Change how system login update works

Use a wrapper script in vyatta_update_login.pl and per login method
objects for the update.

2 files changed, 13 insertions, 222 deletions

diff --git a/scripts/system/vyatta_update_login.pl b/scripts/system/vyatta_update_login.pl
index c8c064a7..b2125de1 100755..100644
--- a/scripts/system/vyatta_update_login.pl
+++ b/scripts/system/vyatta_update_login.pl
@@ -20,111 +20,21 @@ use strict;
 use lib "/opt/vyatta/share/perl5";
 use Vyatta::Config;
 
-# handle "user"
-my $uconfig = new Vyatta::Config;
-$uconfig->setLevel("system login user");
+# This is just a simple wrapper that allows for extensiblility
+# of login types.
 
-my %users     = $uconfig->listNodeStatus();
-my @user_keys = sort keys %users;
+my $config = new Vyatta::Config;
+$config->setLevel("system login");
 
-if (   ( scalar(@user_keys) <= 0 )
-    || !( grep /^root$/, @user_keys )
-    || ( $users{'root'} eq 'deleted' ) )
-{
-    # root is deleted
-    die "User \"root\" cannot be deleted\n";
-}
-
-# Exit codes form useradd.8 man page
-my %reasons = (
-    0  => 'success',
-    1  => 'can´t update password file',
-    2  => 'invalid command syntax',
-    3  => 'invalid argument to option',
-    4  => 'UID already in use (and no -o)',
-    6  => 'specified group doesn´t exist',
-    9  => 'username already in use',
-    10 => 'can´t update group file',
-    12 => 'can´t create home directory',
-    13 => 'can´t create mail spool',
-);
+foreach my $type ($config->listNodes()) {
+    my $kind = ucfirst $type;
+    my $location = "Vyatta/Login/$kind.pm";
+    my $class    = "Vyatta::Login::$kind";
+    
+    require $location;
 
-# Map of level to additional groups
-my %level_map = (
-    'admin'    => [ 'quaggavty', 'vyattacfg', 'sudo', 'adm', 'dip', 'disk'],
-    'operator' => [ 'quaggavty', 'operator',  'adm', 'dip', ],
-);
+    my $obj =  $class->new();
+    die "Don't understand $type" unless $obj;
 
