#!/bin/sh

# OpenVAS
# $Id: openvas-adduser.in 3317 2009-05-11 09:05:29Z mwiegand $
# Description: shellscript to add a new openvas user.
#
# Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
#          - Tim Brown <mailto:timb@openvas.org> (Initial fork)
#          - Laban Mwangi <mailto:labanm@openvas.org> (Renaming work)
#          - Tarik El-Yassem <mailto:tarik@openvas.org> (Headers section)
#
# Copyright:
# Portions Copyright (C) 2006 Software in the Public Interest, Inc.
# Based on work Copyright (C) 1998 - 2006 Tenable Network Security, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
#
#


# check whether we have echo -n, depending
# on the current shell, used
case `echo -n` in
\-n)	Xn=   ; Xc='\c' ;;
*)	Xn=-n ; Xc=
esac



umask 066

prefix=/usr
exec_prefix=${prefix}

# add the openvas installation path
PATH=${exec_prefix}/sbin:${exec_prefix}/bin:$PATH ; export PATH

# check if gettext is present

GETTEXT=`command -v gettext.sh`
if [ $? -ne 0 ];
then

  # define dummy functions

  gettext () {
    echo $Xn "$1" $Xc
  }

  eval_gettext () {
    eval_gettext_var="echo $1"
    echo $Xn `eval $eval_gettext_var` $Xc
  }

else

  # initialize gettext

  . $GETTEXT
  export TEXTDOMAIN=nessus-scripts
  export TEXTDOMAINDIR=${datarootdir}/locale

fi

# check the implementation
openvasd -g || {
    gettext "Executing openvasd failed. Make sure your library loader is configured properly and that openvasd is in your \$PATH."; echo
    exit 1
   }

bindir=${exec_prefix}/bin
sbindir=${exec_prefix}/sbin
datarootdir=${prefix}/share
datadir=${datarootdir}
localstatedir=/var

PATH=$PATH:$sbindir:$bindir:/usr/ssl/bin:/usr/local/ssl/bin:/opt/ssl/bin


# Test if we have MD5
X=`echo x | openssl md5`
if [ "$X" = "401b30e3b8b5d629635a5c613cdb7919" -o \
     "$X" = "401B30E3B8B5D629635A5C613CDB7919" ]; then
 MD5CMD="openssl md5"
else
 X=`echo x | md5sum | awk '{print $1}'`
 if [ "$X" = "401b30e3b8b5d629635a5c613cdb7919" -o \
      "$X" = "401B30E3B8B5D629635A5C613CDB7919" ]; then
  MD5CMD=md5sum
 else
  gettext "No MD5 algorithm found in the current path!"; echo
  gettext "Please make sure either openssl or md5sum is available!"; echo
  exit 1
 fi
fi



# find openvasd by the first path segment, ask for settings
openvasd_conf=` openvasd -s | sed '/^config_file  *= /!d; s/^[^=]*= *//;'`
	
# some checks
[ -s "$openvasd_conf" ] || {
	eval_gettext "Missing or empty configuration file \"\$openvasd_conf\"!"; echo
	exit 2
}

# path to a temporary directory
test -z "$TMPDIR" && {
  	if [ -d /var/tmp ];
	then
	  gettext "Using /var/tmp as a temporary file holder."; echo
	  TMPDIR=/var/tmp
	else
	  gettext "Your \$TMPDIR variable is not set!"; echo
	  echo $Xn "`eval_gettext "Enter the location to a place where I could place temporary files: [\\$HOME]"` $Xc"
	  read TMPDIR
	  test -z "$TMPDIR"  && TMPDIR=$HOME
	fi  
}




# Here we go
echo
gettext "Add a new openvasd user"; echo
echo "---------------------------------"
echo
echo

prompt=${ADDUSERPROMPT-0}

ok=`gettext "n"`
while test "$ok" = `gettext "n"`;
do
 echo $Xn "`gettext "Login :"` $Xc"
 read login
 if [ -d $localstatedir/lib/openvas/users/$login ];
 then
   gettext "This login already exists. Choose another one."; echo
 else
   ok=`gettext "y"`
 fi
done


ok=`gettext "n"`
while test "$ok" = `gettext "n"`;
do
 echo $Xn "`gettext "Authentication (pass/cert) [pass] :"` $Xc"
 read auth
 test -z "$auth" && auth="pass"
 if [ "$auth" = "pass" -o "$auth" = "cert" ]; then
  ok=y
 fi
done

