From 0e0639d6aedc184400067cecb8f5a0530df193cd Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 18 Apr 2019 18:23:22 +0200 Subject: T1344: rename RADIUS 'system login' nodes In order to prepare for adding a RADIUS source IP address and synchronize the syntax with L2TP/PPTP the nodes have been renamed from: set system login radius-server x.x.x.x to set system login radius server x.x.x.x --- lib/Vyatta/Login/Radius.pm | 102 +++++++++++++++++++++++++++++++++++++++ lib/Vyatta/Login/RadiusServer.pm | 102 --------------------------------------- lib/Vyatta/Login/User.pm | 0 3 files changed, 102 insertions(+), 102 deletions(-) create mode 100644 lib/Vyatta/Login/Radius.pm delete mode 100644 lib/Vyatta/Login/RadiusServer.pm mode change 100755 => 100644 lib/Vyatta/Login/User.pm (limited to 'lib') diff --git a/lib/Vyatta/Login/Radius.pm b/lib/Vyatta/Login/Radius.pm new file mode 100644 index 00000000..9c2d56aa --- /dev/null +++ b/lib/Vyatta/Login/Radius.pm @@ -0,0 +1,102 @@ +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. +# All Rights Reserved. +# +# **** End License **** + +package Vyatta::Login::Radius; +use strict; +use warnings; +use lib "/opt/vyatta/share/perl5"; +use Vyatta::Config; +use File::Compare; +use File::Copy; + +my $PAM_RAD_CFG = '/etc/pam_radius_auth.conf'; +my $PAM_RAD_TMP = "/tmp/pam_radius_auth.$$"; + +my $PAM_RAD_AUTH = "/usr/share/pam-configs/radius"; +my $PAM_RAD_SYSCONF = "/opt/vyatta/etc/pam_radius.cfg"; + +sub remove_pam_radius { + system('sed -i -e \'/^passwd:.*mapuid[ \t]/s/mapuid[ \t]//\' \ + -e \'/^passwd:.*[ \t]mapname/s/[ \t]mapname//\' \ + -e \'/^group:.*[ \t]mapname/s/[ \t]mapname//\' \ + -e \'s/[ \t]*$//\' \ + /etc/nsswitch.conf'); + + system("DEBIAN_FRONTEND=noninteractive " . + "pam-auth-update --package --remove radius") == 0 + or die "pam-auth-update remove failed"; + + unlink($PAM_RAD_AUTH) + or die "Can't remove $PAM_RAD_AUTH"; +} + +sub add_pam_radius { + copy($PAM_RAD_SYSCONF,$PAM_RAD_AUTH) + or die "Can't copy $PAM_RAD_SYSCONF to $PAM_RAD_AUTH"; + + system("DEBIAN_FRONTEND=noninteractive " . + "pam-auth-update --package radius") == 0 + or die "pam-auth-update add failed"; + + system('sed -i -e \'/\smapname/b\' \ + -e \'/^passwd:/s/\s\s*/&mapuid /\' \ + -e \'/^passwd:.*#/s/#.*/mapname &/\' \ + -e \'/^passwd:[^#]*$/s/$/ mapname &/\' \ + -e \'/^group:.*#/s/#.*/ mapname &/\' \ + -e \'/^group:[^#]*$/s/: */&mapname /\' \ + /etc/nsswitch.conf') == 0 + or die "NSS configuration failed"; +} + +sub update { + my $rconfig = new Vyatta::Config; + $rconfig->setLevel("system login radius server"); + my %servers = $rconfig->listNodeStatus(); + my $count = 0; + + open (my $cfg, ">", $PAM_RAD_TMP) + or die "Can't open config tmp: $PAM_RAD_TMP :$!"; + + print $cfg "# RADIUS configuration file\n"; + print $cfg "# automatically generated do not edit\n"; + print $cfg "# Server\tSecret\tTimeout\n"; + + for my $server ( sort keys %servers ) { + next if ( $servers{$server} eq 'deleted' ); + my $port = $rconfig->returnValue("$server port"); + my $secret = $rconfig->returnValue("$server secret"); + my $timeout = $rconfig->returnValue("$server timeout"); + print $cfg "$server:$port\t$secret\t$timeout\n"; + ++$count; + print $cfg "priv-lvl 15\n"; + print $cfg "mapped_priv_user radius_priv_user\n"; + } + close($cfg); + + if ( compare( $PAM_RAD_CFG, $PAM_RAD_TMP ) != 0 ) { + copy ($PAM_RAD_TMP, $PAM_RAD_CFG) + or die "Copy of $PAM_RAD_TMP to $PAM_RAD_CFG failed"; + } + unlink($PAM_RAD_TMP); + + if ( $count > 0 ) { + add_pam_radius(); + } else { + remove_pam_radius(); + } +} + +1; diff --git a/lib/Vyatta/Login/RadiusServer.pm b/lib/Vyatta/Login/RadiusServer.pm deleted file mode 100644 index 5a71b1f8..00000000 --- a/lib/Vyatta/Login/RadiusServer.pm +++ /dev/null @@ -1,102 +0,0 @@ -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. -# All Rights Reserved. -# -# **** End License **** - -package Vyatta::Login::RadiusServer; -use strict; -use warnings; -use lib "/opt/vyatta/share/perl5"; -use Vyatta::Config; -use File::Compare; -use File::Copy; - -my $PAM_RAD_CFG = '/etc/pam_radius_auth.conf'; -my $PAM_RAD_TMP = "/tmp/pam_radius_auth.$$"; - -my $PAM_RAD_AUTH = "/usr/share/pam-configs/radius"; -my $PAM_RAD_SYSCONF = "/opt/vyatta/etc/pam_radius.cfg"; - -sub remove_pam_radius { - system('sed -i -e \'/^passwd:.*mapuid[ \t]/s/mapuid[ \t]//\' \ - -e \'/^passwd:.*[ \t]mapname/s/[ \t]mapname//\' \ - -e \'/^group:.*[ \t]mapname/s/[ \t]mapname//\' \ - -e \'s/[ \t]*$//\' \ - /etc/nsswitch.conf'); - - system("DEBIAN_FRONTEND=noninteractive " . - "pam-auth-update --package --remove radius") == 0 - or die "pam-auth-update remove failed"; - - unlink($PAM_RAD_AUTH) - or die "Can't remove $PAM_RAD_AUTH"; -} - -sub add_pam_radius { - copy($PAM_RAD_SYSCONF,$PAM_RAD_AUTH) - or die "Can't copy $PAM_RAD_SYSCONF to $PAM_RAD_AUTH"; - - system("DEBIAN_FRONTEND=noninteractive " . - "pam-auth-update --package radius") == 0 - or die "pam-auth-update add failed"; - - system('sed -i -e \'/\smapname/b\' \ - -e \'/^passwd:/s/\s\s*/&mapuid /\' \ - -e \'/^passwd:.*#/s/#.*/mapname &/\' \ - -e \'/^passwd:[^#]*$/s/$/ mapname &/\' \ - -e \'/^group:.*#/s/#.*/ mapname &/\' \ - -e \'/^group:[^#]*$/s/: */&mapname /\' \ - /etc/nsswitch.conf') == 0 - or die "NSS configuration failed"; -} - -sub update { - my $rconfig = new Vyatta::Config; - $rconfig->setLevel("system login radius-server"); - my %servers = $rconfig->listNodeStatus(); - my $count = 0; - - open (my $cfg, ">", $PAM_RAD_TMP) - or die "Can't open config tmp: $PAM_RAD_TMP :$!"; - - print $cfg "# RADIUS configuration file\n"; - print $cfg "# automatically generated do not edit\n"; - print $cfg "# Server\tSecret\tTimeout\n"; - - for my $server ( sort keys %servers ) { - next if ( $servers{$server} eq 'deleted' ); - my $port = $rconfig->returnValue("$server port"); - my $secret = $rconfig->returnValue("$server secret"); - my $timeout = $rconfig->returnValue("$server timeout"); - print $cfg "$server:$port\t$secret\t$timeout\n"; - ++$count; - print $cfg "priv-lvl 15\n"; - print $cfg "mapped_priv_user radius_priv_user\n"; - } - close($cfg); - - if ( compare( $PAM_RAD_CFG, $PAM_RAD_TMP ) != 0 ) { - copy ($PAM_RAD_TMP, $PAM_RAD_CFG) - or die "Copy of $PAM_RAD_TMP to $PAM_RAD_CFG failed"; - } - unlink($PAM_RAD_TMP); - - if ( $count > 0 ) { - add_pam_radius(); - } else { - remove_pam_radius(); - } -} - -1; diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm old mode 100755 new mode 100644 -- cgit v1.2.3