diff options
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/system-login.py | 9 | ||||
| -rwxr-xr-x | src/helpers/vyos-save-config.py | 19 | ||||
| -rwxr-xr-x | src/init/vyos-router | 22 | 
3 files changed, 40 insertions, 10 deletions
| diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 2cf50cb92..87a269499 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -28,7 +28,6 @@ from vyos.configverify import verify_vrf  from vyos.defaults import directories  from vyos.template import render  from vyos.template import is_ipv4 -from vyos.utils.boot import boot_configuration_complete  from vyos.utils.dict import dict_search  from vyos.utils.process import cmd  from vyos.utils.process import call @@ -282,6 +281,8 @@ def generate(login):          if os.path.isfile(tacacs_nss_config_file):              os.unlink(tacacs_nss_config_file) + +      # NSS must always be present on the system      render(nss_config_file, 'login/nsswitch.conf.j2', login,                 permission=0o644, user='root', group='root') @@ -305,12 +306,6 @@ def generate(login):  def apply(login): -    # Script is invoked from vyos-router.service during startup. -    # While configuration mounting and so on is not yet complete, -    # skip any code that messes with the local user database -    if not boot_configuration_complete(): -        return None -      if 'user' in login:          for user, user_config in login['user'].items():              # make new user using vyatta shell and make home directory (-m), diff --git a/src/helpers/vyos-save-config.py b/src/helpers/vyos-save-config.py index 8af4a7916..518bd9864 100755 --- a/src/helpers/vyos-save-config.py +++ b/src/helpers/vyos-save-config.py @@ -19,6 +19,7 @@ import os  import re  import sys  from tempfile import NamedTemporaryFile +from argparse import ArgumentParser  from vyos.config import Config  from vyos.remote import urlc @@ -28,8 +29,15 @@ from vyos.defaults import directories  DEFAULT_CONFIG_PATH = os.path.join(directories['config'], 'config.boot')  remote_save = None -if len(sys.argv) > 1: -    save_file = sys.argv[1] +parser = ArgumentParser(description='Save configuration') +parser.add_argument('file', type=str, nargs='?', help='Save configuration to file') +parser.add_argument('--write-json-file', type=str, help='Save JSON of configuration to file') +args = parser.parse_args() +file = args.file +json_file = args.write_json_file + +if file is not None: +    save_file = file  else:      save_file = DEFAULT_CONFIG_PATH @@ -51,6 +59,13 @@ with open(write_file, 'w') as f:      f.write("\n")      f.write(system_footer()) +if json_file is not None and ct is not None: +    try: +        with open(json_file, 'w') as f: +            f.write(ct.to_json()) +    except OSError as e: +        print(f'failed to write JSON file: {e}') +  if remote_save is not None:      try:          remote_save.upload(write_file) diff --git a/src/init/vyos-router b/src/init/vyos-router index dd63921e0..35095afe4 100755 --- a/src/init/vyos-router +++ b/src/init/vyos-router @@ -234,6 +234,27 @@ cleanup_post_commit_hooks () {  # system defaults.  security_reset ()  { + +    # restore NSS cofniguration back to sane system defaults +    # will be overwritten later when configuration is loaded +    cat <<EOF >/etc/nsswitch.conf +passwd:         files +group:          files +shadow:         files +gshadow:        files + +# Per T2678, commenting out myhostname +hosts:          files dns #myhostname +networks:       files + +protocols:      db files +services:       db files +ethers:         db files +rpc:            db files + +netgroup:       nis +EOF +      # restore PAM back to virgin state (no radius/tacacs services)      pam-auth-update --disable radius-mandatory radius-optional      rm -f /etc/pam_radius_auth.conf @@ -349,7 +370,6 @@ start ()      # As VyOS does not execute commands that are not present in the CLI we call      # the script by hand to have a single source for the login banner and MOTD      ${vyos_conf_scripts_dir}/system_console.py || log_failure_msg "could not reset serial console" -    ${vyos_conf_scripts_dir}/system-login.py || log_failure_msg "could not reset system login"      ${vyos_conf_scripts_dir}/system-login-banner.py || log_failure_msg "could not reset motd and issue files"      ${vyos_conf_scripts_dir}/system-option.py || log_failure_msg "could not reset system option files"      ${vyos_conf_scripts_dir}/system-ip.py || log_failure_msg "could not reset system IPv4 options" | 
