From 1f938570927a03713b0aae1626aebaa0db4fb4f5 Mon Sep 17 00:00:00 2001 From: John Crispin Date: Wed, 13 Nov 2013 10:49:41 +0000 Subject: [PATCH] procd: convert services to the new validation api Signed-off-by: John Crispin SVN-Revision: 38787 --- .../services/dropbear/files/dropbear.init | 109 ++++++++---------- package/utils/busybox/files/sysntpd | 30 ++--- 2 files changed, 67 insertions(+), 72 deletions(-) diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init index 320a401e2e22..97017dd4a895 100755 --- a/package/network/services/dropbear/files/dropbear.init +++ b/package/network/services/dropbear/files/dropbear.init @@ -12,76 +12,68 @@ PIDCOUNT=0 EXTRA_COMMANDS="killclients" EXTRA_HELP=" killclients Kill ${NAME} processes except servers and yourself" -dropbear_instance() +append_ports() { - append_ports() - { - local ifname="$1" - local port="$2" - - grep -qs "^ *$ifname:" /proc/net/dev || { - procd_append_param command -p "$port" - return - } + local ifname="$1" + local port="$2" - for addr in $( - ifconfig "$ifname" | sed -ne ' - /addr: *fe[89ab][0-9a-f]:/d - s/.* addr: *\([0-9a-f:\.]*\).*/\1/p - ' - ); do - procd_append_param command -p "$addr:$port" - done + grep -qs "^ *$ifname:" /proc/net/dev || { + procd_append_param command -p "$port" + return } + for addr in $( + ifconfig "$ifname" | sed -ne ' + /addr: *fe[89ab][0-9a-f]:/d + s/.* addr: *\([0-9a-f:\.]*\).*/\1/p + ' + ); do + procd_append_param command -p "$addr:$port" + done +} + +validate_section_dropbear() +{ + uci_validate_section dropbear dropbear "${1}" \ + 'PasswordAuth:bool:1' \ + 'enable:bool:1' \ + 'Interface:string' \ + 'GatewayPorts:integer:0' \ + 'RootPasswordAuth:bool:1' \ + 'RootLogin:bool:1' \ + 'rsakeyfile:file' \ + 'dsskeyfile:file' \ + 'BannerFile:file' \ + 'Port:list(port):22' + return $? +} - local section="$1" +dropbear_instance() +{ + local PasswordAuth enable Interface GatewayPorts \ + RootPasswordAuth RootLogin rsakeyfile \ + dsskeyfile BannerFile Port - # check if section is enabled (default) - local enabled - config_get_bool enabled "${section}" enable 1 - [ "${enabled}" -eq 0 ] && return 1 + validate_section_dropbear "${1}" || { + echo "validation failed" + return 1 + } - # increase pid file count to handle multiple instances correctly + [ "${enable}" = "0" ] && return 1 PIDCOUNT="$(( ${PIDCOUNT} + 1))" - local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid" procd_open_instance procd_set_param command "$PROG" -F -P "$pid_file" - - # prepare parameters (initialise with pid file) - local val - - # A) password authentication - config_get_bool val "${section}" PasswordAuth 1 - [ "${val}" -eq 0 ] && procd_append_param command -s - - # B) listen interface and port - local port - local interface - config_get interface "${section}" Interface - [ -n "$interface" ] && network_get_device interface "$interface" - config_get port "${section}" Port 22 - append_ports "$interface" "$port" - # C) banner file - config_get val "${section}" BannerFile - [ -f "${val}" ] && procd_append_param command -b "${val}" - # D) gatewayports - config_get_bool val "${section}" GatewayPorts 0 - [ "${val}" -eq 1 ] && procd_append_param command -a - # E) root password authentication - config_get_bool val "${section}" RootPasswordAuth 1 - [ "${val}" -eq 0 ] && procd_append_param command -g - # F) root login - config_get_bool val "${section}" RootLogin 1 - [ "${val}" -eq 0 ] && procd_append_param command -w - # G) host keys - config_get val "${section}" rsakeyfile - [ -f "${val}" ] && procd_append_param command -r "${val}" - config_get val "${section}" dsskeyfile - [ -f "${val}" ] && procd_append_param command -d "${val}" - + [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s + [ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a + [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g + [ "${RootLogin}" -eq 0 ] && procd_append_param command -w + [ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}" + [ -n "${dsskeyfile}" ] && procd_append_param command -d "${dsskeyfile}" + [ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}" + [ -n "${interface}" ] && network_get_device interface "${interface}" + append_ports "${interface}" "${Port}" procd_close_instance } @@ -123,6 +115,7 @@ start_service() service_triggers() { procd_add_reload_trigger "dropbear" + procd_add_validation validate_section_dropbear } killclients() diff --git a/package/utils/busybox/files/sysntpd b/package/utils/busybox/files/sysntpd index ebdda63df96d..7ff32775b67a 100755 --- a/package/utils/busybox/files/sysntpd +++ b/package/utils/busybox/files/sysntpd @@ -6,26 +6,27 @@ START=98 USE_PROCD=1 PROG=/usr/sbin/ntpd +validate_ntp_section() { + uci_validate_section system timeserver "${1}" \ + 'server:list(string)' 'enable_server:bool:0' +} + start_service() { - local peers - local args="-n" - local enable_server + local server enable_server peer - config_load system - config_get peers ntp server - config_get_bool enable_server ntp enable_server 0 + validate_ntp_section ntp || { + echo "validation failed" + return 1 + } - [ $enable_server -eq 0 -a -z "$peers" ] && return + [ $enable_server -eq 0 -a -z "$server" ] && return procd_open_instance procd_set_param command "$PROG" -n - [ $enable_server -ne 0 ] && procd_append_param command -l - [ -n "$peers" ] && { - local peer - for peer in $peers; do - procd_append_param command -p $peer - done - } + [ "$enable_server" = "1" ] && procd_append_param command -l + for peer in "$server"; do + procd_append_param command -p $peer + done procd_set_param respawn procd_close_instance } @@ -33,4 +34,5 @@ start_service() { service_triggers() { procd_add_reload_trigger "system" + procd_add_validation validate_ntp_section } -- 2.30.2