Merge branch 'glendale' of suva.vyatta.com:/git/vyatta-cfg into glendale

10 files changed, 259 insertions, 5 deletions

diff --git a/Makefile.am b/Makefile.am
index a309d34..4496be6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -43,6 +43,7 @@ sbin_SCRIPTS  += scripts/vyatta-cfg-notify
 sbin_SCRIPTS  += scripts/vyatta-interfaces.pl
 sbin_SCRIPTS  += scripts/vyatta-irqaffin
 sbin_SCRIPTS  += scripts/vyatta-check-typeless-node.pl
+sbin_SCRIPTS  += scripts/vyatta-watchlink-exclude.pl
 
 share_perl5_SCRIPTS = scripts/VyattaConfig.pm
 share_perl5_SCRIPTS += scripts/VyattaConfigDOMTree.pm
diff --git a/debian/changelog b/debian/changelog
index 5f9affd..38a5169 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,56 @@
+vyatta-cfg (0.3) unstable; urgency=low
+
+  VC4.0.1
+  [ Mark O'Brien ]
+
+
+  [ An-Cheng Huang ]
+  * fix for bug 2868: return failure for invalid values.
+  * fix for bug 2749: add u32 range check
+  * fix for bug 2912: direct config loading output to syslog.
+  * fix for bug 2924: set admin flag for root
+  * fix for bug 2950: raise config error messages during boot to warning
+    level.
+  * add LESSSECURE
+  * partial fix for bug 2987: use "less" instead of "more", and disable
+  * handle "<*>" allowed values
+
+  [ Bob Gilligan ]
+  * Bugfix: 2653
+  * Bugfix: 2885
+  * Bugfix: 2986
+
+  [ Christopher Liljenstolpe ]
+  * Fix 2954: IPv6 addresses that have a-f in the address fail.
+
+  [ Mohit Mehta ]
+  * CLI tab enhancement at "set interfaces ethernet <> address"
+  * CLI tab enhancement at "set interfaces ethernet <> address"
+
+  [ Robert Bays ]
+  * fix for bugs 2725 and 2999
+  * fix for bugs 2725 2999
+
+  [ Stephen Hemminger ]
+  * Read qos-policy before setting interface qos-policy
+  * Replace VPL with GPLv2
+  * Convert from VPL 1.0 to GPLv2
+  * more robust handling of set mac address
+  * Don't allow operator to run init-floppy
+
+  [ rbalocca ]
+  * Merge changelog fix to glendale
+  * Vyatta-cfg postinst was preventing upgrade
+  * Add VPL to scripts and fix lintian errors
+  * Fix problems with upgrading (and also fix lintian errors)
+  * Fix problems with upgrading (and also fix lintian errors)
+  * Remove a dependency listed twice
+  * Add GPLv2 to additional Vyatta created scripts
+
+  [ Mark O'Brien ]
+
+ -- Mark O'Brien <mobrien@vyatta.com>  Tue, 18 Mar 2008 19:04:10 -0700
+
 vyatta-cfg (0.2) unstable; urgency=low
 
   vc4.0.0
diff --git a/debian/control b/debian/control
index c359bcd..308105a 100644
--- a/debian/control
+++ b/debian/control
@@ -7,12 +7,12 @@ Standards-Version: 3.7.2
 
 Package: vyatta-cfg
 Architecture: any
-Depends: bash (>= 3.1),
- sed (>= 4.1.5),
+Depends: sed (>= 4.1.5),
  perl (>= 5.8.8),
  procps (>= 1:3.2.7-3),
- vyatta-quagga | quagga,
  coreutils (>= 5.97-5.3),
+ vyatta-bash | bash (>= 3.1),
+ vyatta-quagga | quagga,
  vyatta-op,
  vyatta-config-migrate, 
  dhcp3-client | vyatta-dhcp3-client,
diff --git a/etc/bash_completion.d/20vyatta-cfg b/etc/bash_completion.d/20vyatta-cfg
index 4ad86ce..f979939 100755
--- a/etc/bash_completion.d/20vyatta-cfg
+++ b/etc/bash_completion.d/20vyatta-cfg
@@ -440,7 +440,10 @@ vyatta_parse_tmpl ()
   vyatta_cfg_comp_help=$(vyatta_parse_tmpl_comp_fields $1 "comp_help")
  
   if (( ${#vyatta_cfg_allowed[@]} == 0 )); then
-    local -a ares=( $(eval "$acmd") )
+    astr=$(eval "$acmd")
+    astr=${astr//</\\<}
+    astr=${astr//>/\\>}
+    eval "ares=( $astr )"
     for (( i=0 ; i<${#ares[@]} ; i++ )); do
       if [[ "${ares[i]}" != \<*\> ]]; then
         vyatta_cfg_allowed+=( "${ares[i]}" )
diff --git a/etc/init.d/vyatta-ofr b/etc/init.d/vyatta-ofr
index b1e7a69..776aaf4 100755
--- a/etc/init.d/vyatta-ofr
+++ b/etc/init.d/vyatta-ofr
@@ -66,6 +66,11 @@ have_rl_system () {
 
