From 82ac5783eef04686441dc9550295e6798c3aae33 Mon Sep 17 00:00:00 2001 From: frank Date: Mon, 16 Jan 2012 00:37:10 +0100 Subject: [PATCH] committing changes in /etc after emerge run Package changes: +net-libs/openslp-1.2.1-r1 --- .etckeeper | 4 ++ init.d/slpd | 89 +++++++++++++++++++++++ slp.conf | 202 ++++++++++++++++++++++++++++++++++++++++++++++++++++ slp.reg | 39 ++++++++++ slp.spi | 78 ++++++++++++++++++++ 5 files changed, 412 insertions(+) create mode 100755 init.d/slpd create mode 100644 slp.conf create mode 100644 slp.reg create mode 100644 slp.spi diff --git a/.etckeeper b/.etckeeper index 5cc67835..490c7239 100755 --- a/.etckeeper +++ b/.etckeeper @@ -274,6 +274,7 @@ maybe chmod 0755 './init.d/root' maybe chmod 0755 './init.d/rsyncd' maybe chmod 0755 './init.d/savecache' maybe chmod 0755 './init.d/shutdown.sh' +maybe chmod 0755 './init.d/slpd' maybe chmod 0755 './init.d/sshd' maybe chmod 0755 './init.d/staticroute' maybe chmod 0755 './init.d/svnserve' @@ -461,6 +462,9 @@ maybe chmod 0644 './skel/.bash_logout' maybe chmod 0644 './skel/.bash_profile' maybe chmod 0644 './skel/.bashrc' maybe chmod 0700 './skel/.ssh' +maybe chmod 0644 './slp.conf' +maybe chmod 0644 './slp.reg' +maybe chmod 0644 './slp.spi' maybe chmod 0644 './slsh.rc' maybe chmod 0755 './ssh' maybe chmod 0644 './ssh/moduli' diff --git a/init.d/slpd b/init.d/slpd new file mode 100755 index 00000000..68657200 --- /dev/null +++ b/init.d/slpd @@ -0,0 +1,89 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-libs/openslp/files/slpd-init,v 1.4 2007/07/13 13:20:28 uberlord Exp $ + +depend() { + need net +} + +# +# Does nothing if a route exists that supports multicast traffic. +# If no routes supporting multicast traffic exists, the function +# tries to add one. A 0 is returned on success and a 1 on failure. +# One parameter must be passed in. This variable determins verbosity. +# If parameter is non-zero debugging will appear. +# +multicast_route_set() { + PING_OPTIONS_1='-c1 -w1' + PING_OPTIONS_2='-c1 -i1' + MULTICAST_ADDRESS='239.255.255.253' + TMP_FILE=/tmp/route.check + PING_ERROR_NO_ROUTE='unreachable' + + MSG_FAILED_TO_FIND='Failed to Detect Multicast Route' + MSG_SUCCESS_ON_FIND='Multicast Route Enabled' + MSG_ADDING_ROUTE='Attempting to Add Multicast Route ...' + MSG_FAILED_TO_ADD=' FAILED - Route NOT Added.' + MSG_SUCCES_ON_ADD=' SUCCESS - Route Added.' + + CMD_GET_INTERFACE="netstat -i | awk 'BEGIN{}(NR>2)&&(!/^lo*/){print \$1}'" + CMD_ADD_ROUTE="route add -net 224.0.0.0 netmask 240.0.0.0" + + ping $PING_OPTIONS_1 $MULTICAST_ADDRESS 2> $TMP_FILE 1> /dev/null + if [ $? = 2 ]; then + ping $PING_OPTIONS_2 $MULTICAST_ADDRESS 2> $TMP_FILE 1> /dev/null + fi + + grep $PING_ERROR_NO_ROUTE $TMP_FILE > /dev/null 2>&1 + err_unreachable_found=$? + + #If errors, add route. Otherwise, do nothing + if [ -s $TMP_FILE ] && [ $err_unreachable_found = 0 ]; then + + if [ $1 != 0 ]; then + echo $MSG_FAILED_TO_FIND + echo $MSG_ADDING_ROUTE + fi + + $CMD_ADD_ROUTE `eval $CMD_GET_INTERFACE` > /dev/null 2>&1 + retval=$? + if [ $1 != 0 ]; then + + if [ $retval = 0 ]; then + echo $MSG_SUCCES_ON_ADD + else + echo $MSG_FAILED_TO_ADD + fi + fi + else + if [ $1 != 0 ]; then + echo -n $MSG_SUCCESS_ON_FIND + fi + retval=0 + fi + + rm -f $TMP_FILE # Clean up + return $retval +} + +checkconfig() { + multicast_route_set 0 + if [ $? -ne 0 ]; then + eerror "No route available for multicast traffic!" + return 1 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting slpd" + start-stop-daemon --start --quiet --exec /usr/sbin/slpd --pidfile /var/run/slpd.pid + eend $? +} + +stop() { + ebegin "Stopping slpd" + start-stop-daemon --stop --quiet --pidfile /var/run/slpd.pid + eend $? +} diff --git a/slp.conf b/slp.conf new file mode 100644 index 00000000..e858e9e5 --- /dev/null +++ b/slp.conf @@ -0,0 +1,202 @@ +############################################################################# +# +# OpenSLP configuration file +# +# Format and contents conform to specification in IETF RFC 2614 so the +# comments use the language of the RFC. In OpenSLP, SLPD operates as an SA +# and a DA. The SLP UA functionality is encapsulated by SLPLIB. +# +############################################################################# + + +#---------------------------------------------------------------------------- +# Static Scope and Static DA Configuration +#---------------------------------------------------------------------------- + +# This option is a comma delimited list of strings indicating the only scopes +# a UA or SA is allowed when making requests or registering or the scopes a +# DA must support. (default value is "DEFAULT") +;net.slp.useScopes = myScope1, myScope2, myScope3 + +# Allows administrator to force UA and SA agents to use specific DAs. If +# this setting is not used dynamic DA discovery will be used to determine +# which DAs to use. (Default is to use dynamic DA discovery) +;net.slp.DAAddresses = myDa1,myDa2,myDa3 + + +#---------------------------------------------------------------------------- +# DA Specific Configuration +#---------------------------------------------------------------------------- + +# Enables slpd to function as a DA. Only a very few DAs should exist. It +# is suggested that the administrator read the OpenSLP users guide before +# enabling this setting. Default is false. Uncomment the line below to +# enable DA operation. +;net.slp.isDA = true + +# A 32 bit integer giving the number of seconds for the DA heartbeat. +# Default is 3 hours (10800 seconds). This property corresponds to +# the protocol specification parameter CONFIG_DA_BEAT [7]. Ignored +# if isDA is false. +;net.slp.DAHeartBeat = 10800 + + +#---------------------------------------------------------------------------- +# SA Specific Configuration +#---------------------------------------------------------------------------- + +# If net.slp.watchRegistrationPID is set to true, local registrations made +# with the SA via the SLPReg() API call will be monitored. If the PID of the +# process (and/or thread on Linux) disappears (the registering process died +# unexpectedly with out calling SLPDereg()), then the registration is +# automatically de-registered. (Default value is true. Uncomment the line +# below to disable PID watching. +;net.slp.watchRegistrationPID = false + + +#---------------------------------------------------------------------------- +# UA Specific Configuration +#---------------------------------------------------------------------------- +# A 32 bit integer giving the maximum number of results to accumulate and +# return for a synchronous request before the timeout, or the maximum number +# of results to return through a callback if the request results are +# reported asynchronously (default value is 256). +;net.slp.maxResults = 256 + + +#---------------------------------------------------------------------------- +# Network Configuration Properties +#---------------------------------------------------------------------------- + +# Force broadcasts to be used instead of multicast. This setting is seldom +# necessary since OpenSLP will automatically use broadcast if multicast +# is unavailable. (Default is false) +;net.slp.isBroadcastOnly = true + +# A boolean indicating whether passive DA detection should be used. +# Default is true. Uncomment the following line to disable passive DA +# detection +;net.slp.passiveDADetection = false + +# A boolean indicating whether active DA detection should be used. This is +# useful when the DAs available are explicitly restricted to those obtained +# from DHCP or the net.slp.DAAddresses property. Default is true. Uncomment +# the following line to disable active DA detection +;net.slp.activeDADetection = false + +# The net.slp.DAActiveDiscoveryInterval property controls *periodic* +# transmission of active DA discovery SrvRqsts. The default setting +# of 1 which disables sending periodic active DA discovery SrvRqsts. +# However, even if net.slp.DAActiveDiscoveryInterval=1 OpenSLP agents will +# send a send active DA request only upon initialization. To disable all +# active DA detection you MUST net.slp.passiveDADetection = false. (you +# may also set net.slp.DAActiveDiscoveryInterval=0) +# simply set +;net.slp.DAActiveDiscoveryInterval = 1 + +# A positive integer that is less than or equal to 255. (The default is 255) +;net.slp.multicastTTL = 255 + +# An integer giving the maximum amount of time (in milliseconds) to perform +# active DA discovery requests. (Default is 2000 ms or 2 secs). +;net.slp.DADiscoveryMaximumWait = 2000 + +# A value-list of 32 bit integers used as timeouts, in milliseconds, to +# implement the multicast convergence algorithm during active DA discovery. +# Each value specifies the time to wait before sending the next request, or +# until nothing new has been learned from two successive requests. +# Default is: 500,750,1000,1500,2000,3000. +;net.slp.DADiscoveryTimeouts = 500,750,1000,1500,2000,3000 + +# An integer giving the maximum amount of time (in milliseconds) to perform +# multicast requests. (Default is 5000 ms or 5 secs). +;net.slp.multicastMaximumWait = 5000 + +# A value-list of 32 bit integers used as timeouts, in milliseconds, to +# implement the multicast convergence algorithm. Each value specifies +# the time to wait before sending the next request, or until nothing new +# has been learned from two successive requests. +# Default is: 500,750,1000,1500,2000,3000. In a slow network the less +# aggressive values of 3000,3000,3000,3000,3000 allow better performance. +;net.slp.multicastTimeouts = 500,750,1000,1500,2000,3000 + +# An integer giving the maximum amount of time (in milliseconds) to perform +# unicast requests. (Default is 5000 ms or 5 secs). +;net.slp.unicastMaximumWait = 5000 + +# A value-list of 32 bit integers used as timeouts, in milliseconds, to +# implement unicast datagram transmission to DAs. The nth value gives +# the time to block waiting for a reply on the nth try to contact the DA. +# Currently OpenSLP uses TCP for all unicast communication so this setting +# does not do anything +;net.slp.unicastTimeouts = 500,750,1000,1500,2000,3000 + +# To OpenSLP the following is the same as net.slp.unicastTimeouts. Use +# net.slp.unicastTimeouts instead. +;net.slp.datagramTimeouts = IGNORED + +# An integer giving the maximum value for all random wait parameters. +# (Default is 5000 or 5 sec) +;net.slp.randomWaitBound = 5000 + +# A integer giving the network packet MTU in bytes. (Default is 1400) +;net.slp.MTU = 1400 + +# A list of IP address of network interfaces on which the DA/SA should listen +# for slp requests. By default, slpd will use all interfaces. +;net.slp.interfaces = 1.2.3.4,1.2.3.5,1.2.3.6 + + +#---------------------------------------------------------------------------- +# Security +#---------------------------------------------------------------------------- +# A boolean indicating whether the agent should enable security for URLs, +# attribute lists, DAAdverts, and SAAdverts. (Default setting is false and +# ENABLE_SECURITY code must be compiled) +;net.slp.securityEnabled=true + +# A boolean indicating whether the DA or SA will only allow deregistrations +# and re-registration from the *exact* host that made the registration. +# Default setting if true. Uncomment the line below to disable source +# address checking. +;net.slp.checkSourceAddr=false + + +#---------------------------------------------------------------------------- +# Tracing and Logging +#---------------------------------------------------------------------------- + +# A boolean controlling printing of messages about traffic with DAs. +# Default is false. Uncomment the following line to enable DA traffic +# tracing +;net.slp.traceDATraffic = true + +# A boolean controlling dumps of all registered services upon registration +# and deregistration. If true, the contents of the DA or SA server are +# dumped after a registration or deregistration occurs. Default is false. +# Uncommment the following line to enable registration message logging +;net.slp.traceReg = true + +# A boolean controlling printing details when a SLP message is dropped for +# any reason. Default is false. Uncomment the following line to trace all +# dropped messages +;net.slp.traceDrop = true + +# A boolean controlling printing of details on SLP messages. The fields in +# all incoming messages and outgoing replies are printed. Very verbose. +# Default is false. Uncomment the following line to enable verbose message +# tracing. +;net.slp.traceMsg = true + + +#---------------------------------------------------------------------------- +# Serialized Proxy Registration +#---------------------------------------------------------------------------- +# The net.slp.serializedRegURL is not supported by net.slp.serializeRegURL. +# +# slpd