Add PERL= option to shorewall.conf and shorewall6.conf

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-25 09:03:30 +01:00 · 2010-07-05 13:11:52 -07:00 · 2010-07-05 13:11:52 -07:00 · 02fab09a14
commit 02fab09a14
parent 4547067da9
15 changed files with 119 additions and 42 deletions
--- a/Samples/one-interface/shorewall.conf
+++ b/Samples/one-interface/shorewall.conf
@ -70,6 +70,8 @@ TC=
 IPSET=
 PERL=/usr/bin/perl
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 SHOREWALL_SHELL=/bin/sh
--- a/Samples/three-interfaces/shorewall.conf
+++ b/Samples/three-interfaces/shorewall.conf
@ -70,6 +70,8 @@ TC=
 IPSET=
 PERL=/usr/bin/perl
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 SHOREWALL_SHELL=/bin/sh
--- a/Samples/two-interfaces/shorewall.conf
+++ b/Samples/two-interfaces/shorewall.conf
@ -77,6 +77,8 @@ TC=
 IPSET=
 PERL=/usr/bin/perl
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 SHOREWALL_SHELL=/bin/sh
--- a/Samples6/one-interface/shorewall6.conf
+++ b/Samples6/one-interface/shorewall6.conf
@ -58,6 +58,8 @@ SMURF_LOG_LEVEL=info
 IP6TABLES=
 PERL=/usr/bin/perl
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 SHOREWALL_SHELL=/bin/sh
--- a/Samples6/three-interfaces/shorewall6.conf
+++ b/Samples6/three-interfaces/shorewall6.conf
@ -58,6 +58,8 @@ SMURF_LOG_LEVEL=info
 IP6TABLES=
 PERL=/usr/bin/perl
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 SHOREWALL_SHELL=/bin/sh
--- a/Samples6/two-interfaces/shorewall6.conf
+++ b/Samples6/two-interfaces/shorewall6.conf
@ -58,6 +58,8 @@ SMURF_LOG_LEVEL=info
 IP6TABLES=
 PERL=/usr/bin/perl
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 SHOREWALL_SHELL=/bin/sh
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -380,6 +380,7 @@ sub initialize( $ ) {
 	      IP => undef,
 	      TC => undef,
 	      IPSET => undef,
 	      PERL => undef,
 	      #
 	      #PATH is inherited
 	      #
@ -1769,7 +1770,9 @@ sub embedded_perl( $ ) {
 #   - Handle INCLUDE <filename>
 #
-sub read_a_line() {
+sub read_a_line(;$) {
    my $embedded_enabled = defined $_[0] ? shift : 1;
    while ( $currentfile ) {
 	$currentline = '';
@ -1815,53 +1818,59 @@ sub read_a_line() {
 	    #
 	    # Must check for shell/perl before doing variable expansion
 	    #
-	    if ( $currentline =~ s/^\s*(BEGIN\s+)?SHELL\s*;?// ) {
+	    if ( $embedded_enabled ) {
-		embedded_shell( $1 );
+		if ( $currentline =~ s/^\s*(BEGIN\s+)?SHELL\s*;?// ) {
-	    } elsif ( $currentline =~ s/^\s*(BEGIN\s+)?PERL\s*\;?// ) {
+		    embedded_shell( $1 );
-		embedded_perl( $1 );
+		    next;
 	    } else {
 		my $count = 0;
 		#
 		# Expand Shell Variables using %ENV
 		#
 		#                            $1      $2      $3           -     $4
 		while ( $currentline =~ m( ^(.*?) \$({)? ([a-zA-Z]\w*) (?(2)}) (.*)$ )x ) {
 		    my $val = $ENV{$3};
 		    unless ( defined $val ) {
 			fatal_error "Undefined shell variable (\$$3)" unless exists $ENV{$3};
 			$val = '';
 		    }
 		    $currentline = join( '', $1 , $val , $4 );
 		    fatal_error "Variable Expansion Loop" if ++$count > 100;
 		}
-		if ( $currentline =~ /^\s*INCLUDE\s/ ) {
+		if ( $currentline =~ s/^\s*(BEGIN\s+)?PERL\s*\;?// ) {
 		    embedded_perl( $1 );
 		    next;
 		}
 	    } 
-		    my @line = split ' ', $currentline;
+	    my $count = 0;
 	    #
 	    # Expand Shell Variables using %ENV
 	    #
 	    #                            $1      $2      $3           -     $4
 	    while ( $currentline =~ m( ^(.*?) \$({)? ([a-zA-Z]\w*) (?(2)}) (.*)$ )x ) {
 		my $val = $ENV{$3};
-		    fatal_error "Invalid INCLUDE command"    if @line != 2;
+		unless ( defined $val ) {
-		    fatal_error "INCLUDEs/Scripts nested too deeply" if @includestack >= 4;
+		    fatal_error "Undefined shell variable (\$$3)" unless exists $ENV{$3};
 		    $val = '';
 		}
-		    my $filename = find_file $line[1];
+		$currentline = join( '', $1 , $val , $4 );
 		fatal_error "Variable Expansion Loop" if ++$count > 100;
 	    }
-		    fatal_error "INCLUDE file $filename not found" unless -f $filename;
+	    if ( $currentline =~ /^\s*INCLUDE\s/ ) {
 		    fatal_error "Directory ($filename) not allowed in INCLUDE" if -d _;
-		    if ( -s _ ) {
+		my @line = split ' ', $currentline;
 			push @includestack, [ $currentfile, $currentfilename, $currentlinenumber ];
 			$currentfile = undef;
 			do_open_file $filename;
 		    } else {
 			$currentlinenumber = 0;
 		    }
-		    $currentline = '';
+		fatal_error "Invalid INCLUDE command"    if @line != 2;
 		fatal_error "INCLUDEs/Scripts nested too deeply" if @includestack >= 4;
 		my $filename = find_file $line[1];
