Merge branch 'master' into glendale

7 files changed, 80 insertions, 42 deletions

diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index 2c9f0fbf..eae046f7 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -24,7 +24,7 @@ if [ "$sysconfdir" != "/etc" ]; then
               quagga/bgpd.conf quagga/ospfd.conf quagga/ospf6d.conf \
               quagga/ripd.conf quagga/ripngd.conf quagga/isisd.conf \
               snmp/snmpd.conf snmp/snmptrapd.conf keepalived/keepalived.conf \
-              ipvsadm.rules default/ipvsadm
+              ipvsadm.rules default/ipvsadm resolv.conf
   do
     [ -f /etc/$conf ] && mv -f /etc/$conf /etc/$conf.vyatta-save
     touch /etc/$conf
@@ -39,9 +39,19 @@ if [ "$sysconfdir" != "/etc" ]; then
 
   # sudoers
   [ -f /etc/sudoers ] && cp -pf /etc/sudoers /etc/sudoers.vyatta-save
-  if ! grep -q '%quaggavty ALL=NOPASSWD: ALL' /etc/sudoers; then
-    echo -e "\n%quaggavty ALL=NOPASSWD: ALL" >> /etc/sudoers
+  
+  # for "admin" level (FIXME)
+  sed -i 's/^# %sudo ALL=NOPASSWD: ALL/%sudo ALL=NOPASSWD: ALL/' /etc/sudoers
+  if ! grep -q '^%sudo ALL=NOPASSWD: ALL' /etc/sudoers; then
+    echo -e "\n%sudo ALL=NOPASSWD: ALL" >> /etc/sudoers
   fi
+  
+  # for "users" level
+  if ! grep -q "^%users ALL=NOPASSWD: ${bindir}/sudo-users/" /etc/sudoers; then
+    echo -e "\n%users ALL=NOPASSWD: ${bindir}/sudo-users/" >> /etc/sudoers
+  fi
+
+  # keep env vars
   echo "Defaults env_keep+=VYATTA_*" >> /etc/sudoers
 
   # ssh v1. remove the empty key file
@@ -51,7 +61,11 @@ if [ "$sysconfdir" != "/etc" ]; then
   rm /etc/logrotate.d/*.vyatta-save >& /dev/null
 
   # quagga/daemons
-  sed 's/=no/=yes/' /etc/quagga/daemons.vyatta-save > /etc/quagga/daemons
+  sed 's/zebra=no/zebra=yes/'    /etc/quagga/daemons.vyatta-save > /etc/quagga/daemons
+  sed -i 's/bgpd=no/bgpd=yes/'   /etc/quagga/daemons
+  sed -i 's/ospfd=no/ospfd=yes/' /etc/quagga/daemons
+  sed -i 's/ripd=no/ripd=yes/'   /etc/quagga/daemons
+
   echo "log syslog warnings" >> /etc/quagga/bgpd.conf
   echo "log syslog warnings" >> /etc/quagga/isisd.conf
   echo "log syslog warnings" >> /etc/quagga/ospf6d.conf
@@ -59,6 +73,9 @@ if [ "$sysconfdir" != "/etc" ]; then
   echo "log syslog warnings" >> /etc/quagga/ripd.conf
   echo "log syslog warnings" >> /etc/quagga/ripngd.conf
   echo "log syslog warnings" >> /etc/quagga/zebra.conf
+
+  # add temporary version
+  echo "Version :    eureka (beta)" > $sysconfdir/version
 fi
 
 # update crontab for logrotate
diff --git a/scripts/init-floppy b/scripts/init-floppy
index 249ca493..6d67965b 100755
--- a/scripts/init-floppy
+++ b/scripts/init-floppy
@@ -21,6 +21,11 @@
 
 shopt -s xpg_echo
 
+test -f /etc/default/vyatta && \
+    source /etc/default/vyatta
+: ${vyatta_sbindir:=/opt/vyatta/sbin}
+: ${vyatta_sysconfdir:=/opt/vyatta/etc}
+
 if [ -n "$1" ]; then
     DRIVE=$1
 else   
@@ -28,22 +33,18 @@ else
 fi
 
