summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWilly Tarreau <w@1wt.eu>2006-07-16 15:09:52 +0200
committerWilly Tarreau <willy@wtap.(none)>2006-07-26 12:03:29 +0200
commitd384efdf54a34dd56ed03bf6bca0b325d3fa6db4 (patch)
tree5beb38f1a0332bd40b8826acfe55cd469929666b
parent[RELEASE] init-scripts-0.3.16 (diff)
downloadinit-scripts-d384efdf54a34dd56ed03bf6bca0b325d3fa6db4.tar.gz
[RELEASE] init-scripts-0.3.17v0.3.17
-rw-r--r--.flxfiles5
-rw-r--r--ChangeLog11
-rwxr-xr-xetc/startup.rc16
-rwxr-xr-xobsolete/crond (renamed from sbin/init.d/crond)0
-rwxr-xr-xsbin/init.d/dhcpd37
-rwxr-xr-xsbin/init.d/firewall102
-rwxr-xr-xsbin/init.d/functions27
-rwxr-xr-xsbin/init.d/inetd23
-rwxr-xr-xsbin/init.d/lpd27
-rwxr-xr-xsbin/init.d/network47
-rwxr-xr-xsbin/init.d/sendmail92
11 files changed, 329 insertions, 58 deletions
diff --git a/.flxfiles b/.flxfiles
index c4d075b..8f84274 100644
--- a/.flxfiles
+++ b/.flxfiles
@@ -15,8 +15,11 @@ sbin/init.d/sysprofiles
sbin/init.d/system
sbin/init.d/thttpd
sbin/init.d/pdnsd
-sbin/init.d/crond
sbin/init.d/logrotate
+sbin/init.d/lpd
+sbin/init.d/inetd
+sbin/init.d/dhcpd
+sbin/init.d/sendmail
sbin/rc.0
sbin/rc.6
sbin/rc.K
diff --git a/ChangeLog b/ChangeLog
index 3983706..832e011 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2003/06/22
+- ajout de dhcpd, inetd, lpd, sendmail
+- suppression de crond
+- correction de network pour supporter des paramètres à 'ip'
+- network gere le "restart" en une opération atomique
+- network : changement d'état du media après link up
+- deplacement de recursive_rmmod de firewall vers functions
+- firewall : si erreur de chargement, on passe en block
+- firewall : ajout de la commande 'reload' qui ne casse pas les sessions
+- network: en DHCP, on affiche l'adresse IP obtenue
+- release 0.3.17
2003/06/20
- encore une correction sur functions : les fonctions implémentant les options
d'un service n'étaient plus désactivées avant d'appeler le service, donc
diff --git a/etc/startup.rc b/etc/startup.rc
index c41dbe5..0581ebf 100755
--- a/etc/startup.rc
+++ b/etc/startup.rc
@@ -2,19 +2,3 @@
/sbin/init.d/sysprofiles /etc/config.rc
-#echo 1 > /proc/sys/net/ipv4/ip_forward
-#/sbin/init.d/network restart lo
-#/sbin/modprobe softdog 15
-#/sbin/modprobe button
-#/sbin/modprobe i2c-viapro
-#/sbin/modprobe i2c-isa
-#/sbin/modprobe via686a
-#/sbin/modprobe eeprom
-#/sbin/modprobe via82cxxx_audio
-#/sbin/modprobe usb-uhci
-#/sbin/modprobe usb-storage
-#/sbin/modprobe sd_mod
-##/sbin/modprobe hid
-##/sbin/modprobe mousedev
-##/sbin/modprobe keybdev
-
diff --git a/sbin/init.d/crond b/obsolete/crond
index 98724c6..98724c6 100755
--- a/sbin/init.d/crond
+++ b/obsolete/crond
diff --git a/sbin/init.d/dhcpd b/sbin/init.d/dhcpd
new file mode 100755
index 0000000..233dd9a
--- /dev/null
+++ b/sbin/init.d/dhcpd
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+. `dirname $0`/functions
+
+option config standard_option
+option leasefile standard_option
+option device multiple_option
+
+option pidfile reserved_option /var/run/dhcpd.pid
+option bin reserved_option /usr/sbin/dhcpd
+option cmdline reserved_option '$bin ${opt_config:+-cf $opt_config} ${opt_leasedb:+-lf $opt_leasefile} ${opt_device[@]:+${opt_device[*]}}'
+
+# check that the lease file exists or the daemon will fail to start
+function fct_pre_start {
+ local leasefile
+
+ leasefile=${opt_leasefile:-/var/state/dhcp/dhcpd.leases}
+ if [ ! -e "$leasefile" ]; then
