4 files changed, 354 insertions, 1 deletions

diff --git a/src/system/grub_update.py b/src/system/grub_update.py
new file mode 100644
index 000000000..3c851f0e0
--- /dev/null
+++ b/src/system/grub_update.py
@@ -0,0 +1,107 @@
+#!/usr/bin/env python3
+#
+# Copyright 2023 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This file is part of VyOS.
+#
+# VyOS is free software: you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation, either version 3 of the License, or (at your option) any later
+# version.
+#
+# VyOS is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along with
+# VyOS. If not, see <https://www.gnu.org/licenses/>.
+
+from pathlib import Path
+from sys import exit
+
+from vyos.system import disk, grub, image, compat, SYSTEM_CFG_VER
+from vyos.template import render
+
+
+def cfg_check_update() -> bool:
+    """Check if GRUB structure update is required
+
+    Returns:
+        bool: False if not required, True if required
+    """
+    current_ver = grub.get_cfg_ver()
+    if current_ver and current_ver >= SYSTEM_CFG_VER:
+        return False
+
+    return True
+
+
+if __name__ == '__main__':
+    if image.is_live_boot():
+        exit(0)
+
+    if image.is_running_as_container():
+        exit(0)
+
+    # Skip everything if update is not required
+    if not cfg_check_update():
+        exit(0)
+
+    # find root directory of persistent storage
+    root_dir = disk.find_persistence()
+
+    # read current GRUB config
+    grub_cfg_main = f'{root_dir}/{grub.GRUB_CFG_MAIN}'
+    vars = grub.vars_read(grub_cfg_main)
+    modules = grub.modules_read(grub_cfg_main)
+    vyos_menuentries = compat.parse_menuentries(grub_cfg_main)
+    vyos_versions = compat.find_versions(vyos_menuentries)
+    unparsed_items = compat.filter_unparsed(grub_cfg_main)
+    # compatibilty for raid installs
+    search_root = compat.get_search_root(unparsed_items)
+    common_dict = {}
+    common_dict['search_root'] = search_root
+    # find default values
+    default_entry = vyos_menuentries[int(vars['default'])]
+    default_settings = {
+        'default': grub.gen_version_uuid(default_entry['version']),
+        'bootmode': default_entry['bootmode'],
+        'console_type': default_entry['console_type'],
+        'console_num': default_entry['console_num']
+    }
+    vars.update(default_settings)
+
+    # create new files
+    grub_cfg_vars = f'{root_dir}/{grub.CFG_VYOS_VARS}'
+    grub_cfg_modules = f'{root_dir}/{grub.CFG_VYOS_MODULES}'
+    grub_cfg_platform = f'{root_dir}/{grub.CFG_VYOS_PLATFORM}'
+    grub_cfg_menu = f'{root_dir}/{grub.CFG_VYOS_MENU}'
+    grub_cfg_options = f'{root_dir}/{grub.CFG_VYOS_OPTIONS}'
+
+    Path(image.GRUB_DIR_VYOS).mkdir(exist_ok=True)
+    grub.vars_write(grub_cfg_vars, vars)
+    grub.modules_write(grub_cfg_modules, modules)
+    grub.common_write(grub_common=common_dict)
+    render(grub_cfg_menu, grub.TMPL_GRUB_MENU, {})
+    render(grub_cfg_options, grub.TMPL_GRUB_OPTS, {})
+
+    # create menu entries
+    for vyos_ver in vyos_versions:
+        boot_opts = None
+        for entry in vyos_menuentries:
+            if entry.get('version') == vyos_ver and entry.get(
+                    'bootmode') == 'normal':
+                boot_opts = entry.get('boot_opts')
+        grub.version_add(vyos_ver, root_dir, boot_opts)
+
+    # update structure version
+    cfg_ver = compat.update_cfg_ver(root_dir)
+    grub.write_cfg_ver(cfg_ver, root_dir)
+
+    if compat.mode():
+        compat.render_grub_cfg(root_dir)
+    else:
+        render(grub_cfg_main, grub.TMPL_GRUB_MAIN, {})
+
+    exit(0)
diff --git a/src/system/keepalived-fifo.py b/src/system/keepalived-fifo.py
index 5e19bdbad..6d33e372d 100755
--- a/src/system/keepalived-fifo.py
+++ b/src/system/keepalived-fifo.py
@@ -41,7 +41,7 @@ logger.addHandler(logs_handler_syslog)
 logger.setLevel(logging.DEBUG)
 
 mdns_running_file = '/run/mdns_vrrp_active'
-mdns_update_command = 'sudo /usr/libexec/vyos/conf_mode/service_mdns-repeater.py'
+mdns_update_command = 'sudo /usr/libexec/vyos/conf_mode/service_mdns_repeater.py'
 
 # class for all operations
 class KeepalivedFifo:
diff --git a/src/system/standalone_root_pw_reset b/src/system/standalone_root_pw_reset
new file mode 100755
index 000000000..c82cea321
--- /dev/null
+++ b/src/system/standalone_root_pw_reset
@@ -0,0 +1,178 @@
+#!/bin/bash
+# **** License ****
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# This code was originally developed by Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc.
