From 2fd9d914de23cd6fabc08e3e4be4a588f2b2803d Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Tue, 11 Mar 2008 16:37:58 -0700
Subject: more robust handling of set mac address

Bugfix: 2826
Enforce restrictions on address (must be valid ethernet address),
and only bring interface down/up if already up.
---
 scripts/vyatta-interfaces.pl                       | 47 +++++++++++++++++++++-
 .../interfaces/ethernet/node.tag/mac/node.def      | 15 ++-----
 2 files changed, 49 insertions(+), 13 deletions(-)

diff --git a/scripts/vyatta-interfaces.pl b/scripts/vyatta-interfaces.pl
index 1cad719..e3afe68 100755
--- a/scripts/vyatta-interfaces.pl
+++ b/scripts/vyatta-interfaces.pl
@@ -34,7 +34,7 @@ use lib "/opt/vyatta/share/perl5/";
 use VyattaConfig;
 use VyattaMisc;
 use Getopt::Long;
-
+use POSIX;
 use NetAddr::IP;
 
 use strict;
@@ -45,18 +45,22 @@ my $dhcp_conf   = '/etc/dhcp3/dhclient.conf';
 my $dhcp_pid    = '/var/run/dhclient.pid';
 my $dhcp_leases = '/var/lib/dhcp3/dhclient.leases';
 
+my ($eth_update, $eth_delete, $addr, $restart_dhclient, $dev, $mac, $mac_update);
 
-my ($eth_update, $eth_delete, $addr, $restart_dhclient, $dev);
 GetOptions("eth-addr-update=s" => \$eth_update,
 	   "eth-addr-delete=s" => \$eth_delete,
 	   "valid-addr=s"      => \$addr,
 	   "restart-dhclient!" => \$restart_dhclient,
            "dev=s"             => \$dev,
+	   "valid-mac=s"       => \$mac,
+	   "set-mac=s"	       => \$mac_update,
 );
 
 if (defined $eth_update)       { update_eth_addrs($eth_update, $dev); }
 if (defined $eth_delete)       { delete_eth_addrs($eth_delete, $dev);  }
 if (defined $addr)             { is_valid_addr($addr, $dev); }
+if (defined $mac)	       { is_valid_mac($mac, $dev); }
+if (defined $mac_update)       { update_mac($mac_update, $dev); }
 if (defined $restart_dhclient) { dhcp_restart_daemon(); }
 
 sub is_ip_configured {
@@ -342,6 +346,45 @@ sub delete_eth_addrs {
     }
 }
 
+sub update_mac {
+    my ($mac, $intf) = @_;
+
+    open my $fh, "<", "/sys/class/net/$intf/flags"
+	or die "Error: $intf is not a network device\n";
+
+    my $flags = <$fh>;
+    chomp $flags;
+    close $fh or die "Error: can't read state\n";
+
+    if (POSIX::strtoul($flags) & 1) {
+	# NB: Perl 5 system return value is bass-ackwards
+	system "sudo ip link set $intf down"
+	    and die "Could not set $intf down ($!)\n";
+	system "sudo ip link set $intf address $mac"
+	    and die "Could not set $intf address ($!)\n";
+	system "sudo ip link set $intf up"
+	    and die "Could not set $intf up ($!)\n";
+    } else {
+	exec "sudo ip link set $intf address $mac";
+    }
+    exit 0;
+}
+ 
+sub is_valid_mac {
+    my ($mac, $intf) = @_;
+    my @octets = split /:/, $mac;
+    
+    ($#octets == 5) or die "Error: wrong number of octets: $#octets\n";
+
+    (($octets[0] & 1) == 0) or die "Error: $mac is a multicast address\n";
+
+    my $sum = 0;
+    $sum += strtoul('0x' . $_) foreach @octets;
+    ( $sum != 0 ) or die "Error: zero is not a valid address\n";
+
+    exit 0;
+}
+
 sub is_valid_addr {
     my ($addr_net, $intf) = @_;
 
