diff options
| author | Willy Tarreau <w@1wt.eu> | 2006-07-16 15:09:52 +0200 |
|---|---|---|
| committer | Willy Tarreau <willy@wtap.(none)> | 2006-07-26 12:03:29 +0200 |
| commit | d384efdf54a34dd56ed03bf6bca0b325d3fa6db4 (patch) | |
| tree | 5beb38f1a0332bd40b8826acfe55cd469929666b | |
| parent | [RELEASE] init-scripts-0.3.16 (diff) | |
| download | init-scripts-d384efdf54a34dd56ed03bf6bca0b325d3fa6db4.tar.gz | |
[RELEASE] init-scripts-0.3.17v0.3.17
| -rw-r--r-- | .flxfiles | 5 | ||||
| -rw-r--r-- | ChangeLog | 11 | ||||
| -rwxr-xr-x | etc/startup.rc | 16 | ||||
| -rwxr-xr-x | obsolete/crond (renamed from sbin/init.d/crond) | 0 | ||||
| -rwxr-xr-x | sbin/init.d/dhcpd | 37 | ||||
| -rwxr-xr-x | sbin/init.d/firewall | 102 | ||||
| -rwxr-xr-x | sbin/init.d/functions | 27 | ||||
| -rwxr-xr-x | sbin/init.d/inetd | 23 | ||||
| -rwxr-xr-x | sbin/init.d/lpd | 27 | ||||
| -rwxr-xr-x | sbin/init.d/network | 47 | ||||
| -rwxr-xr-x | sbin/init.d/sendmail | 92 |
11 files changed, 329 insertions, 58 deletions
@@ -15,8 +15,11 @@ sbin/init.d/sysprofiles sbin/init.d/system sbin/init.d/thttpd sbin/init.d/pdnsd -sbin/init.d/crond sbin/init.d/logrotate +sbin/init.d/lpd +sbin/init.d/inetd +sbin/init.d/dhcpd +sbin/init.d/sendmail sbin/rc.0 sbin/rc.6 sbin/rc.K @@ -1,3 +1,14 @@ +2003/06/22 +- ajout de dhcpd, inetd, lpd, sendmail +- suppression de crond +- correction de network pour supporter des paramètres à 'ip' +- network gere le "restart" en une opération atomique +- network : changement d'état du media après link up +- deplacement de recursive_rmmod de firewall vers functions +- firewall : si erreur de chargement, on passe en block +- firewall : ajout de la commande 'reload' qui ne casse pas les sessions +- network: en DHCP, on affiche l'adresse IP obtenue +- release 0.3.17 2003/06/20 - encore une correction sur functions : les fonctions implémentant les options d'un service n'étaient plus désactivées avant d'appeler le service, donc diff --git a/etc/startup.rc b/etc/startup.rc index c41dbe5..0581ebf 100755 --- a/etc/startup.rc +++ b/etc/startup.rc @@ -2,19 +2,3 @@ /sbin/init.d/sysprofiles /etc/config.rc -#echo 1 > /proc/sys/net/ipv4/ip_forward -#/sbin/init.d/network restart lo -#/sbin/modprobe softdog 15 -#/sbin/modprobe button -#/sbin/modprobe i2c-viapro -#/sbin/modprobe i2c-isa -#/sbin/modprobe via686a -#/sbin/modprobe eeprom -#/sbin/modprobe via82cxxx_audio -#/sbin/modprobe usb-uhci -#/sbin/modprobe usb-storage -#/sbin/modprobe sd_mod -##/sbin/modprobe hid -##/sbin/modprobe mousedev -##/sbin/modprobe keybdev - diff --git a/sbin/init.d/crond b/obsolete/crond index 98724c6..98724c6 100755 --- a/sbin/init.d/crond +++ b/obsolete/crond diff --git a/sbin/init.d/dhcpd b/sbin/init.d/dhcpd new file mode 100755 index 0000000..233dd9a --- /dev/null +++ b/sbin/init.d/dhcpd @@ -0,0 +1,37 @@ +#!