diff options
-rw-r--r-- | Makefile.am | 6 | ||||
-rw-r--r-- | scripts/vyatta-delete-log-file.sh | 8 | ||||
-rwxr-xr-x | scripts/vyatta-monitor | 7 | ||||
-rwxr-xr-x | scripts/vyatta-monitor-background | 23 | ||||
-rwxr-xr-x | scripts/vyatta-monitor-background-stop | 13 | ||||
-rw-r--r-- | scripts/vyatta-monitor-check-rule-log | 10 | ||||
-rw-r--r-- | scripts/vyatta-monitor-cleanup | 36 | ||||
-rwxr-xr-x | scripts/vyatta-show-interfaces | 202 | ||||
-rw-r--r-- | scripts/vyos-openvpn-remoteconfig.pl | 127 | ||||
-rw-r--r-- | templates/delete/log/file/node.def | 1 | ||||
-rw-r--r-- | templates/delete/log/file/node.tag/node.def | 5 | ||||
-rw-r--r-- | templates/delete/log/node.def | 1 | ||||
-rw-r--r-- | templates/release/dhcp/interface/node.tag/node.def | 1 | ||||
-rw-r--r-- | templates/show/remote-config/openvpn/node.def | 1 | ||||
-rw-r--r-- | templates/show/remote-config/openvpn/node.tag/node.def | 5 | ||||
-rw-r--r-- | templates/show/remote-config/openvpn/node.tag/remote-platform/node.def | 1 | ||||
-rw-r--r-- | templates/show/remote-config/openvpn/node.tag/remote-platform/node.tag/node.def | 9 |
17 files changed, 1 insertions, 455 deletions
diff --git a/Makefile.am b/Makefile.am index 4c8fc0d..b2f32d4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -17,8 +17,7 @@ interp_DATA += functions/interpreter/vyatta-common interp_DATA += functions/interpreter/vyatta-image-complete -bin_SCRIPTS = scripts/vyatta-show-interfaces -bin_SCRIPTS += scripts/vyatta-show-interfaces.pl +bin_SCRIPTS = scripts/vyatta-show-interfaces.pl bin_SCRIPTS += scripts/show-dhcp-leases.pl bin_SCRIPTS += scripts/vyatta-boot-image.pl bin_SCRIPTS += scripts/rename-image.pl @@ -27,9 +26,6 @@ bin_SCRIPTS += scripts/tech-support-archive bin_SCRIPTS += scripts/vyatta-op-cmd-wrapper sbin_SCRIPTS = scripts/vyatta-image-tools.pl -sbin_SCRIPTS += scripts/vyos-openvpn-remoteconfig.pl - -bin_sudo_users_SCRIPTS = scripts/vyatta-delete-log-file.sh all-local: ./gen-unpriv-commands.sh diff --git a/scripts/vyatta-delete-log-file.sh b/scripts/vyatta-delete-log-file.sh deleted file mode 100644 index 577106d..0000000 --- a/scripts/vyatta-delete-log-file.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -if [ -e /var/log/user/"$1" ] -then - echo -n "" > /var/log/user/"$1" -else - echo "File does not exist" -fi diff --git a/scripts/vyatta-monitor b/scripts/vyatta-monitor deleted file mode 100755 index 22867e8..0000000 --- a/scripts/vyatta-monitor +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -declare awkmatch="$2" -for i in "${@:3}"; do - awkmatch+="|$i" -done -tail -f /var/log/messages \ - | awk "/$awkmatch/{ \$5=\" $1:\"; for (f=5; f<=NF; ++f) {printf(\"%s \", \$f);}; printf(\"\n\") }" diff --git a/scripts/vyatta-monitor-background b/scripts/vyatta-monitor-background deleted file mode 100755 index 8a5c0cf..0000000 --- a/scripts/vyatta-monitor-background +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -declare awkmatch="$2" -declare pidname="$1" -if [ ! -d /var/run/vyatta/monitor ]; then - sudo mkdir -p /var/run/vyatta/monitor - sudo chmod -R 777 /var/run/vyatta/monitor -fi -for i in "${@:3}"; do - awkmatch+="|$i" -done -pidfile="/var/run/vyatta/monitor/$pidname-`tty| sed -e s-/--g -e s/dev//g`.pid" -if [ -f $pidfile ]; then - pid=$(cat $pidfile) - processname=$(cat /proc/$pid/cmdline 2>/dev/null) - if [[ $processname =~ "tail" ]];then - echo -ne "\n You