8 files changed, 188 insertions, 24 deletions

diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py
index f19bcb250..af803a696 100755
--- a/src/conf_mode/dhcp_server.py
+++ b/src/conf_mode/dhcp_server.py
@@ -303,7 +303,8 @@ def dhcp_slice_range(exclude_list, range_list):
                       'start': str(ip_address(e) + 1),
                       'stop': str(range_stop)
                     }
-                    output.append(r)
+                    if not (ip_address(r['start']) > ip_address(r['stop'])):
+                        output.append(r)
             else:
               # if we have no exclude in the whole range - we just take the range
               # as it is
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 5345bf7a2..cdd133904 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -16,11 +16,11 @@
 
 import os
 import re
-import sys
-import stat
-import jinja2
 
+from jinja2 import Template
 from copy import deepcopy
+from sys import exit
+from stat import S_IRUSR,S_IRWXU,S_IRGRP,S_IXGRP,S_IROTH,S_IXOTH
 from grp import getgrnam
 from ipaddress import ip_address,ip_network,IPv4Interface
 from netifaces import interfaces
@@ -331,12 +331,12 @@ def openvpn_mkdir(directory):
         os.mkdir(directory)
 
     # fix permissions - corresponds to mode 755
-    os.chmod(directory, stat.S_IRWXU|stat.S_IRGRP|stat.S_IXGRP|stat.S_IROTH|stat.S_IXOTH)
+    os.chmod(directory, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH)
     uid = getpwnam(user).pw_uid
     gid = getgrnam(group).gr_gid
     os.chown(directory, uid, gid)
 
-def fixup_permission(filename, permission=stat.S_IRUSR):
+def fixup_permission(filename, permission=S_IRUSR):
     """
     Check if the given file exists and change ownershit to root/vyattacfg
     and appripriate file access permissions - default is user and group readable
@@ -737,7 +737,7 @@ def verify(openvpn):
     if openvpn['shared_secret_file']:
         if openvpn['encryption'] in ['aes128gcm', 'aes192gcm', 'aes256gcm']:
             raise ConfigError('GCM encryption with shared-secret-key-file is not supported')
-        
+
         if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']):
             raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file']))
 
@@ -851,13 +851,13 @@ def generate(openvpn):
     # Generate client specific configuration
     for client in openvpn['client']:
         client_file = directory + '/ccd/' + interface + '/' + client['name']
-        tmpl = jinja2.Template(client_tmpl)
+        tmpl = Template(client_tmpl)
         client_text = tmpl.render(client)
         with open(client_file, 'w') as f:
             f.write(client_text)
         os.chown(client_file, uid, gid)
 
-    tmpl = jinja2.Template(config_tmpl)
+    tmpl = Template(config_tmpl)
     config_text = tmpl.render(openvpn)
 
     # we need to support quoting of raw parameters from OpenVPN CLI
@@ -957,4 +957,4 @@ if __name__ == '__main__':
         apply(c)
     except ConfigError as e:
         print(e)
-        sys.exit(1)
+        exit(1)
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index 7a684bafa..013a07f32 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -190,9 +190,6 @@ def verify(c):
                 raise ConfigError("ERROR: allowed-ips required for peer " + p)
             if not c['peer'][p]['pubkey']:
                 raise ConfigError("peer pubkey required for peer " + p)
-            if not c['peer'][p]['endpoint']:
-                raise ConfigError("peer endpoint required for peer " + p)
-
 
 def apply(c):
     # no wg configs left, remove all interface from system
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py
index 60e4c343d..cba1fe319 100755
--- a/src/conf_mode/snmp.py
+++ b/src/conf_mode/snmp.py
@@ -224,7 +224,7 @@ init_config_tmpl = """
 SNMPDRUN=yes
 
 # snmpd options (use syslog, close stdin/out/err).
-SNMPDOPTS='-LSed -u snmp -g snmp -I -ipCidrRouteTable, inetCidrRouteTable -p /run/snmpd.pid'
+SNMPDOPTS='-LSed -u snmp -g snmp -I -ipCidrRouteTable,inetCidrRouteTable -p /run/snmpd.pid'
 """
 
 default_config_data = {
diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py
index e761d75ff..9fe22bfee 100755
--- a/src/conf_mode/ssh.py
+++ b/src/conf_mode/ssh.py
@@ -262,7 +262,8 @@ def apply(ssh):
     else:
         # SSH access is removed in the commit
         os.system("sudo systemctl stop ssh.service")
-        os.unlink(config_file)
+        if os.path.isfile(config_file):
+            os.unlink(config_file)
 
