From d11b04f4f9230638fbbeb7cb21bd46de9d09d27c Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 25 Feb 2020 16:34:19 +0100 Subject: login: radius: T2071: support disabling individual server --- src/conf_mode/system-login-radius.py | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/conf_mode/system-login-radius.py b/src/conf_mode/system-login-radius.py index caa7f6b80..b1e7dce4e 100755 --- a/src/conf_mode/system-login-radius.py +++ b/src/conf_mode/system-login-radius.py @@ -29,11 +29,13 @@ radius_config_file = "/etc/pam_radius_auth.conf" radius_config_tmpl = """ # Automatically generated by VyOS # RADIUS configuration file +{%- if server %} # server[:port] shared_secret timeout (s) source_ip -{% if server -%} -{% for s in server -%} +{% for s in server %} +{%- if not s.disabled -%} {{ s.address }}:{{ s.port }} {{ s.key }} {{ s.timeout }} {% if source_address -%}{{ source_address }}{% endif %} -{% endfor -%} +{% endif %} +{%- endfor %} priv-lvl 15 mapped_priv_user radius_priv_user @@ -75,12 +77,17 @@ def get_config(): for server in conf.list_nodes(['server']): server_cfg = { 'address': server, + 'disabled': False, 'key': '', 'port': '1812', 'timeout': '2' } conf.set_level(base_level + ['server', server]) + # Check if RADIUS server was temporary disabled + if conf.exists(['disable']): + server_cfg['disabled'] = True + # RADIUS shared secret if conf.exists(['key']): server_cfg['key'] = conf.return_value(['key']) @@ -99,7 +106,16 @@ def get_config(): return radius def verify(radius): - pass + # At lease one RADIUS server must not be disabled + if len(radius['server']) > 0: + fail = True + for server in radius['server']: + if not server['disabled']: + fail = False + if fail: + raise ConfigError('At least one RADIUS server must be active.') + + return None def generate(radius): if len(radius['server']) > 0: -- cgit v1.2.3