Merge pull request vyos#1561 from sever-sever/T4715

login: T4715: Auto logout user after inactivity
sarthurdev · Sep 28, 2022 · 0af970a · 0af970a
2 parents d5e84fa + ee2dc73
commit 0af970a
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 0 deletions.
diff --git a/data/templates/login/autologout.j2 b/data/templates/login/autologout.j2
@@ -0,0 +1,5 @@
+{% if timeout is vyos_defined %}
+TMOUT={{ timeout }}
+readonly TMOUT
+export TMOUT
+{% endif %}
diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in
@@ -151,6 +151,19 @@
               #include <include/interface/vrf.xml.i>
             </children>
           </node>
+          <leafNode name="timeout">
+            <properties>
+              <help>Session timeout</help>
+              <valueHelp>
+                <format>u32:5-604800</format>
+                <description>Session timeout in seconds</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 5-604800"/>
+              </constraint>
+              <constraintErrorMessage>Timeout must be between 5 and 604800 seconds</constraintErrorMessage>
+            </properties>
+          </leafNode>
         </children>
       </node>
     </children>

diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py
@@ -40,6 +40,7 @@
 from vyos import airbag
 airbag.enable()
 
+autologout_file = "/etc/profile.d/autologout.sh"
 radius_config_file = "/etc/pam_radius_auth.conf"
 
 def get_local_users():
@@ -203,6 +204,13 @@ def generate(login):
         if os.path.isfile(radius_config_file):
             os.unlink(radius_config_file)
 
+    if 'timeout' in login:
+        render(autologout_file, 'login/autologout.j2', login,
+                   permission=0o755, user='root', group='root')
+    else:
+        if os.path.isfile(autologout_file):
+            os.unlink(autologout_file)
+
     return None