/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to initramfs-tools-hook

  • Committer: Teddy Hogeborn
  • Date: 2008-12-10 01:26:02 UTC
  • mfrom: (237.1.2 mandos)
  • Revision ID: teddy@fukt.bsnet.se-20081210012602-vhz3h75xkj24t340
First version of a somewhat complete D-Bus server interface.  Also
change user/group name to "_mandos".

* debian/mandos.postinst: Rename old "mandos" user and group to
                          "_mandos"; create "_mandos" user and group
                          if none exist.
* debian/mandos-client.postinst: - '' -

* initramfs-tools-hook: Try "_mandos" before "mandos" as user and
                        group name.

* mandos (_datetime_to_dbus_struct): New; was previously local.
  (Client.started): Renamed to "last_started".  All users changed.
  (Client.started): New; boolean.
  (Client.dbus_object_path): New.
  (Client.check_command): Renamed to "checker_command".  All users
                          changed.
  (Client.__init__): Set and use "self.dbus_object_path".  Set
                     "self.started".
  (Client.start): Update "self.started".  Emit "self.PropertyChanged"
                  signals for both "started" and "last_started".
  (Client.stop): Update "self.started".  Emit "self.PropertyChanged"
                 signal for "started".
  (Client.checker_callback): Take additional "command" argument.  All
                             callers changed. Emit
                             "self.PropertyChanged" signal.
  (Client.bump_timeout): Emit "self.PropertyChanged" signal for
                         "last_checked_ok".
  (Client.start_checker): Emit "self.PropertyChanged" signal for
                          "checker_running".
  (Client.stop_checker): Emit "self.PropertyChanged" signal for
                         "checker_running".
  (Client.still_valid): Bug fix: use "getattr(self, started, False)"
                        instead of "self.started" in case this client
                        object is so new that the "started" attribute
                        has not been created yet.
  (Client.IntervalChanged, Client.CheckerIsRunning, Client.GetChecker,
  Client.GetCreated, Client.GetFingerprint, Client.GetHost,
  Client.GetInterval, Client.GetName, Client.GetStarted,
  Client.GetTimeout, Client.StateChanged, Client.TimeoutChanged):
  Removed; all callers changed.
  (Client.CheckerCompleted): Add "condition" and "command" arguments.
                             All callers changed.
  (Client.GetAllProperties, Client.PropertyChanged): New.
  (Client.StillValid): Renamed to "IsStillValid".
  (Client.StartChecker): Changed to its own function to avoid the
                         return value from "Client.start_checker()".
  (Client.Stop): Changed to its own function to avoid the return value
                 from "Client.stop()".
  (main): Try "_mandos" before "mandos" as user and group name.
          Removed inner function "remove_from_clients".  New inner
          class "MandosServer".

Show diffs side-by-side

added added

removed removed

Lines of Context:
51
51
    exit 1
52
52
fi
53
53
 
54
 
set `{ getent passwd _mandos \
55
 
    || getent passwd nobody \
56
 
    || echo ::65534:65534:::; } \
57
 
    | cut --delimiter=: --fields=3,4 --only-delimited \
58
 
    --output-delimiter=" "`
59
 
mandos_user="$1"
60
 
mandos_group="$2"
 
54
mandos_user="`{ getent passwd _mandos \
 
55
                || getent passwd mandos \
 
56
                || getent passwd nobody \
 
57
                || echo ::65534::::; } \
 
58
        | awk --field-separator=: '{ print $3 }'`" 
 
59
mandos_group="`{ getent group _mandos \
 
60
                || getent group mandos \
 
61
                || getent group nogroup \
 
62
                || echo ::65534:; } \
 
63
        | awk --field-separator=: '{ print $3 }'`"
61
64
 
62
65
# The Mandos network client uses the network
63
66
auto_add_modules net
68
71
CONFDIR="/conf/conf.d/mandos"
69
72
MANDOSDIR="/lib/mandos"
70
73
PLUGINDIR="${MANDOSDIR}/plugins.d"
71
 
HOOKDIR="${MANDOSDIR}/network-hooks.d"
72
74
 
73
75
# Make directories
74
76
install --directory --mode=u=rwx,go=rx "${DESTDIR}${CONFDIR}" \
75
 
        "${DESTDIR}${MANDOSDIR}" "${DESTDIR}${HOOKDIR}"
 
