[Astlinux-commits] SF.net SVN: astlinux:[5588] branches/1.0

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 5588
          http://astlinux.svn.sourceforge.net/astlinux/?rev=5588&view=rev
Author:   abelbeck
Date:     2012-07-04 16:08:21 +0000 (Wed, 04 Jul 2012)
Log Message:
-----------
miniupnpd, more tweaks...
o added support for rc.conf variables, see 'project/astlinux/target_skeleton/stat/etc/rc.conf' diff
o new variable UPNP_LISTEN replaces INTUPNP, INT2UPNP, INT3UPNP, and DMZUPNP
o /var/run/miniupnpd.pid is automatically deleted, so we shouldn't
o add sanity test if the UPNP_LISTEN interfaces does not match any active internal interfaces
o add sanity test if UUID is not found
o change the 'listening_ip=' directive to ip/mask instead of the interface

Modified Paths:
--------------
    branches/1.0/package/miniupnpd/miniupnpd.init
    branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf

Modified: branches/1.0/package/miniupnpd/miniupnpd.init
===================================================================

--- branches/1.0/package/miniupnpd/miniupnpd.init	2012-07-03 22:57:57 UTC (rev 5587)
+++ branches/1.0/package/miniupnpd/miniupnpd.init	2012-07-04 16:08:21 UTC (rev 5588)
@@ -1,23 +1,39 @@
 #!/bin/sh
 
-# If Astlinux GUI support added then some or all of these may come from rc.conf
-UPNP_ENABLE_NATPMP=yes
-UPNP_ENABLE_UPNP=yes
-UPNP_BITRATE_UP=1000000
-UPNP_BITRATE_DOWN=10000000
-UPNP_SECURE_MODE=no
-INTUPNP=yes
-INT2UPNP=yes
-INT3UPNP=yes
-DMZUPNP=yes
-
 . /etc/rc.conf
 
+if [ "$UPNP_ENABLE_NATPMP" != "yes" ]; then
+  UPNP_ENABLE_NATPMP="no"
+fi
+if [ "$UPNP_ENABLE_UPNP" != "yes" ]; then
+  UPNP_ENABLE_UPNP="no"
+fi
+if [ "$UPNP_SECURE_MODE" != "yes" ]; then
+  UPNP_SECURE_MODE="no"
+fi
+UPNP_BITRATE_UP="${UPNP_BITRATE_UP:-1000000}"
+UPNP_BITRATE_DOWN="${UPNP_BITRATE_DOWN:-1000000}"
+
 MINIUPNPD=/usr/sbin/miniupnpd
 MINIUPNPD_CONF=/tmp/etc/miniupnpd.conf
 IPTABLES_CREATE=/etc/miniupnpd/iptables_init.sh
 IPTABLES_REMOVE=/etc/miniupnpd/iptables_removeall.sh
 
+is_upnp_enabled()
+{
+  # args: IF_Name
+  local ifname IFS
+
+  unset IFS
+  for ifname in $UPNP_LISTEN; do
+    if [ "$ifname" = "$1" ]; then
+      return 0
+    fi
+  done
+
+  return 1
+}
+
 is_interface_enabled()
 {
   # args: IF, IP, NM
@@ -37,31 +53,43 @@
 }
 
 init () {
-  local RULES=""
+  if [ "$UPNP_ENABLE_NATPMP" != "yes" -a "$UPNP_ENABLE_UPNP" != "yes" ]; then
+    if [ -f $MINIUPNPD_CONF ]; then
+      rm -f $MINIUPNPD_CONF
+    fi
+    return
+  fi
+
   if [ -z "$UUID" ]; then
     # Use the UUID assigned to the asturw filesystem.
     UUID=$(blkid | sed -n -r -e 's/^.*: LABEL="ASTURW" UUID="([^"]*)" .*$/\1/p')
   fi
 
