diff options
Diffstat (limited to 'src/conf_mode/system-login.py')
| -rwxr-xr-x | src/conf_mode/system-login.py | 44 |
1 files changed, 31 insertions, 13 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 99af5c757..da0fc2a25 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -158,11 +158,29 @@ def generate(login): env = os.environ.copy() env['vyos_libexec_dir'] = '/usr/libexec/vyos' - call(f"/opt/vyatta/sbin/my_delete system login user '{user}' " \ - f"authentication plaintext-password", env=env) - - call(f"/opt/vyatta/sbin/my_set system login user '{user}' " \ - f"authentication encrypted-password '{encrypted_password}'", env=env) + # Set default commands for re-adding user with encrypted password + del_user_plain = f"system login user '{user}' authentication plaintext-password" + add_user_encrypt = f"system login user '{user}' authentication encrypted-password '{encrypted_password}'" + + lvl = env['VYATTA_EDIT_LEVEL'] + # We're in config edit level, for example "edit system login" + # Change default commands for re-adding user with encrypted password + if lvl != '/': + # Replace '/system/login' to 'system login' + lvl = lvl.strip('/').split('/') + # Convert command str to list + del_user_plain = del_user_plain.split() + # New command exclude level, for example "edit system login" + del_user_plain = del_user_plain[len(lvl):] + # Convert string to list + del_user_plain = " ".join(del_user_plain) + + add_user_encrypt = add_user_encrypt.split() + add_user_encrypt = add_user_encrypt[len(lvl):] + add_user_encrypt = " ".join(add_user_encrypt) + + call(f"/opt/vyatta/sbin/my_delete {del_user_plain}", env=env) + call(f"/opt/vyatta/sbin/my_set {add_user_encrypt}", env=env) else: try: if getspnam(user).sp_pwdp == dict_search('authentication.encrypted_password', user_config): @@ -191,27 +209,27 @@ def apply(login): for user, user_config in login['user'].items(): # make new user using vyatta shell and make home directory (-m), # default group of 100 (users) - command = 'useradd -m -N' + command = 'useradd --create-home --no-user-group' # check if user already exists: if user in get_local_users(): # update existing account command = 'usermod' # all accounts use /bin/vbash - command += ' -s /bin/vbash' + command += ' --shell /bin/vbash' # we need to use '' quotes when passing formatted data to the shell # else it will not work as some data parts are lost in translation tmp = dict_search('authentication.encrypted_password', user_config) - if tmp: command += f" -p '{tmp}'" + if tmp: command += f" --password '{tmp}'" tmp = dict_search('full_name', user_config) - if tmp: command += f" -c '{tmp}'" + if tmp: command += f" --comment '{tmp}'" tmp = dict_search('home_directory', user_config) - if tmp: command += f" -d '{tmp}'" - else: command += f" -d '/home/{user}'" + if tmp: command += f" --home '{tmp}'" + else: command += f" --home '/home/{user}'" - command += f' -G frrvty,vyattacfg,sudo,adm,dip,disk {user}' + command += f' --groups frrvty,vyattacfg,sudo,adm,dip,disk {user}' try: cmd(command) @@ -236,7 +254,7 @@ def apply(login): call(f'pkill -HUP -u {user}') # Remove user account but leave home directory to be safe - call(f'userdel -r {user}', stderr=DEVNULL) + call(f'userdel --remove {user}', stderr=DEVNULL) except Exception as e: raise ConfigError(f'Deleting user "{user}" raised exception: {e}') |