summaryrefslogtreecommitdiff
path: root/src/conf_mode/system-option.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2023-01-04 20:12:47 +0100
committerChristian Poessinger <christian@poessinger.com>2023-01-08 08:55:46 +0100
commit9ebf4db1296a0df870a47a32e3f0a66f8da16266 (patch)
treed0507ce9a85915c493dc8524a246e8d7d42911aa /src/conf_mode/system-option.py
parentc0745d64024a498377dd02f2fc1ef0366473e97c (diff)
downloadvyos-1x-9ebf4db1296a0df870a47a32e3f0a66f8da16266.tar.gz
vyos-1x-9ebf4db1296a0df870a47a32e3f0a66f8da16266.zip
ssh: T4922: extend verify() when both source-address and source-interface is used
We need to ensure that source-address is assigned on source-interface before applying the configuration, else SSH client will have a hard time talking to someone. (cherry picked from commit d1ef90e1eb51334b99ad716969e17c7f257e1a39)
Diffstat (limited to 'src/conf_mode/system-option.py')
-rwxr-xr-xsrc/conf_mode/system-option.py10
1 files changed, 9 insertions, 1 deletions
diff --git a/src/conf_mode/system-option.py b/src/conf_mode/system-option.py
index fcdaa9676..a112c2b6f 100755
--- a/src/conf_mode/system-option.py
+++ b/src/conf_mode/system-option.py
@@ -26,6 +26,7 @@ from vyos.configverify import verify_source_interface
from vyos.template import render
from vyos.util import cmd
from vyos.validate import is_addr_assigned
+from vyos.validate import is_intf_addr_assigned
from vyos.xml import defaults
from vyos import ConfigError
from vyos import airbag
@@ -68,10 +69,17 @@ def verify(options):
if 'ssh_client' in options:
config = options['ssh_client']
if 'source_address' in config:
+ address = config['source_address']
if not is_addr_assigned(config['source_address']):
- raise ConfigError('No interface with give address specified!')
+ raise ConfigError('No interface with address "{address}" configured!')
+
if 'source_interface' in config:
verify_source_interface(config)
+ if 'source_address' in config:
+ address = config['source_address']
+ interface = config['source_interface']
+ if not is_intf_addr_assigned(interface, address):
+ raise ConfigError(f'Address "{address}" not assigned on interface "{interface}"!')
return None