diff options
author | hagbard <vyosdev@derith.de> | 2019-11-28 10:08:11 -0800 |
---|---|---|
committer | hagbard <vyosdev@derith.de> | 2019-11-28 10:08:11 -0800 |
commit | 26677aa3ce312a5b980ea88d57feebd09e39fd98 (patch) | |
tree | 500accb618a293d1974e70bf2734e5867a5b167d | |
parent | 525af4f27dc2aa7e226f2bba46b4b1736bbc014f (diff) | |
parent | dad110ce666edae42ac18c59a800bda503589f27 (diff) | |
download | vyos-1x-26677aa3ce312a5b980ea88d57feebd09e39fd98.tar.gz vyos-1x-26677aa3ce312a5b980ea88d57feebd09e39fd98.zip |
Merge branch 'current' into equuleus
-rw-r--r-- | interface-definitions/syslog.xml | 55 | ||||
-rw-r--r-- | python/vyos/migrator.py | 5 | ||||
-rwxr-xr-x | src/conf_mode/dhcp_server.py | 6 |
3 files changed, 59 insertions, 7 deletions
diff --git a/interface-definitions/syslog.xml b/interface-definitions/syslog.xml index 3c8d2ebe2..d5ea4511e 100644 --- a/interface-definitions/syslog.xml +++ b/interface-definitions/syslog.xml @@ -27,6 +27,10 @@ <completionHelp> <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> </completionHelp> + <constraint> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> + </constraint> + <constraintErrorMessage>Invalid facility type</constraintErrorMessage> <valueHelp> <format>all</format> <description>All facilities excluding "mark"</description> @@ -127,6 +131,10 @@ <completionHelp> <list>emerg alert crit err warning notice info debug all</list> </completionHelp> + <constraint> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> + </constraint> + <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> <valueHelp> <format>emerg</format> <description>Emergency messages</description> @@ -173,10 +181,10 @@ <properties> <help>Logging to a remote host</help> <constraint> - <!-- at least let's make sure whitespace isn't allowed, ideally it should be checked for IPv4/IPv6 address or fqdn/hostname --> - <regex>[^ ]{1,63}</regex> + <validator name="ip-address" /> + <regex>(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$)</regex> </constraint> - <constraintErrorMessage>illegal characters in user</constraintErrorMessage> + <constraintErrorMessage>Invalid host FQDN or IP address</constraintErrorMessage> <valueHelp> <format>x.x.x.x or host.domain.tld</format> <description>Remote host name or IP address</description> @@ -189,6 +197,10 @@ <completionHelp> <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> </completionHelp> + <constraint> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> + </constraint> + <constraintErrorMessage>Invalid facility type</constraintErrorMessage> <valueHelp> <format>all</format> <description>All facilities excluding "mark"</description> @@ -292,8 +304,15 @@ </valueHelp> <valueHelp> <format>tcp</format> - <description>send log messages to remote syslog server over tdp</description> + <description>send log messages to remote syslog server over tcp</description> </valueHelp> + <completionHelp> + <list>udp tcp</list> + </completionHelp> + <constraint> + <regex>(udp|tcp)</regex> + </constraint> + <constraintErrorMessage>invalid protocol name</constraintErrorMessage> </properties> </leafNode> <leafNode name="level"> @@ -302,6 +321,10 @@ <completionHelp> <list>emerg alert crit err warning notice info debug all</list> </completionHelp> + <constraint> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> + </constraint> + <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> <valueHelp> <format>emerg</format> <description>Emergency messages</description> @@ -380,6 +403,10 @@ <completionHelp> <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> </completionHelp> + <constraint> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> + </constraint> + <constraintErrorMessage>Invalid facility type</constraintErrorMessage> <valueHelp> <format>all</format> <description>All facilities excluding "mark"</description> @@ -480,6 +507,10 @@ <completionHelp> <list>emerg alert crit err warning notice info debug all</list> </completionHelp> + <constraint> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> + </constraint> + <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> <valueHelp> <format>emerg</format> <description>Emergency messages</description> @@ -583,6 +614,10 @@ <completionHelp> <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> </completionHelp> + <constraint> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> + </constraint> + <constraintErrorMessage>Invalid facility type</constraintErrorMessage> <valueHelp> <format>all</format> <description>All facilities excluding "mark"</description> @@ -683,6 +718,10 @@ <completionHelp> <list>emerg alert crit err warning notice info debug all</list> </completionHelp> + <constraint> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> + </constraint> + <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> <valueHelp> <format>emerg</format> <description>Emergency messages</description> @@ -736,6 +775,10 @@ <completionHelp> <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> </completionHelp> + <constraint> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> + </constraint> + <constraintErrorMessage>Invalid facility type</constraintErrorMessage> <valueHelp> <format>all</format> <description>All facilities excluding "mark"</description> @@ -836,6 +879,10 @@ <completionHelp> <list>emerg alert crit err warning notice info debug all</list> </completionHelp> + <constraint> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> + </constraint> + <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> <valueHelp> <format>emerg</format> <description>Emergency messages</description> diff --git a/python/vyos/migrator.py b/python/vyos/migrator.py index 86e1af183..f05228041 100644 --- a/python/vyos/migrator.py +++ b/python/vyos/migrator.py @@ -80,13 +80,18 @@ class Migrator(object): """ self._log_file = os.path.join(vyos.defaults.directories['config'], 'vyos-migrate.log') + # on creation, allow write permission for cfg_group; + # restore original umask on exit + mask = os.umask(0o113) try: log = open('{0}'.format(self._log_file), 'w') log.write("List of executed migration scripts:\n") except Exception as e: + os.umask(mask) print("Logging error: {0}".format(e)) return None + os.umask(mask) return log def run_migration_scripts(self, config_file_versions, system_versions): diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py index af803a696..c2a188812 100755 --- a/src/conf_mode/dhcp_server.py +++ b/src/conf_mode/dhcp_server.py @@ -793,9 +793,9 @@ def verify(dhcp): raise ConfigError('DHCP conflicting subnet ranges: {0} overlaps {1}'.format(net, net2)) if not listen_ok: - raise ConfigError('None of the DHCP lease subnets are inside any configured subnet on\n' \ - 'broadcast interfaces. At least one lease subnet must be set such that\n' \ - 'DHCP server listens on a one broadcast interface!') + raise ConfigError('DHCP server configuration error!\n' \ + 'None of configured DHCP subnets does not have appropriate\n' \ + 'primary IP address on any broadcast interface.') return None |