diff --git a/templates/interfaces/ethernet/node.tag/mac/node.def b/templates/interfaces/ethernet/node.tag/mac/node.def
index e556743..d25b378 100644
--- a/templates/interfaces/ethernet/node.tag/mac/node.def
+++ b/templates/interfaces/ethernet/node.tag/mac/node.def
@@ -1,14 +1,7 @@
 type: macaddr
 help: Set the MAC address of this interface
+syntax:expression: exec "\
+	/opt/vyatta/sbin/vyatta-interfaces.pl --dev $VAR(../@) --valid-mac $VAR(@)"
+update: /opt/vyatta/sbin/vyatta-interfaces.pl --dev $VAR(../@) --set-mac $VAR(@)
+delete: /opt/vyatta/sbin/vyatta-interfaces.pl --dev $VAR(../@) --set-mac $VAR(../hw-id/@)
 
-update:expression: "sudo sh -c \"ip link set $VAR(../@) down &&            \
-                                 ip link set $VAR(../@) address $VAR(@) && \
-                                 ip link set $VAR(../@) up; \" ";          \
-                   "Error setting MAC address on dev $VAR(../@)"
-
-delete:expression: "sudo sh -c \"ip link set $VAR(../@) down &&            \
-                                 ip link set $VAR(../@) address            \
-                                   $VAR(../hw-id/@) &&                     \
-                                 ip link set $VAR(../@) up;\" ";           \
-                   "Error resetting MAC address on dev $VAR(../@) to       \
-                    $VAR(../hw-id/@)"
-- 
cgit v1.2.3


From e2b8d516969b1863d6e0668ccc5e8ecaf2e30c15 Mon Sep 17 00:00:00 2001
From: Mohit Mehta <mohit@vyatta.com>
Date: Tue, 11 Mar 2008 18:05:40 -0700
Subject: CLI tab enhancement at "set interfaces ethernet <> address" - tab
 gives dhcp if interface hasn't been configured before

---
 templates/interfaces/ethernet/node.tag/address/node.def | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/interfaces/ethernet/node.tag/address/node.def b/templates/interfaces/ethernet/node.tag/address/node.def
index 410c072..79bc6e2 100644
--- a/templates/interfaces/ethernet/node.tag/address/node.def
+++ b/templates/interfaces/ethernet/node.tag/address/node.def
@@ -4,6 +4,7 @@ help: Configure an IP address for this interface
 syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr $VAR(@) --dev $VAR(../@)"; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../@)"
 update:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@)"; "Error setting address $VAR(@) on interface $VAR(../@)"
 delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@)"; "Error deleting address $VAR(@) on interface $VAR(../@)"
+allowed: echo "dhcp"
 comp_help:Possible completions:
   <IP address>/<prefix length>\tSet the IP address and prefix length
   dhcp\t\t\t\tSet the IP address and prefix length via DHCP
-- 
cgit v1.2.3


From 9cb73b42bf97b3978c34290825a715b6400536bc Mon Sep 17 00:00:00 2001
From: An-Cheng Huang <ancheng@vyatta.com>
Date: Tue, 11 Mar 2008 23:38:11 -0700
Subject: add LESSSECURE

---
 etc/default/vyatta-cfg | 1 +
 1 file changed, 1 insertion(+)

diff --git a/etc/default/vyatta-cfg b/etc/default/vyatta-cfg
index ef02233..d801239 100644
--- a/etc/default/vyatta-cfg
+++ b/etc/default/vyatta-cfg
@@ -43,6 +43,7 @@ if [ $is_admin == 1 ]; then
 else
   # no need to check is_users since there are only 2 levels for now
   declare -x -r VYATTA_USER_LEVEL_DIR=${vyatta_sysconfdir}/shell/level/users
+  declare -x -r LESSSECURE=1
 fi
 } 2>/dev/null || :
 
-- 
cgit v1.2.3


From ee9178c72e1fff0eff2932297f039eb0345f26b1 Mon Sep 17 00:00:00 2001
From: An-Cheng Huang <ancheng@vyatta.com>
Date: Wed, 12 Mar 2008 14:43:24 -0700
Subject: partial fix for bug 2987: use "less" instead of "more", and disable
 "terminal" command for operator level.