     return None
 
diff --git a/src/conf_mode/system-proxy.py b/src/conf_mode/system-proxy.py
new file mode 100755
index 000000000..cf72a1f96
--- /dev/null
+++ b/src/conf_mode/system-proxy.py
@@ -0,0 +1,92 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2018 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import sys
+import os
+import re
+
+from vyos import ConfigError
+from vyos.config import Config
+
+proxy_def = r'/etc/profile.d/vyos-system-proxy.sh'
+
+
+def get_config():
+    c = Config()
+    if not c.exists('system proxy'):
+        return None
+
+    c.set_level('system proxy')
+
+    cnf = {
+        'url': None,
+      'port': None,
+      'usr': None,
+      'passwd': None
+    }
+
+    if c.exists('url'):
+        cnf['url'] = c.return_value('url')
+    if c.exists('port'):
+        cnf['port'] = c.return_value('port')
+    if c.exists('username'):
+        cnf['usr'] = c.return_value('username')
+    if c.exists('password'):
+        cnf['passwd'] = c.return_value('password')
+
+    return cnf
+
+
+def verify(c):
+    if not c:
+        return None
+    if not c['url'] or not c['port']:
+        raise ConfigError("proxy url and port requires a value")
+    elif c['usr'] and not c['passwd']:
+        raise ConfigError("proxy password requires a value")
+    elif not c['usr'] and c['passwd']:
+        raise ConfigError("proxy username requires a value")
+
+
+def generate(c):
+    if not c:
+        return None
+    if not c['usr']:
+        return str("export http_proxy={url}:{port}\nexport https_proxy=$http_proxy\nexport ftp_proxy=$http_proxy"
+                   .format(url=c['url'], port=c['port']))
+    else:
+        return str("export http_proxy=http://{usr}:{passwd}@{url}:{port}\nexport https_proxy=$http_proxy\nexport ftp_proxy=$http_proxy"
+                   .format(url=re.sub('http://', '', c['url']), port=c['port'], usr=c['usr'], passwd=c['passwd']))
+
+
+def apply(ln):
+    if not ln and os.path.exists(proxy_def):
+        os.remove(proxy_def)
+    else:
+        open(proxy_def, 'w').write(
+            "# generated by system-proxy.py\n{}\n".format(ln))
+
+if __name__ == '__main__':
+    try:
+        c = get_config()
+        verify(c)
+        ln = generate(c)
+        apply(ln)
+    except ConfigError as e:
+        print(e)
+        sys.exit(1)
diff --git a/src/migration-scripts/quagga/3-to-4 b/src/migration-scripts/quagga/3-to-4
new file mode 100755
index 000000000..f8c87ce8c
--- /dev/null
+++ b/src/migration-scripts/quagga/3-to-4
@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2019 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import sys
+
+from vyos.configtree import ConfigTree
+
+
+if (len(sys.argv) < 1):
+    print("Must specify file name!")
+    sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+config = ConfigTree(config_file)
+
+if not config.exists(['protocols', 'bgp']):
+    # Nothing to do
+    sys.exit(0)
+else:
+    # Check if BGP is actually configured and obtain the ASN
+    asn_list = config.list_nodes(['protocols', 'bgp'])
+    if asn_list:
+        # There's always just one BGP node, if any
+        asn = asn_list[0]
+    else:
+        # There's actually no BGP, just its empty shell
+        sys.exit(0)
+
+    # Check if BGP scan-time parameter exist
+    scan_time_param = ['protocols', 'bgp', asn, 'parameters', 'scan-time']
+    if config.exists(scan_time_param):
+        # Delete BGP scan-time parameter
+        config.delete(scan_time_param)
+    else:
+        # Do nothing
+        sys.exit(0)
+
+    # Save a new configuration file
+    try:
+        with open(file_name, 'w') as f:
+            f.write(config.to_string())
+    except OSError as e:
+        print("Failed to save the modified config: {}".format(e))
+        sys.exit(1)
diff --git a/src/validators/numeric b/src/validators/numeric
index ffe84a234..0a2d83d14 100755
--- a/src/validators/numeric
+++ b/src/validators/numeric
@@ -24,7 +24,7 @@ import re
 parser = argparse.ArgumentParser()
 parser.add_argument("-f", "--float", action="store_true", help="Accept floating point values")
 group = parser.add_mutually_exclusive_group()
-group.add_argument("-r", "--range", type=str, help="Check if the number is within range (inclusive), example: 1024-65535")
+group.add_argument("-r", "--range", type=str, help="Check if the number is within range (inclusive), example: 1024-65535", action='append')
 group.add_argument("-n", "--non-negative", action="store_true", help="Check if the number is non-negative (>= 0)")
 group.add_argument("-p", "--positive", action="store_true", help="Check if the number is positive (> 0)")
 parser.add_argument("number", type=str, help="Number to validate")
@@ -47,15 +47,25 @@ else:
         sys.exit(1)
 
 if args.range:
-    try:
-        lower, upper = re.match(r'(\d+)\s*\-\s*(\d+)', args.range).groups()
-        lower, upper = int(lower), int(upper)
-    except:
-        print("{0} is not a valid number range",format(args.range), file=sys.stderr)
-        sys.exit(1)
+    valid = False
+    for r in args.range:
+        try:
+            lower, upper = re.match(r'(\d+)\s*\-\s*(\d+)', r).groups()
+            lower, upper = int(lower), int(upper)
+        except:
+            print("{0} is not a valid number range",format(args.range), file=sys.stderr)
+            sys.exit(1)
+
+        if (number >= lower) and (number <= upper):
+            valid = True
+    # end for
 
-    if (number < lower) or (number > upper):
-        print("Number {0} is not in the {1} range".format(number, args.range), file=sys.stderr)
+    if not valid:
+        if len(args.range) > 1:
+            err_msg = "Number {0} is not in any of the ranges {1}".format(number, args.range)
+        else:
+            err_msg = "Number {0} is not in the range {1}".format(number, args.range[0])
+        print(err_msg, file=sys.stderr)
         sys.exit(1)
 elif args.non_negative:
     if number < 0: