1 |
chainsaw 13/08/28 10:15:35 |
2 |
|
3 |
Added: asterisk.initd7 |
4 |
Log: |
5 |
Security upgrades for AST-2013-004 & AST-2013-005 on both branches. Behavioral improvements for G729 VAD, closes bug #480928. Add missed ownership checks to init script, closes bug #482688. Both by Jaco Kroon. Removed all insecure non-stable ebuilds. |
6 |
|
7 |
(Portage version: 2.2.1/cvs/Linux x86_64, signed Manifest commit with key 0xB5058F9A) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 net-misc/asterisk/files/1.8.0/asterisk.initd7 |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/asterisk/files/1.8.0/asterisk.initd7?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/asterisk/files/1.8.0/asterisk.initd7?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: asterisk.initd7 |
16 |
=================================================================== |
17 |
#!/sbin/runscript |
18 |
# Copyright 1999-2013 Gentoo Foundation |
19 |
# Distributed under the terms of the GNU General Public License v2 |
20 |
# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/files/1.8.0/asterisk.initd7,v 1.1 2013/08/28 10:15:35 chainsaw Exp $ |
21 |
|
22 |
extra_started_commands="forcestop reload" |
23 |
|
24 |
depend() { |
25 |
need net |
26 |
use nscd dns dahdi mysql postgresql slapd capi |
27 |
} |
28 |
|
29 |
is_running() { |
30 |
[ -r "${ast_rundir}/asterisk.pid" ] || return 1 |
31 |
PID="$(cat "${ast_rundir}/asterisk.pid")" |
32 |
[ -d "/proc/${PID}" ] || return 1 |
33 |
EXE="$(readlink -f /proc/${PID}/exe)" |
34 |
EXE="${EXE% (deleted)}" # in case asterisk got upgraded and we're still looking at an old one. |
35 |
[ "${EXE}" = /usr/sbin/asterisk ] || return 1 # pid got re-used for another process. |
36 |
|
37 |
# PID reported in pidfile is active, and is still an asterisk instance. |
38 |
return 0 |
39 |
} |
40 |
|
41 |
# Sets up a few variables for us for use |
42 |
# ast_instancename: eg, asterisk when RC_SVCNAME=asterisk, or asterisk(foo) when asterisk.foo. |
43 |
# ast_rundir: directory to be used as run folder (pid and ctl files). |
44 |
# ast_spooldir: |
45 |
setup_svc_variables() |
46 |
{ |
47 |
local t |
48 |
|
49 |
ast_instancename=asterisk |
50 |
ast_rundir=/var/run/${RC_SVCNAME} |
51 |
ast_logdir=/var/log/${RC_SVCNAME} |
52 |
ast_spooldir=/var/spool/${RC_SVCNAME} |
53 |
ast_confdir=/etc/${RC_SVCNAME/.//} |
54 |
|
55 |
if [ "${RC_SVCNAME}" != "asterisk" ]; then |
56 |
t="${RC_SVCNAME#asterisk.}" |
57 |
if [ "${RC_SVCNAME}" = "${t}" ]; then |
58 |
eerror "Invalid SVCNAME of ${RC_SVCNAME}, must be of the format asterisk.name." |
59 |
return 1 |
60 |
fi |
61 |
ast_instancename+="(${t})" |
62 |
fi |
63 |
|
64 |
[ -n "${ASTERISK_RUNDIR}" ] && ast_rundir="${ASTERISK_RUNDIR}" |
65 |
[ -n "${ASTERISK_LOGDIR}" ] && ast_logdir="${ASTERISK_LOGDIR}" |
66 |
[ -n "${ASTERISK_SPOOLDIR}" ] && ast_spooldir="${ASTERISK_SPOOLDIR}" |
67 |
[ -n "${ASTERISK_CONFDIR}" ] && ast_confdir="${ASTERISK_CONFDIR}" |
68 |
|
69 |
return 0 |
70 |
} |
71 |
|
72 |
asterisk_run_loop() { |
73 |
local result=0 signal=0 |
74 |
|
75 |
echo "Initializing ${ast_instancename} wrapper" |
