Hello Adolf, > On 16 Feb 2024, at 17:15, Adolf Belka wrote: > > Hi Michael, > > On 16/01/2024 11:30, daniel.weismueller(a)ipfire.org wrote: >> Hi there. >> I've installed and testetd the latest / modified version of the wsdd addon on two machines. >> Nearly everything works as exspected. Also my Winodws PCs see the IPFIRE as a menber of the workgroup and could browse and use the samba shares. >> If you use the firewall option "Drop all Microsoft ports 135,137,138,139,445,1025" the clients in the blue network see the IPFIRE but aren't able to browse or connect to the shares. >> I've recogniced only one thing that don't work like I exspected. >> - If you stop or restart samba the wsdd addon won't stop or restart, too. >> I think it would be better if the wssd stop too because if you change the workgroup and start the samba again the wsdd won't recognice it. > > To make a patch to support this I need to have the wsdd patches that you created merged into next. Then I can work on having samba trigger the start and stop of wsdd so that it does not run independently but is synchronised with samba. Okay, I have merged the wsdd branch into next. Please let me know if there is anything else you need from me. > Regards, > Adolf. > >> - >> Daniel >> Am 12. Januar 2024 um 16:09 schrieb "Adolf Belka" >: >> Hi Michael, >> On 12/01/2024 14:40, Michael Tremer wrote: >> Hello, >> On 12 Jan 2024, at 11:14, Adolf Belka > > wrote: >> Hi Daniel, >> On 11/01/2024 17:11, daniel.weismueller(a)ipfire.org >> wrote: >> Hi Adolf. >> We have looked at your work. First of all, thank you very much. >> Your scripts seems to work fine. I will start tomorrow to test >> them in whole. However we have made a few changes. >> In particular, we have adapted the code to the existing code in >> IPFire. >> Please take look at Michaels wsdd branch. >> https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=shortlog;h=refs/heads/wsdd > >> That looks very good. I clearly still have a bit to learn >> about how to code in a more tidy manner. >> It worked… I was just in the swing of it :) >> I also see that Michael fixed the pid fault in the >> loadproc/statusproc/killproc while I just created a workaround >> solution for the wsdd initscript alone. >> loadproc/statusproc/killproc are really difficult to handle. >> They are supposed to be LSB-conformant functions, but I believe >> that it never really happened that they because universally used >> and compatible between distributions. Now with systemd, there is >> no more need… >> And it is also because of systemd that daemons behave >> differently now - actually not even like daemons whatsoever any >> more. They used to fork themselves into the background which >> made all the PID processing necessary, because the init script >> could not know the PID of the process forked in the background. >> Now, they don’t do this any more because without the fork, >> things are easier for systemd to manage. >> The new -b switch that was added some while ago is already >> helping us to launch such new processes into the background, but >> we don’t have PID files any more. And since scripts don’t work >> with statusproc/killproc, I thought it might be a good idea to >> add this to loadproc as I am expecting us to need this more >> often in the future. >> And while I was thinking about the problem, I figured it would >> be easier to send a patch for those few lines instead of >> explaining it in words - which probably would have been a little >> bit longer. >> The only noteworthy thing is that there was a potential security >> issue in passing around the shell arguments as strings because >> the workgroup variable could have been almost anything. I am not >> sure what validation samba would do, but I thought it would be >> best not to rely on that. A two words (with a space) workgroup >> would have caused wsdd not to start, because it would have seen >> a command line like “—-workgroup ABC DEF” with ABC being >> interpreted as the workgroup and DEF being some garbage that >> wsdd would not understand. The trick with the array is that it >> would pass the arguments like this “—-workgroup ‘ABC DEF’” which >> prevents that “DEF” would be interpreted as an extra parameter. >> So, everything is fine :) Especially after I added the “restart” >> command :) >> I did have a look at the code in the functions file but >> struggled to understand it enough to be able to figure out what >> was giving the problem I was experiencing. >> Which functions? >> The /src/initscripts/system/functions file from the git repo that >> has the loadproc, statusproc and killproc functions in it. >> Regards, >> Adolf. >> I am glad