8 files changed, 287 insertions, 41 deletions

diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index a0fe9cf2f..889b62cf4 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -96,6 +96,7 @@ server {
 """
 
 default_server_block = {
+    'id'        : '',
     'address'   : '*',
     'port'      : '443',
     'name'      : ['_'],
@@ -117,6 +118,7 @@ def get_config():
     else:
         for vhost in conf.list_nodes('virtual-host'):
             server_block = deepcopy(default_server_block)
+            server_block['id'] = vhost
             if conf.exists(f'virtual-host {vhost} listen-address'):
                 addr = conf.return_value(f'virtual-host {vhost} listen-address')
                 server_block['address'] = addr
@@ -156,9 +158,21 @@ def get_config():
         if conf.exists('api port'):
             port = conf.return_value('api port')
             api_data['port'] = port
+        if conf.exists('api virtual-host'):
+            vhosts = conf.return_values('api virtual-host')
+            api_data['vhost'] = vhosts[:]
+
     if api_data:
-        for block in server_block_list:
-            block['api'] = api_data
+        # we do not want to include 'vhost' key as part of
+        # vyos.defaults.api_data, so check for key existence
+        vhost_list = api_data.get('vhost')
+        if vhost_list is None:
+            for block in server_block_list:
+                block['api'] = api_data
+        else:
+            for block in server_block_list:
+                if block['id'] in vhost_list:
+                    block['api'] = api_data
 
     https = {'server_block_list' : server_block_list, 'certbot': certbot}
     return https
diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py
index 286cab88e..15e9b4185 100755
--- a/src/conf_mode/interfaces-ethernet.py
+++ b/src/conf_mode/interfaces-ethernet.py
@@ -359,7 +359,7 @@ def apply(eth):
         # if custom mac is removed
         if eth['mac']:
             e.set_mac(eth['mac'])
-        else:
+        elif eth['hw_id']:
             e.set_mac(eth['hw_id'])
 
         # Maximum Transmission Unit (MTU)
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 17aa4697f..fb2d6e6d9 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -24,7 +24,6 @@ from stat import S_IRUSR,S_IRWXU,S_IRGRP,S_IXGRP,S_IROTH,S_IXOTH
 from grp import getgrnam
 from ipaddress import ip_address,ip_network,IPv4Interface
 from netifaces import interfaces
-from psutil import pid_exists
 from pwd import getpwnam
 from subprocess import Popen, PIPE
 from time import sleep
@@ -33,6 +32,7 @@ from shutil import rmtree
 from vyos import ConfigError
 from vyos.config import Config
 from vyos.ifconfig import VTunIf
+from vyos.util import process_running
 from vyos.validate import is_addr_assigned
 
 user = 'openvpn'
@@ -977,17 +977,12 @@ def generate(openvpn):
     return None
 
 def apply(openvpn):
-    pid = 0
     pidfile = '/var/run/openvpn/{}.pid'.format(openvpn['intf'])
-    if os.path.isfile(pidfile):
-        pid = 0
-        with open(pidfile, 'r') as f:
-            pid = int(f.read())
 
     # Always stop OpenVPN service. We can not send a SIGUSR1 for restart of the
     # service as the configuration is not re-read. Stop daemon only if it's
     # running - it could have died or killed by someone evil
-    if pid_exists(pid):
+    if process_running(pidfile):
         cmd = 'start-stop-daemon'
         cmd += ' --stop '
         cmd += ' --quiet'
diff --git a/src/conf_mode/interfaces-pppoe.py b/src/conf_mode/interfaces-pppoe.py
index f948070ee..f318614db 100755
--- a/src/conf_mode/interfaces-pppoe.py
+++ b/src/conf_mode/interfaces-pppoe.py
@@ -325,17 +325,32 @@ def generate(pppoe):
             os.unlink(ip_pre_up_script_file)
 
     else:
+        # PPP peers directory
+        dirname = os.path.dirname(config_file_pppoe)
+        if not os.path.isdir(dirname):
+            os.mkdir(dirname)
+
         # Create PPP configuration files
         tmpl = Template(config_pppoe_tmpl)
         config_text = tmpl.render(pppoe)
         with open(config_file_pppoe, 'w') as f:
             f.write(config_text)
 