/bin/bash + +. `dirname $0`/functions + +option config standard_option +option leasefile standard_option +option device multiple_option + +option pidfile reserved_option /var/run/dhcpd.pid +option bin reserved_option /usr/sbin/dhcpd +option cmdline reserved_option '$bin ${opt_config:+-cf $opt_config} ${opt_leasedb:+-lf $opt_leasefile} ${opt_device[@]:+${opt_device[*]}}' + +# check that the lease file exists or the daemon will fail to start +function fct_pre_start { + local leasefile + + leasefile=${opt_leasefile:-/var/state/dhcp/dhcpd.leases} + if [ ! -e "$leasefile" ]; then + mkdir -m 0750 -p ${leasefile%/*} 2>/dev/null && chgrp adm ${leasefile%/*} 2>/dev/null + touch $leasefile + fi +} + +function do_help { + echo "Usage: ${0##*/} <status|start|stop|help>" + echo "List of config.rc options (name, type, default value, current value) :" + echo + echo " - config : config file ; def= ; cur=$opt_confdir" + echo " - leasefile : lease file ; def= ; cur=$opt_current" + echo " - device : list of interfaces ; def= ; cur=$opt_backup" + echo " - pidfile : path to file ; def= ; cur=$pidfile" + echo + exit 1 +} + +load_config + diff --git a/sbin/init.d/firewall b/sbin/init.d/firewall index 79793a0..a136c10 100755 --- a/sbin/init.d/firewall +++ b/sbin/init.d/firewall @@ -15,7 +15,7 @@ IPTABLES=/sbin/iptables IPRESTORE=/sbin/iptables-restore function do_help { - echo "Usage: ${0##*/} <status|start|revert|stop|route|block>" + echo "Usage: ${0##*/} <status|start|revert|reload|stop|route|block|help>" echo "List of config.rc options (name, type, default value, current value) :" echo echo " - confdir : dir ; def='/etc/firewall' ; cur=$opt_confdir" @@ -32,30 +32,6 @@ function do_help { exit 1 } -# it will try to unload module $1 and all modules which depend on it -function recursive_rmmod { - local -a args - local mod - - while : ; do - args=( $(/sbin/lsmod|grep "^$1 "|tr -d '\[\]') ) - [ ${#args[@]} -gt 0 ] || return 0 - if [ "${args[2]}" = "0" ]; then - rmmod $1 - return $? - else - mod=3 - while [ $mod -lt ${#args[@]} ]; do - if ! recursive_rmmod ${args[$mod]}; then - echo "Error: could not unload module ${args[$mod]}." - return 1 - fi - (( mod++ )) - done - fi - done -} - # starts the firewall with the specified config. # if none is specified, no configuration is loaded. # - disables ip_forwarding. It's up to the caller to @@ -100,12 +76,88 @@ function start_with_config { echo "Firewall: loading configuration file $opt_confdir/$1..." if ! [ -r "$opt_confdir/$1" ] || ! $IPRESTORE < $opt_confdir/$1; then echo "Firewall: Error! cannot load configuration file !" + # we'll block external traffic and enable internal one in this case + do_block return 1 fi fi return 0 } +# reloads the firewall with the specified config, without +# unloading any module nor flushing existing sessions. If +# the configuration cannot be loaded, only existing sessions +# can continue, and all external traffic is blocked. +# if the firewall wasn't loaded, branch to do_start +# returns 1 if the config could not be loaded. +function do_reload { + local table chain chains conf + + if [ ! -e /proc/net/ip_tables_names ]; then + do_start $* + return $? + fi + + echo "Firewall: disabling IP forwarding..." + echo 0 > /proc/sys/net/ipv4/ip_forward + # filter chain has a default policy set to DROP + echo "Firewall: setting default policy to DROP..." + for chain in INPUT OUTPUT FORWARD; do + $IPTABLES -t filter -P $chain DROP + done + + # flush all rules in all tables + echo "Firewall: Flushing all rules..." + for table in mangle filter ${opt_stateful:+${opt_nat:+nat}}; do + $IPTABLES -t $table -F + $IPTABLES -t $table -X + done + + # other chains have a default policy set to ACCEPT + for table in mangle ${opt_stateful:+${opt_nat:+nat}}; do + chains=$($IPTABLES -t $table -L | grep "^Chain " | cut -f2 -d' ') + for chain in $chains; do + $IPTABLES -t $table -P $chain ACCEPT + done + done + + conf=${opt_filter:+$opt_current/conf-$(uname -n).ipt} + + echo "Firewall: loading configuration file $opt_confdir/$conf..." + if ! [ -r "$opt_confdir/$conf" ] || ! $IPRESTORE < $opt_confdir/$conf; then + echo "Firewall: Error! cannot load configuration file !" + # we'll block external traffic and enable internal one in this case + echo "Firewall: Changing policy to block external traffic..." + $IPTABLES -t filter -A INPUT -m state --state ESTABLISHED -j ACCEPT + $IPTABLES -t filter -A INPUT -i lo -j ACCEPT + $IPTABLES -t filter -A OUTPUT -m state --state ESTABLISHED -j ACCEPT + $IPTABLES -t filter -A OUTPUT -o lo -j ACCEPT + $IPTABLES -t mangle -P PREROUTING DROP + $IPTABLES -t mangle -P INPUT DROP + $IPTABLES -t mangle -P FORWARD DROP + $IPTABLES -t mangle -P POSTROUTING DROP + $IPTABLES -t mangle -P OUTPUT DROP + $IPTABLES -t mangle -A PREROUTING -i lo -j ACCEPT + $IPTABLES -t mangle -A INPUT -i lo -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -o lo -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -o lo -j ACCEPT + echo + echo "################################################################" + echo "Firewall: There was a critical error. Only established sessions" + echo "from and to the firewall will still work. Everything else has" + echo "been blocked, and forwarding has been disabled." + echo "################################################################" + echo + return 1 + fi + if [ -n "$opt_forward" ]; then + echo "Firewall: enabling IP forwarding..." + echo 1 > /proc/sys/net/ipv4/ip_forward + fi + echo "Firewall: done." + return 0 +} + # checks wether the firewall modules are loaded function do_status { if [ -e /proc/net/ip_tables_names ]; then diff --git a/sbin/init.d/functions b/sbin/init.d/functions index 9a16281..d93695c 100755 --- a/sbin/init.d/functions +++ b/sbin/init.d/functions @@ -208,6 +208,33 @@ function remount_ro { fi } +# this will try to unload module $1 and all modules which depend on it +function recursive_rmmod { + local -a args + local mod + + while : ; do + args=( $(/sbin/lsmod|grep "^$1 "|tr -d '\[\]') ) + [ ${#args[@]} -gt 0 ] || return 0 + if [ "${args[2]}" = "0" ]; then + rmmod $1 + return $? + elif [ -z "${args[3]}" ]; then + # use count >0, but nothing to unload + return 1 + else + mod=3 + while [ $mod -lt ${#args[@]} ]; do + if ! recursive_rmmod ${args[$mod]}; then + echo "Error: could not unload module ${args[$mod]}." + return 1 + fi + (( mod++ )) + done + fi + done +} + ######################################## # CONFIGURATION FILE LOADING FUNCTIONS # ######################################## diff --git a/sbin/init.d/inetd b/sbin/init.d/inetd new file mode 100755 index 0000000..f46006f --- /dev/null +++ b/sbin/init.d/inetd @@ -0,0 +1,23 @@ +#!/bin/bash + +. `dirname $0`/functions + +option config standard_option + +option pidfile reserved_option /var/run/inetd.pid +option bin reserved_option /usr/sbin/inetd +option cmdline reserved_option '$bin ${opt_config:+$opt_config}' + +function do_help { + echo "Usage: ${0##*/} <status|start|stop|help>" + echo "List of config.rc options (name, type, default value, current value) :" + echo + echo " - config : config file ; def= ; cur=$opt_confdir" + echo " - pidfile : path to file ; def= ; cur=$pidfile" + echo + exit 1 +} + + +load_config + diff --git a/sbin/init.d/lpd b/sbin/init.d/lpd new file mode 100755 index 0000000..fe1f13e --- /dev/null +++ b/sbin/init.d/lpd @@ -0,0 +1,27 @@ +#!