Revision: 7884
http://sourceforge.net/p/ipcop/svn/7884
Author: owes
Date: 2015-02-09 16:54:04 +0000 (Mon, 09 Feb 2015)
Log Message:
-----------
Rename the start/stop SUID helper for openvpn
Modified Paths:
--------------
ipcop/trunk/config/rootfiles/common/ipcop-progs
ipcop/trunk/html/cgi-bin/openvpn.cgi
ipcop/trunk/html/cgi-bin/vpnca.cgi
ipcop/trunk/src/progs/Makefile
ipcop/trunk/src/rc.d/rc.sysinit
ipcop/trunk/src/scripts/scheduler.pl
ipcop/trunk/updates/2.2.0/ROOTFILES.i486-2.2.0
ipcop/trunk/updates/2.2.0/setup
Added Paths:
-----------
ipcop/trunk/src/progs/restartopenvpn.c
Removed Paths:
-------------
ipcop/trunk/src/progs/openvpnctrl.c
Modified: ipcop/trunk/config/rootfiles/common/ipcop-progs
===================================================================
--- ipcop/trunk/config/rootfiles/common/ipcop-progs 2015-02-09 16:35:24 UTC
(rev 7883)
+++ ipcop/trunk/config/rootfiles/common/ipcop-progs 2015-02-09 16:54:04 UTC
(rev 7884)
@@ -67,7 +67,6 @@
usr/local/bin/makesquidconf.pl
usr/local/bin/monitorTraffic.pl
usr/local/bin/openvpn.sh
-usr/local/bin/openvpnctrl
usr/local/bin/openvpnverify
usr/local/bin/puzzleFwRules.pl
usr/local/bin/readhash
@@ -79,6 +78,7 @@
usr/local/bin/restartdhcp
usr/local/bin/restarthttpd
usr/local/bin/restartntpd
+usr/local/bin/restartopenvpn
usr/local/bin/restartshaping
usr/local/bin/restartsquid
usr/local/bin/restartssh
Modified: ipcop/trunk/html/cgi-bin/openvpn.cgi
===================================================================
--- ipcop/trunk/html/cgi-bin/openvpn.cgi 2015-02-09 16:35:24 UTC (rev
7883)
+++ ipcop/trunk/html/cgi-bin/openvpn.cgi 2015-02-09 16:54:04 UTC (rev
7884)
@@ -203,18 +203,18 @@
#start openvpn server
if ($cgiparams{'ACTION'} eq $Lang::tr{'start openvpn server'}) {
&emptyserverlog();
- system('/usr/local/bin/openvpnctrl', '--start');
+ system('/usr/local/bin/restartopenvpn', '--start');
}
#stop openvpn server
if ($cgiparams{'ACTION'} eq $Lang::tr{'stop openvpn server'}) {
- system('/usr/local/bin/openvpnctrl', '--stop');
+ system('/usr/local/bin/restartopenvpn', '--stop');
&emptyserverlog();
}
#restart openvpn server
if ($cgiparams{'ACTION'} eq $Lang::tr{'restart openvpn server'}) {
- system('/usr/local/bin/openvpnctrl', '--restart');
+ system('/usr/local/bin/restartopenvpn', '--restart');
&emptyserverlog();
}
}
Modified: ipcop/trunk/html/cgi-bin/vpnca.cgi
===================================================================
--- ipcop/trunk/html/cgi-bin/vpnca.cgi 2015-02-09 16:35:24 UTC (rev 7883)
+++ ipcop/trunk/html/cgi-bin/vpnca.cgi 2015-02-09 16:54:04 UTC (rev 7884)
