From f7f90ef2c60c493c58378a13ce77b74443ec8796 Mon Sep 17 00:00:00 2001 From: slioch Date: Mon, 19 Oct 2009 15:42:46 -0700 Subject: add sudo back to save command, and add check to save script that validates vyatta config token at end of file. this will prevent the accidental overwrite of non vyatta config files. check on prevent existing files that don't contain ' === vyatta-config-version:' from being saved to. --- etc/bash_completion.d/20vyatta-cfg | 2 +- scripts/vyatta-save-config.pl | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/etc/bash_completion.d/20vyatta-cfg b/etc/bash_completion.d/20vyatta-cfg index 6f1f54d..5f7896d 100755 --- a/etc/bash_completion.d/20vyatta-cfg +++ b/etc/bash_completion.d/20vyatta-cfg @@ -70,7 +70,7 @@ show () save () { - eval "umask 0002 ; ${vyatta_sbindir}/vyatta-save-config.pl $@" + eval "sudo sg vyattacfg \"umask 0002 ; ${vyatta_sbindir}/vyatta-save-config.pl $@\"" } discard () diff --git a/scripts/vyatta-save-config.pl b/scripts/vyatta-save-config.pl index 79cda88..e8220c0 100755 --- a/scripts/vyatta-save-config.pl +++ b/scripts/vyatta-save-config.pl @@ -68,6 +68,15 @@ print "Saving configuration to '$save_file'...\n"; my $save; if ($mode eq 'local') { + # first check if this file exists, and if so ensure this is a config file. + if (-e $save_file) { + my $result = `grep ' === vyatta-config-version:' $save_file`; + if (!defined $result || length($result) == 0) { + print "File exists and is not a Vyatta configuration file, aborting save!\n"; + exit 1; + } + } + # this overwrites the file if it exists. we could create a backup first. open $save, '>', $save_file or die "Can not open file '$save_file': $!\n"; -- cgit v1.2.3