summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-03-05op-mode: T5051: add support for Literal arg typesJohn Estabrook
2023-03-04Merge pull request #1862 from jestabro/schema-generateChristian Breunig
graphql: T5040: generate schema on installation, rather than dynamically
2023-03-03graphql: T5040: use path from defaultsJohn Estabrook
2023-03-02Merge pull request #1865 from jbordongit/T4916-sagittaChristian Breunig
ipsec: T4916: Fixed migrations script
2023-03-03ipsec: T4916: Fixed migrations scriptjbordongit
* removed unused `re` from imports * replaced `return_value()` to `return_values()` for `remote-address` because this is a multi-value configuration node
2023-03-02Merge pull request #1864 from jestabro/system-login-errorChristian Breunig
login: T5039: catch error on 'my_set' for auth plaintext-password
2023-03-02Merge pull request #1863 from sarthurdev/T5039Christian Breunig
login: T5039: Support hashing rounds in `encrypted-password` values
2023-03-02login: T5039: catch error on 'my_set' for auth plaintext-passwordJohn Estabrook
2023-03-02login: T5039: Support hashing rounds in `encrypted-password` valuessarthurdev
Since glibc 2.7, the SHA-256 and SHA-512 implementations support a user-supplied number of hashing rounds, defaulting to 5000. If the "$id$" characters in the salt are followed by "rounds=xxx$", where xxx is an integer, then the result has the form $id$rounds=yyy$salt$encrypted where yyy is the number of hashing rounds actually used. The number of rounds actually used is 1000 if xxx is less than 1000, 999999999 if xxx is greater than 999999999, and is equal to xxx otherwise.
2023-03-01qos: T4989: bugfix missing firewall mark supportChristian Breunig
2023-03-01graphql: T5040: adjust smoketest for nullable keyJohn Estabrook
Since 'key' field is no longer required, a missing key will register an error in the resolver, instead of being rejected as bad request.
2023-03-01graphql: T5040: generate schema in vyos-1x.postinstJohn Estabrook
2023-03-01graphql: T5040: fail gracefully if not on live system; needed for importJohn Estabrook
For type introspection of op-mode scripts, scripts are loaded as modules. For generation of schema from type introspection, it is useful to load scripts during package installation, hence to fail gracefully if not on live system.
2023-03-01graphql: T5040: use nullable key field to allow schema static generationJohn Estabrook
Schema had been dynamically generated, based on configuration setting for authentication. Add nullable field 'key' for static generation of schema regardless of key/token use.
2023-03-01Merge pull request #1854 from Yuanandcircle/currentChristian Breunig
policy: T5035: Add more actions to policy route rule
2023-02-28qos: T4284: add general debug output in update()Christian Breunig
2023-02-28T4967: xml: provide re-usable constraint for CLI host-name definitionsChristian Breunig
2023-02-28Merge pull request #1857 from nicolas-fort/nft_queueChristian Breunig
T5037: Firewall: Add queue action and options to firewall
2023-02-28Merge pull request #1860 from sever-sever/T4967Christian Breunig
T4967: Allow setting container hostname
2023-02-28T4967: Allow setting container hostnameViacheslav Hletenko
Ability setting container hostname This host name is used as /etc/hostname set container name <tag> host-name 'mybox'
2023-02-28T5037: Firewall: Add queue action and options to firewallNicolas Fort
2023-02-28Merge branch 'vyos:current' into currentYouyuan
2023-02-28Merge pull request #1800 from vfreex/feature-babelChristian Breunig
T4977: Add Babel routing protocol support
2023-02-28Merge pull request #1784 from Zen3515/current-add-container-command-argChristian Breunig
container: T4014: Add `command`, `arg` and `entrypoint` configuration options for containers
2023-02-28Merge pull request #1853 from sever-sever/T5033Christian Breunig
T5033: Ability to generate muliple keys from a file or link
2023-02-28Merge pull request #1858 from jestabro/typo-openvpnChristian Breunig
openvpn: T4770: fix tabulate output in _format_openvpn
2023-02-27openvpn: T4770: fix tabulate output in _format_openvpnJohn Estabrook
2023-02-27Merge pull request #1856 from jestabro/list-interfacesChristian Breunig
op-mode: T4952: use list_interfaces from vyos-utils