 # if necessary, provide initial config
 init_bootfile () {
+    if [ -f $BOOTFILE ] && grep -q '/\*XORP Configuration File, v1.0\*/' \
+			    $BOOTFILE >&/dev/null; then
+	CURTIME=$(date +%F-%H%M%S)
+	mv $BOOTFILE $BOOTFILE.pre-glendale.$CURTIME
+    fi
     if [ ! -f $BOOTFILE ] ; then
 	if [ -f $vyatta_sysconfdir/config.boot.default ]; then
 	  cp $vyatta_sysconfdir/config.boot.default $BOOTFILE
diff --git a/scripts/VyattaConfigLoad.pm b/scripts/VyattaConfigLoad.pm
index 9605017..c4ce8bd 100755
--- a/scripts/VyattaConfigLoad.pm
+++ b/scripts/VyattaConfigLoad.pm
@@ -30,6 +30,8 @@ use VyattaConfig;
 my $default_rank = 0;
 my %config_rank  = (
     'qos-policy'            => 110,
+    'firewall'              => 102,
+    'service nat'           => 101,
     'interfaces'            => 100,
     'interfaces bridge'     => 99,
     'interfaces ethernet'   => 98,
@@ -38,6 +40,7 @@ my %config_rank  = (
     'protocols static'      => 85,
     'service ssh'           => 84,
     'service telnet'        => 83,
+    'vpn'                   => 80,
 );
 
 my @all_nodes = ();
diff --git a/scripts/VyattaTypeChecker.pm b/scripts/VyattaTypeChecker.pm
index 2a7d0c9..f77664f 100755
--- a/scripts/VyattaTypeChecker.pm
+++ b/scripts/VyattaTypeChecker.pm
@@ -52,8 +52,11 @@ use strict;
 my %type_handler = (
                     'ipv4' => \&validate_ipv4,
                     'ipv4net' => \&validate_ipv4net,
+                    'ipv4range' => \&validate_ipv4range,
                     'ipv4_negate' => \&validate_ipv4_negate,
                     'ipv4net_negate' => \&validate_ipv4net_negate,
+                    'ipv4range_negate' => \&validate_ipv4range_negate,
+                    'iptables4_addr' => \&validate_iptables4_addr,
                     'protocol' => \&validate_protocol,
                     'protocol_negate' => \&validate_protocol_negate,
                     'macaddr' => \&validate_macaddr,
@@ -75,6 +78,14 @@ sub validate_ipv4net {
   return 1;
 }
 
+sub validate_ipv4range {
+  $_ = shift;
+  return 0 if (!/^([^-]+)-([^-]+)$/);
+  my ($a1, $a2) = ($1, $2);
+  return 0 if (!validate_ipv4($a1) || !validate_ipv4($a2));
+  return 1;
+}
+
 sub validate_ipv4_negate {
   my $value = shift;
   if ($value =~ m/^\!(.*)$/) {
@@ -91,6 +102,22 @@ sub validate_ipv4net_negate {
   return validate_ipv4net($value);
 }
 
+sub validate_ipv4range_negate {
+  my $value = shift;
+  if ($value =~ m/^\!(.*)$/) {
+    $value = $1;
+  }
+  return validate_ipv4range($value);
+}
+
+sub validate_iptables4_addr {
+  my $value = shift;
+  return 0 if (!validate_ipv4_negate($value)
+               && !validate_ipv4net_negate($value)
+               && !validate_ipv4range_negate($value));
+  return 1;
+}
+
 sub validate_protocol {
   my $value = shift;
   $value = lc $value;
diff --git a/scripts/vyatta-load-config.pl b/scripts/vyatta-load-config.pl
index a432d8c..05323e3 100755
--- a/scripts/vyatta-load-config.pl
+++ b/scripts/vyatta-load-config.pl
@@ -40,6 +40,24 @@ if (!($load_file =~ /^\//)) {
   $load_file = "$bootpath/$load_file";
 }
 
+if (!open(CFG, "<$load_file")) {
+  print "Cannot open configuration file $load_file\n";
+  exit 1;
+}
+while (<CFG>) {
+  if (/\/\*XORP Configuration File, v1.0\*\//) {
+    print "Warning: Loading a pre-Glendale configuration.\n";
+    print "Do you want to continue? [no] ";
+    my $resp = <STDIN>;
+    if (!($resp =~ /^yes$/i)) {
+      print "Configuration not loaded\n";
+      exit 1;
+    }
+    last;
+  }
+}
+close CFG;
+
 # do config migration
 system("$sbindir/vyatta_config_migrate.pl $load_file");
 