+ mkdir -m 0750 -p ${leasefile%/*} 2>/dev/null && chgrp adm ${leasefile%/*} 2>/dev/null
+ touch $leasefile
+ fi
+}
+
+function do_help {
+ echo "Usage: ${0##*/} <status|start|stop|help>"
+ echo "List of config.rc options (name, type, default value, current value) :"
+ echo
+ echo " - config : config file ; def= ; cur=$opt_confdir"
+ echo " - leasefile : lease file ; def= ; cur=$opt_current"
+ echo " - device : list of interfaces ; def= ; cur=$opt_backup"
+ echo " - pidfile : path to file ; def= ; cur=$pidfile"
+ echo
+ exit 1
+}
+
+load_config
+
diff --git a/sbin/init.d/firewall b/sbin/init.d/firewall
index 79793a0..a136c10 100755
--- a/sbin/init.d/firewall
+++ b/sbin/init.d/firewall
@@ -15,7 +15,7 @@ IPTABLES=/sbin/iptables
IPRESTORE=/sbin/iptables-restore
function do_help {
- echo "Usage: ${0##*/} <status|start|revert|stop|route|block>"
+ echo "Usage: ${0##*/} <status|start|revert|reload|stop|route|block|help>"
echo "List of config.rc options (name, type, default value, current value) :"
echo
echo " - confdir : dir ; def='/etc/firewall' ; cur=$opt_confdir"
@@ -32,30 +32,6 @@ function do_help {
exit 1
}
-# it will try to unload module $1 and all modules which depend on it
-function recursive_rmmod {
- local -a args
- local mod
-
- while : ; do
- args=( $(/sbin/lsmod|grep "^$1 "|tr -d '\[\]') )
- [ ${#args[@]} -gt 0 ] || return 0
- if [ "${args[2]}" = "0" ]; then
- rmmod $1
- return $?
- else
- mod=3
- while [ $mod -lt ${#args[@]} ]; do
- if ! recursive_rmmod ${args[$mod]}; then
- echo "Error: could not unload module ${args[$mod]}."
- return 1
- fi
- (( mod++ ))
- done
- fi
- done
-}
-
# starts the firewall with the specified config.
# if none is specified, no configuration is loaded.
# - disables ip_forwarding. It's up to the caller to
@@ -100,12 +76,88 @@ function start_with_config {
echo "Firewall: loading configuration file $opt_confdir/$1..."
if ! [ -r "$opt_confdir/$1" ] || ! $IPRESTORE < $opt_confdir/$1; then
echo "Firewall: Error! cannot load configuration file !"
+ # we'll block external traffic and enable internal one in this case
+ do_block
return 1
fi
fi
return 0
}
+# reloads the firewall with the specified config, without
+# unloading any module nor flushing existing sessions. If
+# the configuration cannot be loaded, only existing sessions
+# can continue, and all external traffic is blocked.
+# if the firewall wasn't loaded, branch to do_start
+# returns 1 if the config could not be loaded.
+function do_reload {
+ local table chain chains conf
+
+ if [ ! -e /proc/net/ip_tables_names ]; then
+ do_start $*
+ return $?
+ fi
+
+ echo "Firewall: disabling IP forwarding..."
+ echo 0 > /proc/sys/net/ipv4/ip_forward
+ # filter chain has a default policy set to DROP
+ echo "Firewall: setting default policy to DROP..."
+ for chain in INPUT OUTPUT FORWARD; do
+ $IPTABLES -t filter -P $chain DROP
+ done
+
+ # flush all rules in all tables
+ echo "Firewall: Flushing all rules..."
+ for table in mangle filter ${opt_stateful:+${opt_nat:+nat}}; do
+ $IPTABLES -t $table -F
+ $IPTABLES -t $table -X
+ done
+
+ # other chains have a default policy set to ACCEPT
+ for table in mangle ${opt_stateful:+${opt_nat:+nat}}; do
+ chains=$($IPTABLES -t $table -L | grep "^Chain " | cut -f2 -d' ')
+ for chain in $chains; do
+ $IPTABLES -t $table -P $chain ACCEPT
+ done
+ done
+
+ conf=${opt_filter:+$opt_current/conf-$(uname -n).ipt}
+
+ echo "Firewall: loading configuration file $opt_confdir/$conf..."
