X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=xinetd-cn.git;a=blobdiff_plain;f=debian%2Fpostinst;h=7e01fae288242219fb951023ef930ee55a07cb72;hp=20e4b9db92ff46fdc003bdfa3feb37ca8cfc074a;hb=a8373584dcf91245749f8fe7c6aafaf312ccb3dd;hpb=b5e7ef106f575b718c84ef2c0b91c08e57557a83 diff --git a/debian/postinst b/debian/postinst index 20e4b9d..7e01fae 100644 --- a/debian/postinst +++ b/debian/postinst @@ -12,9 +12,11 @@ PKG=xinetd-cn CONF=/etc/xinetd.conf INETDCONF=/etc/inetd.conf DEFAULT=/etc/default/xinetd +BACKUPDIR=/var/backups/xinetd-cn need_restart=0 temp_files= +xinetd_conf_did=0 # cleanup() # @@ -32,6 +34,32 @@ cleanup () { fi } +# backup_and_disable_service() +# +# Backup and disable service with invalid configuration. +# Arguments: service, services_file +# +backup_and_disable_service () { + + local serv servfile out + serv="$1" + servfile="$2" + + if cp_backup_conffile -r -d $BACKUPDIR -p /etc/xinetd.d/$servfile; then + cp_echo "CN: Old /etc/xinetd.d/$servfile saved as $BACKUPDIR/`basename /etc/xinetd.d/$servfile`.bak." + fi + + cp_echo "CN: Disabling service '$serv' in configuration file /etc/xinetd.d/$servfile." + + out=`mktemp /etc/xinetd.d/$servfile.tmp.XXXXXX` + temp_files="$temp_files $out" + + sed -r "/^[[:space:]]*service[[:space:]]+$serv[[:space:]]*$/,/^}/ s/^(.*)/#\1/" \ + /etc/xinetd.d/$servfile > $out + rm -f /etc/xinetd.d/$servfile + mv "$out" "/etc/xinetd.d/$servfile" + chmod 644 "/etc/xinetd.d/$servfile" +} # Set trap for deleting all temp files. # @@ -39,11 +67,11 @@ trap cleanup 0 1 2 15 # First, we do backup (inetd, xinetd) # -if cp_check_and_backup "$INETDCONF"; then - cp_echo "CN: Old $INETDCONF saved as /var/backups/`basename $INETDCONF`.bak." +if cp_backup_conffile -r -d $BACKUPDIR -p $INETDCONF; then + cp_echo "CN: Old $INETDCONF saved as $BACKUPDIR/`basename $INETDCONF`.bak." fi -if cp_check_and_backup "$CONF"; then - cp_echo "CN: Old $CONF saved as /var/backups/`basename $CONF`.bak." +if cp_backup_conffile -r -d $BACKUPDIR -p $CONF; then + cp_echo "CN: Old $CONF saved as $BACKUPDIR/`basename $CONF`.bak." fi CONFTMP=`mktemp $CONF.tmp.XXXXXX` @@ -52,7 +80,7 @@ temp_files="$CONFTMP" if [ -f "$INETDCONF" ]; then # Convert inetd.conf to temporary xinetd.conf file using xconv.pl tool - /usr/sbin/xconv.pl < $INETDCONF > $CONFTMP + egrep -v "^##" $INETDCONF | /usr/sbin/xconv.pl > $CONFTMP || true fi # Parse /etc/xinetd.conf file and convert services' configuration to @@ -60,9 +88,12 @@ fi # conffile_list="$CONFTMP" if [ -f "$CONF" ]; then - conffile_list="$CONF $conffile_list" + if egrep -q "^[[:space:]]*service[[:space:]]+" "$CONF"; then + conffile_list="$CONF $conffile_list" + xinetd_conf_did=1 + fi fi -services_list="`cat $conffile_list | grep "^service " | uniq | sed 's/service //g'`" || true +services_list="`sed -nr 's/^[[:space:]]*service[[:space:]]+//p' $conffile_list | uniq`" if [ -n "$services_list" ]; then @@ -70,8 +101,8 @@ if [ -n "$services_list" ]; then if [ -f "/etc/xinetd.d/$service" ]; then - if cp_check_and_backup "/etc/xinetd.d/$service"; then - cp_echo "CN: Old /etc/xinetd.d/$service saved as /var/backups/`basename /etc/xinetd.d/$service`.bak." + if cp_backup_conffile -r -d $BACKUPDIR -p /etc/xinetd.d/$service; then + cp_echo "CN: Old /etc/xinetd.d/$service saved as $BACKUPDIR/`basename /etc/xinetd.d/$service`.bak." fi rm -f /etc/xinetd.d/$service @@ -79,17 +110,18 @@ if [ -n "$services_list" ]; then touch /etc/xinetd.d/$service || true # cat "$CONF" "$CONFTMP" | sed -n "/^service $service/,/^}/p" | cp-update "$PKG" "/etc/xinetd.d/$service" - cat "$CONF" "$CONFTMP" | sed -n "/^service $service/,/^}/p" >> "/etc/xinetd.d/$service" + sed -rn "/^[[:space:]]*service[[:space:]]+$service[[:space:]]*$/,/^}/p" \ + $conffile_list >> "/etc/xinetd.d/$service" need_restart=1 done - if egrep -q "service " "$CONFTMP"; then + if egrep -q "^[[:space:]]*service[[:space:]]+" "$CONFTMP"; then cp_echo "CN: All services were converted from $INETDCONF file to separated" cp_echo "CN: configuration files located in /etc/xinetd.d/ directory." fi - if [ -f "$CONF" ]; then + if [ $xinetd_conf_did -eq 1 ]; then cp_echo "CN: All services were converted from $CONF file to separated" cp_echo "CN: configuration files located in /etc/xinetd.d/ directory." fi @@ -105,8 +137,8 @@ fi # Remove services from /etc/xinetd.conf file # -cp_check_and_sed "^service " \ - "/^service/,/^}/d" \ +cp_check_and_sed "^[[:space:]]*service[[:space:]]+" \ + "/^[[:space:]]*service[[:space:]]/,/^}/d" \ "$CONF" && need_restart=1 || true # Check if there is no defaults block in /etc/xinetd.conf @@ -129,6 +161,73 @@ if ! egrep -q '^includedir /etc/xinetd.d' "$CONF"; then need_restart=1 fi +# Validate services' configuration. +# +services_file_list="`ls -1 /etc/xinetd.d/`" +if [ -n "$services_file_list" ]; then + + for services_file in $services_file_list; do + + # Get services list from $services_file + services_list="`sed -rn "s/^[[:space:]]*service[[:space:]]+(.*)[[:space:]]*$/\1/p" /etc/xinetd.d/$services_file`" + + if [ -n "$services_list" ]; then + + for service in $services_list; do + + service_disable=0 + service_block="`sed -rn "/^[[:space:]]*service[[:space:]]+$service[[:space:]]*$/,/^}/p" /etc/xinetd.d/$services_file`" + + # Check service's user + service_user="`echo "$service_block" | sed -nr "s/^[[:space:]]*user[[:space:]]*=[[:space:]]*(.*)[[:space:]]*$/\1/p"`" + if [ -n "$service_user" ]; then + + for service_user_x in $service_user; do + service_user_chk="`getent passwd $service_user_x`" || true + if [ -z "$service_user_chk" ]; then + cp_echo "CN: Error in /etc/xinetd.d/$services_file for service '$service' - user '$service_user_x' does not exist." + service_disable=1 + break + fi + done + fi + + # Check service's group + service_group="`echo "$service_block" | sed -nr "s/^[[:space:]]*group[[:space:]]*=[[:space:]]*(.*)[[:space:]]*$/\1/p"`" + if [ -n "$service_group" ]; then + + for service_group_x in $service_group; do + service_group_chk="`getent passwd $service_group_x`" || true + if [ -z "$service_group_chk" ]; then + cp_echo "CN: Error in /etc/xinetd.d/$services_file for service '$service' - group '$service_group_x' does not exist." + service_disable=1 + break + fi + done + fi + + # Check service's binary + service_server="`echo "$service_block" | sed -nr "s/^[[:space:]]*server[[:space:]]*=[[:space:]]*(.*)[[:space:]]*$/\1/p"`" + if [ -n "$service_server" ]; then + + for service_server_x in $service_server; do + if [ ! -x "$service_server_x" ]; then + cp_echo "CN: Error in /etc/xinetd.d/$services_file for service '$service' - server '$service_server_x' does not exist." + service_disable=1 + break + fi + done + fi + + if [ $service_disable -eq 1 ]; then + backup_and_disable_service "$service" "$services_file" + need_restart=1 + fi + done + fi + done +fi + # Remove -inetd_compat option and set INETD_COMPAT to 'No' in /etc/default/xinetd # if [ -f "$DEFAULT" ]; then