-# Construct a map from existing users to group membership
-# Use space seperated format
-my %group_map;
-while (my ($name, undef, undef, $members) = getgrent()) {
-    foreach my $user (split / /,$members) {
-	my $g = $group_map{$user};
-	if ($g) {
-	    my @l = split / /, $g;
-	    push @l, $name;
-	    $group_map{$user} = join(' ', sort @l);
-	} else {
-	    $group_map{$user} = $name;
-	}
-
-    }
+    $obj->update();
 }
-
-# we have some users
-for my $user (@user_keys) {
-    if ( $users{$user} eq 'deleted' ) {
-        system("sudo userdel -r '$user'") == 0
-	    or die "userdel failed: $?\n"
-    }
-    elsif ( $users{$user} eq 'added' || $users{$user} eq 'changed' ) {
-        $uconfig->setLevel("system login user $user");
-        my $pwd  = $uconfig->returnValue('authentication encrypted-password');
-	$pwd or die "Encrypted password not in configuration for $user";
-
-        my $level  = $uconfig->returnValue('level');
-	$level or die "Level not defined for $user";
-
-	# map level to group membership
-        my @groups = @{$level_map{$level}};
-	# add any additional groups from configuration
-        push( @groups, $uconfig->returnValues('group') );
-
-        my $fname = $uconfig->returnValue('full-name');
-        my $home = $uconfig->returnValue('home-directory');
-
-        # Read existing settings
-        my (undef, $opwd, $uid,  $gid, undef, $comment, 
-	    undef, $dir, $shell, undef) = getpwnam($user);
-
-        my $cmd;
-	# not found in existing passwd, must be new
-        if ( !defined $uid ) {
-	    # make new user using vyatta shell
-	    #  and make home directory (-m)
-            #  and with default group of 100 (users)
-            $cmd = 'useradd -s /bin/vbash -m -N';
-        } else {
-	    # If no part of password or group file changed
-	    # then there is nothing to do here.
-	    next if ( $opwd eq $pwd &&
-		      (!$fname || $fname eq $comment) &&
-		      (!$home  || $home eq $dir)  &&
-		      join(' ',  sort @groups) eq $group_map{$user} );
-
-            $cmd = "usermod";
-        }
-
-        $cmd .= " -p '$pwd'";
-        $cmd .= " -c \"$fname\"" if ( defined $fname );
-        $cmd .= " -d \"$home\"" if ( defined $home );
-        $cmd .= ' -G ' . join( ',', @groups );
-        system("sudo $cmd $user");
-	next if ($? == 0);
-	my $reason = $reasons{($? >> 8)};
-	die "Attempt to change user $user failed: $reason\n";
-    }
-}
-
-exit 0;
diff --git a/scripts/system/vyatta_update_radius.pl b/scripts/system/vyatta_update_radius.pl
deleted file mode 100644
index 69e605da..00000000
--- a/scripts/system/vyatta_update_radius.pl
+++ /dev/null
@@ -1,119 +0,0 @@
-#!/usr/bin/perl
-
-# **** License ****
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 as
-# published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# This code was originally developed by Vyatta, Inc.
-# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc.
-# All Rights Reserved.
-#
-# **** End License ****
-
-use strict;
-use lib "/opt/vyatta/share/perl5";
-use Vyatta::Config;
-
-my $PAM_RAD_CFG   = '/etc/pam_radius_auth.conf';
-my $PAM_RAD_BEGIN = '# BEGIN Vyatta Radius servers';
-my $PAM_RAD_END   = '# END Vyatta Radius servers';
-
-sub is_pam_radius_present {
-    open( my $auth , '<' , '/etc/pam.d/common-auth' ) 
-	or die "Cannot open /etc/pam.d/common-auth\n";
-
-    my $present;
-    while (<$auth>) {
-        if (/\ssufficient\spam_radius_auth\.so$/) {
-            $present = 1;
-            last;
-        }
-    }
-    close $auth;
-    return $present;
-}
-
-sub remove_pam_radius {
-    return 1 if ( !is_pam_radius_present() );
-    my $cmd =
-        'sudo sh -c "'
-      . 'sed -i \'/\tsufficient\tpam_radius_auth\.so$/d;'
-      . '/\tpam_unix\.so /{s/ use_first_pass$//}\' '
-      . '/etc/pam.d/common-auth && '
-      . 'sed -i \'/\tsufficient\tpam_radius_auth\.so$/d\' '
-      . '/etc/pam.d/common-account"';
-    system($cmd);
-    return 0 if ( $? >> 8 );
-    return 1;
-}
-
-sub add_pam_radius {
-    return 1 if ( is_pam_radius_present() );
-    my $cmd =
-        'sudo sh -c "'
-      . 'sed -i \'s/^\(auth\trequired\tpam_unix\.so.*\)$'
-      . '/auth\tsufficient\tpam_radius_auth.so\n\1 use_first_pass/\' '
-      . '/etc/pam.d/common-auth && '
-      . 'sed -i \'s/^\(account\trequired\tpam_unix\.so.*\)$'
-      . '/account\tsufficient\tpam_radius_auth.so\n\1/\' '
-      . '/etc/pam.d/common-account"';
-    system($cmd);
-    return 0 if ( $? >> 8 );
-    return 1;
-}
-
-sub remove_radius_servers {
-    system( "sudo sed -i '/^$PAM_RAD_BEGIN\$/,/^$PAM_RAD_END\$/{d}' "
-          . "$PAM_RAD_CFG" );
-    return 0 if ( $? >> 8 );
-    return 1;
-}
-
-sub add_radius_servers {
-    my $str = shift;
-    system( "sudo sh -c \""
-          . "echo '$PAM_RAD_BEGIN\n$str$PAM_RAD_END\n' >> $PAM_RAD_CFG\"" );
-    return 0 if ( $? >> 8 );
-    return 1;
-}
-
-# handle "radius-server"
-my $rconfig = new Vyatta::Config;
-$rconfig->setLevel("system login radius-server");
-my %servers     = $rconfig->listNodeStatus();
-my @server_keys = sort keys %servers;
-if ( scalar(@server_keys) <= 0 ) {
-
-    # all radius servers deleted
-    exit 1 if ( !remove_pam_radius() );
-    exit 0;
-}
-
-# we have some servers
-my $all_deleted = 1;
-my $server_str  = '';
-remove_radius_servers();
-
-for my $server (@server_keys) {
-    if ( $servers{$server} ne 'deleted' ) {
-        $all_deleted = 0;
-        my $port    = $rconfig->returnValue("$server port");
-        my $secret  = $rconfig->returnValue("$server secret");
-        my $timeout = $rconfig->returnValue("$server timeout");
-        $server_str .= "$server:$port\t$secret\t$timeout\n";
-    }
-}
-
-if ($all_deleted) {
-    # all radius servers deleted
-    exit 1 if ( !remove_pam_radius() );
-} else {
-    exit 1 if ( !add_radius_servers($server_str) );
-    exit 1 if ( !add_pam_radius() );
-}