Commit Briefs

90fedfb730 Stefan Sperling

add support for backing up and restoring every user's ~/.nshenv (envconf)

Include data from users' ~/.nshenv in show running-config and write-config. Add nshenv and restoreenv commands which handle saving and restoring. These commands are not supposed to be user-facing. Their only purpose is to preserve data during write-config and restore it during nsh -i. During restore we take care not to overwrite existing ~/.nshenv files. The purpose of this feature is to restore ~/.nshenv files which were lost during a disaster. If the user has already saved new settings then we can just leave them as they are.


eb5d12f955 Stefan Sperling

fix sqlite API error handling

- call sqlite3_errmsg(db) before closing the db, not after - sqlite3_errmsg() can only be used when sqlite3_step() returns SQLITE_ERROR - check for errors from sqlite3_finalize() - close db handle even when an error occurred during sqlite3_open() with suggestions from chris testing + ok tom


dd054fead9 Stefan Sperling

Fix dhcpd handling with respect to rdoamins

Run dhcpd in the correct rdomain when rdomain is != 0 and start dhcpd with a list of interfaces on its command line. All interfaces must be in the same rdomain; dhcpd will then set its own rdomain accordingly. Use a separate DHCP lease database per rdomain just in case a given MAC and IP tuple appears in multiple rdomains. earlier version ok + testing by Tom


85c6a75007 Stefan Sperling

allow T_HANDLER to process any number of arguments between 0 and 6

This way we can write handlers that accept all arguments listed in their ctl table as actual arguments, rather than passing unused parameters which contain ununitialized garbage. The benefit is better clarity about the expected values of arguments passed on by handler functions. Adjust motd and crontab handlers accordingly which use T_HANDLER. All instances of call_editor() now use T_HANDLER_FILL1. ok chris


b99c9f3f17 Stefan Sperling

fix conversion of struct ctl2->table to struct ctl->table

The old code would only convert the first command table entry to a dummy struct ctl sitting on the stack. This confuses code which loops over the command table and requires a sentinel to break out of this loop. Segfault found by Tom


51640dae4f Stefan Sperling

detect ambiguous matches from genget on a ctl2 table

Cannot happen right now since the table has only one entry but better be prepared for a future where we would crash otherwise.


8f5b5e45a9 Stefan Sperling

repair "write-config" command which broke with introduction of struct ctl2

Writing any changes to dhcp config was causing "genget internal failure". Regression found by Tom.


0b2393c6d7 Stefan Sperling

always keep basic environment variables intact after 'enable' command

Make nshdoas preserve some important environment variables even when there is no rule in /etc/doas.conf. Without a matching rule in doas.conf we ended up running the privileged shell in an empty environment, which leads to tools such as vi(4) erroring out for lack of a terminal type. As before, the keepenv option in /etc/doas.conf can be used to preserve the entire user environment. We now preserve the following variables by default: DOAS_USER=nsh # added by nshdoas HOME=/root # overridden by nshdoas LOGNAME=root # overridden by nshdoas PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin SHELL=/usr/local/bin/nsh TERM=xterm USER=root # overridden by nshdoas Problem noticed by Tom.


df1b71b4ff Stefan Sperling

introduce struct ctl2 with backwards compat wrappers

The new struct avoids the necessity to cast configuration file test handler arguments from char ** to a char *, such that the char ** pointer can be stored in ctl->args[1]. Such shadowing of variable types results in code that is hard to follow. We can convert daemons one-by-one to fully replace struct ctl eventually. As an example, convert dhcpd handling to struct ctl2 already. Ok tom, chris


e05df6135a GitHub

Merge pull request #143 from smytht/master

Improve Readme by converting to markdown and adding a quick installation guide for nsh