that has been sorted and the initscript tidied up in >> line with IPFire coding style. >> That is why we are all working together... >> Will try and remember that in future. >> If not, we are here to help :) >> -Michael >> Regards, >> Adolf. >> - >> Daniel >> Am 10. Januar 2024 um 14:30 schrieb "Adolf Belka" >> >> > .belka%40ipfire.org%3E>>: >> - lfs and toorfile created for wsdd >> - wsdd added to make.sh script >> - created install/update/uninstall scripts for wsdd that create an >> unpriveleged user and >> group. >> - initscript created for wsdd. As wsdd is a python3 script, when it >> is run as a daemon the >> pidof command does not find any pid for wsdd. So a directory/file >> for a pid file was >> created. This is then passed to the loadproc and killproc commands. >> After the loadproc >> command has been created the pid is extracted from the ps aux >> command and put into the >> pid file. This then works when running the killproc command for it >> to know what to go >> and stop. The statusproc command does not have the ability to feed >> in the pid from a >> pid file and so it fails to find a running wsdd as it uses the pidof >> command. Code was >> added to the status section of the initscript to check if the pid >> file exists and if so >> to print the same command as used with the statusproc command, and >> also the same >> wording if the pid file does not exist because wsdd is not running. >> - info from the ethernet/settings file is used to identify if only >> green0 is available or >> if blue0 is also used and based on this the appropriate interface >> commands are added to >> the wsdd command. >> - wsdd is also set up to run in a chroot >> - Has been tested on my vm testbed, initially by editing the files >> on the vm clone. After >> everything confiremd to be working, the build was successfully >> carried out and the >> .ipfire package was copied to a new vm clone installed and shown to >> perform as expected. >> This test only confirms that wsdd is correctly installed and >> started. Shutsdown and >> restarts on reboot successfully. Confirmed from the ps aux info that >> wsdd has been >> started with the correct options. Thge testing can not evaluate if >> wsdd enables windows >> systems newer than version 7 top be able to detect the samba shares >> as I have no >> windows systems. >> Fixes: Bug13445 >> Tested-by: Adolf Belka > > >> Signed-off-by: Adolf Belka > > >> --- >> config/rootfiles/packages/wsdd | 2 + >> lfs/wsdd | 89 ++++++++++++++++++++++++++++++++++ >> make.sh | 1 + >> src/initscripts/packages/wsdd | 63 ++++++++++++++++++++++++ >> src/paks/wsdd/install.sh | 40 +++++++++++++++ >> src/paks/wsdd/uninstall.sh | 30 ++++++++++++ >> src/paks/wsdd/update.sh | 27 +++++++++++ >> 7 files changed, 252 insertions(+) >> create mode 100644 config/rootfiles/packages/wsdd >> create mode 100644 lfs/wsdd >> create mode 100644 src/initscripts/packages/wsdd >> create mode 100644 src/paks/wsdd/install.sh >> create mode 100644 src/paks/wsdd/uninstall.sh >> create mode 100644 src/paks/wsdd/update.sh >> diff --git a/config/rootfiles/packages/wsdd >> b/config/rootfiles/packages/wsdd >> new file mode 100644 >> index 000000000..ce225043a >> --- /dev/null >> +++ b/config/rootfiles/packages/wsdd >> @@ -0,0 +1,2 @@ >> +etc/rc.d/init.d/wsdd >> +usr/bin/wsdd >> diff --git a/lfs/wsdd b/lfs/wsdd >> new file mode 100644 >> index 000000000..aa65e47ef >> --- /dev/null >> +++ b/lfs/wsdd >> @@ -0,0 +1,89 @@ >> +############################################################################### >> +# # >> +# IPFire.org - A linux based firewall # >> +# Copyright (C) 2007-2024 IPFire Team > > # >> +# # >> +# This program is free software: you can redistribute it and/or >> modify # >> +# it under the terms of the GNU General Public License as published >> by # >> +# the Free Software Foundation, either version 3 of the >> License, or # >> +# (at your option) any later version. # >> +# # >> +# This program is distributed in the hope that it will be useful, # >> +# but WITHOUT ANY WARRANTY; without even the implied warranty of # >> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >> +# GNU General Public License for more details. # >> +# # >> +# You should have received a copy of the GNU General Public >> License # >> +# along with this program. If not, see >> > >> > >>. # >> +# # >> +############################################################################### >> + >> +############################################################################### >> +# Definitions >> +############################################################################### >> + >> +include Config >> + >> +VER = 0.7.1 >> +SUMMARY = A