Merge branch 'current' of https://github.com/vyos/vyos-1x into current

author: Daniil Baturin <daniil@baturin.org> 2019-10-23 17:08:09 +0200
committer: Daniil Baturin <daniil@baturin.org> 2019-10-23 17:08:09 +0200
commit: 62ea78e3030802e81dd739fc4c45e6a10faddb36 (patch)
tree: 66205ac7fa8290e1d6eda1d4c94e57f4f78c1dd1 /src
parent: d9ee0b95d1020b6d5412dd011ebb1ef7f6ef3fc7 (diff)
parent: 3f8884587ab1291c13f633b079058879241ac3c1 (diff)
download: vyos-1x-62ea78e3030802e81dd739fc4c45e6a10faddb36.tar.gz
vyos-1x-62ea78e3030802e81dd739fc4c45e6a10faddb36.zip
4 files changed, 128 insertions, 71 deletions
diff --git a/src/conf_mode/dynamic_dns.py b/src/conf_mode/dynamic_dns.py
index ff3c1f825..c4a95f5f1 100755
--- a/src/conf_mode/dynamic_dns.py
+++ b/src/conf_mode/dynamic_dns.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2018 VyOS maintainers and contributors
+# Copyright (C) 2018-2019 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -13,8 +13,6 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-#
 
 import os
 import sys
@@ -23,16 +21,17 @@ import jinja2
 from vyos.config import Config
 from vyos import ConfigError
 
-config_file = r'/etc/ddclient.conf'
+config_file = r'/etc/ddclient/ddclient.conf'
 cache_file = r'/var/cache/ddclient/ddclient.cache'
+pid_file = r'/var/run/ddclient/ddclient.pid'
 
 config_tmpl = """
 ### Autogenerated by dynamic_dns.py ###
 daemon=1m
 syslog=yes
 ssl=yes
-pid=/var/run/ddclient/ddclient.pid
-cache=/var/cache/ddclient/ddclient.cache
+pid={{ pid_file }}
+cache={{ cache_file }}
 
 {% for interface in interfaces -%}
 
@@ -48,11 +47,11 @@ use=if, if={{ interface.interface }}
 {% for rfc in interface.rfc2136 -%}
 {% for record in rfc.record %}
 # RFC2136 dynamic DNS configuration for {{ record }}.{{ rfc.zone }}
-server={{ rfc.server }}
-protocol=nsupdate
-password={{ rfc.keyfile }}
-ttl={{ rfc.ttl }}
-zone={{ rfc.zone }}
+server={{ rfc.server }},
+protocol=nsupdate,
+password={{ rfc.keyfile }},
+ttl={{ rfc.ttl }},
+zone={{ rfc.zone }},
 {{ record }}
 {% endfor -%}
 {% endfor -%}
@@ -60,12 +59,12 @@ zone={{ rfc.zone }}
 {% for srv in interface.service %}
 {% for host in srv.host %}
 # DynDNS provider configuration for {{ host }}
-protocol={{ srv.protocol }}
-max-interval=28d
-login={{ srv.login }}
-password='{{ srv.password }}'
+protocol={{ srv.protocol }},
+max-interval=28d,
+login={{ srv.login }},
+password='{{ srv.password }}',
 {% if srv.server -%}
-server={{ srv.server }}
+server={{ srv.server }},
 {% endif -%}
 {{ host }}
 {% endfor %}
@@ -91,6 +90,8 @@ default_service_protocol = {
 
 default_config_data = {
     'interfaces': [],
+    'cache_file': cache_file,
+    'pid_file': pid_file
 }
 
 def get_config():
@@ -237,8 +238,15 @@ def generate(dyndns):
     if dyndns is None:
         return None
 
-    tmpl = jinja2.Template(config_tmpl)
+    dirname = os.path.dirname(dyndns['pid_file'])
+    if not os.path.exists(dirname):
+        os.mkdir(dirname)
 
