Add PERL= option to shorewall.conf and shorewall6.conf

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-25 09:03:30 +01:00 · 2010-07-05 13:11:52 -07:00 · 2010-07-05 13:11:52 -07:00 · 02fab09a14
commit 02fab09a14
parent 4547067da9
15 changed files with 119 additions and 42 deletions
--- a/Samples/one-interface/shorewall.conf
+++ b/Samples/one-interface/shorewall.conf
@ -70,6 +70,8 @@ TC=

 IPSET=

+PERL=/usr/bin/perl
+
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

 SHOREWALL_SHELL=/bin/sh
--- a/Samples/three-interfaces/shorewall.conf
+++ b/Samples/three-interfaces/shorewall.conf
@ -70,6 +70,8 @@ TC=

 IPSET=

+PERL=/usr/bin/perl
+
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

 SHOREWALL_SHELL=/bin/sh
--- a/Samples/two-interfaces/shorewall.conf
+++ b/Samples/two-interfaces/shorewall.conf
@ -77,6 +77,8 @@ TC=

 IPSET=

+PERL=/usr/bin/perl
+
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

 SHOREWALL_SHELL=/bin/sh
--- a/Samples6/one-interface/shorewall6.conf
+++ b/Samples6/one-interface/shorewall6.conf
@ -58,6 +58,8 @@ SMURF_LOG_LEVEL=info

 IP6TABLES=

+PERL=/usr/bin/perl
+
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

 SHOREWALL_SHELL=/bin/sh
--- a/Samples6/three-interfaces/shorewall6.conf
+++ b/Samples6/three-interfaces/shorewall6.conf
@ -58,6 +58,8 @@ SMURF_LOG_LEVEL=info

 IP6TABLES=

+PERL=/usr/bin/perl
+
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

 SHOREWALL_SHELL=/bin/sh
--- a/Samples6/two-interfaces/shorewall6.conf
+++ b/Samples6/two-interfaces/shorewall6.conf
@ -58,6 +58,8 @@ SMURF_LOG_LEVEL=info

 IP6TABLES=

+PERL=/usr/bin/perl
+
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

 SHOREWALL_SHELL=/bin/sh
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -380,6 +380,7 @@ sub initialize( $ ) {
 	      IP => undef,
 	      TC => undef,
 	      IPSET => undef,
+	      PERL => undef,
 	      #
 	      #PATH is inherited
 	      #
@ -1769,7 +1770,9 @@ sub embedded_perl( $ ) {
 #   - Handle INCLUDE <filename>
 #

-sub read_a_line() {
+sub read_a_line(;$) {
+    my $embedded_enabled = defined $_[0] ? shift : 1;
+
    while ( $currentfile ) {

 	$currentline = '';
@ -1815,53 +1818,59 @@ sub read_a_line() {
 	    #
 	    # Must check for shell/perl before doing variable expansion
 	    #
-	    if ( $currentline =~ s/^\s*(BEGIN\s+)?SHELL\s*;?// ) {
-		embedded_shell( $1 );
-	    } elsif ( $currentline =~ s/^\s*(BEGIN\s+)?PERL\s*\;?// ) {
-		embedded_perl( $1 );
-	    } else {
-		my $count = 0;
-		#
-		# Expand Shell Variables using %ENV
-		#
-		#                            $1      $2      $3           -     $4
-		while ( $currentline =~ m( ^(.*?) \$({)? ([a-zA-Z]\w*) (?(2)}) (.*)$ )x ) {
-		    my $val = $ENV{$3};
-
-		    unless ( defined $val ) {
-			fatal_error "Undefined shell variable (\$$3)" unless exists $ENV{$3};
-			$val = '';
-		    }
-
-		    $currentline = join( '', $1 , $val , $4 );
-		    fatal_error "Variable Expansion Loop" if ++$count > 100;
+	    if ( $embedded_enabled ) {
+		if ( $currentline =~ s/^\s*(BEGIN\s+)?SHELL\s*;?// ) {
+		    embedded_shell( $1 );
+		    next;
 		}

-		if ( $currentline =~ /^\s*INCLUDE\s/ ) {
+		if ( $currentline =~ s/^\s*(BEGIN\s+)?PERL\s*\;?// ) {
+		    embedded_perl( $1 );
+		    next;
+		}
+	    } 

-		    my @line = split ' ', $currentline;
+	    my $count = 0;
+	    #
+	    # Expand Shell Variables using %ENV
+	    #
+	    #                            $1      $2      $3           -     $4
+	    while ( $currentline =~ m( ^(.*?) \$({)? ([a-zA-Z]\w*) (?(2)}) (.*)$ )x ) {
+		my $val = $ENV{$3};

-		    fatal_error "Invalid INCLUDE command"    if @line != 2;
-		    fatal_error "INCLUDEs/Scripts nested too deeply" if @includestack >= 4;
+		unless ( defined $val ) {
+		    fatal_error "Undefined shell variable (\$$3)" unless exists $ENV{$3};
+		    $val = '';
+		}

-		    my $filename = find_file $line[1];
+		$currentline = join( '', $1 , $val , $4 );
+		fatal_error "Variable Expansion Loop" if ++$count > 100;
+	    }

-		    fatal_error "INCLUDE file $filename not found" unless -f $filename;
-		    fatal_error "Directory ($filename) not allowed in INCLUDE" if -d _;
+	    if ( $currentline =~ /^\s*INCLUDE\s/ ) {

