Intial commit
Package-Manager: portage-2.2.8-r1 RepoMan-Options: --force
This commit is contained in:
Mario Fetka
58
net-misc/openvpn-as/files/gentoo-specific.patch
Normal file
58
net-misc/openvpn-as/files/gentoo-specific.patch
Normal file
@@ -0,0 +1,58 @@
|
||||
diff -uNr usr.orig/local/openvpn_as/bin/_ovpn-init usr/local/openvpn_as/bin/_ovpn-init
|
||||
--- usr.orig/local/openvpn_as/bin/_ovpn-init 2014-12-12 13:43:39.080479338 +0100
|
||||
+++ usr/local/openvpn_as/bin/_ovpn-init 2014-12-12 13:44:43.930476590 +0100
|
||||
@@ -866,41 +866,6 @@
|
||||
print "Error: Could not initialize confdb."
|
||||
sys.exit(1)
|
||||
|
||||
-# Execute gen script...
|
||||
-print "Generating init scripts..."
|
||||
-GEN = "/usr/local/openvpn_as/scripts/openvpnas_gen_init"
|
||||
-retv = commands.getstatusoutput( GEN )
|
||||
-if DEBUG: print "gen init cmd=", GEN, retv
|
||||
-if retv[0] != 0:
|
||||
- print "Error: Could not generate server script."
|
||||
- sys.exit(1)
|
||||
-
|
||||
-# Generate PAM config
|
||||
-print "Generating PAM config..."
|
||||
-GENPAM = "/usr/local/openvpn_as/scripts/openvpnas_gen_pam"
|
||||
-retv = commands.getstatusoutput( GENPAM )
|
||||
-if DEBUG: print "gen pam cmd=", GENPAM, retv
|
||||
-if retv[0] != 0:
|
||||
- print "Error: Could not generate PAM config."
|
||||
- sys.exit(1)
|
||||
-
|
||||
-# Execute gen script auto...
|
||||
-print "Generating init scripts auto command..."
|
||||
-GEN2 = "/usr/local/openvpn_as/scripts/openvpnas_gen_init --auto"
|
||||
-retv = commands.getstatusoutput( GEN2 )
|
||||
-if DEBUG: print "gen init cmd 2=", GEN2, retv
|
||||
-if retv[0] != 0:
|
||||
- print "Error: Could not generate server script auto."
|
||||
- sys.exit(1)
|
||||
-GENAUTO = retv[1]
|
||||
-
|
||||
-# Execute the auto gen script...
|
||||
-retv = commands.getstatusoutput( GENAUTO )
|
||||
-if retv[0] != 0:
|
||||
- print "Error: Could not execute command to generate startup/shutdown scripts"
|
||||
- sys.exit(1)
|
||||
-if DEBUG: print "gen auto cmd=", GENAUTO, retv
|
||||
-
|
||||
# Perform iptables command to force initialization...
|
||||
IPTABLES_NULL = "iptables --list"
|
||||
retv = commands.getstatusoutput( IPTABLES_NULL )
|
||||
@@ -917,7 +882,6 @@
|
||||
if DEBUG: print "server init=", retv
|
||||
if retv[0] != 0:
|
||||
print "Error: Could not execute server start."
|
||||
- sys.exit(1)
|
||||
|
||||
# Print exit messages...
|
||||
print
|
||||
@@ -973,3 +937,4 @@
|
||||
print "See the Release Notes for this release at:"
|
||||
print " http://www.openvpn.net/access-server/rn/openvpn_as_%s.html" % VERSION.replace('.', '_')
|
||||
print
|
||||
+
|
||||
43
net-misc/openvpn-as/files/openvpnas.initd
Executable file
43
net-misc/openvpn-as/files/openvpnas.initd
Executable file
@@ -0,0 +1,43 @@
|
||||
#!/sbin/runscript
|
||||
# Copyright 1999-2014 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License, v2 or later
|
||||
# $Header: /var/cvsroot/gentoo-x86/dev-vcs/subversion/files/svnserve.initd2,v 1.2 2012/01/14 19:46:34 tommy Exp $
|
||||
|
||||
depend() {
|
||||
need net
|
||||
}
|
||||
|
||||
target="/usr/local/openvpn_as/scripts/openvpnas"
|
||||
pidfile="/var/run/openvpnas.pid"
|
||||
sockfile="/usr/local/openvpn_as/etc/sock/sagent /usr/local/openvpn_as/etc/sock/sagent.localroot /usr/local/openvpn_as/etc/sock/sagent.api"
|
||||
logfile="/var/log/openvpnas.log"
|
||||
|
||||
# remove daemon control socket
|
||||
rm_sock()
|
||||
{
|
||||
for sf in $sockfile ; do
|
||||
if [ -e "$sf" ]; then
|
||||
rm -f "$sf" &>/dev/null
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# remove pidfile
|
||||
rm_pidfile()
|
||||
{
|
||||
rm -f "$pidfile" &>/dev/null
|
||||
}
|
||||
|
||||
start() {
|
||||
rm_sock
|
||||
rm_pidfile
|
||||
ebegin "Starting OpenVPN Access Server"
|
||||
start-stop-daemon --start --quiet --pidfile ${pidfile} --exec ${target} -- --logfile="$logfile" --pidfile="$pidfile"
|
||||
eend $?
|
||||
}
|
||||
|
||||
stop() {
|
||||
ebegin "Stoping OpenVPN Access Server"
|
||||
start-stop-daemon --stop --quiet --pidfile ${pidfile}
|
||||
eend $?
