diff options
Diffstat (limited to 'scripts/system/vyatta_update_tacacs.pl')
| -rwxr-xr-x | scripts/system/vyatta_update_tacacs.pl | 129 |
1 files changed, 0 insertions, 129 deletions
diff --git a/scripts/system/vyatta_update_tacacs.pl b/scripts/system/vyatta_update_tacacs.pl deleted file mode 100755 index c4684efe..00000000 --- a/scripts/system/vyatta_update_tacacs.pl +++ /dev/null @@ -1,129 +0,0 @@ -#!/usr/bin/perl - -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. -# All Rights Reserved. -# -# **** End License **** - -use strict; -use warnings; - -use lib "/opt/vyatta/share/perl5"; -use Vyatta::Config; - -## setup tacacs+ server info -# add tacacs to PAM file -sub add_tacacs { - my $param_string = shift; - my $pam = shift; - - my $cmd = - 'sudo sh -c "' - . 'sed -i \'s/^\(' . "$pam" - . '\trequired\tpam_unix\.so.*\)$/' . "$pam" - . '\tsufficient\tpam_tacplus.so\t' - . "$param_string # Vyatta" - . '\n\1/\' ' - . "/etc/pam.d/common-$pam\""; - - system($cmd); - return 0 if ( $? >> 8 ); - return 1; -} - -# remove tacacs from PAM files -sub remove_tacacs { - my $cmd = - 'sudo sh -c "' - . 'sed -i \'/\(.*pam_tacplus.*# Vyatta\)/ D\' ' - . '/etc/pam.d/common-auth ' - . '/etc/pam.d/common-account ' - . '/etc/pam.d/common-session "'; - - system($cmd); - return 0 if ( $? >> 8 ); - return 1; -} - -# main tacacs -# There is a race condition in here betwen radius and tacacs currently. -# Also should probably add a chack to see if we ned to actually reconfig -# PAM rather than jusy doing it each commit. -# Finally, service and protocol will need to be removed. They are just -# in there for troubleshootig purposes right now. -# -my $tconfig = new Vyatta::Config; -if ( $tconfig->isDeleted("system login tacacs-plus") ) { remove_tacacs; } -$tconfig->setLevel("system login tacacs-plus"); -my @tacacs_params = $tconfig->listNodes(); - -if ( scalar(@tacacs_params) > 0 ) { - remove_tacacs; - my ( $acctall, $debug, $firsthit, $noencrypt ); - if ( $tconfig->exists("acct-all") ) { $acctall = 1; } - if ( $tconfig->exists("debug") ) { $debug = 1; } - if ( $tconfig->exists("first-hit") ) { $firsthit = 1; } - if ( $tconfig->exists("no-encrypt") ) { $noencrypt = 1; } - my $protocol = $tconfig->returnValue("protocol"); - my $secret = $tconfig->returnValue("secret"); - my $server = $tconfig->returnValue("server"); - my $service = $tconfig->returnValue("service"); - - if ( $server ne '' && $secret ne '' ) { - my ( $authstr, $accountstr, $sessionstr, $ip ); - my @servers = split /\s/, $server; - - ## 3 common options - # encrypt this session - if ( !$noencrypt ) { $authstr = "encrypt "; } - - # single secret - $authstr .= "secret=$secret "; - - # and debug - if ($debug) { $authstr .= "debug "; } - - ## now they get specific - $accountstr = $sessionstr = $authstr; - - # can be multiple servers for auth and session - foreach my $ip (@servers) { - $authstr .= "server=$ip "; - $sessionstr .= "server=$ip "; - } - - # first hit for auth - if ($firsthit) { $authstr .= "firsthit "; } - - # acctall for session - if ($acctall) { $sessionstr .= "acctall "; } - - # service and protocol for account and session - if ($service) { - $accountstr .= "service=$service "; - $sessionstr .= "service=$service "; - } - if ($protocol) { - $accountstr .= "protocol=$protocol "; - $sessionstr .= "protocol=$protocol "; - } - - add_tacacs( "$authstr", "auth" ); - add_tacacs( "$accountstr", "account" ); - add_tacacs( "$sessionstr", "session" ); - } - else { exit 1; } -} - -exit 0; |