diff options
author | Christian Breunig <christian@breunig.cc> | 2024-06-15 08:44:54 +0200 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2024-06-15 09:27:10 +0200 |
commit | d7a18a3da949bfa3df89661cc0871e8f23b18a10 (patch) | |
tree | 62f3dbdf54e261d5d9b29d625ad7185360ee07e9 | |
parent | e1a34e661d3e5f0090550796ac266dac15e1e337 (diff) | |
download | vyos-1x-d7a18a3da949bfa3df89661cc0871e8f23b18a10.tar.gz vyos-1x-d7a18a3da949bfa3df89661cc0871e8f23b18a10.zip |
T6489: add abstraction vyos.utils.configfs to work natively with the config filesystem
-rw-r--r-- | python/vyos/utils/__init__.py | 1 | ||||
-rw-r--r-- | python/vyos/utils/configfs.py | 37 | ||||
-rwxr-xr-x | src/conf_mode/system_login.py | 26 |
3 files changed, 45 insertions, 19 deletions
diff --git a/python/vyos/utils/__init__.py b/python/vyos/utils/__init__.py index 1cd062a11..90620071b 100644 --- a/python/vyos/utils/__init__.py +++ b/python/vyos/utils/__init__.py @@ -17,6 +17,7 @@ from vyos.utils import assertion from vyos.utils import auth from vyos.utils import boot from vyos.utils import commit +from vyos.utils import configfs from vyos.utils import convert from vyos.utils import cpu from vyos.utils import dict diff --git a/python/vyos/utils/configfs.py b/python/vyos/utils/configfs.py new file mode 100644 index 000000000..8617f0129 --- /dev/null +++ b/python/vyos/utils/configfs.py @@ -0,0 +1,37 @@ +# Copyright 2024 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +import os + +def delete_cli_node(cli_path: list): + from shutil import rmtree + for config_dir in ['VYATTA_TEMP_CONFIG_DIR', 'VYATTA_CHANGES_ONLY_DIR']: + tmp = os.path.join(os.environ[config_dir], '/'.join(cli_path)) + # delete CLI node + if os.path.exists(tmp): + rmtree(tmp) + +def add_cli_node(cli_path: list, value: str=None): + from vyos.utils.auth import get_current_user + from vyos.utils.file import write_file + + current_user = get_current_user() + for config_dir in ['VYATTA_TEMP_CONFIG_DIR', 'VYATTA_CHANGES_ONLY_DIR']: + # store new value + tmp = os.path.join(os.environ[config_dir], '/'.join(cli_path)) + write_file(f'{tmp}/node.val', value, user=current_user, group='vyattacfg', mode=0o664) + # mark CLI node as modified + if config_dir == 'VYATTA_CHANGES_ONLY_DIR': + write_file(f'{tmp}/.modified', '', user=current_user, group='vyattacfg', mode=0o664) diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py index afddae4dc..439fa645b 100755 --- a/src/conf_mode/system_login.py +++ b/src/conf_mode/system_login.py @@ -21,22 +21,20 @@ from psutil import users from pwd import getpwall from pwd import getpwnam from pwd import getpwuid -from shutil import rmtree from sys import exit from time import sleep from vyos.config import Config from vyos.configverify import verify_vrf -from vyos.defaults import directories from vyos.template import render from vyos.template import is_ipv4 from vyos.utils.auth import get_current_user +from vyos.utils.configfs import delete_cli_node +from vyos.utils.configfs import add_cli_node from vyos.utils.dict import dict_search from vyos.utils.file import chown -from vyos.utils.file import write_file from vyos.utils.process import cmd from vyos.utils.process import call -from vyos.utils.process import rc_cmd from vyos.utils.process import run from vyos.utils.process import DEVNULL from vyos import ConfigError @@ -216,7 +214,6 @@ def verify(login): def generate(login): # calculate users encrypted password if 'user' in login: - env = os.environ.copy() for user, user_config in login['user'].items(): tmp = dict_search('authentication.plaintext_password', user_config) if tmp: @@ -225,20 +222,11 @@ def generate(login): del login['user'][user]['authentication']['plaintext_password'] # Set default commands for re-adding user with encrypted password - del_user_plain = f'system login user {user} authentication plaintext-password' - add_user_encrypt = f'system login user {user} authentication encrypted-password' - - for config_dir in ['VYATTA_TEMP_CONFIG_DIR', 'VYATTA_CHANGES_ONLY_DIR']: - tmp = os.path.join(env[config_dir], '/'.join(del_user_plain.split())) - # delete temporary plaintext-password CLI node - if os.path.exists(tmp): - rmtree(tmp) - - # store encrypted password - tmp = os.path.join(env[config_dir], '/'.join(add_user_encrypt.split())) - write_file(f'{tmp}/node.val', encrypted_password, user=get_current_user(), group='vyattacfg', mode=0o664) - if config_dir == 'VYATTA_CHANGES_ONLY_DIR': - write_file(f'{tmp}/.modified', encrypted_password, user=get_current_user(), group='vyattacfg', mode=0o664) + del_user_plain = ['system', 'login', 'user', user, 'authentication', 'plaintext-password'] + add_user_encrypt = ['system', 'login', 'user', user, 'authentication', 'encrypted-password'] + + delete_cli_node(del_user_plain) + add_cli_node(add_user_encrypt, value=encrypted_password) else: try: |