+        # PPP ip-pre-up.d scripting directory
+        dirname = os.path.dirname(ip_pre_up_script_file)
+        if not os.path.isdir(dirname):
+            os.mkdir(dirname)
+
         tmpl = Template(config_pppoe_ip_pre_up_tmpl)
         config_text = tmpl.render(pppoe)
         with open(ip_pre_up_script_file, 'w') as f:
             f.write(config_text)
 
+        # PPP ipv6-up.d scripting directory
+        dirname = os.path.dirname(ipv6_if_up_script_file)
+        if not os.path.isdir(dirname):
+            os.mkdir(dirname)
+
         tmpl = Template(config_pppoe_ipv6_up_tmpl)
         config_text = tmpl.render(pppoe)
         with open(ipv6_if_up_script_file, 'w') as f:
diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py
index 2c67c39ae..b6e62b0aa 100755
--- a/src/conf_mode/interfaces-wireless.py
+++ b/src/conf_mode/interfaces-wireless.py
@@ -25,15 +25,15 @@ from grp import getgrnam
 from re import findall
 
 from subprocess import Popen, PIPE
-from psutil import pid_exists
 from netifaces import interfaces
 from netaddr import *
 
-from vyos.ifconfig import WiFiIf
-from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config
+from vyos import ConfigError
 from vyos.configdict import list_diff, vlan_to_dict
 from vyos.config import Config
-from vyos import ConfigError
+from vyos.ifconfig import WiFiIf
+from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config
+from vyos.util import process_running
 
 user = 'root'
 group = 'vyattacfg'
@@ -1364,15 +1364,9 @@ def verify(wifi):
     return None
 
 def generate(wifi):
-    pid = 0
     # always stop hostapd service first before reconfiguring it
     pidfile = get_pid('hostapd', wifi['intf'])
-    if os.path.isfile(pidfile):
-        pid = 0
-        with open(pidfile, 'r') as f:
-            pid = int(f.read())
-
-    if pid_exists(pid):
+    if process_running(pidfile):
         cmd = 'start-stop-daemon'
         cmd += ' --stop '
         cmd += ' --quiet'
@@ -1382,12 +1376,7 @@ def generate(wifi):
 
     # always stop wpa_supplicant service first before reconfiguring it
     pidfile = get_pid('wpa_supplicant', wifi['intf'])
-    if os.path.isfile(pidfile):
-        pid = 0
-        with open(pidfile, 'r') as f:
-            pid = int(f.read())
-
-    if pid_exists(pid):
+    if process_running(pidfile):
         cmd = 'start-stop-daemon'
         cmd += ' --stop '
         cmd += ' --quiet'
@@ -1409,7 +1398,10 @@ def generate(wifi):
         # http://wiki.stocksy.co.uk/wiki/Multiple_SSIDs_with_hostapd
         # generate locally administered MAC address from used phy interface
         with open('/sys/class/ieee80211/{}/addresses'.format(wifi['phy']), 'r') as f:
-            tmp = EUI(f.read().rstrip()).value
+            # some PHYs tend to have multiple interfaces and thus supply multiple MAC
+            # addresses - we only need the first one for our calculation
+            tmp = f.readline().rstrip()
+            tmp = EUI(tmp).value
             # mask last nibble from the MAC address
             tmp &= 0xfffffffffff0
             # set locally administered bit in MAC address
@@ -1496,7 +1488,7 @@ def apply(wifi):
         # if custom mac is removed
         if wifi['mac']:
             w.set_mac(wifi['mac'])
-        else:
+        elif wifi['hw_id']:
             w.set_mac(wifi['hw_id'])
 
