summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2019-10-19 10:45:05 +0200
committerChristian Poessinger <christian@poessinger.com>2019-10-19 10:45:05 +0200
commita16ee44ac1c25145d3e938eff0ab3e66923e2513 (patch)
tree5ca7970af596a9c91fa53d84ea1009d5a0303df4 /src/conf_mode
parent79bc826426385e5b40fbe58137d0a2d2831cf274 (diff)
parent6f73338f0a652ca9b68a5778456f63d098f04522 (diff)
downloadvyos-1x-a16ee44ac1c25145d3e938eff0ab3e66923e2513.tar.gz
vyos-1x-a16ee44ac1c25145d3e938eff0ab3e66923e2513.zip
Merge branch 'current' of github.com:vyos/vyos-1x into equuleus
* 'current' of github.com:vyos/vyos-1x: T1749: support multiple ranges in the numeric validator. dhcp-server: T1745: bugfix corner case on static-assignments system-proxy: T1741 - Add system wide proxy setting wireguard - remove endpoint check to enable roaming connections system-proxy: T1741 - Add system wide proxy setting CLI implementation Python/ifconfig: T1712: always start DHCP when configured Python/ifconfig: T1557: get_status() must use admin state not operstate bgp: T1490: fix migrator file permissions snmp: T1737: add missing completion helpers Revert "Python/ifconfig: T1712: wait when changing interface state" snmpd: T1705 - High CPU usage by bgpd when snmp is active Revert "snmpd: T1705 - High CPU usage by bgpd when snmp is active" openvpn: T1548: clean out import statements ssh.py: check if file exists before deleting it [BGP] T1490: Added migration for obsoleted 'bgp scan-time' parameter
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/dhcp_server.py3
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py18
-rwxr-xr-xsrc/conf_mode/interfaces-wireguard.py3
-rwxr-xr-xsrc/conf_mode/snmp.py2
-rwxr-xr-xsrc/conf_mode/ssh.py3
-rwxr-xr-xsrc/conf_mode/system-proxy.py92
6 files changed, 106 insertions, 15 deletions
diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py
index f19bcb250..af803a696 100755
--- a/src/conf_mode/dhcp_server.py
+++ b/src/conf_mode/dhcp_server.py
@@ -303,7 +303,8 @@ def dhcp_slice_range(exclude_list, range_list):
'start': str(ip_address(e) + 1),
'stop': str(range_stop)
}
- output.append(r)
+ if not (ip_address(r['start']) > ip_address(r['stop'])):
+ output.append(r)
else:
# if we have no exclude in the whole range - we just take the range
# as it is
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 5345bf7a2..cdd133904 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -16,11 +16,11 @@
import os
import re
-import sys
-import stat
-import jinja2
+from jinja2 import Template
from copy import deepcopy
+from sys import exit
+from stat import S_IRUSR,S_IRWXU,S_IRGRP,S_IXGRP,S_IROTH,S_IXOTH
from grp import getgrnam
from ipaddress import ip_address,ip_network,IPv4Interface
from netifaces import interfaces
@@ -331,12 +331,12 @@ def openvpn_mkdir(directory):
os.mkdir(directory)
# fix permissions - corresponds to mode 755
- os.chmod(directory, stat.S_IRWXU|stat.S_IRGRP|stat.S_IXGRP|stat.S_IROTH|stat.S_IXOTH)
+ os.chmod(directory, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH)
uid = getpwnam(user).pw_uid
gid = getgrnam(group).gr_gid
os.chown(directory, uid, gid)
-def fixup_permission(filename, permission=stat.S_IRUSR):
+def fixup_permission(filename, permission=S_IRUSR):
"""
Check if the given file exists and change ownershit to root/vyattacfg
and appripriate file access permissions - default is user and group readable
@@ -737,7 +737,7 @@ def verify(openvpn):
if openvpn['shared_secret_file']:
if openvpn['encryption'] in ['aes128gcm', 'aes192gcm', 'aes256gcm']:
raise ConfigError('GCM encryption with shared-secret-key-file is not supported')
-
+
if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']):
raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file']))
@@ -851,13 +851,13 @@ def generate(openvpn):
# Generate client specific configuration
for client in openvpn['client']:
client_file = directory + '/ccd/' + interface + '/' + client['name']
- tmpl = jinja2.Template(client_tmpl)
+ tmpl = Template(client_tmpl)
client_text = tmpl.render(client)
with open(client_file, 'w') as f:
f.write(client_text)
os.chown(client_file, uid, gid)
- tmpl = jinja2.Template(config_tmpl)
+ tmpl = Template(config_tmpl)
config_text = tmpl.render(openvpn)
# we need to support quoting of raw parameters from OpenVPN CLI
@@ -957,4 +957,4 @@ if __name__ == '__main__':
apply(c)
except ConfigError as e:
print(e)
- sys.exit(1)
+ exit(1)
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index 7a684bafa..013a07f32 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -190,9 +190,6 @@ def verify(c):
raise ConfigError("ERROR: allowed-ips required for peer " + p)
if not c['peer'][p]['pubkey']:
raise ConfigError("peer pubkey required for peer " + p)
- if not c['peer'][p]['endpoint']:
- raise ConfigError("peer endpoint required for peer " + p)
-
def apply(c):
# no wg configs left, remove all interface from system
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py
index 60e4c343d..cba1fe319 100755
--- a/src/conf_mode/snmp.py
+++ b/src/conf_mode/snmp.py
@@ -224,7 +224,7 @@ init_config_tmpl = """
