6 files changed, 106 insertions, 15 deletions

diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py
index f19bcb250..af803a696 100755
--- a/src/conf_mode/dhcp_server.py
+++ b/src/conf_mode/dhcp_server.py
@@ -303,7 +303,8 @@ def dhcp_slice_range(exclude_list, range_list):
                       'start': str(ip_address(e) + 1),
                       'stop': str(range_stop)
                     }
-                    output.append(r)
+                    if not (ip_address(r['start']) > ip_address(r['stop'])):
+                        output.append(r)
             else:
               # if we have no exclude in the whole range - we just take the range
               # as it is
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 5345bf7a2..cdd133904 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -16,11 +16,11 @@
 
 import os
 import re
-import sys
-import stat
-import jinja2
 
+from jinja2 import Template
 from copy import deepcopy
+from sys import exit
+from stat import S_IRUSR,S_IRWXU,S_IRGRP,S_IXGRP,S_IROTH,S_IXOTH
 from grp import getgrnam
 from ipaddress import ip_address,ip_network,IPv4Interface
 from netifaces import interfaces
@@ -331,12 +331,12 @@ def openvpn_mkdir(directory):
         os.mkdir(directory)
 
     # fix permissions - corresponds to mode 755
-    os.chmod(directory, stat.S_IRWXU|stat.S_IRGRP|stat.S_IXGRP|stat.S_IROTH|stat.S_IXOTH)
+    os.chmod(directory, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH)
     uid = getpwnam(user).pw_uid
     gid = getgrnam(group).gr_gid
     os.chown(directory, uid, gid)
 
-def fixup_permission(filename, permission=stat.S_IRUSR):
+def fixup_permission(filename, permission=S_IRUSR):
     """
     Check if the given file exists and change ownershit to root/vyattacfg
     and appripriate file access permissions - default is user and group readable
@@ -737,7 +737,7 @@ def verify(openvpn):
     if openvpn['shared_secret_file']:
         if openvpn['encryption'] in ['aes128gcm', 'aes192gcm', 'aes256gcm']:
             raise ConfigError('GCM encryption with shared-secret-key-file is not supported')
-        
+
         if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']):
             raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file']))
 
@@ -851,13 +851,13 @@ def generate(openvpn):
     # Generate client specific configuration
     for client in openvpn['client']:
         client_file = directory + '/ccd/' + interface + '/' + client['name']
-        tmpl = jinja2.Template(client_tmpl)
+        tmpl = Template(client_tmpl)
         client_text = tmpl.render(client)
         with open(client_file, 'w') as f:
             f.write(client_text)
         os.chown(client_file, uid, gid)
 
-    tmpl = jinja2.Template(config_tmpl)
+    tmpl = Template(config_tmpl)
     config_text = tmpl.render(openvpn)
 
     # we need to support quoting of raw parameters from OpenVPN CLI
@@ -957,4 +957,4 @@ if __name__ == '__main__':
         apply(c)
     except ConfigError as e:
         print(e)
-        sys.exit(1)
+        exit(1)
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index 7a684bafa..013a07f32 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -190,9 +190,6 @@ def verify(c):
                 raise ConfigError("ERROR: allowed-ips required for peer " + p)
             if not c['peer'][p]['pubkey']:
                 raise ConfigError("peer pubkey required for peer " + p)
-            if not c['peer'][p]['endpoint']:
-                raise ConfigError("peer endpoint required for peer " + p)
-
 
 def apply(c):
     # no wg configs left, remove all interface from system
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py
index 60e4c343d..cba1fe319 100755
--- a/src/conf_mode/snmp.py
+++ b/src/conf_mode/snmp.py
@@ -224,7 +224,7 @@ init_config_tmpl = """
 SNMPDRUN=yes
 
 # snmpd options (use syslog, close stdin/out/err).
-SNMPDOPTS='-LSed -u snmp -g snmp -I -ipCidrRouteTable, inetCidrRouteTable -p /run/snmpd.pid'
+SNMPDOPTS='-LSed -u snmp -g snmp -I -ipCidrRouteTable,inetCidrRouteTable -p /run/snmpd.pid'
 """
 
 default_config_data = {
diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py
index e761d75ff..9fe22bfee 100755
--- a/src/conf_mode/ssh.py
+++ b/src/conf_mode/ssh.py
@@ -262,7 +262,8 @@ def apply(ssh):
     else:
         # SSH access is removed in the commit
         os.system("sudo systemctl stop ssh.service")
-        os.unlink(config_file)
+        if os.path.isfile(config_file):
+            os.unlink(config_file)
 
     return None
 
diff --git a/src/conf_mode/system-proxy.py b/src/conf_mode/system-proxy.py
new file mode 100755
index 000000000..cf72a1f96
--- /dev/null
+++ b/src/conf_mode/system-proxy.py
@@ -0,0 +1,92 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2018 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import sys
+import os
+import re
+
+from vyos import ConfigError
+from vyos.config import Config
+
+proxy_def = r'/etc/profile.d/vyos-system-proxy.sh'
+
+
+def get_config():
+    c = Config()
+    if not c.exists('system proxy'):
+        return None
+
+    c.set_level('system proxy')
+
+    cnf = {
+        'url': None,
+      'port': None,
+      'usr': None,
+      'passwd': None
+    }
+
+    if c.exists('url'):
+        cnf['url'] = c.return_value('url')
+    if c.exists('port'):
+        cnf['port'] = c.return_value('port')
+    if c.exists('username'):
+        cnf['usr'] = c.return_value('username')
+    if c.exists('password'):
+        cnf['passwd'] = c.return_value('password')
+
+    return cnf
+
+
+def verify(c):
+    if not c:
+        return None
+    if not c['url'] or not c['port']:
+        raise ConfigError("proxy url and port requires a value")
+    elif c['usr'] and not c['passwd']:
+        raise ConfigError("proxy password requires a value")
+    elif not c['usr'] and c['passwd']:
+        raise ConfigError("proxy username requires a value")
+
+
+def generate(c):
+    if not c:
+        return None
+    if not c['usr']:
+        return str("export http_proxy={url}:{port}\nexport https_proxy=$http_proxy\nexport ftp_proxy=$http_proxy"
+                   .format(url=c['url'], port=c['port']))
+    else:
+        return str("export http_proxy=http://{usr}:{passwd}@{url}:{port}\nexport https_proxy=$http_proxy\nexport ftp_proxy=$http_proxy"
+                   .format(url=re.sub('http://', '', c['url']), port=c['port'], usr=c['usr'], passwd=c['passwd']))
+
+
+def apply(ln):
+    if not ln and os.path.exists(proxy_def):
+        os.remove(proxy_def)
+    else:
+        open(proxy_def, 'w').write(
+            "# generated by system-proxy.py\n{}\n".format(ln))
+
+if __name__ == '__main__':
+    try:
+        c = get_config()
+        verify(c)
+        ln = generate(c)
+        apply(ln)
+    except ConfigError as e:
+        print(e)
+        sys.exit(1)