/bin/bash + +. `dirname $0`/functions + +option tcp standard_option +option unix standard_option +option remoteport standard_option + +option pidfile reserved_option /var/run/lpd.\${opt_tcp:-515} +option bin reserved_option /usr/sbin/lpd +option cmdline reserved_option '$bin ${opt_tcp:+-p $opt_tcp} ${opt_unix:+-P $opt_unix} ${opt_remoteport:+-R $opt_remoteport}' + +function do_help { + echo "Usage: ${0##*/} <status|start|stop|help>" + echo "List of config.rc options (name, type, default value, current value) :" + echo + echo " - tcp : port or 'off' ; def= ; cur=$opt_confdir" + echo " - unix : path or 'off' ; def= ; cur=$opt_current" + echo " - remoteport : tcp port ; def= ; cur=$opt_backup" + echo " - pidfile : path to file ; def= ; cur=$pidfile" + echo + exit 1 +} + + +load_config + diff --git a/sbin/init.d/network b/sbin/init.d/network index 061778c..b4e4191 100755 --- a/sbin/init.d/network +++ b/sbin/init.d/network @@ -13,7 +13,15 @@ # [no] arp # [no] multicast # shutdown -# ip route <ip/mask> <gw> +# ip route <ip/mask> <gw> [ip args...] + +# we want ALL instances to stop and restart at once +if [ "$1" = "restart" ]; then + shift + $0 stop "$@" + $0 start "$@" + exit $? +fi . `dirname $0`/functions @@ -128,7 +136,7 @@ function do_start { while [ $arg -lt $route_idx ]; do local dest gw dest=${route_list[$arg]%%[ ]*} - gw=${route_list[$arg]##*[ ]} + gw=${route_list[$arg]#*[ ]} # gw and potentially other ip args ip route add $dest via $gw arg=$[$arg+1] done @@ -172,17 +180,6 @@ function do_start { ip addr flush dev $instname >/dev/null 2>&1 ip link set $instname down >/dev/null 2>&1 - if [ "$opt_media" ]; then - if [ -n "$opt_speed" -o -n "$opt_duplex" -o -n "$opt_auto" ]; then - echo " ==> Warning: option 'media' inhibits 'speed','duplex' and 'auto'." - fi - set_media $instname "$opt_media" - echo " ==> Link set to $opt_media for interface $instname" - elif [ -n "$opt_speed" -o -n "$opt_duplex" -o -n "$opt_auto" ]; then - set_media2 $instname "${opt_speed:--}" "${opt_duplex:--}" "${opt_auto:--}" - echo " ==> Link configuration changed for interface $instname" - fi - if [ "$opt_lladdr" ]; then ip link set $instname address $opt_lladdr fi @@ -205,6 +202,18 @@ function do_start { echo " ==> start $svcname${instname:+[$instname]} : Failed." return 1 fi + + if [ "$opt_media" ]; then + if [ -n "$opt_speed" -o -n "$opt_duplex" -o -n "$opt_auto" ]; then + echo " ==> Warning: option 'media' inhibits 'speed','duplex' and 'auto'." + fi + set_media $instname "$opt_media" + echo " ==> Link set to $opt_media for interface $instname" + elif [ -n "$opt_speed" -o -n "$opt_duplex" -o -n "$opt_auto" ]; then + set_media2 $instname "${opt_speed:--}" "${opt_duplex:--}" "${opt_auto:--}" + echo " ==> Link configuration changed for interface $instname" + fi + if [ ${#opt_slave[*]} -gt 0 ]; then for arg in ${opt_slave[*]}; do if ! $PFULLNAME status $arg >/dev/null 2>&1; then @@ -221,8 +230,14 @@ function do_start { if [ "${addr_list[$arg]}" = "dhcp" ]; then echo " ==> Waiting for ip address with DHCP request ... " dhcpcd -t 10 $instname + set -- $(ip addr show