Merge branch 'current' of github.com:thomas-mangin/vyos-1x into T2417

3 files changed, 96 insertions, 97 deletions

diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index d250cd3b0..7c3e3f515 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -22,10 +22,10 @@ from copy import deepcopy
 from stat import S_IRUSR, S_IWUSR, S_IRGRP
 
 from vyos.config import Config
-from vyos import ConfigError
-from vyos.util import call, run, get_half_cpus
 from vyos.template import render
-
+from vyos.util import call, run, get_half_cpus
+from vyos.validate import is_ipv4
+from vyos import ConfigError
 
 sstp_conf = '/run/accel-pppd/sstp.conf'
 sstp_chap_secrets = '/run/accel-pppd/sstp.chap-secrets'
@@ -35,7 +35,12 @@ default_config_data = {
     'auth_mode' : 'local',
     'auth_proto' : ['auth_mschap_v2'],
     'chap_secrets_file': sstp_chap_secrets, # used in Jinja2 template
+    'client_ip_pool' : [],
+    'client_ipv6_pool': [],
+    'client_ipv6_delegate_prefix': [],
     'client_gateway': '',
+    'dnsv4' : [],
+    'dnsv6' : [],
     'radius_server' : [],
     'radius_acct_tmo' : '3',
     'radius_max_try' : '3',
@@ -49,8 +54,6 @@ default_config_data = {
     'ssl_ca' : '',
     'ssl_cert' : '',
     'ssl_key' : '',
-    'client_ip_pool' : [],
-    'dnsv4' : [],
     'mtu' : '',
     'ppp_mppe' : 'prefer',
     'ppp_echo_failure' : '',
@@ -210,7 +213,7 @@ def get_config():
 
 
     #
-    # read in client ip pool settings
+    # read in client IPv4 pool
     conf.set_level(base_path + ['network-settings', 'client-ip-settings'])
     if conf.exists(['subnet']):
         sstp['client_ip_pool'] = conf.return_values(['subnet'])
@@ -219,10 +222,41 @@ def get_config():
         sstp['client_gateway'] = conf.return_value(['gateway-address'])
 
     #
+    # read in client IPv6 pool
+    conf.set_level(base_path + ['network-settings', 'client-ipv6-pool'])
+    if conf.exists(['prefix']):
+        for prefix in conf.list_nodes(['prefix']):
+            tmp = {
+                'prefix': prefix,
+                'mask': '64'
+            }
+
+            if conf.exists(['prefix', prefix, 'mask']):
+                tmp['mask'] = conf.return_value(['prefix', prefix, 'mask'])
+
+            sstp['client_ipv6_pool'].append(tmp)
+
+    if conf.exists(['delegate']):
+        for prefix in conf.list_nodes(['delegate']):
+            tmp = {
+                'prefix': prefix,
+                'mask': ''
+            }
+
+            if conf.exists(['delegate', prefix, 'delegation-prefix']):
+                tmp['mask'] = conf.return_value(['delegate', prefix, 'delegation-prefix'])
+
+            sstp['client_ipv6_delegate_prefix'].append(tmp)
+
+    #
     # read in network settings
     conf.set_level(base_path + ['network-settings'])
     if conf.exists(['name-server']):
-        sstp['dnsv4'] = conf.return_values(['name-server'])
+        for name_server in conf.return_values(['name-server']):
+            if is_ipv4(name_server):
+                sstp['dnsv4'].append(name_server)
+            else:
+                sstp['dnsv6'].append(name_server)
 
     if conf.exists(['mtu']):
         sstp['mtu'] = conf.return_value(['mtu'])
@@ -275,6 +309,14 @@ def verify(sstp):
     if len(sstp['dnsv4']) > 2:
         raise ConfigError('Not more then two IPv4 DNS name-servers can be configured')
 
+    # check ipv6
+    if sstp['client_ipv6_delegate_prefix'] and not sstp['client_ipv6_pool']:
+        raise ConfigError('IPv6 prefix delegation requires client-ipv6-pool prefix')
+
+    for prefix in sstp['client_ipv6_delegate_prefix']:
+        if not prefix['mask']:
+            raise ConfigError('Delegation-prefix required for individual delegated networks')
+
     if not sstp['ssl_ca'] or not sstp['ssl_cert'] or not sstp['ssl_key']:
         raise ConfigError('One or more SSL certificates missing')
 
diff --git a/src/helpers/validate-value.py b/src/helpers/validate-value.py
deleted file mode 100755
index a58ba61d1..000000000
--- a/src/helpers/validate-value.py
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/usr/bin/env python3
-
-import re
-import os
-import sys
-import argparse
-
-from vyos.util import call
-
-parser = argparse.ArgumentParser()
-parser.add_argument('--regex', action='append')
-parser.add_argument('--exec', action='append')
-parser.add_argument('--value', action='store')
-
-args = parser.parse_args()
-
-debug = False
-
-# Multiple arguments work like logical OR
-
-try:
-    for r in args.regex:
-        if re.fullmatch(r, args.value):
-            sys.exit(0)
-except Exception as exn:
-    if debug:
-        print(exn)
-    else:
-        pass
-
-try:
-    for cmd in args.exec:
-        cmd = "{0} {1}".format(cmd, args.value)
-        if debug:
-            print(cmd)
-        res = call(cmd)
-        if res == 0:
-            sys.exit(0)
-except Exception as exn:
-    if debug:
-        print(exn)
-    else:
-        pass
-
-sys.exit(1)
diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server
index c36cbd640..4c41fa96d 100755
--- a/src/services/vyos-http-api-server
+++ b/src/services/vyos-http-api-server
@@ -26,7 +26,8 @@ import signal
 
 import vyos.config
 
-import bottle
+from flask import Flask, request
+from waitress import serve
 
 from functools import wraps
 
@@ -37,7 +38,7 @@ from vyos.config import VyOSError
 DEFAULT_CONFIG_FILE = '/etc/vyos/http-api.conf'
 CFG_GROUP = 'vyattacfg'
 
-app = bottle.default_app()
+app = Flask(__name__)
 
 # Giant lock!
 lock = threading.Lock()
@@ -55,18 +56,31 @@ def check_auth(key_list, key):
     return id
 
 def error(code, msg):
-    bottle.response.status = code
     resp = {"success": False, "error": msg, "data": None}
-    return json.dumps(resp)
+    return json.dumps(resp), code
 
 def success(data):
     resp = {"success": True, "data": data, "error": None}
     return json.dumps(resp)
 
+def get_command(f):
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        cmd = request.form.get("data")
+        if not cmd:
+            return error(400, "Non-empty data field is required")
+        try:
+            cmd = json.loads(cmd)
+        except Exception as e:
+            return error(400, "Failed to parse JSON: {0}".format(e))
+        return f(cmd, *args, **kwargs)
+
+    return decorated_function
+
 def auth_required(f):
     @wraps(f)
     def decorated_function(*args, **kwargs):
-        key = bottle.request.forms.get("key")
+        key = request.form.get("key")
         api_keys = app.config['vyos_keys']
         id = check_auth(api_keys, key)
         if not id:
@@ -75,28 +89,20 @@ def auth_required(f):
 
     return decorated_function
 
-@app.route('/configure', method='POST')
+@app.route('/configure', methods=['POST'])
+@get_command
 @auth_required
-def configure():
+def configure_op(commands):
     session = app.config['vyos_session']
     env = session.get_session_env()
     config = vyos.config.Config(session_env=env)
 
-    strict_field = bottle.request.forms.get("strict")
+    strict_field = request.form.get("strict")
     if strict_field == "true":
         strict = True
     else:
         strict = False
 
