diff options
author | rbalocca <rbalocca@vyatta.com> | 2008-03-14 14:44:19 -0700 |
---|---|---|
committer | rbalocca <rbalocca@vyatta.com> | 2008-03-14 14:44:19 -0700 |
commit | bf635bfbb05a255adeffd923302dd90e349aa52d (patch) | |
tree | ae5bb611870759a30d80546deec3e1886676f9f1 | |
parent | 1c352fd2c2fe87d398e288f536cf9178406ce749 (diff) | |
parent | d73480b922f5fabb0f885e8df53b7d03425580e4 (diff) | |
download | vyatta-cfg-quagga-bf635bfbb05a255adeffd923302dd90e349aa52d.tar.gz vyatta-cfg-quagga-bf635bfbb05a255adeffd923302dd90e349aa52d.zip |
Merge branch 'glendale' into hollywood
-rw-r--r-- | Makefile.am | 4 | ||||
-rw-r--r-- | debian/control | 1 | ||||
-rw-r--r-- | debian/vyatta-cfg-system.postinst.in | 1 | ||||
-rwxr-xr-x | scripts/install-system | 106 | ||||
-rwxr-xr-x | scripts/system/vyatta_update_login.pl | 132 | ||||
-rw-r--r-- | templates/interfaces/bridge/node.tag/address/node.def | 1 | ||||
-rw-r--r-- | templates/interfaces/tunnel/node.def | 25 | ||||
-rw-r--r-- | templates/interfaces/tunnel/node.tag/address/node.def | 6 | ||||
-rw-r--r-- | templates/interfaces/tunnel/node.tag/disable/node.def | 7 | ||||
-rw-r--r-- | templates/interfaces/tunnel/node.tag/encapsulation/node.def | 7 | ||||
-rw-r--r-- | templates/interfaces/tunnel/node.tag/key/node.def | 12 | ||||
-rw-r--r-- | templates/system/login/node.def | 2 | ||||
-rw-r--r-- | templates/system/login/radius-server/node.def | 10 | ||||
-rw-r--r-- | templates/system/login/user/node.def | 26 |
14 files changed, 251 insertions, 89 deletions
diff --git a/Makefile.am b/Makefile.am index d92c4dc1..44c4ef12 100644 --- a/Makefile.am +++ b/Makefile.am @@ -9,11 +9,13 @@ sysconf_DATA = bin_SCRIPTS += scripts/progress-indicator bin_SCRIPTS += scripts/vyatta-functions -bin_SCRIPTS += scripts/init-floppy + +sbin_SCRIPTS += scripts/init-floppy sbin_SCRIPTS += scripts/rl-system.init sbin_SCRIPTS += scripts/install-system sbin_SCRIPTS += scripts/quick-install sbin_SCRIPTS += scripts/standalone_root_pw_reset +sbin_SCRIPTS += scripts/system/vyatta_update_login.pl sbin_SCRIPTS += scripts/system/vyatta_update_login_user.pl sbin_SCRIPTS += scripts/system/vyatta_update_logrotate.pl sbin_SCRIPTS += scripts/system/vyatta_update_resolv.pl diff --git a/debian/control b/debian/control index 3d4965c5..a60e21dd 100644 --- a/debian/control +++ b/debian/control @@ -12,6 +12,7 @@ Depends: bash (>= 3.1), perl (>= 5.8.8), procps (>= 1:3.2.7-3), coreutils (>= 5.97-5.3), + libpam-radius-auth, vyatta-cfg, sysv-rc, ntp, sysklogd, busybox, ssh, whois, sudo, snmpd, keepalived, vyatta-bash, bridge-utils, tshark Suggests: util-linux (>= 2.13-5), diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 979760f6..aca479ea 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -64,7 +64,6 @@ mv /etc/crontab.$$ /etc/crontab crontab /etc/crontab # create needed directories -mkdir -p /etc/raddb mkdir -p /var/log/{user,vrrpd} touch /etc/environment diff --git a/scripts/install-system b/scripts/install-system index 8d52e11b..eb4c7bb3 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -221,34 +221,39 @@ select_partition () { text=$2 echo -n "Looking for appropriate partitions: " - progress_indicator start + progress_indicator start # initialize out global var. using globals in this way is bad form. I know. PARTITION='' # list only the partitions in /proc/partitions. parts=$(cat /proc/partitions | awk '{ if ($4!