diff options
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/system-login.py | 9 | ||||
| -rwxr-xr-x | src/helpers/vyos-save-config.py | 19 | ||||
| -rwxr-xr-x | src/init/vyos-router | 22 |
3 files changed, 40 insertions, 10 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 2cf50cb92..87a269499 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -28,7 +28,6 @@ from vyos.configverify import verify_vrf from vyos.defaults import directories from vyos.template import render from vyos.template import is_ipv4 -from vyos.utils.boot import boot_configuration_complete from vyos.utils.dict import dict_search from vyos.utils.process import cmd from vyos.utils.process import call @@ -282,6 +281,8 @@ def generate(login): if os.path.isfile(tacacs_nss_config_file): os.unlink(tacacs_nss_config_file) + + # NSS must always be present on the system render(nss_config_file, 'login/nsswitch.conf.j2', login, permission=0o644, user='root', group='root') @@ -305,12 +306,6 @@ def generate(login): def apply(login): - # Script is invoked from vyos-router.service during startup. - # While configuration mounting and so on is not yet complete, - # skip any code that messes with the local user database - if not boot_configuration_complete(): - return None - if 'user' in login: for user, user_config in login['user'].items(): # make new user using vyatta shell and make home directory (-m), diff --git a/src/helpers/vyos-save-config.py b/src/helpers/vyos-save-config.py index 8af4a7916..518bd9864 100755 --- a/src/helpers/vyos-save-config.py +++ b/src/helpers/vyos-save-config.py @@ -19,6 +19,7 @@ import os import re import sys from tempfile import NamedTemporaryFile +from argparse import ArgumentParser from vyos.config import Config from vyos.remote import urlc @@ -28,8 +29,15 @@ from vyos.defaults import directories DEFAULT_CONFIG_PATH = os.path.join(directories['config'], 'config.boot') remote_save = None -if len(sys.argv) > 1: - save_file = sys.argv[1] +parser = ArgumentParser(description='Save configuration') +parser.add_argument('file', type=str, nargs='?', help='Save configuration to file') +parser.add_argument('--write-json-file', type=str, help='Save JSON of configuration to file') +args = parser.parse_args() +file = args.file +json_file = args.write_json_file + +if file is not None: + save_file = file else: save_file = DEFAULT_CONFIG_PATH @@ -51,6 +59,13 @@ with open(write_file, 'w') as f: f.write("\n") f.write(system_footer()) +if json_file is not None and ct is not None: + try: + with open(json_file, 'w') as f: + f.write(ct.to_json()) + except OSError as e: + print(f'failed to write JSON file: {e}') + if remote_save is not None: try: remote_save.upload(write_file) diff --git a/src/init/vyos-router b/src/init/vyos-router index dd63921e0..35095afe4 100755 --- a/src/init/vyos-router +++ b/src/init/vyos-router @@ -234,6 +234,27 @@ cleanup_post_commit_hooks () { # system defaults. security_reset () { + + # restore NSS cofniguration back to sane system defaults + # will be overwritten later when configuration is loaded + cat <<EOF >/etc/nsswitch.conf +passwd: files +group: files +shadow: files +gshadow: files + +# Per T2678, commenting out myhostname +hosts: files dns #myhostname +networks: files + +protocols: db files +services: db files +ethers: db files +rpc: db files + +netgroup: nis +EOF + # restore PAM back to virgin state (no radius/tacacs services) pam-auth-update --disable radius-mandatory radius-optional rm -f /etc/pam_radius_auth.conf @@ -349,7 +370,6 @@ start () # As VyOS does not execute commands that are not present in the CLI we call # the script by hand to have a single source for the login banner and MOTD ${vyos_conf_scripts_dir}/system_console.py || log_failure_msg "could not reset serial console" - ${vyos_conf_scripts_dir}/system-login.py || log_failure_msg "could not reset system login" ${vyos_conf_scripts_dir}/system-login-banner.py || log_failure_msg "could not reset motd and issue files" ${vyos_conf_scripts_dir}/system-option.py || log_failure_msg "could not reset system option files" ${vyos_conf_scripts_dir}/system-ip.py || log_failure_msg "could not reset system IPv4 options" |