Protect SNMP for read file access

Some scripts write to files to pass information to SNMP. To avoid read access failure from SNMP, the previous file is copied to a .old file then the new one is created.

Protect SNMP for read file access
Some scripts write to files to pass information to SNMP. To avoid read access failure from SNMP, the previous file is copied to a .old file then the new one is created.
328b9f52 · Jean-Claude BAU · 51d8270e · 135c480e · 328b9f52 · 328b9f52
Commit 328b9f52 authored Aug 02, 2019 by Jean-Claude BAU
Showing with 66 additions and 22 deletions

ppsi userspace/ppsi +1 -1

leap_seconds_file_update ...space/rootfs_override/etc/init.d/leap_seconds_file_update +32 -10

system_clock_monitor userspace/rootfs_override/etc/init.d/system_clock_monitor +33 -11

No files found.
--- a/ppsi @ 135c480e
+++ b/ppsi @ 135c480e
-Subproject commit 13e4a0cfda3f368cb63edf5834fdd145a2f8a2d4
+Subproject commit 135c480e387345315ed3d205342629fea45a1ca3
--- a/userspace/rootfs_override/etc/init.d/leap_seconds_file_update
+++ b/userspace/rootfs_override/etc/init.d/leap_seconds_file_update
@@ -5,6 +5,28 @@
 # to be sur to use the correct version of dot-config
 # This script must be launched one time per day to search for a new leap seconds file
+#
+# Write message to file
+# $1: Message 
+# $2: Output file
+write_msg() {
+  msg=$1
+  of=$2
+  oft="$of.old"
+  # If old file exists then remove it 
+  if [ -f $oft ] ; then
+     rm -f $oft
+  fi
+  # if file exists then rename it 
+  if [ -f $of ] ; then
+  	mv $of $oft
+  fi
+  # create the file
+  echo "$msg" > $of
+}
 wait_before_processing() {
  range=$1
  error=0
@@ -68,9 +90,9 @@ if [ "$CONFIG_LEAPSEC_SOURCE_REMOTE_FORCE" = "y" ] || [ "$CONFIG_LEAPSEC_SOURCE_
    # get URL via DHCP
    if [ "$CONFIG_LEAPSEC_SOURCE_REMOTE_TRY" = "y" ] ; then
-	    echo "try_remote" > $leapSecondsSource
+	    write_msg "try_remote" $leapSecondsSource
 	else
-	    echo "force_remote" > $leapSecondsSource
+	    write_msg "force_remote" $leapSecondsSource
 	fi
    URL="$CONFIG_LEAPSEC_URL"
@@ -93,7 +115,7 @@ if [ "$CONFIG_LEAPSEC_SOURCE_REMOTE_FORCE" = "y" ] || [ "$CONFIG_LEAPSEC_SOURCE_
 		fi
 		if [ -z "$bsip" ] ; then
 			# Cannot get the bootserver IP@
-		    echo "dhcp_error" > $leapSecondsStatus
+		    write_msg "dhcp_error" $leapSecondsStatus
 		    eval echo "Unable to get boot server IP. Use local leap seconds file" $LOGPIPE
 		    exit
 		fi;  
@@ -129,7 +151,7 @@ if [ "$CONFIG_LEAPSEC_SOURCE_REMOTE_FORCE" = "y" ] || [ "$CONFIG_LEAPSEC_SOURCE_
    filename=$(echo $URL | cut -d/ -f 4-)
    # save URL, to be used by SNMPd
-    echo "$URL" > $leapSecondsSourceUrl
+    write_msg "$URL" $leapSecondsSourceUrl
    rm -f $tmpconfig
    case $proto in
 		http|ftp)
@@ -140,7 +162,7 @@ if [ "$CONFIG_LEAPSEC_SOURCE_REMOTE_FORCE" = "y" ] || [ "$CONFIG_LEAPSEC_SOURCE_
 		    ;;
 		*)
 		    eval echo "Invalid URL to leap seconds file: \"$URL\""$LOGPIPE;
-		    echo "invalid_url" > $leapSecondsStatus;
+		    write_msg "invalid_url" $leapSecondsStatus;
 		    exit 1
 		    ;;
    esac
@@ -168,22 +190,22 @@ if [ "$CONFIG_LEAPSEC_SOURCE_REMOTE_FORCE" = "y" ] || [ "$CONFIG_LEAPSEC_SOURCE_
 					mv -f $dir/$leapSecondsFileName $dir/$leapSecondsFileName.old
 					mv $dir/$leapSecondsFileName.new $dir/$leapSecondsFileName
 				done
-			    echo "updated" > $leapSecondsStatus