diff --git a/scripts/vyatta-watchlink-exclude.pl b/scripts/vyatta-watchlink-exclude.pl
new file mode 100755
index 0000000..9805463
--- /dev/null
+++ b/scripts/vyatta-watchlink-exclude.pl
@@ -0,0 +1,144 @@
+#!/usr/bin/perl
+#
+# Module: vyatta-watchlink-exclude.pl
+# 
+# **** License ****
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+# 
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# A copy of the GNU General Public License is available as
+# `/usr/share/common-licenses/GPL' in the Debian GNU/Linux distribution
+# or on the World Wide Web at `http://www.gnu.org/copyleft/gpl.html'.
+# You can also obtain it by writing to the Free Software Foundation,
+# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+# 
+# This code was originally developed by Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc.
+# All Rights Reserved.
+# 
+# Author: Stig Thormodsrud
+# Date: March 2008
+# Description: Script to update watchlink exclude file
+# 
+# **** End License ****
+#
+
+#
+# parameters:
+#   --id=""     : owner of exclude line (e.g. vrrp, ha) [required]
+#   --action="" : add or remove                         [required]
+#   --intf=""   : interface                             [required]
+#   --ipaddr="" : ip address or network to execlude     [optional]
+#   --signal    : should watchlink get signaled         [optional]
+#
+# Expected format of exclude file:
+#
+# [interface] ([ipv4addr]|ipv4net]) # id
+# 
+
+use Getopt::Long;
+use POSIX;
+
+use strict;
+use warnings;
+
+my $exclude_file  = '/var/linkstatus/exclude';
+my $watchlink_pid = '/var/run/vyatta/quagga/watchlink.pid';
+
+sub read_exclude_file {
+    my $FILE;
+    my @lines = ();
+    if (! -e $exclude_file) {
+	return @lines;
+    }
+    open($FILE, "<", $exclude_file) or die "Error: read() $!";
+    @lines = <$FILE>;
+    close($FILE);
+    chomp @lines;
+    return @lines;
+}
+
+sub write_exclude_file {
+    my @lines = @_;
+
+    my $FILE;
+    open($FILE, ">", $exclude_file) or die "Error: write() $!";
+    if (scalar(@lines) > 0) {
+	print $FILE join("\n", @lines), "\n";
+    }
+    close($FILE);
+}
+
+sub remove_exclude_line {
+    my ($remove_line, @lines) = @_;
+
+    my @new_lines;
+    my $match = 0;
+    foreach my $line (@lines) {
+	if ($line eq $remove_line) {
+	    $match++;
+	} else {
+	    push @new_lines, $line;
+	}
+    }
+    if ($match < 1) {
+	die "Error: no match found for $remove_line";
+    }
+    return @new_lines;
+}
+
+
+#
+# main
+#
+
+my ($opt_id, $opt_action, $opt_intf, $opt_ipaddr, $opt_ipnet, $opt_signal);
+
+GetOptions("id=s"     => \$opt_id,
+	   "action=s" => \$opt_action,
+	   "intf=s"   => \$opt_intf,
+	   "ipaddr=s" => \$opt_ipaddr,
+	   "signal!"  => \$opt_signal,
+    );
+
+if (!(defined $opt_id and defined $opt_action and defined $opt_intf) ) {
+    die "Error: parameters --id --intf --action must be set";
+}
+
+if ($opt_action ne "add" and $opt_action ne "remove") {
+    die "Error: --action must be \"add\" or \"remove\" ";
+}
+
+my @lines = read_exclude_file();
+my $new_line = "$opt_intf ";
+if (defined $opt_ipaddr) {
+    $new_line .= "$opt_ipaddr ";
+}
+if (defined $opt_id) {
+    $new_line .= "# $opt_id";
+}
+
+if ($opt_action eq "add") {
+    push @lines, $new_line;
+} else {
+    @lines = remove_exclude_line($new_line, @lines);
+}
+write_exclude_file(@lines);
+
+if (defined $opt_signal) {
+    if (! -e $watchlink_pid) {
+	die "Error: missing pid file [$watchlink_pid]\n";
+    }
+    my $pid = `cat $watchlink_pid`;
+    chomp $pid;
+    system("kill -10 $pid");
+}
+
+# end of file
diff --git a/src/delete.c b/src/delete.c
index b62a697..bb36fd1 100644
--- a/src/delete.c
+++ b/src/delete.c
@@ -28,7 +28,7 @@ static void remove_rf(boolean do_umount)
       command = my_malloc(strlen(get_mdirp()) + strlen(get_cdirp()) + 
 			  strlen(get_mdirp()) + 100,
 			  "delete");
-      sprintf(command, "sudo mount -t $UNIONFS -o dirs=%s=rw:%s=ro:" 
+      sprintf(command, "sudo mount -t $UNIONFS -o dirs=%s=rw:%s=ro" 
 	      " $UNIONFS %s", get_cdirp(), get_adirp(), get_mdirp());
       system(command);
       free(command);