summaryrefslogtreecommitdiff
path: root/lib/Vyatta/Login/User.pm
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2009-06-01 15:17:13 -0700
committerStephen Hemminger <stephen.hemminger@vyatta.com>2009-06-01 15:50:07 -0700
commitbf4dd2a3dd0f36ebd5c1c7a6a3705d378d0453b2 (patch)
tree8130cda7cbf98ac64ca6c0c408b0befe8873174a /lib/Vyatta/Login/User.pm
parent11b14df671c37a69dd9aaab0d36703d11465df93 (diff)
downloadvyatta-cfg-system-bf4dd2a3dd0f36ebd5c1c7a6a3705d378d0453b2.tar.gz
vyatta-cfg-system-bf4dd2a3dd0f36ebd5c1c7a6a3705d378d0453b2.zip
Change how system login update works
Use a wrapper script in vyatta_update_login.pl and per login method objects for the update.
Diffstat (limited to 'lib/Vyatta/Login/User.pm')
-rwxr-xr-xlib/Vyatta/Login/User.pm156
1 files changed, 156 insertions, 0 deletions
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
new file mode 100755
index 00000000..42bcbd53
--- /dev/null
+++ b/lib/Vyatta/Login/User.pm
@@ -0,0 +1,156 @@
+# **** License ****
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# This code was originally developed by Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc.
+# All Rights Reserved.
+#
+# **** End License ****
+
+package Vyatta::Login::User;
+use strict;
+use warnings;
+use lib "/opt/vyatta/share/perl5";
+use Vyatta::Config;
+
+sub new {
+ my ( $that ) = @_;
+ my $class = ref($that) || $that;
+ $config->setLevel("system login user");
+ my %users = $config->listNodeStatus();
+ my @user_keys = sort keys %users;
+
+ if ( ( scalar(@user_keys) <= 0 )
+ || !( grep /^root$/, @user_keys )
+ || ( $users{'root'} eq 'deleted' ) )
+ {
+
+ # root is deleted
+ die "User \"root\" cannot be deleted\n";
+ }
+
+ my $self = \%users;
+ bless $self, $class;
+
+ return $self;
+}
+
+# Exit codes form useradd.8 man page
+my %reasons = (
+ 0 => 'success',
+ 1 => 'can´t update password file',
+ 2 => 'invalid command syntax',
+ 3 => 'invalid argument to option',
+ 4 => 'UID already in use (and no -o)',
+ 6 => 'specified group doesn´t exist',
+ 9 => 'username already in use',
+ 10 => 'can´t update group file',
+ 12 => 'can´t create home directory',
+ 13 => 'can´t create mail spool',
+);
+
+# Map of level to additional groups
+my %level_map = (
+ 'admin' => [ 'quaggavty', 'vyattacfg', 'sudo', 'adm', 'dip', 'disk' ],
+ 'operator' => [ 'quaggavty', 'operator', 'adm', 'dip', ],
+);
+
+# Construct a map from existing users to group membership
+sub get_groups {
+ my %group_map;
+
+ setgrent();
+ while ( my ( $name, undef, undef, $members ) = getgrent() ) {
+ foreach my $user ( split / /, $members ) {
+ $group_map{$user} = [] unless ( $group_map{$user} );
+ my $g = $group_map{$user};
+ push @$g, $name;
+ }
+ }
+ endgrent();
+
+ return \%group_map;
+}
+
+sub update {
+ my $self = shift;
+ my %users = %$self;
+ my $membership = get_groups();
+ my $uconfig = new Vyatta::Config;
+
+ foreach my $user ( keys %users ) {
+ if ( $users{$user} eq 'deleted' ) {
+ system("sudo userdel -r '$user'") == 0
+ or die "userdel failed: $?\n";
+ }
+ elsif ( $users{$user} eq 'added' || $users{$user} eq 'changed' ) {
+ $uconfig->setLevel("system login user $user");
+ my $pwd =
+ $uconfig->returnValue('authentication encrypted-password');
+ $pwd or die "Encrypted password not in configuration for $user";
+
+ my $level = $uconfig->returnValue('level');
+ $level or die "Level not defined for $user";
+
+ # map level to group membership
+ my @new_groups = @{ $level_map{$level} };
+
+ # add any additional groups from configuration
+ push( @new_groups, $uconfig->returnValues('group') );
+
+ my $fname = $uconfig->returnValue('full-name');
+ my $home = $uconfig->returnValue('home-directory');
+
+ # Read existing settings
+ my (
+ undef, $opwd, $uid, $gid, undef,
+ $comment, undef, $dir, $shell, undef
+ ) = getpwnam($user);
+
+ my $old_groups = $membership->{$user};
+
+ my $cmd;
+
+ # not found in existing passwd, must be new
+ if ( !defined $uid ) {
+
+ # make new user using vyatta shell
+ # and make home directory (-m)
+ # and with default group of 100 (users)
+ $cmd = 'useradd -s /bin/vbash -m -N';
+ }
+ elsif ($opwd eq $pwd
+ && ( !$fname || $fname eq $comment )
+ && ( !$home || $home eq $dir )
+ && join( ' ', sort @$old_groups ) eq
+ join( ' ', sort @new_groups ) )
+ {
+
+ # If no part of password or group file changed
+ # then there is nothing to do here.
+ next;
+ }
+ else {
+ $cmd = "usermod";
+ }
+
+ $cmd .= " -p '$pwd'";
+ $cmd .= " -c \"$fname\"" if ( defined $fname );
+ $cmd .= " -d \"$home\"" if ( defined $home );
+ $cmd .= ' -G ' . join( ',', @new_groups );
+ system("sudo $cmd $user");
+ next if ( $? == 0 );
+ my $reason = $reasons{ ( $? >> 8 ) };
+ die "Attempt to change user $user failed: $reason\n";
+ }
+ }
+}
+
+1;