X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=blobdiff_plain;f=debian%2Fhippotat.init;h=640bd8f26a24a795fccab59c3c048f4557facb83;hb=708eda31e6d8c6fd0555a10eb3c9ef7cfebdd458;hp=8fcde4f517acd59b9a9bab20510e8d9c41be4a10;hpb=477169b146487f743bcdf771b3ce1028cf72e313;p=hippotat.git

diff --git a/debian/hippotat.init b/debian/hippotat.init
index 8fcde4f..640bd8f 100644
--- a/debian/hippotat.init
+++ b/debian/hippotat.init
@@ -15,7 +15,11 @@ MASTER_CONFIG=/etc/hippotat/master.cfg
 USER=Debian-hippotat
 PIDFILE=/var/run/hippotat/hippotatd.pid
 LOGFACILITY=daemon
+CHECK_FIREWALL=true
 # HIPPOTATD_ARGS
+AS_USER=as_user_userv
+DESCRIPTION='Asinine IP over HTTP server'
+if type -p authbind >/dev/null 2>&1; then AUTHBIND=authbind; fi
 
 . /etc/default/hippotatd
 
@@ -24,6 +28,13 @@ egrep '^[^ 	#]' $MASTER_CONFIG >/dev/null 2>&1 || exit 0
 
 . /lib/lsb/init-functions
 
+as_user_userv () {
+	userv --override '
+		execute-from-path
+		no-suppress-args
+	' $USER "$@"
+}
+
 ssd () {
 	set +e
 	start-stop-daemon --start --quiet --user $USER --pidfile=$PIDFILE "$@"
@@ -37,10 +48,28 @@ ensure_dirs () {
 	chown $USER $pidfiledir
 }
 
+dump_firewall () {
+	iptables -L -v -n
+}
+
+print_config () {
+	$AS_USER $DAEMON $HIPPOTATD_ARGS --print-config "$1"
+}
+
+check_firewall () {
+	vnetwork=$(print_config vnetwork)
+	if dump_firewall | fgrep " $vnetwork " >/dev/null; then :; else
+		log_failure_msg \
+ "no entry in firewall for insecure vnetwork $vnetwork"
+		exit 1
+	fi
+}
+
 do_start () {
+	check_firewall
 	ensure_dirs
-	ssd	--chuid $USER --startas \
-		$DAEMON --daemon --pidfile=$PIDFILE \
+	ssd	--chuid $USER --startas				\
+		$AUTHBIND $DAEMON --daemon --pidfile=$PIDFILE	\
 		--syslog-facility=$LOGFACILITY $HIPPOTATD_ARGS
 }
 do_stop () {
@@ -49,19 +78,19 @@ do_stop () {
 
 case "$1" in
 start)
-	log_daemon_msg "Starting IP over HTTP server" hippotatd
+	log_daemon_msg "Starting $DESCRIPTION" hippotatd
 	do_start
 	log_end_msg $rc
 	;;
 
 stop)
-	log_daemon_msg "Stopping IP over HTTP server" hippotatd
+	log_daemon_msg "Stopping $DESCRIPTION" hippotatd
 	do_stop
 	log_end_msg $rc
 	;;
 
 restart|force-reload)
-	log_daemon_msg "Restarting IP over HTTP server" hippotatd
+	log_daemon_msg "Restarting $DESCRIPTION" hippotatd
 	do_stop
 	sleep 1
 	do_start