diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Vyatta/Login/RadiusServer.pm | 21 | ||||
| -rwxr-xr-x | lib/Vyatta/Login/User.pm | 5 |
2 files changed, 23 insertions, 3 deletions
diff --git a/lib/Vyatta/Login/RadiusServer.pm b/lib/Vyatta/Login/RadiusServer.pm index 0de9bd28..5a71b1f8 100644 --- a/lib/Vyatta/Login/RadiusServer.pm +++ b/lib/Vyatta/Login/RadiusServer.pm @@ -29,8 +29,14 @@ my $PAM_RAD_AUTH = "/usr/share/pam-configs/radius"; my $PAM_RAD_SYSCONF = "/opt/vyatta/etc/pam_radius.cfg"; sub remove_pam_radius { + system('sed -i -e \'/^passwd:.*mapuid[ \t]/s/mapuid[ \t]//\' \ + -e \'/^passwd:.*[ \t]mapname/s/[ \t]mapname//\' \ + -e \'/^group:.*[ \t]mapname/s/[ \t]mapname//\' \ + -e \'s/[ \t]*$//\' \ + /etc/nsswitch.conf'); + system("DEBIAN_FRONTEND=noninteractive " . - " pam-auth-update --package --remove radius") == 0 + "pam-auth-update --package --remove radius") == 0 or die "pam-auth-update remove failed"; unlink($PAM_RAD_AUTH) @@ -43,7 +49,16 @@ sub add_pam_radius { system("DEBIAN_FRONTEND=noninteractive " . "pam-auth-update --package radius") == 0 - or die "pam-auth-update add failed" + or die "pam-auth-update add failed"; + + system('sed -i -e \'/\smapname/b\' \ + -e \'/^passwd:/s/\s\s*/&mapuid /\' \ + -e \'/^passwd:.*#/s/#.*/mapname &/\' \ + -e \'/^passwd:[^#]*$/s/$/ mapname &/\' \ + -e \'/^group:.*#/s/#.*/ mapname &/\' \ + -e \'/^group:[^#]*$/s/: */&mapname /\' \ + /etc/nsswitch.conf') == 0 + or die "NSS configuration failed"; } sub update { @@ -66,6 +81,8 @@ sub update { my $timeout = $rconfig->returnValue("$server timeout"); print $cfg "$server:$port\t$secret\t$timeout\n"; ++$count; + print $cfg "priv-lvl 15\n"; + print $cfg "mapped_priv_user radius_priv_user\n"; } close($cfg); diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm index e03888cd..02fb96ee 100755 --- a/lib/Vyatta/Login/User.pm +++ b/lib/Vyatta/Login/User.pm @@ -167,7 +167,7 @@ sub _update_user { # not found in existing passwd, must be new my $cmd; - unless ( defined($uid) ) { + unless ( defined($uid) and $uid ne "1001" ) { # make new user using vyatta shell # and make home directory (-m) # and with default group of 100 (users) @@ -231,6 +231,9 @@ sub update { # This can happen if user added but configuration not saved # and system is rebooted foreach my $user ( _local_users() ) { + # skip radius users + next if $user eq 'radius_user'; + next if $user eq 'radius_priv_user'; # did we see this user in configuration? next if defined $users{$user}; |