|
|
#!/usr/bin/env bash
|
|
|
#
|
|
|
# Author: Dmitry Razumov <asmeron@ublinux.com>
|
|
|
# Copyright (c) 2021-2025 UBLinux <support@ublinux.com>
|
|
|
#
|
|
|
# Initial script for Linux UBLinux
|
|
|
# This script are launching before starting init from initrd script
|
|
|
# Current dir allways must be set to root (/)
|
|
|
# All system path must be relative, except initrd dirs
|
|
|
|
|
|
ENABLED=yes
|
|
|
[[ ${ENABLED} == "yes" ]] || exit 0
|
|
|
DEBUGMODE=no
|
|
|
|
|
|
PATH=.:/:/usr/bin:/usr/local/bin:/usr/local/sbin
|
|
|
|
|
|
[[ -d /usr/lib/ublinux ]] && { ROOTFS= ; CMD_CHROOT= ; } || { [[ -d /sysroot ]] && ROOTFS="/sysroot" || ROOTFS="."; CMD_CHROOT="chroot ${ROOTFS}"; }
|
|
|
SOURCE=${ROOTFS}/usr/lib/ublinux/functions; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0
|
|
|
SOURCE=${ROOTFS}/usr/lib/ublinux/default; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0
|
|
|
debug_mode "$0" "$@"
|
|
|
|
|
|
SYSCONF="${ROOTFS}${SYSCONF}"
|
|
|
SOURCE=${SYSCONF}/config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
|
|
|
SOURCE=${SYSCONF}/security; [ -f ${SOURCE} ] && . ${SOURCE} 2>/dev/null
|
|
|
|
|
|
exec_access_allowed_login(){
|
|
|
## Управление доступом в систему, правила разрешения
|
|
|
FILE_ACCESS_CONF="${ROOTFS}/etc/security/access.d/01-ublinux-allowed.conf"
|
|
|
rm -f "${FILE_ACCESS_CONF}"
|
|
|
if [[ -n ${ACCESS_ALLOWED_LOGIN} ]]; then
|
|
|
[[ -d ${FILE_ACCESS_CONF%/*} ]] || mkdir -p ${FILE_ACCESS_CONF%/*}
|
|
|
tr , $'\n' <<< ${ACCESS_ALLOWED_LOGIN} | while read RULE; do
|
|
|
echo "+:${RULE}" >> "${FILE_ACCESS_CONF}"
|
|
|
done
|
|
|
fi
|
|
|
}
|
|
|
exec_access_denied_login(){
|
|
|
## Управление доступом в систему, правила блокировки
|
|
|
FILE_ACCESS_CONF="${ROOTFS}/etc/security/access.d/02-ublinux-denied.conf"
|
|
|
rm -f "${FILE_ACCESS_CONF}"
|
|
|
if [[ -n ${ACCESS_DENIED_LOGIN} ]]; then
|
|
|
[[ -d ${FILE_ACCESS_CONF%/*} ]] || mkdir -p ${FILE_ACCESS_CONF%/*}
|
|
|
tr , $'\n' <<< ${ACCESS_DENIED_LOGIN} | while read RULE; do
|
|
|
echo "-:${RULE}" >> "${FILE_ACCESS_CONF}"
|
|
|
done
|
|
|
fi
|
|
|
}
|
|
|
|
|
|
################
|
|
|
##### MAIN #####
|
|
|
################
|
|
|
|
|
|
# Если файл подключен как ресурс с функциями, то выйти
|
|
|
return 0 2>/dev/null && return 0
|
|
|
if [[ -z $@ ]]; then
|
|
|
while read -r FUNCTION; do
|
|
|
$"${FUNCTION##* }"
|
|
|
done < <(declare -F | grep "declare -f exec_")
|
|
|
else
|
|
|
FUNCTION=
|
|
|
while [[ $# -gt 0 ]]; do
|
|
|
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
|
|
|
shift
|
|
|
done
|
|
|
eval ${FUNCTION#*; }
|
|
|
fi
|
