diff options
| author | An-Cheng Huang <ancheng@sydney.vyatta.com> | 2007-10-19 11:26:15 -0700 |
|---|---|---|
| committer | An-Cheng Huang <ancheng@sydney.vyatta.com> | 2007-10-19 11:26:15 -0700 |
| commit | 07183520f3f4d2f89e526055db418046d0d2450f (patch) | |
| tree | 7968eac48a0a57ff97ec4769d999bf31348a2a12 /templates/system/login | |
| parent | 66b621cf7759c3448ae8bfe7d7479fb13ea04b65 (diff) | |
| download | vyatta-cfg-system-07183520f3f4d2f89e526055db418046d0d2450f.tar.gz vyatta-cfg-system-07183520f3f4d2f89e526055db418046d0d2450f.zip | |
move "system" configuration templates/scripts from vyatta-cfg.
Diffstat (limited to 'templates/system/login')
10 files changed, 57 insertions, 0 deletions
diff --git a/templates/system/login/node.def b/templates/system/login/node.def new file mode 100644 index 00000000..12465148 --- /dev/null +++ b/templates/system/login/node.def @@ -0,0 +1,3 @@ +help: "Configure user access" +delete: "sh -c \"echo User root cannot be deleted 1>&2 && exit 1\" " + diff --git a/templates/system/login/radius-server/node.def b/templates/system/login/radius-server/node.def new file mode 100644 index 00000000..d12be764 --- /dev/null +++ b/templates/system/login/radius-server/node.def @@ -0,0 +1,14 @@ +tag: +type: ipv4 +help: "Radius server authentication configuration" +# need mandatory secret. also need port & timeout (default values?) +create: "sh -c \"touch /etc/raddb/server && \ +sed -i '/$(@)/d' /etc/raddb/server && \ +echo \\\"$(@):$(port/@)\t$(secret/@)\t$(timeout/@)\\\" \ +>> /etc/raddb/server\" " +update: "sh -c \"touch /etc/raddb/server && \ +sed -i '/$(@)/d' /etc/raddb/server && \ +echo \\\"$(@):$(port/@)\t$(secret/@)\t$(timeout/@)\\\" \ +>> /etc/raddb/server\" " +delete: "sh -c \"touch /etc/raddb/server && \ +sed -i '/$(@)/d' /etc/raddb/server\" " diff --git a/templates/system/login/radius-server/node.tag/port/node.def b/templates/system/login/radius-server/node.tag/port/node.def new file mode 100644 index 00000000..8c856e78 --- /dev/null +++ b/templates/system/login/radius-server/node.tag/port/node.def @@ -0,0 +1,4 @@ +type: u32 +help: "Configure radius port" +syntax: ($(@) > 0 && $(@) < 65536) ; "port must be between 1 and 65535" +default: 1812 diff --git a/templates/system/login/radius-server/node.tag/secret/node.def b/templates/system/login/radius-server/node.tag/secret/node.def new file mode 100644 index 00000000..eb08eca3 --- /dev/null +++ b/templates/system/login/radius-server/node.tag/secret/node.def @@ -0,0 +1,2 @@ +type: txt +help: "Secret for radius access" diff --git a/templates/system/login/radius-server/node.tag/timeout/node.def b/templates/system/login/radius-server/node.tag/timeout/node.def new file mode 100644 index 00000000..84bb4424 --- /dev/null +++ b/templates/system/login/radius-server/node.tag/timeout/node.def @@ -0,0 +1,3 @@ +type: u32 +help: "Timeout for radius session" +default: 2 diff --git a/templates/system/login/user/node.def b/templates/system/login/user/node.def new file mode 100644 index 00000000..0d09c4d0 --- /dev/null +++ b/templates/system/login/user/node.def @@ -0,0 +1,17 @@ +tag: +type: txt +help: "User account information" +syntax: pattern $(@) "^[a-zA-Z_][a-zA-Z0-9_-]*\\$?$" ; "invalid user name $(@)" +# line continuation and $() expansion are done by cli, not sh. +# need mandatory encrypted password. +end: "if [ -d /tmp/vyatta-delete-system-login-user-$(@).\\\$PPID ]; \ +then rm -rf /tmp/vyatta-delete-system-login-user-$(@).\\\$PPID && exit 0; \ +fi && \ +/opt/vyatta/sbin/vyatta_update_login_user.pl \ +'$(@)' '$(full-name/@)' '$(authentication/encrypted-password/@)'" +delete: "if [ x$(@) == x ]; then exit 1; fi && \ +if [ x$(@) == xroot ]; then echo Cannot delete user \"root\" 1>&2 && exit 2; \ +fi && \ +if mkdir /tmp/vyatta-delete-system-login-user-$(@).\\\$PPID >& /dev/null; \ +then /opt/vyatta/sbin/vyatta_update_login_user.pl -d '$(@)'; \ +else exit 1; fi" diff --git a/templates/system/login/user/node.tag/authentication/encrypted-password/node.def b/templates/system/login/user/node.tag/authentication/encrypted-password/node.def new file mode 100644 index 00000000..33a87f59 --- /dev/null +++ b/templates/system/login/user/node.tag/authentication/encrypted-password/node.def @@ -0,0 +1,2 @@ +type: txt +help: "Configure encrypted password" diff --git a/templates/system/login/user/node.tag/authentication/node.def b/templates/system/login/user/node.tag/authentication/node.def new file mode 100644 index 00000000..8b0f3125 --- /dev/null +++ b/templates/system/login/user/node.tag/authentication/node.def @@ -0,0 +1 @@ +help: "Authentication password" diff --git a/templates/system/login/user/node.tag/authentication/plaintext-password/node.def b/templates/system/login/user/node.tag/authentication/plaintext-password/node.def new file mode 100644 index 00000000..78619d79 --- /dev/null +++ b/templates/system/login/user/node.tag/authentication/plaintext-password/node.def @@ -0,0 +1,9 @@ +type: txt +help: "Configure plaintext password for encryption" +# if plaintext is empty, assume this is left-over from blanking the plaintext +# and do nothing. to set password to empty, user needs to set the +# "encrypted-password" to an empty string (which actually allows login without +# password). +update: $(@) == "" \ +|| ($(../encrypted-password/@) = `/opt/vyatta/sbin/rl_passwd '$(@)' dummy` \ + && $(@) = "") diff --git a/templates/system/login/user/node.tag/full-name/node.def b/templates/system/login/user/node.tag/full-name/node.def new file mode 100644 index 00000000..86b7c8d4 --- /dev/null +++ b/templates/system/login/user/node.tag/full-name/node.def @@ -0,0 +1,2 @@ +type: txt +help: "Full name of the user (use quotes for names with spaces)" |