summaryrefslogtreecommitdiff
path: root/lib/Vyatta/Login
diff options
context:
space:
mode:
Diffstat (limited to 'lib/Vyatta/Login')
-rwxr-xr-xlib/Vyatta/Login/User.pm249
1 files changed, 128 insertions, 121 deletions
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
index b0c0381c..c1df6c70 100755
--- a/lib/Vyatta/Login/User.pm
+++ b/lib/Vyatta/Login/User.pm
@@ -59,18 +59,18 @@ sub _level2groups {
my $level = shift;
my @groups;
- open (my $f, '<', $levelFile)
- or return;
+ open( my $f, '<', $levelFile )
+ or return;
while (<$f>) {
- chomp;
- next unless $_;
-
- my ($l, $g) = split /:/;
- if ($l eq $level) {
- @groups = split(/,/, $g);
- last;
- }
+ chomp;
+ next unless $_;
+
+ my ( $l, $g ) = split /:/;
+ if ( $l eq $level ) {
+ @groups = split( /,/, $g );
+ last;
+ }
}
close $f;
return @groups;
@@ -83,14 +83,14 @@ my $protected_users = '/opt/vyatta/etc/protected-user';
sub _protected_users {
my @protected;
- open my $pfd, '<', $protected_users
- or return;
+ open my $pfd, '<', $protected_users
+ or return;
while (<$pfd>) {
- chomp;
- next unless $_;
+ chomp;
+ next unless $_;
- push @protected, $_;
+ push @protected, $_;
}
close($pfd);
return @protected;
@@ -101,11 +101,12 @@ sub _vyatta_users {
my @vusers;
setpwent();
+
# ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell,$expire)
# = getpw*
while ( my ($name, undef, undef, undef, undef, undef,
undef, undef, $shell) = getpwent() ) {
- push @vusers, $name if ($shell eq '/bin/vbash');
+ push @vusers, $name if ( $shell eq '/bin/vbash' );
}
endpwent();
@@ -113,7 +114,7 @@ sub _vyatta_users {
}
sub set_authorized_keys {
- my $user = shift;
+ my $user = shift;
my $config = new Vyatta::Config;
$config->setLevel("system login user $user authentication public-keys");
@@ -122,143 +123,149 @@ sub set_authorized_keys {
# ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell,$expire)
# = getpw*
- my (undef, undef, $uid, $gid, undef, undef, undef, $home)
- = getpwnam($user);
+ my ( undef, undef, $uid, $gid, undef, undef, undef, $home ) =
+ getpwnam($user);
return unless $home;
return unless -d $home;
my $sshdir = "$home/.ssh";
- unless (-d $sshdir) {
- mkdir $sshdir;
- chown ($uid, $gid, $sshdir);
- chmod (0750, $sshdir);
+ unless ( -d $sshdir ) {
+ mkdir $sshdir;
+ chown( $uid, $gid, $sshdir );
+ chmod( 0750, $sshdir );
}
- open (my $auth, '>', "$sshdir/authorized_keys");
+ open( my $auth, '>', "$sshdir/authorized_keys" );
unless ($auth) {
- warn "open $sshdir/authorized_keys failed: $!";
- return;
+ warn "open $sshdir/authorized_keys failed: $!";
+ return;
}
print {$auth} "# Automatically generated by Vyatta configuration\n";
print {$auth} "# Do not edit, all changes will be lost\n";
foreach my $name (@keys) {
- my $type = $config->returnValue("$name type");
- my $key = $config->returnValue("$name key");
- print {$auth} "$type $key $name\n";
+ my $type = $config->returnValue("$name type");
+ my $key = $config->returnValue("$name key");
+ print {$auth} "$type $key $name\n";
}
close $auth;
- chmod (0640, "$sshdir/authorized_keys");
+ chmod( 0640, "$sshdir/authorized_keys" );
}
sub update {
my $membership = get_groups();
- my $uconfig = new Vyatta::Config;
+ my $uconfig = new Vyatta::Config;
$uconfig->setLevel("system login user");
- my %users = $uconfig->listNodeStatus();
+ my %users = $uconfig->listNodeStatus();
die "All users deleted!\n" unless %users;
foreach my $user ( keys %users ) {
- my $state = $users{$user};
+ my $state = $users{$user};
if ( $state eq 'deleted' ) {
- if ($user eq 'root') {
- warn "Disabling root account, instead of deleting\n";
- system ('sudo usermod -p ! root') == 0
- or die "usermod of root failed: $?\n";
- } elsif (getlogin() eq $user) {
- die "Attempting to delete current user: $user\n";
- } else {
- # This logs out user
- system("sudo pkill -u $user");
-
- system("sudo userdel -r '$user'") == 0
- or die "userdel of $user failed: $?\n";
- }
- next;
+ if ( $user eq 'root' ) {
+ warn "Disabling root account, instead of deleting\n";
+ system('sudo usermod -p ! root') == 0
+ or die "usermod of root failed: $?\n";
+ } elsif ( getlogin() eq $user ) {
+ die "Attempting to delete current user: $user\n";
+ } else {
+
+ # This logs out user
+ system("sudo pkill -u $user");
+
+ system("sudo userdel -r '$user'") == 0
+ or die "userdel of $user failed: $?\n";
+ }
+ next;
+ }
+
+ next unless ( $state eq 'added' || $state eq 'changed' );