         # configure ARP filter configuration
diff --git a/src/conf_mode/interfaces-wirelessmodem.py b/src/conf_mode/interfaces-wirelessmodem.py
new file mode 100755
index 000000000..9efad3b8d
--- /dev/null
+++ b/src/conf_mode/interfaces-wirelessmodem.py
@@ -0,0 +1,235 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2020 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import os
+
+from sys import exit
+from copy import deepcopy
+from jinja2 import Template
+from subprocess import Popen, PIPE
+from pwd import getpwnam
+from grp import getgrnam
+
+from vyos.config import Config
+from vyos import ConfigError
+
+# Please be careful if you edit the template.
+config_wwan_tmpl = """### Autogenerated by interfaces-wirelessmodem.py ###
+{% if description %}
+# {{ description }}
+{% endif %}
+ifname {{ intf }}
+ipparam "{{ intf }} {{ metric }}"
+linkname {{ intf }}
+{% if name_server -%}
+usepeerdns
+{%- endif %}
+# physical device
+/dev/{{ device }}
+lcp-echo-failure 0
+115200
+debug
+logfile {{ logfile }}
+nodefaultroute
+ipcp-max-failure 4
+ipcp-accept-local
+ipcp-accept-remote
+noauth
+crtscts
+lock
+persist
+{% if on_demand -%}
+demand
+{%- endif %}
+
+connect '/usr/sbin/chat -v -t6 -f {{ chat_script }}'
+
+"""
+
+# Please be careful if you edit the template.
+chat_wwan_tmpl = """
+ABORT 'NO DIAL TONE' ABORT 'NO ANSWER' ABORT 'NO CARRIER' ABORT DELAYED
+'' AT
+OK ATZ
+OK 'AT+CGDCONT=1,"IP","{{ apn }}"'
+OK ATD*99#
+CONNECT ''
+
+"""
+
+default_config_data = {
+    'address': [],
+    'apn': '',
+    'chat_script': '',
+    'deleted': False,
+    'description': '',
+    'device': 'ttyUSB0',
+    'disable': False,
+    'disable_link_detect': 1,
+    'on_demand': False,
+    'logfile': '',
+    'metric': '10',
+    'mtu': '1500',
+    'name_server': True,
+    'intf': ''
+}
+
+def subprocess_cmd(command):
+    p = Popen(command, stdout=PIPE, shell=True)
+    p.communicate()
+
+def check_kmod():
+    modules = ['option', 'usb_wwan', 'usbserial']
+    for module in modules:
+        if not os.path.exists(f'/sys/module/{module}'):
+            if os.system(f'modprobe {module}') != 0:
+                raise ConfigError(f'Loading Kernel module {module} failed')
+
+def get_config():
+    wwan = deepcopy(default_config_data)
+    conf = Config()
+
+    # determine tagNode instance
+    if 'VYOS_TAGNODE_VALUE' not in os.environ:
+        raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified')
+
+    wwan['intf'] = os.environ['VYOS_TAGNODE_VALUE']
+    wwan['logfile'] = f"/var/log/vyatta/ppp_{wwan['intf']}.log"
+    wwan['chat_script'] = f"/etc/ppp/peers/chat.{wwan['intf']}"
+
+    # Check if interface has been removed
+    if not conf.exists('interfaces wirelessmodem ' + wwan['intf']):
+        wwan['deleted'] = True
+        return wwan
+
+    # set new configuration level
+    conf.set_level('interfaces wirelessmodem ' + wwan['intf'])
+
+    # get metrick for backup default route
+    if conf.exists(['apn']):
+        wwan['apn'] = conf.return_value(['apn'])
+
+    # get metrick for backup default route
+    if conf.exists(['backup', 'distance']):
+        wwan['metric'] = conf.return_value(['backup', 'distance'])
+
+    # Retrieve interface description
+    if conf.exists(['description']):
+        wwan['description'] = conf.return_value(['description'])
+
+    # System device name
+    if conf.exists(['device']):
+        wwan['device'] = conf.return_value(['device'])
+
+    # disable interface
+    if conf.exists('disable'):
+        wwan['disable'] = True
+
+    # ignore link state changes
+    if conf.exists('disable-link-detect'):
+        wwan['disable_link_detect'] = 2
+
+    # Do not use DNS servers provided by the peer
+    if conf.exists(['mtu']):
+        wwan['mtu'] = conf.return_value(['mtu'])
+
+    # Do not use DNS servers provided by the peer
+    if conf.exists(['no-peer-dns']):
+        wwan['name_server'] = False
+
+    # Access concentrator name (only connect to this concentrator)
+    if conf.exists(['ondemand']):
+        wwan['on_demand'] = True
+
+    return wwan
+
+def verify(wwan):
+    if wwan['deleted']:
+        return None
+
+    if not wwan['apn']:
+        raise ConfigError(f"APN for {wwan['intf']} not configured")
+
+    # we can not use isfile() here as Linux device files are no regular files
+    # thus the check will return False
+    if not os.path.exists(f"/dev/{wwan['device']}"):
+        raise ConfigError(f"Device {wwan['device']} does not exist")
+
+    return None
+
+def generate(wwan):
+    config_file_wwan = f"/etc/ppp/peers/{wwan['intf']}"
+
+    # Always hang-up WWAN connection prior generating new configuration file
+    cmd = f"systemctl stop ppp@{wwan['intf']}.service"
+    subprocess_cmd(cmd)
+
+    if wwan['deleted']:
+        # Delete PPP configuration files
+        if os.path.exists(config_file_wwan):
+            os.unlink(config_file_wwan)
+        if os.path.exists(wwan['chat_script']):
+            os.unlink(wwan['chat_script'])
+
+    else:
+        # PPP peers directory
+        dirname = os.path.dirname(config_file_wwan)
+        if not os.path.isdir(dirname):
+            os.mkdir(dirname)
+
+        # Create PPP configuration files
+        tmpl = Template(config_wwan_tmpl)
+        config_text = tmpl.render(wwan)
+        with open(config_file_wwan, 'w') as f:
+            f.write(config_text)
+
+
+        # Create PPP chat script
+        tmpl = Template(chat_wwan_tmpl)
+        config_text = tmpl.render(wwan)
+        with open(wwan['chat_script'], 'w') as f:
+            f.write(config_text)
+
+    return None
+
+def apply(wwan):
+    if wwan['deleted']:
+        # bail out early
+        return None
+
+    if not wwan['disable']:
+        # dial WWAN connection
+        cmd = f"systemctl start ppp@{wwan['intf']}.service"
+        subprocess_cmd(cmd)
+
+        # make logfile owned by root / vyattacfg
+        if os.path.isfile(wwan['logfile']):
+            uid = getpwnam('root').pw_uid
+            gid = getgrnam('vyattacfg').gr_gid
+            os.chown(wwan['logfile'], uid, gid)
+
+    return None
+
+if __name__ == '__main__':
+    try:
+        check_kmod()
+        c = get_config()
+        verify(c)
+        generate(c)
+        apply(c)
+    except ConfigError as e:
+        print(e)
+        exit(1)
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index 8e5c7587c..070437443 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -23,9 +23,9 @@ from subprocess import Popen, PIPE, check_output
 from socket import socket, AF_INET, SOCK_STREAM
 from copy import deepcopy
 from stat import S_IRUSR, S_IWUSR, S_IRGRP
-from psutil import pid_exists
 