accepts the [-r] command line parameter that specifies the serialized +# registration file. The default serialized registration file is +# /etc/slp.reg + + + diff --git a/slp.reg b/slp.reg new file mode 100644 index 00000000..31cd5bcb --- /dev/null +++ b/slp.reg @@ -0,0 +1,39 @@ +############################################################################# +# +# OpenSLP registration file +# +# May be used to register services for legacy applications that do not use +# the SLPAPIs to register for themselves +# +# Format and contents conform to specification in IETF RFC 2614 so the +# comments use the language of the RFC. In OpenSLP, SLPD operates as an SA +# and a DA. The SLP UA functionality is encapsulated by the libslp library. +# +############################################################################# + +#comment +;comment +#service-url,language-tag,lifetime,[service-type] +#["scopes="scope-list] +#[attrid"="val1] +#[attrid"="val1,val2,val3] +# + +# +# The following are examples entries for this file +# + +##Register a OpenSLP testing service +#service:test.openslp://192.168.100.1,en,65535 +#scopes=test1,test2 +#description=OpenSLP Testing Service +#authors=mpeterson,jcarey + +##Register ssh service +#service:ssh.openslp://192.168.100.1,en,65535 +#use default scopes +#description="Secure Shell" + +##Register telnet service with no attributes +#service:telnet.myorg://192.168.100.1,en,65535 +#use default scopes diff --git a/slp.spi b/slp.spi new file mode 100644 index 00000000..c5e2a826 --- /dev/null +++ b/slp.spi @@ -0,0 +1,78 @@ +############################################################################# +# +# OpenSLP SPI file +# +# Security Parameter Index (SPI) is an unformated string that us used +# by SLP to identify security information used to authenticate SLPv2 +# message. See RFC 2608 for more information. +# +# Format and contents conform of this file are specific to the OpenSLP +# implementation of SLPv2 authentication. See comments below for more +# explaination of the file format. +# +# NOTE: OpenSLP only supports DSA keys!!! +# +############################################################################# +# +#------------- +# File format: +#------------- +# Each line of this file maps an SPI string to a PEM encoded key file. +# +# +# +# +#-------------- +# PRIVATE key: +#-------------- +# The PRIVATE key line specifies the location of a key file that contains +# a PEM encoded DSA private key for the given SPI. The PRIVATE key is used +# for signing SLP messages that are sent the SA/DA on this host. +# +# A PRIVATE key entry is not required. If the PRIVATE key entry does not +# exist, then SLP messages sent by this host will not be signed. Since UAs +# do not have to sign any messages, it is often advantageous to +# specifically omit the PRIVATE entry on hosts that do not act as an SA or +# DA. +# +# ***IMPORTANT*** +# Only one PRIVATE key is recognized by the implementation. If there is +# more than one private key then only the key designated by the first PRIVATE +# entry in this file will be used. +# +# The following is a commented example of a PRIVATE entry: +# +# PRIVATE myprivateslpkey /etc/secure/myprivateslpkey.pem +# +# +#-------------- +# PUBLIC keys: +#-------------- +# The PUBLIC key line specifies the location of a key file that contains a +# PEM encoded DSA public key. This key is used for verifying messages sent +# by other SLP agents +# +# At least one PUBLIC key entry on all hosts is required for proper +# operation of of secure OpenSLP. It is possible that more than one entry +# will be needed in order to verify signatures if for some reason (that I +# can't imagine right now) you have configured SAs and DAs with a variety of +# PRIVATE keys. +# +# The following is a commented example of a PUBLIC entry: +# +# PUBLIC mypublicslpkey /etc/secure/mypublicslpkey.pem +# +#----------------------- +# PEM encoded key files +#----------------------- +# PEM encoded key files can be generated using OpenSSL or tools included with +# OpenSLP. +# +# +#------------ +# Final Note +#------------ +# Unless you really know what you're doing, you should probably read the +# more detailed documentation at http://www.openslp.org BEFORE setting up +# SLP security + -- 2.39.5