+    dirname = os.path.dirname(config_file)
+    if not os.path.exists(dirname):
+        os.mkdir(dirname)
+
+    tmpl = jinja2.Template(config_tmpl)
     config_text = tmpl.render(dyndns)
     with open(config_file, 'w') as f:
         f.write(config_text)
@@ -246,11 +254,16 @@ def generate(dyndns):
     return None
 
 def apply(dyndns):
-    if os.path.exists(cache_file):
-        os.unlink(cache_file)
+    if os.path.exists(dyndns['cache_file']):
+        os.unlink(dyndns['cache_file'])
+
+    if os.path.exists('/etc/ddclient.conf'):
+        os.unlink('/etc/ddclient.conf')
 
     if dyndns is None:
         os.system('/etc/init.d/ddclient stop')
+        if os.path.exists(dyndns['pid_file']):
+            os.unlink(dyndns['pid_file'])
     else:
         os.system('/etc/init.d/ddclient restart')
 
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index f948063e9..233c815bc 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -67,7 +67,7 @@ server {
 {% endif %}
 
         # proxy settings for HTTP API, if enabled; 503, if not
-        location ~ /(retrieve|configure) {
+        location ~ /(retrieve|configure|config-file|image) {
 {% if api %}
                 proxy_pass http://localhost:{{ api.port }};
                 proxy_buffering off;
diff --git a/src/op_mode/wireguard.py b/src/op_mode/wireguard.py
index f6978554d..6860aa3ea 100755
--- a/src/op_mode/wireguard.py
+++ b/src/op_mode/wireguard.py
@@ -23,8 +23,8 @@ import shutil
 import subprocess
 import syslog as sl
 import re
-import time
 
+from vyos.interface import Interface
 
 from vyos import ConfigError
 from vyos.config import Config
@@ -40,41 +40,6 @@ def check_kmod():
             sl.syslog(sl.LOG_ERR, "modprobe wireguard failed")
             raise ConfigError("modprobe wireguard failed")
 
-
-def showint(interface):
-    output = subprocess.check_output(["wg", "show", interface], universal_newlines=True)
-    c = Config()
-    c.set_level("interfaces wireguard {}".format(interface))
-    description = c.return_effective_value("description".format(interface))
-    """ if the interface has a description, modify the output to include it """
-    if (description):
-        output = re.sub(r"interface: {}".format(re.escape(interface)),"interface: {}\n  Description: {}".format(interface,description),output)
-    
-    """ pull the last handshake times.  Assume if the handshake was greater than 5 minutes, the tunnel is down """
-    peer_timeouts = {}
-    last_hs_output = subprocess.check_output(["wg", "show", interface, "latest-handshakes"], universal_newlines=True)
-    for match in re.findall(r'(\S+)\s+(\d+)',last_hs_output): 
-        peer_timeouts[match[0]] = match[1]
-
-    """ modify all the peers, reformat to provide VyOS config provided peername, whether the tunnel is up/down """
-    for peer in c.list_effective_nodes(' peer'):
-        pubkey = c.return_effective_value("peer {} pubkey".format(peer))
-        status = ""
-        if int(peer_timeouts[pubkey]) > 0:
-            #Five minutes and the tunnel is still up
-            if (time.time() - int(peer_timeouts[pubkey]) < (60*5)):
-                status = "UP"
-            else:
-                status = "DOWN"
-        elif (peer_timeouts[pubkey] is None):
-            status = "DOWN"
-        elif (int(peer_timeouts[pubkey]) == 0):
-            status = "DOWN"
-
-        output = re.sub(r"peer: {}".format(re.escape(pubkey)),"peer: {}\n  Status: {}\n  public key: {}".format(peer,status,pubkey),output)
-
-    print(output)
-    
 def generate_keypair(pk, pub):
     """ generates a keypair which is stored in /config/auth/wireguard """
     old_umask = os.umask(0o027)
@@ -185,7 +150,8 @@ if __name__ == '__main__':
         if args.listkdir:
             list_key_dirs()
         if args.showinterface:
-            showint(args.showinterface)
+            intf = Interface(args.showinterface)
+            intf.print_interface()
         if args.delkdir:
             if args.location:
                 del_key_dir(args.location)
diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server
index afab9be70..04c44c2be 100755
--- a/src/services/vyos-http-api-server
+++ b/src/services/vyos-http-api-server
@@ -27,12 +27,13 @@ import vyos.config
 
 import bottle
 
+from functools import wraps
+
 from vyos.configsession import ConfigSession, ConfigSessionError
 from vyos.config import VyOSError
 
 
 DEFAULT_CONFIG_FILE = '/etc/vyos/http-api.conf'
-
 CFG_GROUP = 'vyattacfg'
 
 app = bottle.default_app()
@@ -61,16 +62,23 @@ def success(data):
     resp = {"success": True, "data": data, "error": None}
     return json.dumps(resp)
 