dev $instname | grep ' inet ') + if [ -n "$2" ]; then + echo " Device $instname has IP address $2" + else + echo " Device $instname has no IP address" + fi else - ip addr add ${addr_list[$arg]} dev $instname + ip addr add dev $instname ${addr_list[$arg]} fi arg=$[$arg+1] done @@ -231,8 +246,8 @@ function do_start { while [ $arg -lt $route_idx ]; do local dest gw dest=${route_list[$arg]%%[ ]*} - gw=${route_list[$arg]##*[ ]} - ip route add $dest via $gw dev $instname + gw=${route_list[$arg]#*[ ]} # gw and potentially other ip args + ip route add $dest dev $instname via $gw arg=$[$arg+1] done echo " ==> start $svcname${instname:+[$instname]} : Done." diff --git a/sbin/init.d/sendmail b/sbin/init.d/sendmail new file mode 100755 index 0000000..89be57c --- /dev/null +++ b/sbin/init.d/sendmail @@ -0,0 +1,92 @@ +#!/bin/bash + +. `dirname $0`/functions + +# config parameters +# service sendmail +# bin <binary> +# cmdline <cmd> +# queuing <time_to_wait> +# flags <additionnal command line flags> + +option config standard_option +option queuing standard_option 15m +option flags multiple_option +option bin reserved_option /usr/sbin/sendmail +option cmdline reserved_option '$bin -bd ${opt_config:+-C$opt_config} ${opt_queuing:+-q$opt_queuing} ${opt_flags[*]:+${opt_flags[*]}}' + +function do_help { + echo "Usage: ${0##*/} <status|start|update|install|help>" + echo "List of config.rc options (name, type, default value, current value) :" + echo + echo " - config : configuration file ; def= ; cur=$opt_confdir" + echo " - queing : polling interval ; def='15m' ; cur=$opt_current" + echo " - flags : command line flags ; def= ; cur=$opt_backup" + echo + exit 1 +} + + +function do_install() { + echo "Creating sendmail environnement ... " + if [ ! -d /var/spool ] ; then + echo " Aborting: directory '/var/spool' directory does not exist." + exit 1 + else + if [ ! -d /var/spool/clientmqueue ] ; then + mkdir -m 750 -p /var/spool/clientmqueue && \ + chown smmsp:smmsp /var/spool/clientmqueue || exit 1 + fi + if [ ! -d /var/spool/mail ] ; then + mkdir -m 751 -p /var/spool/mail && \ + chown root:mail /var/spool/mail || exit 1 + fi + if [ ! -d /var/spool/mqueue ] ; then + mkdir -m 700 -p /var/spool/mqueue && \ + chown root:root /var/spool/mqueue || exit 1 + fi + fi + if [ ! -e /etc/mail/local-host-names ] ; then + mkdir -p /etc/mail + touch /etc/mail/local-host-names + fi + if [ ! -d /var/state/mail ] ; then + mkdir -p /var/state/mail + fi + do_update $* +} + +function do_update { + local type filename + echo "Updating sendmail databases ... " + + # updating /etc/mail/aliases.db file + if [ ! -e /etc/mail/aliases ] ; then touch /etc/mail/aliases ; fi + $bin -bi > /dev/null 2>&1 + + # get all defined maps + grep "^K[^ ]* \+\(dbm\|btree\|hash\) \+.*" ${opt_confid:-/etc/mail/sendmail.cf} | \ + sed 's@^K[^ ]\+ \([^ ]\+\).* \([a-zA-Z0-9/-]\+\)@\1 \2@' | while read ; do + + set -- $REPLY + type=$1 + filename=$2 + + # look for data file existance + if [ "x$filename" = "x" ] ; then continue ; fi + if [ ! -e "$filename" ] ; then touch $filename ; fi + + # look for known map type + case "$type" in + dbm|btree|hash) + if [ ! -e $filename.db -o $filename -nt $filename.db ] ; then + makemap $type $filename.db < $filename + echo -n "$(basename $filename) " + fi + ;; + esac + done +} + +load_config + |