 # Look and see if we have a floopy drive
-if sed -n '/[0-9]\+ fd$/ { q 1 }' /proc/devices ; then
+if sed -n '/[0-9]\+ fd$/ { q 1 }' /proc/devices || [ ! -e $DRIVE ] ; then
     echo "No floppy device"
-    exit
+    exit 1
 fi
 
 echo "This will erase all data on floppy $DRIVE."
-echo "<CTRL>C to exit:   \c"
+read -p 'Continue (y/n)? [y] ' -n 1 -t 5 yorn
 
-# number of seconds to sleep
-declare -i loop=5
-until [[ $loop -eq 0 ]] ; do
-    echo "\b\b$loop \c"
-    let --loop
-    sleep 1
-done
-echo '\b\b  \b\b\c'
+if [[ "$yorn" == [nN]* ]] ; then
+    echo
+    exit 0
+fi
 
 fd=/media/floppy
 
@@ -55,11 +56,18 @@ create_notice="\rCreating file system...        \c"
 create__error="\rError: Couldn't create filesystem on floppy $DRIVE"
 mount__notice="\rMounting formatted floppy...   \c"
 mount___error="\rError: Couldn't mount floppy $DRIVE to $fd"
-config_notice="\rUpdating rtrmgr config...      "
-complete="Your configuration was saved in: $fd/config/config.boot"
+config_notice="\rSaving config...               \c"
+config__error="\rError: Couldn't save config in $fd/config/config.boot"
+bind___notice="\rRedirecting config directory...\c"
+bind____error="\rError: redirect to floppy"
+saved__notice="\rYour configuration was saved in: $fd/config/config.boot"
 
 mkdir -p $fd
 
+if mount | grep -q $fd/config ; then
+    umount $fd/config
+fi
+
 if grep -q $DRIVE /proc/mounts ; then
     echo "$umount_notice"
     if ! /bin/umount $fd >/dev/null 2>&1 ; then
@@ -90,15 +98,19 @@ fi
 /bin/chmod 777 $fd/config
 
 echo "$config_notice"
-xorpsh >> /dev/null 2>&1 <<EOF
-configure
-create rtrmgr
-set rtrmgr config-directory $fd/config/
-commit
-save
-EOF
-
-echo "$complete"
+if ! ${vyatta_sbindir}/vyatta-save-config.pl $fd/config/config.boot >/dev/null
+then
+    echo "$config__error"
+    exit
+fi
+
+echo "$bind___notice"
+if ! /bin/mount -o bind $fd/config ${vyatta_sysconfdir}/config 2>&1 ; then
+    echo "$bind____error"
+    exit
+fi
+
+echo "$saved__notice"
 
 # Local Variables:
 # mode: shell-script
diff --git a/scripts/keepalived/VyattaKeepalived.pm b/scripts/keepalived/VyattaKeepalived.pm
index f7e62b19..c2d446e4 100755
--- a/scripts/keepalived/VyattaKeepalived.pm
+++ b/scripts/keepalived/VyattaKeepalived.pm
@@ -1,4 +1,3 @@
-#!/usr/bin/perl
 #
 # Module: VyattaKeepalived.pm
 # 
diff --git a/scripts/system/vyatta_update_login_user.pl b/scripts/system/vyatta_update_login_user.pl
index d84ee4b0..05ff0b16 100755
--- a/scripts/system/vyatta_update_login_user.pl
+++ b/scripts/system/vyatta_update_login_user.pl
@@ -103,7 +103,7 @@ sub add_user_to_group {
 my $user = shift;
 my $full = shift;
 my $encrypted = shift;
-my $group = shift;
+my $level = shift;
 
 # emulate lckpwdf(3).
 # difference: we only try to lock it once (non-blocking). lckpwdf will block
@@ -136,14 +136,19 @@ if ($user eq "-d") {
   exit 0;
 }
 
-my %group_map = (
-                  'admin' => 'quaggavty',
-                  'users' => 'users',
+my %level_map = (
+                  'admin' => [ 'users', 'quaggavty', 'vyattacfg', 'sudo', ],
+                  'users' => [ 'users', 'quaggavty', ],
                 );
 exit 4 if (!defined($user) || !defined($full) || !defined($encrypted)
-           || !defined($group));
-exit 4 if (!defined($group_map{$group}));
-$group = $group_map{$group};
+           || !defined($level));
+exit 4 if (!defined($level_map{$level}));
+my $gref = $level_map{$level};
+my @groups = @{$gref};
+my $def_grp = $groups[0];
+if ($user eq 'root') {
+  $def_grp = 'root';
+}
 
