diff options
Diffstat (limited to 'src/migration-scripts/ssh/1-to-2')
| -rw-r--r-- | src/migration-scripts/ssh/1-to-2 | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/src/migration-scripts/ssh/1-to-2 b/src/migration-scripts/ssh/1-to-2 new file mode 100644 index 0000000..b601db3 --- /dev/null +++ b/src/migration-scripts/ssh/1-to-2 @@ -0,0 +1,63 @@ +# Copyright 2020-2024 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library. If not, see <http://www.gnu.org/licenses/>. + +# VyOS 1.2 crux allowed configuring a lower or upper case loglevel. This +# is no longer supported as the input data is validated and will lead to +# an error. If user specifies an upper case logleve, make it lowercase + +from vyos.configtree import ConfigTree + +base = ['service', 'ssh'] + +def migrate(config: ConfigTree) -> None: + if not config.exists(base): + # Nothing to do + return + + path_loglevel = base + ['loglevel'] + if config.exists(path_loglevel): + # red in configured loglevel and convert it to lower case + tmp = config.return_value(path_loglevel).lower() + # VyOS 1.2 had no proper value validation on the CLI thus the + # user could use any arbitrary values - sanitize them + if tmp not in ['quiet', 'fatal', 'error', 'info', 'verbose']: + tmp = 'info' + config.set(path_loglevel, value=tmp) + + # T4273: migrate ssh cipher list to multi node + path_ciphers = base + ['ciphers'] + if config.exists(path_ciphers): + tmp = [] + # get curtrent cipher list - comma delimited + for cipher in config.return_values(path_ciphers): + tmp.extend(cipher.split(',')) + # delete old cipher suite representation + config.delete(path_ciphers) + + for cipher in tmp: + config.set(path_ciphers, value=cipher, replace=False) + + # T4273: migrate ssh key-exchange list to multi node + path_kex = base + ['key-exchange'] + if config.exists(path_kex): + tmp = [] + # get curtrent cipher list - comma delimited + for kex in config.return_values(path_kex): + tmp.extend(kex.split(',')) + # delete old cipher suite representation + config.delete(path_kex) + + for kex in tmp: + config.set(path_kex, value=kex, replace=False) |