From 505f69ee1540581eef2465dc420525213d278473 Mon Sep 17 00:00:00 2001
From: Emil Renner Berthing <esmil@labitat.dk>
Date: Sat, 18 Nov 2017 19:34:34 +0100
Subject: space_server: radius: clean up configuration

Disable all the unused auth methods
---
 roles/space_server/templates/radius/getusers.sh.j2 | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)
 mode change 100644 => 100755 roles/space_server/templates/radius/getusers.sh.j2

(limited to 'roles/space_server/templates')

diff --git a/roles/space_server/templates/radius/getusers.sh.j2 b/roles/space_server/templates/radius/getusers.sh.j2
old mode 100644
new mode 100755
index e77758b..e6413d1
--- a/roles/space_server/templates/radius/getusers.sh.j2
+++ b/roles/space_server/templates/radius/getusers.sh.j2
@@ -1,10 +1,16 @@
 #!/bin/sh
 
-if curl -s -4 -k '{{ radius_passwords.download_url }}' -o /etc/raddb/users.new; then
-	if ! diff -q /etc/raddb/users /etc/raddb/users.new >/dev/null; then
-		mv -f /etc/raddb/users.new /etc/raddb/mods-config/files/authorize
-		systemctl restart radiusd.service
-	fi
-else
-	rm -f /etc/raddb/users.new
+set -e
+
+outfile='/etc/raddb/mods-config/files/authorize'
+tmpfile="$(mktemp /tmp/getusers.XXXXXXXX)"
+cleanup() {
+  rm -f "$tmpfile"
+}
+trap cleanup EXIT SIGINT SIGTERM
+
+curl -s -o "$tmpfile" '{{ radius_passwords.download_url }}'
+if ! diff -q "$tmpfile" "$outfile" >/dev/null; then
+  install -m0640 "$tmpfile" "$outfile"
+  systemctl restart radiusd.service
 fi
-- 
cgit v1.2.1