diff options
| author | Daniil Baturin <daniil@baturin.org> | 2018-06-24 12:50:17 +0200 |
|---|---|---|
| committer | Daniil Baturin <daniil@baturin.org> | 2018-06-24 12:50:17 +0200 |
| commit | bacecf80ea16d3cd30dc7c98c98af013b2adc258 (patch) | |
| tree | 2b1d6f48708ace28ae4f6c9893ee50f6f390c6b7 /lib | |
| parent | 0d8e75e2e808ccf366a1527647a6353c09d92237 (diff) | |
| parent | 0f19dc57ed6588c083eee8aa9aee09b92b441b08 (diff) | |
| download | vyatta-cfg-system-bacecf80ea16d3cd30dc7c98c98af013b2adc258.tar.gz vyatta-cfg-system-bacecf80ea16d3cd30dc7c98c98af013b2adc258.zip | |
Merge branch 'current' into lithiumlithium
Conflicts:
debian/changelog
scripts/snmp/vyatta-snmp-v3.pl
scripts/snmp/vyatta-snmp.pl
templates/interfaces/tunnel/node.def
templates/system/sysctl/custom/node.def
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Vyatta/Login/RadiusServer.pm | 21 | ||||
| -rwxr-xr-x | lib/Vyatta/Login/User.pm | 5 |
2 files changed, 23 insertions, 3 deletions
diff --git a/lib/Vyatta/Login/RadiusServer.pm b/lib/Vyatta/Login/RadiusServer.pm index 0de9bd28..5a71b1f8 100644 --- a/lib/Vyatta/Login/RadiusServer.pm +++ b/lib/Vyatta/Login/RadiusServer.pm @@ -29,8 +29,14 @@ my $PAM_RAD_AUTH = "/usr/share/pam-configs/radius"; my $PAM_RAD_SYSCONF = "/opt/vyatta/etc/pam_radius.cfg"; sub remove_pam_radius { + system('sed -i -e \'/^passwd:.*mapuid[ \t]/s/mapuid[ \t]//\' \ + -e \'/^passwd:.*[ \t]mapname/s/[ \t]mapname//\' \ + -e \'/^group:.*[ \t]mapname/s/[ \t]mapname//\' \ + -e \'s/[ \t]*$//\' \ + /etc/nsswitch.conf'); + system("DEBIAN_FRONTEND=noninteractive " . - " pam-auth-update --package --remove radius") == 0 + "pam-auth-update --package --remove radius") == 0 or die "pam-auth-update remove failed"; unlink($PAM_RAD_AUTH) @@ -43,7 +49,16 @@ sub add_pam_radius { system("DEBIAN_FRONTEND=noninteractive " . "pam-auth-update --package radius") == 0 - or die "pam-auth-update add failed" + or die "pam-auth-update add failed"; + + system('sed -i -e \'/\smapname/b\' \ + -e \'/^passwd:/s/\s\s*/&mapuid /\' \ + -e \'/^passwd:.*#/s/#.*/mapname &/\' \ + -e \'/^passwd:[^#]*$/s/$/ mapname &/\' \ + -e \'/^group:.*#/s/#.*/ mapname &/\' \ + -e \'/^group:[^#]*$/s/: */&mapname /\' \ + /etc/nsswitch.conf') == 0 + or die "NSS configuration failed"; } sub update { @@ -66,6 +81,8 @@ sub update { my $timeout = $rconfig->returnValue("$server timeout"); print $cfg "$server:$port\t$secret\t$timeout\n"; ++$count; + print $cfg "priv-lvl 15\n"; + print $cfg "mapped_priv_user radius_priv_user\n"; } close($cfg); diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm index e03888cd..02fb96ee 100755 --- a/lib/Vyatta/Login/User.pm +++ b/lib/Vyatta/Login/User.pm @@ -167,7 +167,7 @@ sub _update_user { # not found in existing passwd, must be new my $cmd; - unless ( defined($uid) ) { + unless ( defined($uid) and $uid ne "1001" ) { # make new user using vyatta shell # and make home directory (-m) # and with default group of 100 (users) @@ -231,6 +231,9 @@ sub update { # This can happen if user added but configuration not saved # and system is rebooted foreach my $user ( _local_users() ) { + # skip radius users + next if $user eq 'radius_user'; + next if $user eq 'radius_priv_user'; # did we see this user in configuration? next if defined $users{$user}; |