From 556580381ed0008c463aa0dd109f839f140f3443 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Wed, 22 Oct 2008 02:01:03 -0700 Subject: Fix Bug 3567 Debug messages are not logged by default on upgraded system - copy over default islavista syslog.conf during upgrade from hollywood --- debian/vyatta-cfg-system.postinst.in | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 21d7ff32..e9541dbe 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -118,6 +118,15 @@ if [ -e /etc/default/mdadm ]; then sed -i 's+^DAEMON_OPTIONS=.*$+DAEMON_OPTIONS="--syslog --program /opt/vyatta/sbin/vyatta-raid-event"+' /etc/default/mdadm fi +# --following is added to resolve issues related to bug 3567 on upgrade from hollywood to islavista-- +# back-up existing /etc/syslog.conf file in hollywood which might be broken +# and replace it with the default syslog.conf in islavista. when system restarts +# after upgrade, whatever is configured in CLI will be written to syslog.conf +# + +cp -p /etc/syslog.conf /etc/syslog.conf.bak +cp -f /opt/vyatta/etc/syslog.conf /etc/syslog.conf + # Local Variables: # mode: shell-script # sh-indentation: 4 -- cgit v1.2.3 From 0e1f76414aad46e320ca173c5b5d29faa7f5a87e Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 23 Oct 2008 20:45:40 -0700 Subject: Fix bad tab completion on interfaces/bonding Can't use $VAR(../@) in allowed tag, it doesn't get expanded properly. --- templates/interfaces/bonding/node.tag/primary/node.def | 6 ------ 1 file changed, 6 deletions(-) diff --git a/templates/interfaces/bonding/node.tag/primary/node.def b/templates/interfaces/bonding/node.tag/primary/node.def index 171c8daf..bae8a499 100644 --- a/templates/interfaces/bonding/node.tag/primary/node.def +++ b/templates/interfaces/bonding/node.tag/primary/node.def @@ -2,11 +2,5 @@ type: txt syntax:expression: exec \ "grep -s $VAR(@) /sys/class/net/$VAR(../@)/bonding/slaves" \ ; "Ethernet interface must be part of the bonding group" -allowed: cat /sys/class/net/$VAR(../@)/bonding/slaves update: sudo sh -c "echo $VAR(@) >/sys/class/net/$VAR(../@)/bonding/primary" help: Specify the primary device - - - - - -- cgit v1.2.3 From 48bec978b2e2be9327163b8342a253cf69b61c6c Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Fri, 24 Oct 2008 15:29:54 -0700 Subject: add firewall configuration to bridge interface --- .../bridge/node.tag/firewall/in/name/node.def | 18 ++++++++++++++++++ .../interfaces/bridge/node.tag/firewall/in/node.def | 1 + .../bridge/node.tag/firewall/local/name/node.def | 18 ++++++++++++++++++ .../interfaces/bridge/node.tag/firewall/local/node.def | 1 + templates/interfaces/bridge/node.tag/firewall/node.def | 1 + .../bridge/node.tag/firewall/out/name/node.def | 18 ++++++++++++++++++ .../interfaces/bridge/node.tag/firewall/out/node.def | 1 + 7 files changed, 58 insertions(+) create mode 100644 templates/interfaces/bridge/node.tag/firewall/in/name/node.def create mode 100644 templates/interfaces/bridge/node.tag/firewall/in/node.def create mode 100644 templates/interfaces/bridge/node.tag/firewall/local/name/node.def create mode 100644 templates/interfaces/bridge/node.tag/firewall/local/node.def create mode 100644 templates/interfaces/bridge/node.tag/firewall/node.def create mode 100644 templates/interfaces/bridge/node.tag/firewall/out/name/node.def create mode 100644 templates/interfaces/bridge/node.tag/firewall/out/node.def diff --git a/templates/interfaces/bridge/node.tag/firewall/in/name/node.def b/templates/interfaces/bridge/node.tag/firewall/in/name/node.def new file mode 100644 index 00000000..45ddefa1 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/firewall/in/name/node.def @@ -0,0 +1,18 @@ +type: txt + +help: Set inbound interface filter name + +create:expression: "sh -c \"echo create eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +update:expression: "sh -c \"echo update eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +delete:expression: "sh -c \"echo delete eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces delete $VAR(../../../@) $VAR(..) $VAR(@)\" " diff --git a/templates/interfaces/bridge/node.tag/firewall/in/node.def b/templates/interfaces/bridge/node.tag/firewall/in/node.def new file mode 100644 index 00000000..eccc79b4 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/firewall/in/node.def @@ -0,0 +1 @@ +help: Set filter for forwarded packets on inbound interface diff --git a/templates/interfaces/bridge/node.tag/firewall/local/name/node.def b/templates/interfaces/bridge/node.tag/firewall/local/name/node.def new file mode 100644 index 00000000..29082074 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/firewall/local/name/node.def @@ -0,0 +1,18 @@ +type: txt + +help: Set local filter name + +create:expression: "sh -c \"echo create eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +update:expression: "sh -c \"echo update eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +delete:expression: "sh -c \"echo delete eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces delete $VAR(../../../@) $VAR(..) $VAR(@)\" " diff --git