diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-06-15 08:44:10 +0200 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2024-06-15 09:27:10 +0200 |
| commit | e1a34e661d3e5f0090550796ac266dac15e1e337 (patch) | |
| tree | a8f347f14b685e57e575a97a5545268abd1173b2 /src/conf_mode | |
| parent | da29c9b3ab7b0cc23d64c8b033fc5a79c1b09174 (diff) | |
| download | vyos-1x-e1a34e661d3e5f0090550796ac266dac15e1e337.tar.gz vyos-1x-e1a34e661d3e5f0090550796ac266dac15e1e337.zip | |
T6489: add abstraction vyos.utils.auth.get_current_user()
Diffstat (limited to 'src/conf_mode')
| -rwxr-xr-x | src/conf_mode/system_login.py | 17 |
1 files changed, 6 insertions, 11 deletions
diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py index e616ec3db..afddae4dc 100755 --- a/src/conf_mode/system_login.py +++ b/src/conf_mode/system_login.py @@ -30,6 +30,7 @@ from vyos.configverify import verify_vrf from vyos.defaults import directories from vyos.template import render from vyos.template import is_ipv4 +from vyos.utils.auth import get_current_user from vyos.utils.dict import dict_search from vyos.utils.file import chown from vyos.utils.file import write_file @@ -49,8 +50,6 @@ tacacs_pam_config_file = "/etc/tacplus_servers" tacacs_nss_config_file = "/etc/tacplus_nss.conf" nss_config_file = "/etc/nsswitch.conf" -current_user = None - # Minimum UID used when adding system users MIN_USER_UID: int = 1000 # Maximim UID used when adding system users @@ -122,9 +121,6 @@ def get_config(config=None): rm_users = [tmp for tmp in all_users if tmp not in cli_users] if rm_users: login.update({'rm_users' : rm_users}) - if 'SUDO_USER' in os.environ: - current_user = os.environ['SUDO_USER'] - return login def verify(login): @@ -132,8 +128,9 @@ def verify(login): # This check is required as the script is also executed from vyos-router # init script and there is no SUDO_USER environment variable available # during system boot. - if current_user in login['rm_users']: - raise ConfigError(f'Attempting to delete current user: {cur_user}') + tmp = get_current_user() + if tmp in login['rm_users']: + raise ConfigError(f'Attempting to delete current user: {tmp}') if 'user' in login: system_users = getpwall() @@ -239,9 +236,9 @@ def generate(login): # store encrypted password tmp = os.path.join(env[config_dir], '/'.join(add_user_encrypt.split())) - write_file(f'{tmp}/node.val', encrypted_password, user=current_user, group='vyattacfg', mode=0o664) + write_file(f'{tmp}/node.val', encrypted_password, user=get_current_user(), group='vyattacfg', mode=0o664) if config_dir == 'VYATTA_CHANGES_ONLY_DIR': - write_file(f'{tmp}/.modified', encrypted_password, user=current_user, group='vyattacfg', mode=0o664) + write_file(f'{tmp}/.modified', encrypted_password, user=get_current_user(), group='vyattacfg', mode=0o664) else: try: @@ -276,8 +273,6 @@ def generate(login): if os.path.isfile(tacacs_nss_config_file): os.unlink(tacacs_nss_config_file) - - # NSS must always be present on the system render(nss_config_file, 'login/nsswitch.conf.j2', login, permission=0o644, user='root', group='root') |