Branches
































Tags

Tree

.gitignorecommits | blame
COPYRIGHTcommits | blame
Makefilecommits | blame
README.mdcommits | blame
arp.ccommits | blame
bgpcommands.ccommits | blame
bgpnsh/
bridge.ccommits | blame
bridge.hcommits | blame
carp.ccommits | blame
cmdargs.ccommits | blame
commands.ccommits | blame
commands.hcommits | blame
compile.shcommits | blame
complete.ccommits | blame
conf.ccommits | blame
ctl.ccommits | blame
ctl.hcommits | blame
ctlargs.ccommits | blame
editing.hcommits | blame
externs.hcommits | blame
genget.ccommits | blame
hashtable.ccommits | blame
helpcommands.ccommits | blame
ieee80211.ccommits | blame
if.ccommits | blame
ip.hcommits | blame
kroute.ccommits | blame
main.ccommits | blame
makeargv.ccommits | blame
media.ccommits | blame
more.ccommits | blame
nameserver.ccommits | blame
ndp.ccommits | blame
nopt.ccommits | blame
nsh-dist.txtcommits | blame
nsh-version.mkcommits | blame
nsh.8commits | blame
nsh.rccommits | blame
nshdoas/
passwd.ccommits | blame
pflow.ccommits | blame
pfsync.ccommits | blame
ppp.ccommits | blame
prompt.ccommits | blame
route.ccommits | blame
save-ro.sh*commits | blame
save-rw.sh*commits | blame
scripts/
show.ccommits | blame
sqlite3.ccommits | blame
stats.ccommits | blame
stringlist.ccommits | blame
stringlist.hcommits | blame
sysctl.ccommits | blame
sysctl.hcommits | blame
trunk.ccommits | blame
tunnel.ccommits | blame
umb.ccommits | blame
utf8.ccommits | blame
utils.ccommits | blame
version.ccommits | blame
wg.ccommits | blame
who.ccommits | blame

README.md

# nsh 

## network shell

---
Chris Cappuccio <chris@nmedia.net> version 1.1


NSH is a CLI intended for OpenBSD-based network appliances. It replaces
ifconfig, sysctl and route with its own simple command language, and
encapsulates configuration for other daemons into one place, effectively
replacing /etc/netstart and parts of /etc/rc for appliance-style usage.

## Daemons and services encapsulated by nsh:

bgpd, dhcpd, dhcpleased, dhcrelay, dvmrpd, eigrpd, ftp-proxy, ifstated, inetd, 
iked, ipsecctl, ldapd, ldpd, npppd, ntpd, ospfd, ospf6d, pf, rad, relayd, 
resolvd, ripd, sasyncd, slaacd, smtpd, snmpd, sshd, tftpd, tftp-proxy.

---

## License 

NSH is freely licensed, in the BSD style.

In conjunction with the OpenBSD kernel and the daemons you wish to control,
you have a fully functioning network appliance type of system.

---

## NSH Manual

See https://github.com/yellowman/nsh/wiki/NSH-Manual-page or 
nsh.8 manual for detailed installation instructions and command set.

See the to-do list on https://github.com/users/yellowman/projects/1 for 
details on implementation status and future ideas.

See http://github.com/yellowman/nsh/ for current source code repository.
See http://www.nmedia.net/nsh/ for example configurations and mailing
list.

See https://www.youtube.com/watch?v=WMKxIHaWaG0 for an EurobsdCon 2022 
Presentation on NSH for network administrators. 

---

## Quickstart Guide for installing and building **nsh** on an OpenBSD system

1. Install OpenBSD on your system 

2. Install the OpenBSD port of nsh on your system -(this will install the latest nsh release version)

```shell
pkg_add nsh  
```

3. Install git on your system to allow fetching more recent versions of nsh from github

```shell
pkg_add git
```

4. to download the latest development of nsh use git to download the latest nsh repository

```shell
git clone https://github.com/yellowman/nsh
```

5. change directory to the downloaded nsh directory 

```shell
cd nsh
```

6. to build the nsh sources follow the steps below

6a. make objects

```shell
make obj
```

6b. make / compile the sources

```shell
make
```

6c.  Install the compiled nsh binaries and supporting files (you will need root privileges to do this).

```shell
make install
```

7. To have nsh take over the configuration of a system a number of steps that need to be carried out such as


7a. Backup configuration of system, daemons and network in /etc 

7b. Copy the configuration files to /var/run/example-configfilename.0  (the .0 file extension) implies running in the default rdomain / rtable (rdomain 0)

7c. save the running config to /etc/nshrc

7d. secure the /etc/nshrc file so that world cannot read, write or execute it . 

7e. configure the system to run nsh -i /etc/nshrc  either adding a line to /etc/rc.local or using an rccctl script for nsh.

For the users convenience, the above steps can be largely automated by running  the **rc.local-nsh-openbsd-integration.sh** script and following on screen instructions.

```shell
cd scripts/
./rc.local-nsh-openbsd-integration.sh
```

8. once configuration has been imported, restart the system and verify nsh config is running as expected
   

10. please provide feedback , bug repots and suggestions to the developers on	our mailing list  <nsh@lists.deschutesdigital.com> .