are already monitoring this service\n\n" - exit 0 - fi -fi -{ ( tail -f -n0 /var/log/messages & echo $! >&3) 3> \ - $pidfile \ - | awk "/$awkmatch/{ \$5=\" $1:\"; for (f=5; f<=NF; ++f) {printf(\"%s \", \$f);}; printf(\"\n\") }" 2>&3 & \ -} 3>&2 2>/dev/null; disown diff --git a/scripts/vyatta-monitor-background-stop b/scripts/vyatta-monitor-background-stop deleted file mode 100755 index c10528f..0000000 --- a/scripts/vyatta-monitor-background-stop +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -declare pidname="$1" -pidfile="/var/run/vyatta/monitor/$pidname-`tty| sed -e s-/--g -e s/dev//g`.pid" -if [ -f $pidfile ]; then - pid=$(cat $pidfile) - processname=$(cat /proc/$pid/cmdline 2>/dev/null) - if [[ $processname =~ "tail" ]];then - kill -9 $pid - rm -f $pidfile - exit 0 - fi -fi -echo -ne "\n You are not currently monitoring this service\n\n" diff --git a/scripts/vyatta-monitor-check-rule-log b/scripts/vyatta-monitor-check-rule-log deleted file mode 100644 index 5466edc..0000000 --- a/scripts/vyatta-monitor-check-rule-log +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -RULE_PATH=$1 -RULE_NUM=$2 - -if ! cli-shell-api existsActive $RULE_PATH rule $RULE_NUM log; then - echo "Warning: logging is not enabled for rule $RULE_NUM" - echo "For proper monitor operation enable logging before issuing this command:" - echo "set $RULE_PATH rule $RULE_NUM log enable" -fi diff --git a/scripts/vyatta-monitor-cleanup b/scripts/vyatta-monitor-cleanup deleted file mode 100644 index 553c1f8..0000000 --- a/scripts/vyatta-monitor-cleanup +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash -declare CURRENT_PTS=$(tty | sed -e s-/--g -e s/dev//g) -declare CURRENT_UID=$(id -u) -declare CURRENT_UNAME=$(id -un) -declare -a MPIDS -MODE=$1 -MPIDS=( $(ls /var/run/vyatta/monitor/*.pid 2> /dev/null ) ) - -for pidfile in "${MPIDS[@]}"; do - pid=$(<$pidfile) - procname=$(cat /proc/$pid/cmdline 2>/dev/null) - if [[ "$procname" =~ "tail" ]] ; then - # Clean up tail processes that didn't die on logout - pts=${pidfile##*-pts} - pts=${pts%%.pid} - # If the process isn't attaced to the current PTY - if [[ "pts$pts" != "$CURRENT_PTS" ]]; then - # If I owned this process - if cat /proc/$pid/status | grep -q "Uid:.*$CURRENT_UID" ; then - # If I'm no longer on the pty that process started on - if ! who | grep -q "$CURRENT_UNAME.*pts/$pts" ; then - kill $pid - rm -rf $pidfile - fi - fi - elif [[ "$MODE" == "LOGOUT" ]]; then - # on logout kill all monitors - kill $pid - rm -rf $pidfile - fi - else - # Clean up killed tail processes - rm -rf $pidfile - fi -done - diff --git a/scripts/vyatta-show-interfaces b/scripts/vyatta-show-interfaces deleted file mode 100755 index 262664f..0000000 --- a/scripts/vyatta-show-interfaces +++ /dev/null @@ -1,202 +0,0 @@ -#!/bin/bash -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. -# All Rights Reserved. -# -# Author: Tom Grennan -# Date: 2007 -# -# **** End License **** - -shopt -s extglob -shopt -s nullglob - -declare progname=${0##*/} -declare -a full_itfs=( /sys/class/net/+(eno|ens|enp|enx|eth|vmnet|lo|tun|wan|pppoe|pppoa|adsl)* ) -declare -a itfs -declare _do_show=_show_itf_stats - -_error () -{ - ecode=$1 - shift - echo $@ - if [ $ecode -eq 1 ] ; then - echo - _usage - fi - exit $ecode -} - -_show_itf_stats () -{ - local -i rx_bytes rx_packets rx_errors rx_dropped rx_over_errors multicast - local -i tx_bytes tx_packets tx_errors tx_dropped tx_carrier_errors \ - collisions - local -i rx_missed_errors rx_fifo_errors - - for itf ; do - test -d /sys/class/net/$itf || \ - _error 2 $itf: no such interface\! - for stat in \ - rx_bytes rx_packets rx_errors rx_dropped rx_over_errors multicast \ - tx_bytes tx_packets tx_errors tx_dropped tx_carrier_errors \ - collisions - do - full_stat=/sys/class/net/${itf}/statistics/${stat} - if [ -r $full_stat ] ; then - eval $stat=$(cat $full_stat) - else - eval $stat=0 - fi - done - for stat in rx_missed_errors ; do - full_stat=/sys/class/net/${itf}/statistics/${stat} - if [ -r $full_stat ] ; then - let $(( rx_dropped_errors += $(cat $full_stat) )) - fi - done - for stat in rx_fifo_errors ; do - full_stat=/sys/class/net/${itf}/statistics/${stat} - if [ -r $full_stat ] ; then - let $(( rx_over_errors += $(cat $full_stat) )) - fi - done - - printf -v rx_stats \ - '%10d %10d %10d %10d %10d %10d' \ - $rx_bytes \ - $rx_packets \ - $rx_errors \ - $rx_dropped \ - $rx_over_errors \ - $multicast - - printf -v tx_stats \ - '%10d %10d %10d %10d %10d %10d' \ - $tx_bytes \ - $tx_packets \ - $tx_errors \ - $tx_dropped \ - $tx_carrier_errors \ - $collisions - - ip -s addr show ${itf} | sed 's/^[0-9]*: //' - cat <<-EOF - - RX: bytes packets errors dropped overrun mcast - $rx_stats - TX: bytes packets errors dropped carrier collisions - $tx_stats - - EOF - done -} - -_show_itf_physical () -{ - for eth ; do - /sbin/ethtool $eth - echo - done -} - -_usage () -{ - cat <<-EOF - $progname [ INTERFACE ] - $progname loopback [ INTERFACE ] - $progname tunnel [ INTERFACE ] - $progname serial [ INTERFACE ] - $progname pppoe [ INTERFACE ] - $progname pppoa [ INTERFACE ] - $progname adsl [ INTERFACE ] - $progname system [ enabled ] - EOF -} - -_add_itfs () -{ - for itf ; do - if [[ $itf != +(eno|ens|enp|enx|eth|vmnet|lo|tun|wan|pppoe|pppoa|adsl)* ]] ; then - _error 2 \""$itf"\" is not an interface name\! - elif [ ! -d /sys/class/net/$itf ] ; then - _error 2 $itf: no such interface\! - else - itfs+=( $itf ) - fi - done -} - -if [ $# -gt 0 ] ; then - if [[ $1 == --+(usage|help) ]] ; then - _usage - exit 0 - elif [[ $1 == +(ethernet|loopback|system|tunnel|serial|pppoe|pppoa|adsl) ]] ; then - if [ $# -eq 1 ] ; then - case $1 in - ethernet ) - full_itfs=( /sys/class/net/+(eno|ens|enp|enx|eth|vmnet)* ) ;; - loopback ) - full_itfs=( /sys/class/net/lo* ) ;; - tunnel ) - full_itfs=( /sys/class/net/tun* ) ;; - serial ) - full_itfs=( /sys/class/net/wan* ) ;; - pppoe ) - full_itfs=( /sys/class/net/pppoe* ) ;; - pppoa ) - full_itfs=( /sys/class/net/pppoa* ) ;; - adsl ) - full_itfs=( /sys/class/net/adsl* ) ;; - esac - itfs=( ${full_itfs[@]##*/} ) - else - if [[ $1 == system ]] ; then - if [[ $2 == enabled ]] ; then - for full_itf in ${full_itfs[@]} ; do - let -i flags="$(cat $full_itf/flags) & 1" - [[ $flags -eq 1 ]] && _add_itfs ${full_itf##*/} - done - fi - else - _add_itfs $2 - if [ $# -gt 2 ] ; then - if [[ $3 == physical ]] ; then - _do_show=_show_itf_physical - elif [[ $3 == vif ]] ; then - if [ $# -gt 3 ] ; then - itfs+=.$4 - if [[ $# -gt 4 && $4 == physical ]] ; then - _do_show=_show_itf_physical - fi - else - _error 2 missing VIF number\! - fi - fi - fi - fi - fi - else - _add_itfs $* - fi -else - itfs=( ${full_itfs[@]##*/} ) -fi - -eval $_do_show ${itfs[@]} - -# Local Variables: -# mode: shell-script -# sh-indentation: 4 -# End: diff --git a/scripts/vyos-openvpn-remoteconfig.pl b/scripts/vyos-openvpn-remoteconfig.pl deleted file mode 100644 index 6412364..0000000 --- a/scripts/vyos-openvpn-remoteconfig.pl +++ /dev/null @@ -1,127 +0,0 @@ -#!/usr/bin/perl -# -# Copyright (C) 2017 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - -use lib "/opt/vyatta/share/perl5/"; -use Vyatta::Config; - -use warnings; -use strict; - -sub auth_warning -{ - print("NOTE: authentication options are deliberately left out,\n"); - print("since we cannot know file paths on a remote system\n\n"); -} - -my $config = new Vyatta::Config; - -if(!$config->inSession()) { - print("This command can only be used from configuration mode!"); - exit(1); -} - -my $intf = $ARGV[0]; -if(!defined($intf)) -{ - print("OpenVPN interface is not specified!\n"); - exit(1); -} - -my $remote = $ARGV[1]; -if(!defined($remote)) -{ - print("Remote side platform is not specified!\n"); - exit(1); -} - -if(!$config->exists("interfaces openvpn $intf")) -{ - print("OpenVPN interface $intf does not exist!\n"); - exit(1); -} - -$config->setLevel("interfaces openvpn $intf"); - -my $mode = $config->returnValue('mode'); - -my $localhost = $config->returnValue("local-host"); -my $localport = $config->returnValue("local-port"); -my $remotehost = $config->returnValue("remote-host"); -my $remoteaddr = $config->returnValue("remote-address"); -my $remoteport = $config->returnValue("remote-port"); -my $cipher = $config->returnValue("encryption"); -my $hash = $config->returnValue("hash"); -my $protocol = $config->returnValue("protocol"); -my $persist = $config->exists("persistent-tunnel"); -my $tlsrole = $config->returnValue("tls role"); -my $devtype = $config->returnValue("device-type"); -my @options = $config->returnValues("openvpn-option"); - -# local-addr is a tag node... -# Let's limit it to only the first address for now, -# since remote-address is limited to only one address anyway! -my @localaddrs = $config->listNodes('local-address'); -my $localaddr = undef; -if(@localaddrs) { - $localaddr = $localaddrs[0]; -} - -if($mode eq 'client') -{ - print("It is impossible to produce a complete server config from a client config!\n"); - exit(1); -} -elsif($mode eq 'site-to-site') -{ - if($remote eq 'vyos') - { - auth_warning; - - print("edit interfaces openvpn $intf\n"); - print("set mode site-to-site\n"); - print("set device-type $devtype\n") if defined($devtype); - print("set remote-host $localhost\n") if defined($localhost); - print("set remote-address $localaddr\n") if defined($localaddr); - print("set remote-port $localport\n") if defined($localport); - print("set local-host $remotehost\n") if defined($remotehost); - print("set local-address $remoteaddr\n") if defined($remoteaddr); - print("set local-port $remoteport\n") if defined($remoteport); - print("set protocol $protocol\n") if defined($protocol); - print("set encryption $cipher\n") if defined($cipher); - print("set hash $hash\n") if defined($hash); - - for my $o (@options) { print("set openvpn-option \"$o\"\n"); } - - print "tls role passive\n" if (defined($tlsrole) && ($tlsrole eq 'active')); - print "tls role active\n" if (defined($tlsrole) && ($tlsrole eq 'passive')); - print("top\n"); - } -} -elsif($mode eq 'server') -{ - if($remote eq 'vyos') - { - auth_warning; - - print("edit interfaces openvpn $intf\n"); - print("set mode client"); - print("set