diff options
29 files changed, 2105 insertions, 65 deletions
diff --git a/.github/workflows/package-smoketest.yml b/.github/workflows/package-smoketest.yml index 27272a6e2..08c8d42f5 100644 --- a/.github/workflows/package-smoketest.yml +++ b/.github/workflows/package-smoketest.yml @@ -14,7 +14,7 @@ env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed for PR comments jobs: - build: + build_iso: runs-on: ubuntu-24.04 timeout-minutes: 45 container: @@ -42,6 +42,7 @@ jobs: run: | echo "build_version=1.5-integration-$(date -u +%Y%m%d%H%M)" >> $GITHUB_OUTPUT - name: Build custom ISO image + shell: bash run: | sudo --preserve-env ./build-vyos-image \ --architecture amd64 \ @@ -55,13 +56,15 @@ jobs: name: vyos-${{ steps.version.outputs.build_version }} path: build/live-image-amd64.hybrid.iso - cli-smoketests: - needs: build + test_smoketest_cli: + needs: build_iso runs-on: ubuntu-24.04 timeout-minutes: 180 container: image: vyos/vyos-build:current options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged + outputs: + exit_code: ${{ steps.test.outputs.exit_code }} steps: # We need the test script from vyos-build repo - name: Clone vyos-build source code @@ -70,27 +73,28 @@ jobs: repository: vyos/vyos-build - uses: actions/download-artifact@v4 with: - name: vyos-${{ needs.build.outputs.build_version }} + name: vyos-${{ needs.build_iso.outputs.build_version }} path: build - name: VyOS CLI smoketests - run: sudo make test - - name: Add PR comment - if: always() - uses: mshick/add-pr-comment@v2 - with: - message-success: '👍 VyOS CLI smoketests finished successfully!' - message-failure: '❌ VyOS CLI smoketests failed!' - message-cancelled: '❌ VyOS CLI smoketests cancelled!' - allow-repeats: false - refresh-message-position: true + id: test + shell: bash + run: | + # always fail first + echo "exit_code=1" >> $GITHUB_OUTPUT + sudo make test + exit_code=$? + echo "exit_code=$exit_code" >> $GITHUB_OUTPUT + exit $exit_code - config-load-tests: - needs: build + test_config_load: + needs: build_iso runs-on: ubuntu-24.04 timeout-minutes: 90 container: image: vyos/vyos-build:current options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged + outputs: + exit_code: ${{ steps.test.outputs.exit_code }} steps: # We need the test script from vyos-build repo - name: Clone vyos-build source code @@ -99,27 +103,28 @@ jobs: repository: vyos/vyos-build - uses: actions/download-artifact@v4 with: - name: vyos-${{ needs.build.outputs.build_version }} + name: vyos-${{ needs.build_iso.outputs.build_version }} path: build - - name: VyOS config tests - run: sudo make testc - - name: Add PR comment - if: always() - uses: mshick/add-pr-comment@v2 - with: - message-success: '👍 VyOS config tests finished successfully!' - message-failure: '❌ VyOS config tests failed!' - message-cancelled: '❌ VyOS config tests cancelled!' - allow-repeats: false - refresh-message-position: true + - name: VyOS config load tests + id: test + shell: bash + run: | + # always fail first + echo "exit_code=1" >> $GITHUB_OUTPUT + sudo make testc + exit_code=$? + echo "exit_code=$exit_code" >> $GITHUB_OUTPUT + exit $exit_code - raid1-install-test: - needs: build + test_raid1_install: + needs: build_iso runs-on: ubuntu-24.04 timeout-minutes: 20 container: image: vyos/vyos-build:current options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged + outputs: + exit_code: ${{ steps.test.outputs.exit_code }} steps: # We need the test script from vyos-build repo - name: Clone vyos-build source code @@ -128,16 +133,43 @@ jobs: repository: vyos/vyos-build - uses: actions/download-artifact@v4 with: - name: vyos-${{ needs.build.outputs.build_version }} + name: vyos-${{ needs.build_iso.outputs.build_version }} path: build - - name: VyOS RAID1 install test - run: sudo make testraid + - name: VyOS RAID1 installation tests + id: test + shell: bash + run: | + # always fail first + echo "exit_code=1" >> $GITHUB_OUTPUT + sudo make testraid + exit_code=$? + echo "exit_code=$exit_code" >> $GITHUB_OUTPUT + exit $exit_code + + result: + needs: + - test_smoketest_cli + - test_config_load + - test_raid1_install + runs-on: ubuntu-24.04 + timeout-minutes: 5 + if: always() + steps: - name: Add PR comment if: always() uses: mshick/add-pr-comment@v2 with: - message-success: '👍 RAID1 Smoketests finished successfully!' - message-failure: '❌ RAID1 Smoketests failed!' - message-cancelled: '❌ RAID1 action cancelled!' + message: | + CI integration ${{ needs.test_smoketest_cli.outputs.exit_code == 0 && needs.test_config_load.outputs.exit_code == 0 && needs.test_raid1_install.outputs.exit_code == 0 && '👍 passed!' || '❌ failed!' }} + + ### Details + + [CI logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) + + * ${{ needs.test_smoketest_cli.outputs.exit_code == '0' && '👍 passed' || '❌ failed' }} CLI Smoketests returned: ${{ needs.test_smoketest_cli.outputs.exit_code }} + * ${{ needs.test_config_load.outputs.exit_code == '0' && '👍 passed' || '❌ failed' }} Config tests returned: ${{ needs.test_config_load.outputs.exit_code }} + * ${{ needs.test_raid1_install.outputs.exit_code == '0' && '👍 passed' || '❌ failed' }} RAID1 tests returned: ${{ needs.test_raid1_install.outputs.exit_code }} + + message-id: "SMOKETEST_RESULTS" allow-repeats: false refresh-message-position: true @@ -55,12 +55,6 @@ op_mode_definitions: $(op_xml_obj) find $(BUILD_DIR)/op-mode-definitions/ -type f -name "*.xml" | xargs -I {} $(CURDIR)/scripts/build-command-op-templates {} $(CURDIR)/schema/op-mode-definition.rng $(OP_TMPL_DIR) || exit 1 - # XXX: delete top level op mode node.def's that now live in other packages - rm -f $(OP_TMPL_DIR)/add/node.def - rm -f $(OP_TMPL_DIR)/clear/interfaces/node.def - rm -f $(OP_TMPL_DIR)/clear/node.def - rm -f $(OP_TMPL_DIR)/delete/node.def - # XXX: tcpdump, ping, traceroute and mtr must be able to recursivly call themselves as the # options are provided from the scripts themselves ln -s ../node.tag $(OP_TMPL_DIR)/ping/node.tag/node.tag/ diff --git a/data/templates/ssh/sshd_config.j2 b/data/templates/ssh/sshd_config.j2 index 650fd25e6..2cf0494c4 100644 --- a/data/templates/ssh/sshd_config.j2 +++ b/data/templates/ssh/sshd_config.j2 @@ -67,6 +67,11 @@ Ciphers {{ ciphers | join(',') }} HostKeyAlgorithms {{ hostkey_algorithm | join(',') }} {% endif %} +{% if pubkey_accepted_algorithm is vyos_defined %} +# Specifies the available PubKey signature algorithms +PubkeyAcceptedAlgorithms {{ pubkey_accepted_algorithm | join(',') }} +{% endif %} + {% if mac is vyos_defined %} # Specifies the available MAC (message authentication code) algorithms MACs {{ mac | join(',') }} diff --git a/data/templates/telegraf/telegraf.j2 b/data/templates/telegraf/telegraf.j2 index f382dbf2e..535e3a347 100644 --- a/data/templates/telegraf/telegraf.j2 +++ b/data/templates/telegraf/telegraf.j2 @@ -130,7 +130,9 @@ metric_name_label = "{{ loki.metric_name_label }}" {% if influxdb is vyos_defined %} [[inputs.exec]] commands = [ +{% if nft_chains is vyos_defined %} "{{ custom_scripts_dir }}/show_firewall_input_filter.py", +{% endif %} "{{ custom_scripts_dir }}/show_interfaces_input_filter.py", "{{ custom_scripts_dir }}/vyos_services_input_filter.py" ] diff --git a/debian/control b/debian/control index 883e08649..189a959b0 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,6 @@ Build-Depends: iproute2, libvyosconfig0 (>= 0.0.7), libzmq3-dev, - procps, python3 (>= 3.10), # For QA pylint, @@ -38,14 +37,24 @@ Standards-Version: 3.9.6 Package: vyos-1x Architecture: amd64 arm64 Pre-Depends: + libpam-runtime [amd64], libnss-tacplus [amd64], libpam-tacplus [amd64], libpam-radius-auth [amd64] Depends: ## Fundamentals ${python3:Depends} (>= 