Merge branch 'current' of github.com:vyos/vyos-1x into equuleus

* 'current' of github.com:vyos/vyos-1x: (30 commits)
  smoketest: dummy: fix indent
  smoketest: bridge: bond: enable ip subsystem tests
  smoketest: interfaces: dhcpv6pd final fix
  smoketest: ethernet: fix link-speed loop test
  Debian: add build-dependency on python3-jinja2
  smoketest: ethernet: verify() speed/duplex must both be auto or discrete
  smoketest: interfaces: report skipped tests
  smoketest: ethernet: bugfixes for dhcpc6 and unknown interfaces
  Debian: add python3-psutil build dependency
  smoketest: ethernet: check for error on non existing interface
  vyos.configverify: provide generic helper to check for interface existence
  smoketest: interfaces: fix dhcpv6 pd testcase when using multiple interfaces
  login: radius: T3192: migrate to get_config_dict()
  ssh: T2635: harden Jinja2 template and daemon startup
  ssh: T2635: change sshd_config path to /run/sshd
  login: radius: T3192: support IPv6 server(s) and source-address
  xml: include: provide generic include for disable node
  xml: radius: T3192: split individual nodes to discrete includes
  bgp: T2174: verify() existence of route-map and prefix-list
  smoketest: interfaces: test dhcpv6 pd sla-id auto increment
  ...

2 files changed, 45 insertions, 0 deletions

diff --git a/data/templates/login/authorized_keys.tmpl b/data/templates/login/authorized_keys.tmpl
new file mode 100644
index 000000000..639a80e1d
--- /dev/null
+++ b/data/templates/login/authorized_keys.tmpl
@@ -0,0 +1,9 @@
+### Automatically generated by system-login.py ###
+
+{% if authentication is defined and authentication.public_keys is defined and authentication.public_keys is not none %}
+{%   for key, key_options in authentication.public_keys.items() %}
+{# The whitespace after options is wisely chosen #}
+{{ key_options.options + ' ' if key_options.options is defined }}{{ key_options.type }} {{ key_options.key }} {{ key }}
+{%   endfor %}
+{% endif %}
+
diff --git a/data/templates/login/pam_radius_auth.conf.tmpl b/data/templates/login/pam_radius_auth.conf.tmpl
new file mode 100644
index 000000000..fad8e7dcb
--- /dev/null
+++ b/data/templates/login/pam_radius_auth.conf.tmpl
@@ -0,0 +1,36 @@
+# Automatically generated by system-login.py
+# RADIUS configuration file
+
+{% if radius is defined and radius is not none %}
+{#   RADIUS IPv6 source address must be specified in [] notation #}
+{%   set source_address = namespace()  %}
+{%   if radius.source_address is defined and radius.source_address is not none %}
+{%     for address in radius.source_address %}
+{%       if address | is_ipv4 %}
+{%         set source_address.ipv4 = address %}
+{%       elif address | is_ipv6 %}
+{%         set source_address.ipv6 = "[" + address + "]" %}
+{%       endif %}
+{%     endfor %}
+{%   endif %}
+{% if radius.server is defined and radius.server is not none %}
+# server[:port]        shared_secret             timeout    source_ip
+{# .items() returns a tuple of two elements: key and value. 1 relates to the 2nd element i.e. the value and .priority relates to the key from the internal dict #}
+{%   for server, options in radius.server.items() | sort(attribute='1.priority') if not options.disabled %}
+{#   RADIUS IPv6 servers must be specified in [] notation #}
+{%     if server | is_ipv4 %}
+{{ server }}:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is defined }}
+{%     else %}
+[{{ server }}]:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is defined }}
+{%     endif %}
+{%   endfor %}
+{% endif %}
+
+priv-lvl 15
+mapped_priv_user radius_priv_user
+
+{%   if radius.vrf is defined and radius.vrf is not none %}
+vrf-name {{ radius.vrf }}
+{%   endif %}
+{% endif %}
+