From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: [PATCH 1/2] wsdd: Install wsdd - fixes bug13445 Date: Fri, 16 Feb 2024 18:15:11 +0100 Message-ID: <0a69afd9-6fe5-4897-8967-cbc12b4f6101@ipfire.org> In-Reply-To: <14d2e2fe07dfcbad2fc01a7ab62025b0c2e3cf61@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7710623184410747117==" List-Id: --===============7710623184410747117== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Michael, On 16/01/2024 11:30, daniel.weismueller(a)ipfire.org wrote: > Hi there. >=20 > I've installed and testetd the latest / modified version of the wsdd=20 > addon on two machines. > Nearly everything works as exspected. Also my Winodws PCs see the IPFIRE=20 > as a menber of the workgroup and could browse and use the samba shares. > If you use the firewall option "Drop all Microsoft ports=20 > 135,137,138,139,445,1025" the clients in the blue network see the IPFIRE=20 > but aren't able to browse or connect to the shares. >=20 > I've recogniced only one thing that don't work like I exspected. >=20 > - If you stop or restart samba the wsdd addon won't stop or restart, too. >=20 >=20 > I think it would be better if the wssd stop too because if you change=20 > the workgroup and start the samba again the wsdd won't recognice it. To make a patch to support this I need to have the wsdd patches that you=20 created merged into next. Then I can work on having samba trigger the=20 start and stop of wsdd so that it does not run independently but is=20 synchronised with samba. Regards, Adolf. >=20 > - > Daniel >=20 >=20 > Am 12. Januar 2024 um 16:09 schrieb "Adolf Belka"=20 > >: >=20 >=20 >=20 > Hi Michael, >=20 >=20 > On 12/01/2024 14:40, Michael Tremer wrote: >=20 > Hello, >=20 > On 12 Jan 2024, at 11:14, Adolf Belka > wrote: >=20 > Hi Daniel, >=20 >=20 > On 11/01/2024 17:11, daniel.weismueller(a)ipfire.org > wrote: >=20 >=20 > Hi Adolf. >=20 > We have looked at your work. First of all, thank you very much. >=20 > Your scripts seems to work fine. I will start tomorrow to test > them in whole. However we have made a few changes. >=20 > In particular, we have adapted the code to the existing code in > IPFire. >=20 > Please take look at Michaels wsdd branch. >=20 > https://git.ipfire.org/?p=3Dpeople/ms/ipfire-2.x.git;a=3Dshortlog;h= =3Drefs/heads/wsdd > >=20 > That looks very good. I clearly still have a bit to learn > about how to code in a more tidy manner. >=20 >=20 > It worked=E2=80=A6 I was just in the swing of it :) >=20 > I also see that Michael fixed the pid fault in the > loadproc/statusproc/killproc while I just created a workaround > solution for the wsdd initscript alone. >=20 > loadproc/statusproc/killproc are really difficult to handle. > They are supposed to be LSB-conformant functions, but I believe > that it never really happened that they because universally used > and compatible between distributions. Now with systemd, there is > no more need=E2=80=A6 >=20 > And it is also because of systemd that daemons behave > differently now - actually not even like daemons whatsoever any > more. They used to fork themselves into the background which > made all the PID processing necessary, because the init script > could not know the PID of the process forked in the background. > Now, they don=E2=80=99t do this any more because without the fork, > things are easier for systemd to manage. >=20 > The new -b switch that was added some while ago is already > helping us to launch such new processes into the background, but > we don=E2=80=99t have PID files any more. And since scripts don=E2= =80=99t work > with statusproc/killproc, I thought it might be a good idea to > add this to loadproc as I am expecting us to need this more > often in the future. >=20 > And while I was thinking about the problem, I figured it would > be easier to send a patch for those few lines instead of > explaining it in words - which probably would have been a little > bit longer. >=20 > The only noteworthy thing is that there was a potential security > issue in passing around the shell arguments as strings because > the workgroup variable could have been almost anything. I am not > sure what validation samba would