76 |
OPTS="$*" |
77 |
|
78 |
trap "rm -f '${ast_rundir}/wrapper_loop.running'" EXIT |
79 |
touch "${ast_rundir}/wrapper_loop.running" |
80 |
|
81 |
while [ -r "${ast_rundir}/wrapper_loop.running" ]; do |
82 |
if [ -n "${TTY}" ]; then |
83 |
/usr/bin/stty -F "${TTY}" sane |
84 |
${NICE} /usr/sbin/asterisk -C "${ast_confdir}/asterisk.conf" ${OPTS} >"${TTY}" 2>&1 <"${TTY}" |
85 |
result=$? |
86 |
else |
87 |
${NICE} /usr/sbin/asterisk -C "${ast_confdir}/asterisk.conf" ${OPTS} 2>&1 >/dev/null |
88 |
result=$? |
89 |
fi |
90 |
|
91 |
if [ "$result" -eq 0 ]; then |
92 |
echo "Asterisk terminated normally" |
93 |
break |
94 |
else |
95 |
if [ "$result" -gt 128 ]; then |
96 |
signal="$(expr "$result" - 128)" |
97 |
MSG="Asterisk terminated with Signal: $signal" |
98 |
|
99 |
CORE_TARGET="core-$(date "+%Y%m%d-%H%M%S")" |
100 |
|
101 |
local CORE_DUMPED=0 |
102 |
if [ -f "${ASTERISK_CORE_DIR}/core" ]; then |
103 |
mv "${ASTERISK_CORE_DIR}/core" \ |
104 |
"${ASTERISK_CORE_DIR}/${CORE_TARGET}" |
105 |
CORE_DUMPED=1 |
106 |
|
107 |
elif [ -f "${ASTERISK_CORE_DIR}/core.${PID}" ]; then |
108 |
mv "${ASTERISK_CORE_DIR}/core.${PID}" \ |
109 |
"${ASTERISK_CORE_DIR}/${CORE_TARGET}" |
110 |
CORE_DUMPED=1 |
111 |
|
112 |
fi |
113 |
|
114 |
[ $CORE_DUMPED -eq 1 ] && \ |
115 |
MSG="${MSG}\n\rCore dumped: ${ASTERISK_CORE_DIR}/${CORE_TARGET}" |
116 |
else |
117 |
MSG="Asterisk terminated with return code: $result" |
118 |
fi |
119 |
|
120 |
# kill left-over tasks |
121 |
for X in ${ASTERISK_CLEANUP_ON_CRASH}; do |
122 |
kill -9 "$(pidof "${X}")"; |
123 |
done |
124 |
fi |
125 |
|
126 |
[ -n "${TTY}" ] \ |
127 |
&& echo "${MSG}" >"${TTY}" \ |
128 |
|| echo "${MSG}" |
129 |
|
130 |
|
131 |
if [ -n "${ASTERISK_NOTIFY_EMAIL}" ] && \ |
132 |
[ -x /usr/sbin/sendmail ]; then |
133 |
echo -e -n "Subject: Asterisk crashed\r\n${MSG}\r\n" |\ |
134 |
/usr/sbin/sendmail "${ASTERISK_NOTIFY_EMAIL}" |
135 |
fi |
136 |
sleep "${ASTERISK_RESTART_DELAY}" |
137 |
echo "Restarting Asterisk..." |
138 |
done |
139 |
|
140 |
echo "Terminating wrapper loop." |
141 |
return 0 |
142 |
} |
143 |
|
144 |
start() { |
145 |
local OPTS USER GROUP PID |
146 |
local tmp x |
147 |
|
148 |
local OPTS ARGS |
149 |
|
150 |
setup_svc_variables || return $? |
151 |
|
152 |
ebegin "Starting ${ast_instancename} PBX" |
153 |
|
154 |
eindent |
155 |
|
156 |
# filter (redundant) arguments |
157 |
OPTS="$(echo "${ASTERISK_OPTS}" | sed -re "s:-[cfF]::g")" |
158 |
|
159 |
# default options |
160 |
OPTS="${OPTS} -f" # don't fork / detach breaks wrapper script... |
161 |
|
162 |
# mangle yes/no options |
163 |
ASTERISK_CONSOLE="$(echo ${ASTERISK_CONSOLE} | tr '[:lower:]' '[:upper:]')" |
164 |
ASTERISK_WAITBOOTED="$(echo "${ASTERISK_WAITBOOTED}" | tr '[:lower:]' '[:upper:]')" |
165 |
|
166 |
ASTERISK_RESTART_DELAY="$(echo "${ASTERISK_RESTART_DELAY}" | sed -re 's/^([0-9]*).*/\1/')" |
167 |
[ -z "${ASTERISK_RESTART_DELAY}" ] && ASTERISK_RESTART_DELAY=5 |
168 |
|
169 |
if [ -n "${ASTERISK_CORE_SIZE}" ] && |
170 |
[ "${ASTERISK_CORE_SIZE}" != "0" ]; then |
171 |
