summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorrbalocca <rbalocca@vyatta.com>2008-03-14 14:44:19 -0700
committerrbalocca <rbalocca@vyatta.com>2008-03-14 14:44:19 -0700
commitbf635bfbb05a255adeffd923302dd90e349aa52d (patch)
treeae5bb611870759a30d80546deec3e1886676f9f1
parent1c352fd2c2fe87d398e288f536cf9178406ce749 (diff)
parentd73480b922f5fabb0f885e8df53b7d03425580e4 (diff)
downloadvyatta-cfg-quagga-bf635bfbb05a255adeffd923302dd90e349aa52d.tar.gz
vyatta-cfg-quagga-bf635bfbb05a255adeffd923302dd90e349aa52d.zip
Merge branch 'glendale' into hollywood
-rw-r--r--Makefile.am4
-rw-r--r--debian/control1
-rw-r--r--debian/vyatta-cfg-system.postinst.in1
-rwxr-xr-xscripts/install-system106
-rwxr-xr-xscripts/system/vyatta_update_login.pl132
-rw-r--r--templates/interfaces/bridge/node.tag/address/node.def1
-rw-r--r--templates/interfaces/tunnel/node.def25
-rw-r--r--templates/interfaces/tunnel/node.tag/address/node.def6
-rw-r--r--templates/interfaces/tunnel/node.tag/disable/node.def7
-rw-r--r--templates/interfaces/tunnel/node.tag/encapsulation/node.def7
-rw-r--r--templates/interfaces/tunnel/node.tag/key/node.def12
-rw-r--r--templates/system/login/node.def2
-rw-r--r--templates/system/login/radius-server/node.def10
-rw-r--r--templates/system/login/user/node.def26
14 files changed, 251 insertions, 89 deletions
diff --git a/Makefile.am b/Makefile.am
index d92c4dc1..44c4ef12 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -9,11 +9,13 @@ sysconf_DATA =
bin_SCRIPTS += scripts/progress-indicator
bin_SCRIPTS += scripts/vyatta-functions
-bin_SCRIPTS += scripts/init-floppy
+
+sbin_SCRIPTS += scripts/init-floppy
sbin_SCRIPTS += scripts/rl-system.init
sbin_SCRIPTS += scripts/install-system
sbin_SCRIPTS += scripts/quick-install
sbin_SCRIPTS += scripts/standalone_root_pw_reset
+sbin_SCRIPTS += scripts/system/vyatta_update_login.pl
sbin_SCRIPTS += scripts/system/vyatta_update_login_user.pl
sbin_SCRIPTS += scripts/system/vyatta_update_logrotate.pl
sbin_SCRIPTS += scripts/system/vyatta_update_resolv.pl
diff --git a/debian/control b/debian/control
index 3d4965c5..a60e21dd 100644
--- a/debian/control
+++ b/debian/control
@@ -12,6 +12,7 @@ Depends: bash (>= 3.1),
perl (>= 5.8.8),
procps (>= 1:3.2.7-3),
coreutils (>= 5.97-5.3),
+ libpam-radius-auth,
vyatta-cfg, sysv-rc, ntp, sysklogd, busybox, ssh, whois, sudo,
snmpd, keepalived, vyatta-bash, bridge-utils, tshark
Suggests: util-linux (>= 2.13-5),
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index 979760f6..aca479ea 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -64,7 +64,6 @@ mv /etc/crontab.$$ /etc/crontab
crontab /etc/crontab
# create needed directories
-mkdir -p /etc/raddb
mkdir -p /var/log/{user,vrrpd}
touch /etc/environment
diff --git a/scripts/install-system b/scripts/install-system
index 8d52e11b..eb4c7bb3 100755
--- a/scripts/install-system
+++ b/scripts/install-system
@@ -221,34 +221,39 @@ select_partition () {
text=$2
echo -n "Looking for appropriate partitions: "