-		    if ( -s _ ) {
-			push @includestack, [ $currentfile, $currentfilename, $currentlinenumber ];
-			$currentfile = undef;
-			do_open_file $filename;
-		    } else {
-			$currentlinenumber = 0;
-		    }
+		my @line = split ' ', $currentline;

-		    $currentline = '';
+		fatal_error "Invalid INCLUDE command"    if @line != 2;
+		fatal_error "INCLUDEs/Scripts nested too deeply" if @includestack >= 4;
+
+		my $filename = find_file $line[1];
+
+		fatal_error "INCLUDE file $filename not found" unless -f $filename;
+		fatal_error "Directory ($filename) not allowed in INCLUDE" if -d _;
+
+		if ( -s _ ) {
+		    push @includestack, [ $currentfile, $currentfilename, $currentlinenumber ];
+		    $currentfile = undef;
+		    do_open_file $filename;
 		} else {
-		    print "IN===> $currentline\n" if $debug;
-		    return 1;
+		    $currentlinenumber = 0;
 		}
+
+		$currentline = '';
+	    } else {
+		print "IN===> $currentline\n" if $debug;
+		return 1;
 	    }
 	}

@ -2679,7 +2688,7 @@ sub process_shorewall_conf() {

 	    first_entry "Processing $file...";

-	    while ( read_a_line ) {
+	    while ( read_a_line(0) ) {
 		if ( $currentline =~ /^\s*([a-zA-Z]\w*)=(.*?)\s*$/ ) {
 		    my ($var, $val) = ($1, $2);
 		    unless ( exists $config{$var} ) {
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -22,6 +22,8 @@ Changes in Shorewall 4.4.11

 10) Avoid missing closing quote when REQUIRE_INTERFACE=Yes.

+11) Add PERL option.
+
 Changes in Shorewall 4.4.10

 1)  Fix regression with scripts.
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@ -59,6 +59,8 @@ TC=

 IPSET=

+PERL=/usr/bin/perl
+
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

 SHOREWALL_SHELL=/bin/sh
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -308,7 +308,13 @@ None.
 3)  A new column (NET3) has been added to the /etc/shorewall/netmap
    file. This new column can qualify the INTERFACE column by
    specifying a SOURCE network (DNAT rule) or DEST network (SNAT rule)
-    associated with the interface. 
+    associated with the interface.
+
+4)  To accomodate systems with more than one version of Perl installed,
+    the shorewall.conf and shorewall6.conf files now support a PERL
+    option. If the program specified by that option does not exist or
+    is not executable, Shorewall (and Shorewall6) fall back to
+    /usr/bin/perl.

 ----------------------------------------------------------------------------
 V I.  P R O B L E M S  C O R R E C T E D  A N D  N E W   F E A T U R E S
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@ -360,7 +360,16 @@ compiler() {
    run_user_exit params
    set +a

-    /usr/bin/perl $debugflags /usr/share/shorewall/compiler.pl $options $@
+    if [ -n "$PERL" ]; then
+	if [ ! -x "$PERL" ]; then
+	    echo "   WARNING: The program specified in the PERL option does not exist or is not executable; falling back to /usr/bin/perl" >&2
+	    PERL=/usr/bin/perl
+	fi
+    else
+	PERL=/usr/bin/perl
+    fi
+
+    $PERL $debugflags /usr/share/shorewall/compiler.pl $options $@
 }

 #
--- a/Shorewall6/shorewall6
+++ b/Shorewall6/shorewall6
@ -299,7 +299,16 @@ compiler() {
 	set +a
    fi

-    $command perl $debugflags $pc $options $@
+    if [ -n "$PERL" ]; then
+	if [ ! -x "$PERL" ]; then
+	    echo "   WARNING: The program specified in PERL does not exist or is not executable; falling back to /usr/bin/perl" >&2
+	    PERL=/usr/bin/perl
+	fi
+    else
+	PERL=/usr/bin/perl
+    fi
+
+    $command $PERL $debugflags $pc $options $@
 }    

 #
--- a/Shorewall6/shorewall6.conf
+++ b/Shorewall6/shorewall6.conf
@ -56,6 +56,8 @@ TC=

 IPSET=

+PERL=/usr/bin/perl
+
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

 SHOREWALL_SHELL=/bin/sh
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@ -1320,6 +1320,19 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><emphasis
+        role="bold">PERL=</emphasis><emphasis>pathname</emphasis></term>
+
+        <listitem>
+          <para>Added in Shorewall 4.4.11 RC1. Specifies the path name of the
+          Perl executable. Default is <filename>/usr/bin/perl</filename>. If
+          the pathname specified by this option does not exist or the named
+          file is not executable, then Shorewall falls back to
+          <filename>/usr/bin/perl/</filename></para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><emphasis role="bold">PKTTYPE=</emphasis>{<emphasis
        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
--- a/manpages6/shorewall6.conf.xml
+++ b/manpages6/shorewall6.conf.xml
@ -1100,6 +1100,19 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><emphasis
+        role="bold">PERL=</emphasis><emphasis>pathname</emphasis></term>
+
+        <listitem>
+          <para>Added in Shorewall 4.4.11 RC1. Specifies the path name of the
+          Perl executable. Default is <filename>/usr/bin/perl</filename>. If
+          the pathname specified by this option does not exist or the named
+          file is not executable, then Shorewall6 falls back to
+          <filename>/usr/bin/perl/</filename></para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><emphasis
        role="bold">RCP_COMMAND="</emphasis><replaceable>command</replaceable><emphasis