device-type $devtype\n") if defined($devtype); - print("set remote-host $localhost\n") if defined($localhost); - print("set remote-port $localport\n") if defined($localport); - print("set protocol $protocol\n") if defined($protocol); - print("top\n"); - } -} diff --git a/templates/delete/log/file/node.def b/templates/delete/log/file/node.def deleted file mode 100644 index 96d455d..0000000 --- a/templates/delete/log/file/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Delete the specified log file diff --git a/templates/delete/log/file/node.tag/node.def b/templates/delete/log/file/node.tag/node.def deleted file mode 100644 index ce4a4f7..0000000 --- a/templates/delete/log/file/node.tag/node.def +++ /dev/null @@ -1,5 +0,0 @@ -help: Delete the specified log file -allowed: local -a array ; - array=( /var/log/user/* ) ; - echo -n ${array[@]##*/} -run: sudo ${vyatta_bindir}/sudo-users/vyatta-delete-log-file.sh "$4" diff --git a/templates/delete/log/node.def b/templates/delete/log/node.def deleted file mode 100644 index badd128..0000000 --- a/templates/delete/log/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Delete a log file diff --git a/templates/release/dhcp/interface/node.tag/node.def b/templates/release/dhcp/interface/node.tag/node.def index f483278..3f6831c 100644 --- a/templates/release/dhcp/interface/node.tag/node.def +++ b/templates/release/dhcp/interface/node.tag/node.def @@ -1,3 +1,2 @@ help: Release DHCP IP address lease for specified interface -allowed: /opt/vyatta/bin/show-dhcp-leases.pl run: sudo /opt/vyatta/bin/sudo-users/vyatta-interfaces.pl --dhcp release --dev "$4" diff --git a/templates/show/remote-config/openvpn/node.def b/templates/show/remote-config/openvpn/node.def deleted file mode 100644 index d417cb6..0000000 --- a/templates/show/remote-config/openvpn/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show remote side config for OpenVPN diff --git a/templates/show/remote-config/openvpn/node.tag/node.def b/templates/show/remote-config/openvpn/node.tag/node.def deleted file mode 100644 index afb8cfb..0000000 --- a/templates/show/remote-config/openvpn/node.tag/node.def +++ /dev/null @@ -1,5 +0,0 @@ -help: Show remote side OpenVPN config - -allowed: local -a array ; - eval "array=( $(cli-shell-api listEffectiveNodes interfaces openvpn) )" ; - echo -n '<vtunN>' ${array[@]##*/} diff --git a/templates/show/remote-config/openvpn/node.tag/remote-platform/node.def b/templates/show/remote-config/openvpn/node.tag/remote-platform/node.def deleted file mode 100644 index 15502c9..0000000 --- a/templates/show/remote-config/openvpn/node.tag/remote-platform/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show remote side OpenVPN config for specified platform diff --git a/templates/show/remote-config/openvpn/node.tag/remote-platform/node.tag/node.def b/templates/show/remote-config/openvpn/node.tag/remote-platform/node.tag/node.def deleted file mode 100644 index 66f334c..0000000 --- a/templates/show/remote-config/openvpn/node.tag/remote-platform/node.tag/node.def +++ /dev/null @@ -1,9 +0,0 @@ -help: Show remote side OpenVPN config for specified platform -allowed: echo -n "vyos openvpn" - -run: if [ "$VYATTA_USER_LEVEL_DIR" == "/opt/vyatta/etc/shell/level/admin" ]; - then - sudo ${vyatta_sbindir}/vyos-openvpn-remoteconfig.pl $4 $6 - else - echo Must be an admin user to run this command. - fi |