-    commands = bottle.request.forms.get("data")
-    if not commands:
-        return error(400, "Non-empty data field is required")
-    else:
-        try:
-            commands = json.loads(commands)
-        except Exception as e:
-            return error(400, "Failed to parse JSON: {0}".format(e))
-
     # Allow users to pass just one command
     if not isinstance(commands, list):
         commands = [commands]
@@ -186,16 +192,14 @@ def configure():
     else:
         return success(None)
 
-@app.route('/retrieve', method='POST')
+@app.route('/retrieve', methods=['POST'])
+@get_command
 @auth_required
-def get_value():
+def retrieve_op(command):
     session = app.config['vyos_session']
     env = session.get_session_env()
     config = vyos.config.Config(session_env=env)
 
-    command = bottle.request.forms.get("data")
-    command = json.loads(command)
-
     try:
         op = command['op']
         path = " ".join(command['path'])
@@ -229,20 +233,20 @@ def get_value():
             return error(400, "\"{0}\" is not a valid operation".format(op))
     except VyOSError as e:
         return error(400, str(e))
+    except ConfigSessionError as e:
+        return error(400, str(e))
     except Exception as e:
         print(traceback.format_exc(), file=sys.stderr)
         return error(500, "An internal error occured. Check the logs for details.")
 
     return success(res)
 
-@app.route('/config-file', method='POST')
+@app.route('/config-file', methods=['POST'])
+@get_command
 @auth_required
-def config_file_op():
+def config_file_op(command):
     session = app.config['vyos_session']
 
-    command = bottle.request.forms.get("data")
-    command = json.loads(command)
-
     try:
         op = command['op']
     except KeyError:
@@ -264,7 +268,7 @@ def config_file_op():
             res = session.commit()
         else:
             return error(400, "\"{0}\" is not a valid operation".format(op))
-    except VyOSError as e:
+    except ConfigSessionError as e:
         return error(400, str(e))
     except Exception as e:
         print(traceback.format_exc(), file=sys.stderr)
@@ -272,14 +276,12 @@ def config_file_op():
 
     return success(res)
 
-@app.route('/image', method='POST')
+@app.route('/image', methods=['POST'])
+@get_command
 @auth_required
-def config_file_op():
+def image_op(command):
     session = app.config['vyos_session']
 
-    command = bottle.request.forms.get("data")
-    command = json.loads(command)
-
     try:
         op = command['op']
     except KeyError:
@@ -300,7 +302,7 @@ def config_file_op():
             res = session.remove_image(name)
         else:
             return error(400, "\"{0}\" is not a valid operation".format(op))
-    except VyOSError as e:
+    except ConfigSessionError as e:
         return error(400, str(e))
     except Exception as e:
         print(traceback.format_exc(), file=sys.stderr)
@@ -309,14 +311,12 @@ def config_file_op():
     return success(res)
 
 
-@app.route('/generate', method='POST')
+@app.route('/generate', methods=['POST'])
+@get_command
 @auth_required
-def generate_op():
+def generate_op(command):
     session = app.config['vyos_session']
 
-    command = bottle.request.forms.get("data")
-    command = json.loads(command)
-
     try:
         op = command['op']
         path = command['path']
@@ -339,14 +339,12 @@ def generate_op():
 
     return success(res)
 
-@app.route('/show', method='POST')
+@app.route('/show', methods=['POST'])
+@get_command
 @auth_required
-def show_op():
+def show_op(command):
     session = app.config['vyos_session']
 
-    command = bottle.request.forms.get("data")
-    command = json.loads(command)
-
     try:
         op = command['op']
         path = command['path']
@@ -398,4 +396,8 @@ if __name__ == '__main__':
 
     signal.signal(signal.SIGTERM, sig_handler)
 
-    bottle.run(app, host=server_config["listen_address"], port=server_config["port"], debug=True)
+    try:
+        serve(app, host=server_config["listen_address"],
+                   port=server_config["port"])
+    except OSError as e:
+        print(f"OSError {e}")