ulimit -c ${ASTERISK_CORE_SIZE} |
172 |
|
173 |
if [ -n "${ASTERISK_CORE_DIR}" ] && \ |
174 |
[ ! -d "${ASTERISK_CORE_DIR}" ] |
175 |
then |
176 |
mkdir -m750 -p "${ASTERISK_CORE_DIR}" |
177 |
|
178 |
if [ -n "${ASTERISK_USER}" ]; then |
179 |
chown -R "${ASTERISK_USER}" "${ASTERISK_CORE_DIR}" |
180 |
fi |
181 |
fi |
182 |
ASTERISK_CORE_DIR="${ASTERISK_CORE_DIR:-/tmp}" |
183 |
|
184 |
cd "${ASTERISK_CORE_DIR}" |
185 |
einfo "Core dump size : ${ASTERISK_CORE_SIZE}" |
186 |
einfo "Core dump location : ${ASTERISK_CORE_DIR}" |
187 |
|
188 |
OPTS="${OPTS} -g" |
189 |
fi |
190 |
|
191 |
if [ -n "${ASTERISK_MAX_FD}" ]; then |
192 |
ulimit -n ${ASTERISK_MAX_FD} |
193 |
einfo "Max open filedescriptors : ${ASTERISK_MAX_FD}" |
194 |
fi |
195 |
|
196 |
if [ -n "${ASTERISK_NICE}" ]; then |
197 |
if [ ${ASTERISK_NICE} -ge -20 ] && \ |
198 |
[ ${ASTERISK_NICE} -le 19 ]; then |
199 |
einfo "Nice level : ${ASTERISK_NICE}" |
200 |
NICE="nice -n ${ASTERISK_NICE} --" |
201 |
else |
202 |
eerror "Nice value must be between -20 and 19" |
203 |
return 1 |
204 |
fi |
205 |
else |
206 |
NICE="" |
207 |
fi |
208 |
|
209 |
if [ -n "${ASTERISK_NOTIFY_EMAIL}" ]; then |
210 |
if [ -x /usr/sbin/sendmail ]; then |
211 |
einfo "Email notifications go to : ${ASTERISK_NOTIFY_EMAIL}" |
212 |
else |
213 |
ewarn "Notifications disabled, /usr/sbin/sendmail doesn't exist or is not executable!" |
214 |
unset ASTERISK_NOTIFY_EMAIL |
215 |
fi |
216 |
fi |
217 |
|
218 |
if [ -n "${ASTERISK_TTY}" ]; then |
219 |
for x in ${ASTERISK_TTY} \ |
220 |
/dev/tty${ASTERISK_TTY} \ |
221 |
/dev/vc/${ASTERISK_TTY} |
222 |
do |
223 |
if [ -c "${x}" ]; then |
224 |
TTY="${x}" |
225 |
fi |
226 |
done |
227 |
[ -n "${TTY}" ] && \ |
228 |
einfo "Messages are sent to : ${TTY}" |
229 |
fi |
230 |
|
231 |
if [ "${ASTERISK_CONSOLE}" = "YES" ] && [ -n "${TTY}" ]; then |
232 |
einfo "Starting Asterisk console : ${ASTERISK_CONSOLE}" |
233 |
OPTS="${OPTS} -c" |
234 |
fi |
235 |
|
236 |
if [ -n "${ASTERISK_USER}" ]; then |
237 |
USER="$(echo $ASTERISK_USER | sed 's/:.*//')" |
238 |
GROUP="$(echo $ASTERISK_USER | awk -F: '/.*:.*/ { print $2 }')" |
239 |
if [ -n "${USER}" ]; then |
240 |
if ! getent passwd "${USER}" &>/dev/null; then |
241 |
eerror "Requested to run asterisk as ${USER}, which doesn't exist." |
242 |
return 1 |
243 |
fi |
244 |
OPTS="${OPTS} -U ${USER}" |
245 |
fi |
246 |
if [ -n "${GROUP}" ]; then |
247 |
if ! getent group "${GROUP}" &>/dev/null; then |
248 |
eerror "Requested to run asterisk with group ${USER}, which doesn't exist." |
249 |
return 1 |
250 |
fi |
251 |
OPTS="${OPTS} -G ${GROUP}" |
252 |
GROUP=":${GROUP}" # make it look nice... |
253 |
fi |
254 |
checkpath -d -m 0755 -o ${USER}${GROUP} "${ast_logdir}" "${ast_rundir}" "${ast_spooldir}" |
255 |
find "${ast_logdir}" "${ast_rundir}" "${ast_spooldir}" ! -user "${USER}" | while read element; do |
256 |
ewarn "${USER} is not the owner of $element, or permissions are insufficient, fixing." |
257 |
chown ${USER} "${element}" |
258 |
chmod u+rX "${element}" |
259 |
done; |
260 |
einfo "Starting asterisk as : ${USER}${GROUP}" |