do, but I thought it would be > best not to rely on that. A two words (with a space) workgroup > would have caused wsdd not to start, because it would have seen > a command line like =E2=80=9C=E2=80=94-workgroup ABC DEF=E2=80=9D w= ith ABC being > interpreted as the workgroup and DEF being some garbage that > wsdd would not understand. The trick with the array is that it > would pass the arguments like this =E2=80=9C=E2=80=94-workgroup =E2= =80=98ABC DEF=E2=80=99=E2=80=9D which > prevents that =E2=80=9CDEF=E2=80=9D would be interpreted as an extr= a parameter. >=20 > So, everything is fine :) Especially after I added the =E2=80=9Cres= tart=E2=80=9D > command :) >=20 > I did have a look at the code in the functions file but > struggled to understand it enough to be able to figure out what > was giving the problem I was experiencing. >=20 > Which functions? >=20 >=20 > The /src/initscripts/system/functions file from the git repo that > has the loadproc, statusproc and killproc functions in it. >=20 >=20 > Regards, >=20 >=20 > Adolf. >=20 >=20 > I am glad that has been sorted and the initscript tidied up in > line with IPFire coding style. >=20 > That is why we are all working together... >=20 > Will try and remember that in future. >=20 > If not, we are here to help :) >=20 > -Michael >=20 > Regards, >=20 > Adolf. >=20 >=20 > - >=20 > Daniel >=20 > Am 10. Januar 2024 um 14:30 schrieb "Adolf Belka" > > .belka%40ipfire.org%3E>>: >=20 > - lfs and toorfile created for wsdd >=20 > - wsdd added to make.sh script >=20 > - created install/update/uninstall scripts for wsdd that create an >=20 > unpriveleged user and >=20 > group. >=20 > - initscript created for wsdd. As wsdd is a python3 script, when it >=20 > is run as a daemon the >=20 > pidof command does not find any pid for wsdd. So a directory/file >=20 > for a pid file was >=20 > created. This is then passed to the loadproc and killproc commands. >=20 > After the loadproc >=20 > command has been created the pid is extracted from the ps aux >=20 > command and put into the >=20 > pid file. This then works when running the killproc command for it >=20 > to know what to go >=20 > and stop. The statusproc command does not have the ability to feed >=20 > in the pid from a >=20 > pid file and so it fails to find a running wsdd as it uses the pidof >=20 > command. Code was >=20 > added to the status section of the initscript to check if the pid >=20 > file exists and if so >=20 > to print the same command as used with the statusproc command, and >=20 > also the same >=20 > wording if the pid file does not exist because wsdd is not running. >=20 > - info from the ethernet/settings file is used to identify if only >=20 > green0 is available or >=20 > if blue0 is also used and based on this the appropriate interface >=20 > commands are added to >=20 > the wsdd command. >=20 > - wsdd is also set up to run in a chroot >=20 > - Has been tested on my vm testbed, initially by editing the files >=20 > on the vm clone. After >=20 > everything confiremd to be working, the build was successfully >=20 > carried out and the >=20 > .ipfire package was copied to a new vm clone installed and shown to >=20 > perform as expected. >=20 > This test only confirms that wsdd is correctly installed and >=20 > started. Shutsdown and >=20 > restarts on reboot successfully. Confirmed from the ps aux info that >=20 > wsdd has been >=20 > started with the correct options. Thge testing can not evaluate if >=20 > wsdd enables windows >=20 > systems newer than version 7 top be able to detect the samba shares >=20 > as I have no >=20 > windows systems. >=20 > Fixes: Bug13445 >=20 > Tested-by: Adolf Belka > >=20 > Signed-off-by: Adolf Belka > >=20 > --- >=20 > config/rootfiles/packages/wsdd | 2 + >=20 > lfs/wsdd | 89 ++++++++++++++++++++++++++++++++++ >=20 > make.sh | 1 + >=20 > src/initscripts/packages/wsdd | 63 ++++++++++++++++++++++++ >=20 > src/paks/wsdd/install.sh | 40 +++++++++++++++ >=20 > src/paks/wsdd/uninstall.sh | 30 ++++++++++++ >=20 > src/paks/wsdd/update.sh | 27 +++++++++++ >=20 > 7 files changed, 252 insertions(+) >=20 > create mode 100644 config/rootfiles/packages/wsdd >=20 > create mode 100644 lfs/wsdd >=20 > create mode 100644 src/initscripts/packages/wsdd >=20 > create mode 100644 src/paks/wsdd/install.sh >=20 > create mode 100644 src/paks/wsdd/uninstall.sh >=20 > create mode 100644 src/paks/wsdd/update.sh >=20 > diff --git a/config/rootfiles/packages/wsdd >=20 > b/config/rootfiles/packages/wsdd >=20 > new file mode 100644 >=20 > index 000000000..ce225043a >=20 > --- /dev/null >=20 > +++ b/config/rootfiles/packages/wsdd >=20 > @@ -0,0 +1,2 @@ >=20 > +etc/rc.d/init.d/wsdd >=20 > +usr/bin/wsdd >=20 > diff --git a/lfs/wsdd b/lfs/wsdd >=20 > new file mode 100644 >=20 > index 000000000..aa65e47ef >=20 > --- /dev/null >=20 > +++ b/lfs/wsdd >=20 > @@ -0,0 +1,89 @@ >=20 > +##################################################################= ############# >=20 > +# # >=20 > +# IPFire.org - A linux based firewall # >=20 > +# Copyright (C) 2007-2024 IPFire Team > # >=20 > +# # >=20 > +# This program is free software: you can redistribute it and/or >=20 > modify # >=20 > +# it under the terms of the GNU General Public License as published >=20 > by # >=20 > +# the Free Software Foundation, either version 3 of the > License, or # >=20 > +# (at your option) any later version. # >=20 > +# # >=20 > +# This program is distributed in the hope that it will be useful, # >=20 > +# but WITHOUT ANY WARRANTY; without even the implied warranty of # >=20 > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >=20 > +# GNU General Public License for more details. # >=20 > +# # >=20 > +# You should have received a copy of the GNU General Public > License # >=20 > +# along with this program. If not, see >=20 > > > > >>. # >=20 > +# # >=20 > +##################################################################= ############# >=20 > + >=20 > +##################################################################= ############# >=20 > +# Definitions >=20 > +##################################################################= ############# >=20 > + >=20 > +include Config >=20 > + >=20 > +VER =3D 0.7.1 >=20 > +SUMMARY =3D A Web Service Discovery host daemon. >=20 > + >=20 > +THISAPP =3D wsdd-$(VER) >=20 > +DL_FILE =3D $(THISAPP).tar.gz >=20 > +DL_FROM =3D $(URL_IPFIRE) >=20 > +DIR_APP =3D $(DIR_SRC)/$(THISAPP) >=20 > +TARGET =3D $(DIR_INFO)/$(THISAPP) >=20 > +PROG =3D wsdd >=20 > +PAK_VER =3D 1 >=20 > + >=20 > +DEPS =3D >=20 > + >=20 > +SERVICES =3D wsdd >=20 > + >=20 > +##################################################################= ############# >=20 > +# Top-level Rules >=20 > +##################################################################= ############# >=20 > + >=20 > +objects =3D $(DL_FILE) >=20 > + >=20 > +$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >=20 > + >=20 > +$(DL_FILE)_BLAKE2 =3D >=20 > ce43022c3bd9f7ff1fd7169ac0d5ab6b2ff78d35c221c05b2e20908a5772d563ab2= aca571d4e6ae48a55d19d4adcb9cde60f720ae47af8ee950198224fcfdb26 >=20 > + >=20 > +install : $(TARGET) >=20 > + >=20 > +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) >=20 > + >=20 > +download :$(patsubst %,$(DIR_DL)/%,$(objects)) >=20 > + >=20 > +b2 : $(subst %,%_BLAKE2,$(objects)) >=20 > + >=20 > +dist: >=20 > + @$(PAK) >=20 > + >=20 > +##################################################################= ############# >=20 > +# Downloading, checking, b2sum >=20 > +##################################################################= ############# >=20 > + >=20 > +$(patsubst %,$(DIR_CHK)/%,$(objects)) : >=20 > + @$(CHECK) >=20 > + >=20 > +$(patsubst %,$(DIR_DL)/%,$(objects)) : >=20 > + @$(LOAD) >=20 > + >=20 > +$(subst %,%_BLAKE2,$(objects)) : >=20 > + @$(B2SUM) >=20 > + >=20 > +##################################################################= ############# >=20 > +# Installation Details >=20 > +##################################################################= ############# >=20 > + >=20 > +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >=20 > + @$(PREBUILD) >=20 > + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf > $(DIR_DL)/$(DL_FILE) >=20 > + cd $(DIR_APP) && cp src/wsdd.py /usr/bin/wsdd >=20 > + >=20 > + #install initscripts >=20 > + $(call INSTALL_INITSCRIPTS,$(SERVICES)) >=20 > + >=20 > + @rm -rf $(DIR_APP) >=20 > + @$(POSTBUILD) >=20 > diff --git a/make.sh b/make.sh >=20 > index 06e09c9a3..5af3dedc3 100755 >=20 > --- a/make.sh >=20 > +++ b/make.sh >=20 > @@ -1699,6 +1699,7 @@ buildipfire() { >=20 > lfsmake2 perl-MIME-Base32 >=20 > lfsmake2 perl-URI-Encode >=20 > lfsmake2 rsnapshot >=20 > + lfsmake2 wsdd >=20 > # Kernelbuild ... current we have no platform that need >=20 > # multi kernel builds so KCFG is empty >=20 > diff --git a/src/initscripts/packages/wsdd >=20 > b/src/initscripts/packages/wsdd >=20 > new file mode 100644 >=20 > index 000000000..c5207f872 >=20 > --- /dev/null >=20 > +++ b/src/initscripts/packages/wsdd >=20 > @@ -0,0 +1,63 @@ >=20 > +#!