T6489: add abstraction vyos.utils.auth.get_current_user()

python/vyos/utils/auth.py

@@ -1,6 +1,6 @@
 # authutils -- miscelanneous functions for handling passwords and publis keys
 #
-# Copyright (C) 2018 VyOS maintainers and contributors
+# Copyright (C) 2023-2024 VyOS maintainers and contributors
 #
 # This library is free software; you can redistribute it and/or modify it under the terms of
 # the GNU Lesser General Public License as published by the Free Software Foundation;
@@ -11,13 +11,12 @@
 # See the GNU Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU Lesser General Public License along with this library;
-# if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 
+# if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
 import re
 
 from vyos.utils.process import cmd
 
-
 def make_password_hash(password):
     """ Makes a password hash for /etc/shadow using mkpasswd """
 
@@ -39,3 +38,10 @@ def split_ssh_public_key(key_string, defaultname=""):
         raise ValueError("Bad key type \'{0}\', must be one of must be one of ssh-rsa, ssh-dss, ecdsa-sha2-nistp<256|384|521> or ssh-ed25519".format(key_type))
 
     return({"type": key_type, "data": key_data, "name": key_name})
+
+def get_current_user() -> str:
+    import os
+    current_user = 'nobody'
+    if 'SUDO_USER' in os.environ:
+        current_user = os.environ['SUDO_USER']
+    return current_user

src/conf_mode/system_login.py

@@ -30,6 +30,7 @@
 from vyos.defaults import directories
 from vyos.template import render
 from vyos.template import is_ipv4
+from vyos.utils.auth import get_current_user
 from vyos.utils.dict import dict_search
 from vyos.utils.file import chown
 from vyos.utils.file import write_file
@@ -49,8 +50,6 @@
 tacacs_nss_config_file = "/etc/tacplus_nss.conf"
 nss_config_file = "/etc/nsswitch.conf"
 
-current_user = None
-
 # Minimum UID used when adding system users
 MIN_USER_UID: int = 1000
 # Maximim UID used when adding system users
@@ -122,18 +121,16 @@ def get_config(config=None):
     rm_users = [tmp for tmp in all_users if tmp not in cli_users]
     if rm_users: login.update({'rm_users' : rm_users})
 
-    if 'SUDO_USER' in os.environ:
-        current_user = os.environ['SUDO_USER']
-
     return login
 
 def verify(login):
     if 'rm_users' in login:
         # This check is required as the script is also executed from vyos-router
         # init script and there is no SUDO_USER environment variable available
         # during system boot.
-        if current_user in login['rm_users']:
-            raise ConfigError(f'Attempting to delete current user: {cur_user}')
+        tmp = get_current_user()
+        if tmp in login['rm_users']:
+            raise ConfigError(f'Attempting to delete current user: {tmp}')
 
     if 'user' in login:
         system_users = getpwall()
@@ -239,9 +236,9 @@ def generate(login):
 
                     # store encrypted password
                     tmp = os.path.join(env[config_dir], '/'.join(add_user_encrypt.split()))
-                    write_file(f'{tmp}/node.val', encrypted_password, user=current_user, group='vyattacfg', mode=0o664)
+                    write_file(f'{tmp}/node.val', encrypted_password, user=get_current_user(), group='vyattacfg', mode=0o664)
                     if config_dir == 'VYATTA_CHANGES_ONLY_DIR':
-                        write_file(f'{tmp}/.modified', encrypted_password, user=current_user, group='vyattacfg', mode=0o664)
+                        write_file(f'{tmp}/.modified', encrypted_password, user=get_current_user(), group='vyattacfg', mode=0o664)
 
             else:
                 try:
@@ -276,8 +273,6 @@ def generate(login):
         if os.path.isfile(tacacs_nss_config_file):
             os.unlink(tacacs_nss_config_file)
 
-
-
     # NSS must always be present on the system
     render(nss_config_file, 'login/nsswitch.conf.j2', login,
                permission=0o644, user='root', group='root')