From cb4148dea58b59d35a721eb7f8f529a22637a3e4 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Wed, 23 Sep 2009 13:10:17 -0700
Subject: Cleanup all vbash users

This is an alternative version of the rollback for unsaved vyatta
user changes. Instead of identifying users by group, assume all users
whose login shell is vbash must exist in configuration.
---
 lib/Vyatta/Login/User.pm | 34 +++++++++++++++++++++++++---------
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
index fc890e73..32f31c98 100755
--- a/lib/Vyatta/Login/User.pm
+++ b/lib/Vyatta/Login/User.pm
@@ -40,6 +40,9 @@ my %level_map = (
     'operator' => [ 'quaggavty', 'vyattaop', 'operator',  'adm',  'dip', ],
 );
 
+# Users who MUST not use vbash
+my @protected = ( 'root', 'www-data' );
+
 # Construct a map from existing users to group membership
 sub get_groups {
     my %group_map;
@@ -57,6 +60,21 @@ sub get_groups {
     return \%group_map;
 }
 
+# make list of vyatta users (ie. users of vbash)
+sub _vyatta_users {
+    my @vusers;
+    setpwent();
+    # ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell,$expire)
+    #   = getpw*
+    while ( my ($name, undef, undef, undef, undef, undef,
+		undef, undef, $shell) = getpwent() ) {
+	push @vusers, $name if ($shell eq '/bin/vbash');
+    }
+    endpwent();
+
+    return @vusers;
+}
+
 sub update {
     my $membership = get_groups();
     my $uconfig = new Vyatta::Config;
@@ -138,15 +156,13 @@ sub update {
 
     # Remove any vyatta users that do not exist in current configuration
     # This can happen if user added but configuration not saved
-    foreach my $grp (qw(vyattacfg vyattaop)) {
-	my (undef, undef, undef, $members) = getgrnam($grp);
-	next unless $members;
-
-	foreach my $user (split / /, $members) {
-	    next if ($user eq 'root');
-	    next if ($user eq 'www-data');	# webgui
-	    next if defined $users{$user};
-
+    my %protected = map { $_ => 1 } @protected;
+    foreach my $user (_vyatta_users()) {
+	if ($protected{$user}) {
+	    warn "User $user should not being using vbash - fixed\n";
+	    system ("usermod -s /bin/bash $user") == 0
+		or die "Attemp to modify user $user shell failed: $!";
+	} elsif (! defined $users{$user}) {
 	    warn "User $user not listed in current configuration\n";
 	    system ("userdel --remove $user") == 0
 		or die "Attempt to delete user $user failed: $!";
-- 
cgit v1.2.3