/bin/sh >=20 > +##################################################################= ############# >=20 > +# # >=20 > +# IPFire.org - A linux based firewall # >=20 > +# Copyright (C) 2007-2024 IPFire Team > # >=20 > +# # >=20 > +# This program is free software: you can redistribute it and/or >=20 > modify # >=20 > +# it under the terms of the GNU General Public License as published >=20 > by # >=20 > +# the Free Software Foundation, either version 3 of the > License, or # >=20 > +# (at your option) any later version. # >=20 > +# # >=20 > +# This program is distributed in the hope that it will be useful, # >=20 > +# but WITHOUT ANY WARRANTY; without even the implied warranty of # >=20 > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >=20 > +# GNU General Public License for more details. # >=20 > +# # >=20 > +# You should have received a copy of the GNU General Public > License # >=20 > +# along with this program. If not, see >=20 > > > > >>. # >=20 > +# # >=20 > +##################################################################= ############# >=20 > + >=20 > +. /etc/sysconfig/rc >=20 > +. $rc_functions >=20 > + >=20 > +eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) >=20 > + >=20 > +# Create chroot directory for wsdd >=20 > +mkdir -p /var/run/wsdd >=20 > + >=20 > +INTERFACES=3D"-i ${GREEN_DEV}" >=20 > + if [ -n "${BLUE_DEV}" ]; then >=20 > + INTERFACES=3D"${INTERFACES} -i ${BLUE_DEV}" >=20 > + fi >=20 > +WSDD_WORKGROUP=3D"-w $(/usr/bin/testparm -s --parameter-name >=20 > workgroup 2>/dev/null)" >=20 > +WSDD_USER=3D"-u wsdd:wsdd" >=20 > +WSDD_CHROOT=3D"-c /var/run/wsdd" >=20 > + >=20 > +case "$1" in >=20 > + start) >=20 > + boot_mesg "Starting wsdd daemon..." >=20 > + loadproc -b /usr/bin/wsdd -4 ${WSDD_USER} ${INTERFACES} >=20 > ${WSDD_WORKGROUP} ${WSDD_CHROOT} >=20 > + sleep 1 >=20 > + echo $(ps aux | grep "/usr/bin/wsdd" | grep -v grep | awk '{print >=20 > $2}') > /var/run/wsdd/pid >=20 > + ;; >=20 > + stop) >=20 > + boot_mesg "Stopping wsdd daemon..." >=20 > + killproc -p /var/run/wsdd/pid /usr/bin/wsdd >=20 > + ;; >=20 > + status) >=20 > + WSDD_PID=3D$(ps aux | grep "/usr/bin/wsdd" | grep -v grep | awk >=20 > '{print $2}') >=20 > + if [ -n "${WSDD_PID}" ]; then >=20 > + echo -e "\\033[1;36m /usr/bin/wsdd is running with Process"\ >=20 > + "ID(s) $WSDD_PID.\\033[0;39m" >=20 > + else >=20 > + echo -e "\\033[1;36m /usr/bin/wsdd is not running.\\033[0;39m" >=20 > + fi >=20 > + ;; >=20 > + *) >=20 > + echo "Usage: $0 (start|stop|status)" >=20 > + exit 1 >=20 > + ;; >=20 > +esac >=20 > + >=20 > diff --git a/src/paks/wsdd/install.sh b/src/paks/wsdd/install.sh >=20 > new file mode 100644 >=20 > index 000000000..181b84eb9 >=20 > --- /dev/null >=20 > +++ b/src/paks/wsdd/install.sh >=20 > @@ -0,0 +1,40 @@ >=20 > +#!/bin/bash >=20 > +##################################################################= ########## >=20 > +# # >=20 > +# This file is part of the IPFire Firewall. # >=20 > +# # >=20 > +# IPFire is free software; you can redistribute it and/or modify # >=20 > +# it under the terms of the GNU General Public License as published >=20 > by # >=20 > +# the Free Software Foundation; either version 2 of the > License, or # >=20 > +# (at your option) any later version. # >=20 > +# # >=20 > +# IPFire is distributed in the hope that it will be useful, # >=20 > +# but WITHOUT ANY WARRANTY; without even the implied warranty of # >=20 > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >=20 > +# GNU General Public License for more details. # >=20 > +# # >=20 > +# You should have received a copy of the