Improve maintainability of action-tuple code

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-01-16 17:26:16 -08:00
parent 742c15b289
commit 031371f259

View File

@ -79,6 +79,10 @@ use constant { NULL_SECTION => 0x00,
NEW_SECTION => 0x40, NEW_SECTION => 0x40,
DEFAULTACTION_SECTION => 0x80 }; DEFAULTACTION_SECTION => 0x80 };
# #
# Number of elements in the action tuple
#
use constant { ACTION_TUPLE_ELEMENTS => 5 };
#
# Section => name function # Section => name function
# #
our %section_functions = ( ALL_SECTION , \&rules_chain, our %section_functions = ( ALL_SECTION , \&rules_chain,
@ -424,6 +428,7 @@ sub print_policy($$$$) {
sub use_policy_action( $$ ); sub use_policy_action( $$ );
sub normalize_action( $$$ ); sub normalize_action( $$$ );
sub normalize_action_name( $ ); sub normalize_action_name( $ );
sub normalize_single_action( $ );
sub process_default_action( $$$$ ) { sub process_default_action( $$$$ ) {
my ( $originalpolicy, $policy, $default, $level ) = @_; my ( $originalpolicy, $policy, $default, $level ) = @_;
@ -560,7 +565,7 @@ sub process_a_policy() {
require_capability 'AUDIT_TARGET', ":audit", "s" if $audit; require_capability 'AUDIT_TARGET', ":audit", "s" if $audit;
my ( $policy, $default, $level, undef, $remainder ) = split( /:/, $originalpolicy, 5 ); my ( $policy, $default, $level, undef, $remainder ) = split( /:/, $originalpolicy, ACTION_TUPLE_ELEMENTS );
fatal_error "Invalid or missing POLICY ($originalpolicy)" unless $policy; fatal_error "Invalid or missing POLICY ($originalpolicy)" unless $policy;
@ -944,7 +949,7 @@ sub complete_standard_chain ( $$$$ ) {
( $policy, $loglevel, $defaultaction ) = @{$policychainref}{'policy', 'loglevel', 'default' }; ( $policy, $loglevel, $defaultaction ) = @{$policychainref}{'policy', 'loglevel', 'default' };
$stdchainref->{origin} = $policychainref->{origin}; $stdchainref->{origin} = $policychainref->{origin};
} elsif ( $defaultaction !~ /:/ ) { } elsif ( $defaultaction !~ /:/ ) {
$defaultaction = join(":", $defaultaction, 'none', '', '', '' ); $defaultaction = normalize_single_action( $defaultaction );
} }
@ -1210,11 +1215,18 @@ sub normalize_action_name( $ ) {
normalize_action( $action, $loglevel, '' ); normalize_action( $action, $loglevel, '' );
} }
#
# Create an action tuple from a single target name
#
sub normalize_single_action( $ ) {
join(":", $_[0], 'none', '', '', '' );
}
# #
# Produce a recognizable target from a normalized action # Produce a recognizable target from a normalized action
# #
sub external_name( $ ) { sub external_name( $ ) {
my ( $target, $level, $tag, undef, $params ) = split /:/, shift, 5; my ( $target, $level, $tag, undef, $params ) = split /:/, shift, ACTION_TUPLE_ELEMENTS;
$target = join( '', $target, '(', $params , ')' ) if $params; $target = join( '', $target, '(', $params , ')' ) if $params;
$target .= ":$level" if $level && $level ne 'none'; $target .= ":$level" if $level && $level ne 'none';
@ -1344,7 +1356,7 @@ sub createsimpleactionchain( $ ) {
sub createactionchain( $ ) { sub createactionchain( $ ) {
my $normalized = shift; my $normalized = shift;
my ( $target, $level, $tag, $caller, $param ) = split /:/, $normalized, 5; my ( $target, $level, $tag, $caller, $param ) = split /:/, $normalized, ACTION_TUPLE_ELEMENTS;
assert( defined $param ); assert( defined $param );
@ -1704,7 +1716,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ );
sub process_action($$) { sub process_action($$) {
my ( $chainref, $caller ) = @_; my ( $chainref, $caller ) = @_;
my $wholeaction = $chainref->{action}; my $wholeaction = $chainref->{action};
my ( $action, $level, $tag, undef, $param ) = split /:/, $wholeaction, 5; my ( $action, $level, $tag, undef, $param ) = split /:/, $wholeaction, ACTION_TUPLE_ELEMENTS;
if ( $targets{$action} & BUILTIN ) { if ( $targets{$action} & BUILTIN ) {
$level = '' if $level =~ /none!?/; $level = '' if $level =~ /none!?/;