Merge branch 'jenner' of 192.168.100.1:git/vyatta-cfg-system into jenner

author: Stephen Hemminger <stephen.hemminger@vyatta.com> 2009-06-02 16:12:36 -0700
committer: Stephen Hemminger <stephen.hemminger@vyatta.com> 2009-06-02 16:12:36 -0700
commit: 1bf6ab3a126ec6c0dd28545e35b5c4def7b58cd5 (patch)
tree: aec90cda4ac2fa5388cac36d0a3f091e1b756bfc
parent: cd519640744ce0edb40f3d70f4456f3818eb7e36 (diff)
parent: 8d3f5b37ec3c728d56fadc596562025821169329 (diff)
download: vyatta-cfg-system-1bf6ab3a126ec6c0dd28545e35b5c4def7b58cd5.tar.gz
vyatta-cfg-system-1bf6ab3a126ec6c0dd28545e35b5c4def7b58cd5.zip
4 files changed, 58 insertions, 93 deletions
diff --git a/Makefile.am b/Makefile.am
index 2168e11e..4a7e23a4 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -44,7 +44,7 @@ sbin_SCRIPTS += scripts/zone-mgmt/vyatta-zone.pl
 sbin_SCRIPTS += scripts/vyatta-banner.pl
 
 share_perl5_DATA = lib/Vyatta/Login/User.pm
-share_perl5_DATA += lib/Vyatta/Login/Radius.pm
+share_perl5_DATA += lib/Vyatta/Login/RadiusServer.pm
 
 noinst_DATA = test_bootfile
 
diff --git a/lib/Vyatta/Login/Radius.pm b/lib/Vyatta/Login/RadiusServer.pm
index 6a949434..2dadd2bb 100644
--- a/lib/Vyatta/Login/Radius.pm
+++ b/lib/Vyatta/Login/RadiusServer.pm
@@ -14,27 +14,23 @@
 #
 # **** End License ****
 
-package Vyatta::Login::Radius;
+package Vyatta::Login::RadiusServer;
 use strict;
 use warnings;
 use lib "/opt/vyatta/share/perl5";
 use Vyatta::Config;
+use File::Compare;
+
+my $PAM_RAD_CFG = '/etc/pam_radius_auth.conf';
+my $PAM_RAD_TMP = "/tmp/pam_radius_auth.$$";
 
-my $PAM_RAD_CFG   = '/etc/pam_radius_auth.conf';
 my $PAM_RAD_BEGIN = '# BEGIN Vyatta Radius servers';
 my $PAM_RAD_END   = '# END Vyatta Radius servers';
 
 sub is_pam_radius_present {
-    open( my $auth , '<' , '/etc/pam.d/common-auth' ) 
-	or die "Cannot open /etc/pam.d/common-auth\n";
-
-    my $present;
-    while (<$auth>) {
-        if (/\ssufficient\spam_radius_auth\.so$/) {
-            $present = 1;
-            last;
-        }
-    }
+    open( my $auth, '<', '/etc/pam.d/common-auth' )
+      or die "Cannot open /etc/pam.d/common-auth\n";
+    my $present = grep { /\ssufficient\spam_radius_auth\.so$/ } <$auth>;
     close $auth;
     return $present;
 }
@@ -68,58 +64,45 @@ sub add_pam_radius {
     return 1;
 }
 
-sub remove_radius_servers {
-    system( "sudo sed -i '/^$PAM_RAD_BEGIN\$/,/^$PAM_RAD_END\$/{d}' "
-          . "$PAM_RAD_CFG" );
-    return 0 if ( $? >> 8 );
-    return 1;
-}
-
-sub add_radius_servers {
-    my $str = shift;
-    system( "sudo sh -c \""
-          . "echo '$PAM_RAD_BEGIN\n$str$PAM_RAD_END\n' >> $PAM_RAD_CFG\"" );
-    return 0 if ( $? >> 8 );
-    return 1;
-}
-
-sub new {
-    my $that = shift;
-    my $class = ref($that) || $that;
-    my $rconfig = new Vyatta::Config;
-    $rconfig->setLevel("system login radius-server");
-    my %servers     = $rconfig->listNodeStatus();
-    my $self = \%servers;
-
-    bless $self, $class;
-
-    return $self;
-}
-
 sub update {
-    my $self       = shift;
-    my %servers    = %$self;
-    my $server_str  = '';
     my $rconfig = new Vyatta::Config;
-    $rconfig->setLevel('system login radius-server');
+    $rconfig->setLevel("system login radius-server");
+    my %servers = $rconfig->listNodeStatus();
+    my $count   = 0;
 
