diff options
-rwxr-xr-x | scripts/system/vyatta_update_login.pl | 176 |
1 files changed, 95 insertions, 81 deletions
diff --git a/scripts/system/vyatta_update_login.pl b/scripts/system/vyatta_update_login.pl index 174025a0..a5d1fd2a 100755 --- a/scripts/system/vyatta_update_login.pl +++ b/scripts/system/vyatta_update_login.pl @@ -23,125 +23,139 @@ use VyattaConfig; # handle "user" my $uconfig = new VyattaConfig; $uconfig->setLevel("system login user"); -my %users = $uconfig->listNodeStatus(); + +my %users = $uconfig->listNodeStatus(); my @user_keys = sort keys %users; -if ((scalar(@user_keys) <= 0) || !(grep /^root$/, @user_keys) - || ($users{'root'} eq 'deleted')) { - # root is deleted - print STDERR "User \"root\" cannot be deleted\n"; - exit 1; + +if ( ( scalar(@user_keys) <= 0 ) + || !( grep /^root$/, @user_keys ) + || ( $users{'root'} eq 'deleted' ) ) +{ + + # root is deleted + print STDERR "User \"root\" cannot be deleted\n"; + exit 1; } # we have some users for my $user (@user_keys) { - if ($users{$user} eq 'deleted') { - system("sudo /opt/vyatta/sbin/vyatta_update_login_user.pl -d '$user'"); - exit 1 if ($? >> 8); - } elsif ($users{$user} eq 'added' || $users{$user} eq 'changed') { - my $fname = $uconfig->returnValue("$user full-name"); - my $level = $uconfig->returnValue("$user level"); - my $p = $uconfig->returnValue("$user authentication encrypted-password"); - system("sudo /opt/vyatta/sbin/vyatta_update_login_user.pl '$user' " - . "'$fname' '$p' '$level'"); - exit 1 if ($? >> 8); - } else { - # not changed. do nothing. - } + if ( $users{$user} eq 'deleted' ) { + system("sudo /opt/vyatta/sbin/vyatta_update_login_user.pl -d '$user'"); + exit 1 if ( $? >> 8 ); + } + elsif ( $users{$user} eq 'added' || $users{$user} eq 'changed' ) { + my $fname = $uconfig->returnValue("$user full-name"); + my $level = $uconfig->returnValue("$user level"); + my $p = + $uconfig->returnValue("$user authentication encrypted-password"); + system( "sudo /opt/vyatta/sbin/vyatta_update_login_user.pl '$user' " + . "'$fname' '$p' '$level'" ); + exit 1 if ( $? >> 8 ); + } + else { + + # not changed. do nothing. + } } -my $PAM_RAD_CFG = '/etc/pam_radius_auth.conf'; +my $PAM_RAD_CFG = '/etc/pam_radius_auth.conf'; my $PAM_RAD_BEGIN = '# BEGIN Vyatta Radius servers'; -my $PAM_RAD_END = '# END Vyatta Radius servers'; +my $PAM_RAD_END = '# END Vyatta Radius servers'; sub is_pam_radius_present { - if (!open(AUTH, '/etc/pam.d/common-auth')) { - print STDERR "Cannot open /etc/pam.d/common-auth\n"; - exit 1; - } - my $present = 0; - while (<AUTH>) { - if (/\ssufficient\spam_radius_auth\.so$/) { - $present = 1; - last; + if ( !open( AUTH, '/etc/pam.d/common-auth' ) ) { + print STDERR "Cannot open /etc/pam.d/common-auth\n"; + exit 1; } - } - close AUTH; - return $present; + my $present = 0; + while (<AUTH>) { + if (/\ssufficient\spam_radius_auth\.so$/) { + $present = 1; + last; + } + } + close AUTH; + return $present; } sub remove_pam_radius { - return 1 if (!is_pam_radius_present()); - my $cmd = 'sudo sh -c "' - . 'sed -i \'/\tsufficient\tpam_radius_auth\.so$/d;' - . '/\tpam_unix\.so /{s/ use_first_pass$//}\' ' - . '/etc/pam.d/common-auth && ' - . 'sed -i \'/\tsufficient\tpam_radius_auth\.so$/d\' ' - . '/etc/pam.d/common-account"'; - system($cmd); - return 0 if ($? >> 8); - return 1; + return 1 if ( !is_pam_radius_present() ); + my $cmd = + 'sudo sh -c "' + . 