summaryrefslogtreecommitdiff
path: root/interface-definitions/include/openconnect-identity-based-config.xml.i
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-05-12 21:03:03 +0200
committerChristian Breunig <christian@breunig.cc>2023-05-12 21:06:56 +0200
commitd1abba03229128c3f2a6f718e9f14f4d7285e74d (patch)
tree43d8443adbb8fdaf6218d6a20c78c53688877797 /interface-definitions/include/openconnect-identity-based-config.xml.i
parent25ddb57b66de2c0918050052a4d374d4edb905f0 (diff)
downloadvyos-1x-d1abba03229128c3f2a6f718e9f14f4d7285e74d.tar.gz
vyos-1x-d1abba03229128c3f2a6f718e9f14f4d7285e74d.zip
ocserv: T3896: improve XML definition and add warning about 3rd party configs
When enabling identity-based-config, users can add arbitrary config keys that are processed by ocserv. The user "must know" what he is been doing, as invalid config option will make the ocserv daemon go ... whoop! Thus add a warning and inform the user about this setting.
Diffstat (limited to 'interface-definitions/include/openconnect-identity-based-config.xml.i')
-rw-r--r--interface-definitions/include/openconnect-identity-based-config.xml.i54
1 files changed, 0 insertions, 54 deletions
diff --git a/interface-definitions/include/openconnect-identity-based-config.xml.i b/interface-definitions/include/openconnect-identity-based-config.xml.i
deleted file mode 100644
index dfc51936d..000000000
--- a/interface-definitions/include/openconnect-identity-based-config.xml.i
+++ /dev/null
@@ -1,54 +0,0 @@
-<!-- include start from openconnect-identity-based-config.xml.i -->
-<node name="identity-based-config">
- <properties>
- <help>Configures OpenConnect to search the configured directory for a config file matching the Group name or Username</help>
- </properties>
- <children>
- <leafNode name="mode">
- <properties>
- <help>Configures OpenConnect to use config-per-group or config-per-user. Ignored if OpenConnect authentication group is configured.</help>
- <valueHelp>
- <format>user</format>
- <description>OpenConnect config file loaded by matching file in configured directory to the users username</description>
- </valueHelp>
- <valueHelp>
- <format>group</format>
- <description>OpenConnect config file loaded by matching RADIUS class attribute in the RADIUS server response to a file in the configured directory</description>
- </valueHelp>
- <constraint>
- <regex>(user|group)</regex>
- </constraint>
- <constraintErrorMessage>Invalid mode. Must be one of: user, group</constraintErrorMessage>
- <completionHelp>
- <list>user group</list>
- </completionHelp>
- </properties>
- </leafNode>
- <leafNode name="directory">
- <properties>
- <help>Directory to configure OpenConnect to use for matching username/group to config file</help>
- <valueHelp>
- <format>filename</format>
- <description>Must be a child directory of /config/auth e.g. /config/auth/ocserv/config-per-user</description>
- </valueHelp>
- <constraint>
- <validator name="file-path" argument="--directory --parent-dir /config/auth --strict"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="default-config">
- <properties>
- <help>Default/fallback config to use when a file cannot be found in the configured directory that matches the username/group</help>
- <valueHelp>
- <format>filename</format>
- <description>Child directory of /config/auth e.g. /config/auth/ocserv/defaults/user.conf</description>
- </valueHelp>
- <constraint>
- <validator name="file-path" argument="--file --parent-dir /config/auth --strict"/>
- </constraint>
- </properties>
- </leafNode>
- #include <include/generic-disable-node.xml.i>
- </children>
-</node>
-<!-- include end --> \ No newline at end of file