From b2af248ff2c63ac08ef7b9f01fdcec023c815086 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 19 Apr 2020 10:33:10 +0200
Subject: pppoe-server: T2314: add common accel-radius-additions XML file

---
 data/templates/accel-ppp/pppoe.config.tmpl         |  43 ++++----
 .../include/accel-radius-additions.xml.in          | 113 +++++++++++++++++++++
 interface-definitions/service_pppoe-server.xml.in  |  60 +----------
 interface-definitions/vpn_sstp.xml.in              | 110 +-------------------
 src/conf_mode/service_pppoe-server.py              |   8 +-
 5 files changed, 138 insertions(+), 196 deletions(-)
 create mode 100644 interface-definitions/include/accel-radius-additions.xml.in

diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl
index 39a20c1ca..537b2770d 100644
--- a/data/templates/accel-ppp/pppoe.config.tmpl
+++ b/data/templates/accel-ppp/pppoe.config.tmpl
@@ -88,35 +88,30 @@ wins{{ loop.index }}={{ server }}
 {% if auth_mode == 'local' %}
 [chap-secrets]
 chap-secrets={{ chap_secrets_file }}
-{% endif %}
-
-{% if auth_mode == 'radius' %}
+{% elif auth_mode == 'radius' %}
 [radius]
 verbose=1
-{% for srv in auth['radius'] %}
-server={{srv}},{{auth['radius'][srv]['secret']}},
-req-limit={{auth['radius'][srv]['req-limit']}},
-fail-time={{auth['radius'][srv]['fail-time']}}
-{% endfor %}
-{% if auth['radsettings']['dae-server']['ip-address'] %}
-dae-server={{auth['radsettings']['dae-server']['ip-address']}}:
-{{auth['radsettings']['dae-server']['port']}},
-{{auth['radsettings']['dae-server']['secret']}}
-{% endif -%}
-{% if auth['radsettings']['acct-timeout'] %}
-acct-timeout={{auth['radsettings']['acct-timeout']}}
-{% endif -%}
-{% if auth['radsettings']['max-try'] %}
-max-try={{auth['radsettings']['max-try']}}
+{% for r in radius_server %}
+server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }}
+{% endfor -%}
+
+acct-timeout={{ radius_acct_tmo }}
+timeout={{ radius_timeout }}
+max-try={{ radius_max_try }}
+
+{% if radius_nas_id %}
+nas-identifier={{ radius_nas_id }}
 {% endif -%}
-{% if auth['radsettings']['timeout'] %}
-timeout={{auth['radsettings']['timeout']}}
+{% if radius_nas_ip %}
+nas-ip-address={{ radius_nas_ip }}
 {% endif -%}
-{% if auth['radsettings']['nas-ip-address'] %}
-nas-ip-address={{auth['radsettings']['nas-ip-address']}}
+{% if radius_source_address %}
+bind={{ radius_source_address }}
 {% endif -%}
-{% if auth['radsettings']['nas-identifier'] %}
-nas-identifier={{auth['radsettings']['nas-identifier']}}
+
+
+{% if radius_dynamic_author %}
+dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }}
 {% endif -%}
 {% endif %}
 