GNU General Public > License # >=20 > +# along with IPFire; if not, write to the Free Software # >=20 > +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA >=20 > 02111-1307 USA # >=20 > +# # >=20 > +# Copyright (C) 2007 IPFire-Team >. # >=20 > +# # >=20 > +##################################################################= ########## >=20 > +# >=20 > +. /opt/pakfire/lib/functions.sh >=20 > + >=20 > +# If the wsdd user does not exist yet, then create it and add to >=20 > wsdd group. >=20 > +if ! getent user wsdd >/dev/null; then >=20 > + useradd -r -U -d / -s /bin/false -c "wsdd user" wsdd >=20 > + usermod -a -G wsdd wsdd >=20 > +fi >=20 > + >=20 > +extract_files >=20 > +restore_backup ${NAME} >=20 > + >=20 > +# Create startlinks >=20 > +ln -sf ../init.d/wsdd /etc/rc.d/rc0.d/K35wsdd >=20 > +ln -sf ../init.d/wsdd /etc/rc.d/rc3.d/S65wsdd >=20 > +ln -sf ../init.d/wsdd /etc/rc.d/rc6.d/K35wsdd >=20 > +start_service ${NAME} >=20 > +exit 0 >=20 > diff --git a/src/paks/wsdd/uninstall.sh b/src/paks/wsdd/uninstall.sh >=20 > new file mode 100644 >=20 > index 000000000..4c52ee281 >=20 > --- /dev/null >=20 > +++ b/src/paks/wsdd/uninstall.sh >=20 > @@ -0,0 +1,30 @@ >=20 > +#!/bin/bash >=20 > +##################################################################= ########## >=20 > +# # >=20 > +# This file is part of the IPFire Firewall. # >=20 > +# # >=20 > +# IPFire is free software; you can redistribute it and/or modify # >=20 > +# it under the terms of the GNU General Public License as published >=20 > by # >=20 > +# the Free Software Foundation; either version 2 of the > License, or # >=20 > +# (at your option) any later version. # >=20 > +# # >=20 > +# IPFire is distributed in the hope that it will be useful, # >=20 > +# but WITHOUT ANY WARRANTY; without even the implied warranty of # >=20 > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >=20 > +# GNU General Public License for more details. # >=20 > +# # >=20 > +# You should have received a copy of the GNU General Public > License # >=20 > +# along with IPFire; if not, write to the Free Software # >=20 > +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA >=20 > 02111-1307 USA # >=20 > +# # >=20 > +# Copyright (C) 2007 IPFire-Team >. # >=20 > +# # >=20 > +##################################################################= ########## >=20 > +# >=20 > +. /opt/pakfire/lib/functions.sh >=20 > +stop_service ${NAME} >=20 > +make_backup ${NAME} >=20 > +remove_files >=20 > +# Remove all start links. >=20 > +rm -rf /etc/rc.d/rc*.d/*wsdd >=20 > +exit 0 >=20 > diff --git a/src/paks/wsdd/update.sh b/src/paks/wsdd/update.sh >=20 > new file mode 100644 >=20 > index 000000000..99776659c >=20 > --- /dev/null >=20 > +++ b/src/paks/wsdd/update.sh >=20 > @@ -0,0 +1,27 @@ >=20 > +#!/bin/bash >=20 > +##################################################################= ########## >=20 > +# # >=20 > +# This file is part of the IPFire Firewall. # >=20 > +# # >=20 > +# IPFire is free software; you can redistribute it and/or modify # >=20 > +# it under the terms of the GNU General Public License as published >=20 > by # >=20 > +# the Free Software Foundation; either version 2 of the > License, or # >=20 > +# (at your option) any later version. # >=20 > +# # >=20 > +# IPFire is distributed in the hope that it will be useful, # >=20 > +# but WITHOUT ANY WARRANTY; without even the implied warranty of # >=20 > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >=20 > +# GNU General Public License for more details. # >=20 > +# # >=20 > +# You should have received a copy of the GNU General Public > License # >=20 > +# along with IPFire; if not, write to the Free Software # >=20 > +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA >=20 > 02111-1307 USA # >=20 > +# # >=20 > +# Copyright (C) 2007-2020 IPFire-Team >. # >=20 > +# # >=20 > +##################################################################= ########## >=20 > +# >=20 > +. /opt/pakfire/lib/functions.sh >=20 > +extract_backup_includes >=20 > +./uninstall.sh >=20 > +./install.sh >=20 > -- 2.43.0 >=20 > -- >> Sent from my laptop >=20 >=20 > -- Sent from my laptop >=20 >=20 --=20 Sent from my laptop --===============7710623184410747117==--