knuta-scripts/merge-passwd.pl

#! /usr/bin/perl
use strict;
use warnings;

if (scalar @ARGV < 1) {
        die "Usage: $0 <lowest_uid>";
}

my $LOWEST_PVV_UID = int($ARGV[0]);

my @passwd = ();
my %passwd_idx = ();
my %shadow = ();

my %filter = (
        "nobody" => 1,
        "news" => 1,
);

my $seen_nobody = 0;
open(PASSWD_IN, "/etc/passwd") || die "Unable to open /etc/passwd: $!";
while(<PASSWD_IN>) {
        my @parts = split(":");
        if ($parts[2] ne '' && $parts[2] < $LOWEST_PVV_UID || defined $filter{$parts[0]} && $filter{$parts[0]} == 1) {
                push @passwd, $_;
                $passwd_idx{$parts[0]} = $#passwd;
        }
        if (defined $filter{$parts[0]} && $filter{$parts[0]} == 1) {
                $filter{$parts[0]}++;
        }
}
close PASSWD_IN || die "Unable to close /etc/passwd: $!";

open(SHADOW_IN, "/etc/shadow") || die "Unable to open /etc/shadow: $!";
while(<SHADOW_IN>) {
        my @parts = split(":");
        if (defined $passwd_idx{$parts[0]}) {
                $shadow{$parts[0]} = $_;
        }
}
close SHADOW_IN || die "Unable to close /etc/shadow: $!";

open(PVV, "/etc/passwd.pvv") || die "Unable to open /etc/passwd.pvv: $!";
my $usercount = 0;
while(<PVV>) {
        ++$usercount;
        my @parts = split(":");
        my $user = $parts[0];
        my $hash = $parts[1];
        $parts[1] = "x";
        push @passwd, join(":", @parts);
        $passwd_idx{$parts[0]} = $#passwd;
        $shadow{$parts[0]} = "$user:$hash:13777:0:99999:7:::\n";
}
close PVV || die "Unable to close /etc/passwd.pvv: $!";

if ($usercount < 1500) {
        die "/etc/passwd.pvv has less than 1500 users, something went wrong";
}

# Passwd skal være world readable
umask 022;

open(PASSWD, ">/etc/passwd.tmp") || die "Unable to open /etc/passwd.tmp for writing: $!";
foreach (@passwd) {
        print PASSWD $_ || die "Can't write to /etc/passwd.tmp: $!";
}
close PASSWD || die "Unable to close /etc/passwd.tmp: $!";

# Shadow skal IKKE være world readable
umask 027;

open(SHADOW, ">/etc/shadow.tmp") || die "Unable to open /etc/shadow.tmp for writing: $!";
foreach (keys %passwd_idx) {
        if (exists($shadow{$_})) {
                print SHADOW $shadow{$_};
        } else {
                print SHADOW "$_:*:12849:0:99999:7:::\n";
        }
}
close SHADOW || die "Unable to close /etc/shadow.tmp: $!";

# Chown shadowfilen til root:Debian-exim
chown 0, scalar getgrnam("shadow"), "/etc/shadow.tmp";

rename "/etc/passwd.tmp", "/etc/passwd" || die "Unable to move /etc/passwd.tmp to /etc/passwd: $!";
rename "/etc/shadow.tmp", "/etc/shadow" || die "Unable to move /etc/shadow.tmp to /etc/shadow: $!";