77
        "${DESTDIR}${MANDOSDIR}"
76
78
install --owner=${mandos_user} --group=${mandos_group} --directory \
77
79
    --mode=u=rwx "${DESTDIR}${PLUGINDIR}"
78
80
 
89
91
        continue
90
92
    fi
91
93
    case "$base" in
92
 
        *~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)
93
 
            : ;;
94
 
        "*") echo "W: Mandos client plugin directory is empty." >&2 ;;
95
 
        *) copy_exec "$file" "${PLUGINDIR}" ;;
 
94
        *~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert) : ;;
 
95
        "*") :;;
 
96
        *) copy_exec "$file" "${PLUGINDIR}";;
96
97
    esac
97
98
done
98
99
 
100
101
for file in /etc/mandos/plugins.d/*; do
101
102
    base="`basename \"$file\"`"
102
103
    case "$base" in
103
 
        *~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)
104
 
            : ;;
105
 
        "*") : ;;
106
 
        *) copy_exec "$file" "${PLUGINDIR}" ;;
107
 
    esac
108
 
done
109
 
 
110
 
# Copy network hooks
111
 
for hook in /etc/mandos/network-hooks.d/*; do
112
 
    case "`basename \"$hook\"`" in
113
 
        "*") continue ;;
114
 
        *[!A-Za-z0-9_.-]*) continue ;;
115
 
        *) test -d "$hook" || copy_exec "$hook" "${HOOKDIR}" ;;
116
 
    esac
117
 
    if [ -x "$hook" ]; then
118
 
        # Copy any files needed by the network hook
119
 
        MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=files \
120
 
            VERBOSITY=0 "$hook" files | while read file target; do
121
 
            if [ -z "${target}" ]; then
122
 
                copy_exec "$file"
123
 
            else
124
 
                copy_exec "$file" "$target"
125
 
            fi
126
 
        done
127
 
        # Copy and load any modules needed by the network hook
128
 
        MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=modules \
129
 
            VERBOSITY=0 "$hook" modules | while read module; do
130
 
            if [ -z "${target}" ]; then
131
 
                force_load "$module"
132
 
            fi
133
 
        done
134
 
    fi
 
104
        *~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert) : ;;
 
105
        "*") :;;
 
106
        *) copy_exec "$file" "${PLUGINDIR}";;
 
107
    esac
135
108
done
136
109
 
137
110
# GPGME needs /usr/bin/gpg
142
115
fi
143
116
 
144
117
# Config files
145
 
for file in /etc/mandos/plugin-runner.conf; do
 
118
for file in /etc/mandos/*; do
146
119
    if [ -d "$file" ]; then
147
120
        continue
148
121
    fi
150
123
done
151
124
 
152
125
if [ ${mandos_user} != 65534 ]; then
153
 
    sed --in-place --expression="1i--userid=${mandos_user}" \
154
 
        "${DESTDIR}${CONFDIR}/plugin-runner.conf"
 
126
    PLUGINRUNNERCONF="${DESTDIR}${CONFDIR}/plugin-runner.conf"
 
127
    echo "--userid=${mandos_user}" >> "$PLUGINRUNNERCONF"
155
128
fi
156
129
 
157
130
if [ ${mandos_group} != 65534 ]; then
158
 
    sed --in-place --expression="1i--groupid=${mandos_group}" \
159
 
        "${DESTDIR}${CONFDIR}/plugin-runner.conf"
 
131
    PLUGINRUNNERCONF="${DESTDIR}${CONFDIR}/plugin-runner.conf"
 
132
    echo "--groupid=${mandos_group}" >> "$PLUGINRUNNERCONF"
160
133
fi
161
134
 
162
 
# Key files
163
 
for file in "$keydir"/*; do
 
135
# Key files 
 
136
for file in  "$keydir"/*; do
164
137
    if [ -d "$file" ]; then
165
138
        continue
166
139
    fi
195
168
        chmod a+rX "${DESTDIR}$dir"
196
169
    fi
197
170
done
198
 
for dir in "${DESTDIR}"/lib* "${DESTDIR}"/usr/lib*; do
199
 
    if [ -d "$dir" ]; then
200
 
        find "$dir" \! -perm -u+rw,g+r -prune -or -print0 \
201
 
            | xargs --null --no-run-if-empty chmod a+rX
202
 
    fi
 
171
for dir in /lib /usr/lib; do
 
172
    find "${DESTDIR}$dir" \! -perm -u+rw,g+r -prune -or -print0 \
 
173
        | xargs --null --no-run-if-empty chmod a+rX
203
174
done