- progress_indicator start
+ progress_indicator start
# initialize out global var. using globals in this way is bad form. I know.
PARTITION=''
# list only the partitions in /proc/partitions.
parts=$(cat /proc/partitions | awk '{ if ($4!="name") { print $4 " "} }' | egrep "[0-9]" | egrep -v "loop" | tr -d '\n')
-
+
# Get the partition sizes for display
- # only show partitions that have sizes, i.e. remove loops
+ # only show linux partitions that have sizes, i.e. remove loops
display=''
for part in $parts
do
- lsize=$(get_drive_size $part)
- if [ "$lsize" -a $lsize -ge $minsize ]; then
- display="$display $part\t\t$lsize"MB"\n"
+ rootdev=$(echo $part | sed 's/[0-9]//g')
+ parttype=$(fdisk -l /dev/$rootdev | grep $part | grep Linux)
+ if [ -n "$parttype" ]; then
+ lsize=$(get_drive_size $part)
+ if [ "$lsize" -a $lsize -ge $minsize ]; then
+ display="$display $part\t\t$lsize"MB"\n"
+ myparts="$myparts $part"
+ fi
fi
done
- progress_indicator stop
+ progress_indicator stop
echo "OK"
- if [ -n "$parts" ]; then
+ if [ -n "$myparts" ]; then
lpartition=''
while [ -z "$lpartition" ]
do
# take the first partition as the default
- lpartition=$(echo $parts | /usr/bin/awk '{ print $1 }')
+ lpartition=$(echo $myparts | /usr/bin/awk '{ print $1 }')
echo "I found the following partitions suitable for the Vyatta image:"
echo -e "Partition\tSize"
@@ -256,7 +261,7 @@ select_partition () {
echo
echo -n "$text [$lpartition]: "
- lpartition=$(get_response "$lpartition" "$parts")
+ lpartition=$(get_response "$lpartition" "$myparts")
echo
done
else
@@ -266,6 +271,47 @@ select_partition () {
PARTITION=$lpartition
}
+## check_config_partition
+# look to see if this partition contains a config file
+# and back it up
+check_config_partition() {
+ lpart=$1
+
+ # Look to see if this is a config partition
+ mkdir -p /mnt/tmp
+ output=$(mount /dev/$lpart /mnt/tmp 2>&1)
+ if [ $? != 0 ]; then
+ echo -e "Cannot mount /dev/$lpart"."\nPlease see $INSTALL_LOG for more details.\nExiting.."
+ echo -e "Cannot mount /dev/$lpart"."\nmount /dev/$ldrive$part /mnt/tmp\nExiting..." >> $INSTALL_LOG
+ echo "$output" >> $INSTALL_LOG
+ exit 1
+ fi
+
+ # Look to see if there is a config partition there
+ if [ -f /mnt/tmp/opt/vyatta/etc/config/.vyatta_config ] || [ -f /mnt/tmp/.vyatta_config ]; then
+ response=''
+ while [ -z "$response" ]
+ do
+ echo "/dev/$lpart has an old configuration directory!"
+ echo -ne "Would you like me to save the data on it\nbefore I delete it? (Yes/No) [Yes]: "
+ response=$(get_response "Yes" "Yes No Y N")
+ if [ "$response" == "yes" ] || [ "$response" == "y" ]; then
+ mkdir -p /mnt/config
+ if [ -d /mnt/tmp/opt/vyatta/etc/config ]; then
+ output=$(cp -pR /mnt/tmp/opt/vyatta/etc/config/* /mnt/config)
+ else
+ output=$(cp -pR /mnt/tmp/* /mnt/config)
+ fi
+ if [ -n "$output" ]; then
+ echo -e "Warning: error in copying the old config partition.\nSee $INSTALL_LOG for more details."
+ echo -e "Warning: error in copying the old config partition.\ncp -pR /mnt/tmp/* /mnt/config\n$output\n" >> $INSTALL_LOG
+ fi
+ fi
+ done
+ fi
+ umount /mnt/tmp
+}
+
# Delete all existing partitions for an automated install
# $1 is the drive to delete partitions from
delete_partitions () {
@@ -278,38 +324,7 @@ delete_partitions () {
for part in $partitions
do
# Look to see if this is a config partition
- mkdir -p /mnt/tmp
- output=$(mount /dev/$ldrive$part /mnt/tmp 2>&1)
- if [ $? != 0 ]; then
- echo -e "Cannot mount /dev/$ldrive$part"."\nPlease see $INSTALL_LOG for more details.\nExiting.."
- echo -e "Cannot mount /dev/$ldrive$part"."\nmount /dev/$ldrive$part /mnt/tmp\nExiting..." >> $INSTALL_LOG
- echo "$output" >> $INSTALL_LOG
- exit 1
- fi
-
- # Look to see if there is a config parition there
- if [ -f /mnt/tmp/opt/vyatta/etc/config/.vyatta_config ] || [ -f .vyatta_config ]; then
- response=''
- while [ -z "$response" ]
- do
- echo "/dev/$ldrive$part has an old configuration directory!"
