diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-06-15 08:44:10 +0200 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-06-24 14:08:27 +0000 |
| commit | 6baee9809a0626f9f555060cfb7b173388377deb (patch) | |
| tree | 55347ea6407791ce5bbaa61160505167466ab5e6 /src/conf_mode/system_login.py | |
| parent | fad0128567931fd32e568896a0ba789396ab9311 (diff) | |
| download | vyos-1x-6baee9809a0626f9f555060cfb7b173388377deb.tar.gz vyos-1x-6baee9809a0626f9f555060cfb7b173388377deb.zip | |
T6489: add abstraction vyos.utils.auth.get_current_user()
(cherry picked from commit e1a34e661d3e5f0090550796ac266dac15e1e337)
Diffstat (limited to 'src/conf_mode/system_login.py')
| -rwxr-xr-x | src/conf_mode/system_login.py | 17 |
1 files changed, 6 insertions, 11 deletions
diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py index e616ec3db..afddae4dc 100755 --- a/src/conf_mode/system_login.py +++ b/src/conf_mode/system_login.py @@ -30,6 +30,7 @@ from vyos.configverify import verify_vrf from vyos.defaults import directories from vyos.template import render from vyos.template import is_ipv4 +from vyos.utils.auth import get_current_user from vyos.utils.dict import dict_search from vyos.utils.file import chown from vyos.utils.file import write_file @@ -49,8 +50,6 @@ tacacs_pam_config_file = "/etc/tacplus_servers" tacacs_nss_config_file = "/etc/tacplus_nss.conf" nss_config_file = "/etc/nsswitch.conf" -current_user = None - # Minimum UID used when adding system users MIN_USER_UID: int = 1000 # Maximim UID used when adding system users @@ -122,9 +121,6 @@ def get_config(config=None): rm_users = [tmp for tmp in all_users if tmp not in cli_users] if rm_users: login.update({'rm_users' : rm_users}) - if 'SUDO_USER' in os.environ: - current_user = os.environ['SUDO_USER'] - return login def verify(login): @@ -132,8 +128,9 @@ def verify(login): # This check is required as the script is also executed from vyos-router # init script and there is no SUDO_USER environment variable available # during system boot. - if current_user in login['rm_users']: - raise ConfigError(f'Attempting to delete current user: {cur_user}') + tmp = get_current_user() + if tmp in login['rm_users']: + raise ConfigError(f'Attempting to delete current user: {tmp}') if 'user' in login: system_users = getpwall() @@ -239,9 +236,9 @@ def generate(login): # store encrypted password tmp = os.path.join(env[config_dir], '/'.join(add_user_encrypt.split())) - write_file(f'{tmp}/node.val', encrypted_password, user=current_user, group='vyattacfg', mode=0o664) + write_file(f'{tmp}/node.val', encrypted_password, user=get_current_user(), group='vyattacfg', mode=0o664) if config_dir == 'VYATTA_CHANGES_ONLY_DIR': - write_file(f'{tmp}/.modified', encrypted_password, user=current_user, group='vyattacfg', mode=0o664) + write_file(f'{tmp}/.modified', encrypted_password, user=get_current_user(), group='vyattacfg', mode=0o664) else: try: @@ -276,8 +273,6 @@ def generate(login): if os.path.isfile(tacacs_nss_config_file): os.unlink(tacacs_nss_config_file) - - # NSS must always be present on the system render(nss_config_file, 'login/nsswitch.conf.j2', login, permission=0o644, user='root', group='root') |