summaryrefslogtreecommitdiff
path: root/src/conf_mode/system-login-radius.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-02-25 16:34:19 +0100
committerChristian Poessinger <christian@poessinger.com>2020-02-25 16:34:19 +0100
commitd11b04f4f9230638fbbeb7cb21bd46de9d09d27c (patch)
treeb27229b8656412797acbb62bcbfde931da1d3fda /src/conf_mode/system-login-radius.py
parent6e0aad3a6b1a35428674f2266932528403c9702a (diff)
downloadvyos-1x-d11b04f4f9230638fbbeb7cb21bd46de9d09d27c.tar.gz
vyos-1x-d11b04f4f9230638fbbeb7cb21bd46de9d09d27c.zip
login: radius: T2071: support disabling individual server
Diffstat (limited to 'src/conf_mode/system-login-radius.py')
-rwxr-xr-xsrc/conf_mode/system-login-radius.py24
1 files changed, 20 insertions, 4 deletions
diff --git a/src/conf_mode/system-login-radius.py b/src/conf_mode/system-login-radius.py
index caa7f6b80..b1e7dce4e 100755
--- a/src/conf_mode/system-login-radius.py
+++ b/src/conf_mode/system-login-radius.py
@@ -29,11 +29,13 @@ radius_config_file = "/etc/pam_radius_auth.conf"
radius_config_tmpl = """
# Automatically generated by VyOS
# RADIUS configuration file
+{%- if server %}
# server[:port] shared_secret timeout (s) source_ip
-{% if server -%}
-{% for s in server -%}
+{% for s in server %}
+{%- if not s.disabled -%}
{{ s.address }}:{{ s.port }} {{ s.key }} {{ s.timeout }} {% if source_address -%}{{ source_address }}{% endif %}
-{% endfor -%}
+{% endif %}
+{%- endfor %}
priv-lvl 15
mapped_priv_user radius_priv_user
@@ -75,12 +77,17 @@ def get_config():
for server in conf.list_nodes(['server']):
server_cfg = {
'address': server,
+ 'disabled': False,
'key': '',
'port': '1812',
'timeout': '2'
}
conf.set_level(base_level + ['server', server])
+ # Check if RADIUS server was temporary disabled
+ if conf.exists(['disable']):
+ server_cfg['disabled'] = True
+
# RADIUS shared secret
if conf.exists(['key']):
server_cfg['key'] = conf.return_value(['key'])
@@ -99,7 +106,16 @@ def get_config():
return radius
def verify(radius):
- pass
+ # At lease one RADIUS server must not be disabled
+ if len(radius['server']) > 0:
+ fail = True
+ for server in radius['server']:
+ if not server['disabled']:
+ fail = False
+ if fail:
+ raise ConfigError('At least one RADIUS server must be active.')
+
+ return None
def generate(radius):
if len(radius['server']) > 0: