mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-15 01:58:48 +01:00
Allow INCLUDE in extension scripts
This commit is contained in:
parent
5c4da0b581
commit
265ca85d02
@ -1163,192 +1163,6 @@ sub pop_indent() {
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Functions for copying files into the script
|
||||
#
|
||||
sub copy( $ ) {
|
||||
assert( $script_enabled );
|
||||
|
||||
if ( $script ) {
|
||||
my $file = $_[0];
|
||||
|
||||
open IF , $file or fatal_error "Unable to open $file: $!";
|
||||
|
||||
while ( <IF> ) {
|
||||
chomp;
|
||||
if ( /^\s*$/ ) {
|
||||
print $script "\n" unless $lastlineblank;
|
||||
$lastlineblank = 1;
|
||||
} else {
|
||||
if ( $indent ) {
|
||||
s/^(\s*)/$indent1$1$indent2/;
|
||||
s/ /\t/ if $indent2;
|
||||
}
|
||||
|
||||
print $script $_;
|
||||
print $script "\n";
|
||||
$lastlineblank = 0;
|
||||
}
|
||||
}
|
||||
|
||||
close IF;
|
||||
}
|
||||
}
|
||||
|
||||
sub close_file();
|
||||
|
||||
#
|
||||
# This one handles line continuation and 'here documents'
|
||||
|
||||
sub copy1( $ ) {
|
||||
assert( $script_enabled );
|
||||
|
||||
my $result = 0;
|
||||
|
||||
if ( $script || $debug ) {
|
||||
my ( $do_indent, $here_documents ) = ( 1, '');
|
||||
|
||||
open_file( $_[0] );
|
||||
|
||||
while ( $currentfile ) {
|
||||
while ( <$currentfile> ) {
|
||||
chomp;
|
||||
|
||||
if ( /^${here_documents}\s*$/ ) {
|
||||
if ( $script ) {
|
||||
print $script $here_documents if $here_documents;
|
||||
print $script "\n";
|
||||
}
|
||||
|
||||
if ( $debug ) {
|
||||
print "GS-----> $here_documents" if $here_documents;
|
||||
print "GS----->\n";
|
||||
}
|
||||
|
||||
$do_indent = 1;
|
||||
$here_documents = '';
|
||||
next;
|
||||
}
|
||||
|
||||
if ( $do_indent && /.*<<\s*([^ ]+)s*(.*)/ ) {
|
||||
$here_documents = $1;
|
||||
s/^(\s*)/$indent1$1$indent2/;
|
||||
s/ /\t/ if $indent2;
|
||||
$do_indent = 0;
|
||||
|
||||
if ( $script ) {
|
||||
print $script $_;
|
||||
print $script "\n";
|
||||
}
|
||||
|
||||
if ( $debug ) {
|
||||
s/\n/\nGS-----> /g;
|
||||
print "GS-----> $_\n";
|
||||
}
|
||||
|
||||
$result = 1;
|
||||
next;
|
||||
}
|
||||
|
||||
if ( $indent && $do_indent ) {
|
||||
s/^(\s*)/$indent1$1$indent2/;
|
||||
s/ /\t/ if $indent2;
|
||||
}
|
||||
|
||||
if ( $script ) {
|
||||
print $script $_;
|
||||
print $script "\n";
|
||||
}
|
||||
|
||||
$do_indent = ! ( $here_documents || /\\$/ );
|
||||
|
||||
$result = 1 unless $result || /^\s*$/ || /^\s*#/;
|
||||
|
||||
if ( $debug ) {
|
||||
s/\n/\nGS-----> /g;
|
||||
print "GS-----> $_\n";
|
||||
}
|
||||
}
|
||||
|
||||
close_file;
|
||||
}
|
||||
}
|
||||
|
||||
$lastlineblank = 0;
|
||||
|
||||
$result;
|
||||
}
|
||||
|
||||
#
|
||||
# This one drops header comments and replaces them with a three-line banner
|
||||
#
|
||||
sub copy2( $$ ) {
|
||||
my ( $file, $trace ) = @_;
|
||||
|
||||
assert( $script_enabled );
|
||||
my $empty = 1;
|
||||
|
||||
if ( $script || $trace ) {
|
||||
my $file = $_[0];
|
||||
|
||||
open IF , $file or fatal_error "Unable to open $file: $!";
|
||||
|
||||
while ( <IF> ) {
|
||||
$empty = 0, last unless /^#/;
|
||||
}
|
||||
|
||||
unless ( $empty ) {
|
||||
emit <<EOF;
|
||||
################################################################################
|
||||
# Functions imported from $file
|
