aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoy Marples <roy@marples.name>2007-11-28 13:40:15 +0000
committerRoy Marples <roy@marples.name>2007-11-28 13:40:15 +0000
commitd651155b61a6f9ca3fe53e60718f3b43e04b23c8 (patch)
treef0bd9abdc7b9d34daab078ae7f8b186781228ac4
parent8ea741d6994c66df1c2a3851ea1a806e8c87e249 (diff)
Sanitize our PATH a bit better, and terminate it correctly in start-stop-daemon.
-rwxr-xr-xinit.d.misc/openvpn87
-rw-r--r--sh/functions.sh21
-rw-r--r--src/start-stop-daemon.c9
3 files changed, 106 insertions, 11 deletions
diff --git a/init.d.misc/openvpn b/init.d.misc/openvpn
new file mode 100755
index 00000000..6beff325
--- /dev/null
+++ b/init.d.misc/openvpn
@@ -0,0 +1,87 @@
+#!/sbin/runscript
+# Copyright 2007 Roy Marples
+# All rights reserved
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+if [ -z "${openvpn_dir}" ]; then
+ if [ -d /usr/local/etc/openvpn ]; then
+ openvpn_dir=/usr/local/etc/openvpn
+ else
+ openvpn_dir=/etc/openvpn
+ fi
+fi
+
+vpn=${SVCNAME#*.}
+name="OpenVPN"
+[ "${vpn}" != "openvpn" ] && name="${name} (${vpn})"
+command=/usr/sbin/openvpn
+[ -x ${command} ] || command=/usr/local/sbin/openvpn
+
+pidfile="/var/run/${SVCNAME}.pid"
+openvpn_config=${openvpn_config:-${openvpn_dir}/${vpn}.conf}
+command_args="${openvpn_args} --daemon --config ${openvpn_config} --writepid ${pidfile}"
+required_dirs="${openvpn_dir}"
+required_files="${openvpn_config}"
+
+# If we're an openvpn client, then supply a nice default config
+# You can find sample up/down scripts in the OpenRC support/openvpn dir
+if yesno "${openvpn_client}"; then
+ openvpn_up=${openvpn_up:-${openvpn_dir}/up.sh}
+ openvpn_down=${openvpn_down:-${openvpn_dir}/down.sh}
+ command_args="${command_args} --nobind --up-delay --up-restart --down-pre"
+ command_args="${command_args} --up ${openvpn_up}"
+ command_args="${command_args} --down ${openvpn_down}"
+ required_files="${required_files} ${openvpn_up} ${openvpn_down}"
+
+ in_background_fake="start stop"
+ start_inactive="YES"
+fi
+
+depend() {
+ need net
+ use dns
+}
+
+start_pre() {
+ # Linux has good dynamic tun/tap creation
+ if [ "${RC_UNAME}" = "Linux" ]; then
+ if [ ! -e /dev/net/tun ]; then
+ if ! modprobe tun; then
+ eerror "TUN/TAP support is not available in this kernel"
+ return 1
+ fi
+ fi
+ if [ -h /dev/net/tun -a -c /dev/misc/net/tun ]; then
+ ebegin "Detected broken /dev/net/tun symlink, fixing..."
+ rm -f /dev/net/tun
+ ln -s /dev/misc/net/tun /dev/net/tun
+ eend $?
+ fi
+ fi
+
+ # If the config file does not specify the cd option, we do
+ # But if we specify it, we override the config option which we do not want
+ if ! grep -q "^[ \t]*cd[ \t].*" "${openvpn_config}"; then
+ command_args="${command_args} --cd ${openvpn_dir}"
+ fi
+}
diff --git a/sh/functions.sh b/sh/functions.sh
index 79aeb3bf..db09d0b6 100644
--- a/sh/functions.sh
+++ b/sh/functions.sh
@@ -137,6 +137,16 @@ KV_to_int() {
echo "${KV_int}"
}
+_sanitize_path() {
+ local IFS=":" p=
+ for p in ${PATH}; do
+ case "${p}" in
+ /lib/rc/sbin|/bin|/sbin|/usr/bin|/usr/sbin|/usr/local/bin|/usr/local/sbin) ;;
+ *) printf "%s" ":${p}";;
+ esac
+ done
+}
+
# Allow our scripts to support zsh
if [ -n "${ZSH_VERSION}" ] ; then
emulate sh
@@ -147,14 +157,9 @@ if [ -n "${ZSH_VERSION}" ] ; then
setopt NO_GLOB_SUBST
fi
-# Setup a basic $PATH. Just add system default to existing.
-# This should solve both /sbin and /usr/sbin not present when
-# doing 'su -c foo', or for something like: PATH= rcscript start
-case "${PATH}" in
- /lib/rc/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin) ;;
- /lib/rc/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:*) ;;
- *) export PATH="/lib/rc/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:${PATH}" ;;
-esac
+# Add our bin to $PATH
+export PATH="/lib/rc/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin$(_sanitize_path "${PATH}")"
+unset _sanitize_path
for arg in "$@" ; do
case "${arg}" in
diff --git a/src/start-stop-daemon.c b/src/start-stop-daemon.c
index 551bad58..31752fb5 100644
--- a/src/start-stop-daemon.c
+++ b/src/start-stop-daemon.c
@@ -916,6 +916,7 @@ int start_stop_daemon (int argc, char **argv)
char *token;
char *np;
int l;
+ int t;
p += 5;
while ((token = strsep (&p, ":"))) {
@@ -923,15 +924,17 @@ int start_stop_daemon (int argc, char **argv)
strcmp (token, RC_LIBDIR "/sbin") == 0)
continue;
+ t = strlen (token);
if (newpath) {
l = strlen (newpath);
- newpath = xrealloc (newpath, sizeof (char) *
- (l + strlen (token) + 2));
+ newpath = xrealloc (newpath, sizeof (char) * (l + t + 2));
np = newpath + l;
*np++ = ':';
memcpy (np, token, sizeof (char) * strlen (token));
+ np += t;
+ *np = '\0';
} else {
- l = strlen ("PATH=") + strlen (token) + 1;
+ l = strlen ("PATH=") + t + 1;
newpath = xmalloc (sizeof (char) * l);
snprintf (newpath, l, "PATH=%s", token);
}