diff options
7 files changed, 177 insertions, 52 deletions
diff --git a/scripts/system/vyatta_update_resolv.pl b/scripts/system/vyatta_update_resolv.pl index a725a16e..b35cae4a 100755 --- a/scripts/system/vyatta_update_resolv.pl +++ b/scripts/system/vyatta_update_resolv.pl @@ -30,7 +30,8 @@ use lib "/opt/vyatta/share/perl5/"; use Getopt::Long; my $change_dir = ''; my $modify_dir = ''; -GetOptions("change_dir=s" => \$change_dir, "modify_dir=s" => \$modify_dir); +my $dhclient_script = 0; +GetOptions("change_dir=s" => \$change_dir, "modify_dir=s" => \$modify_dir, "dhclient-script=i" => \$dhclient_script ); use VyattaConfig; @@ -45,11 +46,19 @@ if ($modify_dir ne '') { $vc->setLevel('system'); +my @domains; +my $domain_name = undef; + +if ($dhclient_script == 1) { + $vc->{_active_dir_base} = "/opt/vyatta/config/active/"; + @domains = $vc->returnOrigValues('domain-search domain'); + $domain_name = $vc->returnOrigValue('domain-name'); +} else { + @domains = $vc->returnValues('domain-search domain'); + $domain_name = $vc->returnValue('domain-name'); +} -my @domains = $vc->returnValues('domain-search domain'); -my $domain_name = $vc->returnValue('domain-name'); - -if (@domains > 0 && $domain_name && length($domain_name) > 0) { +if ($dhclient_script == 0 && @domains > 0 && $domain_name && length($domain_name) > 0) { print STDERR "System configuration error. Both \'domain-name\' and \'domain-search\' are specified, but only one of these mutually exclusive parameters is allowed.\n"; print STDERR "System configuration commit aborted due to error(s).\n"; exit(1); @@ -63,6 +72,24 @@ foreach my $domain (@domains) { $doms .= $domain; } +# add domain names received from dhcp client to domain search in /etc/resolv.conf if domain-name not set in CLI +if (!defined($domain_name)) { + my @dhcp_interfaces_resolv_files = `ls /etc/ | grep dhclient.new`; + if ($#dhcp_interfaces_resolv_files >= 0) { + for my $each_file (@dhcp_interfaces_resolv_files) { + chomp $each_file; + my $find_search = `grep search /etc/$each_file 2> /dev/null | wc -l`; + if ($find_search == 1) { + my $search_string = `grep search /etc/$each_file`; + my @dhcp_domains = split(/ /, $search_string, 2); + my $dhcp_domain = $dhcp_domains[1]; + chomp $dhcp_domain; + $doms .= ' ' . $dhcp_domain; + } + } + } +} + my $search = ''; if (length($doms) > 0) { $search = "search\t\t$doms\t\t#line generated by $0\n"; @@ -73,6 +100,78 @@ if ($domain_name && length($domain_name) > 0) { $domain = "domain\t\t$domain_name\t\t#line generated by $0\n"; } +# update /etc/resolv.conf for name-servers received from dhcp client, only done when dhclient-script calls this script +if ($dhclient_script == 1) { + my @current_dhcp_nameservers; + my $restart_ntp = 0; + + # code below to add new name-servers received from dhcp client + + my @dhcp_interfaces_resolv_files = `ls /etc/ | grep dhclient.new`; + if ($#dhcp_interfaces_resolv_files >= 0) { + my $ns_count = 0; + for my $each_file (@dhcp_interfaces_resolv_files) { + chomp $each_file; + my $find_nameserver = `grep nameserver /etc/$each_file 2> /dev/null | wc -l`; + if ($find_nameserver > 0) { + my @nameservers = `grep nameserver /etc/$each_file`; + for my $each_nameserver (@nameservers) { + my @nameserver = split(/ /, $each_nameserver, 2); + my $ns = $nameserver[1]; + chomp $ns; + $current_dhcp_nameservers[$ns_count] = $ns; + $ns_count++; + my $search_ns_in_resolvconf = `grep $ns /etc/resolv.conf 2> /dev/null | wc -l`; + if ($search_ns_in_resolvconf == 0) { + open (APPEND, ">>/etc/resolv.conf") or die "$! error trying to overwrite"; + print APPEND "nameserver\t$ns\t\t#nameserver written by $0\n"; + close (APPEND); + $restart_ntp = 1; + } + } + } + } + } + + # code below to remove old name-servers from /etc/resolv.conf that were not received in this response from dhcp-server + + my @nameservers_dhcp_in_resolvconf = `grep 'nameserver written' /etc/resolv.conf`; + my @dhcp_nameservers_in_resolvconf; + my $count_nameservers_in_resolvconf = 0; + for my $count_dhcp_nameserver (@nameservers_dhcp_in_resolvconf) { + my @dhcp_nameserver = split(/\t/, $count_dhcp_nameserver, 3); + $dhcp_nameservers_in_resolvconf[$count_nameservers_in_resolvconf] = $dhcp_nameserver[1]; + $count_nameservers_in_resolvconf++; + } + if ($#current_dhcp_nameservers < 0) { + for my $dhcpnameserver (@dhcp_nameservers_in_resolvconf) { + my $cmd = "sed -i '/$dhcpnameserver/d' /etc/resolv.conf"; + system($cmd); + $restart_ntp = 1; + } + } else { + for my $dhcpnameserver (@dhcp_nameservers_in_resolvconf) { + my $found = 0; + for my $currentnameserver (@current_dhcp_nameservers) { + if ($dhcpnameserver eq $currentnameserver){ + $found = 1; + } + } + if ($found == 0) { + my $cmd = "sed -i '/$dhcpnameserver/d' /etc/resolv.conf"; + system($cmd); + $restart_ntp = 1; + } + + } + } + if ($restart_ntp == 1) { + # this corresponds to what is done in name-server/node.def as a fix for bug 1300 + my $cmd_ntp_restart = "if [ -f /etc/ntp.conf ] && grep -q 'server' /etc/ntp.conf; then /usr/sbin/invoke-rc.d ntp restart >&/dev/null; fi &"; + system($cmd_ntp_restart); + } +} + # The following will re-write '/etc/resolv.conf' line by line, # replacing the 'search' specifier with the latest values, diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def index b531afee..7155495d 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def @@ -1,7 +1,7 @@ type: txt help: Set authentication type syntax:expression: $VAR(@) in "plaintext-password", "ah"; \ - "authentication must be simple or ah" + "authentication must be plaintext-password or ah" comp_help: possible completions: - plaintext-password Set plain text password mode - ah Set IP Authentication Header mode + plaintext-password Set plain text password mode + ah Set IP Authentication Header mode diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def index 1547d62c..687c6af6 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def @@ -1,7 +1,7 @@ type: txt help: Set authentication type syntax:expression: $VAR(@) in "plaintext-password", "ah"; \ - "authentication must be simple or ah" + "authentication must be plaintext-password or ah" comp_help: possible completions: - plaintext-password Set plain text password mode - ah Set IP Authentication Header mode + plaintext-password Set plain text password mode + ah Set IP Authentication Header mode diff --git a/templates/service/ssh/allow-root/node.def b/templates/service/ssh/allow-root/node.def index f476087d..9aa98826 100644 --- a/templates/service/ssh/allow-root/node.def +++ b/templates/service/ssh/allow-root/node.def @@ -1,6 +1,7 @@ -type: bool +type: txt default: false help: Enable/disable root login over ssh +syntax:expression: $VAR(@) in "true", "false" ; "must be true or false" update: if [ \"$VAR(@)\" == \"true\" ]; then sudo ed - /etc/ssh/sshd_config <<-"EOF" /^PermitRootLogin/s/no/yes/ diff --git a/templates/service/telnet/allow-root/node.def b/templates/service/telnet/allow-root/node.def index d1a25f4e..347a9476 100644 --- a/templates/service/telnet/allow-root/node.def +++ b/templates/service/telnet/allow-root/node.def @@ -1,24 +1,36 @@ -type: bool +type: txt default: false help: Enable/disable root login -update:expression: " \ - if ! env | grep -q SSH_TTY=; then \ - if [[ \"`tty`\" == /dev/pts/* ]]; then \ - echo \"Please configure telnet settings via ssh or console.