Web Service Discovery host daemon. >> + >> +THISAPP = wsdd-$(VER) >> +DL_FILE = $(THISAPP).tar.gz >> +DL_FROM = $(URL_IPFIRE) >> +DIR_APP = $(DIR_SRC)/$(THISAPP) >> +TARGET = $(DIR_INFO)/$(THISAPP) >> +PROG = wsdd >> +PAK_VER = 1 >> + >> +DEPS = >> + >> +SERVICES = wsdd >> + >> +############################################################################### >> +# Top-level Rules >> +############################################################################### >> + >> +objects = $(DL_FILE) >> + >> +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) >> + >> +$(DL_FILE)_BLAKE2 = >> ce43022c3bd9f7ff1fd7169ac0d5ab6b2ff78d35c221c05b2e20908a5772d563ab2aca571d4e6ae48a55d19d4adcb9cde60f720ae47af8ee950198224fcfdb26 >> + >> +install : $(TARGET) >> + >> +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) >> + >> +download :$(patsubst %,$(DIR_DL)/%,$(objects)) >> + >> +b2 : $(subst %,%_BLAKE2,$(objects)) >> + >> +dist: >> + @$(PAK) >> + >> +############################################################################### >> +# Downloading, checking, b2sum >> +############################################################################### >> + >> +$(patsubst %,$(DIR_CHK)/%,$(objects)) : >> + @$(CHECK) >> + >> +$(patsubst %,$(DIR_DL)/%,$(objects)) : >> + @$(LOAD) >> + >> +$(subst %,%_BLAKE2,$(objects)) : >> + @$(B2SUM) >> + >> +############################################################################### >> +# Installation Details >> +############################################################################### >> + >> +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >> + @$(PREBUILD) >> + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf >> $(DIR_DL)/$(DL_FILE) >> + cd $(DIR_APP) && cp src/wsdd.py /usr/bin/wsdd >> + >> + #install initscripts >> + $(call INSTALL_INITSCRIPTS,$(SERVICES)) >> + >> + @rm -rf $(DIR_APP) >> + @$(POSTBUILD) >> diff --git a/make.sh b/make.sh >> index 06e09c9a3..5af3dedc3 100755 >> --- a/make.sh >> +++ b/make.sh >> @@ -1699,6 +1699,7 @@ buildipfire() { >> lfsmake2 perl-MIME-Base32 >> lfsmake2 perl-URI-Encode >> lfsmake2 rsnapshot >> + lfsmake2 wsdd >> # Kernelbuild ... current we have no platform that need >> # multi kernel builds so KCFG is empty >> diff --git a/src/initscripts/packages/wsdd >> b/src/initscripts/packages/wsdd >> new file mode 100644 >> index 000000000..c5207f872 >> --- /dev/null >> +++ b/src/initscripts/packages/wsdd >> @@ -0,0 +1,63 @@ >> +#!/bin/sh >> +############################################################################### >> +# # >> +# IPFire.org - A linux based firewall # >> +# Copyright (C) 2007-2024 IPFire Team > > # >> +# # >> +# This program is free software: you can redistribute it and/or >> modify # >> +# it under the terms of the GNU General Public License as published >> by # >> +# the Free Software Foundation, either version 3 of the >> License, or # >> +# (at your option) any later version. # >> +# # >> +# This program is distributed in the hope that it will be useful, # >> +# but WITHOUT ANY WARRANTY; without even the implied warranty of # >> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >> +# GNU General Public License for more details. # >> +# # >> +# You should have received a copy of the GNU General Public >> License # >> +# along with this program. If not, see >> > >> > >>. # >> +# # >> +############################################################################### >> + >> +. /etc/sysconfig/rc >> +. $rc_functions >> + >> +eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) >> + >> +# Create chroot directory for wsdd >> +mkdir -p /var/run/wsdd >> + >> +INTERFACES="-i ${GREEN_DEV}" >> + if [ -n "${BLUE_DEV}" ]; then >> + INTERFACES="${INTERFACES} -i ${BLUE_DEV}" >> + fi >> +WSDD_WORKGROUP="-w $(/usr/bin/testparm -s --parameter-name >> workgroup 2>/dev/null)" >> +WSDD_USER="-u wsdd:wsdd" >> +WSDD_CHROOT="-c /var/run/wsdd" >> + >> +case "$1" in >> + start) >> + boot_mesg "Starting wsdd daemon..." >> + loadproc -b /usr/bin/wsdd -4 ${WSDD_USER} ${INTERFACES} >> ${WSDD_WORKGROUP} ${WSDD_CHROOT} >> + sleep 1 >> + echo $(ps aux | grep "/usr/bin/wsdd" | grep -v grep | awk '{print >> $2}') > /var/run/wsdd/pid >> + ;; >> + stop) >> + boot_mesg "Stopping wsdd daemon..." >> + killproc -p /var/run/wsdd/pid /usr/bin/wsdd >> + ;; >> + status) >> + WSDD_PID=$(ps aux | grep "/usr/bin/wsdd" | grep -v grep | awk >> '{print $2}') >> + if [ -n "${WSDD_PID}" ]; then >> + echo -e "\\033[1;36m /usr/bin/wsdd is running with Process"\ >> + "ID(s) $WSDD_PID.\\033[0;39m" >> + else >> + echo -e "\\033[1;36m /usr/bin/wsdd is not running.