 # note that DEF_SHELL doesn't affect root since root is never "added"
 my $DEF_SHELL = "/bin/vbash";
@@ -152,7 +157,7 @@ open(GRP, "/etc/group") or exit 5;
 my $def_gid = undef;
 while (<GRP>) {
   my @group_fields = split /:/;
-  if ($group_fields[0] eq $group) {
+  if ($group_fields[0] eq $def_grp) {
     $def_gid = $group_fields[2];
     last;
   }
@@ -202,7 +207,12 @@ open(SHADOW, ">>/etc/shadow") or exit 12;
 print SHADOW "$shadow_line\n";
 close SHADOW;
 
-add_user_to_group($user, $group);
+# root doesn't need to be added to group
+if ($user ne 'root') {
+  foreach my $group (@groups) {
+    add_user_to_group($user, $group);
+  }
+}
 
 if (($new_user) && !(-e "/home/$user")) {
   if (-d "/etc/skel") {
@@ -210,7 +220,7 @@ if (($new_user) && !(-e "/home/$user")) {
     exit 13 if ($ret >> 8);
     $ret = system("chmod 755 /home/$user");
     exit 14 if ($ret >> 8);
-    $ret = system("chown -R $user:$group /home/$user");
+    $ret = system("chown -R $user:$def_grp /home/$user");
     exit 15 if ($ret >> 8);
   } else {
     $ret = system("mkdir -p /home/$user");
diff --git a/templates/system/login/user/node.def b/templates/system/login/user/node.def
index fbac0c54..d05ac373 100644
--- a/templates/system/login/user/node.def
+++ b/templates/system/login/user/node.def
@@ -9,7 +9,7 @@ then rm -rf /tmp/vyatta-delete-system-login-user-$(@).\\\$PPID && exit 0; \
 fi && \
 sudo /opt/vyatta/sbin/vyatta_update_login_user.pl \
   '$(@)' '$(full-name/@)' '$(authentication/encrypted-password/@)' \
-  '$(group/@)'"
+  '$(level/@)'"
 delete: "if [ x$(@) == x ]; then exit 1; fi && \
 if [ x$(@) == xroot ]; then \
   echo Cannot delete user \"root\" 1>&2 && exit 2; \
diff --git a/templates/system/login/user/node.tag/group/node.def b/templates/system/login/user/node.tag/level/node.def
index 17739351..30ac731c 100644
--- a/templates/system/login/user/node.tag/group/node.def
+++ b/templates/system/login/user/node.tag/level/node.def
@@ -1,7 +1,7 @@
 type: txt
-help: "User group"
+help: "User privilege level"
 default: "admin"
-syntax: $(@) in "admin", "users"; "Users can only be in group \"admin\" or \"users\""
+syntax: $(@) in "admin", "users"; "Allowed levels are \"admin\" and \"users\""
 #comp_help:Possible completions:
 #  admin\t\tAdministrators
 #  users\t\tNormal users
diff --git a/templates/system/name-server/node.def b/templates/system/name-server/node.def
index ff6ddf2e..fe2bcb02 100644
--- a/templates/system/name-server/node.def
+++ b/templates/system/name-server/node.def
@@ -8,10 +8,10 @@ else \
   echo \\\"nameserver\t $(@)\\\" >> /etc/resolv.conf; \
 fi && \
 if [ -f /etc/ntp.conf ] && grep -q 'server' /etc/ntp.conf; then \
-  /usr/sbin/invoke-rc.d ntp restart; \
+  /usr/sbin/invoke-rc.d ntp restart >&/dev/null; \
 fi\" "
 delete: "sudo sh -c \"touch /etc/resolv.conf && \
 sed -i '/$(@)/d' /etc/resolv.conf && \
 if [ -f /etc/ntp.conf ] && grep -q 'server' /etc/ntp.conf; then \
-  /usr/sbin/invoke-rc.d ntp restart; \
+  /usr/sbin/invoke-rc.d ntp restart >&/dev/null; \
 fi\" "