diff --git a/interface-definitions/include/accel-radius-additions.xml.in b/interface-definitions/include/accel-radius-additions.xml.in
new file mode 100644
index 000000000..227a043cd
--- /dev/null
+++ b/interface-definitions/include/accel-radius-additions.xml.in
@@ -0,0 +1,113 @@
+<node name="radius">
+  <children>
+    <tagNode name="server">
+      <children>
+        <leafNode name="fail-time">
+          <properties>
+            <help>Mark server unavailable for &lt;n&gt; seconds on failure</help>
+            <valueHelp>
+              <format>0-600</format>
+              <description>Fail time penalty</description>
+            </valueHelp>
+            <constraint>
+              <validator name="numeric" argument="--range 0-600"/>
+            </constraint>
+            <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage>
+          </properties>
+        </leafNode>
+      </children>
+    </tagNode>
+    <leafNode name="timeout">
+      <properties>
+        <help>Timeout in seconds to wait response from RADIUS server</help>
+        <valueHelp>
+          <format>1-60</format>
+          <description>Timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-60"/>
+        </constraint>
+        <constraintErrorMessage>Timeout must be between 1 and 60 seconds</constraintErrorMessage>
+      </properties>
+    </leafNode>
+    <leafNode name="acct-timeout">
+      <properties>
+        <help>Timeout for Interim-Update packets, terminate session afterwards (default 3 seconds)</help>
+        <valueHelp>
+          <format>0-60</format>
+          <description>Timeout in seconds, 0 to keep active</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 0-60"/>
+        </constraint>
+        <constraintErrorMessage>Timeout must be between 0 and 60 seconds</constraintErrorMessage>
+      </properties>
+    </leafNode>
+    <leafNode name="max-try">
+      <properties>
+        <help>Number of tries to send Access-Request/Accounting-Request queries</help>
+        <valueHelp>
+          <format>1-20</format>
+          <description>Maximum tries</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-20"/>
+        </constraint>
+        <constraintErrorMessage>Maximum tries must be between 1 and 20</constraintErrorMessage>
+      </properties>
+    </leafNode>
+    <leafNode name="nas-identifier">
+      <properties>
+        <help>NAS-Identifier attribute sent to RADIUS</help>
+      </properties>
+    </leafNode>
+    <leafNode name="nas-ip-address">
+      <properties>
+        <help>NAS-IP-Address attribute sent to RADIUS</help>
+         <constraint>
+          <validator name="ipv4-address"/>
+        </constraint>
+        <valueHelp>
+          <format>ipv4</format>
+          <description>NAS-IP-Address attribute</description>
+        </valueHelp>
+       </properties>
+     </leafNode>
+    <node name="dynamic-author">
+      <properties>
+        <help>Dynamic Authorization Extension/Change of Authorization server</help>
+      </properties>
+      <children>
+        <leafNode name="server">
+          <properties>
+            <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help>
+            <constraint>
+              <validator name="ipv4-address"/>
+            </constraint>
+            <valueHelp>
+              <format>ipv4</format>
+              <description>IPv4 address for aynamic authorization server</description>
+            </valueHelp>
+          </properties>
+        </leafNode>
+        <leafNode name="port">
+          <properties>
+            <help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
+            <valueHelp>
+              <format>number</format>
+              <description>TCP port</description>
+            </valueHelp>
+            <constraint>
+              <validator name="numeric" argument="--range 1-65535"/>
+            </constraint>
+          </properties>
+        </leafNode>
+        <leafNode name="key">
+          <properties>
+            <help>Shared secret for Dynamic Authorization Extension server</help>
+          </properties>
+        </leafNode>
+      </children>
+    </node>
+  </children>
+</node>
diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in
index e42de4f90..edfa321a4 100644
--- a/interface-definitions/service_pppoe-server.xml.in
+++ b/interface-definitions/service_pppoe-server.xml.in
@@ -127,67 +127,9 @@
                 </properties>
               </leafNode>
               #include <include/radius-server.xml.i>
+              #include <include/accel-radius-additions.xml.in>
               <node name="radius">
                 <children>
-                  <tagNode name="server">
-                    <children>
-                      <leafNode name="fail-time">
-                        <properties>
-                          <help>Mark server unavailable for &lt;n&gt; seconds on failure</help>
-                          <valueHelp>
-                            <format>0-600</format>
-                            <description>Fail time penalty</description>
-                          </valueHelp>
-                          <constraint>
-                            <validator name="numeric" argument="--range 0-600"/>
-                          </constraint>
-                          <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage>
-                        </properties>
-                      </leafNode>
-                    </children>
-                  </tagNode>
-                  <leafNode name="timeout">
-                    <properties>
-                      <help>Timeout to wait response from server (seconds)</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="acct-timeout">
-                    <properties>
-                      <help>Timeout to wait reply for Interim-Update packets. (default 3 seconds)</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="max-try">
-                    <properties>
-                      <help>Maximum number of tries to send Access-Request/Accounting-Request queries</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="nas-identifier">
-                    <properties>
-                      <help>Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.</help>
-                    </properties>
-                  </leafNode>
-                  <node name="dae-server">
-                    <properties>
-                      <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help>
-                    </properties>
-                    <children>
-                      <leafNode name="ip-address">
-                        <properties>
-                          <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="port">
-                        <properties>
-                          <help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="secret">
