diff options
-rwxr-xr-x | debian/rules | 3 | ||||
-rw-r--r-- | interface-definitions/ntp.xml | 6 | ||||
-rwxr-xr-x | scripts/build-command-templates | 48 | ||||
-rwxr-xr-x | src/helpers/validate-value.py | 41 | ||||
-rwxr-xr-x | src/validators/ip-address | 3 | ||||
-rwxr-xr-x | src/validators/ip-host | 3 | ||||
-rwxr-xr-x | src/validators/ip-prefix | 3 | ||||
-rwxr-xr-x | src/validators/ipv4-host | 3 | ||||
-rwxr-xr-x | src/validators/ipv4-prefix | 3 | ||||
-rwxr-xr-x | src/validators/ipv6-host | 3 | ||||
-rwxr-xr-x | src/validators/ipv6-prefix | 3 |
11 files changed, 102 insertions, 17 deletions
diff --git a/debian/rules b/debian/rules index d10f6f450..ed33706e4 100755 --- a/debian/rules +++ b/debian/rules @@ -27,6 +27,9 @@ override_dh_auto_install: mkdir -p $(DIR)/$(VYOS_LIBEXEC_DIR)/validators cp -r src/validators/* $(DIR)/$(VYOS_LIBEXEC_DIR)/validators + # Install helper scripts + cp -r src/helpers/* $(DIR)/$(VYOS_LIBEXEC_DIR)/ + mkdir -p $(DIR)/$(VYOS_CFG_TMPL_DIR) cp -r templates-cfg/* $(DIR)/$(VYOS_CFG_TMPL_DIR) diff --git a/interface-definitions/ntp.xml b/interface-definitions/ntp.xml index d9930a262..e8cfc539c 100644 --- a/interface-definitions/ntp.xml +++ b/interface-definitions/ntp.xml @@ -45,6 +45,9 @@ <node name="allow-clients"> <properties> <help>Network Time Protocol (NTP) server options</help> + <constraint> + <validator name="ip-prefix"/> + </constraint> </properties> <children> <leafNode name="address"> @@ -60,8 +63,7 @@ </valueHelp> <multi/> <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> + <validator name="ip-address"/> </constraint> </properties> </leafNode> diff --git a/scripts/build-command-templates b/scripts/build-command-templates index af46c10cf..415104e65 100755 --- a/scripts/build-command-templates +++ b/scripts/build-command-templates @@ -49,6 +49,8 @@ schema_file = args.SCHEMA_FILE output_dir = args.OUTPUT_DIR debug = args.debug +debug = True + ## Load and validate the inputs try: @@ -114,27 +116,44 @@ def get_properties(p): except: pass - vce = p.findall("constraint") + vce = p.find("constraint") vc = [] - for v in vce: - if v.find("regex") is not None: - vc.append("pattern $VAR(@) \"{0}\"; {1}".format(v.find("regex").text, error_msg)) - else: - validator = v.find("validator") - v_name = validator.get("name") + + # The old backend doesn't support multiple validators in OR mode + # so we emulate it + + regex_elements = vce.findall("regex") + regexes = [] + if regex_elements is not None: + regexes = list(map(lambda e: e.text, regex_elements)) + + validator_elements = vce.findall("validator") + validators = [] + if validator_elements is not None: + for v in validator_elements: + v_name = os.path.join(validator_dir, v.get("name")) # XXX: lxml returns None for empty arguments v_argument = None try: - v_argument = validator.get("argument") + v_argument = v.get("argument") except: pass if v_argument is None: v_argument = "" - vc.append("exec \"{0}/{1} {2} $VAR(@)\"; \"{3}\"".format(validator_dir, v_name, v_argument, error_msg)) - props["constraints"] = vc - except: - props["constraints"] = [] + + validators.append("{0} {1} \\\'$VAR(@)\\\'".format(v_name, v_argument)) + + + regex_args = " ".join(map(lambda s: "--regex \\\'{0}\\\'".format(s), regexes)) + validator_args = " ".join(map(lambda s: "--exec \\\"{0}\\\"".format(s), validators)) + validator_script = '${vyos_libexecdir}/validate-value.py' + validator_string = "exec \"{0} {1} {2}\"; \"{3}\"".format(validator_script, regex_args, validator_args, error_msg) + + props["constraint"] = validator_string + except Exception as exn: + print(exn) + pass # Get the completion help strings try: @@ -204,9 +223,8 @@ def make_node_def(props): if "comp_help" in props: node_def += "allowed: {0}\n".format(props["comp_help"]) - if "constraints" in props: - for c in props["constraints"]: - node_def += "syntax:expression: {0}\n".format(c) + if "constraint" in props: + node_def += "syntax:expression: {0}\n".format(props["constraint"]) if "owner" in props: node_def += "end: sudo sh -c \"{0}\"\n".format(props["owner"]) diff --git a/src/helpers/validate-value.py b/src/helpers/validate-value.py new file mode 100755 index 000000000..2625663a2 --- /dev/null +++ b/src/helpers/validate-value.py @@ -0,0 +1,41 @@ +#!/usr/bin/env python3 + +import re +import os +import sys +import argparse + +parser = argparse.ArgumentParser() +parser.add_argument('--regex', action='append') +parser.add_argument('--exec', action='append') + +args = parser.parse_args() + +debug = False + +# Multiple arguments work like logical OR + +try: + for r in args.regex: + if re.match(r, args.value): + sys.exit(0) +except Exception as exn: + if debug: + print(exn) + else: + pass + +try: + for cmd in args.exec: + if debug: + print(cmd) + res = os.system(cmd) + if res == 0: + sys.exit(0) +except Exception as exn: + if debug: + print(exn) + else: + pass + +sys.exit(1) diff --git a/src/validators/ip-address b/src/validators/ip-address new file mode 100755 index 000000000..51fb72c85 --- /dev/null +++ b/src/validators/ip-address @@ -0,0 +1,3 @@ +#!/bin/sh + +ipaddrcheck --is-any-single $1 diff --git a/src/validators/ip-host b/src/validators/ip-host new file mode 100755 index 000000000..f2906e8cf --- /dev/null +++ b/src/validators/ip-host @@ -0,0 +1,3 @@ +#!/bin/sh + +ipaddrcheck --is-any-host $1 diff --git a/src/validators/ip-prefix b/src/validators/ip-prefix new file mode 100755 index 000000000..e58aad395 --- /dev/null +++ b/src/validators/ip-prefix @@ -0,0 +1,3 @@ +#!/bin/sh + +ipaddrcheck --is-any-net $1 diff --git a/src/validators/ipv4-host b/src/validators/ipv4-host new file mode 100755 index 000000000..f42feffa4 --- /dev/null +++ b/src/validators/ipv4-host @@ -0,0 +1,3 @@ +#!/bin/sh + +ipaddrcheck --is-ipv4-host $1 diff --git a/src/validators/ipv4-prefix b/src/validators/ipv4-prefix new file mode 100755 index 000000000..8ec8a2c45 --- /dev/null +++ b/src/validators/ipv4-prefix @@ -0,0 +1,3 @@ +#!/bin/sh + +ipaddrcheck --is-ipv4-net $1 diff --git a/src/validators/ipv6-host b/src/validators/ipv6-host new file mode 100755 index 000000000..f7a745077 --- /dev/null +++ b/src/validators/ipv6-host @@ -0,0 +1,3 @@ +#!/bin/sh + +ipaddrcheck --is-ipv6-host $1 diff --git a/src/validators/ipv6-prefix b/src/validators/ipv6-prefix new file mode 100755 index 000000000..e43616350 --- /dev/null +++ b/src/validators/ipv6-prefix @@ -0,0 +1,3 @@ +#!/bin/sh + +ipaddrcheck --is-ipv6-net $1 |