@@ -15,7 +15,7 @@
# You should have received a copy of the GNU General Public License
# along with IPCop. If not, see <http://www.gnu.org/licenses/>.
#
-# (c) 2001-2014 The IPCop Team
+# (c) 2001-2015 The IPCop Team
#
# $Id$
#
@@ -114,7 +114,7 @@
&General::log("ipsec", "Reload certificates and secrets");
system('/usr/local/bin/ipsecctrl', '--reload');
- system('/usr/local/bin/openvpnctrl', '--restart');
+ system('/usr/local/bin/restartopenvpn', '--restart');
sleep $sleepDelay;
###
@@ -297,7 +297,7 @@
&General::log("ipsec", "Reload certificates and secrets");
system('/usr/local/bin/ipsecctrl', '--reload');
- system('/usr/local/bin/openvpnctrl', '--restart');
+ system('/usr/local/bin/restartopenvpn', '--restart');
sleep $sleepDelay;
}
else {
Modified: ipcop/trunk/src/progs/Makefile
===================================================================
--- ipcop/trunk/src/progs/Makefile 2015-02-09 16:35:24 UTC (rev 7883)
+++ ipcop/trunk/src/progs/Makefile 2015-02-09 16:54:04 UTC (rev 7884)
@@ -11,7 +11,7 @@
ipcopbkcfg installpackage installfcdsl ipsecctrl \
red setaliases ipcopbackup restartshaping restartntpd \
setdate rebuildhosts rebuildlangtexts conntrack_helper \
- restartsyslogd sysinfo openvpnctrl iptableswrapper
+ restartsyslogd sysinfo restartopenvpn iptableswrapper
BACKUP_PROGS = ipcoprestore
all : helper.o helper_backup.o $(PROGS) $(SUID_PROGS) $(BACKUP_PROGS)
Deleted: ipcop/trunk/src/progs/openvpnctrl.c
===================================================================
--- ipcop/trunk/src/progs/openvpnctrl.c 2015-02-09 16:35:24 UTC (rev 7883)
+++ ipcop/trunk/src/progs/openvpnctrl.c 2015-02-09 16:54:04 UTC (rev 7884)
@@ -1,160 +0,0 @@
-/*
- * This file is part of the IPCop Firewall.
- *
- * IPCop is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * IPCop is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with IPCop; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * $Id$
- *
- */
-
-
-#include <getopt.h>
-#include <stdio.h>
-#include <string.h>
-#include <signal.h>
-#include <unistd.h>
-#include "common.h"
-#include "setuid.h"
-
-
-static int flag_start = 0;
-static int flag_stop = 0;
-static int flag_restart = 0;
-static int enabled_count;
-
-
-void usage(char *prg, int exit_code)
-{
- printf("Usage: %s [OPTION]\n\n", prg);
- printf("Options:\n");
- printf(" --start .\n");
- printf(" --stop .\n");
- printf(" --restart .\n");
- printf(" -v, --verbose be verbose\n");
- printf(" --help display this help and exit\n");
- exit(exit_code);
-}
-
-
-int main(int argc, char *argv[])
-{
- int i, j;
- char buffer[STRING_SIZE];
- NODEKV *openvpn_kv = NULL;
-
- static struct option long_options[] =
- {
- { "start", no_argument, &flag_start, 1 },
- { "stop", no_argument, &flag_stop, 1 },
- { "restart", no_argument, &flag_restart, 1 },
- { "verbose", no_argument, 0, 'v' },
- { "help", no_argument, 0, 'h' },
