From d1ef90e1eb51334b99ad716969e17c7f257e1a39 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 4 Jan 2023 20:12:47 +0100 Subject: ssh: T2651: extend verify() when both source-address and source-interface is used We need to ensure that source-address is assigned on source-interface before applying the configuration, else SSH client will have a hard time talking to someone. --- src/conf_mode/system-option.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/conf_mode/system-option.py b/src/conf_mode/system-option.py index ceac3dc16..e6c7a0ed2 100755 --- a/src/conf_mode/system-option.py +++ b/src/conf_mode/system-option.py @@ -27,6 +27,7 @@ from vyos.template import render from vyos.util import cmd from vyos.util import is_systemd_service_running from vyos.validate import is_addr_assigned +from vyos.validate import is_intf_addr_assigned from vyos.xml import defaults from vyos import ConfigError from vyos import airbag @@ -69,10 +70,17 @@ def verify(options): if 'ssh_client' in options: config = options['ssh_client'] if 'source_address' in config: + address = config['source_address'] if not is_addr_assigned(config['source_address']): - raise ConfigError('No interface with give address specified!') + raise ConfigError('No interface with address "{address}" configured!') + if 'source_interface' in config: verify_source_interface(config) + if 'source_address' in config: + address = config['source_address'] + interface = config['source_interface'] + if not is_intf_addr_assigned(interface, address): + raise ConfigError(f'Address "{address}" not assigned on interface "{interface}"!') return None -- cgit v1.2.3