From 90a677d5140238520492de9fe9d222ac863a9271 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Mon, 26 Oct 2015 14:25:58 +0000
Subject: [PATCH] Command to add a new user

---
 Makefile                     |   4 ++
 man/freedombone-adduser.1.gz | Bin 0 -> 1387 bytes
 src/freedombone              |   2 +-
 src/freedombone-adduser      | 109 +++++++++++++++++++++++++++++++++++
 src/freedombone-addxmpp      |  20 ++++++-
 5 files changed, 132 insertions(+), 3 deletions(-)
 create mode 100644 man/freedombone-adduser.1.gz
 create mode 100755 src/freedombone-adduser

diff --git a/Makefile b/Makefile
index d9b8961c..84923ee1 100644
--- a/Makefile
+++ b/Makefile
@@ -21,6 +21,7 @@ install:
 	install -m 755 src/${APP}-config ${DESTDIR}${PREFIX}/bin
 	install -m 755 src/${APP}-sec ${DESTDIR}${PREFIX}/bin
 	install -m 755 src/${APP}-addcert ${DESTDIR}${PREFIX}/bin
+	install -m 755 src/${APP}-adduser ${DESTDIR}${PREFIX}/bin
 	install -m 755 src/${APP}-clientcert ${DESTDIR}${PREFIX}/bin
 	install -m 755 src/${APP}-addlist ${DESTDIR}${PREFIX}/bin
 	install -m 755 src/${APP}-addemail ${DESTDIR}${PREFIX}/bin
@@ -47,6 +48,7 @@ install:
 	install -m 644 man/${APP}-config.1.gz ${DESTDIR}${PREFIX}/share/man/man1
 	install -m 644 man/${APP}-sec.1.gz ${DESTDIR}${PREFIX}/share/man/man1
 	install -m 644 man/${APP}-addcert.1.gz ${DESTDIR}${PREFIX}/share/man/man1
+	install -m 644 man/${APP}-adduser.1.gz ${DESTDIR}${PREFIX}/share/man/man1
 	install -m 644 man/${APP}-clientcert.1.gz ${DESTDIR}${PREFIX}/share/man/man1
 	install -m 644 man/${APP}-addlist.1.gz ${DESTDIR}${PREFIX}/share/man/man1
 	install -m 644 man/${APP}-addemail.1.gz ${DESTDIR}${PREFIX}/share/man/man1
@@ -71,6 +73,7 @@ uninstall:
 	rm -f ${PREFIX}/share/man/man1/${APP}-sec.1.gz
 	rm -f ${PREFIX}/share/man/man1/${APP}-clientcert.1.gz
 	rm -f ${PREFIX}/share/man/man1/${APP}-addcert.1.gz
+	rm -f ${PREFIX}/share/man/man1/${APP}-adduser.1.gz
 	rm -f ${PREFIX}/share/man/man1/${APP}-addlist.1.gz
 	rm -f ${PREFIX}/share/man/man1/${APP}-addemail.1.gz
 	rm -f ${PREFIX}/share/man/man1/${APP}-renew-cert.1.gz
@@ -94,6 +97,7 @@ uninstall:
 	rm -f ${PREFIX}/bin/${APP}-config
 	rm -f ${PREFIX}/bin/${APP}-sec
