diff options
| author | aapostoliuk <a.apostoliuk@vyos.io> | 2023-01-26 16:11:45 +0200 |
|---|---|---|
| committer | aapostoliuk <a.apostoliuk@vyos.io> | 2023-01-26 16:11:45 +0200 |
| commit | 02004325f166881d26a82777de385578b433f993 (patch) | |
| tree | cf015fa54b935aaad8a9d6219c662c28d3205753 /src | |
| parent | b1d2bb907c537f99ee8011947cda45084076ecba (diff) | |
| download | vyos-1x-02004325f166881d26a82777de385578b433f993.tar.gz vyos-1x-02004325f166881d26a82777de385578b433f993.zip | |
openconnect: T4955: Removed wrong authserver in radiusclient.conf
After merging config dictionary with default values, radius port
the default value was merged not in a proper way.
It is added as a server.
After creating radiusclient.conf added and the illegal authserver
equal 'port'.
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/vpn_openconnect.py | 60 |
1 files changed, 48 insertions, 12 deletions
diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py index af3c51efc..57eba17b0 100755 --- a/src/conf_mode/vpn_openconnect.py +++ b/src/conf_mode/vpn_openconnect.py @@ -46,6 +46,52 @@ radius_servers = cfg_dir + '/radius_servers' def get_hash(password): return crypt(password, mksalt(METHOD_SHA512)) + +def T2665_default_dict_cleanup(origin: dict, default_values: dict) -> dict: + """ + https://phabricator.vyos.net/T2665 + Clear unnecessary key values in merged config by dict_merge function + :param origin: config + :type origin: dict + :param default_values: default values + :type default_values: dict + :return: merged dict + :rtype: dict + """ + if 'mode' in origin["authentication"] and "local" in \ + origin["authentication"]["mode"]: + del origin['authentication']['local_users']['username']['otp'] + if not origin["authentication"]["local_users"]["username"]: + raise ConfigError( + 'Openconnect mode local required at least one user') + default_ocserv_usr_values = \ + default_values['authentication']['local_users']['username']['otp'] + for user, params in origin['authentication']['local_users'][ + 'username'].items(): + # Not every configuration requires OTP settings + if origin['authentication']['local_users']['username'][user].get( + 'otp'): + origin['authentication']['local_users']['username'][user][ + 'otp'] = dict_merge(default_ocserv_usr_values, + origin['authentication'][ + 'local_users']['username'][user][ + 'otp']) + + if 'mode' in origin["authentication"] and "radius" in \ + origin["authentication"]["mode"]: + del origin['authentication']['radius']['server']['port'] + if not origin["authentication"]['radius']['server']: + raise ConfigError( + 'Openconnect mode radius required at least one radius server') + default_values_radius_port = \ + default_values['authentication']['radius']['server']['port'] + for server, params in origin['authentication']['radius'][ + 'server'].items(): + if 'port' not in params: + params['port'] = default_values_radius_port + return origin + + def get_config(): conf = Config() base = ['vpn', 'openconnect'] @@ -57,18 +103,8 @@ def get_config(): # options which we need to update into the dictionary retrived. default_values = defaults(base) ocserv = dict_merge(default_values, ocserv) - - if 'mode' in ocserv["authentication"] and "local" in ocserv["authentication"]["mode"]: - # workaround a "know limitation" - https://phabricator.vyos.net/T2665 - del ocserv['authentication']['local_users']['username']['otp'] - if not ocserv["authentication"]["local_users"]["username"]: - raise ConfigError('openconnect mode local required at least one user') - default_ocserv_usr_values = default_values['authentication']['local_users']['username']['otp'] - for user, params in ocserv['authentication']['local_users']['username'].items(): - # Not every configuration requires OTP settings - if ocserv['authentication']['local_users']['username'][user].get('otp'): - ocserv['authentication']['local_users']['username'][user]['otp'] = dict_merge(default_ocserv_usr_values, ocserv['authentication']['local_users']['username'][user]['otp']) - + # workaround a "know limitation" - https://phabricator.vyos.net/T2665 + ocserv = T2665_default_dict_cleanup(ocserv, default_values) if ocserv: ocserv['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'), get_first_key=True, no_tag_node_value_mangle=True) |