diff options
| -rwxr-xr-x | src/conf_mode/system-login.py | 9 | ||||
| -rwxr-xr-x | src/init/vyos-router | 6 | ||||
| -rwxr-xr-x | src/op_mode/show_users.py | 7 |
3 files changed, 18 insertions, 4 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 87a269499..2cf50cb92 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -28,6 +28,7 @@ from vyos.configverify import verify_vrf from vyos.defaults import directories from vyos.template import render from vyos.template import is_ipv4 +from vyos.utils.boot import boot_configuration_complete from vyos.utils.dict import dict_search from vyos.utils.process import cmd from vyos.utils.process import call @@ -281,8 +282,6 @@ def generate(login): if os.path.isfile(tacacs_nss_config_file): os.unlink(tacacs_nss_config_file) - - # NSS must always be present on the system render(nss_config_file, 'login/nsswitch.conf.j2', login, permission=0o644, user='root', group='root') @@ -306,6 +305,12 @@ def generate(login): def apply(login): + # Script is invoked from vyos-router.service during startup. + # While configuration mounting and so on is not yet complete, + # skip any code that messes with the local user database + if not boot_configuration_complete(): + return None + if 'user' in login: for user, user_config in login['user'].items(): # make new user using vyatta shell and make home directory (-m), diff --git a/src/init/vyos-router b/src/init/vyos-router index fbb89a77c..dd63921e0 100755 --- a/src/init/vyos-router +++ b/src/init/vyos-router @@ -105,6 +105,9 @@ load_bootfile () restore_if_missing_preconfig_script () { if [ ! -x ${vyatta_sysconfdir}/config/scripts/vyos-preconfig-bootup.script ]; then + mkdir -p ${vyatta_sysconfdir}/config/scripts + chgrp ${GROUP} ${vyatta_sysconfdir}/config/scripts + chmod 775 ${vyatta_sysconfdir}/config/scripts cp ${vyos_rootfs_dir}/opt/vyatta/etc/config/scripts/vyos-preconfig-bootup.script ${vyatta_sysconfdir}/config/scripts/ chgrp ${GROUP} ${vyatta_sysconfdir}/config/scripts/vyos-preconfig-bootup.script chmod 750 ${vyatta_sysconfdir}/config/scripts/vyos-preconfig-bootup.script @@ -123,6 +126,9 @@ run_preconfig_script () restore_if_missing_postconfig_script () { if [ ! -x ${vyatta_sysconfdir}/config/scripts/vyos-postconfig-bootup.script ]; then + mkdir -p ${vyatta_sysconfdir}/config/scripts + chgrp ${GROUP} ${vyatta_sysconfdir}/config/scripts + chmod 775 ${vyatta_sysconfdir}/config/scripts cp ${vyos_rootfs_dir}/opt/vyatta/etc/config/scripts/vyos-postconfig-bootup.script ${vyatta_sysconfdir}/config/scripts/ chgrp ${GROUP} ${vyatta_sysconfdir}/config/scripts/vyos-postconfig-bootup.script chmod 750 ${vyatta_sysconfdir}/config/scripts/vyos-postconfig-bootup.script diff --git a/src/op_mode/show_users.py b/src/op_mode/show_users.py index 8e4f12851..82bd585c9 100755 --- a/src/op_mode/show_users.py +++ b/src/op_mode/show_users.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019 VyOS maintainers and contributors +# Copyright (C) 2019-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -15,7 +15,6 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import argparse import pwd -import spwd import struct import sys from time import ctime @@ -48,6 +47,10 @@ def is_locked(user_name: str) -> bool: """Check if a given user has password in shadow db""" try: + import warnings + with warnings.catch_warnings(): + warnings.filterwarnings("ignore",category=DeprecationWarning) + import spwd encrypted_password = spwd.getspnam(user_name)[1] return encrypted_password == '*' or encrypted_password.startswith('!') except (KeyError, PermissionError): |