a/templates/interfaces/bridge/node.tag/firewall/local/node.def b/templates/interfaces/bridge/node.tag/firewall/local/node.def new file mode 100644 index 00000000..25958359 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/firewall/local/node.def @@ -0,0 +1 @@ +help: Set filter for packets destined for this router diff --git a/templates/interfaces/bridge/node.tag/firewall/node.def b/templates/interfaces/bridge/node.tag/firewall/node.def new file mode 100644 index 00000000..11748d20 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/firewall/node.def @@ -0,0 +1 @@ +help: Set firewall options diff --git a/templates/interfaces/bridge/node.tag/firewall/out/name/node.def b/templates/interfaces/bridge/node.tag/firewall/out/name/node.def new file mode 100644 index 00000000..13a7c312 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/firewall/out/name/node.def @@ -0,0 +1,18 @@ +type: txt + +help: Set outbound interface filter name + +create:expression: "sh -c \"echo create eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +update:expression: "sh -c \"echo update eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +delete:expression: "sh -c \"echo delete eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces delete $VAR(../../../@) $VAR(..) $VAR(@)\" " diff --git a/templates/interfaces/bridge/node.tag/firewall/out/node.def b/templates/interfaces/bridge/node.tag/firewall/out/node.def new file mode 100644 index 00000000..3aec5f05 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/firewall/out/node.def @@ -0,0 +1 @@ +help: Set filter for forwarded packets on outbound interface -- cgit v1.2.3 From 045cf9441d8c4bfeb178925bf140848ab251f779 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 27 Oct 2008 15:48:23 -0700 Subject: Fix password changer to deal with update config format Colons are no longer used in config file format, so the sed command to change password was having no effect. Bugfix 3665 --- scripts/install-system | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) mode change 100644 => 100755 scripts/install-system diff --git a/scripts/install-system b/scripts/install-system old mode 100644 new mode 100755 index ff7a5d41..d755339d --- a/scripts/install-system +++ b/scripts/install-system @@ -854,6 +854,11 @@ copy_config () { fi } +set_encrypted_password() { + sed -i \ + -e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password: \"$2\"/" $3 +} + change_password() { local user=$1 local pwd1="1" @@ -861,9 +866,9 @@ change_password() { until [ "$pwd1" == "$pwd2" ] do - read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 1>&0 + read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 2>&0 echo - read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 1>&0 + read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 2>&0 echo if [ "$pwd1" != "$pwd2" ] @@ -873,10 +878,7 @@ change_password() { # escape any slashes in resulting password local epwd=$(mkpasswd -H md5 "$pwd1" | sed 's:/:\\/:g') - - sed -i \ - -e "/ user $user {/,/}/s/encrypted-password:.*\$/encrypted-password: \"$epwd\"/" \ - $rootfsdir$ofrconfdir/config.boot + set_encrypted_password $user $epwd $rootfsdir$ofrconfdir/config.boot } system_setup () { -- cgit v1.2.3 From 1b0ad6073975f6a728d2fce1a266f22636f574cb Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 27 Oct 2008 15:59:56 -0700 Subject: Handle config file format change in standalone reset Corollary to earlier bugfix in install-system --- scripts/standalone_root_pw_reset | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset index f08bf7d6..34113129 100755 --- a/scripts/standalone_root_pw_reset +++ b/scripts/standalone_root_pw_reset @@ -23,6 +23,11 @@ # The Vyatta config file: CF=/opt/vyatta/etc/config/config.boot +set_encrypted_password() { + sed -i \ + -e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password: \"$2\"/" $3 +} + change_password() { local user=$1 local pwd1="1" @@ -30,9 +35,9 @@ change_password() { until [ "$pwd1" == "$pwd2" ] do - read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 1>&0 + read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 2>&0 echo - read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 1>&0 + read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 2>&0 echo if [ "$pwd1" != "$pwd2" ] @@ -42,10 +47,7 @@ change_password() { # escape any slashes in resulting password local epwd=$(mkpasswd -H md5 "$pwd1" | sed 's:/:\\/:g') - - sed -i \ - -e "/ user $user {/,/}/s/encrypted-password:.*\$/encrypted-password: \"$epwd\"/" \ - $CF + set_encrypted_password $user $epwd $CF } echo "Standalone root password recovery tool." -- cgit v1.2.3 From 6bf9995ed54f023e4147c6011de6a1d5191e766d Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Mon, 27 Oct 2008 16:13:44 -0700 Subject: Fix Bug 3840 System error reported on initial SNMP commit with trap target redirect error to /dev/null --- scripts/snmp/vyatta-snmp.