="name") { print $4 " "} }' | egrep "[0-9]" | egrep -v "loop" | tr -d '\n') - + # Get the partition sizes for display - # only show partitions that have sizes, i.e. remove loops + # only show linux partitions that have sizes, i.e. remove loops display='' for part in $parts do - lsize=$(get_drive_size $part) - if [ "$lsize" -a $lsize -ge $minsize ]; then - display="$display $part\t\t$lsize"MB"\n" + rootdev=$(echo $part | sed 's/[0-9]//g') + parttype=$(fdisk -l /dev/$rootdev | grep $part | grep Linux) + if [ -n "$parttype" ]; then + lsize=$(get_drive_size $part) + if [ "$lsize" -a $lsize -ge $minsize ]; then + display="$display $part\t\t$lsize"MB"\n" + myparts="$myparts $part" + fi fi done - progress_indicator stop + progress_indicator stop echo "OK" - if [ -n "$parts" ]; then + if [ -n "$myparts" ]; then lpartition='' while [ -z "$lpartition" ] do # take the first partition as the default - lpartition=$(echo $parts | /usr/bin/awk '{ print $1 }') + lpartition=$(echo $myparts | /usr/bin/awk '{ print $1 }') echo "I found the following partitions suitable for the Vyatta image:" echo -e "Partition\tSize" @@ -256,7 +261,7 @@ select_partition () { echo echo -n "$text [$lpartition]: " - lpartition=$(get_response "$lpartition" "$parts") + lpartition=$(get_response "$lpartition" "$myparts") echo done else @@ -266,6 +271,47 @@ select_partition () { PARTITION=$lpartition } +## check_config_partition +# look to see if this partition contains a config file +# and back it up +check_config_partition() { + lpart=$1 + + # Look to see if this is a config partition + mkdir -p /mnt/tmp + output=$(mount /dev/$lpart /mnt/tmp 2>&1) + if [ $? != 0 ]; then + echo -e "Cannot mount /dev/$lpart"."\nPlease see $INSTALL_LOG for more details.\nExiting.." + echo -e "Cannot mount /dev/$lpart"."\nmount /dev/$ldrive$part /mnt/tmp\nExiting..." >> $INSTALL_LOG + echo "$output" >> $INSTALL_LOG + exit 1 + fi + + # Look to see if there is a config partition there + if [ -f /mnt/tmp/opt/vyatta/etc/config/.vyatta_config ] || [ -f /mnt/tmp/.vyatta_config ]; then + response='' + while [ -z "$response" ] + do + echo "/dev/$lpart has an old configuration directory!" + echo -ne "Would you like me to save the data on it\nbefore I delete it? (Yes/No) [Yes]: " + response=$(get_response "Yes" "Yes No Y N") + if [ "$response" == "yes" ] || [ "$response" == "y" ]; then + mkdir -p /mnt/config + if [ -d /mnt/tmp/opt/vyatta/etc/config ]; then + output=$(cp -pR /mnt/tmp/opt/vyatta/etc/config/* /mnt/config) + else + output=$(cp -pR /mnt/tmp/* /mnt/config) + fi + if [ -n "$output" ]; then + echo -e "Warning: error in copying the old config partition.\nSee $INSTALL_LOG for more details." + echo -e "Warning: error in copying the old config partition.\ncp -pR /mnt/tmp/* /mnt/config\n$output\n" >> $INSTALL_LOG + fi + fi + done + fi + umount /mnt/tmp +} + # Delete all existing partitions for an automated install # $1 is the drive to delete partitions from delete_partitions () { @@ -278,38 +324,7 @@ delete_partitions () { for part in $partitions do # Look to see if this is a config partition - mkdir -p /mnt/tmp - output=$(mount /dev/$ldrive$part /mnt/tmp 2>&1) - if [ $? != 0 ]; then - echo -e "Cannot mount /dev/$ldrive$part"."\nPlease see $INSTALL_LOG for more details.\nExiting.." - echo -e "Cannot mount /dev/$ldrive$part"."