Age | Commit message (Collapse) | Author |
|
|
|
(cherry picked from commit 358831c18fcf2937f4bf85a55fa0c8bdc802d817)
|
|
(cherry picked from commit 9f6ca1e489c0498bfa90ca027d1d7419d4e422b8)
|
|
Note that one can also use the mutation Show, with path
["configuration", "json", "pretty"]; that command will obscure passwords
and keys, and we may want to disallow this version.
(cherry picked from commit a05866e5301934f61a3c83550f91926e03bfc7b0)
|
|
(cherry picked from commit 1f926e1b1fe7d82113be55916a55ca7e3cceac76)
|
|
(cherry picked from commit ee53af35eb1edb6167a65b290f25a95b2a586498)
|
|
(cherry picked from commit ef7f5ca2fd2c0113875dbd9143342e925cf00621)
|
|
(cherry picked from commit fb2dc58d91bd93ba3aaa63d46e49e6609c18d46f)
|
|
(cherry picked from commit 6de15a4162224dbf2d911bce0a9d4eaa396071a3)
|
|
(cherry picked from commit f4ec1a88b655e64372d30166b69021e2a17b2a90)
|
|
(cherry picked from commit 8915a19f7761253b7bdf6ca847069539ee33851d)
|
|
(cherry picked from commit 9e2694b24b06d928240522322c9a6d60c7a7d290)
|
|
(cherry picked from commit dc9a2821d063a96681d6cb1d962618829b71937d)
|
|
(cherry picked from commit 5b69aad5bfe1fd1dfc51afb1d4b6323028009deb)
|
|
(cherry picked from commit b168b4cc7da456f14714d917cdc7a1c6b8df9af5)
|
|
FastAPI 0.65.2 checks content-type request header before assuming JSON,
closing a well-known loophole. This requires a modification of the code
providing backwards compatibility of multipart forms.
(cherry picked from commit 3a9041e2d4d4a48ba7c01439e69c5f86a4a850c2)
|
|
Replace the Flask micro-framework with FastAPI, in order to support
extensions to the API and OpenAPI 3.* generation. This change will
remain backwards compatible with previous versions. Notably, the
multipart forms version of requests remain supported; in addition
application/json requests are now natively supported.
(cherry picked from commit 0125fff200efe3259aa25953e7505f69679261f8)
|
|
Several scripts imported by vyos-configd (including
src/conf_mode/protocols_static.py) rely on argv for operating on VRFs.
Always setting script.argv in src/services/vyos-configd ensures those
scripts will operate on the default VRF when called with no arguments.
Otherwise, a stale argv might cause those scripts to operate on the last
modified VRF instead of the default VRF.
(cherry picked from commit 3341c591ad1190f39ff3ffd475eddf5d95aef763)
|
|
(cherry picked from commit b3d914edcb506bb25c3798683cda341b8acbb0ad)
|
|
If the script name is mangled, for any reason (e.g. missing support for
script arguments) checking against the exclude_set will yield a false
positive; check against the include_set, even if this is a longer
search.
(cherry picked from commit 93c07ea1edff3f6f84285322b494a24b807ccc25)
|
|
(cherry picked from commit eeb9687bb9aaf6050b0a8759767f08ab8faac442)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The only calls to config (return_value, return_values, exists) do not
throw VyOSError; remove unneeded except.
|
|
- update copyright date
- validate incoming JSON data against a schema with voluptuous
- add usage help describing internal messages syntax at top of vyos-hostsd
- move socket and state file to directory /run/vyos-hostsd
- replace jinja2 rendering with vyos.template
- move all templates out of the executable into dedicated data/templates dirs
- move recursor.conf forward-zones-recurse to forward-zones-file
- generate lua-config-file for pdns-recursor with addNTA
- support adding custom forward zones for pdns-recursor with optional added NTA and/or recursion-desired
- move search_domains from set_host_name to separate add/delete/get commands
- unify functions to support abstracting them in the future
- track number of internal changes in "changes" variable saved in state file (informational in apply function)
- do not apply changes immediately, add apply function that applies all changes (to not reload pdns-recursor excessively for a large set of changes, users must call the apply function once at the end)
- add pdns_rec_control function that supports sending arbitrary commands to rec_control (fix pdns-recursor process name that caused the old function to think pdns-recursor was never running)
- create /run/powerdns if it doesn't exist (on boot vyos-hostsd starts before pdns-recursor but we need to put our generated conf files there)
- abstract specific command functions (add_*/del_*) into general functions to manipulate various types of data in the state variable
- add command types:
- forward_zones (generate custom forward zones for pdns-recursor)
- search_domains (move from set_host_name as dhcp client needs to change them too)
- name_server_tags_recursor (to set tags whose nameservers are added to pdns-recursor)
- name_server_tags_system (to set tags whose nameservers and search domains are added to /etc/resolv.conf)
- change hosts data format to make more sense (move tag from within each host dict to the key for a list of host dicts)
- do not remove state file when shut down cleanly, to not lose state when restarting vyos-hostsd service that's then impossible to restore without restarting the whole router - a reboot will remove the state file as it lives in a tmpfs (/run)
- remove too verbose info log on every received message
- set mode of socket to 770 to secure it against processes not in hostsd group
|
|
|
|
The DHCP server is unable to apply entries to the hosts file because the permissions on the socket are getting created wrong.
```
$ ls -al /run/vyos-hostsd.sock
srwxrwxrwx 1 root vyattacfg 0 May 20 01:38 /run/vyos-hostsd.sock
```
This gives it the correct permissions so that the nobody/nobody user/group can change it.
|
|
|
|
|
|
|
|
|
|
|
|
[T2311] name servers via cmdline can't take effect
|
|
|
|
|
|
Please refer to https://phabricator.vyos.net/T2311
|
|
|
|
|
|
In case if stdout PIPE were lost (for example, after systemd-journald restart), using print() will raise the exception.
This patch replaces print() to logging function, which is not sensitive to this problem. This makes vyos-hostd resistant to stdout disconnection, but of course, all logs after stdout disconnection will be lost.
|
|
|
|
|