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index 6de63fb0..58dc374f 100644 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -163,7 +163,7 @@ sub snmp_write_snmpv3_user { my $vyatta_user = shift; my $user = "rouser $vyatta_user\n"; - system ("sed -i '/user[[:space:]]*vyatta[[:alnum:]]*/d' $snmp_snmpv3_user_conf;"); + system ("sed -i '/user[[:space:]]*vyatta[[:alnum:]]*/d' $snmp_snmpv3_user_conf 2>/dev/null;"); open(my $fh, '>>', $snmp_snmpv3_user_conf) || die "Couldn't open $snmp_snmpv3_user_conf - $!"; print $fh $user; close $fh; -- cgit v1.2.3 From 0f62025ad48e9a50299dea4cbce8640b1fc973d6 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 27 Oct 2008 16:18:45 -0700 Subject: Make stanalone passwd reset work --- scripts/standalone_root_pw_reset | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset index 34113129..715c67fc 100755 --- a/scripts/standalone_root_pw_reset +++ b/scripts/standalone_root_pw_reset @@ -65,7 +65,7 @@ fi # OK, now we know we are running in standalone mode. Talk to the # user. # -echo "Do you wish to reset the root password" +echo "Do you wish to change the root password" echo -n "to the original default value (vyatta)? (Yes/No) [No]: " read response response=${response:0:1} @@ -96,6 +96,8 @@ cp $CF ${CF}.before_pwrecovery echo "Setting the root password..." +change_password root + echo $(date "+%b%e %T") $(hostname) "Root password changed" \ | tee -a /var/log/auth.log >>/var/log/messages -- cgit v1.2.3 From bd5e025253397e80787f2c21ebb95c67fa4e140d Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 27 Oct 2008 16:31:06 -0700 Subject: Allow more ethtool commands Bugfix 3832 Need to allow ethtool statistics for operator --- debian/vyatta-cfg-system.postinst.in | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index e9541dbe..a814df9c 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -55,11 +55,15 @@ Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \ /sbin/ip route flush cache *,\ /sbin/ip neigh flush to *, \ /sbin/ip neigh flush dev * -Cmnd_Alias ETHTOOLP = /usr/sbin/ethtool -p * +Cmnd_Alias ETHTOOL = /usr/sbin/ethtool -p *, \ + /usr/sbin/ethtool -S *, \ + /usr/sbin/ethtool -a *, \ + /usr/sbin/ethtool -c *, \ + /usr/sbin/ethtool -i * Cmnd_Alias DATE = /bin/date, /usr/sbin/ntpdate Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff Cmnd_Alias PCAPTURE = /usr/bin/tshark, /usr/bin/tcpdump -%operator ALL=NOPASSWD: DATE, IPTABLES, ETHTOOLP, IPFLUSH, \ +%operator ALL=NOPASSWD: DATE, IPTABLES, ETHTOOL, IPFLUSH, \ PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon, /usr/bin/lsof EOF cat <>/etc/sudoers -- cgit v1.2.3 From 21b96894a7ad4e44838312668429cc5c670ee55b Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 28 Oct 2008 16:23:01 -0700 Subject: Fix standalone password reset Handle case of running in standalone where there is no /dev/tty. Handle both formats in configuration file Bugfix 3844 --- scripts/install-system | 2 +- scripts/standalone_root_pw_reset | 19 ++++++++----------- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/scripts/install-system b/scripts/install-system index d755339d..e4464ede 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -856,7 +856,7 @@ copy_config () { set_encrypted_password() { sed -i \ - -e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password: \"$2\"/" $3 + -e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password \"$2\"/" $3 } change_password() { diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset index 715c67fc..d089b50d 100755 --- a/scripts/standalone_root_pw_reset +++ b/scripts/standalone_root_pw_reset @@ -25,7 +25,7 @@ CF=/opt/vyatta/etc/config/config.boot set_encrypted_password() { sed -i \ - -e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password: \"$2\"/" $3 + -e "/ user $1 {/,/}/s/encrypted-password.*\$/encrypted-password \"$2\"/" $3 } change_password() { @@ -35,9 +35,9 @@ change_password() { until [ "$pwd1" == "$pwd2" ] do - read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 2>&0 + read -p "Enter $user password: " -r -s pwd1 echo - read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 2>&0 + read -p "Retype $user password: " -r -s pwd2 echo if [ "$pwd1" != "$pwd2" ] @@ -65,21 +65,18 @@ fi # OK, now we know we are running in standalone mode. Talk to the # user. # -echo "Do you wish to change the root password" -echo -n "to the original default value (vyatta)? (Yes/No) [No]: " -read response +read -p "Do you wish to change the root password? " response response=${response:0:1} if [ "$response" != "y" -a "$response" != "Y" ]; then - echo "OK, the root password will not be reset." + echo "OK, the root password will not be changed." echo -n "Rebooting in 5 seconds..." sleep 5 echo /sbin/reboot -f fi - -echo "Starting process to reset the root password..." +echo "Starting process to change the root password..." echo "Re-mounting root filesystem read/write..." mount -o remount,rw / @@ -94,10 +91,10 @@ fi echo "Saving backup copy of config.boot..." cp $CF ${CF}.before_pwrecovery -echo "Setting the root password..." - +echo change_password root +echo "Root password changed" echo $(date "+%b%e %T") $(hostname) "Root password changed" \ | tee -a /var/log/auth.log >>/var/log/messages -- cgit v1.2.3