summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-02-09 08:34:28 +0100
committerGitHub <noreply@github.com>2024-02-09 08:34:28 +0100
commite6f914429daadd2c812ef8cbe051321a8a3e5e60 (patch)
tree91914de09186cfae40e6848a9aefeef7c4c39b12 /src
parent267579006a98fbdc5802b428d24a917421a56cb2 (diff)
parent3e1a585f9714ffa990bb5751c7a4c7025d7c02fa (diff)
downloadvyos-1x-e6f914429daadd2c812ef8cbe051321a8a3e5e60.tar.gz
vyos-1x-e6f914429daadd2c812ef8cbe051321a8a3e5e60.zip
Merge pull request #2973 from vyos/mergify/bp/sagitta/pr-2950
T5960: Rewritten authentication node in PPTP to a single view (backport #2950)
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/service_ipoe-server.py12
-rwxr-xr-xsrc/conf_mode/service_pppoe-server.py8
-rwxr-xr-xsrc/conf_mode/vpn_l2tp.py7
-rwxr-xr-xsrc/migration-scripts/pptp/4-to-566
4 files changed, 69 insertions, 24 deletions
diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py
index 6df6f3dc7..5f72b983c 100755
--- a/src/conf_mode/service_ipoe-server.py
+++ b/src/conf_mode/service_ipoe-server.py
@@ -26,6 +26,7 @@ from vyos.utils.process import call
from vyos.utils.dict import dict_search
from vyos.accel_ppp_util import get_pools_in_order
from vyos.accel_ppp_util import verify_accel_ppp_ip_pool
+from vyos.accel_ppp_util import verify_accel_ppp_base_service
from vyos import ConfigError
from vyos import airbag
airbag.enable()
@@ -68,18 +69,9 @@ def verify(ipoe):
raise ConfigError('Option "client-subnet" incompatible with "vlan"!'
'Use "ipoe client-ip-pool" instead.')
+ verify_accel_ppp_base_service(ipoe, local_users=False)
verify_accel_ppp_ip_pool(ipoe)
- if dict_search('authentication.mode', ipoe) == 'radius':
- if not dict_search('authentication.radius.server', ipoe):
- raise ConfigError('RADIUS authentication requires at least one server')
-
- for server in dict_search('authentication.radius.server', ipoe):
- radius_config = ipoe['authentication']['radius']['server'][server]
- if 'key' not in radius_config:
- raise ConfigError(f'Missing RADIUS secret key for server "{server}"')
-
-
return None
diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py
index 31299a15c..c2dfbdb44 100755
--- a/src/conf_mode/service_pppoe-server.py
+++ b/src/conf_mode/service_pppoe-server.py
@@ -68,6 +68,7 @@ def verify(pppoe):
return None
verify_accel_ppp_base_service(pppoe)
+ verify_accel_ppp_ip_pool(pppoe)
if 'wins_server' in pppoe and len(pppoe['wins_server']) > 2:
raise ConfigError('Not more then two WINS name-servers can be configured')
@@ -79,13 +80,6 @@ def verify(pppoe):
for interface in pppoe['interface']:
verify_interface_exists(interface)
- verify_accel_ppp_ip_pool(pppoe)
-
- if dict_search('authentication.radius.dynamic_author.server', pppoe):
- if not dict_search('authentication.radius.dynamic_author.key', pppoe):
- raise ConfigError('DA/CoE server key required!')
-
-
return None
diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py
index 4ca717814..266381754 100755
--- a/src/conf_mode/vpn_l2tp.py
+++ b/src/conf_mode/vpn_l2tp.py
@@ -27,7 +27,6 @@ from vyos.utils.dict import dict_search
from vyos.accel_ppp_util import verify_accel_ppp_base_service
from vyos.accel_ppp_util import verify_accel_ppp_ip_pool
from vyos.accel_ppp_util import get_pools_in_order
-from vyos.base import Warning
from vyos import ConfigError
from vyos import airbag
@@ -64,14 +63,8 @@ def verify(l2tp):
return None
verify_accel_ppp_base_service(l2tp)
-
- if dict_search('authentication.radius.dynamic_author.server', l2tp):
- if not dict_search('authentication.radius.dynamic_author.key', l2tp):
- raise ConfigError('DA/CoE server key required!')
-
verify_accel_ppp_ip_pool(l2tp)
-
if 'wins_server' in l2tp and len(l2tp['wins_server']) > 2:
raise ConfigError(
'Not more then two WINS name-servers can be configured')
diff --git a/src/migration-scripts/pptp/4-to-5 b/src/migration-scripts/pptp/4-to-5
new file mode 100755
index 000000000..d4b3f9a14
--- /dev/null
+++ b/src/migration-scripts/pptp/4-to-5
@@ -0,0 +1,66 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2024 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# - Move 'require' from 'protocols' in 'authentication' node
+# - Migrate to new default values in radius timeout and acct-timeout
+
+import os
+
+from sys import argv
+from sys import exit
+from vyos.configtree import ConfigTree
+
+
+if len(argv) < 2:
+ print("Must specify file name!")
+ exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+config = ConfigTree(config_file)
+base = ['vpn', 'pptp', 'remote-access']
+
+if not config.exists(base):
+ exit(0)
+
+#migrate require to protocols
+require_path = base + ['authentication', 'require']
+if config.exists(require_path):
+ protocols = list(config.return_values(require_path))
+ for protocol in protocols:
+ config.set(base + ['authentication', 'protocols'], value=protocol,
+ replace=False)
+ config.delete(require_path)
+else:
+ config.set(base + ['authentication', 'protocols'], value='mschap-v2')
+
+radius_path = base + ['authentication', 'radius']
+if config.exists(radius_path):
+ if not config.exists(radius_path + ['timeout']):
+ config.set(radius_path + ['timeout'], value=3)
+ if not config.exists(radius_path + ['acct-timeout']):
+ config.set(radius_path + ['acct-timeout'], value=3)
+
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ exit(1)