+ if ! [ -r "$opt_confdir/$conf" ] || ! $IPRESTORE < $opt_confdir/$conf; then
+ echo "Firewall: Error! cannot load configuration file !"
+ # we'll block external traffic and enable internal one in this case
+ echo "Firewall: Changing policy to block external traffic..."
+ $IPTABLES -t filter -A INPUT -m state --state ESTABLISHED -j ACCEPT
+ $IPTABLES -t filter -A INPUT -i lo -j ACCEPT
+ $IPTABLES -t filter -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
+ $IPTABLES -t filter -A OUTPUT -o lo -j ACCEPT
+ $IPTABLES -t mangle -P PREROUTING DROP
+ $IPTABLES -t mangle -P INPUT DROP
+ $IPTABLES -t mangle -P FORWARD DROP
+ $IPTABLES -t mangle -P POSTROUTING DROP
+ $IPTABLES -t mangle -P OUTPUT DROP
+ $IPTABLES -t mangle -A PREROUTING -i lo -j ACCEPT
+ $IPTABLES -t mangle -A INPUT -i lo -j ACCEPT
+ $IPTABLES -t mangle -A POSTROUTING -o lo -j ACCEPT
+ $IPTABLES -t mangle -A OUTPUT -o lo -j ACCEPT
+ echo
+ echo "################################################################"
+ echo "Firewall: There was a critical error. Only established sessions"
+ echo "from and to the firewall will still work. Everything else has"
+ echo "been blocked, and forwarding has been disabled."
+ echo "################################################################"
+ echo
+ return 1
+ fi
+ if [ -n "$opt_forward" ]; then
+ echo "Firewall: enabling IP forwarding..."
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+ fi
+ echo "Firewall: done."
+ return 0
+}
+
# checks wether the firewall modules are loaded
function do_status {
if [ -e /proc/net/ip_tables_names ]; then
diff --git a/sbin/init.d/functions b/sbin/init.d/functions
index 9a16281..d93695c 100755
--- a/sbin/init.d/functions
+++ b/sbin/init.d/functions
@@ -208,6 +208,33 @@ function remount_ro {
fi
}
+# this will try to unload module $1 and all modules which depend on it
+function recursive_rmmod {
+ local -a args
+ local mod
+
+ while : ; do
+ args=( $(/sbin/lsmod|grep "^$1 "|tr -d '\[\]') )
+ [ ${#args[@]} -gt 0 ] || return 0
+ if [ "${args[2]}" = "0" ]; then
+ rmmod $1
+ return $?
+ elif [ -z "${args[3]}" ]; then
+ # use count >0, but nothing to unload
+ return 1
+ else
+ mod=3
+ while [ $mod -lt ${#args[@]} ]; do
+ if ! recursive_rmmod ${args[$mod]}; then
+ echo "Error: could not unload module ${args[$mod]}."
