RET" ; then
db_set passwd/user-password-crypted ""
STATE=7
continue
fi
fi
;;
*)
break
;;
esac
if db_go; then
STATE=$(($STATE + 1))
else
STATE=$(($STATE - 1))
fi
#echo "ON STATE: $STATE"
done
if [ "$STATE" = -1 ]; then
exit 10
fi