summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichał Górny <mgorny@gentoo.org>2022-10-19 15:33:20 +0200
committerMichał Górny <mgorny@gentoo.org>2022-10-19 15:34:11 +0200
commit77852657506cab11c6dbdd1d51162bb00392769c (patch)
tree3fab37090e7491359d29bfea032def95a89ffdc6 /eclass/acct-user.eclass
parentuser.eclass: Revert "remove" (diff)
downloadgentoo-77852657506cab11c6dbdd1d51162bb00392769c.tar.gz
gentoo-77852657506cab11c6dbdd1d51162bb00392769c.tar.bz2
gentoo-77852657506cab11c6dbdd1d51162bb00392769c.zip
acct-user.eclass: Revert "drop elockuser and eunlockuser"
Reverts: bde2856fc6bcc73d55dbf481a156805f06510a12 Signed-off-by: Michał Górny <mgorny@gentoo.org>
Diffstat (limited to 'eclass/acct-user.eclass')
-rw-r--r--eclass/acct-user.eclass106
1 files changed, 106 insertions, 0 deletions
diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass
index 12f472afaa5f..a49279b542a1 100644
--- a/eclass/acct-user.eclass
+++ b/eclass/acct-user.eclass
@@ -215,6 +215,112 @@ eislocked() {
esac
}
+# @FUNCTION: elockuser
+# @USAGE: <user>
+# @INTERNAL
+# @DESCRIPTION:
+# Lock the specified user account, using the available platform-specific
+# functions. This should prevent any login to the account.
+#
+# Established lock can be reverted using eunlockuser.
+#
+# This function returns 0 if locking succeeded, 2 if it is not supported
+# by the platform code or dies if it fails.
+elockuser() {
+ [[ $# -eq 1 ]] || die "usage: ${FUNCNAME} <user>"
+
+ if [[ ${EUID} -ne 0 ]]; then
+ einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
+ return 0
+ fi
+
+ eislocked "$1"
+ [[ $? -eq 0 ]] && return 0
+
+ local opts
+ [[ -n ${ROOT} ]] && opts=( --prefix "${ROOT}" )
+
+ case ${CHOST} in
+ *-freebsd*|*-dragonfly*)
+ pw lock "${opts[@]}" "$1" || die "Locking account $1 failed"
+ pw user mod "${opts[@]}" "$1" -e 1 || die "Expiring account $1 failed"
+ ;;
+
+ *-netbsd*)
+ if [[ -n "${ROOT}" ]]; then
+ ewarn "NetBSD's usermod does not support --prefix <dir> option."
+ ewarn "Please use: usermod ${opts[@]} -e 1 -C yes \"$1\" in a chroot"
+ else
+ usermod "${opts[@]}" -e 1 -C yes "$1" || die "Locking account $1 failed"
+ fi
+ ;;
+
+ *-openbsd*)
+ return 2
+ ;;
+
+ *)
+ usermod "${opts[@]}" -e 1 -L "$1" || die "Locking account $1 failed"
+ ;;
+ esac
+
+ elog "User account $1 locked"
+ return 0
+}
+
+# @FUNCTION: eunlockuser
+# @USAGE: <user>
+# @INTERNAL
+# @DESCRIPTION:
+# Unlock the specified user account, using the available platform-
+# specific functions.
+#
+# This function returns 0 if unlocking succeeded, 1 if it is not
+# supported by the platform code or dies if it fails.
+eunlockuser() {
+ [[ $# -eq 1 ]] || die "usage: ${FUNCNAME} <user>"
+
+ if [[ ${EUID} -ne 0 ]]; then
+ einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
+ return 0
+ fi
+
+ eislocked "$1"
+ [[ $? -eq 1 ]] && return 0
+
+ local opts
+ [[ -n ${ROOT} ]] && opts=( --prefix "${ROOT}" )
+
+ case ${CHOST} in
+ *-freebsd*|*-dragonfly*)
+ pw user mod "${opts[@]}" "$1" -e 0 || die "Unexpiring account $1 failed"
+ pw unlock "${opts[@]}" "$1" || die "Unlocking account $1 failed"
+ ;;
+
+ *-netbsd*)
+ if [[ -n "${ROOT}" ]]; then
+ ewarn "NetBSD's usermod does not support --prefix <dir> option."
+ ewarn "Please use: \"usermod ${opts[@]} -e 0 -C no $1\" in a chroot"
+ else
+ usermod "${opts[@]}" -e 0 -C no "$1" || die "Unlocking account $1 failed"
+ fi
+ ;;
+
+ *-openbsd*)
+ return 1
+ ;;
+
+ *)
+ # silence warning if account does not have a password
+ usermod "${opts[@]}" -e "" -U "$1" 2>/dev/null || die "Unlocking account $1 failed"
+ ;;
+ esac
+
+ ewarn "User account $1 unlocked after reinstating."
+ return 0
+}
+
+
# << Phase functions >>
EXPORT_FUNCTIONS pkg_pretend src_install pkg_preinst pkg_postinst \
pkg_prerm