\\033[0;39m" >> + fi >> + ;; >> + *) >> + echo "Usage: $0 (start|stop|status)" >> + exit 1 >> + ;; >> +esac >> + >> diff --git a/src/paks/wsdd/install.sh b/src/paks/wsdd/install.sh >> new file mode 100644 >> index 000000000..181b84eb9 >> --- /dev/null >> +++ b/src/paks/wsdd/install.sh >> @@ -0,0 +1,40 @@ >> +#!/bin/bash >> +############################################################################ >> +# # >> +# This file is part of the IPFire Firewall. # >> +# # >> +# IPFire is free software; you can redistribute it and/or modify # >> +# it under the terms of the GNU General Public License as published >> by # >> +# the Free Software Foundation; either version 2 of the >> License, or # >> +# (at your option) any later version. # >> +# # >> +# IPFire is distributed in the hope that it will be useful, # >> +# but WITHOUT ANY WARRANTY; without even the implied warranty of # >> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >> +# GNU General Public License for more details. # >> +# # >> +# You should have received a copy of the GNU General Public >> License # >> +# along with IPFire; if not, write to the Free Software # >> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA >> 02111-1307 USA # >> +# # >> +# Copyright (C) 2007 IPFire-Team > >. # >> +# # >> +############################################################################ >> +# >> +. /opt/pakfire/lib/functions.sh >> + >> +# If the wsdd user does not exist yet, then create it and add to >> wsdd group. >> +if ! getent user wsdd >/dev/null; then >> + useradd -r -U -d / -s /bin/false -c "wsdd user" wsdd >> + usermod -a -G wsdd wsdd >> +fi >> + >> +extract_files >> +restore_backup ${NAME} >> + >> +# Create startlinks >> +ln -sf ../init.d/wsdd /etc/rc.d/rc0.d/K35wsdd >> +ln -sf ../init.d/wsdd /etc/rc.d/rc3.d/S65wsdd >> +ln -sf ../init.d/wsdd /etc/rc.d/rc6.d/K35wsdd >> +start_service ${NAME} >> +exit 0 >> diff --git a/src/paks/wsdd/uninstall.sh b/src/paks/wsdd/uninstall.sh >> new file mode 100644 >> index 000000000..4c52ee281 >> --- /dev/null >> +++ b/src/paks/wsdd/uninstall.sh >> @@ -0,0 +1,30 @@ >> +#!/bin/bash >> +############################################################################ >> +# # >> +# This file is part of the IPFire Firewall. # >> +# # >> +# IPFire is free software; you can redistribute it and/or modify # >> +# it under the terms of the GNU General Public License as published >> by # >> +# the Free Software Foundation; either version 2 of the >> License, or # >> +# (at your option) any later version. # >> +# # >> +# IPFire is distributed in the hope that it will be useful, # >> +# but WITHOUT ANY WARRANTY; without even the implied warranty of # >> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >> +# GNU General Public License for more details. # >> +# # >> +# You should have received a copy of the GNU General Public >> License # >> +# along with IPFire; if not, write to the Free Software # >> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA >> 02111-1307 USA # >> +# # >> +# Copyright (C) 2007 IPFire-Team > >. # >> +# # >> +############################################################################ >> +# >> +. /opt/pakfire/lib/functions.sh >> +stop_service ${NAME} >> +make_backup ${NAME} >> +remove_files >> +# Remove all start links. >> +rm -rf /etc/rc.d/rc*.d/*wsdd >> +exit 0 >> diff --git a/src/paks/wsdd/update.sh b/src/paks/wsdd/update.sh >> new file mode 100644 >> index 000000000..99776659c >> --- /dev/null >> +++ b/src/paks/wsdd/update.sh >> @@ -0,0 +1,27 @@ >> +#!/bin/bash >> +############################################################################ >> +# # >> +# This file is part of the IPFire Firewall. # >> +# # >> +# IPFire is free software; you can redistribute it and/or modify # >> +# it under the terms of the GNU General Public License as published >> by # >> +# the Free Software Foundation; either version 2 of the >> License, or # >> +# (at your option) any later version. # >> +# # >> +# IPFire is distributed in the hope that it will be useful, # >> +# but WITHOUT ANY WARRANTY; without even the implied warranty of # >> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >> +# GNU General Public License for more details. # >> +# # >> +# You should have received a copy of the GNU General Public >> License # >> +# along with IPFire; if not, write to the Free Software # >> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA >> 02111-1307 USA # >> +# # >> +# Copyright (C) 2007-2020 IPFire-Team > >. # >> +# # >> +############################################################################ >> +# >> +. /opt/pakfire/lib/functions.sh >> +extract_backup_includes >> +./uninstall.sh >> +./install.sh >> -- 2.43.0 >> -- >> Sent from my laptop >> -- Sent from my laptop > > -- > Sent from my laptop