summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xscripts/system/vyatta_update_resolv.pl109
-rw-r--r--templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def6
-rw-r--r--templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def6
-rw-r--r--templates/service/ssh/allow-root/node.def3
-rw-r--r--templates/service/telnet/allow-root/node.def56
-rw-r--r--templates/service/telnet/node.def45
-rw-r--r--templates/system/name-server/node.def4
7 files changed, 177 insertions, 52 deletions
diff --git a/scripts/system/vyatta_update_resolv.pl b/scripts/system/vyatta_update_resolv.pl
index a725a16e..b35cae4a 100755
--- a/scripts/system/vyatta_update_resolv.pl
+++ b/scripts/system/vyatta_update_resolv.pl
@@ -30,7 +30,8 @@ use lib "/opt/vyatta/share/perl5/";
use Getopt::Long;
my $change_dir = '';
my $modify_dir = '';
-GetOptions("change_dir=s" => \$change_dir, "modify_dir=s" => \$modify_dir);
+my $dhclient_script = 0;
+GetOptions("change_dir=s" => \$change_dir, "modify_dir=s" => \$modify_dir, "dhclient-script=i" => \$dhclient_script );
use VyattaConfig;
@@ -45,11 +46,19 @@ if ($modify_dir ne '') {
$vc->setLevel('system');
+my @domains;
+my $domain_name = undef;
+
+if ($dhclient_script == 1) {
+ $vc->{_active_dir_base} = "/opt/vyatta/config/active/";
+ @domains = $vc->returnOrigValues('domain-search domain');
+ $domain_name = $vc->returnOrigValue('domain-name');
+} else {
+ @domains = $vc->returnValues('domain-search domain');
+ $domain_name = $vc->returnValue('domain-name');
+}
-my @domains = $vc->returnValues('domain-search domain');
-my $domain_name = $vc->returnValue('domain-name');
-
-if (@domains > 0 && $domain_name && length($domain_name) > 0) {
+if ($dhclient_script == 0 && @domains > 0 && $domain_name && length($domain_name) > 0) {
print STDERR "System configuration error. Both \'domain-name\' and \'domain-search\' are specified, but only one of these mutually exclusive parameters is allowed.\n";
print STDERR "System configuration commit aborted due to error(s).\n";
exit(1);
@@ -63,6 +72,24 @@ foreach my $domain (@domains) {
$doms .= $domain;
}
+# add domain names received from dhcp client to domain search in /etc/resolv.conf if domain-name not set in CLI
+if (!defined($domain_name)) {
+ my @dhcp_interfaces_resolv_files = `ls /etc/ | grep dhclient.new`;
+ if ($#dhcp_interfaces_resolv_files >= 0) {
+ for my $each_file (@dhcp_interfaces_resolv_files) {
+ chomp $each_file;
+ my $find_search = `grep search /etc/$each_file 2> /dev/null | wc -l`;
+ if ($find_search == 1) {
+ my $search_string = `grep search /etc/$each_file`;
+ my @dhcp_domains = split(/ /, $search_string, 2);
+ my $dhcp_domain = $dhcp_domains[1];
+ chomp $dhcp_domain;
+ $doms .= ' ' . $dhcp_domain;
+ }
+ }
+ }
+}
+
my $search = '';
if (length($doms) > 0) {
$search = "search\t\t$doms\t\t#line generated by $0\n";
@@ -73,6 +100,78 @@ if ($domain_name && length($domain_name) > 0) {
$domain = "domain\t\t$domain_name\t\t#line generated by $0\n";
}
+# update /etc/resolv.conf for name-servers received from dhcp client, only done when dhclient-script calls this script
+if ($dhclient_script == 1) {
+ my @current_dhcp_nameservers;
+ my $restart_ntp = 0;
+
+ # code below to add new name-servers received from dhcp client
+
+ my @dhcp_interfaces_resolv_files = `ls /etc/ | grep dhclient.new`;
+ if ($#dhcp_interfaces_resolv_files >= 0) {
+ my $ns_count = 0;
+ for my $each_file (@dhcp_interfaces_resolv_files) {
+ chomp $each_file;
+ my $find_nameserver = `grep nameserver /etc/$each_file 2> /dev/null | wc -l`;
+ if ($find_nameserver > 0) {
+ my @nameservers = `grep nameserver /etc/$each_file`;
+ for my $each_nameserver (@nameservers) {
+ my @nameserver = split(/ /, $each_nameserver, 2);
+ my $ns = $nameserver[1];
+ chomp $ns;
+ $current_dhcp_nameservers[$ns_count] = $ns;
+ $ns_count++;
+ my $search_ns_in_resolvconf = `grep $ns /etc/resolv.conf 2> /dev/null | wc -l`;
+ if ($search_ns_in_resolvconf == 0) {
+ open (APPEND, ">>/etc/resolv.conf") or die "$! error trying to overwrite";
+ print APPEND "nameserver\t$ns\t\t#nameserver written by $0\n";
+ close (APPEND);
+ $restart_ntp = 1;
+ }
+ }
+ }
+ }
+ }
+
+ # code below to remove old name-servers from /etc/resolv.conf that were not received in this response from dhcp-server
+
+ my @nameservers_dhcp_in_resolvconf = `grep 'nameserver written' /etc/resolv.conf`;
