Development

2026-06-06 01:28:03 -04:00 · 2026-06-06 01:28:03 -04:00 · a94863e25a
commit a94863e25a
parent 34abbae32e
4 changed files with 77 additions and 4 deletions
--- a/routlin/mod_radius.py
+++ b/routlin/mod_radius.py
@ -247,6 +247,29 @@ def toggle_freeradius_block(content, block_name, enable):
    return content


+def _patch_setting_in_block(content, block_name, key, value):
+    """Patch `key = value` inside the first occurrence of `block_name { ... }`."""
+    lines = content.splitlines(keepends=True)
+    in_block = False
+    depth = 0
+    for i, line in enumerate(lines):
+        if not in_block:
+            if re.match(r'\s*' + re.escape(block_name) + r'\s*\{', line):
+                in_block = True
+                depth = 1
+        else:
+            depth += line.count('{') - line.count('}')
+            if depth <= 0:
+                break
+            if re.match(r'\s*' + re.escape(key) + r'\s*=', line):
+                lines[i] = re.sub(
+                    r'(' + re.escape(key) + r'\s*=\s*)\S+',
+                    rf'\g<1>{value}', line, count=1
+                )
+                return ''.join(lines)
+    return content
+
+
 def set_freeradius_eap(data):
    """Patch EAP config for eap_protocol and tunneled_reply settings.
    Returns True if the file was modified, False if unchanged or not found.
@ -265,10 +288,17 @@ def set_freeradius_eap(data):
    # Inner blocks (e.g. peap's tunneled default) must not be touched.
    content3 = re.sub(r'(?m)^(\s*default_eap_type\s*=\s*)\w+', rf'\g<1>{eap_type}', content2, count=1)
    content4 = toggle_freeradius_block(content3, 'md5', use_md5)
+
+    inner_protocol = opts.get('inner_protocol', '')
+    _valid_inner = {'eap_peap': {'mschapv2', 'md5', 'gtc'}, 'eap_ttls': {'md5', 'mschapv2', 'gtc'}}
+    if eap_protocol in _valid_inner and inner_protocol in _valid_inner[eap_protocol]:
+        inner_block = 'peap' if eap_protocol == 'eap_peap' else 'ttls'
+        content4 = _patch_setting_in_block(content4, inner_block, 'default_eap_type', inner_protocol)
+
    if content4 == content:
        return False
    RADIUS_EAP_FILE.write_text(content4)
-    print(f"EAP: default_eap_type={eap_type}, tunneled_reply={tr_val}")
+    print(f"EAP: default_eap_type={eap_type}, inner={inner_protocol or '(default)'}, tunneled_reply={tr_val}")
    return True