system: consolidate previous

* system_console_configure() is really system_login_configure()+ * make a template for sudoers config setting * move auth template generation to single spot

system: consolidate previous
* system_console_configure() is really system_login_configure()+ * make a template for sudoers config setting * move auth template generation to single spot
2d450939 · Franco Fichtner · cacfdd05 · 2d450939 · 2d450939 · 2d450939
Commit 2d450939 authored Oct 26, 2016 by Franco Fichtner
8 changed files
--- a/plist
+++ b/plist
@@ -636,6 +636,9 @@
 /usr/local/opnsense/service/modules/processhandler.py
 /usr/local/opnsense/service/modules/template.py
 /usr/local/opnsense/service/run_unittests.py
+/usr/local/opnsense/service/templates/OPNsense/Auth/+TARGETS
+/usr/local/opnsense/service/templates/OPNsense/Auth/sshd.pam
+/usr/local/opnsense/service/templates/OPNsense/Auth/sudoers
 /usr/local/opnsense/service/templates/OPNsense/Captiveportal/+TARGETS
 /usr/local/opnsense/service/templates/OPNsense/Captiveportal/captiveportal.conf
 /usr/local/opnsense/service/templates/OPNsense/Captiveportal/lighttpd-api-dispatcher.conf

--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -1876,17 +1876,11 @@ function system_console_types()
    );
 }

-function system_console_configure()
+function system_login_configure()
 {
    global $config;

-    $sudo_conf = '/usr/local/etc/sudoers.d/opnsense';
-
-    if (!empty($config['system']['sudo_allow_wheel'])) {
-        file_put_contents($sudo_conf, "%wheel ALL=(ALL) ALL\n");
-    } else {
-        @unlink($sudo_conf);
-    }
+    configd_run('template reload OPNsense.Auth', true);

    $serialspeed = (!empty($config['system']['serialspeed']) && is_numeric($config['system']['serialspeed'])) ? $config['system']['serialspeed'] : '115200';
    $serial_enabled = isset($config['system']['enableserial']);

--- a/src/etc/rc.bootup
+++ b/src/etc/rc.bootup
@@ -69,8 +69,8 @@ set_device_perms();
 unmute_kernel_msgs();
 echo "done.\n";

-/* configure console menu */
-system_console_configure();
+/* configure login behaviour */
+system_login_configure();

 $setup_installer = is_install_media();
 if ($setup_installer) {

--- a/src/etc/rc.configure_firmware
+++ b/src/etc/rc.configure_firmware
@@ -43,5 +43,4 @@ require_once 'system.inc';
 convert_config(true);

 system_firmware_configure();
-system_console_configure();
-configd_run('template reload OPNsense.Auth');
+system_login_configure();
--- a/src/etc/rc.reload_all
+++ b/src/etc/rc.reload_all
@@ -45,7 +45,7 @@ $config = parse_config();
 log_error("rc.reload_all: Reloading all configuration settings.");

 system_firmware_configure();
-system_console_configure();
+system_login_configure();
 system_timezone_configure();
 system_hostname_configure();
 system_hosts_generate();

--- a/src/opnsense/service/templates/OPNsense/Auth/+TARGETS
+++ b/src/opnsense/service/templates/OPNsense/Auth/+TARGETS
 sshd.pam:/etc/pam.d/sshd
+sudoers:/usr/local/etc/sudoers.d/opnsense
--- a/src/opnsense/service/templates/OPNsense/Auth/sudoers
+++ b/src/opnsense/service/templates/OPNsense/Auth/sudoers
+{% if system.sudo_allow_wheel|default('0') == '1' %}
+%wheel ALL=(ALL) ALL
+{% endif %}
--- a/src/www/system_advanced_admin.php
+++ b/src/www/system_advanced_admin.php
@@ -250,13 +250,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
            $savemsg .= sprintf("<br />" . gettext("One moment...redirecting to %s in 20 seconds."), $url);
        }

-        system_console_configure();
+        system_login_configure();
        system_hosts_generate();
        services_dhcpleases_configure();
        services_dnsmasq_configure(false);
        services_unbound_configure(false);
        services_dhcpd_configure();
-        configd_run('template reload OPNsense.Auth');

        if ($restart_sshd) {
            configd_run('sshd restart', true);