From 3b188bb4a2d0c014c03749ee36347a56b15b02c2 Mon Sep 17 00:00:00 2001
From: Alex Harpin <development@landsofshadow.co.uk>
Date: Mon, 30 Nov 2015 21:59:00 +0000
Subject: vyatta-cfg-system: prevent deletion of all authentication for user

Prevent the deletion of both the encrypted-password and public-keys
nodes for a user, ensuring that at least one of the methods is
available.  Also prevent the deletion of the public keys for a user
if the encrypted password is set to "!".

Correct fix this time, without introducing the inability to remove
configured users from the system.

Bug #574 http://bugzilla.vyos.net/show_bug.cgi?id=574
---
 templates/system/login/user/node.def | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'templates')

diff --git a/templates/system/login/user/node.def b/templates/system/login/user/node.def
index 451cc078..41a7e048 100644
--- a/templates/system/login/user/node.def
+++ b/templates/system/login/user/node.def
@@ -11,3 +11,11 @@ commit:expression: $VAR(@) == "" ||
 commit:expression: $VAR(@) == "" ||
 		   $VAR(authentication/encrypted-password) != "" ||
 		   $VAR(authentication/encrypted-password/@) = "!"
+
+end: if [ ${COMMIT_ACTION} != 'DELETE' ] &&
+        [ -z "$VAR(authentication/public-keys)" ] &&
+        [[ -z "$VAR(authentication/encrypted-password)" ||
+              "$VAR(authentication/encrypted-password/@)" = "!" ]]; then
+           echo "either user encrypted password or public keys must be set";
+           exit 1;
+     fi
-- 
cgit v1.2.3