From 5da8625a25a4da13edc1caaa3c60f6915958d000 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Wed, 10 Sep 2008 11:24:39 -0700 Subject: Allow operator user to execute top level "update" node. --- etc/shell/level/users/allowed-op | 1 + 1 file changed, 1 insertion(+) diff --git a/etc/shell/level/users/allowed-op b/etc/shell/level/users/allowed-op index c387a99..9a2affa 100644 --- a/etc/shell/level/users/allowed-op +++ b/etc/shell/level/users/allowed-op @@ -15,4 +15,5 @@ telnet terminal traceroute undebug +update vpn -- cgit v1.2.3 From adb56a3213db91c65d261e1c1165634da15975a8 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 17 Sep 2008 15:49:12 -0700 Subject: Add entry for upcoming bonding Need to load bonding in correct step. --- scripts/VyattaConfigLoad.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/VyattaConfigLoad.pm b/scripts/VyattaConfigLoad.pm index b1b7598..5305dc8 100755 --- a/scripts/VyattaConfigLoad.pm +++ b/scripts/VyattaConfigLoad.pm @@ -35,6 +35,7 @@ my %config_rank = ( 'system host-name' => 1005, 'interfaces' => 1000, 'interfaces bridge' => 990, + 'interfaces bonding' => 995, 'interfaces ethernet' => 980, 'interfaces tunnel' => 910, 'system gateway-address' => 890, -- cgit v1.2.3 From 737562c6ab9d800f880f0e7a9be43ac9508e1af8 Mon Sep 17 00:00:00 2001 From: rbalocca Date: Fri, 26 Sep 2008 16:19:36 -0700 Subject: Fix for http://bugzilla.vyatta.com/show_bug.cgi?id=3680 (floppy config not loaded) --- etc/init.d/vyatta-ofr | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/etc/init.d/vyatta-ofr b/etc/init.d/vyatta-ofr index 8ff02ab..87e961f 100755 --- a/etc/init.d/vyatta-ofr +++ b/etc/init.d/vyatta-ofr @@ -12,7 +12,7 @@ # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 as # published by the Free Software Foundation. -# +# # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU @@ -66,6 +66,22 @@ have_rl_system () { # if necessary, provide initial config init_bootfile () { + # try floppy + # if we do not discover an fd device, try loading the floppy module + grep -q fd /proc/devices || modprobe -q floppy 2>/dev/null + grep -q ext2 /proc/filesystems || modprobe -q ext2 2>/dev/null + grep -q vfat /proc/filesystems || modprobe -q vfat 2>/dev/null + if [ ! -d /media/floppy/config ] && grep -q fd /proc/devices + then + mkdir -p /media/floppy 2>/dev/null + mount /dev/fd0 /media/floppy -o sync 2>/dev/null || + mount -t ext2 /dev/fd0 /media/floppy -o sync 2>/dev/null || + mount -t vfat /dev/fd0 /media/floppy 2>/dev/null + fi + + [ -d /media/floppy/config ] && + mount -o bind /media/floppy/config /opt/vyatta/etc/config + if [ -f $BOOTFILE ] && grep -q '/\*XORP Configuration File, v1.0\*/' \ $BOOTFILE >&/dev/null; then CURTIME=$(date +%F-%H%M%S) @@ -78,7 +94,7 @@ init_bootfile () { $vyatta_sbindir/vyatta_current_conf_ver.pl > $BOOTFILE fi fi - chgrp ${GROUP} $BOOTFILE + chgrp ${GROUP} $BOOTFILE chmod 660 $BOOTFILE ## remove the unnecessary and potentially conflicting ## config-directory statement (i.e. /mnt/floppy vs. /media/floppy -- cgit v1.2.3 From 01491ebb315529124dea2d29f4b72507aa48f9ad Mon Sep 17 00:00:00 2001 From: rbalocca Date: Fri, 26 Sep 2008 16:46:05 -0700 Subject: Simplify the code --- etc/init.d/vyatta-ofr | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/etc/init.d/vyatta-ofr b/etc/init.d/vyatta-ofr index 87e961f..200ab0b 100755 --- a/etc/init.d/vyatta-ofr +++ b/etc/init.d/vyatta-ofr @@ -73,11 +73,11 @@ init_bootfile () { grep -q vfat /proc/filesystems || modprobe -q vfat 2>/dev/null if [ ! -d /media/floppy/config ] && grep -q fd /proc/devices then - mkdir -p /media/floppy 2>/dev/null - mount /dev/fd0 /media/floppy -o sync 2>/dev/null || - mount -t ext2 /dev/fd0 /media/floppy -o sync 2>/dev/null || - mount -t vfat /dev/fd0 /media/floppy 2>/dev/null - fi + mkdir -p /media/floppy + mount /dev/fd0 /media/floppy -o sync || + mount -t ext2 /dev/fd0 /media/floppy -o sync || + mount -t vfat /dev/fd0 /media/floppy + fi 2>/dev/null [ -d /media/floppy/config ] && mount -o bind /media/floppy/config /opt/vyatta/etc/config -- cgit v1.2.3 From 128062823ecbe45fa476ab28b145cea83cd365b9 Mon Sep 17 00:00:00 2001 From: slioch Date: Mon, 6 Oct 2008 15:50:50 -0700 Subject: fix for bug 3666. strip off leading and trailing quote from default text values that are deleted. default values are treated differently from hollywood. The main difference a script writer needs to be aware of is that a deleted node will set the value of the node back to the default value rather than deleting the node. This means that a node that has a default value will always be in existence (if the parent exists) and that a user cannot delete this node. --- src/delete.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/src/delete.c b/src/delete.c index 6fe4eb3..57235d6 100644 --- a/src/delete.c +++ b/src/delete.c @@ -78,6 +78,20 @@ static void reset_default(const char *def_val) if (def_val == NULL) return; + //strip off quotes + char tmp_val[1025]; + char *ptr = index(def_val,'"'); + if (ptr != NULL) { + strcpy(tmp_val,ptr); + ptr = rindex(tmp_val,'"'); + if (ptr != NULL) { + *ptr = '\0'; + } + } + else { + strcpy(tmp_val,def_val); + } + char filename[strlen(m_path.path) + 10]; touch(); sprintf(filename, "%s/node.val", m_path.path); @@ -85,7 +99,7 @@ static void reset_default(const char *def_val) FILE *fp = fopen(filename, "w"); if (fp == NULL) bye("can not open: %s", filename); - fputs(def_val, fp); + fputs(tmp_val, fp); fclose(fp); sprintf(filename, "%s/def", m_path.path); -- cgit v1.2.3 From d84444065bd1c05de86012910c16cdf12f95f505 Mon Sep 17 00:00:00 2001 From: slioch Date: Tue, 7 Oct 2008 10:30:47 -0700 Subject: fix for regression bug 3758. added additional check requiring opening and closing quotes before stripping takes place. --- src/delete.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/delete.c b/src/delete.c index 57235d6..3011c12 100644 --- a/src/delete.c +++ b/src/delete.c @@ -82,11 +82,14 @@ static void reset_default(const char *def_val) char tmp_val[1025]; char *ptr = index(def_val,'"'); if (ptr != NULL) { - strcpy(tmp_val,ptr); + strcpy(tmp_val,ptr+1); ptr = rindex(tmp_val,'"'); if (ptr != NULL) { *ptr = '\0'; } + else { + strcpy(tmp_val,def_val); //go with original value. + } } else { strcpy(tmp_val,def_val); -- cgit v1.2.3 From 0a31f85bd2b63af24aa6fecd08a8c75ac45f4535 Mon Sep 17 00:00:00 2001 From: rbalocca Date: Tue, 7 Oct 2008 15:33:47 -0700 Subject: Fix for bug http://bugzilla.vyatta.com/show_bug.cgi?id=2138 --- etc/init.d/vyatta-ofr | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/init.d/vyatta-ofr b/etc/init.d/vyatta-ofr index 200ab0b..87b3cf9 100755 --- a/etc/init.d/vyatta-ofr +++ b/etc/init.d/vyatta-ofr @@ -126,7 +126,7 @@ start () chgrp ${GROUP} ${vyatta_configdir} log_action_end_msg $? init_bootfile - log_daemon_msg "Starting Vyatta Router" + log_daemon_msg "Starting Vyatta router" migrate_bootfile for s in ${subinit[@]} ; do log_progress_msg $s @@ -141,7 +141,7 @@ start () stop() { local -i status=0 - log_daemon_msg "Stopping Vyatta Router" + log_daemon_msg "Stopping Vyatta router" for ((i=${#sub_inits[@]} - 1; i >= 0; i--)) ; do s=${subinit[$i]} log_progress_msg $s -- cgit v1.2.3 From 1929ccae6812ddbd2198791d76bc3e32133bed7d Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Tue, 7 Oct 2008 18:35:46 -0700 Subject: Fix Bug 3770 vpn pre-shared keys should be obscured in "show configuration" --- scripts/VyattaConfigOutput.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/VyattaConfigOutput.pm b/scripts/VyattaConfigOutput.pm index 1933d22..fa0b274 100755 --- a/scripts/VyattaConfigOutput.pm +++ b/scripts/VyattaConfigOutput.pm @@ -75,7 +75,7 @@ sub displayValues { $default = $txt; } } - my $is_password = ($name =~ /^.*password$/); + my $is_password = ($name =~ /^.