- Description:
- OpenBSD Network Shell
- Last Change:
- Clone URL:
ssh://anonymous@git.chirpysoft.be/nsh.git
Commit Briefs
add support for backing up and restoring every user's ~/.nshenv (envconf)
Include data from users' ~/.nshenv in show running-config and write-config. Add nshenv and restoreenv commands which handle saving and restoring. These commands are not supposed to be user-facing. Their only purpose is to preserve data during write-config and restore it during nsh -i. During restore we take care not to overwrite existing ~/.nshenv files. The purpose of this feature is to restore ~/.nshenv files which were lost during a disaster. If the user has already saved new settings then we can just leave them as they are.
fix sqlite API error handling
- call sqlite3_errmsg(db) before closing the db, not after - sqlite3_errmsg() can only be used when sqlite3_step() returns SQLITE_ERROR - check for errors from sqlite3_finalize() - close db handle even when an error occurred during sqlite3_open() with suggestions from chris testing + ok tom
Fix dhcpd handling with respect to rdoamins
Run dhcpd in the correct rdomain when rdomain is != 0 and start dhcpd with a list of interfaces on its command line. All interfaces must be in the same rdomain; dhcpd will then set its own rdomain accordingly. Use a separate DHCP lease database per rdomain just in case a given MAC and IP tuple appears in multiple rdomains. earlier version ok + testing by Tom
allow T_HANDLER to process any number of arguments between 0 and 6
This way we can write handlers that accept all arguments listed in their ctl table as actual arguments, rather than passing unused parameters which contain ununitialized garbage. The benefit is better clarity about the expected values of arguments passed on by handler functions. Adjust motd and crontab handlers accordingly which use T_HANDLER. All instances of call_editor() now use T_HANDLER_FILL1. ok chris
fix conversion of struct ctl2->table to struct ctl->table
The old code would only convert the first command table entry to a dummy struct ctl sitting on the stack. This confuses code which loops over the command table and requires a sentinel to break out of this loop. Segfault found by Tom
detect ambiguous matches from genget on a ctl2 table
Cannot happen right now since the table has only one entry but better be prepared for a future where we would crash otherwise.
repair "write-config" command which broke with introduction of struct ctl2
Writing any changes to dhcp config was causing "genget internal failure". Regression found by Tom.
always keep basic environment variables intact after 'enable' command
Make nshdoas preserve some important environment variables even when there is no rule in /etc/doas.conf. Without a matching rule in doas.conf we ended up running the privileged shell in an empty environment, which leads to tools such as vi(4) erroring out for lack of a terminal type. As before, the keepenv option in /etc/doas.conf can be used to preserve the entire user environment. We now preserve the following variables by default: DOAS_USER=nsh # added by nshdoas HOME=/root # overridden by nshdoas LOGNAME=root # overridden by nshdoas PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin SHELL=/usr/local/bin/nsh TERM=xterm USER=root # overridden by nshdoas Problem noticed by Tom.
introduce struct ctl2 with backwards compat wrappers
The new struct avoids the necessity to cast configuration file test handler arguments from char ** to a char *, such that the char ** pointer can be stored in ctl->args[1]. Such shadowing of variable types results in code that is hard to follow. We can convert daemons one-by-one to fully replace struct ctl eventually. As an example, convert dhcpd handling to struct ctl2 already. Ok tom, chris
Merge pull request #143 from smytht/master
Improve Readme by converting to markdown and adding a quick installation guide for nsh
Branches
Tree
README.md
# nsh ## network shell --- Chris Cappuccio <chris@nmedia.net> version 1.1 NSH is a CLI intended for OpenBSD-based network appliances. It replaces ifconfig, sysctl and route with its own simple command language, and encapsulates configuration for other daemons into one place, effectively replacing /etc/netstart and parts of /etc/rc for appliance-style usage. ## Daemons and services encapsulated by nsh: bgpd, dhcpd, dhcpleased, dhcrelay, dvmrpd, eigrpd, ftp-proxy, ifstated, inetd, iked, ipsecctl, ldapd, ldpd, npppd, ntpd, ospfd, ospf6d, pf, rad, relayd, resolvd, ripd, sasyncd, slaacd, smtpd, snmpd, sshd, tftpd, tftp-proxy. --- ## License NSH is freely licensed, in the BSD style. In conjunction with the OpenBSD kernel and the daemons you wish to control, you have a fully functioning network appliance type of system. --- ## NSH Manual See https://github.com/yellowman/nsh/wiki/NSH-Manual-page or nsh.8 manual for detailed installation instructions and command set. See the to-do list on https://github.com/users/yellowman/projects/1 for details on implementation status and future ideas. See http://github.com/yellowman/nsh/ for current source code repository. See http://www.nmedia.net/nsh/ for example configurations and mailing list. See https://www.youtube.com/watch?v=WMKxIHaWaG0 for an EurobsdCon 2022 Presentation on NSH for network administrators. --- ## Quickstart Guide for installing and building **nsh** on an OpenBSD system 1. Install OpenBSD on your system 2. Install the OpenBSD port of nsh on your system -(this will install the latest nsh release version) ```shell pkg_add nsh ``` 3. Install git on your system to allow fetching more recent versions of nsh from github ```shell pkg_add git ``` 4. to download the latest development of nsh use git to download the latest nsh repository ```shell git clone https://github.com/yellowman/nsh ``` 5. change directory to the downloaded nsh directory ```shell cd nsh ``` 6. to build the nsh sources follow the steps below 6a. make objects ```shell make obj ``` 6b. make / compile the sources ```shell make ``` 6c. Install the compiled nsh binaries and supporting files (you will need root privileges to do this). ```shell make install ``` 7. To have nsh take over the configuration of a system a number of steps that need to be carried out such as 7a. Backup configuration of system, daemons and network in /etc 7b. Copy the configuration files to /var/run/example-configfilename.0 (the .0 file extension) implies running in the default rdomain / rtable (rdomain 0) 7c. save the running config to /etc/nshrc 7d. secure the /etc/nshrc file so that world cannot read, write or execute it . 7e. configure the system to run nsh -i /etc/nshrc either adding a line to /etc/rc.local or using an rccctl script for nsh. For the users convenience, the above steps can be largely automated by running the **rc.local-nsh-openbsd-integration.sh** script and following on screen instructions. ```shell cd scripts/ ./rc.local-nsh-openbsd-integration.sh ``` 8. once configuration has been imported, restart the system and verify nsh config is running as expected 10. please provide feedback , bug repots and suggestions to the developers on our mailing list <nsh@lists.deschutesdigital.com> .