- { 0, 0, 0, 0}
- };
- int c;
- int option_index = 0;
-
- while ((c = getopt_long(argc, argv, "v", long_options, &option_index)) !=
-1) {
- switch (c) {
- case 0:
- break;
- case 'v': /* verbose */
- flag_verbose++;
- break;
- case 'h':
- usage(argv[0], 0);
- default:
- fprintf(stderr, "unknown option\n");
- usage(argv[0], 1);
- }
- }
-
- if (!flag_start && !flag_stop && !flag_restart) {
- /* need at least one of start, stop, restart */
- usage(argv[0], 1);
- }
-
- if ( !(initsetuid()) )
- exit(1);
-
- /* Terminate running OpenVPN server */
- if (access("/var/run/openvpn.pid", 0) != -1) {
- verbose_printf(2, "Stopping OpenVPN server ... \n");
- if (mysignalpidfile("/var/run/openvpn.pid", SIGTERM) != SUCCESS ) {
- exit(0);
- }
- safe_system("/bin/rm -f /var/run/openvpn.pid");
-
- if (flag_start || flag_restart) {
- sleep(1);
- }
- }
-
- /* Fetch ethernet/settings, exit on error */
- read_ethernet_settings(1);
-
- /* Fetch openvpn/settings */
- verbose_printf(1, "Reading OpenVPN settings ... \n");
- if (read_kv_from_file(&openvpn_kv, "/var/ipcop/openvpn/settings") !=
SUCCESS) {
- fprintf(stderr, "Cannot read OpenVPN settings\n");
- exit(1);
- }
-
- enabled_count = 0;
- for (i = 0; i < CFG_COLOURS_COUNT; i++) {
- /* filter GREEN, no OpenVPN daemon there */
- if (i == GREEN) {
- continue;
- }
-
- for (j = 1; j <= MAX_NETWORK_COLOUR; j++) {
- snprintf(buffer, STRING_SIZE, "ENABLED_%s_%d",
ipcop_colours_text[i], j);
-
- if (test_kv(openvpn_kv, buffer, "on") == SUCCESS) {
- /* this card is enabled in openvpn/settings */
- if (j > ipcop_ethernet.count[i]) {
- /* card is missing in ethernet/settings */
- if (i == RED) {
- /* RED could be Modem/ISDN */
- verbose_printf(2, "RED is enabled and is not in
ethernet/settings ... \n");
- }
- else {
- fprintf(stderr, "%s_%d enabled but no device
defined\n", ipcop_colours_text[i], j);
- exit(1);
- }
- }
-
- enabled_count++;
- }
- }
- }
- verbose_printf(2, " %d enabled interface(s)\n", enabled_count);
-
- if (enabled_count == 0) {
- verbose_printf(1, "OpenVPN not enabled ... \n");
- }
-
- if (enabled_count && (flag_start || flag_restart)) {
- safe_system("/sbin/modprobe tun");
- verbose_printf(1, "Starting OpenVPN server ... \n");
- safe_system("/usr/sbin/openvpn --config
/var/ipcop/openvpn/server.conf");
- }
-
- /* rebuild rules, maybe server is now disabled, or some other change */
- verbose_printf(1, "Rebuild firewall rules ... \n");
- safe_system("/usr/local/bin/setfwrules --ipcop");
-
- return(0);
-}
Copied: ipcop/trunk/src/progs/restartopenvpn.c (from rev 7882,
ipcop/trunk/src/progs/openvpnctrl.c)
===================================================================
--- ipcop/trunk/src/progs/restartopenvpn.c (rev 0)
+++ ipcop/trunk/src/progs/restartopenvpn.c 2015-02-09 16:54:04 UTC (rev
7884)
@@ -0,0 +1,160 @@
+/*
+ * This file is part of the IPCop Firewall.