if [ "$auth" = "cert" ]; then
 dn=""
 gettext "Please enter User Distinguished Name:"; echo
 #
 echo $Xn "`gettext "Country:"` $Xc"
 read x && [ -n "$x" ] && dn=$dn/C=$x
 echo $Xn "`gettext "State:"` $Xc"
 read x && [ -n "$x" ] && dn=$dn/ST=$x
 echo $Xn "`gettext "Location:"` $Xc"
 read x && [ -n "$x" ] && dn=$dn/L=$x
 echo $Xn "`gettext "Organization:"` $Xc"
 read x && [ -n "$x" ] && dn=$dn/O=$x
 echo $Xn "`gettext "Organizational Unit:"` $Xc"
 read x && [ -n "$x" ] && dn=$dn/OU=$x
 echo $Xn "`gettext "Common Name:"` $Xc"
 read x && [ -n "$x" ] && dn=$dn/CN=$x
 echo $Xn "`gettext "e-Mail:"` $Xc"
 read x && [ -n "$x" ] && dn=$dn/Email=$x
else
askPasswd=`gettext "Login password :"`
askPasswdAgain=`gettext "Login password (again) :"`
sayPasswd=`gettext "Password          :"`

ok="n"
while test "$ok" = "n";
do
 echo $Xn "$askPasswd $Xc"
 stty -echo
 read password
 echo
 echo $Xn "$askPasswdAgain $Xc"
 read password_again
 stty echo
 echo
 
 if test -z "$password" ; then
   gettext "Your password can not be empty."; echo
 else
   if [ "$password" != "$password_again" ]; then
    gettext "Passwords do not match!"; echo
   else
    ok="y"
   fi
fi
done

fi

if [ $prompt -eq 0 ] ; then
echo 
gettext "User rules"; echo
echo "---------------"

eval_gettext "openvasd has a rules system which allows you to restrict the hosts that \$login has the right to test."; echo
gettext "For instance, you may want him to be able to scan his own host only."; echo
echo
gettext "Please see the openvas-adduser(8) man page for the rules syntax."; echo

echo
gettext "Enter the rules for this user, and hit ctrl-D once you are done:"; echo

tmpAddUserDir="$TMPDIR/openvas-adduser.$$/"
tmpAddUserFile="$TMPDIR/openvas-adduser.$$/rules.$$"


gettext "(the user can have an empty rules set)"; echo

mkdir -m 0700 $tmpAddUserDir || { eval_gettext "Error - could not create \$tmpAddUserDir"; echo; exit 1; }

cat > $tmpAddUserFile || {
  	eval_gettext "Error - could not write \$tmpAddUserFile"
	exit 1
}

echo 
echo
gettext "Login             : "; echo $Xn "$login" $Xc ; echo
test -n "$dn" || echo "$sayPasswd ***********" ; 
test -n "$dn" && eval_gettext "DN                : \$dn";
echo
gettext "Rules             : "; echo


cat $tmpAddUserFile

echo
echo
gettext "Is that ok? (y/n) [y] "
else
	cp /dev/null $tmpAddUserFile
fi
read ok

# check for answer, default is Yes, abort on other reply
case $ok in ''|[`gettext "Yy"`]*);; *) 
    rm -rf $tmpAddUserDir
    gettext "Aborted"; echo
    exit 0
esac

# add the user rules in our rules files. 
#
# The users file must end with the default user '*', so we add
# our data at the TOP of the file



#echo "$login:$password" > $TMPDIR/adduser.$$
	

chmod 0700 "$localstatedir/lib/openvas/"
mkdir -p "$localstatedir/lib/openvas/users/$login"
chmod 0700 "$localstatedir/lib/openvas/users/$login"






#
# Create the auth. dir, which contains the user rules,
# password, and plugin acl
#
mkdir -p "$localstatedir/lib/openvas/users/$login/auth"
chmod 0700 "$localstatedir/lib/openvas/users/$login/auth"

if [ "$auth" = "pass" ]; then
    	test -c /dev/urandom &&
	{
	URANDOM=`dd if=/dev/urandom bs=16 count=16 2>/dev/null|$MD5CMD`
	}
	SEED=`(echo $SEED; date; df; ls -l; echo $URANDOM) | $MD5CMD | awk '{print $1}'`
	H=`echo $Xn $SEED$password$Xc | $MD5CMD | awk '{print $1}'`
	echo $H $SEED > "$localstatedir/lib/openvas/users/$login/auth/hash"
elif [ "$auth" = "cert" ]; then
	echo "$dn" > "$localstatedir/lib/openvas/users/$login/auth/dname"
fi



cp $tmpAddUserFile "$localstatedir/lib/openvas/users/$login/auth/rules"



rm -rf $tmpAddUserDir





gettext "user added."; echo

