diff options
author | Christian Breunig <christian@breunig.cc> | 2024-04-07 16:39:45 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-04-07 16:39:45 +0200 |
commit | b286552f1d0f1bfa23eea29ab92426db27efc425 (patch) | |
tree | 51f97f117c2a2296713240efb13c5c23c0242b60 /src | |
parent | 812bb6ac4cf8067ca45f1c2557d1a1b2a1b166fe (diff) | |
parent | a4236f70d16654bedab6b5d02fc6b5d343196593 (diff) | |
download | vyos-1x-b286552f1d0f1bfa23eea29ab92426db27efc425.tar.gz vyos-1x-b286552f1d0f1bfa23eea29ab92426db27efc425.zip |
Merge pull request #3275 from vyos/mergify/bp/sagitta/pr-3270
login: T5875: fix corner case for KeyError: 'getpwuid(): uid not found: XXXX' (backport #3270)
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/system_login.py | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py index cff0c5039..de02a64c6 100755 --- a/src/conf_mode/system_login.py +++ b/src/conf_mode/system_login.py @@ -336,27 +336,31 @@ def apply(login): command += f' --groups frr,frrvty,vyattacfg,sudo,adm,dip,disk {user}' try: cmd(command) - # we should not rely on the value stored in - # user_config['home_directory'], as a crazy user will choose - # username root or any other system user which will fail. + # we should not rely on the value stored in user_config['home_directory'], as a + # crazy user will choose username root or any other system user which will fail. # # XXX: Should we deny using root at all? home_dir = getpwnam(user).pw_dir - # T5875: ensure UID is properly set on home directory if user is re-added - # the home directory will always exist, as it's created above by --create-home, - # retrieve current owner of home directory and adjust it on demand - dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name - if dir_owner != user: - chown(home_dir, user=user, recursive=True) - + # always re-render SSH keys with appropriate permissions render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2', user_config, permission=0o600, formater=lambda _: _.replace(""", '"'), user=user, group='users') - except Exception as e: raise ConfigError(f'Adding user "{user}" raised exception: "{e}"') + # T5875: ensure UID is properly set on home directory if user is re-added + # the home directory will always exist, as it's created above by --create-home, + # retrieve current owner of home directory and adjust on demand + dir_owner = None + try: + dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name + except: + pass + + if dir_owner != user: + chown(home_dir, user=user, recursive=True) + # Generate 2FA/MFA One-Time-Pad configuration if dict_search('authentication.otp.key', user_config): enable_otp = True |