2023-02-27op-mode: T4952: use list_interfaces from vyos-utilsJohn Estabrook
2023-02-27Merge pull request #1855 from aapostoliuk/T4955-2-sagittaChristian Breunig
openconnect: T4955: Renamed function and changed error messages
2023-02-27openconnect: T4955: Renamed function and changed error messagesaapostoliuk
Renamed local function to be identical to 1.3 ver Changed error messages after commit to be identical to 1.3 ver
2023-02-27Merge pull request #1644 from aapostoliuk/T4790-sagittaViacheslav Hletenko
T4790: Added check of the sum of radius timeouts
2023-02-27T5033: Ability to generate muliple keys from a file or linkViacheslav Hletenko
We generate only one public key (string) from a file xxx.pub op-mode with 'generate public-key-command user vyos lik_to_key_file' Add ability to generate configuration (from op-mode) for multiple keys As github keys don't use identifiers, generate uuid4 id for them
2023-02-26graphql: T4979: add user info to token requestJohn Estabrook
2023-02-26T4997: add dhcp client user hooksbri
This commit adds a script to run user-defined hook scripts upon renewing a DHCP lease. This can be used to, for example, dynamically define a firewall address-group based on the dynamic IP address of an interface. For an example of its use (as well as the use case I had in mind while coding this), see https://vyos.dev/T2196#142394 Co-authored-by: br <git@ibeep.com>
2023-02-26policy: T5035: Add more actions to policy route ruleYouyuan
2023-02-26smoketest: tunnel: T5034: adjust to new multicast CLI syntaxChristian Breunig
Commit 54c36e43 (tunnel: T5034: migrate "multicast enable" CLI node to enable-multicast) changed the syntax on the CLI. This commits changes the testcase to make use of the new syntax.
2023-02-25tunnel: T5034: migrate "multicast enable" CLI node to enable-multicastChristian Breunig
Tunnel interface multicast settings can be "enabled or disabled". As we prefer valueless nodes, and the linux kernel default is "disabled" we should add a set interfaces tunnel tunXX enable-multicast command
2023-02-25python: T5026: Replace deprecated Python modules crypt, spwdsarthurdev
DeprecationWarning: 'crypt' is deprecated and slated for removal in Python 3.13 DeprecationWarning: 'spwd' is deprecated and slated for removal in Python 3.13
2023-02-24login: T1948: drop absolut path to /usr/libexec/vyos, re-use vyos.defaultsChristian Breunig
2023-02-24Merge pull request #1851 from zdc/T4943-sagittaChristian Breunig
login: T4943: Fixed 2FA + RADIUS compatibility
2023-02-24login: T4943: Fixed 2FA + RADIUS compatibilityzsdc
MFA requires KbdInteractiveAuthentication to ask a second factor, and the RADIUS module for PAM does not like it, which makes them incompatible. This commit: * disables KbdInteractiveAuthentication * changes order for PAM modules - make it first, before `pam_unix` or `pam_radius_auth` * enables the `forward_pass` option for `pam_google_authenticator` to accept both password and MFA in a single input As a result, local, RADIUS, and MFA work together. Important change: MFA should be entered together with a password. Before: ``` vyos login: <USERNAME> Password: <PASSWORD> Verification code: <MFA> ``` Now: ``` vyos login: <USERNAME> Password & verification code: <PASSWORD><MFA> ```
2023-02-24Merge pull request #1848 from sever-sever/T5029Christian Breunig
T5029: Change nginx default root directory
2023-02-24Merge pull request #1850 from jestabro/T5030Christian Breunig
http-api: T5030: fix missing check on delete keys id tag or key value
2023-02-24Merge pull request #1849 from sever-sever/T5029-regexChristian Breunig
T5029: Fix Regex for nginx to find a better match
2023-02-24T5029: Change nginx default root directoryViacheslav Hletenko
2023-02-24T5029: Fix Regex for nginx to find a better matchViacheslav Hletenko
2023-02-24http-api: T5030: fix missing check on delete keys id tag or key valueJohn Estabrook
2023-02-24Merge pull request #1847 from aapostoliuk/T4985-2-sagittaChristian Breunig
ipsec: T4985: Changed 'reset vpn ipsec-peer' to use vici library
2023-02-24ipsec: T4985: Changed 'reset vpn ipsec-peer' to use vici libraryaapostoliuk
1. Changed reset IPSEC, IKE SAs to use vici library. 2. Created package vyos.ipsec to communicate with vici library.