3.10), + dialog, libvyosconfig0, + libpam-cap, + bash-completion, + ipvsadm, + udev, + less, + at, + rsync, vyatta-bash, + vyatta-biosdevname, vyatta-cfg, vyos-http-api-tools, vyos-utils, @@ -72,6 +81,7 @@ Depends: python3-zmq, ## End of Python libraries ## Basic System services and utilities + coreutils, sudo, systemd, bsdmainutils, @@ -84,7 +94,6 @@ Depends: # ipaddrcheck is widely used in IP value validators ipaddrcheck, ethtool, - fdisk, lm-sensors, procps, netplug, @@ -97,6 +106,14 @@ Depends: grc, ## End of System services and utilities ## For the installer + fdisk, + gdisk, + mdadm, + efibootmgr, + libefivar1, + dosfstools, + grub-efi-amd64-bin [amd64], + grub-efi-arm64-bin [arm64], # Image signature verification tool minisign, # Live filesystem tools @@ -105,6 +122,7 @@ Depends: ## End installer auditd, iputils-arping, + iputils-ping, isc-dhcp-client, # For "vpn pptp", "vpn l2tp", "vpn sstp", "service ipoe-server" accel-ppp, @@ -143,7 +161,7 @@ Depends: sstp-client, # End "interfaces sstpc" # For "protocols *" - frr (>= 7.5), + frr (>= 9.1), frr-pythontools, frr-rpki-rtrlib, frr-snmp, @@ -179,9 +197,12 @@ Depends: # For "service router-advert" radvd, # End "service route-advert" -# For "high-availability reverse-proxy" +# For "load-balancing reverse-proxy" haproxy, -# End "high-availability reverse-proxy" +# End "load-balancing reverse-proxy" +# For "load-balancing wan" + vyatta-wanloadbalance, +# End "load-balancing wan" # For "service dhcp-relay" isc-dhcp-relay, # For "service dhcp-server" @@ -235,6 +256,9 @@ Depends: # For "high-availability vrrp" keepalived (>=2.0.5), # End "high-availability-vrrp" +# For "system console" + util-linux, +# End "system console" # For "system task-scheduler" cron, # End "system task-scheduler" @@ -267,7 +291,7 @@ Depends: # For "system conntrack modules rtsp" nat-rtsp, # End "system conntrack modules rtsp" -# For "system ntp" +# For "service ntp" chrony, # End "system ntp" # For "vpn openconnect" @@ -276,7 +300,13 @@ Depends: # For "system flow-accounting" pmacct (>= 1.6.0), # End "system flow-accounting" -# For container +# For "system syslog" + rsyslog, +# End "system syslog" +# For "system option keyboard-layout" + kbd, +# End "system option keyboard-layout" +# For "container" podman, netavark, aardvark-dns, @@ -314,6 +344,8 @@ Depends: ndisc6, # For "run monitor bandwidth" bmon, +# For "run format disk" + parted, # End Operational mode ## TPM tools cryptsetup, diff --git a/debian/rules b/debian/rules index 9da40465f..df1d9e7f3 100755 --- a/debian/rules +++ b/debian/rules @@ -103,6 +103,10 @@ override_dh_auto_install: mkdir -p $(DIR)/etc cp -r src/etc/* $(DIR)/etc + # Install legacy Vyatta files + mkdir -p $(DIR)/opt + cp -r src/opt/* $(DIR)/opt + # Install PAM configuration snippets mkdir -p $(DIR)/usr/share/pam-configs cp -r src/pam-configs/* $(DIR)/usr/share/pam-configs diff --git a/debian/vyos-1x.install b/debian/vyos-1x.install index b3978d38a..7171911dc 100644 --- a/debian/vyos-1x.install +++ b/debian/vyos-1x.install @@ -1,4 +1,6 @@ +etc/bash_completion.d etc/commit +etc/default etc/dhcp etc/ipsec.d etc/logrotate.d diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst index 78e895d6e..26b81db6f 100644 --- a/debian/vyos-1x.postinst +++ b/debian/vyos-1x.postinst @@ -120,6 +120,61 @@ fi # ensure the proxy user has a proper shell chsh -s /bin/sh proxy +# Set file capabilities +setcap cap_net_admin=pe /sbin/ethtool +setcap cap_net_admin=pe /sbin/tc +setcap cap_net_admin=pe /bin/ip +setcap cap_net_admin=pe /sbin/xtables-legacy-multi +setcap cap_net_admin=pe /sbin/xtables-nft-multi +setcap cap_net_admin=pe /usr/sbin/conntrack +setcap cap_net_admin=pe /usr/sbin/arp +setcap cap_net_raw=pe /usr/bin/tcpdump +setcap cap_net_admin,cap_sys_admin=pe /sbin/sysctl +setcap cap_sys_module=pe /bin/kmod +setcap cap_sys_time=pe /bin/date + +# create needed directories +mkdir -p /var/log/user +mkdir -p /var/core +mkdir -p /opt/vyatta/etc/config/auth +mkdir -p /opt/vyatta/etc/config/scripts +mkdir -p /opt/vyatta/etc/config/user-data +mkdir -p /opt/vyatta/etc/config/support +chown -R root:vyattacfg /opt/vyatta/etc/config +chmod -R 775 /opt/vyatta/etc/config +mkdir -p /opt/vyatta/etc/logrotate +mkdir -p /opt/vyatta/etc/netdevice.d + +touch /etc/environment + +if [ ! -f /etc/bash_completion ]; then + echo "source /etc/bash_completion.d/10vyatta-op" > /etc/bash_completion + echo "source /etc/bash_completion.d/20vyatta-cfg" >> /etc/bash_completion +fi + +sed -i 's/^set /builtin set /' /etc/bash_completion + +# Fix up PAM configuration for login so that invalid users are prompted +# for password +sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login + +# Change default shell for new accounts +sed -i -e ':^DSHELL:s:/bin/bash:/bin/vbash:' /etc/adduser.conf + +# Do not allow users to change full name field (controlled by vyos-1x) +sed -i -e 's/^CHFN_RESTRICT/#&/' /etc/login.defs + +# Only allow root to use passwd command +if ! grep -q 'pam_succeed_if.so' /etc/pam.d/passwd ; then + sed -i -e '/^@include/i \ +password requisite pam_succeed_if.so user = root +' /etc/pam.d/passwd +fi + +# remove unnecessary ddclient script in /etc/ppp/ip-up.d/ +# this logs unnecessary messages trying to start ddclient +rm -f /etc/ppp/ip-up.d/ddclient + # create /opt/vyatta/etc/config/scripts/vyos-preconfig-bootup.script PRECONFIG_SCRIPT=/opt/vyatta/etc/config/scripts/vyos-preconfig-bootup.script if [ ! -x $PRECONFIG_SCRIPT ]; then diff --git a/interface-definitions/interfaces_geneve.xml.in b/interface-definitions/interfaces_geneve.xml.in index c94113271..990c5bd91 100644 --- a/interface-definitions/interfaces_geneve.xml.in +++ b/interface-definitions/interfaces_geneve.xml.in @@ -52,6 +52,7 @@ #include <include/interface/mirror.xml.i> #include <include/interface/redirect.xml.i> #include <include/interface/tunnel-remote.xml.i> + #include <include/interface/vrf.xml.i> #include <include/vni.xml.i> </children> </tagNode> diff --git a/interface-definitions/service_ssh.xml.in b/interface-definitions/service_ssh.xml.in index d9eee1ab8..221e451d1 100644 --- a/interface-definitions/service_ssh.xml.in +++ b/interface-definitions/service_ssh.xml.in @@ -146,6 +146,19 @@ </constraint> </properties> </leafNode> + <leafNode name="pubkey-accepted-algorithm"> + <properties> + <help>Allowed pubkey signature algorithms</help> + <completionHelp> + <!-- generated by ssh -Q PubkeyAcceptedAlgorithms | tr '\n' ' ' as this will not change dynamically --> + <list>ssh-ed25519 ssh-ed25519-cert-v01@openssh.com sk-ssh-ed25519@openssh.com sk-ssh-ed25519-cert-v01@openssh.com ecdsa-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com sk-ecdsa-sha2-nistp256@openssh.com sk-ecdsa-sha2-nistp256-cert-v01@openssh.com webauthn-sk-ecdsa-sha2-nistp256@openssh.com ssh-dss ssh-dss-cert-v01@openssh.com ssh-rsa ssh-rsa-cert-v01@openssh.com rsa-sha2-256 rsa-sha2-256-cert-v01@openssh.com rsa-sha2-512 rsa-sha2-512-cert-v01@openssh.com</list> + </completionHelp> + <multi/> + <constraint> + <regex>(ssh-ed25519|ssh-ed25519-cert-v01@openssh.com|sk-ssh-ed25519@openssh.com|sk-ssh-ed25519-cert-v01@openssh.com|ecdsa-sha2-nistp256|ecdsa-sha2-nistp256-cert-v01@openssh.com|ecdsa-sha2-nistp384|ecdsa-sha2-nistp384-cert-v01@openssh.com|ecdsa-sha2-nistp521|ecdsa-sha2-nistp521-cert-v01@openssh.com|sk-ecdsa-sha2-nistp256@openssh.com|sk-ecdsa-sha2-nistp256-cert-v01@openssh.com|webauthn-sk-ecdsa-sha2-nistp256@openssh.com|ssh-dss|ssh-dss-cert-v01@openssh.com|ssh-rsa|ssh-rsa-cert-v01@openssh.com|rsa-sha2-256|rsa-sha2-256-cert-v01@openssh.com|rsa-sha2-512|rsa-sha2-512-cert-v01@openssh.com)</regex> + </constraint> + </properties> + </leafNode> <leafNode name="key-exchange"> <properties> <help>Allowed key exchange (KEX) algorithms</help> diff --git a/op-mode-definitions/counters.xml.in b/op-mode-definitions/clear-interfaces.xml.in index f563cb9a0..de2c3443e 100644 --- a/op-mode-definitions/counters.xml.in +++ b/op-mode-definitions/clear-interfaces.xml.in @@ -1,8 +1,14 @@ <?xml version="1.0"?> <interfaceDefinition> <node name="clear"> + <properties> + <help>Clear system information</help> + </properties> <children> <node name="interfaces"> + <properties> + <help>Clear interface information</help> + </properties> <children> <node name="counters"> <properties> @@ -10,6 +16,17 @@ </properties> <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters</command> </node> + <tagNode name="connection"> + <properties> + <help>Bring connection-oriented network interface down and up</help> + <completionHelp> + <path>interfaces pppoe</path> + <path>interfaces sstpc</path> + <path>interfaces wwan</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/connect_disconnect.py --connect --disconnect --interface "$3"</command> + </tagNode> <node name="bonding"> <properties> <help>Clear Bonding interface information</help> @@ -595,4 +612,3 @@ </children> </node> </interfaceDefinition> - diff --git a/op-mode-definitions/configure.xml.in b/op-mode-definitions/configure.xml.in index a711fa4a9..d7657289b 100644 --- a/op-mode-definitions/configure.xml.in +++ b/op-mode-definitions/configure.xml.in @@ -11,11 +11,11 @@ echo "Please do it as an administrator level VyOS user instead." else if grep -q -e '^overlay.*/filesystem.squashfs' /proc/mounts; then - echo "WARNING: You are currently configuring a live-ISO environment, changes will not persist until installed" + echo "WARNING: You are currently configuring a live-ISO environment, changes will not persist until installed" else if grep -q -s '1' /tmp/vyos-config-status; then - echo "WARNING: There was a config error on boot: saving the configuration now could overwrite data." - echo "You may want to check and reload the boot config" + echo "WARNING: There was a config error on boot: saving the configuration now could overwrite data." + echo "You may want to check and reload the boot config" fi fi history -w diff --git a/op-mode-definitions/connect.xml.in b/op-mode-definitions/connect.xml.in index 116cd6231..9027056a6 100644 --- a/op-mode-definitions/connect.xml.in +++ b/op-mode-definitions/connect.xml.in @@ -24,7 +24,7 @@ <path>interfaces wwan</path> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/connect_disconnect.py --connect "$3"</command> + <command>sudo ${vyos_op_scripts_dir}/connect_disconnect.py --connect --interface "$3"</command> </tagNode> </children> </node> diff --git a/op-mode-definitions/disconnect.xml.in b/op-mode-definitions/disconnect.xml.in index 843998c4f..f0523d9b9 100644 --- a/op-mode-definitions/disconnect.xml.in +++ b/op-mode-definitions/disconnect.xml.in @@ -14,7 +14,7 @@ <path>interfaces wwan</path> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/connect_disconnect.py --disconnect "$3"</command> + <command>sudo ${vyos_op_scripts_dir}/connect_disconnect.py --disconnect --interface "$3"</command> </tagNode> </children> </node> diff --git a/smoketest/scripts/cli/test_service_ssh.py b/smoketest/scripts/cli/test_service_ssh.py index b09990c92..d8e325eee 100755 --- a/smoketest/scripts/cli/test_service_ssh.py +++ b/smoketest/scripts/cli/test_service_ssh.py @@ -304,6 +304,22 @@ class TestServiceSSH(VyOSUnitTestSHIM.TestCase): for line in ssh_lines: self.assertIn(line, tmp_sshd_conf) + def test_ssh_pubkey_accepted_algorithm(self): + algs = ['ssh-ed25519', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', + 'ecdsa-sha2-nistp521', 'ssh-dss', 'ssh-rsa', 'rsa-sha2-256', + 'rsa-sha2-512' + ] + + expected = 'PubkeyAcceptedAlgorithms ' + for alg in algs: + self.cli_set(base_path + ['pubkey-accepted-algorithm', alg]) + expected = f'{expected}{alg},' + expected = expected[:-1] + + self.cli_commit() + tmp_sshd_conf = read_file(SSHD_CONF) + self.assertIn(expected, tmp_sshd_conf) + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/service_monitoring_telegraf.py b/src/conf_mode/service_monitoring_telegraf.py index 9455b6109..db870aae5 100755 --- a/src/conf_mode/service_monitoring_telegraf.py +++ b/src/conf_mode/service_monitoring_telegraf.py @@ -86,7 +86,8 @@ def get_config(config=None): monitoring['custom_scripts_dir'] = custom_scripts_dir monitoring['hostname'] = get_hostname() monitoring['interfaces_ethernet'] = Section.interfaces('ethernet', vlan=False) - monitoring['nft_chains'] = get_nft_filter_chains() + if conf.exists('firewall'): + monitoring['nft_chains'] = get_nft_filter_chains() # Redefine azure group-metrics 'single-table' and 'table-per-metric' if 'azure_data_explorer' in monitoring: diff --git a/src/etc/bash_completion.d/vyatta-op b/src/etc/bash_completion.d/vyatta-op new file mode 100644 index 000000000..8ac2d9b20 --- /dev/null +++ b/src/etc/bash_completion.d/vyatta-op @@ -0,0 +1,685 @@ +# vyatta bash operational mode completion +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2006, 2007 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Tom Grennan +# Date: 2007 +# Description: setup bash completion for Vyatta operational commands +# +# **** End License **** + +test -z "$_vyatta_less_options" && \ + declare -r _vyatta_less_options="\ + --QUIT-AT-EOF\ + --quit-if-one-screen\ + --RAW-CONTROL-CHARS\ + --squeeze-blank-lines\ + --no-init" +test -z "$_vyatta_default_pager" && \ + declare -r _vyatta_default_pager="less \ + --buffers=64\ + --auto-buffers\ + --no-lessopen\ + $_vyatta_less_options" +test -z "$VYATTA_PAGER" && \ + declare -x VYATTA_PAGER=$_vyatta_default_pager + +_vyatta_op_do_key_bindings () +{ + if [[ "$SHELL" != "/bin/vbash" && "$SHELL" != "/sbin/radius_shell" ]]; then + # only do bindings if vbash and radius_shell + return + fi + nullglob_save=$(shopt -p nullglob) + shopt -u nullglob + case "$-" in + *i*) + bind '"?": possible-completions' + bind 'set show-all-if-ambiguous on' + bind_cmds=$(grep '^bind .* # vyatta key binding$' $HOME/.bashrc) + eval $bind_cmds + ;; + esac + eval $nullglob_save +} + +_vyatta_op_do_key_bindings + +test -f /etc/default/vyatta && \ + source /etc/default/vyatta + +test ! -d "$vyatta_op_templates" && \ + return 0 + +case "$-" in + *i*) + declare -r _vyatta_op_last_comp_init='>>>>>>LASTCOMP<<<<<<' + ;; +esac +declare _vyatta_op_last_comp=${_vyatta_op_last_comp_init} +declare _vyatta_op_node_path +declare -a _vyatta_op_noncompletions _vyatta_op_completions +declare -x -a _vyatta_pipe_noncompletions _vyatta_pipe_completions +declare _vyatta_comptype +declare -x -a reply +declare -a _vyatta_operator_allowed + +if [[ "$VYATTA_USER_LEVEL_DIR" != "/opt/vyatta/etc/shell/level/admin" ]]; then + _vyatta_operator_allowed=( $(cat $VYATTA_USER_LEVEL_DIR/allowed-op) ) +fi + +declare -a functions +functions=( /opt/vyatta/share/vyatta-op/functions/interpreter/* ) + +for file in "${functions[@]}";do + source $file; +done + +# $1: label +# #2...: strings +_vyatta_op_debug () +{ + echo -ne \\n$1: + shift + for s ; do + echo -ne " \"$s\"" + done +} + +# this is needed to provide original "default completion" behavior. +# see "vyatta-cfg" completion script for details. +_vyatta_op_default_expand () +{ + local wc=${#COMP_WORDS[@]} + if [[ "${COMP_WORDS[0]}" =~ "/" ]]; then + # if we are looking for a directory on the first completion then do directory completions + _filedir_xspec_vyos + elif (( wc < 2 )) || + [[ $COMP_CWORD -eq 0 ]] || + [[ $1 == $2 ]]; then + _vyatta_op_expand "$@" + else + # after the first word => cannot be vyatta command so use original default + _filedir_xspec_vyos + fi +} + +# $1: label +# $2...: help +_vyatta_op_print_help () +{ + local label=$1 help=$2 + if [ ${#label} -eq 0 ] ; then + return + elif [ ${#help} -eq 0 ] ; then + echo -ne "\n $label" + elif [ ${#label} -lt 6 ] ; then + echo -ne "\n $label\t\t\t$help" + elif [ ${#label} -lt 14 ] ; then + echo -ne "\n $label\t\t$help" + elif [ ${#label} -lt 21 ] ; then + echo -ne "\n $label\t$help" + else + echo -ne "\n $label\n\t\t\t$help" + fi +} + +# $1: $cur +# $2...: possible completions +_vyatta_op_help () +{ + local restore_shopts=$( shopt -p extglob nullglob | tr \\n \; ) + shopt -u nullglob + local cur=$1; shift + local ndef node_tag_help node_run help last_help + + ndef=${_vyatta_op_node_path}/node.tag/node.def + [ -f $ndef ] && \ + node_tag_help=$( _vyatta_op_get_node_def_field $ndef help ) + + ndef=${_vyatta_op_node_path}/node.def + [ -f $ndef ] && \ + node_run=$( _vyatta_op_get_node_def_field $ndef run ) + + if [[ "$1" == "<nocomps>" ]]; then + eval "$restore_shopts" + return + fi + echo -en "\nPossible completions:" + if [ -z "$cur" -a -n "$node_run" ]; then + _vyatta_op_print_help '<Enter>' "Execute the current command" + fi + if [ $# -eq 0 ];then + _vyatta_op_print_help '<text>' "$node_tag_help" + eval "$restore_shopts" + return + fi + for comp ; do + if [[ "$comp" == "<Enter>" ]]; then + continue + fi + if [ -z "$comp" ] ; then + if [ "X$node_tag_help" == "X$last_help" ] ; then + help="" + else + last_help=$node_tag_help + help=$node_tag_help + fi + _vyatta_op_print_help '*' "$help" + elif [[ -z "$cur" || $comp == ${cur}* ]] ; then + ndef=${_vyatta_op_node_path}/$comp/node.def + if [ -f $ndef ] ; then + help=$( _vyatta_op_get_node_def_field $ndef help ) + else + help=$node_tag_help + fi + if [ "X$help" == "X$last_help" ] ; then + help="" + else + last_help=$help + fi + _vyatta_op_print_help "$comp" "$help" + fi + done + eval "$restore_shopts" +} + +_vyatta_op_set_node_path () +{ + local node + _vyatta_op_node_path=$vyatta_op_templates + for (( i=0 ; i<COMP_CWORD ; i++ )) ; do + # expand the command so completion continues to work with short versions + if [[ "${COMP_WORDS[i]}" == "*" ]]; then + node="node.tag" # user defined wildcars are always tag nodes + else + node=$(_vyatta_op_conv_node_path $_vyatta_op_node_path ${COMP_WORDS[i]}) + fi + if [ -f "${_vyatta_op_node_path}/$node/node.def" ] ; then + _vyatta_op_node_path+=/$node + elif [ -f ${_vyatta_op_node_path}/node.tag/node.def ] ; then + _vyatta_op_node_path+=/node.tag + else + return 1 + fi + done +} + +_vyatta_op_set_completions () +{ + local -a allowed completions + local cur=$1 + local restore_shopts=$( shopt -p extglob nullglob | tr \\n \; ) + for ndef in ${_vyatta_op_node_path}/*/node.def ; do + if [[ $ndef == */node.tag/node.def ]] ; then + local acmd=$( _vyatta_op_get_node_def_field $ndef allowed ) + shopt -u extglob nullglob + local -a a=($( eval "$acmd" )) + eval "$restore_shopts" + + if [ ${#a[@]} -ne 0 ] ; then + allowed+=( "${a[@]}" ) + else + allowed+=( "<text>" ) + fi + else + local sdir=${ndef%/*} + allowed+=( ${sdir##*/} ) + fi + done + + # donot complete entries like <HOSTNAME> or <A.B.C.D> + _vyatta_op_noncompletions=( ) + completions=( ) + + # make runable commands have a non-comp + ndef=${_vyatta_op_node_path}/node.def + [ -f $ndef ] && \ + node_run=$( _vyatta_op_get_node_def_field $ndef run ) + if [ -z "$cur" -a -n "$node_run" ]; then + _vyatta_op_noncompletions+=('<Enter>') + fi + + for (( i=0 ; i<${#allowed[@]} ; i++ )) ; do + if [[ "${allowed[i]}" == \<*\> ]] ; then + _vyatta_op_noncompletions+=( "${allowed[i]}" ) + else + if [[ "$VYATTA_USER_LEVEL_DIR" == "/opt/vyatta/etc/shell/level/admin" ]]; then + completions+=( ${allowed[i]} ) + elif is_elem_of ${allowed[i]} _vyatta_operator_allowed; then + completions+=( ${allowed[i]} ) + elif [[ $_vyatta_op_node_path == $vyatta_op_templates ]];then + continue + else + completions+=( ${allowed[i]} ) + fi + fi + done + + # Prefix filter the non empty completions + if [ -n "$cur" ]; then + _vyatta_op_completions=() + get_prefix_filtered_list "$cur" completions _vyatta_op_completions + _vyatta_op_completions=($( printf "%s\n" ${_vyatta_op_completions[@]} | sort -u )) + else + _vyatta_op_completions=($( printf "%s\n" ${completions[@]} | sort -u )) + fi + #shopt -s nullglob +} + +_vyatta_op_comprely_needs_ambiguity () +{ + local -a uniq + + [ ${#COMPREPLY[@]} -eq 1 ] && return + + uniq=( `printf "%s\n" ${COMPREPLY[@]} | cut -c1 | sort -u` ) + + [ ${#uniq[@]} -eq 1 ] && return + false +} + +_vyatta_op_invalid_completion () +{ + local tpath=$vyatta_op_templates + local -a args + local i=1 + for arg in "${COMP_WORDS[@]}"; do + arg=( $(_vyatta_op_conv_node_path $tpath $arg) ) # expand the arguments + # output proper error message based on the above expansion + if [[ "${arg[1]}" == "ambiguous" ]]; then + echo -ne "\n\n Ambiguous command: ${args[@]} [$arg]\n" + local -a cmds=( $(compgen -d $tpath/$arg) ) + _vyatta_op_node_path=$tpath + local comps=$(_vyatta_op_help $arg ${cmds[@]##*/}) + echo -ne "$comps" | sed -e 's/^P/ P/' + break + elif [[ "${arg[1]}" == "invalid" ]]; then + echo -ne "\n\n Invalid command: ${args[@]} [$arg]" + break + fi + + if [ -f "$tpath/$arg/node.def" ] ; then + tpath+=/$arg + elif [ -f $tpath/node.tag/node.def ] ; then + tpath+=/node.tag + else + echo -ne "\n\n Invalid command: ${args[@]} [$arg]" >&2 + break + fi + args[$i]=$arg + let "i+=1" + if [ $[${#COMP_WORDS[@]}+1] -eq $i ];then + _vyatta_op_help "" \ + "${_vyatta_op_noncompletions[@]}" \ + "${_vyatta_op_completions[@]}" \ + | ${VYATTA_PAGER:-cat} + fi + done +} + +_vyatta_op_expand () +{ + # We need nospace here and we have to append our own spaces + compopt -o nospace + + local restore_shopts=$( shopt -p extglob nullglob | tr \\n \; ) + shopt -s extglob nullglob + local cur="" + local _has_comptype=0 + local current_prefix=$2 + local current_word=$3 + _vyatta_comptype="" + + if (( ${#COMP_WORDS[@]} > 0 )); then + cur=${COMP_WORDS[COMP_CWORD]} + else + (( COMP_CWORD = ${#COMP_WORDS[@]} )) + fi + + if _vyatta_pipe_completion "${COMP_WORDS[@]}"; then + if [ "${COMP_WORDS[*]}" == "$_vyatta_op_last_comp" ] || + [ ${#_vyatta_pipe_completions[@]} -eq 0 ]; then + _vyatta_do_pipe_help + COMPREPLY=( "" " " ) + _vyatta_op_last_comp=${_vyatta_op_last_comp_init} + else + COMPREPLY=( "${_vyatta_pipe_completions[@]}" ) + _vyatta_op_last_comp="${COMP_WORDS[*]}" + if [ ${#COMPREPLY[@]} -eq 1 ]; then + COMPREPLY=( "${COMPREPLY[0]} " ) + fi + fi + eval "$restore_shopts" + return + fi + + # this needs to be done on every completion even if it is the 'same' comp. + # The cursor can be at different places in the string. + # this will lead to unexpected cases if setting the node path isn't attempted + # each time. + if ! _vyatta_op_set_node_path ; then + echo -ne \\a + _vyatta_op_invalid_completion + COMPREPLY=( "" " " ) + eval "$restore_shopts" + return 1 + fi + + if [ "${COMP_WORDS[*]:0:$[$COMP_CWORD+1]}" != "$_vyatta_op_last_comp" ] ; then + _vyatta_set_comptype + case $_vyatta_comptype in + 'imagefiles') + _has_comptype=1 + _vyatta_image_file_complete + ;; + *) + _has_comptype=0 + if [[ -z "$current_word" ]]; then + _vyatta_op_set_completions $cur + else + _vyatta_op_set_completions $current_prefix + fi + ;; + esac + fi + if [[ $_has_comptype == 1 ]]; then + COMPREPLY=( "${_vyatta_op_completions[@]}" ) + else + COMPREPLY=($( compgen -W "${_vyatta_op_completions[*]}" -- $current_prefix )) + fi + + # if the last command line arg is empty and we have + # an empty completion option (meaning wild card), + # append a blank(s) to the completion array to force ambiguity + if [ -z "$current_prefix" -a -n "$current_word" ] || + [[ "${COMPREPLY[0]}" =~ "$cur" ]]; then + for comp ; do + if [ -z "$comp" ] ; then + if [ ${#COMPREPLY[@]} -eq 