From e8a1c291b1d4b90709a68038e16522b4cee82904 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Thu, 7 Jan 2021 21:28:04 +0100
Subject: login: radius: T3192: migrate to get_config_dict()

---
 data/templates/login/authorized_keys.tmpl      |  9 ++++++++
 data/templates/login/pam_radius_auth.conf.tmpl | 29 ++++++++++++++------------
 2 files changed, 25 insertions(+), 13 deletions(-)
 create mode 100644 data/templates/login/authorized_keys.tmpl

(limited to 'data/templates')

diff --git a/data/templates/login/authorized_keys.tmpl b/data/templates/login/authorized_keys.tmpl
new file mode 100644
index 000000000..639a80e1d
--- /dev/null
+++ b/data/templates/login/authorized_keys.tmpl
@@ -0,0 +1,9 @@
+### Automatically generated by system-login.py ###
+
+{% if authentication is defined and authentication.public_keys is defined and authentication.public_keys is not none %}
+{%   for key, key_options in authentication.public_keys.items() %}
+{# The whitespace after options is wisely chosen #}
+{{ key_options.options + ' ' if key_options.options is defined }}{{ key_options.type }} {{ key_options.key }} {{ key }}
+{%   endfor %}
+{% endif %}
+
diff --git a/data/templates/login/pam_radius_auth.conf.tmpl b/data/templates/login/pam_radius_auth.conf.tmpl
index 56a5e10ee..fad8e7dcb 100644
--- a/data/templates/login/pam_radius_auth.conf.tmpl
+++ b/data/templates/login/pam_radius_auth.conf.tmpl
@@ -1,10 +1,11 @@
 # Automatically generated by system-login.py
 # RADIUS configuration file
 
+{% if radius is defined and radius is not none %}
 {#   RADIUS IPv6 source address must be specified in [] notation #}
 {%   set source_address = namespace()  %}
-{%   if radius_source_address is defined and radius_source_address is not none %}
-{%     for address in radius_source_address %}
+{%   if radius.source_address is defined and radius.source_address is not none %}
+{%     for address in radius.source_address %}
 {%       if address | is_ipv4 %}
 {%         set source_address.ipv4 = address %}
 {%       elif address | is_ipv6 %}
@@ -12,22 +13,24 @@
 {%       endif %}
 {%     endfor %}
 {%   endif %}
-{% if radius_server is defined and radius_server is not none %}
+{% if radius.server is defined and radius.server is not none %}
 # server[:port]        shared_secret             timeout    source_ip
-{% for server in radius_server | sort(attribute='priority') if not server.disabled %}
+{# .items() returns a tuple of two elements: key and value. 1 relates to the 2nd element i.e. the value and .priority relates to the key from the internal dict #}
+{%   for server, options in radius.server.items() | sort(attribute='1.priority') if not options.disabled %}
 {#   RADIUS IPv6 servers must be specified in [] notation #}
-{%   if server.address | is_ipv4 %}
-{{ server.address }}:{{ server.port }} {{ "%-25s" | format(server.key) }} {{ "%-10s" | format(server.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is defined }}
-{%   else %}
-[{{ server.address }}]:{{ server.port }} {{ "%-25s" | format(server.key) }} {{ "%-10s" | format(server.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is defined }}
-{%   endif %}
-{% endfor %}
+{%     if server | is_ipv4 %}
+{{ server }}:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is defined }}
+{%     else %}
+[{{ server }}]:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is defined }}
+{%     endif %}
+{%   endfor %}
+{% endif %}
 
 priv-lvl 15
 mapped_priv_user radius_priv_user
 
-{% if radius_vrf %}
-vrf-name {{ radius_vrf }}
-{% endif %}
+{%   if radius.vrf is defined and radius.vrf is not none %}
+vrf-name {{ radius.vrf }}
+{%   endif %}
 {% endif %}
 
-- 
cgit v1.2.3