81 lines
2.0 KiB
Plaintext
81 lines
2.0 KiB
Plaintext
|
{
|
||
|
=head1 NAME
|
||
|
|
||
|
set-access-defaults -- Set services to appropriate defaults for SystemMode
|
||
|
|
||
|
=head1 DESCRIPTION
|
||
|
|
||
|
The SystemMode can be changed through the console. When it is changed,
|
||
|
console-save is called, which causes services to be reconfigured in
|
||
|
accordance with the new SystemMode.
|
||
|
|
||
|
In servergateway mode, the following services are enabled on the
|
||
|
external interface: HTTP, HTTPS, SMTP, AUTH/IDENT
|
||
|
|
||
|
In servergateway-private mode, all external services are disabled
|
||
|
|
||
|
This script is a no-op if the SystemMode has not been changed.
|
||
|
|
||
|
=cut
|
||
|
|
||
|
my $conf = $DB;
|
||
|
|
||
|
my $current_mode = $conf->get_value('SystemMode') or return;
|
||
|
|
||
|
my $sysconfig = $conf->get("sysconfig") or return;
|
||
|
|
||
|
my $previous_mode = $sysconfig->prop('PreviousSystemMode')
|
||
|
|| "unknown";
|
||
|
|
||
|
if ($previous_mode eq "unknown")
|
||
|
{
|
||
|
$sysconfig->set_prop('PreviousSystemMode', $current_mode);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
return unless ( $previous_mode eq 'servergateway-private' or
|
||
|
$current_mode eq 'servergateway-private' );
|
||
|
|
||
|
#------------------------------------------------------------
|
||
|
# OK, we have a new SystemMode, go for it
|
||
|
#------------------------------------------------------------
|
||
|
my %service2access =
|
||
|
(
|
||
|
oidentd => "public",
|
||
|
'httpd-e-smith' => "public",
|
||
|
'qpsmtpd' => "public",
|
||
|
'sqpsmtpd' => "public",
|
||
|
ftp => "private",
|
||
|
imap => "private",
|
||
|
imaps => "private",
|
||
|
modSSL => "public",
|
||
|
pop3s => "private",
|
||
|
popd => "private",
|
||
|
sshd => "private",
|
||
|
telnet => "private",
|
||
|
|
||
|
);
|
||
|
|
||
|
if ( $current_mode eq 'servergateway-private' )
|
||
|
{
|
||
|
foreach my $key (keys %service2access)
|
||
|
{
|
||
|
$service2access{$key} = 'private';
|
||
|
}
|
||
|
}
|
||
|
|
||
|
#------------------------------------------------------------
|
||
|
# Enforce the default access rights
|
||
|
#------------------------------------------------------------
|
||
|
foreach my $service ( keys %service2access )
|
||
|
{
|
||
|
my $entry = $conf->get($service);
|
||
|
|
||
|
next unless ($entry);
|
||
|
|
||
|
$entry->set_prop("access", $service2access{$service});
|
||
|
}
|
||
|
|
||
|
$sysconfig->set_prop('PreviousSystemMode', $current_mode);
|
||
|
}
|