+ return 1
+ fi
+ (( mod++ ))
+ done
+ fi
+ done
+}
+
########################################
# CONFIGURATION FILE LOADING FUNCTIONS #
########################################
diff --git a/sbin/init.d/inetd b/sbin/init.d/inetd
new file mode 100755
index 0000000..f46006f
--- /dev/null
+++ b/sbin/init.d/inetd
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+. `dirname $0`/functions
+
+option config standard_option
+
+option pidfile reserved_option /var/run/inetd.pid
+option bin reserved_option /usr/sbin/inetd
+option cmdline reserved_option '$bin ${opt_config:+$opt_config}'
+
+function do_help {
+ echo "Usage: ${0##*/} <status|start|stop|help>"
+ echo "List of config.rc options (name, type, default value, current value) :"
+ echo
+ echo " - config : config file ; def= ; cur=$opt_confdir"
+ echo " - pidfile : path to file ; def= ; cur=$pidfile"
+ echo
+ exit 1
+}
+
+
+load_config
+
diff --git a/sbin/init.d/lpd b/sbin/init.d/lpd
new file mode 100755
index 0000000..fe1f13e
--- /dev/null
+++ b/sbin/init.d/lpd
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+. `dirname $0`/functions
+
+option tcp standard_option
+option unix standard_option
+option remoteport standard_option
+
+option pidfile reserved_option /var/run/lpd.\${opt_tcp:-515}
+option bin reserved_option /usr/sbin/lpd
+option cmdline reserved_option '$bin ${opt_tcp:+-p $opt_tcp} ${opt_unix:+-P $opt_unix} ${opt_remoteport:+-R $opt_remoteport}'
+
+function do_help {
+ echo "Usage: ${0##*/} <status|start|stop|help>"
+ echo "List of config.rc options (name, type, default value, current value) :"
+ echo
+ echo " - tcp : port or 'off' ; def= ; cur=$opt_confdir"
+ echo " - unix : path or 'off' ; def= ; cur=$opt_current"
+ echo " - remoteport : tcp port ; def= ; cur=$opt_backup"
+ echo " - pidfile : path to file ; def= ; cur=$pidfile"
+ echo
+ exit 1
+}
+
+
+load_config
+
diff --git a/sbin/init.d/network b/sbin/init.d/network
index 061778c..b4e4191 100755
--- a/sbin/init.d/network
+++ b/sbin/init.d/network
@@ -13,7 +13,15 @@
# [no] arp
# [no] multicast
# shutdown
-# ip route <ip/mask> <gw>
+# ip route <ip/mask> <gw> [ip args...]
+
+# we want ALL instances to stop and restart at once
+if [ "$1" = "restart" ]; then
+ shift
+ $0 stop "$@"
+ $0 start "$@"
+ exit $?
+fi
. `dirname $0`/functions
@@ -128,7 +136,7 @@ function do_start {
while [ $arg -lt $route_idx ]; do
local dest gw
dest=${route_list[$arg]%%[ ]*}
- gw=${route_list[$arg]##*[ ]}
+ gw=${route_list[$arg]#*[ ]} # gw and potentially other ip args
ip route add $dest via $gw
arg=$[$arg+1]
done
@@ -172,17 +180,6 @@ function do_start {
ip addr flush dev $instname >/dev/null 2>&1
ip link set $instname down >/dev/null 2>&1
- if [ "$opt_media" ]; then
- if [ -n "$opt_speed" -o -n "$opt_duplex" -o -n "$opt_auto" ]; then
- echo " ==> Warning: option 'media' inhibits 'speed','duplex' and 'auto'."
- fi
- set_media $instname "$opt_media"
- echo " ==> Link set to $opt_media for interface $instname"
- elif [ -n "$opt_speed" -o -n "$opt_duplex" -o -n "$opt_auto" ]; then
- set_media2 $instname "${opt_speed:--}" "${opt_duplex:--}" "${opt_auto:--}"
- echo " ==> Link configuration changed for interface $instname"
- fi
-
if [ "$opt_lladdr" ]; then
ip link set $instname address $opt_lladdr
fi
@@ -205,6 +202,18 @@ function do_start {
echo " ==> start $svcname${instname:+[$instname]} : Failed."
return 1
fi
+
+ if [ "$opt_media" ]; then
+ if [ -n "$opt_speed" -o -n "$opt_duplex" -o -n "$opt_auto" ]; then
+ echo " ==> Warning: option 'media' inhibits 'speed','duplex' and 'auto'."
+ fi
+ set_media $instname "$opt_media"
+ echo " ==> Link set to $opt_media for interface $instname"
+ elif [ -n "$opt_speed" -o -n "$opt_duplex" -o -n "$opt_auto" ]; then
+ set_media2 $instname "${opt_speed:--}" "${opt_duplex:--}" "${opt_auto:--}"
+ echo " ==> Link configuration changed for interface $instname"
+ fi
+
if [ ${#opt_slave[*]} -gt 0 ]; then
for arg in ${opt_slave[*]}; do
if ! $PFULLNAME status $arg >/dev/null 2>&1; then
@@ -221,8 +230,14 @@ function do_start {
if [ "${addr_list[$arg]}" = "dhcp" ]; then
echo " ==> Waiting for ip address with DHCP request ... "
dhcpcd -t 10 $instname
+ set -- $(ip addr show dev $instname | grep ' inet ')
+ if [ -n "$2" ]; then
+ echo " Device $instname has IP address $2"
+ else
+ echo " Device $instname has no IP address"
+ fi
else
- ip addr add ${addr_list[$arg]} dev $instname
+ ip addr add dev $instname ${addr_list[$arg]}
fi
arg=$[$arg+1]
done
@@ -231,8 +246,8 @@ function do_start {
while [ $arg -lt $route_idx ]; do
local dest gw
dest=${route_list[$arg]%%[ ]*}
- gw=${route_list[$arg]##*[ ]}
- ip route add $dest via $gw dev $instname
+ gw=${route_list[$arg]#*[ ]} # gw and potentially other ip args
+ ip route add $dest dev $instname via $gw
arg=$[$arg+1]
done
echo " ==> start $svcname${instname:+[$instname]} : Done."