+
+ $uconfig->setLevel("system login user $user");
+ my $pwd = $uconfig->returnValue('authentication encrypted-password');
+
+ unless ($pwd) {
+ warn "Encrypted password not in configuration for $user";
+ next;
+ }
+
+ my $level = $uconfig->returnValue('level');
+ unless ($level) {
+ warn "Level not defined for $user";
+ next;
+ }
+
+ # map level to group membership
+ my @new_groups = _level2groups($level);
+
+ # add any additional groups from configuration
+ push( @new_groups, $uconfig->returnValues('group') );
+
+ my $fname = $uconfig->returnValue('full-name');
+ my $home = $uconfig->returnValue('home-directory');
+
+ # Read existing settings
+ my (
+ undef, $opwd, $uid, $gid, undef,
+ $comment, undef, $dir, $shell, undef
+ ) = getpwnam($user);
+
+ my $old_groups = $membership->{$user};
+
+ my $og_str =
+ ( defined($old_groups) ) ? ( join( ' ', sort @$old_groups ) ) : '';
+ my $ng_str = join( ' ', sort @new_groups );
+
+ # not found in existing passwd, must be new
+ my $cmd;
+ unless ( defined($uid) ) {
+
+ # make new user using vyatta shell
+ # and make home directory (-m)
+ # and with default group of 100 (users)
+ $cmd = 'useradd -s /bin/vbash -m -N';
+ } else {
+ if ( $opwd eq $pwd
+ && ( !$fname || $fname eq $comment )
+ && ( !$home || $home eq $dir )
+ && $og_str eq $ng_str )
+ {
+
+ # If no part of password or group file changed
+ # then there is nothing to do here.
+ } else {
+ $cmd = "usermod";
+ }
+ }
+
+ if ($cmd) {
+ $cmd .= " -p '$pwd'";
+ $cmd .= " -c \"$fname\"" if ( defined $fname );
+ $cmd .= " -d \"$home\"" if ( defined $home );
+ $cmd .= ' -G ' . join( ',', @new_groups );
+ system("sudo $cmd $user");
+
+ unless ( $? == 0 ) {
+ my $reason = $reasons{ ( $? >> 8 ) };
+ die "Attempt to change user $user failed: $reason\n";
+ }
}
- next unless ($state eq 'added' || $state eq 'changed');
-
- $uconfig->setLevel("system login user $user");
- my $pwd = $uconfig->returnValue('authentication encrypted-password');
-
- unless ($pwd) {
- warn "Encrypted password not in configuration for $user";
- next;
- }
-
- my $level = $uconfig->returnValue('level');
- unless ($level) {
- warn "Level not defined for $user";
- next;
- }
-
- # map level to group membership
- my @new_groups = _level2groups($level);
-
- # add any additional groups from configuration
- push( @new_groups, $uconfig->returnValues('group') );
-
- my $fname = $uconfig->returnValue('full-name');
- my $home = $uconfig->returnValue('home-directory');
-
- # Read existing settings
- my (undef, $opwd, $uid, $gid, undef, $comment,
- undef, $dir, $shell, undef) = getpwnam($user);
-
- my $old_groups = $membership->{$user};
-
- my $og_str = (defined($old_groups))
- ? (join(' ', sort @$old_groups)) : '';
- my $ng_str = join(' ', sort @new_groups);
-
- # not found in existing passwd, must be new
- my $cmd;
- unless ( defined($uid) ) {
- # make new user using vyatta shell
- # and make home directory (-m)
- # and with default group of 100 (users)
- $cmd = 'useradd -s /bin/vbash -m -N';
- } else {
- if ($opwd eq $pwd
- && ( !$fname || $fname eq $comment )
- && ( !$home || $home eq $dir )
- && $og_str eq $ng_str) {
- # If no part of password or group file changed
- # then there is nothing to do here.
- } else {
- $cmd = "usermod";
- }
- }
-
- if ($cmd) {
- $cmd .= " -p '$pwd'";
- $cmd .= " -c \"$fname\"" if ( defined $fname );
- $cmd .= " -d \"$home\"" if ( defined $home );
- $cmd .= ' -G ' . join( ',', @new_groups );
- system("sudo $cmd $user");
-
- unless ( $? == 0 ) {
- my $reason = $reasons{ ( $? >> 8 ) };
- die "Attempt to change user $user failed: $reason\n";
- }
- }
-
- set_authorized_keys($user);
+ set_authorized_keys($user);
}
# Remove any vyatta users that do not exist in current configuration
# This can happen if user added but configuration not saved
my %protected = map { $_ => 1 } _protected_users();
- foreach my $user (_vyatta_users()) {
- next if $protected{$user};
- next if defined $users{$user};
+ foreach my $user ( _vyatta_users() ) {
+ next if $protected{$user};
+ next if defined $users{$user};
- warn "User $user not listed in current configuration\n";
- system ("sudo userdel --remove $user") == 0
- or die "Attempt to delete user $user failed: $!";
+ warn "User $user not listed in current configuration\n";
+ system("sudo userdel --remove $user") == 0
+ or die "Attempt to delete user $user failed: $!";
}
}