\nmount /dev/$ldrive$part /mnt/tmp\nExiting..." >> $INSTALL_LOG - echo "$output" >> $INSTALL_LOG - exit 1 - fi - - # Look to see if there is a config parition there - if [ -f /mnt/tmp/opt/vyatta/etc/config/.vyatta_config ] || [ -f .vyatta_config ]; then - response='' - while [ -z "$response" ] - do - echo "/dev/$ldrive$part has an old configuration directory!" - echo -ne "Would you like me to save the data on it\nbefore I delete it? (Yes/No) [Yes]: " - response=$(get_response "Yes" "Yes No Y N") - if [ "$response" == "yes" ] || [ "$response" == "y" ]; then - mkdir -p /mnt/config - if [ -d /mnt/tmp/opt/vyatta/etc/config ]; then - output=$(cp -pR /mnt/tmp/opt/vyatta/etc/config/* /mnt/config) - else - output=$(cp -pR /mnt/tmp/* /mnt/config) - fi - if [ -n "$output" ]; then - echo -e "Warning: error in copying the old config partition.\nSee $INSTALL_LOG for more details." - echo -e "Warning: error in copying the old config partition.\ncp -pR /mnt/tmp/* /mnt/config\n$output\n" >> $INSTALL_LOG - fi - fi - done - fi - umount /mnt/tmp + check_config_partition "$ldrive$part" echo "Removing partition $part on /dev/$ldrive" >> $INSTALL_LOG output=$(parted /dev/$ldrive rm $part) @@ -318,7 +333,7 @@ delete_partitions () { echo -e "Warning: cannot delete partition $part on $ldrive.\nPlease see $INSTALL_LOG for more details." echo -e "Warning: cannot delete partition $part on $ldrive.\nparted /dev/$ldrive rm $part\n$output" >> $INSTALL_LOG fi - + # We add a bogus sleep here because the loop needs to wait for udev sleep 5 done @@ -642,13 +657,16 @@ setup_method_manual() { fi done + # check for an old config on the partition + check_config_partition "$ROOT_PARTITION" + # create the ext3 fs on the part make_filesystem "$ROOT_PARTITION" # We need to set the INSTALL_DRIVE if it wasn't set when the user ran parted # We assume that we will use the boot sector of the same drive that the partition is on # TODO: Allow different drives to function as the boot device - if [ -z "INSTALL_DRIVE" ]; then + if [ -z "$INSTALL_DRIVE" ]; then INSTALL_DRIVE=$(echo $ROOT_PARTITION | sed 's/[0-9]//g') fi } diff --git a/scripts/system/vyatta_update_login.pl b/scripts/system/vyatta_update_login.pl new file mode 100755 index 00000000..985ef7b4 --- /dev/null +++ b/scripts/system/vyatta_update_login.pl @@ -0,0 +1,132 @@ +#!/usr/bin/perl + +use strict; +use lib "/opt/vyatta/share/perl5"; +use VyattaConfig; + +# handle "user" +my $uconfig = new VyattaConfig; +$uconfig->setLevel("system login user"); +my %users = $uconfig->listNodeStatus(); +my @user_keys = sort keys %users; +if ((scalar(@user_keys) <= 0) || !(grep /^root$/, @user_keys) + || ($users{'root'} eq 'deleted')) { + # root is deleted + print STDERR "User \"root\" cannot be deleted\n"; + exit 1; +} + +# we have some users +for my $user (@user_keys) { + if ($users{$user} eq 'deleted') { + system("sudo /opt/vyatta/sbin/vyatta_update_login_user.pl -d '$user'"); + exit 1 if ($? >> 8); + } elsif ($users{$user} eq 'added' || $users{$user} eq 'changed') { + my $fname = $uconfig->returnValue("$user full-name"); + my $level = $uconfig->returnValue("$user level"); + my $p = $uconfig->returnValue("$user authentication encrypted-password"); + system("sudo /opt/vyatta/sbin/vyatta_update_login_user.pl '$user' " + . "'$fname' '$p' '$level'"); + exit 1 if ($? >> 8); + } else { + # not changed. do nothing. + } +} + +my $PAM_RAD_CFG = '/etc/pam_radius_auth.conf'; +my $PAM_RAD_BEGIN = '# BEGIN Vyatta Radius servers'; +my $PAM_RAD_END = '# END Vyatta Radius servers'; + +sub is_pam_radius_present { + if (!open(AUTH, '/etc/pam.d/common-auth')) { + print STDERR "Cannot open /etc/pam.d/common-auth\n"; + exit 1; + } + my $present = 0; + while (<AUTH>) { + if (/\ssufficient\spam_radius_auth\.so$/) { + $present = 1; + last; + } + } + close AUTH; + return $present; +} + +sub remove_pam_radius { + return 1 if (!is_pam_radius_present()); + my $cmd = 'sudo sh -c "' + . 