#!/usr/bin/perl
# Copyright © 2005-2023 Philip Hands <phil@hands.com>
# distributed under the terms of the GNU GPL version 2 or (at your option) any later version
# see the file "COPYING" for details

use strict;
use warnings;

my $users=shift;
my $pwfile=shift;

my %user_crypt = () ;

open(USERS, $users) or die "Can't open '$users' for input: $!";
while (<USERS>) {
  chomp ;
  next if /^\s*(#|$)/ ;

  my ($user,$crypt,$sudoer,$gecos,$sshkeys) = split(':') ;

  $user_crypt{$user} = ($crypt ne "BLANK") ? $crypt : '' ;

  system("adduser --disabled-password --gecos \"$gecos\" $user")
    unless ("root" eq "$user") ;

  system("adduser $user sudo") if ($sudoer) ;

  system("mkdir -p -m 0700 ~$user/.ssh") ;
  if (defined($sshkeys)) {
    foreach my $key (split(',',$sshkeys)) {
      system("cat /tmp/sshkeys.$key >> ~$user/.ssh/authorized_keys") ;
    }
  }
  system("chown -R $user: ~$user/.ssh") ;
}
close(USERS) ;

our $^I = ''; # this puts us in inline editing mode
our @ARGV = ($pwfile);

while ( <ARGV> ) {
  my ($user,$crypt) = split(':') ;

  if (/^([^:]*):(!|BLANK):(.*)$/) {
    if (defined($user_crypt{$1})) {
      $_ = $1 . ':' . $user_crypt{$1} . ':' . $3 . "\n" ;
    }
  }
  print;
}