diff --git a/sbin/init.d/sendmail b/sbin/init.d/sendmail
new file mode 100755
index 0000000..89be57c
--- /dev/null
+++ b/sbin/init.d/sendmail
@@ -0,0 +1,92 @@
+#!/bin/bash
+
+. `dirname $0`/functions
+
+# config parameters
+# service sendmail
+# bin <binary>
+# cmdline <cmd>
+# queuing <time_to_wait>
+# flags <additionnal command line flags>
+
+option config standard_option
+option queuing standard_option 15m
+option flags multiple_option
+option bin reserved_option /usr/sbin/sendmail
+option cmdline reserved_option '$bin -bd ${opt_config:+-C$opt_config} ${opt_queuing:+-q$opt_queuing} ${opt_flags[*]:+${opt_flags[*]}}'
+
+function do_help {
+ echo "Usage: ${0##*/} <status|start|update|install|help>"
+ echo "List of config.rc options (name, type, default value, current value) :"
+ echo
+ echo " - config : configuration file ; def= ; cur=$opt_confdir"
+ echo " - queing : polling interval ; def='15m' ; cur=$opt_current"
+ echo " - flags : command line flags ; def= ; cur=$opt_backup"
+ echo
+ exit 1
+}
+
+
+function do_install() {
+ echo "Creating sendmail environnement ... "
+ if [ ! -d /var/spool ] ; then
+ echo " Aborting: directory '/var/spool' directory does not exist."
+ exit 1
+ else
+ if [ ! -d /var/spool/clientmqueue ] ; then
+ mkdir -m 750 -p /var/spool/clientmqueue && \
+ chown smmsp:smmsp /var/spool/clientmqueue || exit 1
+ fi
+ if [ ! -d /var/spool/mail ] ; then
+ mkdir -m 751 -p /var/spool/mail && \
+ chown root:mail /var/spool/mail || exit 1
+ fi
+ if [ ! -d /var/spool/mqueue ] ; then
+ mkdir -m 700 -p /var/spool/mqueue && \
+ chown root:root /var/spool/mqueue || exit 1
+ fi
+ fi
+ if [ ! -e /etc/mail/local-host-names ] ; then
+ mkdir -p /etc/mail
+ touch /etc/mail/local-host-names
+ fi
+ if [ ! -d /var/state/mail ] ; then
+ mkdir -p /var/state/mail
+ fi
+ do_update $*
+}
+
+function do_update {
+ local type filename
+ echo "Updating sendmail databases ... "
+
+ # updating /etc/mail/aliases.db file
+ if [ ! -e /etc/mail/aliases ] ; then touch /etc/mail/aliases ; fi
+ $bin -bi > /dev/null 2>&1
+
+ # get all defined maps
+ grep "^K[^ ]* \+\(dbm\|btree\|hash\) \+.*" ${opt_confid:-/etc/mail/sendmail.cf} | \
+ sed 's@^K[^ ]\+ \([^ ]\+\).* \([a-zA-Z0-9/-]\+\)@\1 \2@' | while read ; do
+
+ set -- $REPLY
+ type=$1
+ filename=$2
+
+ # look for data file existance
+ if [ "x$filename" = "x" ] ; then continue ; fi
+ if [ ! -e "$filename" ] ; then touch $filename ; fi
+
+ # look for known map type
+ case "$type" in
+ dbm|btree|hash)
+ if [ ! -e $filename.db -o $filename -nt $filename.db ] ; then
+ makemap $type $filename.db < $filename
+ echo -n "$(basename $filename) "
+ fi
+ ;;
+ esac
+ done
+}
+
+load_config
+