+ my @dhcp_nameservers_in_resolvconf;
+ my $count_nameservers_in_resolvconf = 0;
+ for my $count_dhcp_nameserver (@nameservers_dhcp_in_resolvconf) {
+ my @dhcp_nameserver = split(/\t/, $count_dhcp_nameserver, 3);
+ $dhcp_nameservers_in_resolvconf[$count_nameservers_in_resolvconf] = $dhcp_nameserver[1];
+ $count_nameservers_in_resolvconf++;
+ }
+ if ($#current_dhcp_nameservers < 0) {
+ for my $dhcpnameserver (@dhcp_nameservers_in_resolvconf) {
+ my $cmd = "sed -i '/$dhcpnameserver/d' /etc/resolv.conf";
+ system($cmd);
+ $restart_ntp = 1;
+ }
+ } else {
+ for my $dhcpnameserver (@dhcp_nameservers_in_resolvconf) {
+ my $found = 0;
+ for my $currentnameserver (@current_dhcp_nameservers) {
+ if ($dhcpnameserver eq $currentnameserver){
+ $found = 1;
+ }
+ }
+ if ($found == 0) {
+ my $cmd = "sed -i '/$dhcpnameserver/d' /etc/resolv.conf";
+ system($cmd);
+ $restart_ntp = 1;
+ }
+
+ }
+ }
+ if ($restart_ntp == 1) {
+ # this corresponds to what is done in name-server/node.def as a fix for bug 1300
+ my $cmd_ntp_restart = "if [ -f /etc/ntp.conf ] && grep -q 'server' /etc/ntp.conf; then /usr/sbin/invoke-rc.d ntp restart >&/dev/null; fi &";
+ system($cmd_ntp_restart);
+ }
+}
+
# The following will re-write '/etc/resolv.conf' line by line,
# replacing the 'search' specifier with the latest values,
diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def
index b531afee..7155495d 100644
--- a/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def
+++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def
@@ -1,7 +1,7 @@
type: txt
help: Set authentication type
syntax:expression: $VAR(@) in "plaintext-password", "ah"; \
- "authentication must be simple or ah"
+ "authentication must be plaintext-password or ah"
comp_help: possible completions:
- plaintext-password Set plain text password mode
- ah Set IP Authentication Header mode
+ plaintext-password Set plain text password mode
+ ah Set IP Authentication Header mode
diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def
index 1547d62c..687c6af6 100644
--- a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def
+++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def
@@ -1,7 +1,7 @@
type: txt
help: Set authentication type
syntax:expression: $VAR(@) in "plaintext-password", "ah"; \
- "authentication must be simple or ah"
+ "authentication must be plaintext-password or ah"
comp_help: possible completions:
- plaintext-password Set plain text password mode
- ah Set IP Authentication Header mode
+ plaintext-password Set plain text password mode
+ ah Set IP Authentication Header mode
diff --git a/templates/service/ssh/allow-root/node.def b/templates/service/ssh/allow-root/node.def
index f476087d..9aa98826 100644
--- a/templates/service/ssh/allow-root/node.def
+++ b/templates/service/ssh/allow-root/node.def
@@ -1,6 +1,7 @@
-type: bool
+type: txt
default: false
help: Enable/disable root login over ssh
+syntax:expression: $VAR(@) in "true", "false" ; "must be true or false"
update: if [ \"$VAR(@)\" == \"true\" ]; then
sudo ed - /etc/ssh/sshd_config <<-"EOF"
/^PermitRootLogin/s/no/yes/
diff --git a/templates/service/telnet/allow-root/node.def b/templates/service/telnet/allow-root/node.def
index d1a25f4e..347a9476 100644
--- a/templates/service/telnet/allow-root/node.def
+++ b/templates/service/telnet/allow-root/node.def
@@ -1,24 +1,36 @@
-type: bool
+type: txt
default: false
help: Enable/disable root login
-update:expression: " \
- if ! env | grep -q SSH_TTY=; then \
- if [[ \"`tty`\" == /dev/pts/* ]]; then \
- echo \"Please configure telnet settings via ssh or console.\"; \
- exit 1; \
- fi; \
- fi; \
- if [ \"$VAR(@)\" == \"true\" ]; then \
- sudo mv -f /etc/securetty /etc/securetty.allow-root >&/dev/null; \
- else
- sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null; \
- fi ; /bin/true"
-delete:expression: " \
- if ! env | grep -q SSH_TTY=; then \
- if [[ \"`tty`\" == /dev/pts/* ]]; then \
- echo \"Please configure telnet settings via ssh or console.\"; \
- exit 1; \
- fi; \
- fi; \
- sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null ; \
- /bin/true"
+
+syntax:expression: $VAR(@) in "true", "false" ; "must be true or false"
+
+update: pids=`who -u | awk -F " " '{print $7}'`
+ for i in $pids
+ do
+ ppid=`ps -p $i -o ppid=`
+ if ps -p $ppid -o cmd= | grep -q telnetd
+ then
+ echo "Please configure telnet settings via ssh or console."