+# All Rights Reserved.
+#
+# Author:	Bob Gilligan <gilligan@vyatta.com>
+# Description:	Standalone script to set the admin passwd to new value
+#		value.  Note:  This script can ONLY be run as a standalone
+#		init program by grub.
+#
+# **** End License ****
+
+# The Vyatta config file:
+CF=/opt/vyatta/etc/config/config.boot
+
+# Admin user name
+ADMIN=vyos
+
+set_encrypted_password() {
+    sed -i \
+       -e "/ user $1 {/,/encrypted-password/s/encrypted-password .*\$/encrypted-password \"$2\"/" $3
+}
+
+
+# How long to wait for user to respond, in seconds
+TIME_TO_WAIT=30
+
+change_password() {
+    local user=$1
+    local pwd1="1"
+    local pwd2="2"
+
+    until [ "$pwd1" == "$pwd2" ]
+    do
+        read -p "Enter $user password: " -r -s pwd1
+	echo
+	read -p "Retype $user password: " -r -s pwd2
+	echo
+
+	if [ "$pwd1" != "$pwd2" ]
+	then echo "Passwords do not match"
+	fi
+    done
+
+    # set the password for the user then store it in the config
+    # so the user is recreated on the next full system boot.
+    local epwd=$(mkpasswd --method=sha-512 "$pwd1")
+    # escape any slashes in resulting password
+    local eepwd=$(sed 's:/:\\/:g' <<< $epwd)
+    set_encrypted_password $user $eepwd $CF
+}
+
+# System is so messed up that doing anything would be a mistake
+dead() {
+    echo $*
+    echo
+    echo "This tool can only recover missing admininistrator password."
+    echo "It is not a full system restore"
+    echo
+    echo -n "Hit return to reboot system: "
+    read
+    /sbin/reboot -f
+}
+
+echo "Standalone root password recovery tool."
+echo
+#
+# Check to see if we are running in standalone mode.  We'll
+# know that we are if our pid is 1.
+#
+if [ "$$" != "1" ]; then
+    echo "This tool can only be run in standalone mode."
+    exit 1
+fi
+
+#
+# OK, now we know we are running in standalone mode.  Talk to the
+# user.
+#
+echo -n "Do you wish to reset the admin password? (y or n) "
+read -t $TIME_TO_WAIT response
+if [ "$?" != "0" ]; then
+    echo 
+    echo "Response not received in time."
+    echo "The admin password will not be reset."
+    echo "Rebooting in 5 seconds..."
+    sleep 5
+    echo
+    /sbin/reboot -f
+fi
+
+response=${response:0:1}
+if [ "$response" != "y" -a "$response" != "Y" ]; then
+    echo "OK, the admin password will not be reset."
+    echo -n "Rebooting in 5 seconds..."