+			    write_msg "updated" $leapSecondsStatus
 			    eval echo "leap seconds file updated" $LOGPIPE 
 			else  
-			    echo "file_invalid" > $leapSecondsStatus
+			    write_msg "file_invalid" $leapSecondsStatus
 			    eval echo "Errors detected. Invalid leap seconds file \"$URL\". Using local one" $LOGPIPE
 			fi
 		else
-		    echo "no_changes" > $leapSecondsStatus
+		    write_msg "no_changes" $leapSecondsStatus
 		    eval echo "No changes detected" $LOGPIPE 
 		fi
    else
-		echo "download_error" > $leapSecondsStatus
+		write_msg "download_error" $leapSecondsStatus
 		eval echo "Download error of leap seconds file \"$URL\". Using local one" $LOGPIPE
    fi
 else
-    echo "local" > $leapSecondsSource 
+    write_msg "local" $leapSecondsSource 
    eval echo "Using local \"$leapSecondsFileName\" file" $LOGPIPE
 fi
--- a/userspace/rootfs_override/etc/init.d/system_clock_monitor
+++ b/userspace/rootfs_override/etc/init.d/system_clock_monitor
@@ -18,6 +18,28 @@ suspendKillDaemon=0
 pidKillDaemon=0
 verbose=0
+#
+# Write message to file
+# $1: Message 
+# $2: Output file
+writeMsg() {
+  msg=$1
+  of=$2
+  oft="$of.old"
+  # If old file exists then remove it 
+  if [ -f $oft ] ; then
+     rm -f $oft
+  fi
+  # if file exists then rename it 
+  if [ -f $of ] ; then
+  	mv $of $oft
+  fi
+  # create the file
+  echo "$msg" > $of
+}
 #
 # Print message if verbose is set
 #
@@ -152,11 +174,11 @@ read_ntp_server()
 				compareToThreshold alarmState $offset $ltThreshold
 				if (( $alarmState == 1 )) ; then
 					# Exceeded Threshold  
-					echo "exceeded_threshold" > $systemClockMonitoringStatus
+					writeMsg "exceeded_threshold" $systemClockMonitoringStatus
 				else
-					echo "no_error" > $systemClockMonitoringStatus				
+					writeMsg "no_error"  $systemClockMonitoringStatus				
 				fi
-				echo  $offset > $systemClockMonitoringDrift
+				writeMsg  $offset $systemClockMonitoringDrift
 				eval $__result="0"
 				return
 			fi
@@ -226,8 +248,8 @@ if [ "$#" -eq 1 ] && [ "$1" == "-s" ] ; then
 					setCronConfig "$entry" 
 				else
 					eval echo "Invalid unit for system clock check interval." $LOGPIPE
-					echo "config_error" > $systemClockMonitoringStatus
+					writeMsg "config_error" $systemClockMonitoringStatus
-					echo "0" > $systemClockMonitoringDrift
+					writeMsg "0" $systemClockMonitoringDrift
 					exit 1
 				fi 
 			fi 
@@ -256,22 +278,22 @@ if [ "$CONFIG_SNMP_SYSTEM_CLOCK_MONITOR_ENABLED" = "y" ] ; then
 	if [ -z  "$threshold" ] ; then 
 		eval echo "System clock drift threshold not set." $LOGPIPE
-		echo "config_error" > $systemClockMonitoringStatus
+		writeMsg "config_error" $systemClockMonitoringStatus
-		echo "0" > $systemClockMonitoringDrift
+		writeMsg "0" $systemClockMonitoringDrift
 		exit 1
 	fi
 	if [ -z "$ntpServer" ]; then
 		eval echo "Empty NTP server name" $LOGPIPE
-		echo "config_error" > $systemClockMonitoringStatus
+		writeMsg "config_error" $systemClockMonitoringStatus
-		echo "0" > $systemClockMonitoringDrift
+		writeMsg "0" $systemClockMonitoringDrift
 		exit 1
 	fi
 	read_ntp_server result $threshold $ntpServer
 	if (( result != 0 )) ; then
-		echo "ntp_error" > $systemClockMonitoringStatus
+		writeMsg "ntp_error" $systemClockMonitoringStatus
-		echo "0" > $systemClockMonitoringDrift
+		writeMsg "0" $systemClockMonitoringDrift
 		exit 1
 	fi
 fi