'sed -i \'/\tsufficient\tpam_radius_auth\.so$/d;' + . '/\tpam_unix\.so /{s/ use_first_pass$//}\' ' + . '/etc/pam.d/common-auth && ' + . 'sed -i \'/\tsufficient\tpam_radius_auth\.so$/d\' ' + . '/etc/pam.d/common-account"'; + system($cmd); + return 0 if ($? >> 8); + return 1; +} + +sub add_pam_radius { + return 1 if (is_pam_radius_present()); + my $cmd = 'sudo sh -c "' + . 'sed -i \'s/^\(auth\trequired\tpam_unix\.so.*\)$' + . '/auth\tsufficient\tpam_radius_auth.so\n\1 use_first_pass/\' ' + . '/etc/pam.d/common-auth && ' + . 'sed -i \'s/^\(account\trequired\tpam_unix\.so.*\)$' + . '/account\tsufficient\tpam_radius_auth.so\n\1/\' ' + . '/etc/pam.d/common-account"'; + system($cmd); + return 0 if ($? >> 8); + return 1; +} + +sub remove_radius_servers { + system("sudo sed -i '/^$PAM_RAD_BEGIN\$/,/^$PAM_RAD_END\$/{d}' " + . "$PAM_RAD_CFG"); + return 0 if ($? >> 8); + return 1; +} + +sub add_radius_servers { + my $str = shift; + system("sudo sh -c \"" + . "echo '$PAM_RAD_BEGIN\n$str$PAM_RAD_END\n' >> $PAM_RAD_CFG\""); + return 0 if ($? >> 8); + return 1; +} + +# handle "radius-server" +my $rconfig = new VyattaConfig; +$rconfig->setLevel("system login radius-server"); +my %servers = $rconfig->listNodeStatus(); +my @server_keys = sort keys %servers; +if (scalar(@server_keys) <= 0) { + # all radius servers deleted + exit 1 if (!remove_pam_radius()); + exit 0; +} + +# we have some servers +my $all_deleted = 1; +my $server_str = ''; +remove_radius_servers(); +for my $server (@server_keys) { + if ($servers{$server} ne 'deleted') { + $all_deleted = 0; + my $port = $rconfig->returnValue("$server port"); + my $secret = $rconfig->returnValue("$server secret"); + my $timeout = $rconfig->returnValue("$server timeout"); + $server_str .= "$server:$port\t$secret\t$timeout\n"; + } +} + +if ($all_deleted) { + # all radius servers deleted + exit 1 if (!remove_pam_radius()); +} else { + exit 1 if (!add_radius_servers($server_str)); + exit 1 if (!add_pam_radius()); +} + +exit 0; + diff --git a/templates/interfaces/bridge/node.tag/address/node.def b/templates/interfaces/bridge/node.tag/address/node.def index 410c072b..23b1262f 100644 --- a/templates/interfaces/bridge/node.tag/address/node.def +++ b/templates/interfaces/bridge/node.tag/address/node.def @@ -4,6 +4,7 @@ help: Configure an IP address for this interface syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr $VAR(@) --dev $VAR(../@)"; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../@)" update:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@)"; "Error setting address $VAR(@) on interface $VAR(../@)" delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@)"; "Error deleting address $VAR(@) on interface $VAR(../@)" +allowed: echo "dhcp <>" comp_help:Possible completions: <IP address>/<prefix length>\tSet the IP address and prefix length dhcp\t\t\t\tSet the IP address and prefix length via DHCP diff --git a/templates/interfaces/tunnel/node.def b/templates/interfaces/tunnel/node.def index 73c8e572..9ebb581c 100644 --- a/templates/interfaces/tunnel/node.def +++ b/templates/interfaces/tunnel/node.def @@ -2,10 +2,23 @@ tag: type: txt help: Configure a tunnel interface syntax:expression: $VAR(@) in "tun0", "tun1", "tun2", "tun3", "tun4", "tun5", "tun6", "tun7", "tun8", "tun9" ; "Must be (tun0 - tun9)" -commit:expression: $VAR(./local-ip/) != "" ; "Must configure the tunnel local-ip" -commit:expression: $VAR(./remote-ip/) != "" ; "Must configure the tunnel