/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to initramfs-tools-script

First version of a somewhat complete D-Bus server interface.  Also
change user/group name to "_mandos".

* debian/mandos.postinst: Rename old "mandos" user and group to
                          "_mandos"; create "_mandos" user and group
                          if none exist.
* debian/mandos-client.postinst: - '' -

* initramfs-tools-hook: Try "_mandos" before "mandos" as user and
                        group name.

* mandos (_datetime_to_dbus_struct): New; was previously local.
  (Client.started): Renamed to "last_started".  All users changed.
  (Client.started): New; boolean.
  (Client.dbus_object_path): New.
  (Client.check_command): Renamed to "checker_command".  All users
                          changed.
  (Client.__init__): Set and use "self.dbus_object_path".  Set
                     "self.started".
  (Client.start): Update "self.started".  Emit "self.PropertyChanged"
                  signals for both "started" and "last_started".
  (Client.stop): Update "self.started".  Emit "self.PropertyChanged"
                 signal for "started".
  (Client.checker_callback): Take additional "command" argument.  All
                             callers changed. Emit
                             "self.PropertyChanged" signal.
  (Client.bump_timeout): Emit "self.PropertyChanged" signal for
                         "last_checked_ok".
  (Client.start_checker): Emit "self.PropertyChanged" signal for
                          "checker_running".
  (Client.stop_checker): Emit "self.PropertyChanged" signal for
                         "checker_running".
  (Client.still_valid): Bug fix: use "getattr(self, started, False)"
                        instead of "self.started" in case this client
                        object is so new that the "started" attribute
                        has not been created yet.
  (Client.IntervalChanged, Client.CheckerIsRunning, Client.GetChecker,
  Client.GetCreated, Client.GetFingerprint, Client.GetHost,
  Client.GetInterval, Client.GetName, Client.GetStarted,
  Client.GetTimeout, Client.StateChanged, Client.TimeoutChanged):
  Removed; all callers changed.
  (Client.CheckerCompleted): Add "condition" and "command" arguments.
                             All callers changed.
  (Client.GetAllProperties, Client.PropertyChanged): New.
  (Client.StillValid): Renamed to "IsStillValid".
  (Client.StartChecker): Changed to its own function to avoid the
                         return value from "Client.start_checker()".
  (Client.Stop): Changed to its own function to avoid the return value
                 from "Client.stop()".
  (main): Try "_mandos" before "mandos" as user and group name.
          Removed inner function "remove_from_clients".  New inner
          class "MandosServer".

Show diffs side-by-side

added added

removed removed

Lines of Context:
6
6
7
7
 
8
8
# This script should be installed as
9
 
# "/usr/share/initramfs-tools/scripts/init-premount/mandos" which will
10
 
# eventually be "/scripts/init-premount/mandos" in the initrd.img
11
 
# file.
 
9
# "/usr/share/initramfs-tools/scripts/local-top/mandos" which will
 
10
# eventually be "/scripts/local-top/mandos" in the initrd.img file.
12
11
 
13
 
# No initramfs pre-requirements.
14
 
PREREQ="udev"
 
12
# No initramfs pre-requirements; we must instead run BEFORE cryptroot.
 
13
# This is not a problem, since cryptroot forces itself to run LAST.
 
14
PREREQ=""
15
15
prereqs()
16
16
{
17
 
    echo "$PREREQ"
 
17
     echo "$PREREQ"
18
18
}
19
19
 
20
20
case $1 in
21
21
prereqs)
22
 
        prereqs
23
 
        exit 0
24
 
        ;;
 
22
     prereqs
 
23
     exit 0
 
24
     ;;
25
25
esac
26
26
 
27
 
. /scripts/functions
28
 
 
29
 
for param in `cat /proc/cmdline`; do
30
 
    case "$param" in
31
 
        ip=*) IPOPTS="${param#ip=}" ;;
32
 
        mandos=*)
33
 
            # Split option line on commas
34
 
            old_ifs="$IFS"
35
 
            IFS="$IFS,"
36
 
            for mpar in ${param#mandos=}; do
37
 
                IFS="$old_ifs"
38
 
                case "$mpar" in
39
 
                    off) exit 0 ;;
40
 
                    connect) connect="" ;;
41
 
                    connect:*) connect="${mpar#connect:}" ;;
42
 
                    *) log_warning_msg "$0: Bad option ${mpar}" ;;
43
 
                esac
44
 
            done
45
 
            unset mpar
46
 
            IFS="$old_ifs"
47
 
            unset old_ifs
48
 
            ;;
49
 
    esac
50
 
done
51
 
unset param
52
 
 
53
27
chmod a=rwxt /tmp
54
28
 
55
 
test -r /conf/conf.d/cryptroot
56
 
test -w /conf/conf.d
57
 
 
58
 
# Get DEVICE from /conf/initramfs.conf and other files
59
 
. /conf/initramfs.conf
60
 
for conf in /conf/conf.d/*; do
61
 
    [ -f ${conf} ] && . ${conf}
62
 
done
63
 
if [ -e /conf/param.conf ]; then
64
 
    . /conf/param.conf
65
 
fi
66
 
 
67
 
# Override DEVICE from sixth field of ip= kernel option, if passed
68
 
case "$IPOPTS" in
69
 
    *:*:*:*:*:*)                # At least six fields
70
 
        # Remove the first five fields
71
 
        device="${IPOPTS#*:*:*:*:*:}"
72
 
        # Remove all fields except the first one
73
 
        DEVICE="${device%%:*}"
74
 
        ;;
75
 
esac
76
 
 
77
 
# Add device setting (if any) to plugin-runner.conf
78
 
if [ "${DEVICE+set}" = set ]; then
79
 
    # Did we get the device from an ip= option?
80
 
    if [ "${device+set}" = set ]; then
81
 
        # Let ip= option override local config; append:
82
 
        cat <<-EOF >>/conf/conf.d/mandos/plugin-runner.conf
83
 
        
84
 
        --options-for=mandos-client:--interface=${DEVICE}
85
 
EOF
86
 
    else
87
 
        # Prepend device setting so any later options would override:
88
 
        sed -i -e \
89
 
            '1i--options-for=mandos-client:--interface='"${DEVICE}" \
90
 
            /conf/conf.d/mandos/plugin-runner.conf
91
 
    fi
92
 
fi
93
 
unset device
94
 
 
95
 
# If we are connecting directly, run "configure_networking" (from
96
 
# /scripts/functions); it needs IPOPTS and DEVICE
97
 
if [ "${connect+set}" = set ]; then
98
 
    configure_networking
99
 
    if [ -n "$connect" ]; then
100
 
        cat <<-EOF >>/conf/conf.d/mandos/plugin-runner.conf
101
 
        
102
 
        --options-for=mandos-client:--connect=${connect}
103
 
EOF
104
 
    fi
105
 
fi
 
29
test -w /conf/conf.d/cryptroot
106
30
 
107
31
# Do not replace cryptroot file unless we need to.
108
32
replace_cryptroot=no