+ *
+ * IPCop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * IPCop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with IPCop; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * $Id$
+ *
+ */
+
+
+#include <getopt.h>
+#include <stdio.h>
+#include <string.h>
+#include <signal.h>
+#include <unistd.h>
+#include "common.h"
+#include "setuid.h"
+
+
+static int flag_start = 0;
+static int flag_stop = 0;
+static int flag_restart = 0;
+static int enabled_count;
+
+
+void usage(char *prg, int exit_code)
+{
+ printf("Usage: %s [OPTION]\n\n", prg);
+ printf("Options:\n");
+ printf(" --start .\n");
+ printf(" --stop .\n");
+ printf(" --restart .\n");
+ printf(" -v, --verbose be verbose\n");
+ printf(" --help display this help and exit\n");
+ exit(exit_code);
+}
+
+
+int main(int argc, char *argv[])
+{
+ int i, j;
+ char buffer[STRING_SIZE];
+ NODEKV *openvpn_kv = NULL;
+
+ static struct option long_options[] =
+ {
+ { "start", no_argument, &flag_start, 1 },
+ { "stop", no_argument, &flag_stop, 1 },
+ { "restart", no_argument, &flag_restart, 1 },
+ { "verbose", no_argument, 0, 'v' },
+ { "help", no_argument, 0, 'h' },
+ { 0, 0, 0, 0}
+ };
+ int c;
+ int option_index = 0;
+
+ while ((c = getopt_long(argc, argv, "v", long_options, &option_index)) !=
-1) {
+ switch (c) {
+ case 0:
+ break;
+ case 'v': /* verbose */
+ flag_verbose++;
+ break;
+ case 'h':
+ usage(argv[0], 0);
+ default:
+ fprintf(stderr, "unknown option\n");
+ usage(argv[0], 1);
+ }
+ }
+
+ if (!flag_start && !flag_stop && !flag_restart) {
+ /* need at least one of start, stop, restart */
+ usage(argv[0], 1);
+ }
+
+ if ( !(initsetuid()) )
+ exit(1);
+
+ /* Terminate running OpenVPN server */
+ if (access("/var/run/openvpn.pid", 0) != -1) {
+ verbose_printf(2, "Stopping OpenVPN server ... \n");
+ if (mysignalpidfile("/var/run/openvpn.pid", SIGTERM) != SUCCESS ) {
+ exit(0);
+ }
+ safe_system("/bin/rm -f /var/run/openvpn.pid");
+
+ if (flag_start || flag_restart) {
+ sleep(1);
+ }
+ }
+
+ /* Fetch ethernet/settings, exit on error */
+ read_ethernet_settings(1);
+
+ /* Fetch openvpn/settings */
+ verbose_printf(1, "Reading OpenVPN settings ... \n");
+ if (read_kv_from_file(&openvpn_kv, "/var/ipcop/openvpn/settings") !=
SUCCESS) {
+ fprintf(stderr, "Cannot read OpenVPN settings\n");
+ exit(1);
+ }
+
+ enabled_count = 0;
+ for (i = 0; i < CFG_COLOURS_COUNT; i++) {
+ /* filter GREEN, no OpenVPN daemon there */
+ if (i == GREEN) {
+ continue;
+ }
+
+ for (j = 1; j <= MAX_NETWORK_COLOUR; j++) {
+ snprintf(buffer, STRING_SIZE, "ENABLED_%s_%d",
ipcop_colours_text[i], j);
+
+ if (test_kv(openvpn_kv, buffer, "on") == SUCCESS) {
+ /* this card is enabled in openvpn/settings */
+ if (j > ipcop_ethernet.count[i]) {
+ /* card is missing in ethernet/settings */
+ if (i == RED) {
+ /* RED could be Modem/ISDN */
+ verbose_printf(2, "RED is enabled and is not in
ethernet/settings ... \n");
+ }
+ else {
+ fprintf(stderr, "%s_%d enabled but no device
defined\n", ipcop_colours_text[i], j);
+ exit(1);
+ }
+ }
+
+ enabled_count++;
+ }
+ }
+ }
+ verbose_printf(2, " %d enabled interface(s)\n", enabled_count);
+
+ if (enabled_count == 0) {
+ verbose_printf(1, "OpenVPN not enabled ... \n");
+ }
+
+ if (enabled_count && (flag_start || flag_restart)) {