-                        <properties>
-                          <help>Secret for Dynamic Authorization Extension server (DM/CoA)</help>
-                        </properties>
-                      </leafNode>
-                    </children>
-                  </node>
                   <node name="rate-limit">
                     <properties>
                       <help>Upload/Download speed limits</help>
diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in
index b026417b3..b5a1b6800 100644
--- a/interface-definitions/vpn_sstp.xml.in
+++ b/interface-definitions/vpn_sstp.xml.in
@@ -114,117 +114,9 @@
                 </properties>
               </leafNode>
               #include <include/radius-server.xml.i>
+              #include <include/accel-radius-additions.xml.in>
               <node name="radius">
                 <children>
-                  <tagNode name="server">
-                    <children>
-                      <leafNode name="fail-time">
-                        <properties>
-                          <help>Mark server unavailable for &lt;n&gt; seconds on failure</help>
-                          <valueHelp>
-                            <format>0-600</format>
-                            <description>Fail time penalty</description>
-                          </valueHelp>
-                          <constraint>
-                            <validator name="numeric" argument="--range 0-600"/>
-                          </constraint>
-                          <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage>
-                        </properties>
-                      </leafNode>
-                    </children>
-                  </tagNode>
-                  <leafNode name="timeout">
-                    <properties>
-                      <help>Timeout in seconds to wait response from RADIUS server</help>
-                      <valueHelp>
-                        <format>1-60</format>
-                        <description>Timeout in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 1-60"/>
-                      </constraint>
-                      <constraintErrorMessage>Timeout must be between 1 and 60 seconds</constraintErrorMessage>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="acct-timeout">
-                    <properties>
-                      <help>Timeout for Interim-Update packets, terminate session afterwards (default 3 seconds)</help>
-                      <valueHelp>
-                        <format>0-60</format>
-                        <description>Timeout in seconds, 0 to keep active</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 0-60"/>
-                      </constraint>
-                      <constraintErrorMessage>Timeout must be between 0 and 60 seconds</constraintErrorMessage>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="max-try">
-                    <properties>
-                      <help>Number of tries to send Access-Request/Accounting-Request queries</help>
-                      <valueHelp>
-                        <format>1-20</format>
-                        <description>Maximum tries</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 1-20"/>
-                      </constraint>
-                      <constraintErrorMessage>Maximum tries must be between 1 and 20</constraintErrorMessage>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="nas-identifier">
-                    <properties>
-                      <help>NAS-Identifier attribute sent to RADIUS</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="nas-ip-address">
-                    <properties>
-                      <help>NAS-IP-Address attribute sent to RADIUS</help>
-                       <constraint>
-                        <validator name="ipv4-address"/>
-                      </constraint>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>NAS-IP-Address attribute</description>
-                      </valueHelp>
-                     </properties>
-                   </leafNode>
-                  <node name="dynamic-author">
-                    <properties>
-                      <help>Dynamic Authorization Extension/Change of Authorization server</help>
-                    </properties>
-                    <children>
-                      <leafNode name="server">
-                        <properties>
-                          <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help>
-                          <constraint>
-                            <validator name="ipv4-address"/>
-                          </constraint>
-                          <valueHelp>
-                            <format>ipv4</format>
-                            <description>IPv4 address for aynamic authorization server</description>
-                          </valueHelp>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="port">
-                        <properties>
-                          <help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
-                          <valueHelp>
-                            <format>number</format>
-                            <description>TCP port</description>
-                          </valueHelp>
-                          <constraint>
-                            <validator name="numeric" argument="--range 1-65535"/>
-                          </constraint>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="key">
-                        <properties>
-                          <help>Shared secret for Dynamic Authorization Extension server</help>
-                        </properties>
-                      </leafNode>
-                    </children>
-                  </node>
                   <node name="rate-limit">
                     <properties>
                       <help>Upload/Download speed limits</help>
diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py
index b791f1716..f0dd3751a 100755
--- a/src/conf_mode/service_pppoe-server.py
+++ b/src/conf_mode/service_pppoe-server.py
@@ -276,14 +276,14 @@ def get_config():
                 'key' : ''
             }
 
-            if conf.exists(['dynamic-author', 'ip-address']):
-                dae['server'] = conf.return_value(['dynamic-author', 'ip-address'])
+            if conf.exists(['dynamic-author', 'server']):
+                dae['server'] = conf.return_value(['dynamic-author', 'server'])
 
             if conf.exists(['dynamic-author', 'port']):
                 dae['port'] = conf.return_value(['dynamic-author', 'port'])
 
-            if conf.exists(['dynamic-author', 'secret']):
-                dae['key'] = conf.return_value(['dynamic-author', 'secret'])
+            if conf.exists(['dynamic-author', 'key']):
+                dae['key'] = conf.return_value(['dynamic-author', 'key'])
 
             pppoe['radius_dynamic_author'] = dae
 
-- 
cgit v1.2.3