diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-09-06 20:25:33 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-09-06 20:25:33 +0200 |
| commit | 1cad06b6db6377b7bb018990f57329b832270a6c (patch) | |
| tree | f03428bedec949f474bb2a0e4b74191804f8d4d2 | |
| parent | e0825b52df4a2a4ce6d137bb8adc553f6e71fc0b (diff) | |
| parent | 97326920e2907bdb545853887dc54c6a02b76f28 (diff) | |
| download | vyos-1x-1cad06b6db6377b7bb018990f57329b832270a6c.tar.gz vyos-1x-1cad06b6db6377b7bb018990f57329b832270a6c.zip | |
Merge pull request #2206 from sever-sever/T5423
T5423: Fix for op-mode show vpn ike secrets
| -rw-r--r-- | op-mode-definitions/vpn-ipsec.xml.in | 2 | ||||
| -rwxr-xr-x | src/op_mode/ipsec.py | 39 |
2 files changed, 40 insertions, 1 deletions
diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in index c7ba780a3..b551af2be 100644 --- a/op-mode-definitions/vpn-ipsec.xml.in +++ b/op-mode-definitions/vpn-ipsec.xml.in @@ -177,7 +177,7 @@ <properties> <help>Show all the pre-shared key secrets</help> </properties> - <command>sudo cat /etc/ipsec.secrets | sed 's/#.*//'</command> + <command>${vyos_op_scripts_dir}/ipsec.py show_psk</command> </node> <node name="status"> <properties> diff --git a/src/op_mode/ipsec.py b/src/op_mode/ipsec.py index 57d3cfed9..44d41219e 100755 --- a/src/op_mode/ipsec.py +++ b/src/op_mode/ipsec.py @@ -779,6 +779,45 @@ def show_ra_summary(raw: bool): return _get_formatted_output_ra_summary(list_sa) +# PSK block +def _get_raw_psk(): + conf: ConfigTreeQuery = ConfigTreeQuery() + config_path = ['vpn', 'ipsec', 'authentication', 'psk'] + psk_config = conf.get_config_dict(config_path, key_mangling=('-', '_'), + get_first_key=True, + no_tag_node_value_mangle=True) + + psk_list = [] + for psk, psk_data in psk_config.items(): + psk_data['psk'] = psk + psk_list.append(psk_data) + + return psk_list + + +def _get_formatted_psk(psk_list): + headers = ["PSK", "Id", "Secret"] + formatted_data = [] + + for psk_data in psk_list: + formatted_data.append([psk_data["psk"], "\n".join(psk_data["id"]), psk_data["secret"]]) + + return tabulate(formatted_data, headers=headers) + + +def show_psk(raw: bool): + config = ConfigTreeQuery() + if not config.exists('vpn ipsec authentication psk'): + raise vyos.opmode.UnconfiguredSubsystem('VPN ipsec psk authentication is not configured') + + psk = _get_raw_psk() + if raw: + return psk + return _get_formatted_psk(psk) + +# PSK block end + + if __name__ == '__main__': try: res = vyos.opmode.run(sys.modules[__name__]) |