summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--data/templates/login/authorized_keys.j2 (renamed from data/templates/login/authorized_keys.tmpl)4
-rw-r--r--data/templates/login/pam_radius_auth.conf.j236
-rw-r--r--data/templates/login/pam_radius_auth.conf.tmpl36
-rwxr-xr-xsrc/conf_mode/system-login.py4
4 files changed, 40 insertions, 40 deletions
diff --git a/data/templates/login/authorized_keys.tmpl b/data/templates/login/authorized_keys.j2
index 9402c8719..aabca47cf 100644
--- a/data/templates/login/authorized_keys.tmpl
+++ b/data/templates/login/authorized_keys.j2
@@ -1,9 +1,9 @@
### Automatically generated by system-login.py ###
{% if authentication.public_keys is vyos_defined %}
-{% for key, key_options in authentication.public_keys.items() %}
+{% for key, key_options in authentication.public_keys.items() %}
{# The whitespace after options is wisely chosen #}
{{ key_options.options ~ ' ' if key_options.options is vyos_defined }}{{ key_options.type }} {{ key_options.key }} {{ key }}
-{% endfor %}
+{% endfor %}
{% endif %}
diff --git a/data/templates/login/pam_radius_auth.conf.j2 b/data/templates/login/pam_radius_auth.conf.j2
new file mode 100644
index 000000000..1105b60e5
--- /dev/null
+++ b/data/templates/login/pam_radius_auth.conf.j2
@@ -0,0 +1,36 @@
+# Automatically generated by system-login.py
+# RADIUS configuration file
+
+{% if radius is vyos_defined %}
+{# RADIUS IPv6 source address must be specified in [] notation #}
+{% set source_address = namespace() %}
+{% if radius.source_address is vyos_defined %}
+{% for address in radius.source_address %}
+{% if address | is_ipv4 %}
+{% set source_address.ipv4 = address %}
+{% elif address | is_ipv6 %}
+{% set source_address.ipv6 = "[" + address + "]" %}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if radius.server is vyos_defined %}
+# server[:port] shared_secret timeout source_ip
+{# .items() returns a tuple of two elements: key and value. 1 relates to the 2nd element i.e. the value and .priority relates to the key from the internal dict #}
+{% for server, options in radius.server.items() | sort(attribute='1.priority') if not options.disabled %}
+{# RADIUS IPv6 servers must be specified in [] notation #}
+{% if server | is_ipv4 %}
+{{ server }}:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is vyos_defined }}
+{% else %}
+[{{ server }}]:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is vyos_defined }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+priv-lvl 15
+mapped_priv_user radius_priv_user
+
+{% if radius.vrf is vyos_defined %}
+vrf-name {{ radius.vrf }}
+{% endif %}
+{% endif %}
+
diff --git a/data/templates/login/pam_radius_auth.conf.tmpl b/data/templates/login/pam_radius_auth.conf.tmpl
deleted file mode 100644
index 4e34ade41..000000000
--- a/data/templates/login/pam_radius_auth.conf.tmpl
+++ /dev/null
@@ -1,36 +0,0 @@
-# Automatically generated by system-login.py
-# RADIUS configuration file
-
-{% if radius is vyos_defined %}
-{# RADIUS IPv6 source address must be specified in [] notation #}
-{% set source_address = namespace() %}
-{% if radius.source_address is vyos_defined %}
-{% for address in radius.source_address %}
-{% if address | is_ipv4 %}
-{% set source_address.ipv4 = address %}
-{% elif address | is_ipv6 %}
-{% set source_address.ipv6 = "[" + address + "]" %}
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if radius.server is vyos_defined %}
-# server[:port] shared_secret timeout source_ip
-{# .items() returns a tuple of two elements: key and value. 1 relates to the 2nd element i.e. the value and .priority relates to the key from the internal dict #}
-{% for server, options in radius.server.items() | sort(attribute='1.priority') if not options.disabled %}
-{# RADIUS IPv6 servers must be specified in [] notation #}
-{% if server | is_ipv4 %}
-{{ server }}:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is vyos_defined }}
-{% else %}
-[{{ server }}]:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is vyos_defined }}
-{% endif %}
-{% endfor %}
-{% endif %}
-
-priv-lvl 15
-mapped_priv_user radius_priv_user
-
-{% if radius.vrf is vyos_defined %}
-vrf-name {{ radius.vrf }}
-{% endif %}
-{% endif %}
-
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py
index c9c6aa187..c717286ae 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system-login.py
@@ -197,7 +197,7 @@ def generate(login):
pass
if 'radius' in login:
- render(radius_config_file, 'login/pam_radius_auth.conf.tmpl', login,
+ render(radius_config_file, 'login/pam_radius_auth.conf.j2', login,
permission=0o600, user='root', group='root')
else:
if os.path.isfile(radius_config_file):
@@ -241,7 +241,7 @@ def apply(login):
#
# XXX: Should we deny using root at all?
home_dir = getpwnam(user).pw_dir
- render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.tmpl',
+ render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2',
user_config, permission=0o600,
formater=lambda _: _.replace(""", '"'),
user=user, group='users')