summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-05-24 20:50:03 +0200
committerChristian Poessinger <christian@poessinger.com>2021-05-24 20:50:03 +0200
commit714de9764012409921736787e664b030a33907b9 (patch)
tree6e4c5836764434c8b1616acbdcf479cf78895e08
parente60d65e02f94deb9741bdd3d7f6621a79bf81fcf (diff)
downloadvyos-1x-714de9764012409921736787e664b030a33907b9.tar.gz
vyos-1x-714de9764012409921736787e664b030a33907b9.zip
isis: T3417: implement domain-password md5
-rw-r--r--data/templates/frr/isis.frr.tmpl12
-rw-r--r--interface-definitions/include/isis/protocol-common-config.xml.i2
-rwxr-xr-xsrc/conf_mode/protocols_isis.py8
3 files changed, 14 insertions, 8 deletions
diff --git a/data/templates/frr/isis.frr.tmpl b/data/templates/frr/isis.frr.tmpl
index 58c44e2d4..540d91e3c 100644
--- a/data/templates/frr/isis.frr.tmpl
+++ b/data/templates/frr/isis.frr.tmpl
@@ -13,8 +13,12 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
{% if set_overload_bit is defined %}
set-overload-bit
{% endif %}
-{% if domain_password is defined and domain_password.plaintext_password is defined and domain_password.plaintext_password is not none %}
+{% if domain_password is defined and domain_password is not none %}
+{% if domain_password.md5 is defined and domain_password.md5 is not none %}
+ domain-password md5 {{ domain_password.plaintext_password }}
+{% elif domain_password.plaintext_password is defined and domain_password.plaintext_password is not none %}
domain-password clear {{ domain_password.plaintext_password }}
+{% endif %}
{% endif %}
{% if lsp_gen_interval is defined and lsp_gen_interval is not none %}
lsp-gen-interval {{ lsp_gen_interval }}
@@ -95,10 +99,12 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
{% if spf_delay_ietf is defined and spf_delay_ietf.init_delay is defined and spf_delay_ietf.init_delay is not none %}
spf-delay-ietf init-delay {{ spf_delay_ietf.init_delay }}
{% endif %}
-{% if area_password is defined and area_password.md5 is defined and area_password.md5 is not none %}
+{% if area_password is defined and area_password is not none %}
+{% if area_password.md5 is defined and area_password.md5 is not none %}
area-password md5 {{ area_password.md5 }}
-{% elif area_password is defined and area_password.plaintext_password is defined and area_password.plaintext_password is not none %}
+{% elif area_password.plaintext_password is defined and area_password.plaintext_password is not none %}
area-password clear {{ area_password.plaintext_password }}
+{% endif %}
{% endif %}
{% if default_information is defined and default_information.originate is defined and default_information.originate is not none %}
{% for afi, afi_config in default_information.originate.items() %}
diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i
index 9b8283f40..3ed0b0607 100644
--- a/interface-definitions/include/isis/protocol-common-config.xml.i
+++ b/interface-definitions/include/isis/protocol-common-config.xml.i
@@ -68,7 +68,6 @@
</valueHelp>
</properties>
</leafNode>
-<!--
<leafNode name="md5">
<properties>
<help>MD5 authentication type</help>
@@ -78,7 +77,6 @@
</valueHelp>
</properties>
</leafNode>
--->
</children>
</node>
<leafNode name="dynamic-hostname">
diff --git a/src/conf_mode/protocols_isis.py b/src/conf_mode/protocols_isis.py
index ef21e0055..c3a444f16 100755
--- a/src/conf_mode/protocols_isis.py
+++ b/src/conf_mode/protocols_isis.py
@@ -128,9 +128,11 @@ def verify(isis):
raise ConfigError(f'Interface {interface} is not a member of VRF {vrf}!')
# If md5 and plaintext-password set at the same time
- if 'area_password' in isis:
- if {'md5', 'plaintext_password'} <= set(isis['encryption']):
- raise ConfigError('Can not use both md5 and plaintext-password for ISIS area-password!')
+ for password in ['area_password', 'domain_password']:
+ if password in isis:
+ if {'md5', 'plaintext_password'} <= set(isis[password]):
+ tmp = password.replace('_', '-')
+ raise ConfigError(f'Can use either md5 or plaintext-password for {tmp}!')
# If one param from delay set, but not set others
if 'spf_delay_ietf' in isis: