Merge branch 'jenner' into kenwood

Conflicts:
	debian/changelog

12 files changed, 228 insertions, 159 deletions

diff --git a/.gitignore b/.gitignore
index 30ff063d..496dcf53 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,6 @@
+*.orig
+*.rej
+*#
 *~
 .*.swp
 /aclocal.m4
diff --git a/Makefile.am b/Makefile.am
index 5152fb71..2168e11e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,5 +1,5 @@
 cfgdir = $(datadir)/vyatta-cfg/templates
-share_perl5dir = $(datarootdir)/perl5/Vyatta
+share_perl5dir = $(datarootdir)/perl5/Vyatta/Login
 libudevdir = /lib/udev
 etcudevdir = /etc/udev
 bin_sudo_usersdir = $(bindir)/sudo-users
@@ -24,7 +24,6 @@ sbin_SCRIPTS += scripts/vyatta-grub-setup
 sbin_SCRIPTS += scripts/standalone_root_pw_reset
 sbin_SCRIPTS += scripts/vyatta-passwd-sync
 sbin_SCRIPTS += scripts/system/vyatta_update_login.pl
-sbin_SCRIPTS += scripts/system/vyatta_update_radius.pl
 sbin_SCRIPTS += scripts/system/vyatta_update_logrotate.pl
 sbin_SCRIPTS += scripts/system/vyatta_update_resolv.pl
 sbin_SCRIPTS += scripts/system/vyatta_update_syslog.pl
@@ -44,6 +43,9 @@ sbin_SCRIPTS += scripts/vyatta-update-arp-params
 sbin_SCRIPTS += scripts/zone-mgmt/vyatta-zone.pl
 sbin_SCRIPTS += scripts/vyatta-banner.pl
 
+share_perl5_DATA = lib/Vyatta/Login/User.pm
+share_perl5_DATA += lib/Vyatta/Login/Radius.pm
+
 noinst_DATA = test_bootfile
 
 bin_sudo_users_SCRIPTS  = scripts/keepalived/vyatta-clear-vrrp.pl
diff --git a/debian/changelog b/debian/changelog
index 20dc9ec9..cdb4d2bb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,15 +1,3 @@
-vyatta-cfg-system (0.15.49) unstable; urgency=low
-
-  [ Stephen Hemminger ]
-  * Print error message on failure to create group/user
-
-  [ Mohit Mehta ]
-  * move server,protocol to the same line in config file
-
-  [ An-Cheng Huang ]
-
- -- An-Cheng Huang <ancheng@vyatta.com>  Fri, 29 May 2009 18:35:29 -0700
-
 vyatta-cfg-system (0.15.48) unstable; urgency=low
 
   * Restore default facility for 'syslog console'
diff --git a/scripts/system/vyatta_update_radius.pl b/lib/Vyatta/Login/Radius.pm
index 69e605da..6a949434 100644
--- a/scripts/system/vyatta_update_radius.pl
+++ b/lib/Vyatta/Login/Radius.pm
@@ -1,5 +1,3 @@
-#!/usr/bin/perl
-
 # **** License ****
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 as
@@ -16,7 +14,9 @@
 #
 # **** End License ****
 
+package Vyatta::Login::Radius;
 use strict;
+use warnings;
 use lib "/opt/vyatta/share/perl5";
 use Vyatta::Config;
 
@@ -83,37 +83,44 @@ sub add_radius_servers {
     return 1;
 }
 
-# handle "radius-server"
-my $rconfig = new Vyatta::Config;
-$rconfig->setLevel("system login radius-server");
-my %servers     = $rconfig->listNodeStatus();
-my @server_keys = sort keys %servers;
-if ( scalar(@server_keys) <= 0 ) {
+sub new {
+    my $that = shift;
+    my $class = ref($that) || $that;
+    my $rconfig = new Vyatta::Config;
+    $rconfig->setLevel("system login radius-server");
+    my %servers     = $rconfig->listNodeStatus();
+    my $self = \%servers;
+
+    bless $self, $class;
 
-    # all radius servers deleted
-    exit 1 if ( !remove_pam_radius() );
-    exit 0;
+    return $self;
 }
 
-# we have some servers
-my $all_deleted = 1;
-my $server_str  = '';
-remove_radius_servers();
-
-for my $server (@server_keys) {
-    if ( $servers{$server} ne 'deleted' ) {
-        $all_deleted = 0;
-        my $port    = $rconfig->returnValue("$server port");
-        my $secret  = $rconfig->returnValue("$server secret");
-        my $timeout = $rconfig->returnValue("$server timeout");
-        $server_str .= "$server:$port\t$secret\t$timeout\n";
+sub update {
+    my $self       = shift;
+    my %servers    = %$self;
+    my $server_str  = '';
+    my $rconfig = new Vyatta::Config;
+    $rconfig->setLevel('system login radius-server');
+
+    if (%servers) {
+	remove_radius_servers();
+
+	for my $server (sort keys %servers) {
+	    next if ( $servers{$server} eq 'deleted' );
+	    my $port    = $rconfig->returnValue("$server port");
+	    my $secret  = $rconfig->returnValue("$server secret");
+	    my $timeout = $rconfig->returnValue("$server timeout");
+	    $server_str .= "$server:$port\t$secret\t$timeout\n";
+	}
+
+	exit 1 if ( !add_radius_servers($server_str) );
+	exit 1 if ( !add_pam_radius() );
+
+    } else {
+	# all radius servers deleted
+	exit 1 if ( !remove_pam_radius() );
     }
 }
 
-if ($all_deleted) {
-    # all radius servers deleted
-    exit 1 if ( !remove_pam_radius() );
-} else {
-    exit 1 if ( !add_radius_servers($server_str) );
-    exit 1 if ( !add_pam_radius() );
-}
+1;
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
new file mode 100755
index 00000000..42bcbd53
--- /dev/null
+++ b/lib/Vyatta/Login/User.pm
@@ -0,0 +1,156 @@
+# **** License ****
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# This code was originally developed by Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc.
+# All Rights Reserved.
+#
+# **** End License ****
+
+package Vyatta::Login::User;
+use strict;
+use warnings;
+use lib "/opt/vyatta/share/perl5";
+use Vyatta::Config;
+
+sub new {
+    my ( $that ) = @_;
+    my $class = ref($that) || $that;
+    $config->setLevel("system login user");
+    my %users     = $config->listNodeStatus();
+    my @user_keys = sort keys %users;
+
+    if (   ( scalar(@user_keys) <= 0 )
+        || !( grep /^root$/, @user_keys )
+        || ( $users{'root'} eq 'deleted' ) )
+    {
+
+        # root is deleted
+        die "User \"root\" cannot be deleted\n";
+    }
+
+    my $self = \%users;
+    bless $self, $class;
+
+    return $self;
+}
+
+# Exit codes form useradd.8 man page
+my %reasons = (
+    0  => 'success',
+    1  => 'can´t update password file',
+    2  => 'invalid command syntax',
+    3  => 'invalid argument to option',
+    4  => 'UID already in use (and no -o)',
+    6  => 'specified group doesn´t exist',
+    9  => 'username already in use',
+    10 => 'can´t update group file',
+    12 => 'can´t create home directory',
+    13 => 'can´t create mail spool',
+);
+
+# Map of level to additional groups
+my %level_map = (
+    'admin'    => [ 'quaggavty', 'vyattacfg', 'sudo', 'adm', 'dip', 'disk' ],
+    'operator' => [ 'quaggavty', 'operator',  'adm',  'dip', ],
+);
+
+# Construct a map from existing users to group membership
+sub get_groups {
+    my %group_map;
+
+    setgrent();
+    while ( my ( $name, undef, undef, $members ) = getgrent() ) {
+        foreach my $user ( split / /, $members ) {
+            $group_map{$user} = [] unless ( $group_map{$user} );
+            my $g = $group_map{$user};
+            push @$g, $name;
+        }
+    }
+    endgrent();
+
+    return \%group_map;
+}
+
+sub update {
+    my $self       = shift;
+    my %users      = %$self;
+    my $membership = get_groups();
+    my $uconfig    = new Vyatta::Config;
+
+    foreach my $user ( keys %users ) {
+        if ( $users{$user} eq 'deleted' ) {
+            system("sudo userdel -r '$user'") == 0
+              or die "userdel failed: $?\n";
+        }
+        elsif ( $users{$user} eq 'added' || $users{$user} eq 'changed' ) {
+            $uconfig->setLevel("system login user $user");
+            my $pwd =
+              $uconfig->returnValue('authentication encrypted-password');
+            $pwd or die "Encrypted password not in configuration for $user";
+
+            my $level = $uconfig->returnValue('level');
+            $level or die "Level not defined for $user";
+
+            # map level to group membership
+            my @new_groups = @{ $level_map{$level} };
+
+            # add any additional groups from configuration
+            push( @new_groups, $uconfig->returnValues('group') );
+
+            my $fname = $uconfig->returnValue('full-name');
+            my $home  = $uconfig->returnValue('home-directory');
+
+            # Read existing settings
+            my (
+                undef,    $opwd, $uid, $gid,   undef,
+                $comment, undef, $dir, $shell, undef
+            ) = getpwnam($user);
+
+            my $old_groups = $membership->{$user};
+
+            my $cmd;
+
+            # not found in existing passwd, must be new
+            if ( !defined $uid ) {
+
+                # make new user using vyatta shell
+                #  and make home directory (-m)
+                #  and with default group of 100 (users)
+                $cmd = 'useradd -s /bin/vbash -m -N';
+            }
+            elsif ($opwd eq $pwd
+                && ( !$fname || $fname eq $comment )
+                && ( !$home  || $home  eq $dir )
+                && join( ' ', sort @$old_groups ) eq
+                join( ' ', sort @new_groups ) )
+            {
+
+                # If no part of password or group file changed
+                # then there is nothing to do here.
+                next;
+            }
+            else {
+                $cmd = "usermod";
+            }
+
+            $cmd .= " -p '$pwd'";
+            $cmd .= " -c \"$fname\"" if ( defined $fname );
+            $cmd .= " -d \"$home\"" if ( defined $home );
+            $cmd .= ' -G ' . join( ',', @new_groups );
+            system("sudo $cmd $user");
+            next if ( $? == 0 );
+            my $reason = $reasons{ ( $? >> 8 ) };
+            die "Attempt to change user $user failed: $reason\n";
+        }
+    }
+}
+
+1;
diff --git a/scripts/system/vyatta_update_login.pl b/scripts/system/vyatta_update_login.pl
index c8d0a23a..b2125de1 100755..100644
--- a/scripts/system/vyatta_update_login.pl
+++ b/scripts/system/vyatta_update_login.pl
@@ -20,111 +20,21 @@ use strict;
 use lib "/opt/vyatta/share/perl5";
 use Vyatta::Config;
 
-# handle "user"
-my $uconfig = new Vyatta::Config;
-$uconfig->setLevel("system login user");
+# This is just a simple wrapper that allows for extensiblility
+# of login types.
 
-my %users     = $uconfig->listNodeStatus();
-my @user_keys = sort keys %users;
+my $config = new Vyatta::Config;
+$config->setLevel("system login");
 
-if (   ( scalar(@user_keys) <= 0 )
-    || !( grep /^root$/, @user_keys )
-    || ( $users{'root'} eq 'deleted' ) )
-{
-    # root is deleted
-    die "User \"root\" cannot be deleted\n";
-}
-
-# Exit codes form useradd.8 man page
-my %reasons = (
-    0  => 'success',
-    1  => 'can´t update password file',
-    2  => 'invalid command syntax',
-    3  => 'invalid argument to option',
-    4  => 'UID already in use (and no -o)',
-    6  => 'specified group doesn´t exist',
-    9  => 'username already in use',
-    10 => 'can´t update group file',
-    12 => 'can´t create home directory',
-    13 => 'can´t create mail spool',
-);
+foreach my $type ($config->listNodes()) {
+    my $kind = ucfirst $type;
+    my $location = "Vyatta/Login/$kind.pm";
+    my $class    = "Vyatta::Login::$kind";
+    
+    require $location;
 
