1 files changed, 13 insertions, 48 deletions
diff --git a/src/migration-scripts/system/10-to-11 b/src/migration-scripts/system/10-to-11
index 1a0233c7d..3c49f0d95 100755
--- a/src/migration-scripts/system/10-to-11
+++ b/src/migration-scripts/system/10-to-11
@@ -1,9 +1,7 @@
 #!/usr/bin/env python3
 
-# Unclutter RADIUS configuration
-#
-# Move radius-server top level tag nodes to a regular node which allows us
-# to specify additional general features for the RADIUS client.
+# Operator accounts have been deprecated due to a security issue. Those accounts
+# will be converted to regular admin accounts.
 
 import sys
 from vyos.configtree import ConfigTree
@@ -18,54 +16,21 @@ with open(file_name, 'r') as f:
     config_file = f.read()
 
 config = ConfigTree(config_file)
-cfg_base = ['system', 'login']
-if not (config.exists(cfg_base + ['radius-server']) or config.exists(cfg_base + ['radius-source-address'])):
-    # Nothing to do
+base_level = ['system', 'login', 'user']
+
+if not config.exists(base_level):
+    # Nothing to do, which shouldn't happen anyway
+    # only if you wipe the config and reboot.
     sys.exit(0)
 else:
-    #
-    # Migrate "system login radius-source-address" to "system login radius"
-    #
-    if config.exists(cfg_base + ['radius-source-address']):
-        address = config.return_value(cfg_base + ['radius-source-address'])
-        # delete old configuration node
-        config.delete(cfg_base + ['radius-source-address'])
-        # write new configuration node
-        config.set(cfg_base + ['radius', 'source-address'], value=address)
-
-    #
-    # Migrate "system login radius-server" tag node to new
-    # "system login radius server" tag node and also rename the "secret" node to "key"
-    #
-    for server in config.list_nodes(cfg_base + ['radius-server']):
-        base_server = cfg_base + ['radius-server', server]
-        # "key" node is mandatory
-        key = config.return_value(base_server + ['secret'])
-        config.set(cfg_base + ['radius', 'server', server, 'key'], value=key)
-
-        # "port" is optional
-        if config.exists(base_server + ['port']):
-            port = config.return_value(base_server + ['port'])
-            config.set(cfg_base + ['radius', 'server', server, 'port'], value=port)
-
-        # "timeout is optional"
-        if config.exists(base_server + ['timeout']):
-            timeout = config.return_value(base_server + ['timeout'])
-            config.set(cfg_base + ['radius', 'server', server, 'timeout'], value=timeout)
-
-        # format as tag node
-        config.set_tag(cfg_base + ['radius', 'server'])
-
-        # delete old configuration node
-        config.delete(base_server)
-
-    # delete top level tag node
-    if config.exists(cfg_base + ['radius-server']):
-        config.delete(cfg_base + ['radius-server'])
+    for user in config.list_nodes(base_level):
+        if config.exists(base_level + [user, 'level']):
+            if config.return_value(base_level + [user, 'level']) == 'operator':
+                config.set(base_level + [user, 'level'], value="admin", replace=True)
 
     try:
-        with open(file_name, 'w') as f:
-            f.write(config.to_string())
+        open(file_name,'w').write(config.to_string())
+
     except OSError as e:
         print("Failed to save the modified config: {}".format(e))
         sys.exit(1)