diff options
author | Christian Breunig <christian@breunig.cc> | 2024-02-09 08:34:28 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-09 08:34:28 +0100 |
commit | e6f914429daadd2c812ef8cbe051321a8a3e5e60 (patch) | |
tree | 91914de09186cfae40e6848a9aefeef7c4c39b12 /src | |
parent | 267579006a98fbdc5802b428d24a917421a56cb2 (diff) | |
parent | 3e1a585f9714ffa990bb5751c7a4c7025d7c02fa (diff) | |
download | vyos-1x-e6f914429daadd2c812ef8cbe051321a8a3e5e60.tar.gz vyos-1x-e6f914429daadd2c812ef8cbe051321a8a3e5e60.zip |
Merge pull request #2973 from vyos/mergify/bp/sagitta/pr-2950
T5960: Rewritten authentication node in PPTP to a single view (backport #2950)
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/service_ipoe-server.py | 12 | ||||
-rwxr-xr-x | src/conf_mode/service_pppoe-server.py | 8 | ||||
-rwxr-xr-x | src/conf_mode/vpn_l2tp.py | 7 | ||||
-rwxr-xr-x | src/migration-scripts/pptp/4-to-5 | 66 |
4 files changed, 69 insertions, 24 deletions
diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py index 6df6f3dc7..5f72b983c 100755 --- a/src/conf_mode/service_ipoe-server.py +++ b/src/conf_mode/service_ipoe-server.py @@ -26,6 +26,7 @@ from vyos.utils.process import call from vyos.utils.dict import dict_search from vyos.accel_ppp_util import get_pools_in_order from vyos.accel_ppp_util import verify_accel_ppp_ip_pool +from vyos.accel_ppp_util import verify_accel_ppp_base_service from vyos import ConfigError from vyos import airbag airbag.enable() @@ -68,18 +69,9 @@ def verify(ipoe): raise ConfigError('Option "client-subnet" incompatible with "vlan"!' 'Use "ipoe client-ip-pool" instead.') + verify_accel_ppp_base_service(ipoe, local_users=False) verify_accel_ppp_ip_pool(ipoe) - if dict_search('authentication.mode', ipoe) == 'radius': - if not dict_search('authentication.radius.server', ipoe): - raise ConfigError('RADIUS authentication requires at least one server') - - for server in dict_search('authentication.radius.server', ipoe): - radius_config = ipoe['authentication']['radius']['server'][server] - if 'key' not in radius_config: - raise ConfigError(f'Missing RADIUS secret key for server "{server}"') - - return None diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py index 31299a15c..c2dfbdb44 100755 --- a/src/conf_mode/service_pppoe-server.py +++ b/src/conf_mode/service_pppoe-server.py @@ -68,6 +68,7 @@ def verify(pppoe): return None verify_accel_ppp_base_service(pppoe) + verify_accel_ppp_ip_pool(pppoe) if 'wins_server' in pppoe and len(pppoe['wins_server']) > 2: raise ConfigError('Not more then two WINS name-servers can be configured') @@ -79,13 +80,6 @@ def verify(pppoe): for interface in pppoe['interface']: verify_interface_exists(interface) - verify_accel_ppp_ip_pool(pppoe) - - if dict_search('authentication.radius.dynamic_author.server', pppoe): - if not dict_search('authentication.radius.dynamic_author.key', pppoe): - raise ConfigError('DA/CoE server key required!') - - return None diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py index 4ca717814..266381754 100755 --- a/src/conf_mode/vpn_l2tp.py +++ b/src/conf_mode/vpn_l2tp.py @@ -27,7 +27,6 @@ from vyos.utils.dict import dict_search from vyos.accel_ppp_util import verify_accel_ppp_base_service from vyos.accel_ppp_util import verify_accel_ppp_ip_pool from vyos.accel_ppp_util import get_pools_in_order -from vyos.base import Warning from vyos import ConfigError from vyos import airbag @@ -64,14 +63,8 @@ def verify(l2tp): return None verify_accel_ppp_base_service(l2tp) - - if dict_search('authentication.radius.dynamic_author.server', l2tp): - if not dict_search('authentication.radius.dynamic_author.key', l2tp): - raise ConfigError('DA/CoE server key required!') - verify_accel_ppp_ip_pool(l2tp) - if 'wins_server' in l2tp and len(l2tp['wins_server']) > 2: raise ConfigError( 'Not more then two WINS name-servers can be configured') diff --git a/src/migration-scripts/pptp/4-to-5 b/src/migration-scripts/pptp/4-to-5 new file mode 100755 index 000000000..d4b3f9a14 --- /dev/null +++ b/src/migration-scripts/pptp/4-to-5 @@ -0,0 +1,66 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2024 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# - Move 'require' from 'protocols' in 'authentication' node +# - Migrate to new default values in radius timeout and acct-timeout + +import os + +from sys import argv +from sys import exit +from vyos.configtree import ConfigTree + + +if len(argv) < 2: + print("Must specify file name!") + exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +config = ConfigTree(config_file) +base = ['vpn', 'pptp', 'remote-access'] + +if not config.exists(base): + exit(0) + +#migrate require to protocols +require_path = base + ['authentication', 'require'] +if config.exists(require_path): + protocols = list(config.return_values(require_path)) + for protocol in protocols: + config.set(base + ['authentication', 'protocols'], value=protocol, + replace=False) + config.delete(require_path) +else: + config.set(base + ['authentication', 'protocols'], value='mschap-v2') + +radius_path = base + ['authentication', 'radius'] +if config.exists(radius_path): + if not config.exists(radius_path + ['timeout']): + config.set(radius_path + ['timeout'], value=3) + if not config.exists(radius_path + ['acct-timeout']): + config.set(radius_path + ['acct-timeout'], value=3) + + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1) |