e-smith-base/root/etc/e-smith/db/configuration/migrate/10SetAccessDefaults

81 lines
2.0 KiB
Plaintext
Raw Permalink Normal View History

{
=head1 NAME
set-access-defaults -- Set services to appropriate defaults for SystemMode
=head1 DESCRIPTION
The SystemMode can be changed through the console. When it is changed,
console-save is called, which causes services to be reconfigured in
accordance with the new SystemMode.
In servergateway mode, the following services are enabled on the
external interface: HTTP, HTTPS, SMTP, AUTH/IDENT
In servergateway-private mode, all external services are disabled
This script is a no-op if the SystemMode has not been changed.
=cut
my $conf = $DB;
my $current_mode = $conf->get_value('SystemMode') or return;
my $sysconfig = $conf->get("sysconfig") or return;
my $previous_mode = $sysconfig->prop('PreviousSystemMode')
|| "unknown";
if ($previous_mode eq "unknown")
{
$sysconfig->set_prop('PreviousSystemMode', $current_mode);
return;
}
return unless ( $previous_mode eq 'servergateway-private' or
$current_mode eq 'servergateway-private' );
#------------------------------------------------------------
# OK, we have a new SystemMode, go for it
#------------------------------------------------------------
my %service2access =
(
oidentd => "public",
'httpd-e-smith' => "public",
'qpsmtpd' => "public",
'sqpsmtpd' => "public",
ftp => "private",
imap => "private",
imaps => "private",
modSSL => "public",
pop3s => "private",
popd => "private",
sshd => "private",
telnet => "private",
);
if ( $current_mode eq 'servergateway-private' )
{
foreach my $key (keys %service2access)
{
$service2access{$key} = 'private';
}
}
#------------------------------------------------------------
# Enforce the default access rights
#------------------------------------------------------------
foreach my $service ( keys %service2access )
{
my $entry = $conf->get($service);
next unless ($entry);
$entry->set_prop("access", $service2access{$service});
}
$sysconfig->set_prop('PreviousSystemMode', $current_mode);
}