-# Map of level to additional groups
-my %level_map = (
-    'admin'    => [ 'quaggavty', 'vyattacfg', 'sudo', 'adm', 'dip', 'disk'],
-    'operator' => [ 'quaggavty', 'operator',  'adm', 'dip', ],
-);
+    my $obj =  $class->new();
+    die "Don't understand $type" unless $obj;
 
-# Construct a map from existing users to group membership
-# Use space seperated format
-my %group_map;
-while (my ($name, undef, undef, $members) = getgrent()) {
-    foreach my $user (split / /,$members) {
-	my $g = $group_map{$user};
-	if ($g) {
-	    my @l = split / /, $g;
-	    push @l, $name;
-	    $group_map{$user} = join(' ', sort @l);
-	} else {
-	    $group_map{$user} = $name;
-	}
-
-    }
+    $obj->update();
 }
-
-# we have some users
-for my $user (@user_keys) {
-    if ( $users{$user} eq 'deleted' ) {
-        system("sudo userdel -r '$user'") == 0
-	    or die "userdel failed: $?\n"
-    }
-    elsif ( $users{$user} eq 'added' || $users{$user} eq 'changed' ) {
-        $uconfig->setLevel("system login user $user");
-        my $pwd  = $uconfig->returnValue('authentication encrypted-password');
-	$pwd or die "Encrypted password not in configuration for $user";
-
-        my $level  = $uconfig->returnValue('level');
-	$level or die "Level not defined for $user";
-
-	# map level to group membership
-        my @groups = @{$level_map{$level}};
-	# add any additional groups from configuration
-        push( @groups, $uconfig->returnValues('group') );
-
-        my $fname = $uconfig->returnValue('full-name');
-        my $home = $uconfig->returnValue('home-directory');
-
-        # Read existing settings
-        my (undef, $opwd, $uid,  $gid, undef, $comment, 
-	    undef, $dir, $shell, undef) = getpwnam($user);
-
-        my $cmd;
-	# not found in existing passwd, must be new
-        if ( !defined $uid ) {
-	    # make new user using vyatta shell
-	    #  and make home directory (-m)
-            #  and with default group of 100 (users)
-            $cmd = 'useradd -s /bin/vbash -m -N';
-        } else {
-	    # If no part of password or group file changed
-	    # then there is nothing to do here.
-	    next if ( $opwd eq $pwd &&
-		      (!$fname || $fname eq $comment) &&
-		      (!$home  || $home eq $dir)  &&
-		      join(' ',  sort @groups) eq $group_map{$user} );
-
-            $cmd = "usermod";
-        }
-
-        $cmd .= " -p '$pwd'";
-        $cmd .= " -c \"$fname\"" if ( defined $fname );
-        $cmd .= " -d \"$home\"" if ( defined $home );
-        $cmd .= ' -G ' . join( ',', @groups );
-        system("sudo $cmd $user");
-	return if ($? == 0);
-	my $reason = $reasons{($? >> 8)};
-	die "Attempt to change user $user failed: $reason\n";
-    }
-}
-
-exit 0;
diff --git a/templates/interfaces/pseudo-ethernet/node.def b/templates/interfaces/pseudo-ethernet/node.def
index 1279b788..60343e7d 100644
--- a/templates/interfaces/pseudo-ethernet/node.def
+++ b/templates/interfaces/pseudo-ethernet/node.def
@@ -8,5 +8,5 @@ commit:expression: $VAR(link) != ""
 create:	sudo ip link add $VAR(@) link $VAR(link/@) type macvlan || exit 1
 	sudo ip link set $VAR(@) up
 	/opt/vyatta/sbin/vyatta-link-detect $VAR(@) on
-delete: sudo ip link del link $VAR(@) link $VAR(link/@)
+delete: sudo ip link delete dev $VAR(@) type macvlan
 comp_help: Enter virtual ethernet interface name (peth0 - peth999)
diff --git a/templates/interfaces/tunnel/node.def b/templates/interfaces/tunnel/node.def
index 68302461..77aaa5fa 100644
--- a/templates/interfaces/tunnel/node.def
+++ b/templates/interfaces/tunnel/node.def
@@ -16,11 +16,14 @@ create:expression: "\
        if [ -n \"$VAR(./key/@)\" ]; then                        \
           KEY=\"key $VAR(./key/@)\";                            \
        fi;                                                      \
-       MC=\"multicast $VAR(./multicast/@) allmulticast $VAR(./multicast/@)\"; \
+       if [ x$VAR(./multicast/@) == xenable ]; then             \
+          MC=\"multicast on allmulticast on\";                  \
+       fi;                                                      \
        sudo ip tunnel add $VAR(@)                               \
             local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) \
             mode $VAR(./encapsulation/@) $KEY;                  \
-       sudo ip link set $VAR(@) $MC up;" ; "Error creating $VAR(@)"
+       sudo ip link set $VAR(@) $MC up;" ;                      \
+            "Error creating $VAR(@)"
 