|
||||
}
|
||||
111
net-misc/openvpn-as/files/openvpnas.pamd
Normal file
111
net-misc/openvpn-as/files/openvpnas.pamd
Normal file
@@ -0,0 +1,111 @@
|
||||
# OpenVPN AS PAM config
|
||||
#
|
||||
# The PAM configuration file for the Shadow `login' service
|
||||
#
|
||||
|
||||
# Enforce a minimal delay in case of failure (in microseconds).
|
||||
# (Replaces the `FAIL_DELAY' setting from login.defs)
|
||||
# Note that other modules may require another minimal delay. (for example,
|
||||
# to disable any delay, you should add the nodelay option to pam_unix)
|
||||
auth optional pam_faildelay.so delay=3000000
|
||||
|
||||
# Outputs an issue file prior to each login prompt (Replaces the
|
||||
# ISSUE_FILE option from login.defs). Uncomment for use
|
||||
# auth required pam_issue.so issue=/etc/issue
|
||||
|
||||
# Disallows root logins except on tty's listed in /etc/securetty
|
||||
# (Replaces the `CONSOLE' setting from login.defs)
|
||||
#
|
||||
# With the default control of this module:
|
||||
# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
|
||||
# root will not be prompted for a password on insecure lines.
|
||||
# if an invalid username is entered, a password is prompted (but login
|
||||
# will eventually be rejected)
|
||||
#
|
||||
# You can change it to a "requisite" module if you think root may mis-type
|
||||
# her login and should not be prompted for a password in that case. But
|
||||
# this will leave the system as vulnerable to user enumeration attacks.
|
||||
#
|
||||
# You can change it to a "required" module if you think it permits to
|
||||
# guess valid user names of your system (invalid user names are considered
|
||||
# as possibly being root on insecure lines), but root passwords may be
|
||||
# communicated over insecure lines.
|
||||
#auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
|
||||
|
||||
# Disallows other than root logins when /etc/nologin exists
|
||||
# (Replaces the `NOLOGINS_FILE' option from login.defs)
|
||||
auth requisite pam_nologin.so
|
||||
|
||||
# SELinux needs to be the first session rule. This ensures that any
|
||||
# lingering context has been cleared. Without out this it is possible
|
||||
# that a module could execute code in the wrong domain.
|
||||
# When the module is present, "required" would be sufficient (When SELinux
|
||||
# is disabled, this returns success.)
|
||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
|
||||
|
||||
# This module parses environment configuration file(s)
|
||||
# and also allows you to use an extended config
|
||||
# file /etc/security/pam_env.conf.
|
||||
#
|
||||
# parsing /etc/environment needs "readenv=1"
|
||||
session required pam_env.so readenv=1
|
||||
# locale variables are also kept into /etc/default/locale in etch
|
||||
# reading this file *in addition to /etc/environment* does not hurt
|
||||
session required pam_env.so readenv=1 envfile=/etc/default/locale
|
||||
|
||||
# Standard Un*x authentication.
|
||||
auth include system-local-login
|
||||
|
||||
# This allows certain extra groups to be granted to a user
|
||||
# based on things like time of day, tty, service, and user.
|
||||
# Please edit /etc/security/group.conf to fit your needs
|
||||
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
|
||||
auth optional pam_group.so
|
||||
|
||||
# Uncomment and edit /etc/security/time.conf if you need to set
|
||||
# time restrainst on logins.
|
||||
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
|
||||
# as well as /etc/porttime)
|
||||
# account requisite pam_time.so
|
||||
|
||||
# Uncomment and edit /etc/security/access.conf if you need to
|
||||
# set access limits.
|
||||
# (Replaces /etc/login.access file)
|
||||
# account required pam_access.so
|
||||
|
||||
# Sets up user limits according to /etc/security/limits.conf
|
||||
# (Replaces the use of /etc/limits in old login)
|
||||
session required pam_limits.so
|
||||
|
||||
# Prints the last login info upon succesful login
|
||||
# (Replaces the `LASTLOG_ENAB' option from login.defs)
|
||||
session optional pam_lastlog.so
|
||||
|
||||
# Prints the message of the day upon succesful login.
|
||||
# (Replaces the `MOTD_FILE' option in login.defs)
|
||||
# This includes a dynamically generated part from /run/motd.dynamic
|
||||
# and a static (admin-editable) part from /etc/motd.
|
||||
session optional pam_motd.so motd=/run/motd.dynamic noupdate
|
||||
session optional pam_motd.so
|
||||
|
||||
# Prints the status of the user's mailbox upon succesful login
|
||||
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
|
||||
#
|
||||
# This also defines the MAIL environment variable
|
||||
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
|
||||
# in /etc/login.defs to make sure that removing a user
|
||||
# also removes the user's mail spool file.
|
||||
# See comments in /etc/login.defs
|
||||
session optional pam_mail.so standard
|
||||
|
||||
# Standard Un*x account and session
|
||||
account include system-local-login
|
||||
session include system-local-login
|
||||
password include system-local-login
|
||||
|
||||
# SELinux needs to intervene at login time to ensure that the process
|
||||
# starts in the proper default security context. Only sessions which are
|
||||
# intended to run in the user's context should be run after this.
|
||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
|
||||
# When the module is present, "required" would be sufficient (When SELinux
|
||||
# is disabled, this returns success.)
|
||||
Reference in New Issue
Block a user