From 593899accdff03af23e6bb6c7189ad4ed05a4d8e Mon Sep 17 00:00:00 2001
From: Alex Harpin <development@landsofshadow.co.uk>
Date: Sat, 13 Jun 2015 14:53:05 +0100
Subject: vyatta-cfg-system: prevent deletion of all authentication for user

Prevent the deletion of both the encrypted-password and public-keys
nodes for a user, ensuring that at least one of the methods is
available.  Also prevent the deletion of the public keys for a user
if the encrypted password is set to "!".

Bug #574 http://bugzilla.vyos.net/show_bug.cgi?id=574
---
 .../login/user/node.tag/authentication/encrypted-password/node.def    | 3 +++
 .../system/login/user/node.tag/authentication/public-keys/node.def    | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/templates/system/login/user/node.tag/authentication/encrypted-password/node.def b/templates/system/login/user/node.tag/authentication/encrypted-password/node.def
index 29ad14a8..a8b3ee54 100644
--- a/templates/system/login/user/node.tag/authentication/encrypted-password/node.def
+++ b/templates/system/login/user/node.tag/authentication/encrypted-password/node.def
@@ -9,3 +9,6 @@ syntax:expression: ($VAR(@) == "*" || $VAR(@) == "!" \
   || ( pattern $VAR(@) "^\\$5\\$[a-zA-Z0-9\./]*\\$[a-zA-Z0-9\./]{43}$" ) \
   || ( pattern $VAR(@) "^\\$6\\$[a-zA-Z0-9\./]*\\$[a-zA-Z0-9\./]{86}$" )) \
    ; "Not a valid encrypted password for user $VAR(../../@)"
+
+delete:expression: $VAR(../public-keys) != ""
+                   ; "either user encrypted password or public keys must be set"
\ No newline at end of file
diff --git a/templates/system/login/user/node.tag/authentication/public-keys/node.def b/templates/system/login/user/node.tag/authentication/public-keys/node.def
index 245e7197..d813fb9e 100644
--- a/templates/system/login/user/node.tag/authentication/public-keys/node.def
+++ b/templates/system/login/user/node.tag/authentication/public-keys/node.def
@@ -7,3 +7,7 @@ commit:expression: $VAR(./type/) != "" ; \
 		   "Must configure public key type for $VAR(@)"
 commit:expression: $VAR(./key/) != "" ; \
 		   "Must configure public key value for $VAR(@)"
+
+delete:expression: ($VAR(../encrypted-password) != "" &&
+		    $VAR(../encrypted-password/@) != "!")
+                   ; "either user encrypted password or public keys must be set"
\ No newline at end of file
-- 
cgit v1.2.3