+def auth_required(f):
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        key = bottle.request.forms.get("key")
+        api_keys = app.config['vyos_keys']
+        id = check_auth(api_keys, key)
+        if not id:
+            return error(401, "Valid API key is required")
+        return f(*args, **kwargs)
+
+    return decorated_function
+
 @app.route('/configure', method='POST')
+@auth_required
 def configure():
     session = app.config['vyos_session']
     config = app.config['vyos_config']
-    api_keys = app.config['vyos_keys']
-
-    key = bottle.request.forms.get("key")
-    id = check_auth(api_keys, key)
-    if not id:
-        return error(401, "Valid API key is required")
 
     strict_field = bottle.request.forms.get("strict")
     if strict_field == "true":
@@ -177,17 +185,11 @@ def configure():
         return success(None)
 
 @app.route('/retrieve', method='POST')
+@auth_required
 def get_value():
     config = app.config['vyos_config']
     session = app.config['vyos_session']
 
-    api_keys = app.config['vyos_keys']
-
-    key = bottle.request.forms.get("key")
-    id = check_auth(api_keys, key)
-    if not id:
-        return error(401, "Valid API key is required")
-
     command = bottle.request.forms.get("data")
     command = json.loads(command)
 
@@ -220,6 +222,82 @@ def get_value():
 
     return success(res)
 
+@app.route('/config-file', method='POST')
+@auth_required
+def config_file_op():
+    config = app.config['vyos_config']
+    session = app.config['vyos_session']
+
+    command = bottle.request.forms.get("data")
+    command = json.loads(command)
+
+    try:
+        op = command['op']
+    except KeyError:
+        return error(400, "Missing required field \"op\"")
+
+    try:
+        if op == 'save':
+            try:
+                path = command['file']
+            except KeyError:
+                path = '/config/config.boot'
+            res = session.save_config(path)
+        elif op == 'load':
+            try:
+                path = command['file']
+            except KeyError:
+                return error(400, "Missing required field \"file\"")
+            res = session.load_config(path)
+            res = session.commit()
+        else:
+            return error(400, "\"{0}\" is not a valid operation".format(op))
+    except VyOSError as e:
+        return error(400, str(e))
+    except Exception as e:
+        print(traceback.format_exc(), file=sys.stderr)
+        return error(500, "An internal error occured. Check the logs for details.")
+
+    return success(res)
+
+@app.route('/image', method='POST')
+@auth_required
+def config_file_op():
+    config = app.config['vyos_config']
+    session = app.config['vyos_session']
+
+    command = bottle.request.forms.get("data")
+    command = json.loads(command)
+
+    try:
+        op = command['op']
+    except KeyError:
+        return error(400, "Missing required field \"op\"")
+
+    try:
+        if op == 'add':
+            try:
+                url = command['url']
+            except KeyError:
+                return error(400, "Missing required field \"url\"")
+            res = session.install_image(url)
+        elif op == 'delete':
+            try:
+                name = command['name']
+            except KeyError:
+                return error(400, "Missing required field \"name\"")
+            res = session.remove_image(name)
+        else:
+            return error(400, "\"{0}\" is not a valid operation".format(op))
+    except VyOSError as e:
+        return error(400, str(e))
+    except Exception as e:
+        print(traceback.format_exc(), file=sys.stderr)
+        return error(500, "An internal error occured. Check the logs for details.")
+
+    return success(res)
+
+
 if __name__ == '__main__':
     # systemd's user and group options don't work, do it by hand here,
     # else no one else will be able to commit
author	Daniil Baturin <daniil@baturin.org>	2019-10-23 17:08:09 +0200
committer	Daniil Baturin <daniil@baturin.org>	2019-10-23 17:08:09 +0200
commit	62ea78e3030802e81dd739fc4c45e6a10faddb36 (patch)
tree	66205ac7fa8290e1d6eda1d4c94e57f4f78c1dd1 /src
parent	d9ee0b95d1020b6d5412dd011ebb1ef7f6ef3fc7 (diff)
parent	3f8884587ab1291c13f633b079058879241ac3c1 (diff)
download	vyos-1x-62ea78e3030802e81dd739fc4c45e6a10faddb36.tar.gz vyos-1x-62ea78e3030802e81dd739fc4c45e6a10faddb36.zip