├── .gitignore ├── etc ├── security │ └── limits.d │ │ └── 95-clearos.conf ├── profile.d │ └── clearos.sh ├── logrotate.d │ ├── compliance │ └── system └── init.d │ └── functions-automagic ├── README.md ├── utils ├── app-realpath.c ├── app-rename.c └── app-passwd.c ├── addsudo └── clearos-base.spec /.gitignore: -------------------------------------------------------------------------------- 1 | /Makefile 2 | *.src.rpm 3 | *.tar.gz 4 | -------------------------------------------------------------------------------- /etc/security/limits.d/95-clearos.conf: -------------------------------------------------------------------------------- 1 | * - nofile 16384 2 | * - nproc 4096 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | clearos-base 2 | ============ 3 | 4 | Initializes the system environment. 5 | -------------------------------------------------------------------------------- /etc/profile.d/clearos.sh: -------------------------------------------------------------------------------- 1 | # Add new path to support version wrappers (e.g. PHP Engines) 2 | export PATH="/usr/clearos/bin:${PATH}" 3 | -------------------------------------------------------------------------------- /etc/logrotate.d/compliance: -------------------------------------------------------------------------------- 1 | /var/log/compliance { 2 | missingok 3 | postrotate 4 | /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true 5 | endscript 6 | } 7 | -------------------------------------------------------------------------------- /etc/logrotate.d/system: -------------------------------------------------------------------------------- 1 | /var/log/system /var/log/everything { 2 | missingok 3 | postrotate 4 | /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true 5 | endscript 6 | } 7 | -------------------------------------------------------------------------------- /utils/app-realpath.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | extern int errno; 8 | 9 | int main(int argc, char *argv[]) 10 | { 11 | char *resolved_path = NULL; 12 | if(argc != 2) return EXIT_FAILURE; 13 | resolved_path = realpath(argv[1], NULL); 14 | if(!resolved_path) 15 | { 16 | fprintf(stderr, "%s: %s: %s\n", 17 | argv[0], argv[1], strerror(errno)); 18 | return EXIT_FAILURE; 19 | } 20 | fprintf(stdout, "%s\n", resolved_path); 21 | free(resolved_path); 22 | return EXIT_SUCCESS; 23 | } 24 | 25 | // vi: expandtab shiftwidth=4 softtabstop=4 tabstop=4 26 | -------------------------------------------------------------------------------- /utils/app-rename.c: -------------------------------------------------------------------------------- 1 | /////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Copyright 2000 Point Clark Networks. 4 | // 5 | // This software may be freely redistributed under the terms of the GNU 6 | // public license. 7 | // 8 | // You should have received a copy of the GNU General Public License 9 | // along with this program; if not, write to the Free Software 10 | // Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 11 | // 12 | /////////////////////////////////////////////////////////////////////////////// 13 | // 14 | // Wrapper to do privileged stuff from the web-based admininistration tool 15 | // 16 | /////////////////////////////////////////////////////////////////////////////// 17 | 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | 29 | int main(int argc, char *argv[]) { 30 | size_t bytes; 31 | char *buffer; 32 | int fd_s, fd_d; 33 | struct stat buf; 34 | 35 | if (argc <= 2) { 36 | return 1; 37 | } 38 | 39 | setgroups(0, NULL); 40 | setgid(0); 41 | setuid(0); 42 | 43 | if (stat(argv[2], &buf) != 0) { 44 | perror("stat"); 45 | return 1; 46 | } 47 | 48 | if((fd_s = open(argv[1], O_RDONLY)) < 0) { 49 | perror("open"); 50 | return 1; 51 | } 52 | 53 | if((fd_d = open(argv[2], O_WRONLY | O_TRUNC, buf.st_mode)) < 0) { 54 | perror("open"); 55 | return 1; 56 | } 57 | 58 | // Copy file argv[1] -> argv[2]... 59 | if(!(buffer = malloc(getpagesize()))) { 60 | perror("malloc"); 61 | return 1; 62 | } 63 | 64 | while((bytes = read(fd_s, buffer, getpagesize())) > 0) 65 | write(fd_d, buffer, bytes); 66 | 67 | close(fd_s); 68 | close(fd_d); 69 | 70 | free(buffer); 71 | 72 | // Keep the permissions of the target file 73 | if (chmod(argv[2], buf.st_mode) != 0) { 74 | perror("chmod"); 75 | return 1; 76 | } 77 | 78 | if (chown(argv[2], buf.st_uid, buf.st_gid) != 0) { 79 | perror("chown"); 80 | return 1; 81 | } 82 | 83 | unlink(argv[1]); 84 | 85 | return 0; 86 | } 87 | 88 | // vi: expandtab shiftwidth=4 softtabstop=4 tabstop=4 89 | -------------------------------------------------------------------------------- /addsudo: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ############################################################################### 4 | ## 5 | ## Copyright 2008 Point Clark Networks. 6 | ## 7 | ############################################################################### 8 | ## 9 | ## This program is free software; you can redistribute it and#or 10 | ## modify it under the terms of the GNU General Public License 11 | ## as published by the Free Software Foundation; either version 2 12 | ## of the License, or (at your option) any later version. 13 | ## 14 | ## This program is distributed in the hope that it will be useful, 15 | ## but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | ## GNU General Public License for more details. 18 | ## 19 | ## You should have received a copy of the GNU General Public License 20 | ## along with this program; if not, write to the Free Software 21 | ## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 22 | ## 23 | ############################################################################### 24 | ## 25 | ## Adds command to /etc/sudoers for webconfig 26 | ## 27 | ## Usage: addsudo 28 | ## 29 | ## All sudo entries will generate a log entry in /var/log/system 30 | ## 31 | ############################################################################### 32 | 33 | ############################################################################### 34 | # V A L I D A T E 35 | ############################################################################### 36 | 37 | if [ -z "$1" ]; then 38 | echo "Usage: $0 " 39 | exit 1 40 | else 41 | COMMAND="$1" 42 | fi 43 | 44 | if [ -n "$2" ]; then 45 | LOGTAG=$2 46 | else 47 | LOGTAG="addsudo" 48 | fi 49 | 50 | ############################################################################### 51 | # M A I N 52 | ############################################################################### 53 | 54 | if ! grep 'webconfig ALL' /etc/sudoers > /dev/null; then 55 | echo "Cmnd_Alias CC = " >> /etc/sudoers 56 | echo "webconfig ALL=NOPASSWD: CC" >> /etc/sudoers 57 | chmod 0440 /etc/sudoers 58 | fi 59 | 60 | LINE=`grep "^Cmnd_Alias CC" /etc/sudoers 2>/dev/null` 61 | CHECK=`echo $LINE, | grep -E "\s+$1\s*,|,$1\s*,"` 62 | if [ -z "$CHECK" ]; then 63 | /usr/bin/logger -p local6.notice -t installer "$LOGTAG - adding sudoers entry $1" 64 | ESCAPE=`echo $1 | sed 's/\//\\\\\//g'` 65 | sed -i -e "s/Cmnd_Alias CC.*=/Cmnd_Alias CC = $ESCAPE,/i" /etc/sudoers 66 | sed -i -e "s/[[:space:]]*,[[:space:]]*$//i" /etc/sudoers 67 | chmod 440 /etc/sudoers 68 | fi 69 | -------------------------------------------------------------------------------- /utils/app-passwd.c: -------------------------------------------------------------------------------- 1 | // app-passwd: PAM authentication application for Webconfig 2 | // Copyright (C) 2014 ClearFoundation 3 | // 4 | // This program is free software: you can redistribute it and/or modify 5 | // it under the terms of the GNU General Public License as published by 6 | // the Free Software Foundation, either version 3 of the License, or 7 | // (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program. If not, see . 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | 22 | #include 23 | 24 | // Max user and password, choosing arbitrary value 25 | #define MAX_USERPASS 128 26 | 27 | // PAM application name 28 | #define PAM_APP_NAME "system-auth-ac" 29 | 30 | // Input buffer 31 | static char buffer[MAX_USERPASS * 2]; 32 | 33 | // User, and password buffers 34 | static char user[MAX_USERPASS], pass[MAX_USERPASS]; 35 | 36 | // PAM private application data structure 37 | struct app_data 38 | { 39 | char *user; 40 | char *pass; 41 | }; 42 | 43 | // Global application data 44 | static struct app_data ad = { 45 | .user = NULL, 46 | .pass = NULL, 47 | }; 48 | 49 | // Zero memory buffers 50 | void reset(void) 51 | { 52 | memset(user, 0, MAX_USERPASS); 53 | memset(pass, 0, MAX_USERPASS); 54 | memset(buffer, 0, MAX_USERPASS * 2); 55 | 56 | if (ad.user != NULL) free(ad.user); 57 | if (ad.pass != NULL) free(ad.pass); 58 | } 59 | 60 | // PAM conversation call-back 61 | int app_conv(int num_msg, const struct pam_message **msgm, 62 | struct pam_response **response, void *app_data_ptr) 63 | { 64 | int i; 65 | struct app_data *ad = (struct app_data *)app_data_ptr; 66 | struct pam_response *resp = calloc(num_msg, sizeof(struct pam_response)); 67 | 68 | for (i = 0; i < num_msg; i++) { 69 | 70 | resp[i].resp_retcode = 0; 71 | 72 | switch (msgm[i]->msg_style) { 73 | 74 | // Want user name 75 | case PAM_PROMPT_ECHO_ON: 76 | resp[0].resp = ad->user; 77 | break; 78 | 79 | // Want password 80 | case PAM_PROMPT_ECHO_OFF: 81 | resp[0].resp = ad->pass; 82 | break; 83 | 84 | // Un-handled request... 85 | default: 86 | free(resp); 87 | return PAM_CONV_ERR; 88 | } 89 | } 90 | 91 | *response = resp; 92 | ad->user = NULL; 93 | ad->pass = NULL; 94 | 95 | return PAM_SUCCESS; 96 | } 97 | 98 | // Global PAM conversation 99 | static struct pam_conv conv = { 100 | app_conv, 101 | (void *)&ad 102 | }; 103 | 104 | int main(int argc, char *argv[]) 105 | { 106 | int i, j, rc; 107 | pam_handle_t *pamh = NULL; 108 | 109 | atexit(reset); reset(); 110 | 111 | if (fread(buffer, 1, MAX_USERPASS * 2, stdin) < 3) 112 | return 1; 113 | 114 | for (i = 0, j = 0; i < MAX_USERPASS - 1; i++) { 115 | if (isspace(buffer[i])) { i++; break; } 116 | if (!isalpha(buffer[i]) && 117 | !isdigit(buffer[i]) && 118 | !ispunct(buffer[i])) continue; 119 | user[j++] = buffer[i]; 120 | } 121 | 122 | for (j = 0; i < (MAX_USERPASS - 1) * 2 && 123 | j < MAX_USERPASS - 1; i++) { 124 | if (buffer[i] == '\n' || buffer[i] == '\r') break; 125 | if (!isalpha(buffer[i]) && 126 | !isdigit(buffer[i]) && 127 | !ispunct(buffer[i]) && 128 | !isspace(buffer[i])) continue; 129 | pass[j++] = buffer[i]; 130 | } 131 | 132 | if (!strnlen(user, MAX_USERPASS - 1) || !strnlen(pass, MAX_USERPASS - 1)) 133 | return 1; 134 | 135 | ad.user = strdup(user); 136 | ad.pass = strdup(pass); 137 | 138 | rc = pam_start(PAM_APP_NAME, ad.user, &conv, &pamh); 139 | 140 | if (rc == PAM_SUCCESS) 141 | rc = pam_authenticate(pamh, 0); 142 | 143 | if (rc == PAM_SUCCESS) 144 | rc = pam_acct_mgmt(pamh, 0); 145 | 146 | if (pam_end(pamh,rc) != PAM_SUCCESS) { 147 | pamh = NULL; 148 | return 1; 149 | } 150 | 151 | return (rc == PAM_SUCCESS ? 0 : 1); 152 | } 153 | 154 | // vi: expandtab shiftwidth=4 softtabstop=4 tabstop=4 155 | -------------------------------------------------------------------------------- /clearos-base.spec: -------------------------------------------------------------------------------- 1 | Name: clearos-base 2 | Version: 7.4.0 3 | Release: 1%{dist} 4 | Summary: Initializes the system environment 5 | License: GPLv3 or later 6 | Group: ClearOS/Core 7 | Source: %{name}-%{version}.tar.gz 8 | Requires: clearos-release >= 7 9 | Requires: gnupg2 10 | Requires: grub2 11 | Requires: kernel >= 3.10.0 12 | Requires: man-db 13 | Requires: audit 14 | Requires: man 15 | Requires: mlocate 16 | Requires: nano 17 | Requires: openssh-clients 18 | Requires: pam 19 | Requires: selinux-policy-targeted 20 | Requires: sudo 21 | Requires: rsyslog 22 | Requires: yum 23 | # Common tools used in install and upgrade scripts for app-* packages 24 | Requires: chkconfig 25 | Requires: coreutils 26 | Requires: findutils 27 | Requires: gawk 28 | Requires: grep 29 | Requires: sed 30 | Requires: shadow-utils 31 | Requires: util-linux 32 | Requires: which 33 | Requires: /usr/bin/logger 34 | Requires: /sbin/pidof 35 | BuildRequires: pam-devel 36 | BuildRoot: %_tmppath/%name-%version-buildroot 37 | 38 | %description 39 | Initializes the system environment 40 | 41 | %prep 42 | %setup -q 43 | %build 44 | # Helper tools 45 | cd utils 46 | gcc -O2 app-rename.c -o app-rename 47 | gcc -O2 app-passwd.c -o app-passwd -l pam 48 | gcc -O2 app-realpath.c -o app-realpath 49 | 50 | 51 | %install 52 | rm -rf $RPM_BUILD_ROOT 53 | 54 | mkdir -p -m 755 $RPM_BUILD_ROOT/etc/clearos 55 | mkdir -p -m 755 $RPM_BUILD_ROOT/etc/profile.d 56 | mkdir -p -m 755 $RPM_BUILD_ROOT/usr/clearos 57 | mkdir -p -m 755 $RPM_BUILD_ROOT/usr/clearos/bin 58 | mkdir -p -m 755 $RPM_BUILD_ROOT/var/clearos 59 | 60 | mkdir -p -m 755 $RPM_BUILD_ROOT/etc/logrotate.d 61 | mkdir -p -m 755 $RPM_BUILD_ROOT/etc/security/limits.d 62 | mkdir -p -m 755 $RPM_BUILD_ROOT%{_sbindir} 63 | 64 | install -m 644 etc/logrotate.d/compliance $RPM_BUILD_ROOT/etc/logrotate.d/ 65 | install -m 644 etc/logrotate.d/system $RPM_BUILD_ROOT/etc/logrotate.d/ 66 | install -m 644 etc/profile.d/clearos.sh $RPM_BUILD_ROOT/etc/profile.d/ 67 | install -m 755 etc/security/limits.d/95-clearos.conf $RPM_BUILD_ROOT/etc/security/limits.d/ 68 | 69 | install -m 755 addsudo $RPM_BUILD_ROOT%{_sbindir}/addsudo 70 | 71 | # Helper tools 72 | install -m 755 