#!/bin/sh
#
# $NetBSD: usergroup-check,v 1.3 2018/08/22 20:48:37 maya Exp $
#
# Copyright (c) 2006 The NetBSD Foundation, Inc.
# All rights reserved.
#
# This code is derived from software contributed to The NetBSD Foundation
# by Johnny C. Lam.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#

######################################################################
#
# NAME
#	usergroup-check -- verify that users/groups match numeric IDs
#
# SYNOPSIS
#	usergroup-check -g [group_entry ...]
#	usergroup-check -u [user_entry ...]
#
# DESCRIPTION
#       usergroup-check checks for the existence of users and groups
#	and verifies that they match the requested numeric IDs if
#	given.  The group_entry format matches that of /etc/group and
#	the user_entry format matches that of /etc/passwd, though the
#	field contents may be empty.
#
#	usergroup-check exits 0 if the users and groups exist and match
#	the numeric IDs, and >0 otherwise.
#
# OPTIONS
#	The following command line arguments are supported.
#
#	-g      Indicates that the subsequent arguments are group entries.
#
#	-u      Indicates that the subsequent arguments are user entries.
#
######################################################################

: ${PERL5=perl}

self="${0##*/}"

usage() {
	echo 1>&2 "usage: $self -g [group_entry ...]"
	echo 1>&2 "       $self -u [user_entry ...]"
}

if test $# -lt 1; then
	usage; exit 1
fi

check=
case "$1" in
-g)	check=groups ;;
-u)	check=users ;;
*)	usage; exit 1 ;;
esac
shift

missing_groups=
missing_users=

case $check in
groups)
	while test $# -gt 0; do
		entry="$1"; shift
		( SAVEIFS="$IFS"; IFS=":"
		  set -- $entry; group="$1"; groupid="$2"
		  IFS="$SAVEIFS"
		  gid=`${PERL5} -le 'print scalar getgrnam shift' $group`
		  test -n "$gid" || exit 1
		  case "$groupid" in
		  ""|$gid)     exit 0 ;;
		  *)            exit 1 ;;
		  esac ) || missing_groups="$missing_groups $i"
	done
	;;

users)
	missing_users=
	while test $# -gt 0; do
		entry="$1"; shift
		( SAVEIFS="$IFS"; IFS=":"
		  set -- $entry; user="$1"; userid="$3"
		  IFS="$SAVEIFS"
		  gid=`${PERL5} -le 'print scalar getpwnam shift' $user`
		  test -n "$gid" || exit 1
		  case "$userid" in
		  ""|$gid)     exit 0 ;;
		  *)            exit 1 ;;
		  esac ) || missing_users="$missing_users $i"
	done
	;;
esac

test -z "$missing_groups" -a -z "$missing_users" || exit 1
exit 0