 from vyos.config import Config
+from vyos.util import process_running
 from vyos import ConfigError
 
 pidfile = r'/var/run/accel_sstp.pid'
@@ -489,14 +489,8 @@ def generate(sstp):
     return sstp
 
 def apply(sstp):
-    pid = 0
-    if os.path.isfile(pidfile):
-        pid = 0
-        with open(pidfile, 'r') as f:
-            pid = int(f.read())
-
     if sstp is None:
-        if pid_exists(pid):
+        if process_running(pidfile):
             cmd = 'start-stop-daemon'
             cmd += ' --stop '
             cmd += ' --quiet'
@@ -509,7 +503,7 @@ def apply(sstp):
 
         return None
 
-    if not pid_exists(pid):
+    if not process_running(pidfile):
         if os.path.exists(pidfile):
             os.remove(pidfile)
 
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py
index 991c5cb2c..a74b79317 100755
--- a/src/conf_mode/vrf.py
+++ b/src/conf_mode/vrf.py
@@ -213,9 +213,10 @@ def apply(vrf_config):
     _cmd(f'sysctl -wq net.ipv4.tcp_l3mdev_accept={bind_all}')
     _cmd(f'sysctl -wq net.ipv4.udp_l3mdev_accept={bind_all}')
 
-    for vrf_name in vrf_config['vrf_remove']:
-        if os.path.isdir(f'/sys/class/net/{vrf_name}'):
-            _cmd(f'ip link delete dev {vrf_name}')
+    for vrf in vrf_config['vrf_remove']:
+        name = vrf['name']
+        if os.path.isdir(f'/sys/class/net/{name}'):
+            _cmd(f'ip link delete dev {name}')
 
     for vrf in vrf_config['vrf_add']:
         name = vrf['name']