Inital Commit

2025-10-26 21:11:06 +01:00
commit 5de27443af
99 changed files with 25806 additions and 0 deletions
--- a/root/etc/init.d/vlmcsd
+++ b/root/etc/init.d/vlmcsd
@@ -0,0 +1,86 @@
+#!/usr/bin/sh
+
+### BEGIN INIT INFO
+# Provides:          vlmcsd
+# Required-Start:    $local_fs $network $remote_fs
+# Required-Stop:     $local_fs $network $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Key Management Service
+# Description:       Key management refers to management of cryptographic keys
+#                    in a cryptosystem. This includes dealing with the generation,
+#                    exchange, storage, use, crypto-shredding (destruction) and
+#                    replacement of keys. It includes cryptographic protocol design,
+#                    key servers, user procedures, and other relevant protocols.
+### END INIT INFO
+
+
+NAME='vlmcsd'
+DESC='Key Management Service'
+USER='vlmcsd'
+GROUP='vlmcsd'
+PIDFOLDER="/run/vlmcsd"
+PIDFILE="${PIDFOLDER}/vlmcsd.pid"
+DAEMON='/usr/sbin/vlmcsd'
+DAEMON_CONFIG='/etc/vlmcsd.ini'
+DAEMON_OPTS="-i ${DAEMON_CONFIG} -D"
+
+set -e
+
+[ -f "${DAEMON_CONFIG}" ]
+
+. /lib/lsb/init-functions
+
+[ -x "${DAEMON}" ]
+
+case "${1}" in
+  start)
+    /usr/bin/install --directory --group="${GROUP}" ---mode='0755' --owner="${USER}" "${PIDFOLDER}"
+    log_daemon_msg "Starting ${DESC}" "${NAME}"
+    if /usr/sbin/start-stop-daemon --quiet \
+                                   --start \
+                                   --oknodo \
+                                   --make-pidfile \
+                                   --pidfile "${PIDFILE}" \
+                                   --user "${USER}" \
+                                   --group "${GROUP}" \
+                                   --exec "${DAEMON}" -- "${DAEMON_OPTS}"; then
+      log_end_msg 0
+    else
+      log_end_msg 1
+      /usr/bin/test -f "${PIDFILE}" && \
+        /usr/bin/rm --force "${PIDFILE}"
+    fi
+  ;;
+  stop)
+    log_daemon_msg "Stopping ${DESC}" "${NAME}"
+    if /usr/sbin/start-stop-daemon --quiet \
+                                   --stop \
+                                   --oknodo \
+                                   --retry 30 \
+                                   --remove-pidfile \
+                                   --pidfile "${PIDFILE}" \
+                                   --user "${USER}" \
+                                   --group "${GROUP}" \
+                                   --exec "${DAEMON}"; then
+      /usr/bin/test -f "${PIDFILE}" && \
+        /usr/bin/rm --force "${PIDFILE}"
+      log_end_msg 0
+    else
+      log_end_msg 1
+    fi
+  ;;
+  restart)
+    "${0}" stop
+    "${0}" start
+  ;;
+  status)
+    status_of_proc -p "${PIDFILE}" "${DAEMON}" "${NAME}" && \
+      exit 0 || \
+      exit "${?}"
+  ;;
+  *)
+    echo "Usage: /etc/init.d/${NAME} {start|stop|restart|status}" >&2
+    exit 1
+  ;;
+esac
--- a/root/etc/logrotate.d/vlmcsd
+++ b/root/etc/logrotate.d/vlmcsd
@@ -0,0 +1,74 @@
+/var/log/vlmcsd/*.log {
+  # Truncate the original log file in place after creating a copy,
+  # instead of moving the old log file and optionally creating a
+  # new one. It can be used when some program cannot be told to
+  # close its logfile and thus might continue writing (appending)
+  # to the previous log file forever. Note that there is a very
+  # small time slice between copying the file and truncating it, so
+  # some logging data might be lost. When this option is used, the
+  # create option will have no effect, as the old log file stays in
+  # place.
+  copytruncate
+
+  # Archive old versions of log files adding a daily extension like
+  # YYYYMMDD instead of simply adding a number. The extension may
+  # be configured using the dateformat option.
+  dateext
+
+  # Specify the extension for dateext using the notation similar to
+  # strftime(3) function. Only %Y %m %d and %s specifiers are allowed.
+  # The default value is -%Y%m%d. Note that also the character
+  # separating log name from the extension is part of the dateformat
+  # string. The system clock must be set past Sep 9th 2001 for %s to
+  # work correctly. Note that the datestamps generated by this format
+  # must be lexically sortable (i.e., first the year, then the month
+  # then the day. e.g., 2001/12/01 is ok, but 01/12/2001 is not, since
+  # 01/11/2002 would sort lower while it is later). This is because when
+  # using the rotate option, logrotate sorts all rotated filenames to
+  # find out which logfiles are older and should be removed.
