From 359f0c97f0e6d75f0b5065811efe9ea3eacb5a37 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 17 Aug 2021 13:46:33 +0200 Subject: policy: T2425: add missing validator for large-community-lists without the validators FRR commit errors would happen. --- src/validators/large-community-list | 41 +++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100755 src/validators/large-community-list (limited to 'src/validators') diff --git a/src/validators/large-community-list b/src/validators/large-community-list new file mode 100755 index 000000000..6c9a3a148 --- /dev/null +++ b/src/validators/large-community-list @@ -0,0 +1,41 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import re +import sys + +from vyos.template import is_ipv4 + +pattern = '(.*):(.*):(.*)' + +if __name__ == '__main__': + if len(sys.argv) != 2: + sys.exit(1) + + value = sys.argv[1].split(':') + if not len(value) == 3: + sys.exit(1) + + # Check if the first string is an IPv4 address + if is_ipv4(value[0]): + if value[1].isdigit() and value[2].isdigit(): + sys.exit(0) + # If first string is not an IP address it must be a number + else: + if value[0].isdigit() and value[1].isdigit() and value[2].isdigit(): + sys.exit(0) + + sys.exit(1) -- cgit v1.2.3 From 63b755f85afb12ae6b609d76ef7d1b4cc2ff5a98 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 18 Aug 2021 09:06:10 +0200 Subject: policy: T2425: import exact Perl match criteria for large-community-list --- src/validators/large-community-list | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) (limited to 'src/validators') diff --git a/src/validators/large-community-list b/src/validators/large-community-list index 6c9a3a148..c07268e81 100755 --- a/src/validators/large-community-list +++ b/src/validators/large-community-list @@ -29,13 +29,8 @@ if __name__ == '__main__': if not len(value) == 3: sys.exit(1) - # Check if the first string is an IPv4 address - if is_ipv4(value[0]): - if value[1].isdigit() and value[2].isdigit(): - sys.exit(0) - # If first string is not an IP address it must be a number - else: - if value[0].isdigit() and value[1].isdigit() and value[2].isdigit(): - sys.exit(0) + if not (re.match(pattern, sys.argv[1]) and + (is_ipv4(value[0]) or value[0].isdigit()) and value[1].isdigit()): + sys.exit(1) - sys.exit(1) + sys.exit(0) -- cgit v1.2.3 From dd1f3e3313db14ccf2f34663e113f6383ec1a89f Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 24 Aug 2021 12:18:33 +0200 Subject: policy: T2425: rename validator large-community-list -> bgp-large-community-list ... as we will get another bgp route-target validator soon. --- interface-definitions/policy.xml.in | 2 +- src/validators/bgp-large-community-list | 36 +++++++++++++++++++++++++++++++++ src/validators/large-community-list | 36 --------------------------------- 3 files changed, 37 insertions(+), 37 deletions(-) create mode 100755 src/validators/bgp-large-community-list delete mode 100755 src/validators/large-community-list (limited to 'src/validators') diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in index ce190b046..bf1832832 100644 --- a/interface-definitions/policy.xml.in +++ b/interface-definitions/policy.xml.in @@ -323,7 +323,7 @@ BGP large-community-list filter (IPv4 address format) - + Malformed large-community-list diff --git a/src/validators/bgp-large-community-list b/src/validators/bgp-large-community-list new file mode 100755 index 000000000..c07268e81 --- /dev/null +++ b/src/validators/bgp-large-community-list @@ -0,0 +1,36 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import re +import sys + +from vyos.template import is_ipv4 + +pattern = '(.*):(.*):(.*)' + +if __name__ == '__main__': + if len(sys.argv) != 2: + sys.exit(1) + + value = sys.argv[1].split(':') + if not len(value) == 3: + sys.exit(1) + + if not (re.match(pattern, sys.argv[1]) and + (is_ipv4(value[0]) or value[0].isdigit()) and value[1].isdigit()): + sys.exit(1) + + sys.exit(0) diff --git a/src/validators/large-community-list b/src/validators/large-community-list deleted file mode 100755 index c07268e81..000000000 --- a/src/validators/large-community-list +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2021 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -import re -import sys - -from vyos.template import is_ipv4 - -pattern = '(.*):(.*):(.