+  local RULES=""
   echo "## Auto generated file. Do not edit.
-## see miniupnpd init.d script
 ext_ifname=$EXTIF" > $MINIUPNPD_CONF
-  if [ "$INTUPNP" = "yes" ] && is_interface_enabled "$INTIF" "$INTIP" "$INTNM"; then
-    echo "listening_ip=$INTIF" >> $MINIUPNPD_CONF
+  if is_upnp_enabled INTIF && is_interface_enabled "$INTIF" "$INTIP" "$INTNM"; then
+    echo "listening_ip=$INTIP/$INTNM" >> $MINIUPNPD_CONF
     RULES="$RULES${RULES:+\n}allow 1024-65535 $(get_cidr $INTIP $INTNM) 1024-65535"
   fi
-  if [ "$INT2UPNP" = "yes" ] && is_interface_enabled "$INT2IF" "$INT2IP" "$INT2NM"; then
-    echo "listening_ip=$INT2IF" >> $MINIUPNPD_CONF
+  if is_upnp_enabled INT2IF && is_interface_enabled "$INT2IF" "$INT2IP" "$INT2NM"; then
+    echo "listening_ip=$INT2IP/$INT2NM" >> $MINIUPNPD_CONF
     RULES="$RULES${RULES:+\n}allow 1024-65535 $(get_cidr $INT2IP $INT2NM) 1024-65535"
   fi
-  if [ "$INT3UPNP" = "yes" ] && is_interface_enabled "$INT3IF" "$INT3IP" "$INT3NM"; then
-    echo "listening_ip=$INT3IF" >> $MINIUPNPD_CONF
+  if is_upnp_enabled INT3IF && is_interface_enabled "$INT3IF" "$INT3IP" "$INT3NM"; then
+    echo "listening_ip=$INT3IP/$INT3NM" >> $MINIUPNPD_CONF
     RULES="$RULES${RULES:+\n}allow 1024-65535 $(get_cidr $INT3IP $INT3NM) 1024-65535"
   fi
-  if [ "$DMZUPNP" = "yes" ] && is_interface_enabled "$DMZIF" "$DMZIP" "$DMZNM"; then
-    echo "listening_ip=$DMZIF" >> $MINIUPNPD_CONF
+  if is_upnp_enabled DMZIF && is_interface_enabled "$DMZIF" "$DMZIP" "$DMZNM"; then
+    echo "listening_ip=$DMZIP/$DMZNM" >> $MINIUPNPD_CONF
     RULES="$RULES${RULES:+\n}allow 1024-65535 $(get_cidr $DMZIP $DMZNM) 1024-65535"
   fi
+
+  if [ -z "$RULES" -o -z "$UUID" ]; then
+    rm -f $MINIUPNPD_CONF
+    return
+  fi
+
   echo "port=0
 enable_natpmp=$UPNP_ENABLE_NATPMP
 enable_upnp=$UPNP_ENABLE_UPNP
@@ -80,12 +108,10 @@
 }
 
 start () {
-  if [ "$UPNP_ENABLE_NATPMP" = "yes" -o "$UPNP_ENABLE_UPNP" = "yes" ]; then
-    if [ "$INTUPNP" = "yes" -o "$INT2UPNP" = "yes" -o "$INT3UPNP" = "yes" -o "$DMZUPNP" = "yes" ]; then
-      echo "Starting miniupnpd..."
-      $IPTABLES_CREATE > /dev/null 2>&1
-      $MINIUPNPD -f $MINIUPNPD_CONF
-    fi
+  if [ -f $MINIUPNPD_CONF ]; then
+    echo "Starting miniupnpd..."
+    $IPTABLES_CREATE > /dev/null 2>&1
+    $MINIUPNPD -f $MINIUPNPD_CONF
   fi
 }
 
@@ -93,7 +119,7 @@
   if [ -f /var/run/miniupnpd.pid ]; then
     echo "Stopping miniupnpd..."
     kill $(cat /var/run/miniupnpd.pid) >/dev/null 2>&1
-    rm -f /var/run/miniupnpd.pid
+    # /var/run/miniupnpd.pid automatically removed by killed process
     $IPTABLES_REMOVE > /dev/null 2>&1
   fi
 }

Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2012-07-03 22:57:57 UTC (rev 5587)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2012-07-04 16:08:21 UTC (rev 5588)
@@ -407,6 +407,21 @@
 ## ADNAME is automatically (always) disabled whenever the web interface Network Tab is saved.
 ADNAME="AstLinux PBX"
 
+## Universal Plug and Play (UPnP)
+## WARNING: UPnP has security implications.  Do not enable without fully researching.
+## Either UPNP_ENABLE_NATPMP and/or UPNP_ENABLE_UPNP must be "yes" to enable
+#UPNP_ENABLE_NATPMP="yes"
+#UPNP_ENABLE_UPNP="yes"
+## UPnP internal interfaces, UPNP_LISTEN, at least one must be specified.
+## Define: Interface_Name, space separated for multiple
+## Interface_Name is "INTIF" for 1st, "INT2IF" for 2nd, and "INT3IF" for 3rd Internal Interface
+## "DMZIF" for DMZ Interface
+#UPNP_LISTEN="INTIF"
+## UPnP Options
+#UPNP_BITRATE_UP=1000000
+#UPNP_BITRATE_DOWN=1000000
+#UPNP_SECURE_MODE="no"
+
 ## Proxy ENV variables (http_proxy, ftp_proxy, etc.) for curl, wget, etc.
 ## Format: http://user:pass@proxyhost:proxyport"
 ## The "user" and "pass" are optional

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