utils/app-passwd $RPM_BUILD_ROOT%{_sbindir} 73 | install -m 755 utils/app-rename $RPM_BUILD_ROOT%{_sbindir} 74 | install -m 755 utils/app-realpath $RPM_BUILD_ROOT%{_sbindir} 75 | 76 | #------------------------------------------------------------------------------ 77 | # I N S T A L L S C R I P T 78 | #------------------------------------------------------------------------------ 79 | 80 | %post 81 | logger -p local6.notice -t installer "clearos-base - installing" 82 | 83 | # Syslog customizations 84 | #---------------------- 85 | 86 | if [ -z "`grep ^local6 /etc/rsyslog.conf`" ]; then 87 | logger -p local6.notice -t installer "clearos-base - adding system log file to rsyslog" 88 | echo "local6.* /var/log/system" >> /etc/rsyslog.conf 89 | sed -i -e 's/[[:space:]]*\/var\/log\/messages/;local6.none \/var\/log\/messages/' /etc/rsyslog.conf 90 | /sbin/service rsyslog restart >/dev/null 2>&1 91 | fi 92 | 93 | if [ -z "`grep ^local5 /etc/rsyslog.conf`" ]; then 94 | logger -p local5.notice -t installer "clearos-base - adding compliance log file to rsyslog" 95 | echo "local5.* /var/log/compliance" >> /etc/rsyslog.conf 96 | sed -i -e 's/[[:space:]]*\/var\/log\/messages/;local5.none \/var\/log\/messages/' /etc/rsyslog.conf 97 | /sbin/service rsyslog restart >/dev/null 2>&1 98 | fi 99 | 100 | # Disable SELinux 101 | #---------------- 102 | 103 | if [ -d /etc/selinux ]; then 104 | CHECK=`grep ^SELINUX= /etc/selinux/config 2>/dev/null | sed 's/.*=//'` 105 | if [ -z "$CHECK" ]; then 106 | logger -p local6.notice -t installer "clearos-base - disabling SELinux with new configuration" 107 | echo "SELINUX=disabled" >> /etc/selinux/config 108 | elif [ "$CHECK" != "disabled" ]; then 109 | logger -p local6.notice -t installer "clearos-base - disabling SELinux" 110 | sed -i -e 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config 111 | fi 112 | fi 113 | 114 | # Sudo policies 115 | #-------------- 116 | 117 | CHECKSUDO=`grep '^Defaults:webconfig !syslog' /etc/sudoers 2>/dev/null` 118 | if [ -z "$CHECKSUDO" ]; then 119 | logger -p local6.notice -t installer "clearos-base - adding syslog policy for webconfig" 120 | echo 'Defaults:webconfig !syslog' >> /etc/sudoers 121 | chmod 0440 /etc/sudoers 122 | fi 123 | 124 | CHECKSUDO=`grep '^Defaults:root !syslog' /etc/sudoers 2>/dev/null` 125 | if [ -z "$CHECKSUDO" ]; then 126 | logger -p local6.notice -t installer "clearos-base - adding syslog policy for root" 127 | echo 'Defaults:root !syslog' >> /etc/sudoers 128 | chmod 0440 /etc/sudoers 129 | fi 130 | 131 | CHECKTTY=`grep '^Defaults.*requiretty' /etc/sudoers 2>/dev/null` 132 | if [ -n "$CHECKTTY" ]; then 133 | logger -p local6.notice -t installer "clearos-base - removing requiretty from sudoers" 134 | sed -i -e 's/^Defaults.*requiretty/# Defaults requiretty/' /etc/sudoers 135 | chmod 0440 /etc/sudoers 136 | fi 137 | 138 | # slocate/mlocate upgrade 139 | #------------------------ 140 | 141 | CHECK=`grep '^export' /etc/updatedb.conf 2>/dev/null` 142 | if [ -n "$CHECK" ]; then 143 | CHECK=`grep '^export' /etc/updatedb.conf.rpmnew 2>/dev/null` 144 | if ( [ -e "/etc/updatedb.conf.rpmnew" ] && [ -z "$CHECK" ] ); then 145 | logger -p local6.notice -t installer "clearos-base - migrating configuration from slocate to mlocate" 146 | cp -p /etc/updatedb.conf.rpmnew /etc/updatedb.conf 147 | else 148 | logger -p local6.notice -t installer "clearos-base - creating default configuration for mlocate" 149 | echo "PRUNEFS = \"auto afs iso9660 sfs udf\"" > /etc/updatedb.conf 150 | echo "PRUNEPATHS = \"/afs /media /net /sfs /tmp /udev /var/spool/cups /var/spool/squid /var/tmp\"" >> /etc/updatedb.conf 151 | fi 152 | fi 153 | 154 | # Enable audit by default 155 | #------------------------ 156 | 157 | if [ $1 -eq 1 ]; then 158 | logger -p local6.notice -t installer "clearos-base - enabling audit on boot" 159 | /sbin/chkconfig auditd on >/dev/null 2>&1 160 | fi 161 | 162 | exit 0 163 | 164 | %preun 165 | if [ $1 -eq 0 ]; then 166 | logger -p local6.notice -t installer "clearos-base - uninstalling" 167 | fi 168 | 169 | %files 170 | %defattr(-,root,root) 171 | %dir /etc/clearos 172 | %dir /usr/clearos 173 | %dir /usr/clearos/bin 174 | %dir /var/clearos 175 | /etc/logrotate.d/compliance 176 | /etc/logrotate.d/system 177 | /etc/profile.d/clearos.sh 178 | /etc/security/limits.d/95-clearos.conf 179 | %{_sbindir}/addsudo 180 | %{_sbindir}/app-passwd 181 | %{_sbindir}/app-rename 182 | %{_sbindir}/app-realpath 183 | 184 | %changelog 185 | * Tue Oct 31 2017 ClearFoundation - 7.0.2-1 186 | - Added bin directory and PATH change 187 | 188 | * Tue Aug 12 2014 ClearFoundation - 7.0.0-1 189 | - Updated RPM list for ClearOS 7 190 | - Removed functions-automagic 191 | 192 | * Thu Jun 26 2014 ClearFoundation - 6.6.0-1 193 | - Changed app-passwd to perform PAM authentication 194 | 195 | * Thu May 31 2012 ClearFoundation - 6.2.2-1 196 | - Fixed password check space issue (tracker #628) 197 | - Updated audit policies 198 | 199 | * Fri Jan 27 2012 ClearFoundation - 6.2.1-1 200 | - Removed experimental postinstall script 201 | - Removed deprecated perl functions references 202 | - Cleaned up spec file 203 | 204 | * Wed Nov 23 2011 ClearFoundation - 6.1.0.beta2-1 205 | - Started changelog 206 | -------------------------------------------------------------------------------- /etc/init.d/functions-automagic: -------------------------------------------------------------------------------- 1 | #---------------------------------------------------------------------------- 2 | # 3 | # Copyright 2004 Point Clark Networks 4 | # 5 | # This script is used by init.d scripts that need to know the state 6 | # of the network (e.g. daemons that bind to only LAN interfaces). 7 | # 8 | # If you don't want any of this automagic to occur, then add the following 9 | # to /etc/sysconfig/automagic: AUTOMAGIC="off" 10 | # 11 | #---------------------------------------------------------------------------- 12 | 13 | IPCALC="/bin/ipcalc" 14 | IPBIN="/sbin/ip" 15 | 16 | 17 | #---------------------------------------------------------------------------- 18 | # Interface info 19 | #---------------------------------------------------------------------------- 20 | # 21 | # Sets variables containing an interface's IP address, network, and 22 | # netmask (IFIP, IFNETWORK, IFNETMASK, and IFPREFIX). First attempt to 23 | # use /etc/sysconfig/network-scripts/ifcfg-xxx, then try getting the 24 | # "live" configuration using 'ip'. 25 | # 26 | #---------------------------------------------------------------------------- 27 | 28 | automagic_interface_info() { 29 | IFIP= 30 | IFNETMASK= 31 | IFNETWORK= 32 | IFPREFIX= 33 | 34 | if [ -f /etc/sysconfig/network-scripts/ifcfg-$1 ]; then 35 | IPADDR= 36 | NETMASK= 37 | 38 | source /etc/sysconfig/network-scripts/ifcfg-$1 39 | 40 | if ( [ ! -z "$IPADDR" ] && [ ! -z "$NETMASK" ] ); then 41 | IFIP=$IPADDR 42 | IFNETMASK=$NETMASK 43 | IFNETWORK=`$IPCALC --network $IFIP $IFNETMASK | sed s/NETWORK=//i` 44 | IFPREFIX=`$IPCALC --prefix $IFIP $IFNETMASK | sed s/PREFIX=//i` 45 | else 46 | ADDR=`$IPBIN addr show dev $1 | grep $1$ | awk '{ print $2 }'` 47 | IFIP=`echo $ADDR | cut -d/ -f1` 48 | 49 | if [ ! -z "$IFIP" ]; then 50 | # PPPOEKLUDGE 51 | if [ "${1:0:3}" == "ppp" ]; then 52 | IFNETMASK="255.255.255.255" 53 | IFNETWORK=$IFIP 54 | IFPREFIX="32" 55 | elif [ ! -z "$ADDR" ]; then 56 | IFPREFIX=`echo $ADDR | cut -d/ -f2` 57 | IFNETWORK=`$IPCALC --network $ADDR | sed s/NETWORK=//i` 58 | IFNETMASK=`$IPCALC --netmask $ADDR | sed s/NETMASK=//i` 59 | fi 60 | fi 61 | fi 62 | else 63 | ADDR=`$IPBIN addr show dev $1 | grep $1$ | awk '{ print $2 }'` 64 | IFIP=`echo $ADDR | cut -d/ -f1` 65 | 66 | if [ ! -z "$IFIP" ]; then 67 | # PPPOEKLUDGE 68 | if [ "${1:0:3}" == "ppp" ]; then 69 | IFNETMASK="255.255.255.255" 70 | IFNETWORK=$IFIP 71 | IFPREFIX="32" 72 | elif [ ! -z "$ADDR" ]; then 73 | IFPREFIX=`echo $ADDR | cut -d/ -f2` 74 | IFNETWORK=`$IPCALC --network $ADDR | sed s/NETWORK=//i` 75 | IFNETMASK=`$IPCALC --netmask $ADDR | sed s/NETMASK=//i` 76 | fi 77 | fi 78 | fi 79 | } 80 | 81 | 82 | #---------------------------------------------------------------------------- 83 | # Network info 84 | #---------------------------------------------------------------------------- 85 | # 86 | # The following variables are defined with the appropriate data: 87 | # - AUTOMAGIC_LANIFS: a list of LAN interfaces 88 | # - AUTOMAGIC_LANIPS: a list of LAN IPs 89 | # - AUTOMAGIC_LANNETS: a list of LAN networks 90 | # - AUTOMAGIC_DMZIFS: a list of DMZ interfaces 91 | # - AUTOMAGIC_DMZIPS: a list of DMZ IPs 92 | # - AUTOMAGIC_DMZNETS: a list of DMZ networks 93 | # - AUTOMAGIC_EXTIFS: a list of external interfaces 94 | # - AUTOMAGIC_EXTIPS: a list of external IPs 95 | # - AUTOMAGIC_EXTNETS: a list of external networks 96 | # - AUTOMAGIC_EXTIFSREAL: the *physical* external interfaces (see note below) 97 | # 98 | # Deprecated now that multi-WAN support is included: 99 | # - AUTOMAGIC_EXTIF: the external interface (Internet or upstream) 100 | # - AUTOMAGIC_EXTIP: the external IP address 101 | # - AUTOMAGIC_EXTNET: the external network 102 | # - AUTOMAGIC_EXTIFREAL: the *physical* external interface (see note below) 103 | # 104 | ### 105 | # 106 | # Note the "yet another PPPoE kludge" (sigh). The AUTOMAGIC_EXTIFREAL is set 107 | # to the *physical* external interface (e.g. eth0 physical interface on a 108 | # ppp0 PPPoE connection). Some packages require this. 109 | # 110 | #---------------------------------------------------------------------------- 111 | 112 | if [ -e /etc/clearos/network.conf ]; then 113 | source /etc/clearos/network.conf 114 | 115 | # PPPOEKLUDGE: define the real interface used by PPPoE 116 | NETCFGDIR="/etc/sysconfig/network-scripts" 117 | PPPOEFILES=`ls $NETCFGDIR/ifcfg-ppp* 2>/dev/null` 118 | for PPPOEFILE in $PPPOEFILES; do 119 | source $PPPOEFILE 120 | if [ -n $ETH ]; then 121 | PPPOEIFS="$PPPOEIFS $ETH" 122 | fi 123 | ETH="" 124 | done 125 | 126 | # Any non-explicitly defined interface is a LAN interface (legacy issue) 127 | UNDEFINEDIF=`ifconfig | grep -B1 addr:[[:digit:]] | grep ^[ae]th | awk '{ print $1 }' | grep -v ":"` 128 | for DEFINEDIF in $EXTIF $DMZIF $LANIF $HOTIF $PPPOEIFS; do 129 | UNDEFINEDIF=`echo $UNDEFINEDIF | sed "s/$DEFINEDIF//"` 130 | done 131 | LANIF="$LANIF $UNDEFINEDIF" 132 | 133 | # If standalone mode, all interfaces are considered LANs 134 | [ "$MODE" == "standalone" ] && LANIF="$LANIF $EXTIF" 135 | [ "$MODE" == "trustedstandalone" ] && LANIF="$LANIF $EXTIF" 136 | 137 | # Load network information 138 | for IF in $LANIF; do 139 | automagic_interface_info $IF 140 | if [ -n "$IFIP" ]; then 141 | AUTOMAGIC_LANIFS="$IF $AUTOMAGIC_LANIFS" 142 | AUTOMAGIC_LANIPS="$IFIP $AUTOMAGIC_LANIPS" 143 | AUTOMAGIC_LANNETS="$IFNETWORK/$IFPREFIX $AUTOMAGIC_LANNETS" 144 | fi 145 | done 146 | 147 | for IF in $HOTIF; do 148 | automagic_interface_info $IF 149 | if [ -n "$IFIP" ]; then 150 | AUTOMAGIC_HOTIFS="$IF $AUTOMAGIC_HOTIFS" 151 | AUTOMAGIC_HOTIPS="$IFIP $AUTOMAGIC_HOTIPS" 152 | AUTOMAGIC_HOTNETS="$IFNETWORK/$IFPREFIX $AUTOMAGIC_HOTNETS" 153 | fi 154 | done 155 | 156 | for IF in $DMZIF; do 157 | automagic_interface_info $IF 158 | if [ -n "$IFIP" ]; then 159 | AUTOMAGIC_DMZIFS="$IF $AUTOMAGIC_DMZIFS" 160 | AUTOMAGIC_DMZIPS="$IFIP $AUTOMAGIC_DMZIPS" 161 | AUTOMAGIC_DMZNETS="$IFNETWORK/$IFPREFIX $AUTOMAGIC_DMZNETS" 162 | fi 163 | done 164 | 165 | for IF in $EXTIF; do 166 | automagic_interface_info $IF 167 | if [ -n "$IFIP" ]; then 168 | AUTOMAGIC_EXTIFS="$IF $AUTOMAGIC_EXTIFS" 169 | AUTOMAGIC_EXTIPS="$IFIP $AUTOMAGIC_EXTIPS" 170 | AUTOMAGIC_EXTNETS="$IFNETWORK/$IFPREFIX $AUTOMAGIC_EXTNETS" 171 | fi 172 | done 173 | 174 | # PPPOEKLUDGE... sigh 175 | STRIPPPPOE=`echo $EXTIF | sed 's/ppp[0-9]//g'` 176 | AUTOMAGIC_EXTIFSREAL="$STRIPPPPOE $PPPOEIFS" 177 | 178 | #-------------------------- 179 | # Deprecated stuff -- start 180 | #-------------------------- 181 | 182 | OLDEXTIF=`echo $EXTIF | awk '{ print $1 }'` 183 | if [ -n "$OLDEXTIF" ]; then 184 | automagic_interface_info $OLDEXTIF 185 | AUTOMAGIC_EXTIF="$OLDEXTIF" 186 | AUTOMAGIC_EXTIP="$IFIP" 187 | AUTOMAGIC_EXTNET="$IFNETWORK/$IFPREFIX" 188 | fi 189 | 190 | # PPPOEKLUDGE 191 | if [ "$AUTOMAGIC_EXTIF" == "ppp0" ]; then 192 | AUTOMAGIC_EXTIFREAL="eth0" 193 | else 194 | AUTOMAGIC_EXTIFREAL=$AUTOMAGIC_EXTIF 195 | fi 196 | 197 | #-------------------------- 198 | # Deprecated stuff -- end 199 | #-------------------------- 200 | 201 | if [ 1 == 0 ]; then 202 | echo "AUTOMAGIC_LANIPS: $AUTOMAGIC_LANIPS" 203 | echo "AUTOMAGIC_LANIFS: $AUTOMAGIC_LANIFS" 204 | echo "AUTOMAGIC_LANNETS: $AUTOMAGIC_LANNETS" 205 | echo "AUTOMAGIC_HOTIPS: $AUTOMAGIC_HOTIPS" 206 | echo "AUTOMAGIC_HOTIFS: $AUTOMAGIC_HOTIFS" 207 | echo "AUTOMAGIC_HOTNETS: $AUTOMAGIC_HOTNETS" 208 | echo "AUTOMAGIC_DMZIPS: $AUTOMAGIC_DMZIPS" 209 | echo "AUTOMAGIC_DMZIFS: $AUTOMAGIC_DMZIFS" 210 | echo "AUTOMAGIC_DMZNETS: $AUTOMAGIC_DMZNETS" 211 | echo "AUTOMAGIC_EXTIPS: $AUTOMAGIC_EXTIPS" 212 | echo "AUTOMAGIC_EXTIFS: $AUTOMAGIC_EXTIFS" 213 | echo "AUTOMAGIC_EXTNETS: $AUTOMAGIC_EXTNETS" 214 | echo "AUTOMAGIC_EXTIFSREAL: $AUTOMAGIC_EXTIFSREAL" 215 | 216 | echo "AUTOMAGIC Deprecated" 217 | echo "AUTOMAGIC_EXTIP: $AUTOMAGIC_EXTIP" 218 | echo "AUTOMAGIC_EXTIF: $AUTOMAGIC_EXTIF" 219 | echo "AUTOMAGIC_EXTNET: $AUTOMAGIC_EXTNET" 220 | echo "AUTOMAGIC_EXTIFREAL: $AUTOMAGIC_EXTIFREAL" 221 | fi 222 | fi 223 | 224 | --------------------------------------------------------------------------------