diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-01-30 21:47:12 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-02-02 17:05:09 +0100 |
commit | f1726cd0d0b8e7b809576189918d6ac298983100 (patch) | |
tree | 7f0333255dc31cc6138e3ea10ad404100c9c1fd8 | |
parent | b1bb4dcc8dd9d08e0845ecd4c568511e61c594d1 (diff) | |
download | vyos-1x-f1726cd0d0b8e7b809576189918d6ac298983100.tar.gz vyos-1x-f1726cd0d0b8e7b809576189918d6ac298983100.zip |
login: T1948: SSH keys can only be added after user has been created
-rwxr-xr-x | src/conf_mode/system-login.py | 54 |
1 files changed, 27 insertions, 27 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 3d29010b9..4f741d121 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -193,32 +193,6 @@ def generate(login): os.system("vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set system login user '{}' authentication plaintext-password '' >/dev/null".format(user['name'])) os.system("vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set system login user '{}' authentication encrypted-password '{}' >/dev/null".format(user['name'], user['password_encrypted'])) - uid = getpwnam(user['name']).pw_uid - gid = getpwnam(user['name']).pw_gid - - # install ssh keys - key_dir = '{}/.ssh'.format(user['home_dir']) - if not os.path.isdir(key_dir): - os.mkdir(key_dir) - os.chown(key_dir, uid, gid) - os.chmod(key_dir, S_IRWXU | S_IRGRP | S_IXGRP) - - key_file = key_dir + '/authorized_keys'; - with open(key_file, 'w') as f: - f.write("# Automatically generated by VyOS\n") - f.write("# Do not edit, all changes will be lost\n") - - for id in user['public_keys']: - line = '' - if id['options']: - line = '{} '.format(id['options']) - - line += '{} {} {}\n'.format(id['type'], id['key'], id['name']) - f.write(line) - - os.chown(key_file, uid, gid) - os.chmod(key_file, S_IRUSR | S_IWUSR) - # # RADIUS # @@ -261,10 +235,36 @@ def apply(login): try: os.system(cmd) + + uid = getpwnam(user['name']).pw_uid + gid = getpwnam(user['name']).pw_gid + + # install ssh keys + key_dir = '{}/.ssh'.format(user['home_dir']) + if not os.path.isdir(key_dir): + os.mkdir(key_dir) + os.chown(key_dir, uid, gid) + os.chmod(key_dir, S_IRWXU | S_IRGRP | S_IXGRP) + + key_file = key_dir + '/authorized_keys'; + with open(key_file, 'w') as f: + f.write("# Automatically generated by VyOS\n") + f.write("# Do not edit, all changes will be lost\n") + + for id in user['public_keys']: + line = '' + if id['options']: + line = '{} '.format(id['options']) + + line += '{} {} {}\n'.format(id['type'], id['key'], id['name']) + f.write(line) + + os.chown(key_file, uid, gid) + os.chmod(key_file, S_IRUSR | S_IWUSR) + except Exception as e: print('Adding user "{}" raised an exception'.format(user)) - for user in login['del_users']: try: # Remove user account but leave home directory to be safe |