- echo -ne "Would you like me to save the data on it\nbefore I delete it? (Yes/No) [Yes]: "
- response=$(get_response "Yes" "Yes No Y N")
- if [ "$response" == "yes" ] || [ "$response" == "y" ]; then
- mkdir -p /mnt/config
- if [ -d /mnt/tmp/opt/vyatta/etc/config ]; then
- output=$(cp -pR /mnt/tmp/opt/vyatta/etc/config/* /mnt/config)
- else
- output=$(cp -pR /mnt/tmp/* /mnt/config)
- fi
- if [ -n "$output" ]; then
- echo -e "Warning: error in copying the old config partition.\nSee $INSTALL_LOG for more details."
- echo -e "Warning: error in copying the old config partition.\ncp -pR /mnt/tmp/* /mnt/config\n$output\n" >> $INSTALL_LOG
- fi
- fi
- done
- fi
- umount /mnt/tmp
+ check_config_partition "$ldrive$part"
echo "Removing partition $part on /dev/$ldrive" >> $INSTALL_LOG
output=$(parted /dev/$ldrive rm $part)
@@ -318,7 +333,7 @@ delete_partitions () {
echo -e "Warning: cannot delete partition $part on $ldrive.\nPlease see $INSTALL_LOG for more details."
echo -e "Warning: cannot delete partition $part on $ldrive.\nparted /dev/$ldrive rm $part\n$output" >> $INSTALL_LOG
fi
-
+
# We add a bogus sleep here because the loop needs to wait for udev
sleep 5
done
@@ -642,13 +657,16 @@ setup_method_manual() {
fi
done
+ # check for an old config on the partition
+ check_config_partition "$ROOT_PARTITION"
+
# create the ext3 fs on the part
make_filesystem "$ROOT_PARTITION"
# We need to set the INSTALL_DRIVE if it wasn't set when the user ran parted
# We assume that we will use the boot sector of the same drive that the partition is on
# TODO: Allow different drives to function as the boot device
- if [ -z "INSTALL_DRIVE" ]; then
+ if [ -z "$INSTALL_DRIVE" ]; then
INSTALL_DRIVE=$(echo $ROOT_PARTITION | sed 's/[0-9]//g')
fi
}
diff --git a/scripts/system/vyatta_update_login.pl b/scripts/system/vyatta_update_login.pl
new file mode 100755
index 00000000..985ef7b4
--- /dev/null
+++ b/scripts/system/vyatta_update_login.pl
@@ -0,0 +1,132 @@
+#!/usr/bin/perl
+
+use strict;
+use lib "/opt/vyatta/share/perl5";
+use VyattaConfig;
+
+# handle "user"
+my $uconfig = new VyattaConfig;
+$uconfig->setLevel("system login user");
+my %users = $uconfig->listNodeStatus();
+my @user_keys = sort keys %users;
+if ((scalar(@user_keys) <= 0) || !(grep /^root$/, @user_keys)
+ || ($users{'root'} eq 'deleted')) {
+ # root is deleted
+ print STDERR "User \"root\" cannot be deleted\n";
+ exit 1;
+}
+
+# we have some users
+for my $user (@user_keys) {
+ if ($users{$user} eq 'deleted') {
+ system("sudo /opt/vyatta/sbin/vyatta_update_login_user.pl -d '$user'");
+ exit 1 if ($? >> 8);
+ } elsif ($users{$user} eq 'added' || $users{$user} eq 'changed') {
+ my $fname = $uconfig->returnValue("$user full-name");
+ my $level = $uconfig->returnValue("$user level");
+ my $p = $uconfig->returnValue("$user authentication encrypted-password");
+ system("sudo /opt/vyatta/sbin/vyatta_update_login_user.pl '$user' "
+ . "'$fname' '$p' '$level'");
+ exit 1 if ($? >> 8);
+ } else {
+ # not changed. do nothing.
+ }
+}
+
+my $PAM_RAD_CFG = '/etc/pam_radius_auth.conf';
+my $PAM_RAD_BEGIN = '# BEGIN Vyatta Radius servers';
+my $PAM_RAD_END = '# END Vyatta Radius servers';
+
+sub is_pam_radius_present {
+ if (!open(AUTH, '/etc/pam.d/common-auth')) {
+ print STDERR "Cannot open /etc/pam.d/common-auth\n";
+ exit 1;
+ }
+ my $present = 0;
+ while (<AUTH>) {
+ if (/\ssufficient\spam_radius_auth\.so$/) {
+ $present = 1;
+ last;
+ }
+ }
+ close AUTH;
+ return $present;
+}
+
+sub remove_pam_radius {
+ return 1 if (!is_pam_radius_present());
+ my $cmd = 'sudo sh -c "'
+ . 'sed -i \'/\tsufficient\tpam_radius_auth\.so$/d;'
+ . '/\tpam_unix\.so /{s/ use_first_pass$//}\' '
+ . '/etc/pam.d/common-auth && '
+ . 'sed -i \'/\tsufficient\tpam_radius_auth\.so$/d\' '
+ . '/etc/pam.d/common-account"';
+ system($cmd);
+ return 0 if ($? >> 8);
+ return 1;
+}
+
+sub add_pam_radius {
+ return 1 if (is_pam_radius_present());
+ my $cmd = 'sudo sh -c "'
+ . 'sed -i \'s/^\(auth\trequired\tpam_unix\.so.*\)$'
+ . '/auth\tsufficient\tpam_radius_auth.so\n\1 use_first_pass/\' '
+ . '/etc/pam.d/common-auth && '
+ . 'sed -i \'s/^\(account\trequired\tpam_unix\.so.*\)$'
+ . '/account\tsufficient\tpam_radius_auth.so\n\1/\' '
+ . '/etc/pam.d/common-account"';
+ system($cmd);
+ return 0 if ($? >> 8);
+ return 1;
+}
+
+sub remove_radius_servers {
+ system("sudo sed -i '/^$PAM_RAD_BEGIN\$/,/^$PAM_RAD_END\$/{d}' "
+ . "$PAM_RAD_CFG");
+ return 0 if ($? >> 8);
+ return 1;
+}
+
+sub add_radius_servers {
+ my $str = shift;
+ system("sudo sh -c \""
+ . "echo '$PAM_RAD_BEGIN\n$str$PAM_RAD_END\n' >> $PAM_RAD_CFG\"");
+ return 0 if ($? >> 8);
+ return 1;
+}
+
+# handle "radius-server"
+my $rconfig = new VyattaConfig;
+$rconfig->setLevel("system login radius-server");
+my %servers = $rconfig->listNodeStatus();
+my @server_keys = sort keys %servers;
+if (scalar(@server_keys) <= 0) {
+ # all radius servers deleted
+ exit 1 if (!remove_pam_radius());
+ exit 0;
+}
+
+# we have some servers
+my $all_deleted = 1;
+my $server_str = '';
+remove_radius_servers();
+for my $server (@server_keys) {
+ if ($servers{$server} ne 'deleted') {
+ $all_deleted = 0;
+ my $port = $rconfig->returnValue("$server port");
+ my $secret = $rconfig->returnValue("$server secret");
+ my $timeout = $rconfig->returnValue("$server timeout");
+ $server_str .= "$server:$port\t$secret\t$timeout\n";
+ }
+}
+
+if ($all_deleted) {
+ # all radius servers deleted
+ exit 1 if (!remove_pam_radius());
+} else {
+ exit 1 if (!add_radius_servers($server_str));
+ exit 1 if (!add_pam_radius());
+}
+
+exit 0;
+
diff --git a/templates/interfaces/bridge/node.tag/address/node.def b/templates/interfaces/bridge/node.tag/address/node.def
index 410c072b..23b1262f 100644
--- a/templates/interfaces/bridge/node.tag/address/node.def
+++ b/templates/interfaces/bridge/node.tag/address/node.def
@@ -4,6 +4,7 @@ help: Configure an IP address for this interface
syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr $VAR(@) --dev $VAR(../@)"; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../@)"
update:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@)"; "Error setting address $VAR(@) on interface $VAR(../@)"
delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@)"; "Error deleting address $VAR(@) on interface $VAR(../@)"
+allowed: echo "dhcp <>"
comp_help:Possible completions:
<IP address>/<prefix length>\tSet the IP address and prefix length
dhcp\t\t\t\tSet the IP address and prefix length via DHCP
diff --git a/templates/interfaces/tunnel/node.def b/templates/interfaces/tunnel/node.def
index 73c8e572..9ebb581c 100644
--- a/templates/interfaces/tunnel/node.def
+++ b/templates/interfaces/tunnel/node.def
@@ -2,10 +2,23 @@ tag:
type: txt
