| Age | Commit message (Collapse) | Author |
|---|
|
This reverts commit 7b36c363cd5b0168bd83c399f50a0a360ba3ee58.
A general solution is implemented in Commit ae9dde04 ("T4975: always sync()
filesystem after commit").
|
|
User profile files are not saved to disk after configuration is fully applied.
Because of this, after a fast system reset, profile files can be empty, and CLI
is broken.
This fix adds a `sync()` call after the user's configuration, which should
protect from data loss and fix the problem with profiles.
|
|
(cherry picked from commit 796178f69ce09e28ab9f20c7b5e1ce97ef00a1ff)
|
|
(cherry picked from commit efa753bc661d04967237e7ec3d72d3757230aaf9)
|
|
This patch allows the use of `"` in ssh public-key options which
unlocks the ability to set the `from` option in a way that sshd will
accept to limit what hosts a user can connect from.
(cherry picked from commit 6b52387190f8213e7e02060e894c6ddd4fb7cb3d)
|
|
While migrating to get_config_dict() in commit e8a1c291b1 ("login: radius:
T3192: migrate to get_config_dict()") the user-name was not excluded
from mangling (no_tag_node_value_mangle=True).
This resulted in a username "vyos-user" from CLI to be actually created as
"vyos_user" on the system.
This commit also adds respective Smoketests to prevent this in the future.
(cherry picked from commit 658de9ea0fbe91e593f9cf0a8c434791282af100)
|
|
|
|
|
|
Commit e8a1c291 ("login: radius: T3192: migrate to get_config_dict()") did an
invalid forward of the newly encrypted passwort to my_set to store it inside
the config.
(cherry picked from commit a7fe2ff4fdfcb2619b892aff170d42609965b20b)
|
|
(cherry picked from commit 586b440a835cba7d45e50bb6d1781823903332b6)
|
|
|
|
|
|
|
|
|
|
|
|
Fix for https://phabricator.vyos.net/T2725
T2492 / a07e22377ab83104ac925e13d1824f241f0f8d4a
introduced a change which broke the initialization of
the user dict. In case the config contained an user
without an encrypted-password set, the property would
be missing and the commit would crash with
`KeyError: 'password_encrypted'`
|
|
|
|
airbag must now be explicitly installed.
the patch also allow to fully disables the installation of the logging
code at setup (and not just installing and doing nothing)
|
|
|
|
|
|
|
|
|
|
|
|
This allows the radius client to work when a management VRF is in use.
|
|
|
|
convert all call to jinja to use template.render
|
|
|
|
os.system does print the ouput of the command, run() does not.
A new function called call() does the printing and return the error code.
|
|
Previously failures of mkpasswd would not be reported to users
|
|
|
|
* A type must be present for any one public-key element
* A key must be present for any one public-key element
|
|
We should not rely on the home dir value stored in user['home_dir'] as if a
crazy user will choose username root or any other system user this will fail.
Should be deny using root at all?
|
|
Splitting was not a good idea. By combining both we can create a RADIUS server
XML include file which can be reused by multiple implementations to get a
uniformed CLI for the users.
|
