summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-01-30 21:47:12 +0100
committerChristian Poessinger <christian@poessinger.com>2020-02-02 17:05:09 +0100
commitf1726cd0d0b8e7b809576189918d6ac298983100 (patch)
tree7f0333255dc31cc6138e3ea10ad404100c9c1fd8
parentb1bb4dcc8dd9d08e0845ecd4c568511e61c594d1 (diff)
downloadvyos-1x-f1726cd0d0b8e7b809576189918d6ac298983100.tar.gz
vyos-1x-f1726cd0d0b8e7b809576189918d6ac298983100.zip
login: T1948: SSH keys can only be added after user has been created
-rwxr-xr-xsrc/conf_mode/system-login.py54
1 files changed, 27 insertions, 27 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py
index 3d29010b9..4f741d121 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system-login.py
@@ -193,32 +193,6 @@ def generate(login):
os.system("vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set system login user '{}' authentication plaintext-password '' >/dev/null".format(user['name']))
os.system("vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set system login user '{}' authentication encrypted-password '{}' >/dev/null".format(user['name'], user['password_encrypted']))
- uid = getpwnam(user['name']).pw_uid
- gid = getpwnam(user['name']).pw_gid
-
- # install ssh keys
- key_dir = '{}/.ssh'.format(user['home_dir'])
- if not os.path.isdir(key_dir):
- os.mkdir(key_dir)
- os.chown(key_dir, uid, gid)
- os.chmod(key_dir, S_IRWXU | S_IRGRP | S_IXGRP)
-
- key_file = key_dir + '/authorized_keys';
- with open(key_file, 'w') as f:
- f.write("# Automatically generated by VyOS\n")
- f.write("# Do not edit, all changes will be lost\n")
-
- for id in user['public_keys']:
- line = ''
- if id['options']:
- line = '{} '.format(id['options'])
-
- line += '{} {} {}\n'.format(id['type'], id['key'], id['name'])
- f.write(line)
-
- os.chown(key_file, uid, gid)
- os.chmod(key_file, S_IRUSR | S_IWUSR)
-
#
# RADIUS
#
@@ -261,10 +235,36 @@ def apply(login):
try:
os.system(cmd)
+
+ uid = getpwnam(user['name']).pw_uid
+ gid = getpwnam(user['name']).pw_gid
+
+ # install ssh keys
+ key_dir = '{}/.ssh'.format(user['home_dir'])
+ if not os.path.isdir(key_dir):
+ os.mkdir(key_dir)
+ os.chown(key_dir, uid, gid)
+ os.chmod(key_dir, S_IRWXU | S_IRGRP | S_IXGRP)
+
+ key_file = key_dir + '/authorized_keys';
+ with open(key_file, 'w') as f:
+ f.write("# Automatically generated by VyOS\n")
+ f.write("# Do not edit, all changes will be lost\n")
+
+ for id in user['public_keys']:
+ line = ''
+ if id['options']:
+ line = '{} '.format(id['options'])
+
+ line += '{} {} {}\n'.format(id['type'], id['key'], id['name'])
+ f.write(line)
+
+ os.chown(key_file, uid, gid)
+ os.chmod(key_file, S_IRUSR | S_IWUSR)
+
except Exception as e:
print('Adding user "{}" raised an exception'.format(user))
-
for user in login['del_users']:
try:
# Remove user account but leave home directory to be safe