Merge branch 'crux' of github.com:vyos/vyos-1x into crux

3 files changed, 33 insertions, 29 deletions

diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py
index 69952e5e2..cbca72a85 100755
--- a/src/conf_mode/snmp.py
+++ b/src/conf_mode/snmp.py
@@ -669,48 +669,45 @@ def verify(snmp):
             # Group must exist prior to mapping it into a group
             # seclevel will be extracted from group
             #
-            error = True
             if user['group']:
+                error = True
                 if 'v3_groups' in snmp.keys():
                     for group in snmp['v3_groups']:
                         if group['name'] == user['group']:
                             seclevel = group['seclevel']
                             error = False
 
-            if error:
-                raise ConfigError('You must create group "{0}" first'.format(user['group']))
+                if error:
+                    raise ConfigError('You must create group "{0}" first'.format(user['group']))
 
             # Depending on the configured security level
             # the user has to provide additional info
-            if seclevel in ('auth', 'priv'):
-                if user['authPassword'] and user['authMasterKey']:
-                    raise ConfigError('Can not mix "encrypted-key" and "plaintext-key" for user auth')
+            if user['authPassword'] and user['authMasterKey']:
+                raise ConfigError('Can not mix "encrypted-key" and "plaintext-key" for user auth')
 
-                if (not user['authPassword'] and not user['authMasterKey']):
-                    raise ConfigError('Must specify encrypted-key or plaintext-key for user auth')
+            if (not user['authPassword'] and not user['authMasterKey']):
+                raise ConfigError('Must specify encrypted-key or plaintext-key for user auth')
 
-                # seclevel 'priv' is more restrictive
-                if seclevel in ('priv'):
-                    if user['privPassword'] and user['privMasterKey']:
-                        raise ConfigError('Can not mix "encrypted-key" and "plaintext-key" for user privacy')
+            if user['privPassword'] and user['privMasterKey']:
+                raise ConfigError('Can not mix "encrypted-key" and "plaintext-key" for user privacy')
 
-                    if user['privPassword'] == '' and user['privMasterKey'] == '':
-                        raise ConfigError('Must specify encrypted-key or plaintext-key for user privacy')
+            if user['privPassword'] == '' and user['privMasterKey'] == '':
+                raise ConfigError('Must specify encrypted-key or plaintext-key for user privacy')
 
-                    if user['privMasterKey'] and user['engineID'] == '':
-                        raise ConfigError('Can not have "encrypted-key" without engineid')
+            if user['privMasterKey'] and user['engineID'] == '':
+                raise ConfigError('Can not have "encrypted-key" without engineid')
 
-                    if user['authPassword'] == '' and user['authMasterKey'] == '' and user['privTsmKey'] == '':
-                        raise ConfigError('Must specify auth or tsm-key for user auth')
+            if user['authPassword'] == '' and user['authMasterKey'] == '' and user['privTsmKey'] == '':
+                raise ConfigError('Must specify auth or tsm-key for user auth')
 
-                    if user['mode'] == '':
-                        raise ConfigError('Must specify user mode ro/rw')
+            if user['mode'] == '':
+                raise ConfigError('Must specify user mode ro/rw')
 
-                    if user['privTsmKey']:
-                        if not tsmKeyPattern.match(snmp['v3_tsm_key']):
-                            if not os.path.isfile('/etc/snmp/tls/certs/' + snmp['v3_tsm_key']):
-                                if not os.path.isfile('/config/snmp/tls/certs/' + snmp['v3_tsm_key']):
-                                    raise ConfigError('User TSM key must be fingerprint or filename in "/config/snmp/tls/certs/" folder')
+            if user['privTsmKey']:
+                if not tsmKeyPattern.match(snmp['v3_tsm_key']):
+                    if not os.path.isfile('/etc/snmp/tls/certs/' + snmp['v3_tsm_key']):
+                        if not os.path.isfile('/config/snmp/tls/certs/' + snmp['v3_tsm_key']):
+                            raise ConfigError('User TSM key must be fingerprint or filename in "/config/snmp/tls/certs/" folder')
 
     if 'v3_views' in snmp.keys():
         for view in snmp['v3_views']:
diff --git a/src/migration-scripts/system/8-to-9 b/src/migration-scripts/system/8-to-9
index db3fefdea..cd92f3023 100755
--- a/src/migration-scripts/system/8-to-9
+++ b/src/migration-scripts/system/8-to-9
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 
-# Deletes "system package" option as it is deprecated
+# Deletes the deprecated "system package" and "service telnet" options
 
 import sys
 
@@ -17,12 +17,16 @@ with open(file_name, 'r') as f:
 
 config = ConfigTree(config_file)
 
-if not config.exists(['system', 'package']):
+if (not config.exists(['system', 'package'])) and (not config.exists(['service', 'telnet'])):
     # Nothing to do
     sys.exit(0)
 else:
-    # Delete the node with the old syntax
-    config.delete(['system', 'package'])
+    # Delete the "system package" subtree
+    if config.exists(['system', 'package']):
+        config.delete(['system', 'package'])
+
+    if config.exists(['service', 'telnet']):
+        config.delete(['service', 'telnet'])
 
     try:
         with open(file_name, 'w') as f:
diff --git a/src/system/post-upgrade b/src/system/post-upgrade
new file mode 100755
index 000000000..41b7c01ba
--- /dev/null
+++ b/src/system/post-upgrade
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+chown -R root:vyattacfg /config