diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-01-27 20:57:45 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-02-02 16:02:20 +0100 |
commit | 96f5fae930b8213c199069c7aab079c6fb9cd334 (patch) | |
tree | ac0c214291f53d5ea915df997ecbd0fd6840f59b /src/conf_mode | |
parent | 7e1462c21ed853b3b4a7cc347091a132f6b4162e (diff) | |
download | vyos-1x-96f5fae930b8213c199069c7aab079c6fb9cd334.tar.gz vyos-1x-96f5fae930b8213c199069c7aab079c6fb9cd334.zip |
login: T1948: initial rewrite in XML/Python
Diffstat (limited to 'src/conf_mode')
-rw-r--r-- | src/conf_mode/system-login.py | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py new file mode 100644 index 000000000..2c1e4dc3e --- /dev/null +++ b/src/conf_mode/system-login.py @@ -0,0 +1,145 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import sys +import os + +from vyos.config import Config +from vyos import ConfigError + +default_config_data = { + 'deleted': False, + 'radius_server': [], + 'radius_source': '', + 'user': [] +} + +def get_config(): + login = default_config_data + conf = Config() + base_level = ['system', 'login'] + + if not conf.exists(base_level): + login['deleted'] = True + return login + + if conf.exists(base_level + ['radius', 'source-address']): + login['radius_source'] = conf.return_value(['radius', 'source-address']) + + # Read in all RADIUS servers and store to list + for server in conf.list_nodes(base_level + ['radius', 'server']): + radius = { + 'address': server, + 'key': '', + 'port': '1812', + 'timeout': '2' + } + conf.set_level(base_level + ['radius', 'server', server]) + + # RADIUS shared secret + if conf.exists(['key']): + radius['key'] = conf.return_value(['key']) + + # RADIUS authentication port + if conf.exists(['port']): + radius['port'] = conf.return_value(['port']) + + # RADIUS session timeout + if conf.exists(['timeout']): + radius['timeout'] = conf.return_value(['timeout']) + + # Append individual RADIUS server configuration to global server list + login['radius_server'].append(radius) + + # Read in all local users and store to list + for username in conf.list_nodes(base_level + ['user']): + user = { + 'name': username, + 'password_plaintext': '', + 'password_encrypted': '', + 'public_keys': [], + 'full_name': '', + 'home_dir': '/home/' + username, + } + conf.set_level(base_level + ['user', username]) + + # Plaintext password + if conf.exists(['authentication', 'plaintext-password']): + user['password_plaintext'] = conf.return_value(['authentication', 'plaintext-password']) + + # Encrypted password + if conf.exists(['authentication', 'encrypted-password']): + user['password_encrypted'] = conf.return_value(['authentication', 'encrypted-password']) + + # Read in public keys + for id in conf.list_nodes(['authentication', 'public-keys']): + key = { + 'name': id, + 'key': '', + 'options': '', + 'type': '' + } + conf.set_level(base_level + ['user', username, 'authentication', 'public-keys', id]) + + # Public Key portion + if conf.exists(['key']): + user['key'] = conf.return_value(['key']) + + # Options for individual public key + if conf.exists(['options']): + user['options'] = conf.return_value(['options']) + + # Type of public key + if conf.exists(['type']): + user['type'] = conf.return_value(['type']) + + # Append individual public key to list of user keys + user['public_keys'].append(key) + + # set proper config level + conf.set_level(base_level + ['user', username]) + + # User real name + if conf.exists(['full-name']): + user['full_name'] = conf.return_value(['full-name']) + + # User home-directory + if conf.exists(['home-directory']): + user['home_dir'] = conf.return_value(['home-directory']) + + return login + +def verify(login): + pass + +def generate(login): + import pprint + pprint.pprint(login) + + pass + +def apply(login): + pass + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + sys.exit(1) |