diff options
| author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-08-05 15:40:34 +0000 |
|---|---|---|
| committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-08-05 15:40:34 +0000 |
| commit | e3209859935e5994a9767999fd78a9cece6566d4 (patch) | |
| tree | fb77f3178c18a7bd61132257280a7d8a97bae79f | |
| parent | 2a10ffa4b5074be27458159fa94d6227d0e5c7f7 (diff) | |
| download | vyos-1x-e3209859935e5994a9767999fd78a9cece6566d4.tar.gz vyos-1x-e3209859935e5994a9767999fd78a9cece6566d4.zip | |
ocserv: T4597: Check bind port before openconnect commit
Check if openconnect listen port is available and not used by
another service
| -rwxr-xr-x | src/conf_mode/vpn_openconnect.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py index 8e0e30bbf..a3e774678 100755 --- a/src/conf_mode/vpn_openconnect.py +++ b/src/conf_mode/vpn_openconnect.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2020 VyOS maintainers and contributors +# Copyright (C) 2018-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -23,6 +23,7 @@ from vyos.pki import wrap_certificate from vyos.pki import wrap_private_key from vyos.template import render from vyos.util import call +from vyos.util import check_port_availability from vyos.util import is_systemd_service_running from vyos.util import dict_search from vyos.xml import defaults @@ -75,6 +76,10 @@ def get_config(): def verify(ocserv): if ocserv is None: return None + # Check if listen-ports not binded other services + for proto, port in ocserv.get('listen_ports').items(): + if check_port_availability('0.0.0.0', int(port), proto) is not True: + raise ConfigError(f'"{proto}" port "{port}" is used by another service') # Check authentication if "authentication" in ocserv: if "mode" in ocserv["authentication"]: |