From db8ec5fec7d231a5dec537d0bc82ddb3f7c3dbc0 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Fri, 14 Nov 2008 12:27:47 -0800 Subject: Fix 3918: Operator level users require sudo permission for ipv6 clear commands --- debian/vyatta-cfg-system.postinst.in | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index dff04293..5bd37e29 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -54,7 +54,11 @@ Cmnd_Alias IPTABLES = /sbin/iptables --list -n,\ Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \ /sbin/ip route flush cache *,\ /sbin/ip neigh flush to *, \ - /sbin/ip neigh flush dev * + /sbin/ip neigh flush dev * \ + /sbin/ip -f inet6 route flush cache, \ + /sbin/ip -f inet6 route flush cache *,\ + /sbin/ip -f inet6 neigh flush to *, \ + /sbin/ip -f inet6 neigh flush dev * Cmnd_Alias ETHTOOL = /usr/sbin/ethtool -p *, \ /usr/sbin/ethtool -S *, \ /usr/sbin/ethtool -a *, \ -- cgit v1.2.3 From 730ece6544cd2c350cac3740ef2a7db10cd37987 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Fri, 14 Nov 2008 12:48:29 -0800 Subject: Fix 3920: Operator level users require sudo permission for nat translation monitor commands --- debian/vyatta-cfg-system.postinst.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 5bd37e29..8cc0682a 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -68,7 +68,8 @@ Cmnd_Alias DATE = /bin/date, /usr/sbin/ntpdate Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff, /usr/sbin/pppstats Cmnd_Alias PCAPTURE = /usr/bin/tshark, /usr/bin/tcpdump %operator ALL=NOPASSWD: DATE, IPTABLES, ETHTOOL, IPFLUSH, \ - PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon, /usr/bin/lsof + PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon, \ + /usr/bin/lsof, /usr/sbin/conntrack EOF cat <>/etc/sudoers %users ALL=NOPASSWD: ${bindir}/sudo-users/ -- cgit v1.2.3 From 580105ddf8fcbd388cbe1f221ecdfbf3952a216f Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Fri, 14 Nov 2008 17:48:45 -0800 Subject: Bugfix 3928: Need to install vyatta-raid-event script. --- Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.am b/Makefile.am index a018961f..531c5d99 100644 --- a/Makefile.am +++ b/Makefile.am @@ -34,6 +34,7 @@ sbin_SCRIPTS += scripts/dns-forwarding/vyatta-dns-forwarding.pl sbin_SCRIPTS += scripts/dynamic-dns/vyatta-dynamic-dns.pl sbin_SCRIPTS += scripts/vyatta-system-nameservers sbin_SCRIPTS += scripts/vyatta-bonding.pl +sbin_SCRIPTS += scripts/vyatta-raid-event noinst_DATA = test_bootfile -- cgit v1.2.3 From 7ac74ee7b28318375f684bad0e29d808d6e53ccb Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Sun, 16 Nov 2008 11:31:58 -0800 Subject: Fix 3929: Operator level user now need sudo password to run "clear arp interface" --- debian/vyatta-cfg-system.postinst.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 8cc0682a..3304fdd8 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -54,7 +54,7 @@ Cmnd_Alias IPTABLES = /sbin/iptables --list -n,\ Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \ /sbin/ip route flush cache *,\ /sbin/ip neigh flush to *, \ - /sbin/ip neigh flush dev * \ + /sbin/ip neigh flush dev *, \ /sbin/ip -f inet6 route flush cache, \ /sbin/ip -f inet6 route flush cache *,\ /sbin/ip -f inet6 neigh flush to *, \ -- cgit v1.2.3 From dc24799bd733e6d32170a611b88968ba685504b7 Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Mon, 17 Nov 2008 11:52:59 -0800 Subject: Bugfix 3932 Correct root partition size calculation in two-disk RAID-1 case when drives are not both the same size. --- scripts/install-system | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/scripts/install-system b/scripts/install-system index b48394e7..b941d9b6 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -373,14 +373,14 @@ check_for_new_raid () { part_start_offset=2 part_diag_size=60 - if [ $drivesize1 -gt $drivesize2 ]; then - size=$drivesize1 + if [ $drivesize1 -lt $drivesize2 ]; then + root_size=$drivesize1 else - size=$drivesize2 + root_size=$drivesize2 fi let min_size_with_diag=${MIN_ROOT}+${part_diag_size} - if [ $size -ge $min_size_with_diag ]; then + if [ $root_size -ge $min_size_with_diag ]; then echo "Would you like me to create a $part_diag_size MB partition for diagnostics?" echo -n "(Yes/No) [No]: " diag_response=$(get_response "No" "Yes No Y N") @@ -398,12 +398,12 @@ check_for_new_raid () { fi fi - let size-=$part_start_offset + let root_size-=$part_start_offset for drive in $drives do echo "Creating data partition: /dev/${drive}${data_dev}" - create_partitions "$drive" $size $part_start_offset "no" + create_partitions "$drive" $root_size $part_start_offset "no" sfdisk --change-id /dev/$drive $data_dev 0xfd done @@ -670,7 +670,7 @@ create_partitions() { # Make sure there is enough space on drive size=$(get_drive_size "$ldrive") if [ "$root_part_size" -gt "$size" ]; then - echo "Error: $ldrive is only $size"MB" large." + echo "Error: $ldrive is only $size"MB" large. Desired root is $root_part_size" exit 1 fi -- cgit v1.2.3 From 38a2e42c85d822caa3b6febb28366bcca98d286a Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Mon, 17 Nov 2008 14:08:26 -0800 Subject: dhcp action scripts for linkup/down --- Makefile.am | 5 +++ scripts/netplug/linkdown/dhclient | 64 +++++++++++++++++++++++++++++++++++++++ scripts/netplug/linkup/dhclient | 63 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 132 insertions(+) create mode 100755 scripts/netplug/linkdown/dhclient create mode 100755 scripts/netplug/linkup/dhclient diff --git a/Makefile.am b/Makefile.am index a018961f..340f905f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,11 +4,16 @@ libudevdir = /lib/udev etcudevdir = /etc/udev bin_sudo_usersdir = $(bindir)/sudo-users curverdir = $(sysconfdir)/config-migrate/current +netplugupdir = /etc/netplug/linkup.d +netplugdowndir = /etc/netplug/linkdown.d bin_SCRIPTS = sbin_SCRIPTS = sysconf_DATA = +netplugup_SCRIPTS = scripts/netplug/linkup/dhclient +netplugdown_SCRIPTS = scripts/netplug/linkdown/dhclient + bin_SCRIPTS += scripts/progress-indicator bin_SCRIPTS += scripts/vyatta-functions diff --git a/scripts/netplug/linkdown/dhclient b/scripts/netplug/linkdown/dhclient new file mode 100755 index 00000000..78737b54 --- /dev/null +++ b/scripts/netplug/linkdown/dhclient @@ -0,0 +1,64 @@ +#!/usr/bin/perl +# +# Module: dhclient +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# A copy of the GNU General Public License is available as +# `/usr/share/common-licenses/GPL' in the Debian GNU/Linux distribution +# or on the World Wide Web at `http://www.gnu.org/copyleft/gpl.html'. +# You can also obtain it by writing to the Free Software Foundation, +# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2008 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Mohit Mehta +# Date: November 2008 +# Description: Script to release lease on link down +# +# **** End License **** +# + +use lib "/opt/vyatta/share/perl5/"; +use VyattaConfig; +use VyattaMisc; + +use strict; +use warnings; + +sub stop_dhclient { + my $intf = shift; + my $dhcp_daemon = '/sbin/dhclient'; + my ($intf_config_file, $intf_process_id_file, $intf_leases_file) = VyattaMisc::generate_dhclient_intf_files($intf); + my $release_cmd = "$dhcp_daemon -q -cf $intf_config_file -pf $intf_process_id_file -lf $intf_leases_file -r $intf 2> /dev/null"; + system ($release_cmd); +} + + +# +# main +# + +my $dev=shift; + +# only do this if interface is configured to use dhcp for getting IP address +if (VyattaMisc::is_dhcp_enabled($dev, "outside_cli")) { + # do a dhcp lease release for interface + stop_dhclient($dev); +} + +exit 0; + +# end of file + diff --git a/scripts/netplug/linkup/dhclient b/scripts/netplug/linkup/dhclient new file mode 100755 index 00000000..8a2d39a0 --- /dev/null +++ b/scripts/netplug/linkup/dhclient @@ -0,0 +1,63 @@ +#!/usr/bin/perl +# +# Module: dhclient +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# A copy of the GNU General Public License is available as +# `/usr/share/common-licenses/GPL' in the Debian GNU/Linux distribution +# or on the World Wide Web at `http://www.gnu.org/copyleft/gpl.html'. +# You can also obtain it by writing to the Free Software Foundation, +# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2008 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Mohit Mehta +# Date: November 2008 +# Description: Script to renew lease on link up +# +# **** End License **** +# + +use lib "/opt/vyatta/share/perl5/"; +use VyattaConfig; +use VyattaMisc; + +use strict; +use warnings; + +sub run_dhclient { + my $intf = shift; + my $dhcp_daemon = '/sbin/dhclient'; + my ($intf_config_file, $intf_process_id_file, $intf_leases_file) = VyattaMisc::generate_dhclient_intf_files($intf); + my $cmd = "$dhcp_daemon -q -nw -cf $intf_config_file -pf $intf_process_id_file -lf $intf_leases_file $intf 2> /dev/null &"; + system ($cmd); +} + +# +# main +# + +my $dev=shift; + +# only do this if interface is configured to use dhcp for getting IP address +if (VyattaMisc::is_dhcp_enabled($dev, "outside_cli")) { + # do a dhcp lease renew for interface + run_dhclient($dev); +} + +exit 0; + +# end of file + -- cgit v1.2.3