summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-06-15 08:44:54 +0200
committerChristian Breunig <christian@breunig.cc>2024-06-15 09:27:10 +0200
commitd7a18a3da949bfa3df89661cc0871e8f23b18a10 (patch)
tree62f3dbdf54e261d5d9b29d625ad7185360ee07e9
parente1a34e661d3e5f0090550796ac266dac15e1e337 (diff)
downloadvyos-1x-d7a18a3da949bfa3df89661cc0871e8f23b18a10.tar.gz
vyos-1x-d7a18a3da949bfa3df89661cc0871e8f23b18a10.zip
T6489: add abstraction vyos.utils.configfs to work natively with the config filesystem
-rw-r--r--python/vyos/utils/__init__.py1
-rw-r--r--python/vyos/utils/configfs.py37
-rwxr-xr-xsrc/conf_mode/system_login.py26
3 files changed, 45 insertions, 19 deletions
diff --git a/python/vyos/utils/__init__.py b/python/vyos/utils/__init__.py
index 1cd062a11..90620071b 100644
--- a/python/vyos/utils/__init__.py
+++ b/python/vyos/utils/__init__.py
@@ -17,6 +17,7 @@ from vyos.utils import assertion
from vyos.utils import auth
from vyos.utils import boot
from vyos.utils import commit
+from vyos.utils import configfs
from vyos.utils import convert
from vyos.utils import cpu
from vyos.utils import dict
diff --git a/python/vyos/utils/configfs.py b/python/vyos/utils/configfs.py
new file mode 100644
index 000000000..8617f0129
--- /dev/null
+++ b/python/vyos/utils/configfs.py
@@ -0,0 +1,37 @@
+# Copyright 2024 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library. If not, see <http://www.gnu.org/licenses/>.
+
+import os
+
+def delete_cli_node(cli_path: list):
+ from shutil import rmtree
+ for config_dir in ['VYATTA_TEMP_CONFIG_DIR', 'VYATTA_CHANGES_ONLY_DIR']:
+ tmp = os.path.join(os.environ[config_dir], '/'.join(cli_path))
+ # delete CLI node
+ if os.path.exists(tmp):
+ rmtree(tmp)
+
+def add_cli_node(cli_path: list, value: str=None):
+ from vyos.utils.auth import get_current_user
+ from vyos.utils.file import write_file
+
+ current_user = get_current_user()
+ for config_dir in ['VYATTA_TEMP_CONFIG_DIR', 'VYATTA_CHANGES_ONLY_DIR']:
+ # store new value
+ tmp = os.path.join(os.environ[config_dir], '/'.join(cli_path))
+ write_file(f'{tmp}/node.val', value, user=current_user, group='vyattacfg', mode=0o664)
+ # mark CLI node as modified
+ if config_dir == 'VYATTA_CHANGES_ONLY_DIR':
+ write_file(f'{tmp}/.modified', '', user=current_user, group='vyattacfg', mode=0o664)
diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py
index afddae4dc..439fa645b 100755
--- a/src/conf_mode/system_login.py
+++ b/src/conf_mode/system_login.py
@@ -21,22 +21,20 @@ from psutil import users
from pwd import getpwall
from pwd import getpwnam
from pwd import getpwuid
-from shutil import rmtree
from sys import exit
from time import sleep
from vyos.config import Config
from vyos.configverify import verify_vrf
-from vyos.defaults import directories
from vyos.template import render
from vyos.template import is_ipv4
from vyos.utils.auth import get_current_user
+from vyos.utils.configfs import delete_cli_node
+from vyos.utils.configfs import add_cli_node
from vyos.utils.dict import dict_search
from vyos.utils.file import chown
-from vyos.utils.file import write_file
from vyos.utils.process import cmd
from vyos.utils.process import call
-from vyos.utils.process import rc_cmd
from vyos.utils.process import run
from vyos.utils.process import DEVNULL
from vyos import ConfigError
@@ -216,7 +214,6 @@ def verify(login):
def generate(login):
# calculate users encrypted password
if 'user' in login:
- env = os.environ.copy()
for user, user_config in login['user'].items():
tmp = dict_search('authentication.plaintext_password', user_config)
if tmp:
@@ -225,20 +222,11 @@ def generate(login):
del login['user'][user]['authentication']['plaintext_password']
# Set default commands for re-adding user with encrypted password
- del_user_plain = f'system login user {user} authentication plaintext-password'
- add_user_encrypt = f'system login user {user} authentication encrypted-password'
-
- for config_dir in ['VYATTA_TEMP_CONFIG_DIR', 'VYATTA_CHANGES_ONLY_DIR']:
- tmp = os.path.join(env[config_dir], '/'.join(del_user_plain.split()))
- # delete temporary plaintext-password CLI node
- if os.path.exists(tmp):
- rmtree(tmp)
-
- # store encrypted password
- tmp = os.path.join(env[config_dir], '/'.join(add_user_encrypt.split()))
- write_file(f'{tmp}/node.val', encrypted_password, user=get_current_user(), group='vyattacfg', mode=0o664)
- if config_dir == 'VYATTA_CHANGES_ONLY_DIR':
- write_file(f'{tmp}/.modified', encrypted_password, user=get_current_user(), group='vyattacfg', mode=0o664)
+ del_user_plain = ['system', 'login', 'user', user, 'authentication', 'plaintext-password']
+ add_user_encrypt = ['system', 'login', 'user', user, 'authentication', 'encrypted-password']
+
+ delete_cli_node(del_user_plain)
+ add_cli_node(add_user_encrypt, value=encrypted_password)
else:
try: