summaryrefslogtreecommitdiff
path: root/src/conf_mode/vpn_openconnect.py
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2022-09-15 17:28:11 +0300
committerGitHub <noreply@github.com>2022-09-15 17:28:11 +0300
commit7a2ad35ec8ecd84d162a3e5dc41b50f31d18dc10 (patch)
tree7bc3dcdb730ebba58fb35d170f1496cded6024c2 /src/conf_mode/vpn_openconnect.py
parentd41909874a6a7e2264e0a89928885b491efd9851 (diff)
parente5785ff748f93b66879d8bd0393c208c6df574a9 (diff)
downloadvyos-1x-7a2ad35ec8ecd84d162a3e5dc41b50f31d18dc10.tar.gz
vyos-1x-7a2ad35ec8ecd84d162a3e5dc41b50f31d18dc10.zip
Merge pull request #1477 from sempervictus/feature/ocserv_groups
T3896(adjacent): Fix ocserv local user requirement, add groupconfig
Diffstat (limited to 'src/conf_mode/vpn_openconnect.py')
-rwxr-xr-xsrc/conf_mode/vpn_openconnect.py19
1 files changed, 10 insertions, 9 deletions
diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py
index 240546817..23b1baf4d 100755
--- a/src/conf_mode/vpn_openconnect.py
+++ b/src/conf_mode/vpn_openconnect.py
@@ -58,15 +58,16 @@ def get_config():
default_values = defaults(base)
ocserv = dict_merge(default_values, ocserv)
- # workaround a "know limitation" - https://phabricator.vyos.net/T2665
- del ocserv['authentication']['local_users']['username']['otp']
- if not ocserv["authentication"]["local_users"]["username"]:
- raise ConfigError('openconnect mode local required at least one user')
- default_ocserv_usr_values = default_values['authentication']['local_users']['username']['otp']
- for user, params in ocserv['authentication']['local_users']['username'].items():
- # Not every configuration requires OTP settings
- if ocserv['authentication']['local_users']['username'][user].get('otp'):
- ocserv['authentication']['local_users']['username'][user]['otp'] = dict_merge(default_ocserv_usr_values, ocserv['authentication']['local_users']['username'][user]['otp'])
+ if "local" in ocserv["authentication"]["mode"]:
+ # workaround a "know limitation" - https://phabricator.vyos.net/T2665
+ del ocserv['authentication']['local_users']['username']['otp']
+ if not ocserv["authentication"]["local_users"]["username"]:
+ raise ConfigError('openconnect mode local required at least one user')
+ default_ocserv_usr_values = default_values['authentication']['local_users']['username']['otp']
+ for user, params in ocserv['authentication']['local_users']['username'].items():
+ # Not every configuration requires OTP settings
+ if ocserv['authentication']['local_users']['username'][user].get('otp'):
+ ocserv['authentication']['local_users']['username'][user]['otp'] = dict_merge(default_ocserv_usr_values, ocserv['authentication']['local_users']['username'][user]['otp'])
if ocserv:
ocserv['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'),