*)' - -if __name__ == '__main__': - if len(sys.argv) != 2: - sys.exit(1) - - value = sys.argv[1].split(':') - if not len(value) == 3: - sys.exit(1) - - if not (re.match(pattern, sys.argv[1]) and - (is_ipv4(value[0]) or value[0].isdigit()) and value[1].isdigit()): - sys.exit(1) - - sys.exit(0) -- cgit v1.2.3 From 474db49afc759eeacc2208a18995452e6fe5f6fc Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 24 Aug 2021 12:27:07 +0200 Subject: bgp: T3759: "l2vpn evpn" and ipv4/ipv6 safi route-targets differ The "l2vpn evpn" address-family route-target command only accepts a single route-target value consisting of (A.B.C.D:MN|EF:OPQR|GHJK:MN). The "ipv4-unicast or ipv6-unicast" address-family route-target command for VPNs support multiple, whitespace separated route-target values. This commit adds a new custom validator named "bgp-route-target" with a --single and a --multi option to pass one or more route-target values. --- .../include/bgp/afi-l2vpn-common.xml.i | 39 ++++++++++++++-- .../include/bgp/afi-route-target-vpn.xml.i | 52 ++++++++++++++++++++++ .../include/bgp/protocol-common-config.xml.i | 19 +------- .../include/bgp/route-target-both.xml.i | 14 ------ .../include/bgp/route-target-export.xml.i | 14 ------ .../include/bgp/route-target-import.xml.i | 14 ------ src/validators/bgp-route-target | 51 +++++++++++++++++++++ 7 files changed, 141 insertions(+), 62 deletions(-) create mode 100644 interface-definitions/include/bgp/afi-route-target-vpn.xml.i delete mode 100644 interface-definitions/include/bgp/route-target-both.xml.i delete mode 100644 interface-definitions/include/bgp/route-target-export.xml.i delete mode 100644 interface-definitions/include/bgp/route-target-import.xml.i create mode 100755 src/validators/bgp-route-target (limited to 'src/validators') diff --git a/interface-definitions/include/bgp/afi-l2vpn-common.xml.i b/interface-definitions/include/bgp/afi-l2vpn-common.xml.i index a9a833851..8deb189ab 100644 --- a/interface-definitions/include/bgp/afi-l2vpn-common.xml.i +++ b/interface-definitions/include/bgp/afi-l2vpn-common.xml.i @@ -17,9 +17,42 @@ Route Target - #include - #include - #include + + + Route Target both import and export + + txt + Route target (A.B.C.D:MN|EF:OPQR|GHJK:MN) + + + + + + + + + Route Target import + + txt + Route target (A.B.C.D:MN|EF:OPQR|GHJK:MN) + + + + + + + + + Route Target export + + txt + Route target (A.B.C.D:MN|EF:OPQR|GHJK:MN) + + + + + + diff --git a/interface-definitions/include/bgp/afi-route-target-vpn.xml.i b/interface-definitions/include/bgp/afi-route-target-vpn.xml.i new file mode 100644 index 000000000..1dc184a02 --- /dev/null +++ b/interface-definitions/include/bgp/afi-route-target-vpn.xml.i @@ -0,0 +1,52 @@ + + + + Specify route distinguisher + + + + + Between current address-family and VPN + + + + + Route Target both import and export + + txt + Space separated route target list (A.B.C.D:MN|EF:OPQR|GHJK:MN) + + + + + + + + + Route Target import + + txt + Space separated route target list (A.B.C.D:MN|EF:OPQR|GHJK:MN) + + + + + + + + + Route Target export + + txt + Space separated route target list (A.B.C.D:MN|EF:OPQR|GHJK:MN) + + + + + + + + + + + diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i index a971c52b8..2b22bac7d 100644 --- a/interface-definitions/include/bgp/protocol-common-config.xml.i +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -119,23 +119,7 @@ #include #include - - - Specify route distinguisher - - - - - Between current address-family and VPN - - - #include - #include - #include - - - - + #include Redistribute routes from other protocols into BGP @@ -520,6 +504,7 @@ #include #include + #include Redistribute routes from other protocols into BGP diff --git a/interface-definitions/include/bgp/route-target-both.xml.i b/interface-definitions/include/bgp/route-target-both.xml.i deleted file mode 100644 index d77878812..000000000 --- a/interface-definitions/include/bgp/route-target-both.xml.i +++ /dev/null @@ -1,14 +0,0 @@ - - - - Route Target both import and export - - txt - Route target (x.x.x.x:yyy|xxxx:yyyy) - - - ^((25[0-5]|2[0-4][0-9]|[1][0-9][0-9]|[1-9][0-9]|[0-9]?)(\.(25[0-5]|2[0-4][0-9]|[1][0-9][0-9]|[1-9][0-9]|[0-9]?)){3}|[0-9]{1,10}):[0-9]{1,5}$ - - - - diff --git a/interface-definitions/include/bgp/route-target-export.xml.i b/interface-definitions/include/bgp/route-target-export.xml.i deleted file mode 100644 index 0431f0fcb..000000000 --- a/interface-definitions/include/bgp/route-target-export.xml.i +++ /dev/null @@ -1,14 +0,0 @@ - - - - Route Target export - - txt - Route target (x.x.x.x:yyy|xxxx:yyyy) - - - ^((25[0-5]|2[0-4][0-9]|[1][0-9][0-9]|[1-9][0-9]|[0-9]?)(\.