diff options
author | DmitriyEshenko <dmitriy.eshenko@vyos.io> | 2020-06-17 13:24:04 +0000 |
---|---|---|
committer | DmitriyEshenko <dmitriy.eshenko@vyos.io> | 2020-06-17 13:24:04 +0000 |
commit | e932d80b7b97ecb586c1d1be7750277c84ea65d1 (patch) | |
tree | 4530e39d8c28a3927e548851b855aa52cdd1a692 | |
parent | 883426259651f400fda05446f8ecef5697cbcd60 (diff) | |
download | vyos-1x-e932d80b7b97ecb586c1d1be7750277c84ea65d1.tar.gz vyos-1x-e932d80b7b97ecb586c1d1be7750277c84ea65d1.zip |
login: radius: T2299: Implement RADIUS servers priority
-rw-r--r-- | data/templates/system-login/pam_radius_auth.conf.tmpl | 2 | ||||
-rw-r--r-- | interface-definitions/include/radius-server.xml.i | 12 | ||||
-rwxr-xr-x | src/conf_mode/system-login.py | 7 |
3 files changed, 19 insertions, 2 deletions
diff --git a/data/templates/system-login/pam_radius_auth.conf.tmpl b/data/templates/system-login/pam_radius_auth.conf.tmpl index e38f45035..ec2d6df95 100644 --- a/data/templates/system-login/pam_radius_auth.conf.tmpl +++ b/data/templates/system-login/pam_radius_auth.conf.tmpl @@ -2,7 +2,7 @@ # RADIUS configuration file {% if radius_server %} # server[:port] shared_secret timeout source_ip -{% for s in radius_server if not s.disabled %} +{% for s in radius_server|sort(attribute='priority') if not s.disabled %} {% set addr_port = s.address + ":" + s.port %} {{ "%-22s" | format(addr_port) }} {{ "%-25s" | format(s.key) }} {{ "%-10s" | format(s.timeout) }} {{ radius_source_address if radius_source_address }} {% endfor %} diff --git a/interface-definitions/include/radius-server.xml.i b/interface-definitions/include/radius-server.xml.i index 047728233..4b39f251b 100644 --- a/interface-definitions/include/radius-server.xml.i +++ b/interface-definitions/include/radius-server.xml.i @@ -50,6 +50,18 @@ </constraint> </properties> </leafNode> + <leafNode name="priority"> + <properties> + <help>Server priority</help> + <valueHelp> + <format>1-255</format> + <description>Server priority (default: 255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> </children> </tagNode> </children> diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 5990c3777..93d4cc679 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -144,7 +144,8 @@ def get_config(): 'disabled': False, 'key': '', 'port': '1812', - 'timeout': '2' + 'timeout': '2', + 'priority': 255 } conf.set_level(base_level + ['radius', 'server', server]) @@ -164,6 +165,10 @@ def get_config(): if conf.exists(['timeout']): server_cfg['timeout'] = conf.return_value(['timeout']) + # Check if RADIUS server has priority + if conf.exists(['priority']): + server_cfg['priority'] = int(conf.return_value(['priority'])) + # Append individual RADIUS server configuration to global server list login['radius_server'].append(server_cfg) |