 	rm -f ${PREFIX}/bin/${APP}-addcert
+	rm -f ${PREFIX}/bin/${APP}-adduser
 	rm -f ${PREFIX}/bin/${APP}-clientcert
 	rm -f ${PREFIX}/bin/${APP}-addlist
 	rm -f ${PREFIX}/bin/${APP}-addemail
diff --git a/man/freedombone-adduser.1.gz b/man/freedombone-adduser.1.gz
new file mode 100644
index 0000000000000000000000000000000000000000..fb01e936aedd7a6c7400dc45d001606258636c2d
GIT binary patch
literal 1387
zcmV-x1(f<9iwFQD9WGV?1BF)GZrer_eCJmzgaUSfNNQZPNR6V1oVvDAJ2oP@L3(*u
zl85BN<Sx4xDSYX-cg`*)OSOU;K_D#;&t=ZctY)igQCXtWbh*(qm1P+mS@Bv-&b}A-
zg%@Yvy#8(?CiwTubDVfY(1{awQU}>ivTU}z7L)gjyUR&-EZv_|u_#L?q|ip=v{PC+
zZ>2X@!~k!EZ%DYodFsY=%TMp`AC@=E<0=2(|F!JsuQB}R%jLTdHxH|u`}dRVV?$aD
zCI}SrO1ABQPtM~*tg}B#su_bf3eR0ng{lVh+FR90JBV#1v1wG%q^O)?qQg;4wKv5~
zd_u}jB2(*(*huYpO!O}t6-Jla)b4QlSHcBUk&Kq>xMLl<oMQIMD$<OjE=46f)eeZ}
zm!;<nLoC<GH3{mZYGd5zuJ45`Owis56H&3d7FUgOqA*>@kuLPTv4~2Ol|T;hC>tB1
z&zLebJj=3s%>XD}bMu(SsS+)27<Sa>^Uhcfk(%egK}%`XNclXhP^lUa308S*$+<v|
z8~ZP~5%xHnEDCZFHAZIyy_8;xikE<Ib_DiR>7or~Y_lO{1?j>LeVprw2KRM@PgQaI
zWm?YOoC#A6u5dA~oy{&7uD&IY;cRd|Q~D(n0MJ6GMtY;L_&6q(v`@T|kdnK>N`V$$
z!KufJQ^j#1*s9)A<rEuc?g3|{>x}bX&%~{?HH|cJ3`mM)GIa8Z_VEr}G;iru<OV;8
zdrB`b3K3ym`?EB5QObk&7@yqpPSbqMO%N_1i1S9q_hcK{b7+HPLyzGqYf?Hiq08N?
zvRtFQ1i9npm44#W4FiS@J!!zPQNF>TYnh{qz20RjO4Sk=Jj#;^cR-v1CxEPy#Wu}p
zT;Y(u_{Ng-NmDuDogt=<%jGtrUJ^b?RvLZc#rS>_O;ypBbu0w>JAh^6u$P;X*m_<?
zU^T5-A)^iS!N<&w+KP8>BBDM-Hn5I>B)_$7-q<2>Vr((iV<ATGdt5HAV7;rMR|NnG
zPJ$20ooAWA-~ZX?iaEm83{H<~YE2DZ_tLqIv1J^zw`L8IGYLk&iit?Y$qh&M{K1N~
z!Yp7(QZ<PJCZMTJqIPVgyTs#o$W%u09@^IIKrc0TfQ^ED76BmAHj4wR*?po6;U8TR
zcobZ8q*|>hskCT}Dk$m({4~&U@)a~7HYA_+a_)GX7RN)>G}_2BFqP+L%pjDEZZg`R
z6tyv>D5;X6^-+fofPf!t4x;XBcA(v5vK=nLz^!W9M1*%r9U@w#+342DlJ~&;9e3=C
zUQ8dv8UDo7?yju2Uopu5mQ<R*pU)dCX1;wqpVc~`lYi!5!L|Z+pBTAk8@P>v!&QG!
z(luYKBc^@qg?%tK5BP_k#7P&tKVbsZ<oAp`?tLZ}t>=6m`(oLknM8=9#l7cu7vrjl
z3(u7;=Qq%Wfn{;$aa}p{&Wq5GHx1U+$pWTApc5;YJW{&EbTGtGGRS>97IgsCx9Ylh
zyuy!=4-~yP4>h>q`66h%@7?))UIUYm&tMAkT)M^<^F77Q(~Y+MO>=oE7Prg$gWoi#
zuW=9Ui!_Z}ko7MfLBA1_V-H$b-m!C*(idvHJT|&g^^0RwYg_;?j(bZlGh6E5Bu9?H
z=;_g+Y<GMn+Z`Rrc1I_I+q^gn`U{<NhAGP!PsZIW9#_}*A12v_$;F-Vu-Q)hn4A2q
zHM#MsaI^3<^X8{)mfP&%>S2EMaCI&&7eBl?yZrV|JiSmJmm|CHxwyESo)sTM(_O58
tD=T~5+?wB4rR(24{Yq+O>?675ZG7t^<>!%1;L>5O>|X~;kRPB6004H|w^jfE

literal 0
HcmV?d00001

diff --git a/src/freedombone b/src/freedombone
index 31e823f6..8539efa0 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -6879,7 +6879,7 @@ function configure_gpg {
 
   if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
       mkdir /home/$MY_USERNAME/.gnupg
-      echo 'keyserver hkp://keys.gnupg.net' >> /home/$MY_USERNAME/.gnupg/gpg.conf
+      echo "keyserver $GPG_KEYSERVER" >> /home/$MY_USERNAME/.gnupg/gpg.conf
       echo 'keyserver-options auto-key-retrieve' >> /home/$MY_USERNAME/.gnupg/gpg.conf
   fi
 
diff --git a/src/freedombone-adduser b/src/freedombone-adduser
new file mode 100755
index 00000000..43cb293c
--- /dev/null
+++ b/src/freedombone-adduser
@@ -0,0 +1,109 @@
+#!/bin/bash
+MY_USERNAME=$1
+GPG_KEYSERVER='hkp://keys.gnupg.net'
+SSH_PORT=2222
+
+if [ ! $MY_USERNAME ]; then
+    echo 'No username was given'
+	exit 1
+fi
+
+if [ -d /home/$MY_USERNAME ]; then
+    echo "The user $MY_USERNAME already exists"
+	exit 2
+fi
+
+NEW_USER_PASSWORD="$(openssl rand -base64 10 | cut -c1-8)"
+useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $MY_USERNAME
+adduser $MY_USERNAME sasl
+
+if [ ! -d /home/$MY_USERNAME ]; then
+	echo 'Home directory was not created'
+	exit 3
+fi
+
+if [ ! -d /home/$MY_USERNAME/Maildir ]; then
+	echo 'Email directory was not created'
+	userdel -r $MY_USERNAME
+	exit 4
+fi
+
+# generate a gpg key
+echo "Making a GPG key for $MY_USERNAME@$HOSTNAME"
+mkdir /home/$MY_USERNAME/.gnupg
+echo "keyserver $GPG_KEYSERVER" >> /home/$MY_USERNAME/.gnupg/gpg.conf
+echo 'keyserver-options auto-key-retrieve' >> /home/$MY_USERNAME/.gnupg/gpg.conf
+echo '' >> /home/$MY_USERNAME/.gnupg/gpg.conf
+echo '# default preferences' >> /home/$MY_USERNAME/.gnupg/gpg.conf
+echo 'personal-digest-preferences SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf
+echo 'cert-digest-algo SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf
+echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$MY_USERNAME/.gnupg/gpg.conf
+
+chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
+chmod 700 /home/$MY_USERNAME/.gnupg
+chmod 600 /home/$MY_USERNAME/.gnupg/*
+
+# Generate a GPG key
+echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
+echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
+echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
+echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
+echo "Name-Real:  $MY_USERNAME" >> /home/$MY_USERNAME/gpg-genkey.conf
+echo "Name-Email: $MY_USERNAME@$HOSTNAME" >> /home/$MY_USERNAME/gpg-genkey.conf
+echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
+chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
+su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
+shred -zu /home/$MY_USERNAME/gpg-genkey.conf
+MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$HOSTNAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
+MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
+su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
+
+if ! grep -q "Change your GPG password" /home/$MY_USERNAME/README; then
+    echo '' >> /home/$MY_USERNAME/README
+    echo '' >> /home/$MY_USERNAME/README
+    echo 'Change your GPG password' >> /home/$MY_USERNAME/README
+    echo '========================' >> /home/$MY_USERNAME/README
+    echo "It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README
+    echo "if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README
+    echo 'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README
+    echo 'You can change the it with:' >> /home/$MY_USERNAME/README
+    echo '' >> /home/$MY_USERNAME/README
+    echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
+    echo '  passwd' >> /home/$MY_USERNAME/README
+    echo '  save' >> /home/$MY_USERNAME/README
+    echo '  quit' >> /home/$MY_USERNAME/README
+fi
+
+if ! grep -q "Publish your GPG public key" /home/$MY_USERNAME/README; then
+    echo '' >> /home/$MY_USERNAME/README
+    echo '' >> /home/$MY_USERNAME/README
+    echo 'Publish your GPG public key' >> /home/$MY_USERNAME/README
+    echo '===========================' >> /home/$MY_USERNAME/README
+    echo 'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README
+    echo 'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README
+    echo '' >> /home/$MY_USERNAME/README
+    echo "  gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
+fi
+
+chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+chmod 600 /home/$MY_USERNAME/README
+
+echo "Adding an XMPP account for $MY_USERNAME"
+freedombone-addxmpp -e "$MY_USERNAME@$HOSTNAME" "$NEW_USER_PASSWORD"
+
+clear
+echo "New user $MY_USERNAME was created"
+echo "Their login password is $NEW_USER_PASSWORD"
+echo ''
+echo 'IMPORTANT: Make a note of the password, because it will not be saved'
+echo 'anywhere else. Preferably give it to them in person on paper or via'
+echo 'a secure channel, not in an unencrypted email.'
+echo ''
+echo "They can download their GPG keys with:"
+echo ''
+echo "    scp -P $SSH_PORT -r $MY_USERNAME@$HOSTNAME:/home/$MY_USERNAME/.gnupg ~/"
+echo ''
+echo 'They should also run freedombone-client on their system to ensure'
+echo 'the best security.'
+
+exit 0
diff --git a/src/freedombone-addxmpp b/src/freedombone-addxmpp
index 42944ae9..c2c8de79 100755
--- a/src/freedombone-addxmpp
+++ b/src/freedombone-addxmpp
@@ -30,10 +30,11 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 
 EMAIL_ADDRESS=
+NEW_USER_PASSWORD=
 
 function show_help {
     echo ''
-    echo 'freedombone-addxmpp -e [email address]'
+    echo 'freedombone-addxmpp -e [email address] -p [password]'
     echo ''
     exit 0
 }
@@ -50,6 +51,10 @@ case $key in
     shift
     EMAIL_ADDRESS="$1"
     ;;
+    -p|--password|--passphrase)
+    shift
+    NEW_USER_PASSWORD="$1"
+    ;;
     *)
     # unknown option
     ;;
@@ -57,10 +62,21 @@ esac
 shift
 done
 
+if [ ! -d /etc/prosody ]; then
+    echo 'xmpp server is not installed'
+    exit 1
+fi
+
 if [ ! $EMAIL_ADDRESS ]; then
     show_help
 fi
 
-prosodyctl adduser $EMAIL_ADDRESS
+if [ ! $NEW_USER_PASSWORD ]; then
+    prosodyctl adduser $EMAIL_ADDRESS
+else
+    USERNAME=$(echo $EMAIL_ADDRESS | awk -F '@' '{print $1}')
+    DOMAIN_NAME=$(echo $EMAIL_ADDRESS | awk -F '@' '{print $2}')
+    prosodyctl register $USERNAME $DOMAIN_NAME "$NEW_USER_PASSWORD" 
+fi
 
 exit 0