 delete:expression: "sudo ip tunnel del $VAR(@)" ; "Error deleting $VAR(@)"
 
diff --git a/templates/interfaces/tunnel/node.tag/multicast/node.def b/templates/interfaces/tunnel/node.tag/multicast/node.def
index 2b9762e1..d7662306 100644
--- a/templates/interfaces/tunnel/node.tag/multicast/node.def
+++ b/templates/interfaces/tunnel/node.tag/multicast/node.def
@@ -1,13 +1,14 @@
 type: txt
-help: Define multicast operation over tunnel
-default: "off"
-syntax:expression: $VAR(@) in "on", "off"; "Must be (on, off)"
+help: Set multicast operation over tunnel
+default: "disable"
+
+syntax:expression: $VAR(@) in "enable", "disable"; \
+                   "Must be 'disable' or 'enable'"
 
 create:expression: "true"
 update:expression: "false" ; \
                    "Multicast should be set at tunnel creation for $VAR(../@)"
 
 comp_help: "possible completions:
- on                 Enable Multicast
- off                Disable Multicast (default)
-
+  enable            Enable Multicast
+  disable           Disable Multicast (default)
diff --git a/templates/system/login/node.def b/templates/system/login/node.def
index 66ac660c..9b24a71f 100644
--- a/templates/system/login/node.def
+++ b/templates/system/login/node.def
@@ -1,2 +1,3 @@
 help: Set user access
-delete: echo 'User root cannot be deleted' 1>&2; exit 1
+delete: echo 'All login methods can not be deleted' 1>&2; exit 1
+end: /opt/vyatta/sbin/vyatta_update_login.pl
diff --git a/templates/system/login/radius-server/node.def b/templates/system/login/radius-server/node.def
index f74cc568..137a92a0 100644
--- a/templates/system/login/radius-server/node.def
+++ b/templates/system/login/radius-server/node.def
@@ -4,4 +4,3 @@ help: Set radius server authentication
 commit:expression: $VAR(port) != "" && $VAR(secret) != ""
                    && $VAR(timeout) != ""
                      ; "Port, secret, and timeout must be specified for Radius"
-end: /opt/vyatta/sbin/vyatta_update_radius.pl
diff --git a/templates/system/login/user/node.def b/templates/system/login/user/node.def
index 26625b7f..d23a397f 100644
--- a/templates/system/login/user/node.def
+++ b/templates/system/login/user/node.def
@@ -7,4 +7,3 @@ commit:expression: $VAR(authentication/encrypted-password) != ""
                      ; "user password must be specified"
 syntax:expression: pattern $VAR(@) "^[a-zA-Z_][a-zA-Z0-9_-]*\\$?$"
                      ; "invalid user name $VAR(@)"
-end: /opt/vyatta/sbin/vyatta_update_login.pl