+ exit 1
+ fi
+ done
+ if [ "$VAR(@)" == "true" ]
+ then
+ sudo mv -f /etc/securetty /etc/securetty.allow-root >&/dev/null
+ else
+ sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null
+ fi
+ /bin/true
+
+delete: pids=`who -u | awk -F " " '{print $7}'`
+ for i in $pids
+ do
+ ppid=`ps -p $i -o ppid=`
+ if ps -p $ppid -o cmd= | grep -q telnetd
+ then
+ echo "Please configure telnet settings via ssh or console."
+ exit 1
+ fi
+ done
+ sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null
+ /bin/true
diff --git a/templates/service/telnet/node.def b/templates/service/telnet/node.def
index 5976addd..399f25ac 100644
--- a/templates/service/telnet/node.def
+++ b/templates/service/telnet/node.def
@@ -1,18 +1,29 @@
help: Enable/disable Network Virtual Terminal Protocol (TELNET) protocol
-delete:expression: " \
- if ! env | grep -q SSH_TTY=; then \
- if [[ \"`tty`\" == /dev/pts/* ]]; then \
- echo \"Please configure telnet settings via ssh or console.\"; \
- exit 1; \
- fi; \
- fi; \
- sudo /opt/vyatta/sbin/telnetd.init stop"
-end:expression: " \
- if ! env | grep -q SSH_TTY=; then \
- if [[ \"`tty`\" == /dev/pts/* ]]; then \
- echo \"Please configure telnet settings via ssh or console.\"; \
- exit 1; \
- fi; \
- fi; \
- if [ -z \"$VAR(port/@)\" ]; then exit 0; fi; \
- sudo /opt/vyatta/sbin/telnetd.init restart $VAR(port/@)"
+
+delete: pids=`who -u | awk -F " " '{print $7}'`
+ for i in $pids
+ do
+ ppid=`ps -p $i -o ppid=`
+ if ps -p $ppid -o cmd= | grep -q telnetd
+ then
+ echo "Please configure telnet settings via ssh or console."
+ exit 1
+ fi
+ done
+ sudo /opt/vyatta/sbin/telnetd.init stop
+
+end: pids=`who -u | awk -F " " '{print $7}'`
+ for i in $pids
+ do
+ ppid=`ps -p $i -o ppid=`
+ if ps -p $ppid -o cmd= | grep -q telnetd
+ then
+ echo "Please configure telnet settings via ssh or console."
+ exit 1
+ fi
+ done
+ if [ -z "$VAR(port/@)" ]
+ then
+ exit 0
+ fi
+ sudo /opt/vyatta/sbin/telnetd.init restart $VAR(port/@)
diff --git a/templates/system/name-server/node.def b/templates/system/name-server/node.def
index 0ed43351..3866e82c 100644
--- a/templates/system/name-server/node.def
+++ b/templates/system/name-server/node.def
@@ -5,7 +5,9 @@ update:expression: "sudo sh -c \"touch /etc/resolv.conf && \
if grep -q '$VAR(@)' /etc/resolv.conf; then \
exit 0; \
else \
- echo \\\"nameserver\t $VAR(@)\\\" >> /etc/resolv.conf; \
+ mv -f /etc/resolv.conf /etc/old_resolv.conf && \
+ echo \\\"nameserver\t $VAR(@)\\\" >> /etc/resolv.conf && \
+ cat /etc/old_resolv.conf >> /etc/resolv.conf; \
fi && \
if [ -f /etc/ntp.conf ] && grep -q 'server' /etc/ntp.conf; then \
/usr/sbin/invoke-rc.d ntp restart >&/dev/null; \