+ safe_system("/sbin/modprobe tun");
+ verbose_printf(1, "Starting OpenVPN server ... \n");
+ safe_system("/usr/sbin/openvpn --config
/var/ipcop/openvpn/server.conf");
+ }
+
+ /* rebuild rules, maybe server is now disabled, or some other change */
+ verbose_printf(1, "Rebuild firewall rules ... \n");
+ safe_system("/usr/local/bin/setfwrules --ipcop");
+
+ return(0);
+}
Modified: ipcop/trunk/src/rc.d/rc.sysinit
===================================================================
--- ipcop/trunk/src/rc.d/rc.sysinit 2015-02-09 16:35:24 UTC (rev 7883)
+++ ipcop/trunk/src/rc.d/rc.sysinit 2015-02-09 16:54:04 UTC (rev 7884)
@@ -418,7 +418,7 @@
/usr/local/bin/restartsquid
test_ok
echo -ne "Starting OpenVPN (if enabled) ... "
-/usr/local/bin/openvpnctrl --start
+/usr/local/bin/restartopenvpn --start
test_ok
echo -ne "Setting post-init kernel settings ... "
Modified: ipcop/trunk/src/scripts/scheduler.pl
===================================================================
--- ipcop/trunk/src/scripts/scheduler.pl 2015-02-09 16:35:24 UTC (rev
7883)
+++ ipcop/trunk/src/scripts/scheduler.pl 2015-02-09 16:54:04 UTC (rev
7884)
@@ -15,7 +15,7 @@
# You should have received a copy of the GNU General Public License
# along with IPCop. If not, see <http://www.gnu.org/licenses/>.
#
-# (c) 2009-2014, the IPCop team
+# (c) 2009-2015, the IPCop team
#
# $Id$
#
@@ -192,7 +192,7 @@
my $parameter = shift;
&General::log("Scheduler OpenVPN ${parameter}");
- system("/usr/local/bin/openvpnctrl --${parameter}");
+ system("/usr/local/bin/restartopenvpn --${parameter}");
}
sub fcron
Modified: ipcop/trunk/updates/2.2.0/ROOTFILES.i486-2.2.0
===================================================================
--- ipcop/trunk/updates/2.2.0/ROOTFILES.i486-2.2.0 2015-02-09 16:35:24 UTC
(rev 7883)
+++ ipcop/trunk/updates/2.2.0/ROOTFILES.i486-2.2.0 2015-02-09 16:54:04 UTC
(rev 7884)
@@ -5,6 +5,7 @@
/home/httpd/cgi-bin/logsystem.cgi
/home/httpd/cgi-bin/openvpn.cgi
/home/httpd/cgi-bin/updates.cgi
+/home/httpd/cgi-bin/vpnca.cgi
/usr/lib/ipcop/vpn-functions.pl
/usr/local/bin/accountingctrl
/usr/local/bin/conntrack_helper
@@ -19,16 +20,17 @@
/usr/local/bin/ipsecctrl
/usr/local/bin/iptableswrapper
/usr/local/bin/logwatch
-/usr/local/bin/openvpnctrl
/usr/local/bin/rebuildhosts
/usr/local/bin/rebuildlangtexts
/usr/local/bin/red
/usr/local/bin/restartdhcp
/usr/local/bin/restartntpd
+/usr/local/bin/restartopenvpn
/usr/local/bin/restartshaping
/usr/local/bin/restartsquid
/usr/local/bin/restartssh
/usr/local/bin/restartsyslogd
+/usr/local/bin/scheduler.pl
/usr/local/bin/setaliases
/usr/local/bin/setdate
/usr/local/bin/setfwrules
Modified: ipcop/trunk/updates/2.2.0/setup
===================================================================
--- ipcop/trunk/updates/2.2.0/setup 2015-02-09 16:35:24 UTC (rev 7883)
+++ ipcop/trunk/updates/2.2.0/setup 2015-02-09 16:54:04 UTC (rev 7884)
@@ -77,6 +77,9 @@
# Adjust the changed config files
/usr/local/bin/upgrade.sh
+# Remove renamed program
+/bin/rm -f /usr/local/bin/openvpnctrl
+
# Remove old libraries (version specific)
/bin/rm -f /usr/lib/libglib-2.0.so.0.4000.0
/bin/rm -f /usr/lib/libgmodule-2.0.so.0.4000.0
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