(25[0-5]|2[0-4][0-9]|[1][0-9][0-9]|[1-9][0-9]|[0-9]?)){3}|[0-9]{1,10}):[0-9]{1,5}$ - - - - diff --git a/interface-definitions/include/bgp/route-target-import.xml.i b/interface-definitions/include/bgp/route-target-import.xml.i deleted file mode 100644 index aa861c428..000000000 --- a/interface-definitions/include/bgp/route-target-import.xml.i +++ /dev/null @@ -1,14 +0,0 @@ - - - - Route Target import - - txt - Route target (x.x.x.x:yyy|xxxx:yyyy) - - - ^((25[0-5]|2[0-4][0-9]|[1][0-9][0-9]|[1-9][0-9]|[0-9]?)(\.(25[0-5]|2[0-4][0-9]|[1][0-9][0-9]|[1-9][0-9]|[0-9]?)){3}|[0-9]{1,10}):[0-9]{1,5}$ - - - - diff --git a/src/validators/bgp-route-target b/src/validators/bgp-route-target new file mode 100755 index 000000000..e7e4d403f --- /dev/null +++ b/src/validators/bgp-route-target @@ -0,0 +1,51 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +from argparse import ArgumentParser +from vyos.template import is_ipv4 + +parser = ArgumentParser() +group = parser.add_mutually_exclusive_group() +group.add_argument('--single', action='store', help='Validate and allow only one route-target') +group.add_argument('--multi', action='store', help='Validate multiple, whitespace separated route-targets') +args = parser.parse_args() + +def is_valid_rt(rt): + # every route target needs to have a colon and must consists of two parts + value = rt.split(':') + if len(value) != 2: + return False + # A route target must either be only numbers, or the first part must be an + # IPv4 address + if (is_ipv4(value[0]) or value[0].isdigit()) and value[1].isdigit(): + return True + return False + +if __name__ == '__main__': + if args.single: + if not is_valid_rt(args.single): + exit(1) + + elif args.multi: + for rt in args.multi.split(' '): + if not is_valid_rt(rt): + exit(1) + + else: + parser.print_help() + exit(1) + + exit(0) -- cgit v1.2.3 From 00efce716912680354d47a2dca9769cd8c5c89ae Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 31 Aug 2021 12:20:05 +0200 Subject: ssh: T3789: add custom validator for base64 encoded CLI data SSH keys used for remote login are supplied as base64 encoded data on the CLI. The key is not validated, thus an invalid copy/pasted key will render the login useless. This commit adds a custom and re-usable validator which check if the data is properly base64 encoded. --- interface-definitions/system-login.xml.in | 5 ++++- src/validators/base64 | 27 +++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100755 src/validators/base64 (limited to 'src/validators') diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in index fb34b7199..3c2c7dfa5 100644 --- a/interface-definitions/system-login.xml.in +++ b/interface-definitions/system-login.xml.in @@ -52,7 +52,10 @@ - Public key value (base64-encoded) + Public key value (Base64 encoded) + + + diff --git a/src/validators/base64 b/src/validators/base64 new file mode 100755 index 000000000..e2b1e730d --- /dev/null +++ b/src/validators/base64 @@ -0,0 +1,27 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import base64 +from sys import argv + +if __name__ == '__main__': + if len(argv) != 2: + exit(1) + try: + base64.b64decode(argv[1]) + except: + exit(1) + exit(0) -- cgit v1.2.3 From dda9f655f94968b07043887a03e3bba176eb94d5 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 18 Sep 2021 11:26:14 +0200 Subject: validator: T2417: bugfix on Python3 f'ormat strings Commit 3639a5610b590a ("validator: T2417: try to make the code clearer") introduced Python3 f'ormatted strings but missed the "f" keyword. --- src/validators/script | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'src/validators') diff --git a/src/validators/script b/src/validators/script index 2665ec1f6..1d8a27e5c 100755 --- a/src/validators/script +++ b/src/validators/script @@ -1,8 +1,6 @@ #!/usr/bin/env python3 # -# numeric value validator -# -# Copyright (C) 2018 VyOS maintainers and contributors +# Copyright (C) 2018-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -23,7 +21,6 @@ import shlex import vyos.util - if __name__ == '__main__': if len(sys.argv) < 2: sys.exit('Please specify script file to check') @@ -35,11 +32,11 @@ if __name__ == '__main__': sys.exit(f'File {script} does not exist') if not (os.path.isfile(script) and os.access(script, os.X_OK)): - sys.exit('File {script} is not an executable file') + sys.exit(f'File {script} is not an executable file') # File outside the config dir is just a warning if not vyos.util.file_is_persistent(script): sys.exit( - 'Warning: file {path} is outside the / config directory\n' + f'Warning: file {path} is outside the / config directory\n' 'It will not be automatically migrated to a new image on system update' ) -- cgit v1.2.3