From 3c754695590b9d9e582c10e6d05c2b628e79262c Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 13 May 2021 17:49:00 +0200 Subject: dhcp-server: T3544: test newly rendered configuration before restarting daemon The current DHCP server implementation comes with options (see below) which allow the user to pass in any arbitrary option(s) in a verbatim way which will manifest in dhcpd.conf. The options are: * set service dhcp-server global-parameters * set service dhcp-server shared-network-name foo shared-network-parameters * set service dhcp-server shared-network-name foo subnet 192.0.2.0/25 subnet-parameters * set service dhcp-server shared-network-name foo subnet 192.0.2.0/25 static-mapping ff static-mapping-parameters Having an invalid configuration will yield: vyos@vyos# commit [ service dhcp-server ] Configuration file errors encountered - check your options! [[service dhcp-server]] failed --- src/conf_mode/dhcp_server.py | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py index 84a8736e8..47df12804 100755 --- a/src/conf_mode/dhcp_server.py +++ b/src/conf_mode/dhcp_server.py @@ -18,6 +18,7 @@ import os from ipaddress import ip_address from ipaddress import ip_network +from shutil import move from sys import exit from vyos.config import Config @@ -25,6 +26,7 @@ from vyos.configdict import dict_merge from vyos.template import render from vyos.util import call from vyos.util import dict_search +from vyos.util import run from vyos.validate import is_subnet_connected from vyos.validate import is_addr_assigned from vyos.xml import defaults @@ -272,10 +274,25 @@ def generate(dhcp): if not dhcp or 'disable' in dhcp: return None - # Please see: https://phabricator.vyos.net/T1129 for quoting of the raw parameters - # we can pass to ISC DHCPd - render(config_file, 'dhcp-server/dhcpd.conf.tmpl', dhcp, + # Please see: https://phabricator.vyos.net/T1129 for quoting of the raw + # parameters we can pass to ISC DHCPd + tmp_file = '/tmp/dhcpd.conf' + render(tmp_file, 'dhcp-server/dhcpd.conf.tmpl', dhcp, formater=lambda _: _.replace(""", '"')) + # XXX: as we have the ability for a user to pass in "raw" options via VyOS + # CLI (see T3544) we now ask ISC dhcpd to test the newly rendered + # configuration + tmp = run(f'/usr/sbin/dhcpd -t -cf {tmp_file}') + if tmp > 0: + if os.path.exists(tmp_file): + os.unlink(tmp_file) + raise ConfigError('Configuration file errors encountered - check your options!') + + # Now that we know that the newly rendered configuration is "good" we can + # move the temporary configuration to the "real" configuration - we could + # also render it two times but that would not be as fast as a move operation + move(tmp_file, config_file) + return None def apply(dhcp): -- cgit v1.2.3