---
 etc/default/vyatta-cfg             | 1 +
 etc/shell/level/users/allowed-op   | 1 -
 etc/shell/level/users/allowed-pipe | 2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/etc/default/vyatta-cfg b/etc/default/vyatta-cfg
index d801239..7d189d8 100644
--- a/etc/default/vyatta-cfg
+++ b/etc/default/vyatta-cfg
@@ -44,6 +44,7 @@ else
   # no need to check is_users since there are only 2 levels for now
   declare -x -r VYATTA_USER_LEVEL_DIR=${vyatta_sysconfdir}/shell/level/users
   declare -x -r LESSSECURE=1
+  alias more=less
 fi
 } 2>/dev/null || :
 
diff --git a/etc/shell/level/users/allowed-op b/etc/shell/level/users/allowed-op
index 498d120..4c8d16f 100644
--- a/etc/shell/level/users/allowed-op
+++ b/etc/shell/level/users/allowed-op
@@ -8,7 +8,6 @@ reboot
 set
 show
 telnet
-terminal
 traceroute
 undebug
 vpn
diff --git a/etc/shell/level/users/allowed-pipe b/etc/shell/level/users/allowed-pipe
index 3204ef3..2d92acc 100644
--- a/etc/shell/level/users/allowed-pipe
+++ b/etc/shell/level/users/allowed-pipe
@@ -1,4 +1,4 @@
-more
+less
 1
 no-more
 1
-- 
cgit v1.2.3


From 58dac8aa8edab4f904c9a621ad20c016f2b7bda5 Mon Sep 17 00:00:00 2001
From: An-Cheng Huang <ancheng@vyatta.com>
Date: Wed, 12 Mar 2008 15:03:11 -0700
Subject: handle "<*>" allowed values

---
 etc/bash_completion.d/20vyatta-cfg | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/etc/bash_completion.d/20vyatta-cfg b/etc/bash_completion.d/20vyatta-cfg
index 463b383..4ad86ce 100755
--- a/etc/bash_completion.d/20vyatta-cfg
+++ b/etc/bash_completion.d/20vyatta-cfg
@@ -440,8 +440,14 @@ vyatta_parse_tmpl ()
   vyatta_cfg_comp_help=$(vyatta_parse_tmpl_comp_fields $1 "comp_help")
  
   if (( ${#vyatta_cfg_allowed[@]} == 0 )); then
-    local ares=$(eval "$acmd")
-    eval "vyatta_cfg_allowed=( $ares )"
+    local -a ares=( $(eval "$acmd") )
+    for (( i=0 ; i<${#ares[@]} ; i++ )); do
+      if [[ "${ares[i]}" != \<*\> ]]; then
+        vyatta_cfg_allowed+=( "${ares[i]}" )
+      else
+        vyatta_cfg_allowed+=( "" )
+      fi
+    done
   fi
   if [ -z "$vyatta_cfg_help" ]; then
     vyatta_cfg_help='<No help text available>'
-- 
cgit v1.2.3


From 19c692e171e9542f977183a44e258fb9ab105a8b Mon Sep 17 00:00:00 2001
From: Mohit Mehta <mohit@vyatta.com>
Date: Wed, 12 Mar 2008 16:46:47 -0700
Subject: CLI tab enhancement at "set interfaces ethernet <> address" - tab
 gives dhcp if interface hasn't been configured before. handle "<*>" allowed
 values.

