Initial commit.

one-context.d/loc-20-set-username-password

@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems                #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+
+# defaults
+USERNAME=${USERNAME:-root}
+USERNAME_SUDO=${USERNAME_SUDO:-${GRANT_SUDO:-YES}}
+USERNAME_SUDO=$(echo "${USERNAME_SUDO}" | tr '[:lower:]' '[:upper:]')
+USERNAME_PASSWORD_RESET=${USERNAME_PASSWORD_RESET:-NO}
+USERNAME_PASSWORD_RESET=$(echo "${USERNAME_PASSWORD_RESET}" | tr '[:lower:]' '[:upper:]')
+
+_kernel="$(uname -s)"
+case "${_kernel}" in
+    'FreeBSD')
+        USERNAME_SHELL=${USERNAME_SHELL:-/usr/local/bin/bash}
+        _sudoers_file='/usr/local/etc/sudoers.d/one-context'
+        ;;
+    *)
+        USERNAME_SHELL=${USERNAME_SHELL:-/bin/bash}
+        _sudoers_file='/etc/sudoers.d/one-context'
+        ;;
+esac
+
+# create user if missing
+if ! getent passwd "${USERNAME}" > /dev/null 2>&1; then
+    if [ "${_kernel}" = 'FreeBSD' ]; then
+        pw user add "${USERNAME}" -m -s "${USERNAME_SHELL}" -w no
+    else
+        useradd -m "${USERNAME}" -p '*' -s "${USERNAME_SHELL}"
+    fi
+fi
+
+# enable sudo
+if [ "${USERNAME_SUDO}" == "YES" ] && [ "${USERNAME}" != "root" ]; then
+    echo "${USERNAME} ALL=(ALL) NOPASSWD:ALL" >"${_sudoers_file}"
+    chmod 0440 "${_sudoers_file}"
+elif [ -f "${_sudoers_file}" ]; then
+    unlink "${_sudoers_file}"
+fi
+
+# set password
+if [ -n "${CRYPTED_PASSWORD_BASE64}" ]; then
+    CRYPTED_PASSWORD=$(echo $CRYPTED_PASSWORD_BASE64 | base64 -d)
+    if [ "${_kernel}" = 'FreeBSD' ]; then
+        echo "${CRYPTED_PASSWORD}" | pw user mod "${USERNAME}" -H 0
+    else
+        usermod -p "${CRYPTED_PASSWORD}" "${USERNAME}"
+    fi
+elif [ -n "${PASSWORD_BASE64}" ]; then
+    PASSWORD=$(echo $PASSWORD_BASE64 | base64 -d)
+    if [ "${_kernel}" = 'FreeBSD' ]; then
+        echo $PASSWORD | pw user mod "${USERNAME}" -h 0
+    else
+        chpasswd <<< "${USERNAME}:${PASSWORD}"
+    fi
+
+    if [ $? -ne 0 ]; then
+        passwd "${USERNAME}" <<EOF
+${PASSWORD}
+${PASSWORD}
+EOF
+  fi
+elif [ -n "${CRYPTED_PASSWORD}" ]; then
+    if [ "${_kernel}" = 'FreeBSD' ]; then
+        echo $CRYPTED_PASSWORD | pw user mod "${USERNAME}" -H 0
+    else
+        usermod -p "${CRYPTED_PASSWORD}" "${USERNAME}"
+    fi
+elif [ -n "${PASSWORD}" ]; then
+    if [ "${_kernel}" = 'FreeBSD' ]; then
+        echo $PASSWORD | pw user mod "${USERNAME}" -h 0
+    else
+        chpasswd <<< "${USERNAME}:${PASSWORD}"
+    fi
+
+    if [ $? -ne 0 ]; then
+        passwd "${USERNAME}" <<EOF
+${PASSWORD}
+${PASSWORD}
+EOF
+  fi
+elif [ "${USERNAME_PASSWORD_RESET}" = 'YES' ]; then
+    if [ "${_kernel}" = 'FreeBSD' ]; then
+        pw user mod "${USERNAME}" -w no
+    else
+        usermod -p '*' "${USERNAME}"
+    fi
+fi