\"; \ - exit 1; \ - fi; \ - fi; \ - if [ \"$VAR(@)\" == \"true\" ]; then \ - sudo mv -f /etc/securetty /etc/securetty.allow-root >&/dev/null; \ - else - sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null; \ - fi ; /bin/true" -delete:expression: " \ - if ! env | grep -q SSH_TTY=; then \ - if [[ \"`tty`\" == /dev/pts/* ]]; then \ - echo \"Please configure telnet settings via ssh or console.\"; \ - exit 1; \ - fi; \ - fi; \ - sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null ; \ - /bin/true" + +syntax:expression: $VAR(@) in "true", "false" ; "must be true or false" + +update: pids=`who -u | awk -F " " '{print $7}'` + for i in $pids + do + ppid=`ps -p $i -o ppid=` + if ps -p $ppid -o cmd= | grep -q telnetd + then + echo "Please configure telnet settings via ssh or console." + exit 1 + fi + done + if [ "$VAR(@)" == "true" ] + then + sudo mv -f /etc/securetty /etc/securetty.allow-root >&/dev/null + else + sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null + fi + /bin/true + +delete: pids=`who -u | awk -F " " '{print $7}'` + for i in $pids + do + ppid=`ps -p $i -o ppid=` + if ps -p $ppid -o cmd= | grep -q telnetd + then + echo "Please configure telnet settings via ssh or console." + exit 1 + fi + done + sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null + /bin/true diff --git a/templates/service/telnet/node.def b/templates/service/telnet/node.def index 5976addd..399f25ac 100644 --- a/templates/service/telnet/node.def +++ b/templates/service/telnet/node.def @@ -1,18 +1,29 @@ help: Enable/disable Network Virtual Terminal Protocol (TELNET) protocol -delete:expression: " \ - if ! env | grep -q SSH_TTY=; then \ - if [[ \"`tty`\" == /dev/pts/* ]]; then \ - echo \"Please configure telnet settings via ssh or console.\"; \ - exit 1; \ - fi; \ - fi; \ - sudo /opt/vyatta/sbin/telnetd.init stop" -end:expression: " \ - if ! env | grep -q SSH_TTY=; then \ - if [[ \"`tty`\" == /dev/pts/* ]]; then \ - echo \"Please configure telnet settings via ssh or console.\"; \ - exit 1; \ - fi; \ - fi; \ - if [ -z \"$VAR(port/@)\" ]; then exit 0; fi; \ - sudo /opt/vyatta/sbin/telnetd.init restart $VAR(port/@)" + +delete: pids=`who -u | awk -F " " '{print $7}'` + for i in $pids + do + ppid=`ps -p $i -o ppid=` + if ps -p $ppid -o cmd= | grep -q telnetd + then + echo "Please configure telnet settings via ssh or console." + exit 1 + fi + done + sudo /opt/vyatta/sbin/telnetd.init stop + +end: pids=`who -u | awk -F " " '{print $7}'` + for i in $pids + do + ppid=`ps -p $i -o ppid=` + if ps -p $ppid -o cmd= | grep -q telnetd + then + echo "Please configure telnet settings via ssh or console." + exit 1 + fi + done + if [ -z "$VAR(port/@)" ] + then + exit 0 + fi + sudo /opt/vyatta/sbin/telnetd.init restart $VAR(port/@) diff --git a/templates/system/name-server/node.def b/templates/system/name-server/node.def index 0ed43351..3866e82c 100644 --- a/templates/system/name-server/node.def +++ b/templates/system/name-server/node.def @@ -5,7 +5,9 @@ update:expression: "sudo sh -c \"touch /etc/resolv.conf && \ if grep -q '$VAR(@)' /etc/resolv.conf; then \ exit 0; \ else \ - echo \\\"nameserver\t $VAR(@)\\\" >> /etc/resolv.conf; \ + mv -f /etc/resolv.conf /etc/old_resolv.conf && \ + echo \\\"nameserver\t $VAR(@)\\\" >> /etc/resolv.conf && \ + cat /etc/old_resolv.conf >> /etc/resolv.conf; \ fi && \ if [ -f /etc/ntp.conf ] && grep -q 'server' /etc/ntp.conf; then \ /usr/sbin/invoke-rc.d ntp restart >&/dev/null; \ |