diff options
| -rw-r--r-- | debian/vyatta-cfg-system.postinst.in | 3 | ||||
| -rw-r--r-- | lib/Vyatta/Login/RadiusServer.pm | 29 | ||||
| -rwxr-xr-x | scripts/rl-system.init | 4 |
3 files changed, 23 insertions, 13 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index fbf53739..4265d14b 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -132,9 +132,6 @@ EOF fi done - # Install pamradius config (should come with radius client eventually) - cp $sysconfdir/pam_radius.cfg /usr/share/pam-configs/radius - cp $sysconfdir/vyatta-sysctl.conf /etc/sysctl.d/30-vyatta-router.conf fi diff --git a/lib/Vyatta/Login/RadiusServer.pm b/lib/Vyatta/Login/RadiusServer.pm index d60f2baa..0de9bd28 100644 --- a/lib/Vyatta/Login/RadiusServer.pm +++ b/lib/Vyatta/Login/RadiusServer.pm @@ -20,18 +20,30 @@ use warnings; use lib "/opt/vyatta/share/perl5"; use Vyatta::Config; use File::Compare; +use File::Copy; my $PAM_RAD_CFG = '/etc/pam_radius_auth.conf'; my $PAM_RAD_TMP = "/tmp/pam_radius_auth.$$"; +my $PAM_RAD_AUTH = "/usr/share/pam-configs/radius"; +my $PAM_RAD_SYSCONF = "/opt/vyatta/etc/pam_radius.cfg"; + sub remove_pam_radius { - return system("sudo DEBIAN_FRONTEND=noninteractive" - . " pam-auth-update --remove radius") == 0; + system("DEBIAN_FRONTEND=noninteractive " . + " pam-auth-update --package --remove radius") == 0 + or die "pam-auth-update remove failed"; + + unlink($PAM_RAD_AUTH) + or die "Can't remove $PAM_RAD_AUTH"; } sub add_pam_radius { - return system("sudo DEBIAN_FRONTEND=noninteractive" - . " pam-auth-update radius") == 0; + copy($PAM_RAD_SYSCONF,$PAM_RAD_AUTH) + or die "Can't copy $PAM_RAD_SYSCONF to $PAM_RAD_AUTH"; + + system("DEBIAN_FRONTEND=noninteractive " . + "pam-auth-update --package radius") == 0 + or die "pam-auth-update add failed" } sub update { @@ -58,16 +70,15 @@ sub update { close($cfg); if ( compare( $PAM_RAD_CFG, $PAM_RAD_TMP ) != 0 ) { - system("sudo cp $PAM_RAD_TMP $PAM_RAD_CFG") == 0 + copy ($PAM_RAD_TMP, $PAM_RAD_CFG) or die "Copy of $PAM_RAD_TMP to $PAM_RAD_CFG failed"; } unlink($PAM_RAD_TMP); if ( $count > 0 ) { - exit 1 unless add_pam_radius(); - } - else { - exit 1 unless remove_pam_radius(); + add_pam_radius(); + } else { + remove_pam_radius(); } } diff --git a/scripts/rl-system.init b/scripts/rl-system.init index e7eaed14..ca51166a 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -173,7 +173,9 @@ security_reset () { # restore PAM back to virgin state (no radius other services) rm -f /etc/pam_radius_auth.conf if grep -q radius /etc/pam.d/common-auth - then pam-auth-update --remove radius + then + pam-auth-update --package --remove radius + rm /usr/share/pam-configs/radius fi # Disable root login with ssh |