From f0c316d1762202f56fa25ab7c5ab7979443acd6b Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Tue, 2 Jun 2009 15:59:58 -0700
Subject: Avoid rewriting radius config unless needed

Don't edit radius config unless something has changed.
(cherry picked from commit 8d3f5b37ec3c728d56fadc596562025821169329)
---
 lib/Vyatta/Login/RadiusServer.pm | 79 +++++++++++++++++++---------------------
 1 file changed, 38 insertions(+), 41 deletions(-)

(limited to 'lib/Vyatta/Login/RadiusServer.pm')

diff --git a/lib/Vyatta/Login/RadiusServer.pm b/lib/Vyatta/Login/RadiusServer.pm
index 34da8a31..2dadd2bb 100644
--- a/lib/Vyatta/Login/RadiusServer.pm
+++ b/lib/Vyatta/Login/RadiusServer.pm
@@ -19,22 +19,18 @@ use strict;
 use warnings;
 use lib "/opt/vyatta/share/perl5";
 use Vyatta::Config;
+use File::Compare;
+
+my $PAM_RAD_CFG = '/etc/pam_radius_auth.conf';
+my $PAM_RAD_TMP = "/tmp/pam_radius_auth.$$";
 
-my $PAM_RAD_CFG   = '/etc/pam_radius_auth.conf';
 my $PAM_RAD_BEGIN = '# BEGIN Vyatta Radius servers';
 my $PAM_RAD_END   = '# END Vyatta Radius servers';
 
 sub is_pam_radius_present {
-    open( my $auth , '<' , '/etc/pam.d/common-auth' ) 
-	or die "Cannot open /etc/pam.d/common-auth\n";
-
-    my $present;
-    while (<$auth>) {
-        if (/\ssufficient\spam_radius_auth\.so$/) {
-            $present = 1;
-            last;
-        }
-    }
+    open( my $auth, '<', '/etc/pam.d/common-auth' )
+      or die "Cannot open /etc/pam.d/common-auth\n";
+    my $present = grep { /\ssufficient\spam_radius_auth\.so$/ } <$auth>;
     close $auth;
     return $present;
 }
@@ -68,44 +64,45 @@ sub add_pam_radius {
     return 1;
 }
 
-sub remove_radius_servers {
-    system( "sudo sed -i '/^$PAM_RAD_BEGIN\$/,/^$PAM_RAD_END\$/{d}' "
-          . "$PAM_RAD_CFG" );
-    return 0 if ( $? >> 8 );
-    return 1;
-}
-
-sub add_radius_servers {
-    my $str = shift;
-    system( "sudo sh -c \""
-          . "echo '$PAM_RAD_BEGIN\n$str$PAM_RAD_END\n' >> $PAM_RAD_CFG\"" );
-    return 0 if ( $? >> 8 );
-    return 1;
-}
-
 sub update {
     my $rconfig = new Vyatta::Config;
     $rconfig->setLevel("system login radius-server");
-    my %servers     = $rconfig->listNodeStatus();
-    my $server_str  = '';
+    my %servers = $rconfig->listNodeStatus();
+    my $count   = 0;
 
     if (%servers) {
-	remove_radius_servers();
+        my $cmd = "sed -e '/$PAM_RAD_BEGIN/,/$PAM_RAD_END/d' < $PAM_RAD_CFG";
+        system("sudo sh -c \"$cmd\" > $PAM_RAD_TMP") == 0
+          or die "$cmd failed";
 
-	for my $server (sort keys %servers) {
-	    next if ( $servers{$server} eq 'deleted' );
-	    my $port    = $rconfig->returnValue("$server port");
-	    my $secret  = $rconfig->returnValue("$server secret");
-	    my $timeout = $rconfig->returnValue("$server timeout");
-	    $server_str .= "$server:$port\t$secret\t$timeout\n";
-	}
+        open( my $newcfg, '>>', $PAM_RAD_TMP )
+          or die "Can't open $PAM_RAD_TMP: $!\n";
 
-	exit 1 if ( !add_radius_servers($server_str) );
-	exit 1 if ( !add_pam_radius() );
+        print $newcfg "$PAM_RAD_BEGIN\n";
+
+        for my $server ( sort keys %servers ) {
+            next if ( $servers{$server} eq 'deleted' );
+            my $port    = $rconfig->returnValue("$server port");
+            my $secret  = $rconfig->returnValue("$server secret");
+            my $timeout = $rconfig->returnValue("$server timeout");
+            print $newcfg "$server:$port\t$secret\t$timeout\n";
+            ++$count;
+        }
+        print $newcfg "$PAM_RAD_END\n";
+        close $newcfg;
 
-    } else {
-	# all radius servers deleted
-	exit 1 if ( !remove_pam_radius() );
+        if ( compare( $PAM_RAD_CFG, $PAM_RAD_TMP ) != 0 ) {
+            system("sudo cp $PAM_RAD_TMP $PAM_RAD_CFG") == 0
+              or die "Copy of $PAM_RAD_TMP to $PAM_RAD_CFG failed";
+        }
+        unlink($PAM_RAD_TMP);
+    }
+
+    if ( $count > 0 ) {
+        exit 1 if ( !add_pam_radius() );
+    }
+    else {
+        exit 1 if ( !remove_pam_radius() );
     }
 }
 
-- 
cgit v1.2.3