#!/usr/bin/env python3 # # Copyright (C) 2020-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # VyOS 1.2 crux allowed configuring a lower or upper case loglevel. This # is no longer supported as the input data is validated and will lead to # an error. If user specifies an upper case logleve, make it lowercase from sys import argv,exit from vyos.configtree import ConfigTree if (len(argv) < 1): print("Must specify file name!") exit(1) file_name = argv[1] with open(file_name, 'r') as f: config_file = f.read() base = ['service', 'ssh'] config = ConfigTree(config_file) if not config.exists(base): # Nothing to do exit(0) path_loglevel = base + ['loglevel'] if config.exists(path_loglevel): # red in configured loglevel and convert it to lower case tmp = config.return_value(path_loglevel).lower() # VyOS 1.2 had no proper value validation on the CLI thus the # user could use any arbitrary values - sanitize them if tmp not in ['quiet', 'fatal', 'error', 'info', 'verbose']: tmp = 'info' config.set(path_loglevel, value=tmp) # T4273: migrate ssh cipher list to multi node path_ciphers = base + ['ciphers'] if config.exists(path_ciphers): tmp = [] # get curtrent cipher list - comma delimited for cipher in config.return_values(path_ciphers): tmp.extend(cipher.split(',')) # delete old cipher suite representation config.delete(path_ciphers) for cipher in tmp: config.set(path_ciphers, value=cipher, replace=False) # T4273: migrate ssh key-exchange list to multi node path_kex = base + ['key-exchange'] if config.exists(path_kex): tmp = [] # get curtrent cipher list - comma delimited for kex in config.return_values(path_kex): tmp.extend(kex.split(',')) # delete old cipher suite representation config.delete(path_kex) for kex in tmp: config.set(path_kex, value=kex, replace=False) try: with open(file_name, 'w') as f: f.write(config.to_string()) except OSError as e: print("Failed to save the modified config: {}".format(e)) exit(1)