0 ] ; then + COMPREPLY=( " " "" ) + elif _vyatta_op_comprely_needs_ambiguity ; then + COMPREPLY+=( " " ) + fi + fi + done + fi + # Set this environment to enable and disable debugging on the fly + if [[ $DBG_OP_COMPS -eq 1 ]]; then + echo -e "\nCurrent: '$cur'" + echo -e "Current word: '$current_word'" + echo -e "Current prefix: '$current_prefix'" + echo "Number of comps: ${#_vyatta_op_completions[*]}" + echo "Number of non-comps: ${#_vyatta_op_noncompletions[*]}" + echo "_vyatta_op_completions: '${_vyatta_op_completions[*]}'" + echo "COMPREPLY: '${COMPREPLY[@]}'" + echo "CWORD: $COMP_CWORD" + echo "Last comp: '$_vyatta_op_last_comp'" + echo -e "Current comp: '${COMP_WORDS[*]:0:$[$COMP_CWORD+1]}'\n" + fi + + # This is non obvious... + # To have completion continue to work when working with words that aren't the last word, + # we have to set nospace at the beginning of this script and then append the spaces here. + if [ ${#COMPREPLY[@]} -eq 1 ] && + [[ $_has_comptype -ne 1 ]]; then + COMPREPLY=( "${COMPREPLY[0]} " ) + fi + # if there are no completions then handle invalid commands + if [ ${#_vyatta_op_noncompletions[@]} -eq 0 ] && + [ ${#_vyatta_op_completions[@]} -eq 0 ]; then + _vyatta_op_invalid_completion + COMPREPLY=( "" " " ) + _vyatta_op_last_comp=${_vyatta_op_last_comp_init} + elif [ ${#COMPREPLY[@]} -eq 0 ] && + [ -n "$current_prefix" ]; then + _vyatta_op_invalid_completion + COMPREPLY=( "" " " ) + _vyatta_op_last_comp=${_vyatta_op_last_comp_init} + # Stop completions from getting stuck + elif [ ${#_vyatta_op_completions[@]} -eq 1 ] && + [ -n "$cur" ] && + [[ "${COMPREPLY[0]}" =~ "$cur" ]]; then + _vyatta_op_last_comp=${_vyatta_op_last_comp_init} + elif [ ${#_vyatta_op_completions[@]} -eq 1 ] && + [ -n "$current_prefix" ] && + [[ "${COMPREPLY[0]}" =~ "$current_prefix" ]]; then + _vyatta_op_last_comp=${_vyatta_op_last_comp_init} + # if there are no completions then always show the non-comps + elif [ "${COMP_WORDS[*]:0:$[$COMP_CWORD+1]}" == "$_vyatta_op_last_comp" ] || + [ ${#_vyatta_op_completions[@]} -eq 0 ] || + [ -z "$cur" ]; then + _vyatta_op_help "$current_prefix" \ + "${_vyatta_op_noncompletions[@]}" \ + "${_vyatta_op_completions[@]}" \ + | ${VYATTA_PAGER:-cat} + COMPREPLY=( "" " " ) + _vyatta_op_last_comp=${_vyatta_op_last_comp_init} + else + _vyatta_op_last_comp="${COMP_WORDS[*]:0:$[$COMP_CWORD+1]}" + fi + + eval "$restore_shopts" +} + +# "pipe" functions +count () +{ + wc -l +} + +match () +{ + grep -E -e "$1" +} + +no-match () +{ + grep -E -v -e "$1" +} + +no-more () +{ + cat +} + +strip-private () +{ + ${vyos_libexec_dir}/strip-private.py +} + +commands () +{ + if [ "$_OFR_CONFIGURE" != "" ]; then + if $(cli-shell-api sessionChanged); then + echo "You have uncommited changes, please commit them before using the commands pipe" + else + vyos-config-to-commands + fi + else + echo "commands pipe is not supported in operational mode" + fi +} + +json () +{ + if [ "$_OFR_CONFIGURE" != "" ]; then + if $(cli-shell-api sessionChanged); then + echo "You have uncommited changes, please commit them before using the JSON pipe" + else + vyos-config-to-json + fi + else + echo "JSON pipe is not supported in operational mode" + fi +} + +# pipe command help +# $1: command +_vyatta_pipe_help () +{ + local help="No help text available" + case "$1" in + count) help="Count the number of lines in the output";; + match) help="Only output lines that match specified pattern";; + no-match) help="Only output lines that do not match specified pattern";; + more) help="Paginate the output";; + no-more) help="Do not paginate the output";; + strip-private) help="Remove private information from the config";; + commands) help="Convert config to set commands";; + json) help="Convert config to JSON";; + '<pattern>') help="Pattern for matching";; + esac + echo -n "$help" +} + +_vyatta_do_pipe_help () +{ + local help='' + if (( ${#_vyatta_pipe_completions[@]} + ${#_vyatta_pipe_noncompletions[@]} + == 0 )); then + return + fi + echo -en "\nPossible completions:" + for comp in "${_vyatta_pipe_completions[@]}" \ + "${_vyatta_pipe_noncompletions[@]}"; do + _vyatta_op_print_help "$comp" "$(_vyatta_pipe_help "$comp")" + done +} + +# pipe completion +# $@: words +_vyatta_pipe_completion () +{ + local -a pipe_cmd=() + local -a all_cmds=( 'count' 'match' 'no-match' 'more' 'no-more' 'strip-private' 'commands' 'json' ) + local found=0 + _vyatta_pipe_completions=() + _vyatta_pipe_noncompletions=() + + for word in "$@"; do + if [[ "$found" == "1" || "$word" == "|" ]]; then + pipe_cmd+=( "$word" ) + found=1 + fi + done + if (( found == 0 )); then + return 1 + fi + if (( ${#pipe_cmd[@]} == 1 )); then + # "|" only + _vyatta_pipe_completions=( "${all_cmds[@]}" ) + return 0 + fi + if (( ${#pipe_cmd[@]} == 2 )); then + # "|<space, chars, or space+chars>" + _vyatta_pipe_completions=($(compgen -W "${all_cmds[*]}" -- ${pipe_cmd[1]})) + return 0 + fi + if (( ${#pipe_cmd[@]} == 3 )); then + # "|<chars or space+chars><space or space+chars>" + case "${pipe_cmd[1]}" in + match|no-match) _vyatta_pipe_noncompletions=( '<pattern>' );; + esac + return 0 + fi + return 0 +} + +# comptype +_vyatta_set_comptype () +{ + local comptype + unset _vyatta_comptype + for ndef in ${_vyatta_op_node_path}/*/node.def ; do + if [[ $ndef == */node.tag/node.def ]] ; then + local comptype=$( _vyatta_op_get_node_def_field $ndef comptype ) + if [[ $comptype == "imagefiles" ]] ; then + _vyatta_comptype=$comptype + return 0 + else + _vyatta_comptype="" + return 1 + fi + else + _vyatta_comptype="" + return 1 + fi + done +} + +_filedir_xspec_vyos() +{ + local cur prev words cword + _init_completion || return + + _tilde "$cur" || return 0 + + local IFS=$'\n' xspec=${_xspec[${1##*/}]} tmp + local -a toks + + toks=( $( + compgen -d -- "$(quote_readline "$cur")" | { + while read -r tmp; do + printf '%s\n' $tmp + done + } + )) + + # Munge xspec to contain uppercase version too + # http://thread.gmane.org/gmane.comp.shells.bash.bugs/15294/focus=15306 + eval xspec="${xspec}" + local matchop=! + if [[ $xspec == !* ]]; then + xspec=${xspec#!} + matchop=@ + fi + xspec="$matchop($xspec|${xspec^^})" + + toks+=( $( + eval compgen -f -X "!$xspec" -- "\$(quote_readline "\$cur")" | { + while read -r tmp; do + [[ -n $tmp ]] && printf '%s\n' $tmp + done + } + )) + + if [[ ${#toks[@]} -ne 0 ]]; then + compopt -o filenames + COMPREPLY=( "${toks[@]}" ) + fi +} + +nullglob_save=$( shopt -p nullglob ) +shopt -s nullglob +for f in ${vyatta_datadir}/vyatta-op/functions/allowed/* ; do + source $f +done +eval $nullglob_save +unset nullglob_save + +# don't initialize if we are in configure mode +if [ "$_OFR_CONFIGURE" == "ok" ]; then + return 0 +fi + +if [[ "$VYATTA_USER_LEVEL_DIR" != "/opt/vyatta/etc/shell/level/admin" ]]; then + vyatta_unpriv_init $@ +else + _vyatta_op_init $@ +fi + +### Local Variables: +### mode: shell-script +### End: diff --git a/src/etc/default/vyatta b/src/etc/default/vyatta new file mode 100644 index 000000000..e5fa3bb30 --- /dev/null +++ b/src/etc/default/vyatta @@ -0,0 +1,217 @@ +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2006, 2007 Vyatta, Inc. +# All Rights Reserved. + +# declare configured Vyatta shell environment variables + +# first set vars per args of the "source /etc/default/vyatta VAR=FOO" +_vyatta_extglob=$(shopt -p extglob) +shopt -s extglob +for arg ; do + [[ $arg == *=* ]] && \ + eval declare -x $arg +done +eval $_vyatta_extglob +unset _vyatta_extglob + +{ + # These declarations must go within braces in order to be able to silence + # readonly variable errors. + + for var in prefix exec_prefix datarootdir ; do + eval test -n \"\$$var\" \&\& _vyatta_save_$var=\$$var + done + + prefix=/opt/vyatta + exec_prefix=${prefix} + datarootdir=${prefix}/share + + if test -z "$vyatta_prefix" ; then + if test -n "/opt/vyatta" ; then + declare -x -r vyatta_prefix=/opt/vyatta + declare -x -r vyos_prefix=/opt/vyatta + else + declare -x -r vyatta_prefix=/opt/vyatta + declare -x -r vyos_prefix=/opt/vyatta + fi + fi + if test -z "$vyatta_exec_prefix" ; then + if test -n "${prefix}" ; then + declare -x -r vyatta_prefix=${prefix} + declare -x -r vyos_prefix=${prefix} + else + declare -x -r vyatta_prefix=$vyatta_prefix + declare -x -r vyos_prefix=$vyatta_prefix + fi + fi + if test -z "$vyatta_datarootdir" ; then + if test -n "${prefix}/share" ; then + declare -x -r vyatta_datarootdir=${prefix}/share + declare -x -r vyos_datarootdir=${prefix}/share + else + declare -x -r vyatta_datarootdir=$vyatta_prefix/share + declare -x -r vyos_datarootdir=$vyatta_prefix/share + fi + fi + if test -z "$vyatta_bindir" ; then + if test -n "${exec_prefix}/bin" ; then + declare -x -r vyatta_bindir=${exec_prefix}/bin + else + declare -x -r vyatta_bindir=$vyatta_exec_prefix/bin + fi + fi + if test -z "$vyatta_sbindir" ; then + if test -n "${exec_prefix}/sbin" ; then + declare -x -r vyatta_sbindir=${exec_prefix}/sbin + else + declare -x -r vyatta_sbindir=$vyatta_exec_prefix/sbin + fi + fi + if test -z "$vyatta_libdir" ; then + if test -n "${exec_prefix}/lib" ; then + declare -x -r vyatta_libdir=${exec_prefix}/lib + declare -x -r vyos_libdir=${exec_prefix}/lib + else + declare -x -r vyatta_libdir=$vyatta_exec_prefix/lib + declare -x -r vyos_libdir=$vyatta_exec_prefix/lib + fi + fi + if test -z "$vyatta_libexecdir" ; then + if test -n "${exec_prefix}/libexec" ; then + declare -x -r vyatta_libexecdir=${exec_prefix}/libexec + else + declare -x -r vyatta_libexecdir=$vyatta_exec_prefix/libexec + fi + fi + if test -z "$vyatta_datadir" ; then + if test -n "${datarootdir}" ; then + declare -x -r vyatta_datadir=${datarootdir} + declare -x -r vyos_datadir=${datarootdir} + else + declare -x -r vyatta_datadir=$vyatta_datarootdir + declare -x -r vyos_datadir=$vyatta_datarootdir + fi + fi + if test -z "$vyatta_htmldir" ; then + if test -n "${docdir}" ; then + declare -x -r vyatta_htmldir=${docdir} + else + declare -x -r vyatta_htmldir=$vyatta_datarootdir/html + fi + fi + if test -z "$vyatta_infodir" ; then + if test -n "${prefix}/share/info" ; then + declare -x -r vyatta_infodir=${prefix}/share/info + else + declare -x -r vyatta_infodir=$vyatta_datarootdir/info + fi + fi + if test -z "$vyatta_mandir" ; then + if test -n "${prefix}/share/man" ; then + declare -x -r vyatta_htmldir=${prefix}/share/man + else + declare -x -r vyatta_htmldir=$vyatta_datarootdir/man + fi + fi + if test -z "$vyatta_localedir" ; then + if test -n "${datarootdir}/locale" ; then + declare -x -r vyatta_localedir=${datarootdir}/locale + else + declare -x -r vyatta_localedir=$vyatta_datarootdir/locale + fi + fi + if test -z "$vyatta_localstatedir" ; then + if test -n "${prefix}/var" ; then + declare -x -r vyatta_localstatedir=${prefix}/var + else + declare -x -r vyatta_localstatedir=$vyatta_prefix/var + fi + fi + if test -z "$vyatta_sharedstatedir" ; then + if test -n "${prefix}/com" ; then + declare -x -r vyatta_sharedstatedir=${prefix}/com + else + declare -x -r vyatta_sharedstatedir=$vyatta_prefix/com + fi + fi + if test -z "$vyatta_sysconfdir" ; then + if test -n "${prefix}/etc" ; then + declare -x -r vyatta_sysconfdir=${prefix}/etc + else + declare -x -r vyatta_sysconfdir=$vyatta_prefix/etc + fi + fi + if test -z "$vyatta_op_templates" ; then + declare -x -r vyatta_op_templates=$vyatta_datadir/vyatta-op/templates + declare -x -r vyos_op_templates=$vyatta_datadir/vyatta-op/templates + fi + if test -z "$vyatta_cfg_templates" ; then + declare -x -r vyatta_cfg_templates=$vyatta_datadir/vyatta-cfg/templates + declare -x -r vyos_cfg_templates=$vyatta_datadir/vyatta-cfg/templates + fi + if test -z "$vyatta_configdir" ; then + declare -x -r vyatta_configdir=$vyatta_prefix/config + declare -x -r vyos_configdir=$vyatta_prefix/config + fi + + for var in prefix exec_prefix datarootdir ; do + eval test -n \"\$_vyatta_save_$var\" \&\& $var=\$_vyatta_save_$var + done + + # It's not like we do, or should support installing VyOS at a different prefix + declare -x -r vyos_libexec_dir=/usr/libexec/vyos + declare -x -r vyos_bin_dir=/usr/bin + declare -x -r vyos_sbin_dir=/usr/sbin + declare -x -r vyos_share_dir=/usr/share + + if test -z "$vyos_conf_scripts_dir" ; then + declare -x -r vyos_conf_scripts_dir=$vyos_libexec_dir/conf_mode + fi + if test -z "$vyos_op_scripts_dir" ; then + declare -x -r vyos_op_scripts_dir=$vyos_libexec_dir/op_mode + fi + if test -z "$vyos_completion_dir" ; then + declare -x -r vyos_completion_dir=$vyos_libexec_dir/completion + fi + if test -z "$vyos_validators_dir" ; then + declare -x -r vyos_validators_dir=$vyos_libexec_dir/validators + fi + if test -z "$vyos_data_dir" ; then + declare -x -r vyos_data_dir=$vyos_share_dir/vyos + fi + if test -z "$vyos_persistence_dir" ; then + UNION_NAME=$(cat /proc/cmdline | sed -e s+^.*vyos-union=++ | sed -e 's/ .*$//') + declare -x -r vyos_persistence_dir="/usr/lib/live/mount/persistence/${UNION_NAME}" + fi + if test -z "$vyos_rootfs_dir" ; then + ROOTFS=$(mount -t squashfs | grep loop0 | cut -d' ' -f3) + declare -x -r vyos_rootfs_dir="${ROOTFS}" + fi + if test -z "$VRF" ; then + VRF=$(ip vrf identify) + [ -n "$VRF" ] && declare -x -r VRF="${VRF}" + fi + if test -z "$NETNS" ; then + NETNS=$(ip netns identify) + [ -n "$NETNS" ] && declare -x -r NETNS="${NETNS}" + fi + +} 2>/dev/null || : + +[ -r /etc/default/vyatta-cfg ] && source /etc/default/vyatta-cfg + +[ -r /etc/default/vyatta-local-env ] && source /etc/default/vyatta-local-env + +### Local Variables: +### mode: shell-script +### End: diff --git a/src/op_mode/connect_disconnect.py b/src/op_mode/connect_disconnect.py index 373f9e953..379890c54 100755 --- a/src/op_mode/connect_disconnect.py +++ b/src/op_mode/connect_disconnect.py @@ -95,17 +95,21 @@ def disconnect(interface): def main(): parser = argparse.ArgumentParser() group = parser.add_mutually_exclusive_group() - group.add_argument("--connect", help="Bring up a connection-oriented network interface", action="store") - group.add_argument("--disconnect", help="Take down connection-oriented network interface", action="store") + group.add_argument("--connect", help="Bring up a connection-oriented network interface", action="store_true") + group.add_argument("--disconnect", help="Take down connection-oriented network interface", action="store_true") + group.add_argument("--interface", help="Interface name", action="store", required=True) args = parser.parse_args() - if args.connect: - if commit_in_progress(): - print('Cannot connect while a commit is in progress') - exit(1) - connect(args.connect) - elif args.disconnect: - disconnect(args.disconnect) + if args.connect or args.disconnect: + if args.disconnect: + disconnect(args.interface) + + if args.connect: + if commit_in_progress(): + print('Cannot connect while a commit is in progress') + exit(1) + connect(args.interface) + else: parser.print_help() diff --git a/src/opt/vyatta/bin/restricted-shell b/src/opt/vyatta/bin/restricted-shell new file mode 100755 index 000000000..ffcbb53b7 --- /dev/null +++ b/src/opt/vyatta/bin/restricted-shell @@ -0,0 +1,11 @@ +#!/bin/bash + +if [ $# != 0 ]; then + echo "Remote command execution is not allowed for operator level users" + args=($@) + args_str=$(IFS=" " ; echo "${args[*]}") + logger "Operator level user $USER attempted remote command execution: $args_str" + exit 1 +fi + +exec vbash diff --git a/src/opt/vyatta/bin/vyatta-op-cmd-wrapper b/src/opt/vyatta/bin/vyatta-op-cmd-wrapper new file mode 100755 index 000000000..a89211b2b --- /dev/null +++ b/src/opt/vyatta/bin/vyatta-op-cmd-wrapper @@ -0,0 +1,6 @@ +#!