---
 templates/interfaces/ethernet/node.tag/address/node.def              | 2 +-
 templates/interfaces/ethernet/node.tag/vif/node.tag/address/node.def | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/interfaces/ethernet/node.tag/address/node.def b/templates/interfaces/ethernet/node.tag/address/node.def
index 79bc6e2..23b1262 100644
--- a/templates/interfaces/ethernet/node.tag/address/node.def
+++ b/templates/interfaces/ethernet/node.tag/address/node.def
@@ -4,7 +4,7 @@ help: Configure an IP address for this interface
 syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr $VAR(@) --dev $VAR(../@)"; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../@)"
 update:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@)"; "Error setting address $VAR(@) on interface $VAR(../@)"
 delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@)"; "Error deleting address $VAR(@) on interface $VAR(../@)"
-allowed: echo "dhcp"
+allowed: echo "dhcp <>"
 comp_help:Possible completions:
   <IP address>/<prefix length>\tSet the IP address and prefix length
   dhcp\t\t\t\tSet the IP address and prefix length via DHCP
diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/address/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/address/node.def
index 6653727..a33818f 100644
--- a/templates/interfaces/ethernet/node.tag/vif/node.tag/address/node.def
+++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/address/node.def
@@ -4,6 +4,7 @@ help: Configure an IP address for this interface
 syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr $VAR(@) --dev $VAR(../../@).$VAR(../@) "; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../../@).$VAR(../@)"
 create:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../../@).$VAR(../@) "; "Error setting address $VAR(@) on dev $VAR(../../@).$VAR(../@) "
 delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../../@).$VAR(../@) "; "Error deleting address $VAR(@) on dev $VAR(../../@).$VAR(../@) "
+allowed: echo "dhcp <>"
 comp_help:Possible completions:
   <IP address>/<prefix length>    Set the IP address and prefix length
   dhcp                            Set the IP address and prefix length via DHCP
-- 
cgit v1.2.3


From 0b2a533b973b3d92f1292470cd07338d9cf157ed Mon Sep 17 00:00:00 2001
From: Robert Bays <rbays@moresby.vyatta.com>
Date: Fri, 14 Mar 2008 13:18:45 -0700
Subject: fix for bugs 2725 and 2999

---
 Makefile.am | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile.am b/Makefile.am
index 2879932..a309d34 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -42,6 +42,7 @@ sbin_SCRIPTS  += scripts/vyatta-load-config.pl
 sbin_SCRIPTS  += scripts/vyatta-cfg-notify
 sbin_SCRIPTS  += scripts/vyatta-interfaces.pl
 sbin_SCRIPTS  += scripts/vyatta-irqaffin
+sbin_SCRIPTS  += scripts/vyatta-check-typeless-node.pl
 
 share_perl5_SCRIPTS = scripts/VyattaConfig.pm
 share_perl5_SCRIPTS += scripts/VyattaConfigDOMTree.pm
-- 
cgit v1.2.3


From b5864fdc4462d1f329ebe852754c7877846d8bfa Mon Sep 17 00:00:00 2001
From: Robert Bays <rbays@moresby.vyatta.com>
Date: Fri, 14 Mar 2008 13:38:07 -0700
Subject: fix for bugs 2725 2999

---
 scripts/vyatta-check-typeless-node.pl | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 scripts/vyatta-check-typeless-node.pl

diff --git a/scripts/vyatta-check-typeless-node.pl b/scripts/vyatta-check-typeless-node.pl
new file mode 100644
index 0000000..65a7408
--- /dev/null
+++ b/scripts/vyatta-check-typeless-node.pl
@@ -0,0 +1,21 @@
+#!/usr/bin/perl
+use lib "/opt/vyatta/share/perl5/";
+use VyattaConfig;
+use VyattaMisc;
+use Getopt::Long;
+
+## Check if a typeless node exists
+# this is a lame little script to get around bug 2525 not being fixed.
+# i.e. $VAR(./node/) always expands to true.  Once bug 2525 is properly
+# fixed, this can go away
+my $node = shift;
+my $config = new VyattaConfig;
+
+if ($config->exists("$node")) {
+  exit 0;
+}
+else {
+  exit 1;
+}
+
+exit 0;
-- 
cgit v1.2.3