help: Configure a tunnel interface
syntax:expression: $VAR(@) in "tun0", "tun1", "tun2", "tun3", "tun4", "tun5", "tun6", "tun7", "tun8", "tun9" ; "Must be (tun0 - tun9)"
-commit:expression: $VAR(./local-ip/) != "" ; "Must configure the tunnel local-ip"
-commit:expression: $VAR(./remote-ip/) != "" ; "Must configure the tunnel remote-ip"
-commit:expression: $VAR(./encapsulation/) != "" ; "Must configure the tunnel encapsulation"
-create:expression: "sudo ip tunnel add $VAR(@) local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) mode $VAR(./encapsulation/@)"
-create:expression: "sudo ip link set $VAR(@) up"
-delete:expression: "sudo ip tunnel del $VAR(@)"
+
+commit:expression: $VAR(./local-ip/) != "" ; \
+ "Must configure the tunnel local-ip for $VAR(@)"
+commit:expression: $VAR(./remote-ip/) != "" ; \
+ "Must configure the tunnel remote-ip for $VAR(@)"
+commit:expression: $VAR(./encapsulation/) != "" ; \
+ "Must configure the tunnel encapsulation for $VAR(@)"
+
+create:expression: "\
+ if [ -n \"$VAR(./key/@)\" ]; then \
+ KEY=\"key $VAR(./key/@)\"; \
+ fi; \
+ sudo ip tunnel add $VAR(@) \
+ local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) \
+ mode $VAR(./encapsulation/@) $KEY; \
+ sudo ip link set $VAR(@) up;" ; "Error creating $VAR(@)"
+
+delete:expression: "sudo ip tunnel del $VAR(@)" ; "Error deleting $VAR(@)"
+
comp_help: "Enter tunnel interface name (tun0 - tun9)"
diff --git a/templates/interfaces/tunnel/node.tag/address/node.def b/templates/interfaces/tunnel/node.tag/address/node.def
index fe58ae05..4d91c9ba 100644
--- a/templates/interfaces/tunnel/node.tag/address/node.def
+++ b/templates/interfaces/tunnel/node.tag/address/node.def
@@ -1,8 +1,12 @@
multi:
type: txt
help: Configure an IP address for this interface
+
syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr $VAR(@) --dev $VAR(../@)"; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../@)"
+
update:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@)"; "Error setting address $VAR(@) on interface $VAR(../@)"
+
delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@)"; "Error deleting address $VAR(@) on interface $VAR(../@)"
+
comp_help:Possible completions:
- <IP address>/<prefix length>\tSet the IP address and prefix length
+ <IP address>/<prefix length> Set the IP address and prefix length
diff --git a/templates/interfaces/tunnel/node.tag/disable/node.def b/templates/interfaces/tunnel/node.tag/disable/node.def
index 9c795c61..cd3c019a 100644
--- a/templates/interfaces/tunnel/node.tag/disable/node.def
+++ b/templates/interfaces/tunnel/node.tag/disable/node.def
@@ -1,3 +1,6 @@
help: Disable interface
-update:expression: "sudo ip link set $VAR(../@) down"; "Error disabling dev $VAR(../@)"
-delete:expression: "sudo ip link set $VAR(../@) up"; "Error enabling dev $VAR(../@)"
+update:expression: "sudo ip link set $VAR(../@) down"; \
+ "Error disabling dev $VAR(../@)"
+
+delete:expression: "sudo ip link set $VAR(../@) up"; \
+ "Error enabling dev $VAR(../@)"
diff --git a/templates/interfaces/tunnel/node.tag/encapsulation/node.def b/templates/interfaces/tunnel/node.tag/encapsulation/node.def
index 98745b2d..02d579a9 100644
--- a/templates/interfaces/tunnel/node.tag/encapsulation/node.def
+++ b/templates/interfaces/tunnel/node.tag/encapsulation/node.def
@@ -1,7 +1,12 @@
type: txt
help: Set the encapsulation of this tunnel interface
+
syntax:expression: $VAR(@) in "ipip", "gre", "sit"; "Must be (ipip, gre, sit)"
-update:expression: "sudo ip tunnel change $VAR(../@) mode $VAR(@)"
+
+create:expression: "true"
+update:expression: "false" ; \
+ "Encapsulation can only be set at tunnel creation for $VAR(../@)"
+
comp_help: "possible completions:
