From 106406d46ba594b86056e3341314e9615a501dd5 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Fri, 20 Mar 2020 17:44:25 +0100
Subject: sstp: T2008: dns: unwind configuration

---
 interface-definitions/vpn-sstp.xml.in | 28 +++++-----------------------
 src/conf_mode/vpn_sstp.py             | 21 ++++++++++-----------
 src/migration-scripts/sstp/0-to-1     | 13 +++++++++++++
 3 files changed, 28 insertions(+), 34 deletions(-)

diff --git a/interface-definitions/vpn-sstp.xml.in b/interface-definitions/vpn-sstp.xml.in
index c7c3c3ea5..e2d6aa75e 100644
--- a/interface-definitions/vpn-sstp.xml.in
+++ b/interface-definitions/vpn-sstp.xml.in
@@ -5,7 +5,7 @@
       <node name="sstp" owner="${vyos_conf_scripts_dir}/vpn_sstp.py">
         <properties>
           <help>Secure Socket Tunneling Protocol (SSTP) server</help>
-          <priority>900</priority>
+          <priority>901</priority>
         </properties>
         <children>
           <node name="authentication">
@@ -318,14 +318,9 @@
                   </leafNode>
                 </children>
               </node>
-              <node name="dns-server">
+              <leafNode name="name-server">
                 <properties>
                   <help>DNS servers propagated to clients</help>
-                </properties>
-                <children>
-                  <leafNode name="primary-dns">
-                    <properties>
-                      <help>Primary DNS Server</help>
                       <valueHelp>
                         <format>ipv4</format>
                         <description>IPv4 address</description>
@@ -333,22 +328,9 @@
                       <constraint>
                         <validator name="ipv4-address"/>
                       </constraint>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="secondary-dns">
-                    <properties>
-                      <help>Secondary DNS Server</help>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>IPv4 address</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-address"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
+                      <multi/>
+                </properties>
+              </leafNode>
               #include <include/interface-mtu-68-1500.xml.i>
             </children>
           </node>
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index 12d62ad70..e0ebb2ad9 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -91,12 +91,9 @@ gw-ip-address={{gw}}
 
 {% if dnsv4 %}
 [dns]
-{% if dnsv4['primary'] %}
-dns1={{dnsv4['primary']}}
-{% endif -%}
-{% if dnsv4['secondary'] %}
-dns2={{dnsv4['secondary']}}
-{% endif -%}
+{% for dns in dnsv4 -%}
+dns{{ loop.index }}={{ dns }}
+{% endfor -%}
 {% endif %}
 
 {% if authentication['mode'] == 'local' %}
@@ -252,7 +249,7 @@ def get_config():
     },
     'ip_pool'         : [],
     'gw'              : None,
-    'dnsv4'           : {},
+    'dnsv4'           : [],
     'mtu'             : None,
     'ppp'             : {},
   }
@@ -352,10 +349,8 @@ def get_config():
     config_data['ip_pool'] = c.return_values('network-settings client-ip-settings subnet')
   if c.exists('network-settings client-ip-settings gateway-address'):
     config_data['gw'] = c.return_value('network-settings client-ip-settings gateway-address')
-  if c.exists('network-settings dns-server primary-dns'):
-    config_data['dnsv4']['primary'] = c.return_value('network-settings dns-server primary-dns')
-  if c.exists('network-settings dns-server secondary-dns'):
-    config_data['dnsv4']['secondary'] = c.return_value('network-settings dns-server secondary-dns')
+  if c.exists('network-settings name-server'):
+    config_data['dnsv4'] = c.return_values('network-settings name-server')
   if c.exists('network-settings mtu'):
     config_data['mtu'] = c.return_value('network-settings mtu')
 
@@ -374,6 +369,7 @@ def get_config():
 def verify(c):
   if c == None:
     return None
+
   ### vertify auth settings
   if c['authentication']['mode'] == 'local':
     if not c['authentication']['local-users']:
@@ -390,6 +386,9 @@ def verify(c):
         if not c['authentication']['local-users'][usr]['upload']:
           raise ConfigError('user ' + usr + ' requires upload speed value')
 
+  if len(c['dnsv4']) > 2:
+    raise ConfigError("Only 2 DNS name-servers can be configured")
+
   if not c['certs']['ca'] or not c['certs']['server-key'] or not c['certs']['server-cert']:
     raise ConfigError('service sstp-server sstp-settings ssl-certs needs the ssl certificates set up')
   else:
diff --git a/src/migration-scripts/sstp/0-to-1 b/src/migration-scripts/sstp/0-to-1
index 0fe1a203f..88d3b4fb4 100755
--- a/src/migration-scripts/sstp/0-to-1
+++ b/src/migration-scripts/sstp/0-to-1
@@ -45,6 +45,19 @@ else:
     config.copy(old_base, new_base)
     config.delete(old_base)
 
+    # migrate DNS servers
+    dns_base = new_base + ['network-settings', 'dns-server']
+    if config.exists(dns_base):
+        if config.exists(dns_base + ['primary-dns']):
+            dns = config.return_value(dns_base + ['primary-dns'])
+            config.set(new_base + ['network-settings', 'name-server'], value=dns, replace=False)
+
+        if config.exists(dns_base + ['secondary-dns']):
+            dns = config.return_value(dns_base + ['secondary-dns'])
+            config.set(new_base + ['network-settings', 'name-server'], value=dns, replace=False)
+
+        config.delete(dns_base)
+
     print(config.to_string())
     sys.exit(1)
 
-- 
cgit v1.2.3