261 |
else |
262 |
checkpath -d -m 0755 -o root:root "${ast_logdir}" "${ast_rundir}" |
263 |
ewarn "Starting asterisk as root is not recommended." |
264 |
fi |
265 |
|
266 |
asterisk_run_loop ${OPTS} 2>&1 | logger -t "wrapper:${ast_instancename}" & |
267 |
result=$? |
268 |
|
269 |
if [ $result -eq 0 ]; then |
270 |
# 2 seconds should be enough for asterisk to start |
271 |
sleep 2 |
272 |
is_running |
273 |
result=$? |
274 |
|
275 |
[ $result -eq 0 ] || wrapperstop |
276 |
fi |
277 |
|
278 |
eoutdent |
279 |
eend $result |
280 |
|
281 |
if [ $result -eq 0 -a "${ASTERISK_WAITBOOTED}" = "YES" ]; then |
282 |
ebegin "Waiting for ${ast_instancename} to fully boot" |
283 |
/usr/sbin/asterisk -C "${ast_confdir}/asterisk.conf" -r -x "core waitfullybooted" &>/dev/null |
284 |
eend $? |
285 |
fi |
286 |
|
287 |
return $result |
288 |
} |
289 |
|
290 |
wrapperstop() { |
291 |
# Accomodate system upgrades (so a previous version of the wrapper script that still uses a pid file may be running). |
292 |
if [ -r "${ast_rundir}/wrapper_loop.pid" ]; then |
293 |
ebegin "Killing wrapper script" |
294 |
kill "$(cat /var/run/asterisk/wrapper_loop.pid)" |
295 |
eend $? |
296 |
fi |
297 |
|
298 |
# The new one (due to "hardened" requirements) uses a simpler |
299 |
# flag to indicate running or shutting down. |
300 |
if [ -r "${ast_rundir}/wrapper_loop.running" ]; then |
301 |
ebegin "Signalling wrapper script to terminate" |
302 |
rm "${ast_rundir}/wrapper_loop.running" |
303 |
eend $? |
304 |
fi |
305 |
|
306 |
return 0 |
307 |
} |
308 |
|
309 |
forcestop() { |
310 |
setup_svc_variables || return $? |
311 |
|
312 |
# Just to be sure - when we want to forcestop we should make it all tear down. |
313 |
wrapperstop |
314 |
|
315 |
ebegin "Stopping asterisk PBX" |
316 |
start-stop-daemon --stop --pidfile /var/run/asterisk/asterisk.pid |
317 |
eend $? |
318 |
} |
319 |
|
320 |
stop() { |
321 |
setup_svc_variables || return $? |
322 |
|
323 |
wrapperstop |
324 |
|
325 |
if ! is_running; then |
326 |
eerror "Asterisk is not running!" |
327 |
return 0 |
328 |
fi |
329 |
|
330 |
ebegin "Stopping asterisk PBX gracefully" |
331 |
/usr/sbin/asterisk -C "${ast_confdir}/asterisk.conf" -r -x "core stop gracefully" &>/dev/null |
332 |
# Now we have to wait until asterisk has _really_ stopped. |
333 |
sleep 1 |
334 |
if is_running; then |
335 |
einfon "Waiting for asterisk to shutdown ." |
336 |
local cnt=0 |
337 |
while is_running; do |
338 |
cnt="$(expr $cnt + 1)" |
339 |
if [ $cnt -gt 60 ] ; then |
340 |
# Waited 120 seconds now. Fail. |
341 |
echo |
342 |
eend 1 "Failed." |
343 |
return |
344 |
fi |
345 |
sleep 2 |
346 |
echo -n "." |
347 |
done |
348 |
echo |
349 |
fi |
350 |
eend 0 |
351 |
} |
352 |
|
353 |
reload() { |
354 |
setup_svc_variables || return $? |
355 |
|
356 |
if is_running; then |
357 |
ebegin "Forcing asterisk to reload configuration" |
358 |
/usr/sbin/asterisk -C "${ast_confdir}/asterisk.conf" -r -x "module reload" &>/dev/null |
359 |
eend $? |
360 |
else |
361 |
eerror "Asterisk is not running!" |
362 |
fi |
363 |
} |