From e8a54c23f351395990965c9b147eeba122d6de09 Mon Sep 17 00:00:00 2001 From: Dragan Dosen Date: Sat, 21 Feb 2009 14:28:14 +0100 Subject: [PATCH] Servisi koji su onemoguceni u datoteci /etc/inetd.conf ne migriraju se, provjera ispravnosti konfiguracije servisa. Dodatna provjera konfiguracije pojedinog servisa - servis koji nema ispravne atribute je onemogucen ('user', 'group', 'server'). Izmjena u README.CARNet datoteci, ispravke za sed i egrep u debian/postinst. --- debian/README.CARNet | 7 +++- debian/changelog | 4 +++ debian/postinst | 96 ++++++++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 99 insertions(+), 8 deletions(-) diff --git a/debian/README.CARNet b/debian/README.CARNet index 533dfb0..9b73ec1 100644 --- a/debian/README.CARNet +++ b/debian/README.CARNet @@ -9,7 +9,8 @@ INSTALACIJA: Servisi koji su zapisani u /etc/inetd.conf datoteci bit ce automatski konvertirani u zasebne konfiguracijske datoteke unutar -/etc/xinetd.d/ direktorija. +/etc/xinetd.d/ direktorija. To vrijedi samo za one servise koji +nisu onemoguceni unutar /etc/inetd.conf datoteke. Servisi koji su konfigurirani unutar konfiguracijske datoteke /etc/xinetd.conf bit ce takodjer automatski konvertirani u @@ -17,6 +18,10 @@ zasebne konfiguracije u /etc/xinetd.d/ direktoriju. U datoteci /etc/xinetd.conf ostat ce samo globalne opcije i linija koja ukljucuje konfiguraciju iz /etc/xinetd.d/ direktorija. +Konfiguracija pojedinog servisa dodatno se provjerava - u slucaju +da servis nema ispravne atribute ('user', 'group' ili 'server'), +isti ce biti onemogucen (zakomentiran). + VAZNA NAPOMENA: diff --git a/debian/changelog b/debian/changelog index a799cef..2392606 100644 --- a/debian/changelog +++ b/debian/changelog @@ -10,6 +10,10 @@ xinetd-cn (1:2.3.14-2) stable; urgency=low /etc/default/xinetd - isti se postavlja u 'INETD_COMPAT=No', + backup konfiguracijskih datoteka od sada se nalazi unutar direktorija /var/backups/xinetd-cn/, + + servisi koji su onemoguceni unutar /etc/inetd.conf datoteke + ne migriraju se, + + provjera konfiguracije pojedinog servisa - servis koji nema + ispravne atribute je onemogucen ('user', 'group', 'server'), + dodatne manje izmjene. * Datoteka debian/control: + ovisnost o xinetd (>= 1:2.3.14-7~cn1). diff --git a/debian/postinst b/debian/postinst index b7878b6..b6ff377 100644 --- a/debian/postinst +++ b/debian/postinst @@ -34,6 +34,32 @@ cleanup () { fi } +# backup_and_disable_service() +# +# Backup and disable service with invalid configuration. +# Arguments: service, services_file +# +backup_and_disable_service () { + + local serv servfile out + serv="$1" + servfile="$2" + + if cp_backup_conffile -r -d $BACKUPDIR -p /etc/xinetd.d/$servfile; then + cp_echo "CN: Old /etc/xinetd.d/$servfile saved as $BACKUPDIR/`basename /etc/xinetd.d/$servfile`.bak." + fi + + cp_echo "CN: Disabling service '$serv' in configuration file /etc/xinetd.d/$servfile." + + out=`mktemp /etc/xinetd.d/$servfile.tmp.XXXXXX` + temp_files="$temp_files $out" + + sed -r "/^[[:space:]]*service[[:space:]]+$serv[[:space:]]*$/,/^}/ s/^(.*)/#\1/" \ + /etc/xinetd.d/$servfile > $out + rm -f /etc/xinetd.d/$servfile + mv "$out" "/etc/xinetd.d/$servfile" + chmod 644 "/etc/xinetd.d/$servfile" +} # Set trap for deleting all temp files. # @@ -54,7 +80,7 @@ temp_files="$CONFTMP" if [ -f "$INETDCONF" ]; then # Convert inetd.conf to temporary xinetd.conf file using xconv.pl tool - /usr/sbin/xconv.pl < $INETDCONF > $CONFTMP + egrep -v "^##" $INETDCONF | /usr/sbin/xconv.pl > $CONFTMP || true fi # Parse /etc/xinetd.conf file and convert services' configuration to @@ -62,12 +88,12 @@ fi # conffile_list="$CONFTMP" if [ -f "$CONF" ]; then - if egrep -q "^service[[:space:]]+" "$CONF"; then + if egrep -q "^[[:space:]]*service[[:space:]]+" "$CONF"; then conffile_list="$CONF $conffile_list" xinetd_conf_did=1 fi fi -services_list="`cat $conffile_list | egrep "^service[[:space:]]+" | sed -r 's/service[[:space:]]+//g' | uniq`" || true +services_list="`sed -nr 's/^[[:space:]]*service[[:space:]]+//p' $conffile_list | uniq`" if [ -n "$services_list" ]; then @@ -84,12 +110,13 @@ if [ -n "$services_list" ]; then touch /etc/xinetd.d/$service || true # cat "$CONF" "$CONFTMP" | sed -n "/^service $service/,/^}/p" | cp-update "$PKG" "/etc/xinetd.d/$service" - cat $conffile_list | sed -rn "/^service[[:space:]]+$service/,/^}/p" >> "/etc/xinetd.d/$service" + sed -rn "/^[[:space:]]*service[[:space:]]+$service[[:space:]]*$/,/^}/p" \ + $conffile_list >> "/etc/xinetd.d/$service" need_restart=1 done - if egrep -q "^service[[:space:]]+" "$CONFTMP"; then + if egrep -q "^[[:space:]]*service[[:space:]]+" "$CONFTMP"; then cp_echo "CN: All services were converted from $INETDCONF file to separated" cp_echo "CN: configuration files located in /etc/xinetd.d/ directory." fi @@ -110,8 +137,8 @@ fi # Remove services from /etc/xinetd.conf file # -cp_check_and_sed "^service[[:space:]]+" \ - "/^service[[:space:]]/,/^}/d" \ +cp_check_and_sed "^[[:space:]]*service[[:space:]]+" \ + "/^[[:space:]]*service[[:space:]]/,/^}/d" \ "$CONF" && need_restart=1 || true # Check if there is no defaults block in /etc/xinetd.conf @@ -134,6 +161,61 @@ if ! egrep -q '^includedir /etc/xinetd.d' "$CONF"; then need_restart=1 fi +# Validate services' configuration. +# +services_file_list="`ls -1 /etc/xinetd.d/`" +if [ -n "$services_file_list" ]; then + + for services_file in $services_file_list; do + + # Get services list from $services_file + services_list="`sed -rn "s/^[[:space:]]*service[[:space:]]+(.*)[[:space:]]*$/\1/p" /etc/xinetd.d/$services_file`" + + if [ -n "$services_list" ]; then + + for service in $services_list; do + + service_disable=0 + service_block="`sed -rn "/^[[:space:]]*service[[:space:]]+$service[[:space:]]*$/,/^}/p" /etc/xinetd.d/$services_file`" + + # Check service's user + service_user="`echo "$service_block" | sed -nr "s/^[[:space:]]*user[[:space:]]*=[[:space:]]*(.*)[[:space:]]*$/\1/p"`" + if [ -n "$service_user" ]; then + + service_user_chk="`getent passwd "$service_user"`" || true + if [ -z "$service_user_chk" ]; then + cp_echo "CN: Error in /etc/xinetd.d/$services_file for service '$service' - user '$service_user' does not exist." + service_disable=1 + fi + fi + + # Check service's group + service_group="`echo "$service_block" | sed -nr "s/^[[:space:]]*group[[:space:]]*=[[:space:]]*(.*)[[:space:]]*$/\1/p"`" + if [ -n "$service_group" ]; then + + service_group_chk="`getent passwd "$service_group"`" || true + if [ -z "$service_group_chk" ]; then + cp_echo "CN: Error in /etc/xinetd.d/$services_file for service '$service' - group '$service_group' does not exist." + service_disable=1 + fi + fi + + # Check service's binary + service_server="`echo "$service_block" | sed -nr "s/^[[:space:]]*server[[:space:]]*=[[:space:]]*(.*)[[:space:]]*$/\1/p"`" + if [ -n "$service_server" ] && [ ! -x "$service_server" ]; then + cp_echo "CN: Error in /etc/xinetd.d/$services_file for service '$service' - server '$service_server' does not exist." + service_disable=1 + fi + + if [ $service_disable -eq 1 ]; then + backup_and_disable_service "$service" "$services_file" + need_restart=1 + fi + done + fi + done +fi + # Remove -inetd_compat option and set INETD_COMPAT to 'No' in /etc/default/xinetd # if [ -f "$DEFAULT" ]; then -- 1.7.10.4