*(password|pre-shared-secret)$/); my $HIDE_PASSWORD = '****************'; $config->setLevel(join ' ', @cur_path); if ($is_multi) { -- cgit v1.2.3 From dc93eee654d98bbcfcf3458eec066de27ec685d1 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 10 Oct 2008 00:22:01 +0200 Subject: Fix permissions of config file during upgrade Make vyattacfg group before it is used Older versions had incorrect permissions. --- debian/vyatta-cfg.postinst.in | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/debian/vyatta-cfg.postinst.in b/debian/vyatta-cfg.postinst.in index d934b84..96d66be 100644 --- a/debian/vyatta-cfg.postinst.in +++ b/debian/vyatta-cfg.postinst.in @@ -3,9 +3,19 @@ prefix=@prefix@ sysconfdir=@sysconfdir@ +# add group for configuration, if not already present: +grep '^vyattacfg:' /etc/group >&/dev/null || +addgroup --system vyattacfg + mkdir -m 0775 -p $sysconfdir/config $prefix/config chgrp vyattacfg $sysconfdir/config $prefix/config 2>/dev/null +# fix permissions of config file during upgrade +if [ ! -d $sysconfdir/config/config.boot ]; then + chgrp vyattacfg + chmod 0664 $sysconfdir/config/config.boot +fi + update-rc.d vyatta-ofr defaults 90 >/dev/null # do we want to start vyatta-ofr here in postinst? @@ -18,6 +28,3 @@ if [ "$sysconfdir" != "/etc" ]; then done fi -# add group for configuration, if not already present: -grep '^vyattacfg:' /etc/group >&/dev/null || -addgroup --system vyattacfg -- cgit v1.2.3 From 40bb173efe98507b0139a35040b9c8e826ad538c Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 10 Oct 2008 00:35:24 +0200 Subject: Revert my bad idea This was dumb "Fix permissions of config file during upgrade" This reverts commit dc93eee654d98bbcfcf3458eec066de27ec685d1. --- debian/vyatta-cfg.postinst.in | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/debian/vyatta-cfg.postinst.in b/debian/vyatta-cfg.postinst.in index 96d66be..d934b84 100644 --- a/debian/vyatta-cfg.postinst.in +++ b/debian/vyatta-cfg.postinst.in @@ -3,19 +3,9 @@ prefix=@prefix@ sysconfdir=@sysconfdir@ -# add group for configuration, if not already present: -grep '^vyattacfg:' /etc/group >&/dev/null || -addgroup --system vyattacfg - mkdir -m 0775 -p $sysconfdir/config $prefix/config chgrp vyattacfg $sysconfdir/config $prefix/config 2>/dev/null -# fix permissions of config file during upgrade -if [ ! -d $sysconfdir/config/config.boot ]; then - chgrp vyattacfg - chmod 0664 $sysconfdir/config/config.boot -fi - update-rc.d vyatta-ofr defaults 90 >/dev/null # do we want to start vyatta-ofr here in postinst? @@ -28,3 +18,6 @@ if [ "$sysconfdir" != "/etc" ]; then done fi +# add group for configuration, if not already present: +grep '^vyattacfg:' /etc/group >&/dev/null || +addgroup --system vyattacfg -- cgit v1.2.3 From 4c478bece280a9385e19858870317b2bf3b9311f Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 10 Oct 2008 08:05:18 +0200 Subject: reboot not allowed from operator level This change prevents operator from seeing the reboot command in completion. --- etc/shell/level/users/allowed-op | 1 - 1 file changed, 1 deletion(-) diff --git a/etc/shell/level/users/allowed-op b/etc/shell/level/users/allowed-op index 9a2affa..40c1a91 100644 --- a/etc/shell/level/users/allowed-op +++ b/etc/shell/level/users/allowed-op @@ -6,7 +6,6 @@ disconnect exit no ping -reboot release renew set -- cgit v1.2.3 From 4298b55e563520b04b5c06eb426a2b4cbf8229a7 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 15 Oct 2008 21:09:35 -0700 Subject: enforce syntax restrictions on ethernet device names Only allow devices name ethXXX and check that device exists Bugfix 3495 --- templates/interfaces/ethernet/node.def | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/templates/interfaces/ethernet/node.def b/templates/interfaces/ethernet/node.def index ba15828..3023a70 100644 --- a/templates/interfaces/ethernet/node.def +++ b/templates/interfaces/ethernet/node.def @@ -1,19 +1,20 @@ tag: type: txt help: Set ethernet interface +syntax:expression: pattern $VAR(@) "^eth[0-9]+$" \ + ; "interface must be (eth0 - eth999)" syntax:expression: exec " \ - if [ -z \"`ip link | grep eth | egrep -v 'eth[0-9]+[.]' | grep $VAR(@)`\" ]; then \ - echo Invalid ethernet interface [$VAR(@)]; \ - exit 1 ; \ - fi ; " + if [ -f /sys/class/net/$VAR(@) ]; then \ + echo \"Ethernet interface does not exist: $VAR(@)\"; \ + exit 1; \ + fi" + update: sudo ip link set "$VAR(@)" up vyatta-vtysh -c "configure terminal" \ -c "interface $VAR(@)" -c "link-detect" delete: sudo ip link set "$VAR(@)" down -allowed: for dev in /sys/class/net/*; +allowed: for dev in /sys/class/net/eth*; do if [[ -d $dev && -L $dev/device ]] - then if [[ $(cat $dev/type) -eq 1 ]] - then echo -n ${dev##*/} " " - fi + then echo -n ${dev##*/} " " fi done -- cgit v1.2.3 From 41d4dc6644f73b9f3f75103fab03eeb38189265b Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 15 Oct 2008 21:12:03 -0700 Subject: Enforce restrictions on loopback name Add allowed completion and check type of device. --- templates/interfaces/loopback/node.def | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/templates/interfaces/loopback/node.def b/templates/interfaces/loopback/node.def index 7b7a304..b5235a0 100644 --- a/templates/interfaces/loopback/node.def +++ b/templates/interfaces/loopback/node.def @@ -1,9 +1,14 @@ tag: type: txt help: Set loopback interface -syntax:expression: exec " \ - if [ -z \"`ip addr | grep $VAR(@) `\" ]; then \ - echo loopback interface $VAR(@) doesn\\'t exist on this system ; \ - exit 1 ; \ - fi ; " -update:expression: "sudo ip link set $VAR(@) up" +allowed: echo "lo" +syntax:expression: exec "\ + if [ !-d /sys/class/net/$VAR(@) ]; then \ + echo \"loopback interface $VAR(@) does not exist\"; \ + exit 1; \ + elif [ $(cat /sys/class/net/$VAR(@)/type) -ne 772 ]; then \ + echo \"interface $VAR(@) is not a loopback interface\"; \ + exit 1; \ + fi" + +update: sudo ip link set $VAR(@) up -- cgit v1.2.3 From 3e6a15a97881f82bc615eea5075902b038cca4dc Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Fri, 17 Oct 2008 16:19:46 -0700 Subject: Bugfix: 3655 Unload unused RAID modules. --- etc/init.d/vyatta-ofr | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/etc/init.d/vyatta-ofr b/etc/init.d/vyatta-ofr index 87b3cf9..75a03b4 100755 --- a/etc/init.d/vyatta-ofr +++ b/etc/init.d/vyatta-ofr @@ -119,6 +119,19 @@ load_bootfile () fi } + +# Unload the RAID modules that we are not using. It is safe to try to +# unload all of the RAID modules. The kernel will refuse to unload any +# that we are actually using. +# +cleanup_raid() +{ + MD_MODULES='linear multipath raid0 raid1 raid456 raid5 raid6 raid10' + rmmod $MD_MODULES > /tmp/vyatta_raid_cleanup_log 2>&1 +} + + + start () { log_action_begin_msg "Mounting Vyatta Config" @@ -133,6 +146,7 @@ start () ${vyatta_sbindir}/${s}.init start || (log_end_msg $? && return) done load_bootfile + cleanup_raid chmod g-w,o-w / log_end_msg $? -- cgit v1.2.3 From b6b8db9771c217c0d0347e4880f3a516029532a6 Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Tue, 21 Oct 2008 14:36:44 -0700 Subject: Bugfix: 3807: Typo in config template for interfaces/loopback. --- templates/interfaces/loopback/node.def | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/interfaces/loopback/node.def b/templates/interfaces/loopback/node.def index b5235a0..e57f4b1 100644 --- a/templates/interfaces/loopback/node.def +++ b/templates/interfaces/loopback/node.def @@ -3,7 +3,7 @@ type: txt help: Set loopback interface allowed: echo "lo" syntax:expression: exec "\ - if [ !-d /sys/class/net/$VAR(@) ]; then \ + if [ ! -d /sys/class/net/$VAR(@) ]; then \ echo \"loopback interface $VAR(@) does not exist\"; \ exit 1; \ elif [ $(cat /sys/class/net/$VAR(@)/type) -ne 772 ]; then \ -- cgit v1.2.3