/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to initramfs-tools-script

  • Committer: Teddy Hogeborn
  • Date: 2008-07-29 03:35:39 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080729033539-08zecoj3jwlkpjhw
* server.conf: New file.

* mandos-clients.conf: Renamed to clients.conf.

* Makefile (FORTIFY): New.
  (CFLAGS): Include $(FORTIFY).

* plugins.d/mandosclient.c (main): New "if_index" variable.  Bug fix:
                                   check if interface exists.  New
                                   "--connect" option.

* server.py (serviceInterface): Removed; replaced by
                                "AvahiService.interface".  All users
                                changed.
  (AvahiError, AvahiServiceError, AvahiGroupError): New exception
                                                    classes.
  (AvahiService): New class.
  (serviceName): Removed; replaced by "AvahiService.name".  All users
                 changed.
  (serviceType): Removed; replaced by "AvahiService.type".  All users
                 changed.
  (servicePort): Removed; replaced by "AvahiService.port".  All users
                 changed.
  (serviceTXT): Removed; replaced by "AvahiService.TXT".  All users
                changed.
  (domain): Removed; replaced by "AvahiService.domain".  All users
            changed.
  (host): Removed; replaced by "AvahiService.host".  All users
          changed.
  (rename_count): Removed; replaced by "AvahiService.rename_count" and
                 "AvahiService.max_renames".  All users changed.
  (Client.__init__): If no secret or secfile, raise TypeError instead
                     of RuntimeError.
  (Client.last_seen): Renamed to "Client.last_checked_ok".  All users
                      changed.
  (Client.stop, Client.stop_checker): Use "getattr" with default value
                                      instead of "hasattr".
  (Client.still_valid): Removed "now" argument.
  (Client.handle): Separate the "no client found" and "client invalid"
                   cases for clearer code.
  (IPv6_TCPServer.__init__): "options" argument replaced by
                             "settings".  All callers changed.
  (IPv6_TCPServer.options): Replaced by "IPv6_TCPServer.settings".
                            All users changed.
  (IPv6_TCPServer.server_bind): Use getattr instead of hasattr.
  (add_service): Removed; replaced by "AvahiService.add".  All callers
                 changed.
  (remove_service): Removed; replaced by "AvahiService.remove".  All
                    callers changed.
  (entry_group_state_changed): On entry group collision, call the new
                               AvahiService.rename method.  Raise
                               AvahiGroupError on group error.
  (if_nametoindex): Use ctypes.utils.find_library to locate the C
                    library.  Cache the result.  Loop on EINTR.
  (daemon): Use os.path.devnull to locate "/dev/null".
  (killme): Removed.  All callers changed to do "sys.exit()" instead,
            except where stated otherwise.
  (main): Removed "exitstatus".  Removed all default values from all
          non-bool options.  New option "--configdir".  New variables
          "server_defaults" and "server_settings", read from
          "%(configdir)s/server.conf".  Let any supplied command line
          options override server settings.   Variable "defaults"
          renamed to "client_defaults", which is read from
          "clients.conf" instead of "mandos-clients.conf".  New global
          AvahiService object "service" replaces old global variables.
          Catch AvahiError and exit with error if caught.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
#!/bin/sh -e
2
 