gre Set Generic Routing Encapsulation
ipip Set IP in IP encapsulation
diff --git a/templates/interfaces/tunnel/node.tag/key/node.def b/templates/interfaces/tunnel/node.tag/key/node.def
index 1c524984..ae244529 100644
--- a/templates/interfaces/tunnel/node.tag/key/node.def
+++ b/templates/interfaces/tunnel/node.tag/key/node.def
@@ -1,6 +1,14 @@
type: u32
help: Set the tunnel key
-syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 999999; "Must be between 0-999999"
-update:expression: "sudo ip tunnel change $VAR(../@) key $VAR(@)"
+syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 999999; \
+ "Must be between 0-999999 for $VAR(../@)"
+
+commit:expression: $VAR(../encapsulation/@) in "gre" ; \
+ "Key only valid for GRE for $VAR(../@)"
+
+create:expression: "true"
+update:expression: "false" ; \
+ "Key can only be set at tunnel creation for $VAR(../@)"
+
comp_help: possible completions
<0-999999> Set a tunnel key
diff --git a/templates/system/login/node.def b/templates/system/login/node.def
index ca2da1b3..d98c03c6 100644
--- a/templates/system/login/node.def
+++ b/templates/system/login/node.def
@@ -1,3 +1,3 @@
help: Configure user access
delete:expression: "echo User root cannot be deleted 1>&2 && exit 1"
-
+end: /opt/vyatta/sbin/vyatta_update_login.pl
diff --git a/templates/system/login/radius-server/node.def b/templates/system/login/radius-server/node.def
index 6d87890c..85ca4cc5 100644
--- a/templates/system/login/radius-server/node.def
+++ b/templates/system/login/radius-server/node.def
@@ -1,10 +1,6 @@
tag:
type: ipv4
help: Radius server authentication configuration
-# need mandatory secret. also need port & timeout (default values?)
-update:expression: "sudo sh -c \"touch /etc/raddb/server && \
-sed -i '/$VAR(@)/d' /etc/raddb/server && \
-echo \\\"$VAR(@):$VAR(port/@)\t$VAR(secret/@)\t$VAR(timeout/@)\\\" \
->> /etc/raddb/server\" "
-delete:expression: "sudo sh -c \"touch /etc/raddb/server && \
-sed -i '/$VAR(@)/d' /etc/raddb/server\" "
+commit:expression: $VAR(port) != "" && $VAR(secret) != ""
+ && $VAR(timeout) != ""
+ ; "Port, secret, and timeout must be specified for Radius"
diff --git a/templates/system/login/user/node.def b/templates/system/login/user/node.def
index 0c1a393d..205a4b7a 100644
--- a/templates/system/login/user/node.def
+++ b/templates/system/login/user/node.def
@@ -4,26 +4,6 @@ help: User account information
commit:expression: $VAR(authentication/encrypted-password) != ""
|| ($VAR(authentication/plaintext-password) != ""
&& $VAR(authentication/plaintext-password/@) != "")
- ; "user password must be specified"
-syntax:expression: pattern $VAR(@) "^[a-zA-Z_][a-zA-Z0-9_-]*\\$?$" ; "invalid user name $VAR(@)"
-# line continuation and $() expansion are done by cli, not sh.
-# need mandatory encrypted password.
-end:expression: "if [ -d /tmp/vyatta-delete-system-login-user-$VAR(@).$PPID ]; \
-then rm -rf /tmp/vyatta-delete-system-login-user-$VAR(@).$PPID && exit 0; \
-fi && \
-sudo /opt/vyatta/sbin/vyatta_update_login_user.pl \
- '$VAR(@)' '$VAR(full-name/@)' '$VAR(authentication/encrypted-password/@)' \
- '$VAR(level/@)'"
-delete:expression: "if [ x$VAR(@) == x ]; then exit 1; fi && \
-if [ x$VAR(@) == xroot ]; then \
- echo Cannot delete user \"root\" 1>&2 && exit 2; \
-fi && \
-if mkdir /tmp/vyatta-delete-system-login-user-$VAR(@).$PPID >& /dev/null; \
-then \
- if ! sudo /opt/vyatta/sbin/vyatta_update_login_user.pl -d '$VAR(@)'; then \
- rm -rf /tmp/vyatta-delete-system-login-user-$VAR(@).$PPID; \
- exit 1; \
- fi; \
-else \
- exit 1; \
-fi"
+ ; "user password must be specified"
+syntax:expression: pattern $VAR(@) "^[a-zA-Z_][a-zA-Z0-9_-]*\\$?$"
+ ; "invalid user name $VAR(@)"