     if (%servers) {
-	remove_radius_servers();
-
-	for my $server (sort keys %servers) {
-	    next if ( $servers{$server} eq 'deleted' );
-	    my $port    = $rconfig->returnValue("$server port");
-	    my $secret  = $rconfig->returnValue("$server secret");
-	    my $timeout = $rconfig->returnValue("$server timeout");
-	    $server_str .= "$server:$port\t$secret\t$timeout\n";
-	}
+        my $cmd = "sed -e '/$PAM_RAD_BEGIN/,/$PAM_RAD_END/d' < $PAM_RAD_CFG";
+        system("sudo sh -c \"$cmd\" > $PAM_RAD_TMP") == 0
+          or die "$cmd failed";
+
+        open( my $newcfg, '>>', $PAM_RAD_TMP )
+          or die "Can't open $PAM_RAD_TMP: $!\n";
+
+        print $newcfg "$PAM_RAD_BEGIN\n";
+
+        for my $server ( sort keys %servers ) {
+            next if ( $servers{$server} eq 'deleted' );
+            my $port    = $rconfig->returnValue("$server port");
+            my $secret  = $rconfig->returnValue("$server secret");
+            my $timeout = $rconfig->returnValue("$server timeout");
+            print $newcfg "$server:$port\t$secret\t$timeout\n";
+            ++$count;
+        }
+        print $newcfg "$PAM_RAD_END\n";
+        close $newcfg;
 
-	exit 1 if ( !add_radius_servers($server_str) );
-	exit 1 if ( !add_pam_radius() );
+        if ( compare( $PAM_RAD_CFG, $PAM_RAD_TMP ) != 0 ) {
+            system("sudo cp $PAM_RAD_TMP $PAM_RAD_CFG") == 0
+              or die "Copy of $PAM_RAD_TMP to $PAM_RAD_CFG failed";
+        }
+        unlink($PAM_RAD_TMP);
+    }
 
-    } else {
-	# all radius servers deleted
-	exit 1 if ( !remove_pam_radius() );
+    if ( $count > 0 ) {
+        exit 1 if ( !add_pam_radius() );
+    }
+    else {
+        exit 1 if ( !remove_pam_radius() );
     }
 }
 
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
index f053abf1..c4870986 100755
--- a/lib/Vyatta/Login/User.pm
+++ b/lib/Vyatta/Login/User.pm
@@ -20,29 +20,6 @@ use warnings;
 use lib "/opt/vyatta/share/perl5";
 use Vyatta::Config;
 
-sub new {
-    my ( $that ) = @_;
-    my $class = ref($that) || $that;
-    my $config = new Vyatta::Config;
-    $config->setLevel("system login user");
-    my %users     = $config->listNodeStatus();
-    my @user_keys = sort keys %users;
-
-    if (   ( scalar(@user_keys) <= 0 )
-        || !( grep /^root$/, @user_keys )
-        || ( $users{'root'} eq 'deleted' ) )
-    {
-
-        # root is deleted
-        die "User \"root\" cannot be deleted\n";
-    }
-
-    my $self = \%users;
-    bless $self, $class;
-
-    return $self;
-}
-
 # Exit codes form useradd.8 man page
 my %reasons = (
     0  => 'success',
@@ -81,10 +58,14 @@ sub get_groups {
 }
 
 sub update {
-    my $self       = shift;
-    my %users      = %$self;
     my $membership = get_groups();
-    my $uconfig    = new Vyatta::Config;
+    my $uconfig = new Vyatta::Config;
+    $uconfig->setLevel("system login user");
+    my %users     = $uconfig->listNodeStatus();
+
+    die "All users deleted!\n" unless %users;
+    die "User root cannot be deleted\n" 
+	if (! defined $users{'root'} || $users{'root'} eq 'deleted');
 
     foreach my $user ( keys %users ) {
         if ( $users{$user} eq 'deleted' ) {
diff --git a/scripts/system/vyatta_update_login.pl b/scripts/system/vyatta_update_login.pl
index b2125de1..862dffe3 100644
--- a/scripts/system/vyatta_update_login.pl
+++ b/scripts/system/vyatta_update_login.pl
@@ -26,15 +26,16 @@ use Vyatta::Config;
 my $config = new Vyatta::Config;
 $config->setLevel("system login");
 
-foreach my $type ($config->listNodes()) {
+my %loginNodes = $config->listNodeStatus();
+while ( my ($type, $status) = each %loginNodes) {
+    next if ($status eq 'static');
     my $kind = ucfirst $type;
-    my $location = "Vyatta/Login/$kind.pm";
-    my $class    = "Vyatta::Login::$kind";
-    
-    require $location;
+    $kind =~ s/-server/Server/;
 
-    my $obj =  $class->new();
-    die "Don't understand $type" unless $obj;
+    # Dynamically load the module to handle that login method
+    require "Vyatta/Login/$kind.pm";
 
-    $obj->update();
+    # Dynamically invoke update for this type
+    my $login    = "Vyatta::Login::$kind";
+    $login->update();
 }
author	Stephen Hemminger <stephen.hemminger@vyatta.com>	2009-06-02 16:12:36 -0700
committer	Stephen Hemminger <stephen.hemminger@vyatta.com>	2009-06-02 16:12:36 -0700
commit	1bf6ab3a126ec6c0dd28545e35b5c4def7b58cd5 (patch)
tree	aec90cda4ac2fa5388cac36d0a3f091e1b756bfc
parent	cd519640744ce0edb40f3d70f4456f3818eb7e36 (diff)
parent	8d3f5b37ec3c728d56fadc596562025821169329 (diff)
download	vyatta-cfg-system-1bf6ab3a126ec6c0dd28545e35b5c4def7b58cd5.tar.gz vyatta-cfg-system-1bf6ab3a126ec6c0dd28545e35b5c4def7b58cd5.zip