From 95d0740ae1a3a8b7d348d99e268cc3ded87d4b44 Mon Sep 17 00:00:00 2001
From: Alex Harpin <development@landsofshadow.co.uk>
Date: Sat, 13 Jun 2015 13:04:17 +0100
Subject: vyatta-cfg-system: missing encrypted-password breaks user config node

The fix for bug #557 now allows the encrypted-password Authentication
node to be deleted again, but this causes the config to fail on reboot,
leaving the user login node empty.

This fix checks for an empty / missing encrypted-password node on
reboot / config reload, either creating a new node or replacing the
existing one and assigning it the value of "!".  This has the same
effect as the fix for bug #336, allowing the user to be set as only
using RSA based logins.

Bug #573 http://bugzilla.vyos.net/show_bug.cgi?id=573
---
 lib/Vyatta/Login/User.pm             | 9 +++++++--
 templates/system/login/user/node.def | 8 +++++---
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
index d3e9b8bd..e03888cd 100755
--- a/lib/Vyatta/Login/User.pm
+++ b/lib/Vyatta/Login/User.pm
@@ -126,9 +126,14 @@ sub _delete_user {
 sub _update_user {
     my $user = shift;
     my $cfg = new Vyatta::Config;
-
+    my $pwd = "";
+        
     $cfg->setLevel("system login user $user");
-    my $pwd = $cfg->returnValue('authentication encrypted-password');
+    if ($cfg->exists('authentication encrypted-password')) {
+        $pwd = $cfg->returnValue('authentication encrypted-password');
+    } else {
+        $pwd = "!";
+    }
     my $level = $cfg->returnValue('level');
     my $fname = $cfg->returnValue('full-name');
     my $home  = $cfg->returnValue('home-directory');
diff --git a/templates/system/login/user/node.def b/templates/system/login/user/node.def
index caa53f1b..451cc078 100644
--- a/templates/system/login/user/node.def
+++ b/templates/system/login/user/node.def
@@ -4,8 +4,10 @@ help: User account information
 
 syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_username.pl $VAR(@)"
 
+commit:expression: $VAR(@) == "" ||
+		   $VAR(authentication/plaintext-password) != "" ||
+		   $VAR(authentication/plaintext-password/@) = ""
+
 commit:expression: $VAR(@) == "" ||
 		   $VAR(authentication/encrypted-password) != "" ||
-                   ( $VAR(authentication/plaintext-password) != "" &&
-                     $VAR(authentication/plaintext-password/@) != "")
-                     ; "user password must be specified"
+		   $VAR(authentication/encrypted-password/@) = "!"
-- 
cgit v1.2.3