summaryrefslogtreecommitdiff
path: root/src/conf_mode/system-login.py
AgeCommit message (Collapse)Author
2023-02-27Merge pull request #1644 from aapostoliuk/T4790-sagittaViacheslav Hletenko
T4790: Added check of the sum of radius timeouts
2023-02-25python: T5026: Replace deprecated Python modules crypt, spwdsarthurdev
DeprecationWarning: 'crypt' is deprecated and slated for removal in Python 3.13 DeprecationWarning: 'spwd' is deprecated and slated for removal in Python 3.13
2023-02-24login: T1948: drop absolut path to /usr/libexec/vyos, re-use vyos.defaultsChristian Breunig
2023-02-04Revert "login: T4975: Fixed broken CLI commands"Christian Breunig
This reverts commit 3a6e77d479da4321b851163490a9b79ef2cef7b8. A general solution is implemented in Commit 29a44a73 ("T4975: always sync() filesystem after commit").
2023-02-02login: T4975: Fixed broken CLI commandszsdc
User profile files are not saved to disk after configuration is fully applied. Because of this, after a fast system reset, profile files can be empty, and CLI is broken. This fix adds a `sync()` call after the user's configuration, which should protect from data loss and fix the problem with profiles.
2022-12-08T4790: Added check of the sum of radius timeoutsaapostoliuk
Added check of the sum of radius timeouts. It has to be less or eq 50 sec. Default LOGIN_TIMEOUT from /etc/login.defs minus 10 sec Added check of number of radius servers. It has to be less or eq 25. 50 sec divided by 2sec (minimum recomended login timeout) Otherwise, log in to the device can be descarded.
2022-10-14login: 2fa: T874: remove unused code path for global 1fa settingsChristian Poessinger
2022-10-14login: 2fa: T874: fix Google authenticator issuesChristian Poessinger
Move default values of TOTP configuration from a global to a per user setting. This makes the entire code easier as no global configuration must be blended into the per user config dict. Also it should be possible to set the authentication window "multiple concurrent keys" individual per user. set system login user vyos authentication otp key 'gzkmajid7na2oltajs4kbuq7lq' set system login user vyos authentication plaintext-password 'vyos'
2022-10-12Merge pull request #1555 from goodNETnick/ssh_otpChristian Poessinger
system login: T874: add 2FA support for local and ssh authentication
2022-10-11system login: T874: add 2FA support for local and ssh authenticationgoodNETnick
2022-09-28login: T4715: Auto logout user after inactivityViacheslav Hletenko
Ability to terminate interactive sessions (TTY/PTS) after a period of inactivity. set system login timeout '300'
2022-07-17login: T4536: add all accounts to frr groupChristian Poessinger
2022-05-01login: T4353: fix Jinja2 linting errorsChristian Poessinger
2022-04-04login: T4341: busy wait on userdel(8) until the account was deleted successfullyChristian Poessinger
2022-04-04login: T4341: disable user account prior to deletionChristian Poessinger
2021-09-03login: T971 allow quoting in public-keys optionsPaul Lettington
This patch allows the use of `"` in ssh public-key options which unlocks the ability to set the `from` option in a way that sshd will accept to limit what hosts a user can connect from.
2021-09-02login: T3792: bugfix for usernames containing a hyphenChristian Poessinger
While migrating to get_config_dict() in commit e8a1c291b1 ("login: radius: T3192: migrate to get_config_dict()") the user-name was not excluded from mangling (no_tag_node_value_mangle=True). This resulted in a username "vyos-user" from CLI to be actually created as "vyos_user" on the system. This commit also adds respective Smoketests to prevent this in the future.
2021-09-02login: radius: T3192: drop workaround required by get_config_dict()Christian Poessinger
The workaround is no longer required, as the issue was resolved in get_config_dict() so if it is a <multi/> node, a list is always returned.
2021-07-23login: T3699: verify system username does not conflict with Linux base usersChristian Poessinger
(cherry picked from commit 7292631373ea50f9908796ef2eda32e672d1df2e)
2021-05-02login: T1948: use long options when calling adduserChristian Poessinger
... just to make it easier for users to read the commandline.
2021-04-13login: T3455: Fix edit level configuration for usersever-sever
2021-01-11login: T3208: fix wrong string formatting on my_setvyos/1.4dev0Christian Poessinger
Commit e8a1c291 ("login: radius: T3192: migrate to get_config_dict()") did an invalid forward of the newly encrypted passwort to my_set to store it inside the config.
2021-01-09login: radius: T3192: remove debug print()Christian Poessinger
2021-01-07login: radius: T3192: migrate to get_config_dict()Christian Poessinger
2021-01-07login: radius: T3192: support IPv6 server(s) and source-addressChristian Poessinger
2020-11-27vyos.template: T2720: always enable Jinja2 trim_blocks featureChristian Poessinger
2020-10-09login: T2492: remove empty plaintext-password nodeChristian Poessinger
2020-08-31configd: T2582: add scripts to include list for daemonJohn Estabrook
2020-07-22T2725: Fix config parse for users without passwordsEsa Varemo
Fix for https://phabricator.vyos.net/T2725 T2492 / a07e22377ab83104ac925e13d1824f241f0f8d4a introduced a change which broke the initialization of the user dict. In case the config contained an user without an encrypted-password set, the property would be missing and the commit would crash with `KeyError: 'password_encrypted'`
2020-06-17login: radius: T2299: Implement RADIUS servers priorityDmitriyEshenko
2020-05-29airbag: T2088: explicit enabling of the featureThomas Mangin
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing)
2020-05-22login: T2492: must use try/except when adding user for the first timeChristian Poessinger
2020-05-22login: T2492: re-use code from vyos.utilChristian Poessinger
2020-05-22login: T2492: force setting of encrypted password on first bootChristian Poessinger
2020-05-22login: T2492: fix flake8 warningsChristian Poessinger
2020-05-22login: T2492: do not set encrypted user password when it is not changedChristian Poessinger
2020-04-25login: radius: T2304: add VRF supportChristian Poessinger
This allows the radius client to work when a management VRF is in use.
2020-04-15login: T2295: move from calling an os binary to Python crypt() functionChristian Poessinger
2020-04-12template: T2230: use render to generate templatesThomas Mangin
convert all call to jinja to use template.render
2020-04-11util: T2205: convert system login to call and cmdThomas Mangin
2020-04-09util: T2226: os.system was wrongly converted to runThomas Mangin
os.system does print the ouput of the command, run() does not. A new function called call() does the printing and return the error code.
2020-04-06util: T2226: rewrite certbot to use cmdThomas Mangin
Previously failures of mkpasswd would not be reported to users
2020-04-05system-login: T2230: move inlined templates to dedicated filesChristian Poessinger
2020-03-05login: T2050: extend verify() on public-keysChristian Poessinger
* A type must be present for any one public-key element * A key must be present for any one public-key element
2020-02-27login: T2050: retrieve home directory for SSH keys from OS and not guess itChristian Poessinger
We should not rely on the home dir value stored in user['home_dir'] as if a crazy user will choose username root or any other system user this will fail. Should be deny using root at all?
2020-02-25login: T1948: migrade local and radius configurationsChristian Poessinger
Splitting was not a good idea. By combining both we can create a RADIUS server XML include file which can be reused by multiple implementations to get a uniformed CLI for the users.