remote-ip" -commit:expression: $VAR(./encapsulation/) != "" ; "Must configure the tunnel encapsulation" -create:expression: "sudo ip tunnel add $VAR(@) local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) mode $VAR(./encapsulation/@)" -create:expression: "sudo ip link set $VAR(@) up" -delete:expression: "sudo ip tunnel del $VAR(@)" + +commit:expression: $VAR(./local-ip/) != "" ; \ + "Must configure the tunnel local-ip for $VAR(@)" +commit:expression: $VAR(./remote-ip/) != "" ; \ + "Must configure the tunnel remote-ip for $VAR(@)" +commit:expression: $VAR(./encapsulation/) != "" ; \ + "Must configure the tunnel encapsulation for $VAR(@)" + +create:expression: "\ + if [ -n \"$VAR(./key/@)\" ]; then \ + KEY=\"key $VAR(./key/@)\"; \ + fi; \ + sudo ip tunnel add $VAR(@) \ + local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) \ + mode $VAR(./encapsulation/@) $KEY; \ + sudo ip link set $VAR(@) up;" ; "Error creating $VAR(@)" + +delete:expression: "sudo ip tunnel del $VAR(@)" ; "Error deleting $VAR(@)" + comp_help: "Enter tunnel interface name (tun0 - tun9)" diff --git a/templates/interfaces/tunnel/node.tag/address/node.def b/templates/interfaces/tunnel/node.tag/address/node.def index fe58ae05..4d91c9ba 100644 --- a/templates/interfaces/tunnel/node.tag/address/node.def +++ b/templates/interfaces/tunnel/node.tag/address/node.def @@ -1,8 +1,12 @@ multi: type: txt help: Configure an IP address for this interface + syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr $VAR(@) --dev $VAR(../@)"; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../@)" + update:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@)"; "Error setting address $VAR(@) on interface $VAR(../@)" + delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@)"; "Error deleting address $VAR(@) on interface $VAR(../@)" + comp_help:Possible completions: - <IP address>/<prefix length>\tSet the IP address and prefix length + <IP address>/<prefix length> Set the IP address and prefix length diff --git a/templates/interfaces/tunnel/node.tag/disable/node.def b/templates/interfaces/tunnel/node.tag/disable/node.def index 9c795c61..cd3c019a 100644 --- a/templates/interfaces/tunnel/node.tag/disable/node.def +++ b/templates/interfaces/tunnel/node.tag/disable/node.def @@ -1,3 +1,6 @@ help: Disable interface -update:expression: "sudo ip link set $VAR(../@) down"; "Error disabling dev $VAR(../@)" -delete:expression: "sudo ip link set $VAR(../@) up"; "Error enabling dev $VAR(../@)" +update:expression: "sudo ip link set $VAR(../@) down"; \ + "Error disabling dev $VAR(../@)" + +delete:expression: "sudo ip link set $VAR(../@) up"; \ + "Error enabling dev $VAR(../@)" diff --git a/templates/interfaces/tunnel/node.tag/encapsulation/node.def b/templates/interfaces/tunnel/node.tag/encapsulation/node.def index 98745b2d..02d579a9 100644 --- a/templates/interfaces/tunnel/node.tag/encapsulation/node.def +++ b/templates/interfaces/tunnel/node.tag/encapsulation/node.def @@ -1,7 +1,12 @@ type: txt help: Set the encapsulation of this tunnel interface + syntax:expression: $VAR(@) in "ipip", "gre", "sit"; "Must be (ipip, gre, sit)" -update:expression: "sudo ip tunnel change $VAR(../@) mode $VAR(@)" + +create:expression: "true" +update:expression: "false" ; \ + "Encapsulation can only be set at tunnel creation for $VAR(../@)" + comp_help: "possible completions: gre Set Generic Routing Encapsulation ipip Set IP in IP encapsulation diff --git a/templates/interfaces/tunnel/node.tag/key/node.def