diff options
| -rw-r--r-- | interface-definitions/system_login.xml.in | 1 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_system_login.py | 27 | ||||
| -rwxr-xr-x | src/conf_mode/system_login.py | 6 |
3 files changed, 28 insertions, 6 deletions
diff --git a/interface-definitions/system_login.xml.in b/interface-definitions/system_login.xml.in index 44e1a7a92..e94bb7219 100644 --- a/interface-definitions/system_login.xml.in +++ b/interface-definitions/system_login.xml.in @@ -172,6 +172,7 @@ </tagNode> </children> </node> + #include <include/generic-disable-node.xml.i> <leafNode name="full-name"> <properties> <help>Full name of the user (use quotes for names with spaces)</help> diff --git a/smoketest/scripts/cli/test_system_login.py b/smoketest/scripts/cli/test_system_login.py index 195b127a4..d93ad952f 100755 --- a/smoketest/scripts/cli/test_system_login.py +++ b/smoketest/scripts/cli/test_system_login.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019-2023 VyOS maintainers and contributors +# Copyright (C) 2019-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -15,12 +15,12 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import re -import platform import unittest import paramiko from base_vyostest_shim import VyOSUnitTestSHIM +from gzip import GzipFile from subprocess import Popen, PIPE from pwd import getpwall from time import sleep @@ -98,8 +98,8 @@ class TestSystemLogin(VyOSUnitTestSHIM.TestCase): self.cli_commit() for user in users: - cmd = ['su','-', user] - proc = Popen(cmd, stdin=PIPE, stdout=PIPE, stderr=PIPE) + tmp = ['su','-', user] + proc = Popen(tmp, stdin=PIPE, stdout=PIPE, stderr=PIPE) tmp = "{}\nuname -a".format(user) proc.stdin.write(tmp.encode()) proc.stdin.flush() @@ -109,6 +109,22 @@ class TestSystemLogin(VyOSUnitTestSHIM.TestCase): # b'Linux LR1.wue3 5.10.61-amd64-vyos #1 SMP Fri Aug 27 08:55:46 UTC 2021 x86_64 GNU/Linux\n' self.assertTrue(len(stdout) > 40) + locked_user = users[0] + # disable the first user in list + self.cli_set(base_path + ['user', locked_user, 'disable']) + self.cli_commit() + # check if account is locked + tmp = cmd(f'sudo passwd -S {locked_user}') + self.assertIn(f'{locked_user} L ', tmp) + + # unlock account + self.cli_delete(base_path + ['user', locked_user, 'disable']) + self.cli_commit() + # check if account is unlocked + tmp = cmd(f'sudo passwd -S {locked_user}') + self.assertIn(f'{locked_user} P ', tmp) + + def test_system_login_otp(self): otp_user = 'otp-test_user' otp_password = 'SuperTestPassword' @@ -148,8 +164,7 @@ class TestSystemLogin(VyOSUnitTestSHIM.TestCase): def test_radius_kernel_features(self): # T2886: RADIUS requires some Kernel options to be present - kernel = platform.release() - kernel_config = read_file(f'/boot/config-{kernel}') + kernel_config = GzipFile('/proc/config.gz').read().decode('UTF-8') # T2886 - RADIUS authentication - check for statically compiled options options = ['CONFIG_AUDIT', 'CONFIG_AUDITSYSCALL', 'CONFIG_AUDIT_ARCH'] diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py index 3d16bdb4a..49306c894 100755 --- a/src/conf_mode/system_login.py +++ b/src/conf_mode/system_login.py @@ -367,6 +367,12 @@ def apply(login): if os.path.exists(f'{home_dir}/.google_authenticator'): os.remove(f'{home_dir}/.google_authenticator') + # Lock/Unlock local user account + lock_unlock = '--unlock' + if 'disable' in user_config: + lock_unlock = '--lock' + cmd(f'usermod {lock_unlock} {user}') + if 'rm_users' in login: for user in login['rm_users']: try: |