summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDmitriyEshenko <dmitriy.eshenko@vyos.io>2020-06-17 13:24:04 +0000
committerDmitriyEshenko <dmitriy.eshenko@vyos.io>2020-06-17 13:24:04 +0000
commite932d80b7b97ecb586c1d1be7750277c84ea65d1 (patch)
tree4530e39d8c28a3927e548851b855aa52cdd1a692
parent883426259651f400fda05446f8ecef5697cbcd60 (diff)
downloadvyos-1x-e932d80b7b97ecb586c1d1be7750277c84ea65d1.tar.gz
vyos-1x-e932d80b7b97ecb586c1d1be7750277c84ea65d1.zip
login: radius: T2299: Implement RADIUS servers priority
-rw-r--r--data/templates/system-login/pam_radius_auth.conf.tmpl2
-rw-r--r--interface-definitions/include/radius-server.xml.i12
-rwxr-xr-xsrc/conf_mode/system-login.py7
3 files changed, 19 insertions, 2 deletions
diff --git a/data/templates/system-login/pam_radius_auth.conf.tmpl b/data/templates/system-login/pam_radius_auth.conf.tmpl
index e38f45035..ec2d6df95 100644
--- a/data/templates/system-login/pam_radius_auth.conf.tmpl
+++ b/data/templates/system-login/pam_radius_auth.conf.tmpl
@@ -2,7 +2,7 @@
# RADIUS configuration file
{% if radius_server %}
# server[:port] shared_secret timeout source_ip
-{% for s in radius_server if not s.disabled %}
+{% for s in radius_server|sort(attribute='priority') if not s.disabled %}
{% set addr_port = s.address + ":" + s.port %}
{{ "%-22s" | format(addr_port) }} {{ "%-25s" | format(s.key) }} {{ "%-10s" | format(s.timeout) }} {{ radius_source_address if radius_source_address }}
{% endfor %}
diff --git a/interface-definitions/include/radius-server.xml.i b/interface-definitions/include/radius-server.xml.i
index 047728233..4b39f251b 100644
--- a/interface-definitions/include/radius-server.xml.i
+++ b/interface-definitions/include/radius-server.xml.i
@@ -50,6 +50,18 @@
</constraint>
</properties>
</leafNode>
+ <leafNode name="priority">
+ <properties>
+ <help>Server priority</help>
+ <valueHelp>
+ <format>1-255</format>
+ <description>Server priority (default: 255)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+ </leafNode>
</children>
</tagNode>
</children>
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py
index 5990c3777..93d4cc679 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system-login.py
@@ -144,7 +144,8 @@ def get_config():
'disabled': False,
'key': '',
'port': '1812',
- 'timeout': '2'
+ 'timeout': '2',
+ 'priority': 255
}
conf.set_level(base_level + ['radius', 'server', server])
@@ -164,6 +165,10 @@ def get_config():
if conf.exists(['timeout']):
server_cfg['timeout'] = conf.return_value(['timeout'])
+ # Check if RADIUS server has priority
+ if conf.exists(['priority']):
+ server_cfg['priority'] = int(conf.return_value(['priority']))
+
# Append individual RADIUS server configuration to global server list
login['radius_server'].append(server_cfg)