diff options
| -rw-r--r-- | Makefile.am | 1 | ||||
| -rwxr-xr-x | etc/bash_completion.d/20vyatta-cfg | 10 | ||||
| -rw-r--r-- | etc/default/vyatta-cfg | 2 | ||||
| -rw-r--r-- | etc/shell/level/users/allowed-op | 1 | ||||
| -rw-r--r-- | etc/shell/level/users/allowed-pipe | 2 | ||||
| -rw-r--r-- | scripts/vyatta-check-typeless-node.pl | 21 | ||||
| -rwxr-xr-x | scripts/vyatta-interfaces.pl | 47 | ||||
| -rw-r--r-- | templates/interfaces/ethernet/node.tag/address/node.def | 1 | ||||
| -rw-r--r-- | templates/interfaces/ethernet/node.tag/mac/node.def | 15 | ||||
| -rw-r--r-- | templates/interfaces/ethernet/node.tag/vif/node.tag/address/node.def | 1 |
10 files changed, 84 insertions, 17 deletions
diff --git a/Makefile.am b/Makefile.am index 2879932..a309d34 100644 --- a/Makefile.am +++ b/Makefile.am @@ -42,6 +42,7 @@ sbin_SCRIPTS += scripts/vyatta-load-config.pl sbin_SCRIPTS += scripts/vyatta-cfg-notify sbin_SCRIPTS += scripts/vyatta-interfaces.pl sbin_SCRIPTS += scripts/vyatta-irqaffin +sbin_SCRIPTS += scripts/vyatta-check-typeless-node.pl share_perl5_SCRIPTS = scripts/VyattaConfig.pm share_perl5_SCRIPTS += scripts/VyattaConfigDOMTree.pm diff --git a/etc/bash_completion.d/20vyatta-cfg b/etc/bash_completion.d/20vyatta-cfg index 463b383..4ad86ce 100755 --- a/etc/bash_completion.d/20vyatta-cfg +++ b/etc/bash_completion.d/20vyatta-cfg @@ -440,8 +440,14 @@ vyatta_parse_tmpl () vyatta_cfg_comp_help=$(vyatta_parse_tmpl_comp_fields $1 "comp_help") if (( ${#vyatta_cfg_allowed[@]} == 0 )); then - local ares=$(eval "$acmd") - eval "vyatta_cfg_allowed=( $ares )" + local -a ares=( $(eval "$acmd") ) + for (( i=0 ; i<${#ares[@]} ; i++ )); do + if [[ "${ares[i]}" != \<*\> ]]; then + vyatta_cfg_allowed+=( "${ares[i]}" ) + else + vyatta_cfg_allowed+=( "" ) + fi + done fi if [ -z "$vyatta_cfg_help" ]; then vyatta_cfg_help='<No help text available>' diff --git a/etc/default/vyatta-cfg b/etc/default/vyatta-cfg index ef02233..7d189d8 100644 --- a/etc/default/vyatta-cfg +++ b/etc/default/vyatta-cfg @@ -43,6 +43,8 @@ if [ $is_admin == 1 ]; then else # no need to check is_users since there are only 2 levels for now declare -x -r VYATTA_USER_LEVEL_DIR=${vyatta_sysconfdir}/shell/level/users + declare -x -r LESSSECURE=1 + alias more=less fi } 2>/dev/null || : diff --git a/etc/shell/level/users/allowed-op b/etc/shell/level/users/allowed-op index 498d120..4c8d16f 100644 --- a/etc/shell/level/users/allowed-op +++ b/etc/shell/level/users/allowed-op @@ -8,7 +8,6 @@ reboot set show telnet -terminal traceroute undebug vpn diff --git a/etc/shell/level/users/allowed-pipe b/etc/shell/level/users/allowed-pipe index 3204ef3..2d92acc 100644 --- a/etc/shell/level/users/allowed-pipe +++ b/etc/shell/level/users/allowed-pipe @@ -1,4 +1,4 @@ -more +less 1 no-more 1 diff --git a/scripts/vyatta-check-typeless-node.pl b/scripts/vyatta-check-typeless-node.pl new file mode 100644 index 0000000..65a7408 --- /dev/null +++ b/scripts/vyatta-check-typeless-node.pl @@ -0,0 +1,21 @@ +#!/usr/bin/perl +use lib "/opt/vyatta/share/perl5/"; +use VyattaConfig; +use VyattaMisc; +use Getopt::Long; + +## Check if a typeless node exists +# this is a lame little script to get around bug 2525 not being fixed. +# i.e. $VAR(./node/) always expands to true. Once bug 2525 is properly +# fixed, this can go away +my $node = shift; +my $config = new VyattaConfig; + +if ($config->exists("$node")) { + exit 0; +} +else { + exit 1; +} + +exit 0; diff --git a/scripts/vyatta-interfaces.pl b/scripts/vyatta-interfaces.pl index 1cad719..e3afe68 100755 --- a/scripts/vyatta-interfaces.pl +++ b/scripts/vyatta-interfaces.pl @@ -34,7 +34,7 @@ use lib "/opt/vyatta/share/perl5/"; use VyattaConfig; use VyattaMisc; use Getopt::Long; - +use POSIX; use NetAddr::IP; use strict; @@ -45,18 +45,22 @@ my $dhcp_conf = '/etc/dhcp3/dhclient.conf'; my $dhcp_pid = '/var/run/dhclient.pid'; my $dhcp_leases = '/var/lib/dhcp3/dhclient.leases'; +my ($eth_update, $eth_delete, $addr, $restart_dhclient, $dev, $mac, $mac_update); -my ($eth_update, $eth_delete, $addr, $restart_dhclient, $dev); GetOptions("eth-addr-update=s" => \$eth_update, "eth-addr-delete=s" => \$eth_delete, "valid-addr=s" => \$addr, "restart-dhclient!" => \$restart_dhclient, "dev=s" => \$dev, + "valid-mac=s" => \$mac, + "set-mac=s" => \$mac_update, ); if (defined $eth_update) { update_eth_addrs($eth_update, $dev); } if (defined $eth_delete) { delete_eth_addrs($eth_delete, $dev); } if (defined $addr) { is_valid_addr($addr, $dev); } +if (defined $mac) { is_valid_mac($mac, $dev); } +if (defined $mac_update) { update_mac($mac_update, $dev); } if (defined $restart_dhclient) { dhcp_restart_daemon(); } sub is_ip_configured { @@ -342,6 +346,45 @@ sub delete_eth_addrs { } } +sub update_mac { + my ($mac, $intf) = @_; + + open my $fh, "<", "/sys/class/net/$intf/flags" + or die "Error: $intf is not a network device\n"; + + my $flags = <$fh>; + chomp $flags; + close $fh or die "Error: can't read state\n"; + + if (POSIX::strtoul($flags) & 1) { + # NB: Perl 5 system return value is bass-ackwards + system "sudo ip link set $intf down" + and die "Could not set $intf down ($!)\n"; + system "sudo ip link set $intf address $mac" + and die "Could not set $intf address ($!)\n"; + system "sudo ip link set $intf up" + and die "Could not set $intf up ($!)\n"; + } else { + exec "sudo ip link set $intf address $mac"; + } + exit 0; +} + +sub is_valid_mac { + my ($mac, $intf) = @_; + my @octets = split /:/, $mac; + + ($#octets == 5) or die "Error: wrong number of octets: $#octets\n"; + + (($octets[0] & 1) == 0) or die "Error: $mac is a multicast address\n"; + + my $sum = 0; + $sum += strtoul('0x' . $_) foreach @octets; + ( $sum != 0 ) or die "Error: zero is not a valid address\n"; + + exit 0; +} + sub is_valid_addr { my ($addr_net, $intf) = @_; diff --git a/templates/interfaces/ethernet/node.tag/address/node.def b/templates/interfaces/ethernet/node.tag/address/node.def index 410c072..23b1262 100644 --- a/templates/interfaces/ethernet/node.tag/address/node.def +++ b/templates/interfaces/ethernet/node.tag/address/node.def @@ -4,6 +4,7 @@ help: Configure an IP address for this interface syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr $VAR(@) --dev $VAR(../@)"; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../@)" update:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@)"; "Error setting address $VAR(@) on interface $VAR(../@)" delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@)"; "Error deleting address $VAR(@) on interface $VAR(../@)" +allowed: echo "dhcp <>" comp_help:Possible completions: <IP address>/<prefix length>\tSet the IP address and prefix length dhcp\t\t\t\tSet the IP address and prefix length via DHCP diff --git a/templates/interfaces/ethernet/node.tag/mac/node.def b/templates/interfaces/ethernet/node.tag/mac/node.def index e556743..d25b378 100644 --- a/templates/interfaces/ethernet/node.tag/mac/node.def +++ b/templates/interfaces/ethernet/node.tag/mac/node.def @@ -1,14 +1,7 @@ type: macaddr help: Set the MAC address of this interface +syntax:expression: exec "\ + /opt/vyatta/sbin/vyatta-interfaces.pl --dev $VAR(../@) --valid-mac $VAR(@)" +update: /opt/vyatta/sbin/vyatta-interfaces.pl --dev $VAR(../@) --set-mac $VAR(@) +delete: /opt/vyatta/sbin/vyatta-interfaces.pl --dev $VAR(../@) --set-mac $VAR(../hw-id/@) -update:expression: "sudo sh -c \"ip link set $VAR(../@) down && \ - ip link set $VAR(../@) address $VAR(@) && \ - ip link set $VAR(../@) up; \" "; \ - "Error setting MAC address on dev $VAR(../@)" - -delete:expression: "sudo sh -c \"ip link set $VAR(../@) down && \ - ip link set $VAR(../@) address \ - $VAR(../hw-id/@) && \ - ip link set $VAR(../@) up;\" "; \ - "Error resetting MAC address on dev $VAR(../@) to \ - $VAR(../hw-id/@)" diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/address/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/address/node.def index 6653727..a33818f 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/address/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/address/node.def @@ -4,6 +4,7 @@ help: Configure an IP address for this interface syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr $VAR(@) --dev $VAR(../../@).$VAR(../@) "; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../../@).$VAR(../@)" create:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../../@).$VAR(../@) "; "Error setting address $VAR(@) on dev $VAR(../../@).$VAR(../@) " delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../../@).$VAR(../@) "; "Error deleting address $VAR(@) on dev $VAR(../../@).$VAR(../@) " +allowed: echo "dhcp <>" comp_help:Possible completions: <IP address>/<prefix length> Set the IP address and prefix length dhcp Set the IP address and prefix length via DHCP |