 		fatal_error "INCLUDE file $filename not found" unless -f $filename;
 		fatal_error "Directory ($filename) not allowed in INCLUDE" if -d _;
 		if ( -s _ ) {
 		    push @includestack, [ $currentfile, $currentfilename, $currentlinenumber ];
 		    $currentfile = undef;
 		    do_open_file $filename;
 		} else {
-		    print "IN===> $currentline\n" if $debug;
+		    $currentlinenumber = 0;
 		    return 1;
 		}
 		$currentline = '';
 	    } else {
 		print "IN===> $currentline\n" if $debug;
 		return 1;
 	    }
 	}
@ -2679,7 +2688,7 @@ sub process_shorewall_conf() {
 	    first_entry "Processing $file...";
-	    while ( read_a_line ) {
+	    while ( read_a_line(0) ) {
 		if ( $currentline =~ /^\s*([a-zA-Z]\w*)=(.*?)\s*$/ ) {
 		    my ($var, $val) = ($1, $2);
 		    unless ( exists $config{$var} ) {
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -22,6 +22,8 @@ Changes in Shorewall 4.4.11
 10) Avoid missing closing quote when REQUIRE_INTERFACE=Yes.
 11) Add PERL option.
 Changes in Shorewall 4.4.10
 1)  Fix regression with scripts.
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@ -59,6 +59,8 @@ TC=
 IPSET=
 PERL=/usr/bin/perl
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 SHOREWALL_SHELL=/bin/sh
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -308,7 +308,13 @@ None.
 3)  A new column (NET3) has been added to the /etc/shorewall/netmap
    file. This new column can qualify the INTERFACE column by
    specifying a SOURCE network (DNAT rule) or DEST network (SNAT rule)
-    associated with the interface. 
+    associated with the interface.
 4)  To accomodate systems with more than one version of Perl installed,
    the shorewall.conf and shorewall6.conf files now support a PERL
    option. If the program specified by that option does not exist or
    is not executable, Shorewall (and Shorewall6) fall back to
    /usr/bin/perl.
 ----------------------------------------------------------------------------
 V I.  P R O B L E M S  C O R R E C T E D  A N D  N E W   F E A T U R E S
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@ -360,7 +360,16 @@ compiler() {
    run_user_exit params
    set +a
-    /usr/bin/perl $debugflags /usr/share/shorewall/compiler.pl $options $@
+    if [ -n "$PERL" ]; then
 	if [ ! -x "$PERL" ]; then
 	    echo "   WARNING: The program specified in the PERL option does not exist or is not executable; falling back to /usr/bin/perl" >&2
 	    PERL=/usr/bin/perl
 	fi
    else
 	PERL=/usr/bin/perl
    fi
    $PERL $debugflags /usr/share/shorewall/compiler.pl $options $@
 }
 #
--- a/Shorewall6/shorewall6
+++ b/Shorewall6/shorewall6
@ -299,7 +299,16 @@ compiler() {
 	set +a
    fi
-    $command perl $debugflags $pc $options $@
+    if [ -n "$PERL" ]; then
 	if [ ! -x "$PERL" ]; then
 	    echo "   WARNING: The program specified in PERL does not exist or is not executable; falling back to /usr/bin/perl" >&2
 	    PERL=/usr/bin/perl
 	fi
    else
 	PERL=/usr/bin/perl
    fi
    $command $PERL $debugflags $pc $options $@
 }    
 #
--- a/Shorewall6/shorewall6.conf
+++ b/Shorewall6/shorewall6.conf
@ -56,6 +56,8 @@ TC=
 IPSET=
 PERL=/usr/bin/perl
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 SHOREWALL_SHELL=/bin/sh
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@ -1320,6 +1320,19 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis
        role="bold">PERL=</emphasis><emphasis>pathname</emphasis></term>
        <listitem>
          <para>Added in Shorewall 4.4.11 RC1. Specifies the path name of the
          Perl executable. Default is <filename>/usr/bin/perl</filename>. If
          the pathname specified by this option does not exist or the named
          file is not executable, then Shorewall falls back to
          <filename>/usr/bin/perl/</filename></para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">PKTTYPE=</emphasis>{<emphasis
        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
--- a/manpages6/shorewall6.conf.xml
+++ b/manpages6/shorewall6.conf.xml
@ -1100,6 +1100,19 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis
        role="bold">PERL=</emphasis><emphasis>pathname</emphasis></term>
        <listitem>
          <para>Added in Shorewall 4.4.11 RC1. Specifies the path name of the
          Perl executable. Default is <filename>/usr/bin/perl</filename>. If
          the pathname specified by this option does not exist or the named
          file is not executable, then Shorewall6 falls back to
          <filename>/usr/bin/perl/</filename></para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis
        role="bold">RCP_COMMAND="</emphasis><replaceable>command</replaceable><emphasis