SNMPDRUN=yes
# snmpd options (use syslog, close stdin/out/err).
-SNMPDOPTS='-LSed -u snmp -g snmp -I -ipCidrRouteTable, inetCidrRouteTable -p /run/snmpd.pid'
+SNMPDOPTS='-LSed -u snmp -g snmp -I -ipCidrRouteTable,inetCidrRouteTable -p /run/snmpd.pid'
"""
default_config_data = {
diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py
index e761d75ff..9fe22bfee 100755
--- a/src/conf_mode/ssh.py
+++ b/src/conf_mode/ssh.py
@@ -262,7 +262,8 @@ def apply(ssh):
else:
# SSH access is removed in the commit
os.system("sudo systemctl stop ssh.service")
- os.unlink(config_file)
+ if os.path.isfile(config_file):
+ os.unlink(config_file)
return None
diff --git a/src/conf_mode/system-proxy.py b/src/conf_mode/system-proxy.py
new file mode 100755
index 000000000..cf72a1f96
--- /dev/null
+++ b/src/conf_mode/system-proxy.py
@@ -0,0 +1,92 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2018 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import sys
+import os
+import re
+
+from vyos import ConfigError
+from vyos.config import Config
+
+proxy_def = r'/etc/profile.d/vyos-system-proxy.sh'
+
+
+def get_config():
+ c = Config()
+ if not c.exists('system proxy'):
+ return None
+
+ c.set_level('system proxy')
+
+ cnf = {
+ 'url': None,
+ 'port': None,
+ 'usr': None,
+ 'passwd': None
+ }
+
+ if c.exists('url'):
+ cnf['url'] = c.return_value('url')
+ if c.exists('port'):
+ cnf['port'] = c.return_value('port')
+ if c.exists('username'):
+ cnf['usr'] = c.return_value('username')
+ if c.exists('password'):
+ cnf['passwd'] = c.return_value('password')
+
+ return cnf
+
+
+def verify(c):
+ if not c:
+ return None
+ if not c['url'] or not c['port']:
+ raise ConfigError("proxy url and port requires a value")
+ elif c['usr'] and not c['passwd']:
+ raise ConfigError("proxy password requires a value")
+ elif not c['usr'] and c['passwd']:
+ raise ConfigError("proxy username requires a value")
+
+
+def generate(c):
+ if not c:
+ return None
+ if not c['usr']:
+ return str("export http_proxy={url}:{port}\nexport https_proxy=$http_proxy\nexport ftp_proxy=$http_proxy"
+ .format(url=c['url'], port=c['port']))
+ else:
+ return str("export http_proxy=http://{usr}:{passwd}@{url}:{port}\nexport https_proxy=$http_proxy\nexport ftp_proxy=$http_proxy"
+ .format(url=re.sub('http://', '', c['url']), port=c['port'], usr=c['usr'], passwd=c['passwd']))
+
+
+def apply(ln):
+ if not ln and os.path.exists(proxy_def):
+ os.remove(proxy_def)
+ else:
+ open(proxy_def, 'w').write(
+ "# generated by system-proxy.py\n{}\n".format(ln))
+
+if __name__ == '__main__':
+ try:
+ c = get_config()
+ verify(c)
+ ln = generate(c)
+ apply(ln)
+ except ConfigError as e:
+ print(e)
+ sys.exit(1)