/bin/vbash +shopt -s expand_aliases +source /etc/default/vyatta +source /etc/bash_completion.d/vyatta-op +_vyatta_op_init +_vyatta_op_run "$@" diff --git a/src/opt/vyatta/etc/LICENSE b/src/opt/vyatta/etc/LICENSE new file mode 100644 index 000000000..6d45519c8 --- /dev/null +++ b/src/opt/vyatta/etc/LICENSE @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + <one line to give the program's name and a brief idea of what it does.> + Copyright (C) <year> <name of author> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + <signature of Ty Coon>, 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/src/opt/vyatta/etc/shell/level/users/allowed-op b/src/opt/vyatta/etc/shell/level/users/allowed-op new file mode 100644 index 000000000..74c45af37 --- /dev/null +++ b/src/opt/vyatta/etc/shell/level/users/allowed-op @@ -0,0 +1,20 @@ +c +cl +cle +clea +clear +connect +delete +disconnect +exit +force +monitor +ping +reset +release +renew +set +show +telnet +traceroute +update diff --git a/src/opt/vyatta/etc/shell/level/users/allowed-op.in b/src/opt/vyatta/etc/shell/level/users/allowed-op.in new file mode 100644 index 000000000..1976904e4 --- /dev/null +++ b/src/opt/vyatta/etc/shell/level/users/allowed-op.in @@ -0,0 +1,16 @@ +clear +connect +delete +disconnect +exit +force +monitor +ping +reset +release +renew +set +show +telnet +traceroute +update diff --git a/src/opt/vyatta/sbin/if-mib-alias b/src/opt/vyatta/sbin/if-mib-alias new file mode 100755 index 000000000..bc86f999f --- /dev/null +++ b/src/opt/vyatta/sbin/if-mib-alias @@ -0,0 +1,130 @@ +#! /usr/bin/perl + +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Stephen Hemminger +# Date: October 2010 +# Description: script is run as net-snmp extension to read interface alias +# +# **** End License **** + +use strict; +use warnings; +use feature "switch"; +no warnings 'experimental::smartmatch'; + +# Collect interface all alias values +sub get_alias { + my @interfaces; + + open (my $ip, '-|', 'ip li') + or die "Can't run ip command\n"; + my $index; + while(<$ip>) { + if (/^(\d+): ([^:]*): /) { + $index = $1; + $interfaces[$index] = $2; + } elsif (/^ +alias (.*)$/) { + $interfaces[$index] = $1; + } + } + close $ip; + return @interfaces; +} + +sub get_oid { + my $oid = shift; + die "Not a valid Object ID: $oid" + unless ($oid =~ /.(\d+)$/); + + my $ifindex = $1; + my @interfaces = get_alias(); + + my $ifalias = $interfaces[$ifindex]; + print "$oid\nstring\n$ifalias\n" if $ifalias; +} + +# OID of ifAlias [RFC2863] +my $BASE = '.1.3.6.1.2.1.31.1.1.1.18'; + +sub get_next { + my $oid = shift; + + return get_next("$BASE.0") + if ($oid eq $BASE); + + die "Not a valid Object ID: $oid" + unless ($oid =~ /^(\S*)\.(\d+)$/); + + my $base = $1; + my $ifindex = $2; + my @interfaces = get_alias(); + + while (++$ifindex <= $#interfaces) { + my $ifalias = $interfaces[$ifindex]; + if ($ifalias) { + print "$base.$ifindex\nstring\n$ifalias\n"; + last; + } + } +} + +sub ifindextoname { + my $ifindex = shift; + + open (my $ip, '-|', 'ip li') + or die "Can't run ip command\n"; + my $index; + while(<$ip>) { + next unless (/^(\d+): ([^:]*): /); + return $2 if ($1 == $ifindex); + } + return; +} + +sub set_oid { + my ($oid, $target, $value) = @_; + die "Not a valid Object ID: $oid" + unless ($oid =~ /\.(\d+)$/); + my $ifindex = $1; + unless ($target eq 'string') { + print "wrong-type\n"; + return; + } + + my $ifname = ifindextoname($ifindex); + if ($ifname) { + system("ip li set $ifname alias '$value' >/dev/null 2>&1"); + print "not-writeable\n" if ($? != 0); + } +} + +sub usage { + warn "Usage: $0 {-g|-n} OID\n"; + warn " $0 -s OID TARGET VALUE\n"; + exit 1; +} + +usage unless $#ARGV >= 1; + +given ($ARGV[0]) { + when ('-g') { get_oid ($ARGV[1]); } + when ('-n') { get_next ($ARGV[1]); } + when ('-s') { set_oid ($ARGV[1], $ARGV[2], $ARGV[3]); } + default { + warn "$ARGV[0] unknown flag\n"; + usage; + } +} diff --git a/src/opt/vyatta/sbin/vyos-persistpath b/src/opt/vyatta/sbin/vyos-persistpath new file mode 100755 index 000000000..d7199b09a --- /dev/null +++ b/src/opt/vyatta/sbin/vyos-persistpath @@ -0,0 +1,19 @@ +#!/bin/bash + +if grep -q -e '^overlay.*/filesystem.squashfs' /proc/mounts; then + # Live CD boot + exit 2 + +elif grep -q 'upperdir=/live/persistence/' /proc/mounts && egrep -q 'overlay / overlay ' /proc/mounts; then + # union boot + + boot_device=`grep -o 'upperdir=/live/persistence/[^/]*/boot' /proc/mounts | cut -d / -f 4` + persist_path="/lib/live/mount/persistence/$boot_device" + + echo $persist_path + exit 0 +else + # old style boot + + exit 1 +fi
\ No newline at end of file diff --git a/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-common b/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-common new file mode 100644 index 000000000..e749f0217 --- /dev/null +++ b/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-common @@ -0,0 +1,82 @@ +# vyatta bash completion common functions + +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# A copy of the GNU General Public License is available as +# `/usr/share/common-licenses/GPL' in the Debian GNU/Linux distribution +# or on the World Wide Web at `http://www.gnu.org/copyleft/gpl.html'. +# You can also obtain it by writing to the Free Software Foundation, +# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. +# +# Author: Vyatta +# Description: bash completion common functions +# +# **** End License **** + +get_prefix_filtered_list () +{ + # $1: prefix + # $2: \@list + # $3: \@filtered + declare -a olist + local pfx=$1 + pfx=${pfx#\"} + eval "olist=( \"\${$2[@]}\" )" + local idx=0 + for elem in "${olist[@]}"; do + local sub="${elem#$pfx}" + if [[ "$elem" == "$sub" ]] && [[ -n "$pfx" ]]; then + continue + fi + eval "$3[$idx]=\$elem" + (( idx++ )) + done +} + +get_prefix_filtered_list2 () +{ + # $1: prefix + # $2: \@list + # $3: \@filtered + # $4: \@list2 + # $5: \@filtered2 + declare -a olist + local pfx=$1 + pfx=${pfx#\"} + eval "olist=( \"\${$2[@]}\" )" + eval "local orig_len=\${#$2[@]}" + local orig_idx=0 + local idx=0 + for (( orig_idx = 0; orig_idx < orig_len; orig_idx++ )); do + eval "local elem=\${$2[$orig_idx]}" + eval "local elem2=\${$4[$orig_idx]}" + local sub="${elem#$pfx}" + if [[ "$elem" == "$sub" ]] && [[ -n "$pfx" ]]; then + continue + fi + eval "$3[$idx]=\$elem" + eval "$5[$idx]=\$elem2" + (( idx++ )) + done +} + +is_elem_of () { + local elem="$1" + local -a olist + eval "olist=( \"\${$2[@]}\" )" + for e in "${olist[@]}"; do + if [[ "$e" == "$elem" ]]; then + return 0 + fi + done + return 1 +} diff --git a/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-op-run b/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-op-run new file mode 100644 index 000000000..f0479ae88 --- /dev/null +++ b/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-op-run @@ -0,0 +1,240 @@ +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2006, 2007 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Tom Grennan +# Date: 2007 +# Description: setup bash completion for Vyatta operational commands +# +# **** End License **** + +_vyatta_op_init () +{ + # empty and default line compeletion + complete -E -F _vyatta_op_expand + complete -D -F _vyatta_op_default_expand + + # create the top level aliases for the unambiguous portions of the commands + # this is the only place we need an entire enumerated list of the subcommands + for cmd in $( ls /opt/vyatta/share/vyatta-op/templates/ ); do + for pos in $(seq 1 ${#cmd}); do + case ${cmd:0:$pos} in + for|do|done|if|fi|case|while|tr ) + continue ;; + *) ;; + esac + complete -F _vyatta_op_expand ${cmd:0:$pos} + eval alias ${cmd:0:$pos}=\'_vyatta_op_run ${cmd:0:$pos}\' + done + done + + shopt -s histverify +} + +_vyatta_op_get_node_def_field () +{ + local file=$1 field=$2 + + sed -n '/^'"$field"':/,$ { +# strip field name and hold rest of line + s/[a-z]*: *// + h + :b +# at EOF, print hold buffer and quit + $ { x; p; q } +# input next line + n +# if start of another field def, print hold buf and quit + /^[a-z]*:/ { x; p; q } +# add to hold buf and branch to input next line + H + bb + }' $file +} + +_vyatta_op_conv_node_path () +{ + # is the node ok, ambiguous, or invalid + local node_path + local node + local -a ARR + node_path=$1 + node=$2 + ARR=( $(compgen -d $node_path/$node) ) + if [[ "${#ARR[@]}" == "1" ]]; then + echo ${ARR[0]##*/} + elif [[ "${#ARR[@]}" == "0" ]]; then + if [[ -d "${node_path}/node.tag" ]]; then + echo "$node tag" + else + echo "$node invalid" + fi + elif [[ -d "$node_path/$node" ]]; then + echo $node + elif [[ "$VYATTA_USER_LEVEL_DIR" != "/opt/vyatta/etc/shell/level/admin" ]];then + # special handling for unprivledged completions. + # Since top level commands are different for unprivledged users + # we need a handler to expand them properly. + local -a filtered_cmds=() + local -a allowed=( $(cat $VYATTA_USER_LEVEL_DIR/allowed-op.in) ) + get_prefix_filtered_list $node allowed filtered_cmds + if [[ "${#filtered_cmds[@]}" == "1" ]];then + echo ${filtered_cmds[0]} + else + echo "${node} ambiguous" + fi + else + echo "$node ambiguous" + fi +} + +_vyatta_op_conv_run_cmd () +{ + # Substitue bash positional variables + # for the same value in the expanded array + local restore_shopts=$( shopt -p extglob nullglob | tr \\n \; ) + shopt -s extglob + shopt -u nullglob + local run_cmd="$1" + local line outline + local -i inquote=0; + local outcmd=''; + local OIFS=$IFS + local re="([^']*')(.*)" + + toggle_inquote() + { + if [[ $inquote == 0 ]]; then + inquote=1 + else + inquote=0 + fi + } + + process_subline() + { + if [[ $inquote == 1 ]]; then + outline+="$1" + else + outline+=$(sed -e 's/\$\([0-9]\)/\$\{args\[\1\]\}/g' <<<"$1") + fi + } + + run_cmd="${run_cmd/\"\$\@\"/${args[*]}}" + run_cmd="${run_cmd/\$\*/${args[*]}}" + run_cmd="${run_cmd//\\/\\\\}" + IFS=$'\n' + for line in ${run_cmd[@]}; do + outline='' + while [[ -n "$line" ]]; do + if [[ "$line" =~ $re ]]; then + process_subline "${BASH_REMATCH[1]}" + toggle_inquote + else + process_subline "$line" + fi + line="${BASH_REMATCH[2]}" + done + outcmd+="$outline\n" + done + IFS=$OIFS + eval "$restore_shopts" + echo -ne "$outcmd" +} + +_vyatta_op_run () +{ + # if run with bash builtin "set -/+*" run set and return + # this happens when a different completion script runs eval "set ..." + # (VyOS T1604) + if [[ "$1" == "set" && "$2" =~ ^(-|\+).* ]]; then + set "${@:2}" + return + fi + + local -i estat + local tpath=$vyatta_op_templates + local restore_shopts=$( shopt -p extglob nullglob | tr \\n \; ) + shopt -s extglob nullglob + + _vyatta_op_last_comp=${_vyatta_op_last_comp_init} + false; estat=$? + stty echo 2> /dev/null # turn echo on, this is a workaround for bug 7570 + # not a fix we need to look at why the readline library + # is getting confused on paged help text. + + i=1 + declare -a args # array of expanded arguments + for arg in "$@"; do + local orig_arg=$arg + if [[ $arg == "*" ]]; then + arg="*" #leave user defined wildcards alone + else + arg=( $(_vyatta_op_conv_node_path $tpath $arg) ) # expand the arguments + fi + # output proper error message based on the above expansion + if [[ "${arg[1]}" == "ambiguous" ]]; then + echo -ne "\n Ambiguous command: ${args[@]} [$arg]\n" >&2 + local -a cmds=( $(compgen -d $tpath/$arg) ) + _vyatta_op_node_path=$tpath + local comps=$(_vyatta_op_help $arg ${cmds[@]##*/}) + echo -e "$comps\n" | sed -e 's/^P/ P/' + eval $restore_shopts + return 1 + elif [[ "${arg[1]}" == "invalid" ]]; then + echo -ne "\n Invalid command: ${args[@]} [$arg]\n\n" >&2 + eval $restore_shopts + return 1 + fi + + if [ -f "$tpath/$arg/node.def" ] ; then + tpath+=/$arg + elif [ -f $tpath/node.tag/node.def ] ; then + tpath+=/node.tag + else + echo -ne "\n Invalid command: ${args[@]} [$arg]\n\n" >&2 + eval $restore_shopts + return 1 + fi + if [[ "$arg" == "node.tag" ]]; then + args[$i]=$orig_arg + else + args[$i]=$arg + fi + let "i+=1" + done + + local run_cmd=$(_vyatta_op_get_node_def_field $tpath/node.def run) + run_cmd=$(_vyatta_op_conv_run_cmd "$run_cmd") # convert the positional parameters + local ret=0 + # Exception for the `show file` command + local file_cmd='\$\{vyos_op_scripts_dir\}\/file\.py' + local cmd_regex="^(LESSOPEN=|less|pager|tail|(sudo )?$file_cmd).*" + if [ -n "$run_cmd" ]; then + eval $restore_shopts + if [[ -t 1 && "${args[1]}" == "show" && ! $run_cmd =~ $cmd_regex ]] ; then + eval "($run_cmd) | ${VYATTA_PAGER:-cat}" + else + eval "$run_cmd" + fi + else + echo -ne "\n Incomplete command: ${args[@]}\n\n" >&2 + eval $restore_shopts + ret=1 + fi + return $ret +} + +### Local Variables: +### mode: shell-script +### End: diff --git a/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-unpriv b/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-unpriv new file mode 100644 index 000000000..1507f4f0d --- /dev/null +++ b/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-unpriv @@ -0,0 +1,97 @@ +#!/bin/bash +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2006, 2007 Vyatta, Inc. +# All Rights Reserved. +# +# **** End License **** + +source /opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-common + +declare -a op_allowed +declare -a toplevel + +op_allowed=( $(cat /opt/vyatta/etc/shell/level/users/allowed-op.in) ) +toplevel=( $(ls /opt/vyatta/share/vyatta-op/templates/) ) + +vyatta_unpriv_ambiguous () +{ + local -a filtered_cmds=() + get_prefix_filtered_list $1 op_allowed filtered_cmds + _vyatta_op_node_path=${vyatta_op_templates} + comps=$(_vyatta_op_help $1 ${filtered_cmds[@]}) + echo -ne "\n Ambiguous command: [$1]\n" + echo -e "$comps\n" | sed -e 's/^P/ P/' +} + +vyatta_unpriv_init () +{ + # empty and default line compeletion + complete -E -F _vyatta_op_expand + complete -D -F _vyatta_op_default_expand + + for cmd in "${op_allowed[@]}"; do + if is_elem_of ${cmd} toplevel; then + for pos in $(seq 1 ${#cmd}); do + case ${cmd:0:$pos} in + for|do|done|if|fi|case|while|tr ) + continue ;; + *) ;; + esac + local -a filtered_cmds=() + get_prefix_filtered_list ${cmd:0:$pos} op_allowed filtered_cmds + local found + is_elem_of "${cmd:0:$pos}" op_allowed + found=$? + if [[ "${#filtered_cmds[@]}" == "1" || "${cmd:0:$pos}" == "$cmd" || "$found" == "0" ]]; then + local fcmd + if [[ "${#filtered_cmds[@]}" == "1" ]]; then + fcmd=${filtered_cmds[0]} + elif is_elem_of "${cmd:0:$pos}" op_allowed; then + fcmd=${cmd:0:$pos} + else + fcmd=$cmd + fi + eval alias ${cmd:0:$pos}=\'_vyatta_op_run $fcmd\' + else + eval alias ${cmd:0:$pos}=\'vyatta_unpriv_ambiguous ${cmd:0:$pos}\' + fi + complete -F _vyatta_op_expand ${cmd:0:$pos} + done + fi + done + if [[ "$VYATTA_USER_LEVEL_DIR" == "/opt/vyatta/etc/shell/level/users" ]]; then + PS1='\u@\h> ' + fi +} + +vyatta_unpriv_gen_allowed () { + local -a allowed_cmds=() + rm -rf /opt/vyatta/etc/shell/level/users/allowed-op + for cmd in "${op_allowed[@]}"; do + if is_elem_of ${cmd} toplevel; then + for pos in $(seq 1 ${#cmd}); do + case ${cmd:0:$pos} in + for|do|done|if|fi|case|while|tr ) + continue ;; + *) ;; + esac + if ! is_elem_of ${cmd:0:$pos} allowed_cmds; then + allowed_cmds+=( ${cmd:0:$pos} ) + echo ${cmd:0:$pos} >> /opt/vyatta/etc/shell/level/users/allowed-op + fi + done + else + echo ${cmd} >> /opt/vyatta/etc/shell/level/users/allowed-op + fi + done +} |