+  dateformat .%Y-%m-%d
+
+  # Use yesterday's instead of today's date to create the dateext
+  # extension, so that the rotated log file has a date in its name that
+  # is the same as the timestamps within it.
+  dateyesterday
+
+  # Postpone compression of the previous log file to the next rotation
+  # cycle. This only has effect when used in combination with compress.
+  # It can be used when some program cannot be told to close its logfile
+  # and thus might continue writing to the previous log file for some time.
+  delaycompress
+
+  # Do not copy the original log file and leave it in place.
+  nocopy
+
+  # New log files are not created.
+  nocreate
+
+  # Don't mail old log files to any address.
+  nomail
+
+  # Do not use shred when deleting old log files.
+  noshred
+
+  # Do not rotate the log if it is empty.
+  notifempty
+
+  # Logs are moved into directory for rotation. The directory must be on the
+  # same physical device as the log file being rotated, and is assumed to be
+  # relative to the directory holding the log file unless an absolute path
+  # name is specified. When this option is used all old versions of the log
+  # end up in directory.
+  olddir /var/logrotate/vlmcsd
+
+  # Log files are rotated count times before being removed or mailed to the
+  # address specified in a mail directive. If count is 0, old versions are
+  # removed rather than rotated.
+  rotate 4
+
+  # Log files are rotated if the current weekday is less than the weekday of
+  # the last rotation or if more than a week has passed since the last
+  # rotation. This is normally the same as rotating logs on the first day of
+  # the week, but it works better if logrotate is not run every night.
+  weekly
+}
--- a/root/etc/vlmcsd.ini
+++ b/root/etc/vlmcsd.ini
@@ -0,0 +1,103 @@
+# vlmcsd.ini
+#
+# An ini file for vlmcsd is normally not required. It is for advanced users only.
+# vlmcsd uses an ini file only if specified using the -i option in the command line parameters.
+# There is no default ini file because vlmcsd is designed to run on many platforms.
+#
+# Every line starting with a number sign (#) or semicolon (;) is treated as a comment.
+# If a key word is used more than once, the last occurrence is used. The only exception
+# to this is Listen. You can use Listen=<ip address>[:port] more than once.
+
+# Use custom TCP port
+# Command line: -P
+Port = 1688
+
+# Listen on all IPv4 addresses (default port 1688)
+# Command line: -L
+Listen = 0.0.0.0
+
+# Listen on all private IP addresses and reject incoming requests from public IP addresses
+# Command line: -o
+PublicIPProtectionLevel = 0
+
+# Allow binding to foreign IP addresses
+# Command line: -F0 and -F1
+FreeBind = false
+
+# Randomize ePIDs at program start up (only those that are not explicitly specified)
+# Command line: -r
+RandomizationLevel = 1
+
+# Use a specific culture (1033 = English US) in ePIDs even if the ePID is randomized
+# Command line: -C
+LCID = 1031
+
+# Set a maximum of 4 workers (forked processes or threads)
+# Command line: -m
+MaxWorkers = 4
+
+# Disconnect users after 30 seconds of inactivity
+# Command line: -t
+ConnectionTimeout = 30
+
+# Disconnect clients immediately after each request
+# Command line: -d and -k
+DisconnectClientsImmediately = yes
+
+# Write a pid file (a file containing the process id of vlmcsd)
+# Command line: -p
+PidFile = /run/vlmcsd/vlmcsd.pid
+
+# Load a KMS data file
+# Command line: -j
+KmsData = /usr/lib/vlmcsd/vlmcsd.kmd
+
+# Write log to /var/log/vlmcsd.log
+# Command line: -l (-e and -f also override this directive)
+LogFile = /var/log/vlmcsd/vlmcsd.log
+
+# Don't include date and time in logs (default is true)
+# Command line: -T0 and -T1
+LogDateAndTime = true
+
+# Create a verbose log
+# Command line: -v and -q
+LogVerbose = true
+
+# Whitelist known products
+# Command line: -K0, -K1, -K2, -K3
+WhiteListingLevel = 0
+
+# Check that the client time is within +/- 4 hours of the system time
+# Command line: -c0, -c1
+CheckClientTime = true
+
+# Maintain a list of CMIDs
+# Command line: -M0, -M1
+MaintainClients = true
+
+# Start with empty CMID list (Requires MaintainClients = true)
+# Command line: -E0, -E1
+StartEmpty = false
+
+# Set activation interval to 2 hours
+# Command line: -A
+ActivationInterval = 2h
+
+# Set renewal interval to 7 days
+# Command line: -R
+RenewalInterval = 7d
+
+# Exit vlmcsd if warning of certain level has been reached
+# Command line: -x
+# 0 = Never
+# 1 = Exit, if any listening socket could not be established or TAP error occurs
+ExitLevel = 1
+
+# Disable or enable the NDR64 transfer syntax in RPC (default enabled)
+# Command line: -N0 and -N1
+UseNDR64 = true
+
+# Disable or enable bind time feature negotiation in RPC (default enabled)
+# Command line: -B0 and -B1
+UseBTFN = true