From 785af7cf6603a81adc432537bf97987f59d818a3 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 22 Aug 2021 15:13:48 +0200
Subject: bridge: T3137: backport vlan features from 1.4 current

---
 src/validators/allowed-vlan | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100755 src/validators/allowed-vlan

(limited to 'src/validators')

diff --git a/src/validators/allowed-vlan b/src/validators/allowed-vlan
new file mode 100755
index 000000000..11389390b
--- /dev/null
+++ b/src/validators/allowed-vlan
@@ -0,0 +1,19 @@
+#! /usr/bin/python3
+
+import sys
+import re
+
+if __name__ == '__main__':
+    if len(sys.argv)>1:
+        allowed_vlan = sys.argv[1]
+        if re.search('[0-9]{1,4}-[0-9]{1,4}', allowed_vlan):
+            for tmp in allowed_vlan.split('-'):
+                if int(tmp) not in range(1, 4095):
+                    sys.exit(1)
+        else:
+            if int(allowed_vlan) not in range(1, 4095):
+                sys.exit(1)
+    else:
+        sys.exit(2)
+    
+    sys.exit(0)
-- 
cgit v1.2.3


From 688f9810fde3947db66ff7e4c0ea21bf9708feec Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Tue, 31 Aug 2021 12:20:05 +0200
Subject: ssh: T3789: add custom validator for base64 encoded CLI data

SSH keys used for remote login are supplied as base64 encoded data on the CLI.
The key is not validated, thus an invalid copy/pasted key will render the login
useless. This commit adds a custom and re-usable validator which check if the
data is properly base64 encoded.

(cherry picked from commit 00efce716912680354d47a2dca9769cd8c5c89ae)
---
 interface-definitions/system-login.xml.in |  5 ++++-
 src/validators/base64                     | 27 +++++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100755 src/validators/base64

(limited to 'src/validators')

diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in
index fb34b7199..3c2c7dfa5 100644
--- a/interface-definitions/system-login.xml.in
+++ b/interface-definitions/system-login.xml.in
@@ -52,7 +52,10 @@
                     <children>
                       <leafNode name="key">
                         <properties>
-                          <help>Public key value (base64-encoded)</help>
+                          <help>Public key value (Base64 encoded)</help>
+                          <constraint>
+                            <validator name="base64"/>
+                          </constraint>
                         </properties>
                       </leafNode>
                       <leafNode name="options">
diff --git a/src/validators/base64 b/src/validators/base64
new file mode 100755
index 000000000..e2b1e730d
--- /dev/null
+++ b/src/validators/base64
@@ -0,0 +1,27 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2021 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import base64
+from sys import argv
+
+if __name__ == '__main__':
+    if len(argv) != 2:
+        exit(1)
+    try:
+        base64.b64decode(argv[1])
+    except:
+        exit(1)
+    exit(0)
-- 
cgit v1.2.3


From 24f17e0e41bb0bfd4d42e5b335d03ed1b9b1c634 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 18 Sep 2021 11:26:14 +0200
Subject: validator: T2417: bugfix on Python3 f'ormat strings

Commit 3639a5610b590a ("validator: T2417: try to make the code clearer")
introduced Python3 f'ormatted strings but missed the "f" keyword.

(cherry picked from commit dda9f655f94968b07043887a03e3bba176eb94d5)
---
 src/validators/script | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

(limited to 'src/validators')

diff --git a/src/validators/script b/src/validators/script
index 2665ec1f6..1d8a27e5c 100755
--- a/src/validators/script
+++ b/src/validators/script
@@ -1,8 +1,6 @@
 #!/usr/bin/env python3
 #
-# numeric value validator
-#
-# Copyright (C) 2018 VyOS maintainers and contributors
+# Copyright (C) 2018-2021 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -23,7 +21,6 @@ import shlex
 
 import vyos.util
 
-
 if __name__ == '__main__':
     if len(sys.argv) < 2:
         sys.exit('Please specify script file to check')
@@ -35,11 +32,11 @@ if __name__ == '__main__':
         sys.exit(f'File {script} does not exist')
 
     if not (os.path.isfile(script) and os.access(script, os.X_OK)):
-        sys.exit('File {script} is not an executable file')
+        sys.exit(f'File {script} is not an executable file')
 
     # File outside the config dir is just a warning
     if not vyos.util.file_is_persistent(script):
         sys.exit(
-            'Warning: file {path} is outside the / config directory\n'
+            f'Warning: file {path} is outside the / config directory\n'
             'It will not be automatically migrated to a new image on system update'
         )
-- 
cgit v1.2.3