'sed -i \'/\tsufficient\tpam_radius_auth\.so$/d;' + . '/\tpam_unix\.so /{s/ use_first_pass$//}\' ' + . '/etc/pam.d/common-auth && ' + . 'sed -i \'/\tsufficient\tpam_radius_auth\.so$/d\' ' + . '/etc/pam.d/common-account"'; + system($cmd); + return 0 if ( $? >> 8 ); + return 1; } sub add_pam_radius { - return 1 if (is_pam_radius_present()); - my $cmd = 'sudo sh -c "' - . 'sed -i \'s/^\(auth\trequired\tpam_unix\.so.*\)$' - . '/auth\tsufficient\tpam_radius_auth.so\n\1 use_first_pass/\' ' - . '/etc/pam.d/common-auth && ' - . 'sed -i \'s/^\(account\trequired\tpam_unix\.so.*\)$' - . '/account\tsufficient\tpam_radius_auth.so\n\1/\' ' - . '/etc/pam.d/common-account"'; - system($cmd); - return 0 if ($? >> 8); - return 1; + return 1 if ( is_pam_radius_present() ); + my $cmd = + 'sudo sh -c "' + . 'sed -i \'s/^\(auth\trequired\tpam_unix\.so.*\)$' + . '/auth\tsufficient\tpam_radius_auth.so\n\1 use_first_pass/\' ' + . '/etc/pam.d/common-auth && ' + . 'sed -i \'s/^\(account\trequired\tpam_unix\.so.*\)$' + . '/account\tsufficient\tpam_radius_auth.so\n\1/\' ' + . '/etc/pam.d/common-account"'; + system($cmd); + return 0 if ( $? >> 8 ); + return 1; } sub remove_radius_servers { - system("sudo sed -i '/^$PAM_RAD_BEGIN\$/,/^$PAM_RAD_END\$/{d}' " - . "$PAM_RAD_CFG"); - return 0 if ($? >> 8); - return 1; + system( "sudo sed -i '/^$PAM_RAD_BEGIN\$/,/^$PAM_RAD_END\$/{d}' " + . "$PAM_RAD_CFG" ); + return 0 if ( $? >> 8 ); + return 1; } sub add_radius_servers { - my $str = shift; - system("sudo sh -c \"" - . "echo '$PAM_RAD_BEGIN\n$str$PAM_RAD_END\n' >> $PAM_RAD_CFG\""); - return 0 if ($? >> 8); - return 1; + my $str = shift; + system( "sudo sh -c \"" + . "echo '$PAM_RAD_BEGIN\n$str$PAM_RAD_END\n' >> $PAM_RAD_CFG\"" ); + return 0 if ( $? >> 8 ); + return 1; } # handle "radius-server" my $rconfig = new VyattaConfig; $rconfig->setLevel("system login radius-server"); -my %servers = $rconfig->listNodeStatus(); +my %servers = $rconfig->listNodeStatus(); my @server_keys = sort keys %servers; -if (scalar(@server_keys) <= 0) { - # all radius servers deleted - exit 1 if (!remove_pam_radius()); - exit 0; +if ( scalar(@server_keys) <= 0 ) { + + # all radius servers deleted + exit 1 if ( !remove_pam_radius() ); + exit 0; } # we have some servers my $all_deleted = 1; -my $server_str = ''; +my $server_str = ''; remove_radius_servers(); for my $server (@server_keys) { - if ($servers{$server} ne 'deleted') { - $all_deleted = 0; - my $port = $rconfig->returnValue("$server port"); - my $secret = $rconfig->returnValue("$server secret"); - my $timeout = $rconfig->returnValue("$server timeout"); - $server_str .= "$server:$port\t$secret\t$timeout\n"; - } + if ( $servers{$server} ne 'deleted' ) { + $all_deleted = 0; + my $port = $rconfig->returnValue("$server port"); + my $secret = $rconfig->returnValue("$server secret"); + my $timeout = $rconfig->returnValue("$server timeout"); + $server_str .= "$server:$port\t$secret\t$timeout\n"; + } } if ($all_deleted) { - # all radius servers deleted - exit 1 if (!remove_pam_radius()); -} else { - exit 1 if (!add_radius_servers($server_str)); - exit 1 if (!add_pam_radius()); + + # all radius servers deleted + exit 1 if ( !remove_pam_radius() ); +} +else { + exit 1 if ( !add_radius_servers($server_str) ); + exit 1 if ( !add_pam_radius() ); } exit 0; |