b/templates/interfaces/tunnel/node.tag/key/node.def index 1c524984..ae244529 100644 --- a/templates/interfaces/tunnel/node.tag/key/node.def +++ b/templates/interfaces/tunnel/node.tag/key/node.def @@ -1,6 +1,14 @@ type: u32 help: Set the tunnel key -syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 999999; "Must be between 0-999999" -update:expression: "sudo ip tunnel change $VAR(../@) key $VAR(@)" +syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 999999; \ + "Must be between 0-999999 for $VAR(../@)" + +commit:expression: $VAR(../encapsulation/@) in "gre" ; \ + "Key only valid for GRE for $VAR(../@)" + +create:expression: "true" +update:expression: "false" ; \ + "Key can only be set at tunnel creation for $VAR(../@)" + comp_help: possible completions <0-999999> Set a tunnel key diff --git a/templates/system/login/node.def b/templates/system/login/node.def index ca2da1b3..d98c03c6 100644 --- a/templates/system/login/node.def +++ b/templates/system/login/node.def @@ -1,3 +1,3 @@ help: Configure user access delete:expression: "echo User root cannot be deleted 1>&2 && exit 1" - +end: /opt/vyatta/sbin/vyatta_update_login.pl diff --git a/templates/system/login/radius-server/node.def b/templates/system/login/radius-server/node.def index 6d87890c..85ca4cc5 100644 --- a/templates/system/login/radius-server/node.def +++ b/templates/system/login/radius-server/node.def @@ -1,10 +1,6 @@ tag: type: ipv4 help: Radius server authentication configuration -# need mandatory secret. also need port & timeout (default values?) -update:expression: "sudo sh -c \"touch /etc/raddb/server && \ -sed -i '/$VAR(@)/d' /etc/raddb/server && \ -echo \\\"$VAR(@):$VAR(port/@)\t$VAR(secret/@)\t$VAR(timeout/@)\\\" \ ->> /etc/raddb/server\" " -delete:expression: "sudo sh -c \"touch /etc/raddb/server && \ -sed -i '/$VAR(@)/d' /etc/raddb/server\" " +commit:expression: $VAR(port) != "" && $VAR(secret) != "" + && $VAR(timeout) != "" + ; "Port, secret, and timeout must be specified for Radius" diff --git a/templates/system/login/user/node.def b/templates/system/login/user/node.def index 0c1a393d..205a4b7a 100644 --- a/templates/system/login/user/node.def +++ b/templates/system/login/user/node.def @@ -4,26 +4,6 @@ help: User account information commit:expression: $VAR(authentication/encrypted-password) != "" || ($VAR(authentication/plaintext-password) != "" && $VAR(authentication/plaintext-password/@) != "") - ; "user password must be specified" -syntax:expression: pattern $VAR(@) "^[a-zA-Z_][a-zA-Z0-9_-]*\\$?$" ; "invalid user name $VAR(@)" -# line continuation and $() expansion are done by cli, not sh. -# need mandatory encrypted password. -end:expression: "if [ -d /tmp/vyatta-delete-system-login-user-$VAR(@).$PPID ]; \ -then rm -rf /tmp/vyatta-delete-system-login-user-$VAR(@).$PPID && exit 0; \ -fi && \ -sudo /opt/vyatta/sbin/vyatta_update_login_user.pl \ - '$VAR(@)' '$VAR(full-name/@)' '$VAR(authentication/encrypted-password/@)' \ - '$VAR(level/@)'" -delete:expression: "if [ x$VAR(@) == x ]; then exit 1; fi && \ -if [ x$VAR(@) == xroot ]; then \ - echo Cannot delete user \"root\" 1>&2 && exit 2; \ -fi && \ -if mkdir /tmp/vyatta-delete-system-login-user-$VAR(@).$PPID >& /dev/null; \ -then \ - if ! sudo /opt/vyatta/sbin/vyatta_update_login_user.pl -d '$VAR(@)'; then \ - rm -rf /tmp/vyatta-delete-system-login-user-$VAR(@).$PPID; \ - exit 1; \ - fi; \ -else \ - exit 1; \ -fi" + ; "user password must be specified" +syntax:expression: pattern $VAR(@) "^[a-zA-Z_][a-zA-Z0-9_-]*\\$?$" + ; "invalid user name $VAR(@)" |