+    sleep 5
+    echo
+    /sbin/reboot -f
+fi
+
+echo -en "Which admin account do you want to reset? [$ADMIN] "
+read admin_user
+ADMIN=${admin_user:-$ADMIN}
+
+echo "Starting process to reset the admin password..."
+
+echo "Re-mounting root filesystem read/write..."
+mount -o remount,rw /
+
+if [ ! -f /etc/passwd ]
+then dead "Missing password file"
+fi
+
+if [ ! -d /opt/vyatta/etc/config ]
+then dead "Missing VyOS config directory /opt/vyatta/etc/config"
+fi
+
+# Leftover from V3.0
+if grep -q /opt/vyatta/etc/config /etc/fstab
+then 
+    echo "Mounting the config filesystem..."
+    mount /opt/vyatta/etc/config/
+fi
+
+if [ ! -f $CF ]
+then dead "$CF file not found"
+fi
+
+if ! grep -q 'system {' $CF
+then dead "$CF file does not contain system settings"
+fi
+
+if ! grep -q ' login {' $CF
+then
+    # Recreate login section of system
+    sed -i -e '/system {/a\
+    login {\
+    }' $CF
+fi
+
+if ! grep -q " user $ADMIN " $CF
+then
+    echo "Recreating administrator $ADMIN in $CF..."
+    sed -i -e "/ login {/a\\
+        user $ADMIN {\\
+            authentication {\\
+                encrypted-password \$6$IhbXHdwgYkLnt/$VRIsIN5c2f2v4L2l4F9WPDrRDEtWXzH75yBswmWGERAdX7oBxmq6m.sWON6pO6mi6mrVgYBxdVrFcCP5bI.nt.\\
+                plaintext-password \"\"\\
+            }\\
+            level admin\\
+        }" $CF
+fi
+
+echo "Saving backup copy of config.boot..."
+cp $CF ${CF}.before_pwrecovery
+sync
+
+echo "Setting the administrator ($ADMIN) password..."
+change_password $ADMIN
+
+echo $(date "+%b%e %T") $(hostname) "Admin password changed" \
+    | tee -a /var/log/auth.log  >>/var/log/messages
+
+sync
+
+echo "System will reboot in 10 seconds..."
+sleep 10
+/sbin/reboot -f
diff --git a/src/system/uacctd_stop.py b/src/system/uacctd_stop.py
new file mode 100755
index 000000000..a1b57335b
--- /dev/null
+++ b/src/system/uacctd_stop.py
@@ -0,0 +1,68 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Control pmacct daemons in a tricky way.
+# Pmacct has signal processing in a main loop, together with packet
+# processing. Because of this, while it is waiting for packets, it cannot
+# handle the control signal. We need to start the systemctl command and then
+# send some packets to pmacct to wake it up
+
+from argparse import ArgumentParser
+from socket import socket, AF_INET, SOCK_DGRAM
+from sys import exit
+from time import sleep
+
+from psutil import Process
+
+
+def stop_process(pid: int, timeout: int) -> None:
+    """Send a signal to uacctd
+    and then send packets to special address predefined in a firewall
+    to unlock main loop in uacctd and finish the process properly
+
+    Args:
+        pid (int): uacctd PID
+        timeout (int): seconds to wait for a process end
+    """
+    # find a process
+    uacctd = Process(pid)
+    uacctd.terminate()
+
+    # create a socket
+    trigger = socket(AF_INET, SOCK_DGRAM)
+
+    first_cycle: bool = True
+    while uacctd.is_running() and timeout:
+        print('sending a packet to uacctd...')
+        trigger.sendto(b'WAKEUP', ('127.0.254.0', 1))
+        # do not sleep during first attempt
+        if not first_cycle:
+            sleep(1)
+            timeout -= 1
+        first_cycle = False
+
+
+if __name__ == '__main__':
+    parser = ArgumentParser()
+    parser.add_argument('process_id',
+                        type=int,
+                        help='PID file of uacctd core process')
+    parser.add_argument('timeout',
+                        type=int,
+                        help='time to wait for process end')
+    args = parser.parse_args()
+    stop_process(args.process_id, args.timeout)
+    exit()