From e932d80b7b97ecb586c1d1be7750277c84ea65d1 Mon Sep 17 00:00:00 2001
From: DmitriyEshenko <dmitriy.eshenko@vyos.io>
Date: Wed, 17 Jun 2020 13:24:04 +0000
Subject: login: radius: T2299: Implement RADIUS servers priority

---
 data/templates/system-login/pam_radius_auth.conf.tmpl |  2 +-
 interface-definitions/include/radius-server.xml.i     | 12 ++++++++++++
 src/conf_mode/system-login.py                         |  7 ++++++-
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/data/templates/system-login/pam_radius_auth.conf.tmpl b/data/templates/system-login/pam_radius_auth.conf.tmpl
index e38f45035..ec2d6df95 100644
--- a/data/templates/system-login/pam_radius_auth.conf.tmpl
+++ b/data/templates/system-login/pam_radius_auth.conf.tmpl
@@ -2,7 +2,7 @@
 # RADIUS configuration file
 {% if radius_server %}
 # server[:port]        shared_secret             timeout    source_ip
-{% for s in radius_server if not s.disabled %}
+{% for s in radius_server|sort(attribute='priority') if not s.disabled %}
 {%   set addr_port = s.address + ":" + s.port %}
 {{ "%-22s" | format(addr_port) }} {{ "%-25s" | format(s.key) }} {{ "%-10s" | format(s.timeout) }} {{ radius_source_address if radius_source_address }}
 {% endfor %}
diff --git a/interface-definitions/include/radius-server.xml.i b/interface-definitions/include/radius-server.xml.i
index 047728233..4b39f251b 100644
--- a/interface-definitions/include/radius-server.xml.i
+++ b/interface-definitions/include/radius-server.xml.i
@@ -50,6 +50,18 @@
             </constraint>
           </properties>
         </leafNode>
+        <leafNode name="priority">
+          <properties>
+            <help>Server priority</help>
+            <valueHelp>
+              <format>1-255</format>
+              <description>Server priority (default: 255)</description>
+            </valueHelp>
+            <constraint>
+              <validator name="numeric" argument="--range 1-255"/>
+            </constraint>
+          </properties>
+        </leafNode>
       </children>
     </tagNode>
   </children>
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py
index 5990c3777..93d4cc679 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system-login.py
@@ -144,7 +144,8 @@ def get_config():
             'disabled': False,
             'key': '',
             'port': '1812',
-            'timeout': '2'
+            'timeout': '2',
+            'priority': 255
         }
         conf.set_level(base_level + ['radius', 'server', server])
 
@@ -164,6 +165,10 @@ def get_config():
         if conf.exists(['timeout']):
             server_cfg['timeout'] = conf.return_value(['timeout'])
 
+        # Check if RADIUS server has priority
+        if conf.exists(['priority']):
+            server_cfg['priority'] = int(conf.return_value(['priority']))
+
         # Append individual RADIUS server configuration to global server list
         login['radius_server'].append(server_cfg)
 
-- 
cgit v1.2.3