3
 
# This script will run in the initrd environment at boot and edit
4
 
# /conf/conf.d/cryptroot to set /lib/mandos/plugin-runner as keyscript
5
 
# when no other keyscript is set, before cryptsetup.
6
 
7
 
 
8
 
# This script should be installed as
9
 
# "/usr/share/initramfs-tools/scripts/init-premount/mandos" which will
10
 
# eventually be "/scripts/init-premount/mandos" in the initrd.img
11
 
# file.
12
 
 
13
 
PREREQ="udev"
14
 
prereqs()
15
 
{
16
 
    echo "$PREREQ"
17
 
}
18
 
 
19
 
case $1 in
20
 
prereqs)
21
 
        prereqs
22
 
        exit 0
23
 
        ;;
24
 
esac
25
 
 
26
 
. /scripts/functions
27
 
 
28
 
for param in `cat /proc/cmdline`; do
29
 
    case "$param" in
30
 
        ip=*) IPOPTS="${param#ip=}" ;;
31
 
        mandos=*)
32
 
            # Split option line on commas
33
 
            old_ifs="$IFS"
34
 
            IFS="$IFS,"
35
 
            for mpar in ${param#mandos=}; do
36
 
                IFS="$old_ifs"
37
 
                case "$mpar" in
38
 
                    off) exit 0 ;;
39
 
                    connect) connect="" ;;
40
 
                    connect:*) connect="${mpar#connect:}" ;;
41
 
                    *) log_warning_msg "$0: Bad option ${mpar}" ;;
42
 
                esac
43
 
            done
44
 
            unset mpar
45
 
            IFS="$old_ifs"
46
 
            unset old_ifs
47
 
            ;;
48
 
    esac
49
 
done
50
 
unset param
51
 
 
52
 
chmod a=rwxt /tmp
53
 
 
54
 
test -r /conf/conf.d/cryptroot
55
 
test -w /conf/conf.d
56
 
 
57
 
# Get DEVICE from /conf/initramfs.conf and other files
58
 
. /conf/initramfs.conf
59
 
for conf in /conf/conf.d/*; do
60
 
    [ -f ${conf} ] && . ${conf}
61
 
done
62
 
if [ -e /conf/param.conf ]; then
63
 
    . /conf/param.conf
64
 
fi
65
 
 
66
 
# Override DEVICE from sixth field of ip= kernel option, if passed
67
 
case "$IPOPTS" in
68
 
    *:*:*:*:*:*)                # At least six fields
69
 
        # Remove the first five fields
70
 
        device="${IPOPTS#*:*:*:*:*:}"
71
 
        # Remove all fields except the first one
72
 
        DEVICE="${device%%:*}"
73
 
        ;;
74
 
esac
75
 
 
76
 
# Add device setting (if any) to plugin-runner.conf
77
 
if [ "${DEVICE+set}" = set ]; then
78
 
    # Did we get the device from an ip= option?
79
 
    if [ "${device+set}" = set ]; then
80
 
        # Let ip= option override local config; append:
81
 
        cat <<-EOF >>/conf/conf.d/mandos/plugin-runner.conf
82
 
        
83
 
        --options-for=mandos-client:--interface=${DEVICE}
84
 
EOF
85
 
    else
86
 
        # Prepend device setting so any later options would override:
87
 
        sed -i -e \
88
 
            '1i--options-for=mandos-client:--interface='"${DEVICE}" \
89
 
            /conf/conf.d/mandos/plugin-runner.conf
90
 
    fi
91
 
fi
92
 
unset device
93
 
 
94
 
# If we are connecting directly, run "configure_networking" (from
95
 
# /scripts/functions); it needs IPOPTS and DEVICE
96
 
if [ "${connect+set}" = set ]; then
97
 
    configure_networking
98
 
    if [ -n "$connect" ]; then
99
 
        cat <<-EOF >>/conf/conf.d/mandos/plugin-runner.conf
100
 
        
101
 
        --options-for=mandos-client:--connect=${connect}
102
 
EOF
103
 
    fi
104
 
fi
105
 
 
106
 
# Do not replace cryptroot file unless we need to.
107
 
replace_cryptroot=no
108
 
 
109
 
# Our keyscript
110
 
mandos=/lib/mandos/plugin-runner
111
 
 
112
 
# parse /conf/conf.d/cryptroot.  Format:
113
 
# target=sda2_crypt,source=/dev/sda2,key=none,keyscript=/foo/bar/baz
114
 
exec 3>/conf/conf.d/cryptroot.mandos
115
 
while read options; do
116
 
    newopts=""
117
 
    # Split option line on commas
118
 
    old_ifs="$IFS"
119
 
    IFS="$IFS,"
120
 
    for opt in $options; do
121
 
        # Find the keyscript option, if any
122
 
        case "$opt" in
123
 
            keyscript=*)
124
 
                keyscript="${opt#keyscript=}"
125
 
                newopts="$newopts,$opt"
126
 
                ;;
127
 
            "") : ;;
128
 
            *)
129
 
                newopts="$newopts,$opt"
130
 
                ;;
131
 
        esac
132
 
    done
133
 
    IFS="$old_ifs"
134
 
    unset old_ifs
135
 
    # If there was no keyscript option, add one.
136
 
    if [ -z "$keyscript" ]; then
137
 
        replace_cryptroot=yes
138
 
        newopts="$newopts,keyscript=$mandos"
139
 
    fi
140
 
    newopts="${newopts#,}"
141
 
    echo "$newopts" >&3
142
 
done < /conf/conf.d/cryptroot
143
 
exec 3>&-
144
 
 
145
 
# If we need to, replace the old cryptroot file with the new file.
146
 
if [ "$replace_cryptroot" = yes ]; then
147
 
    mv /conf/conf.d/cryptroot /conf/conf.d/cryptroot.mandos-old
148
 
    mv /conf/conf.d/cryptroot.mandos /conf/conf.d/cryptroot
149
 
else
150
 
    rm /conf/conf.d/cryptroot.mandos
151
 
fi