||||
################################################################################
|
||||
EOF
|
||||
chomp;
|
||||
emit( $_ ) unless /^\s*$/;
|
||||
|
||||
while ( <IF> ) {
|
||||
chomp;
|
||||
if ( /^\s*$/ ) {
|
||||
unless ( $lastlineblank ) {
|
||||
print $script "\n" if $script;
|
||||
print "GS----->\n" if $trace;
|
||||
}
|
||||
|
||||
$lastlineblank = 1;
|
||||
} else {
|
||||
if ( $indent ) {
|
||||
s/^(\s*)/$indent1$1$indent2/;
|
||||
s/ /\t/ if $indent2;
|
||||
}
|
||||
|
||||
if ( $script ) {
|
||||
print $script $_;
|
||||
print $script "\n";
|
||||
}
|
||||
|
||||
if ( $trace ) {
|
||||
s/\n/GS-----> \n/g;
|
||||
print "GS-----> $_\n";
|
||||
}
|
||||
|
||||
$lastlineblank = 0;
|
||||
}
|
||||
}
|
||||
|
||||
close IF;
|
||||
|
||||
unless ( $lastlineblank ) {
|
||||
print $script "\n" if $script;
|
||||
print "GS----->\n" if $trace;
|
||||
}
|
||||
|
||||
emit( '################################################################################',
|
||||
"# End of imports from $file",
|
||||
'################################################################################' );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Create the temporary script file -- the passed file name is the name of the final file.
|
||||
# We create a temporary file in the same directory so that we can use rename to finalize it.
|
||||
@ -1638,6 +1452,216 @@ sub close_file() {
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Functions for copying files into the script
|
||||
#
|
||||
sub copy( $ ) {
|
||||
assert( $script_enabled );
|
||||
|
||||
if ( $script ) {
|
||||
my $file = $_[0];
|
||||
|
||||
open IF , $file or fatal_error "Unable to open $file: $!";
|
||||
|
||||
while ( <IF> ) {
|
||||
chomp;
|
||||
if ( /^\s*$/ ) {
|
||||
print $script "\n" unless $lastlineblank;
|
||||
$lastlineblank = 1;
|
||||
} else {
|
||||
if ( $indent ) {
|
||||
s/^(\s*)/$indent1$1$indent2/;
|
||||
s/ /\t/ if $indent2;
|
||||
}
|
||||
|
||||
print $script $_;
|
||||
print $script "\n";
|
||||
$lastlineblank = 0;
|
||||
}
|
||||
}
|
||||
|
||||
close IF;
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# This variant of copy handles line continuation, 'here documents' and INCLUDE
|
||||
#
|
||||
sub copy1( $ ) {
|
||||
assert( $script_enabled );
|
||||
|
||||
my $result = 0;
|
||||
|
||||
if ( $script || $debug ) {
|
||||
my ( $do_indent, $here_documents ) = ( 1, '');
|
||||
|
||||
open_file( $_[0] );
|
||||
|
||||
while ( $currentfile ) {
|
||||
while ( <$currentfile> ) {
|
||||
$currentlinenumber++;
|
||||
|
||||
chomp;
|
||||
|
||||
if ( /^${here_documents}\s*$/ ) {
|
||||
if ( $script ) {
|
||||
print $script $here_documents if $here_documents;
|
||||
print $script "\n";
|
||||
}
|
||||
|
||||
if ( $debug ) {
|
||||
print "GS-----> $here_documents" if $here_documents;
|
||||
print "GS----->\n";
|
||||
}
|
||||
|
||||
$do_indent = 1;
|
||||
$here_documents = '';
|
||||
next;
|
||||
}
|
||||
|
||||
if ( $do_indent && /.*<<\s*([^ ]+)s*(.*)/ ) {
|
||||
$here_documents = $1;
|
||||
s/^(\s*)/$indent1$1$indent2/;
|
||||
s/ /\t/ if $indent2;
|
||||
$do_indent = 0;
|
||||
|
||||
if ( $script ) {
|
||||
print $script $_;
|
||||
print $script "\n";
|
||||
}
|
||||
|
||||
if ( $debug ) {
|
||||
s/\n/\nGS-----> /g;
|
||||
print "GS-----> $_\n";
|
||||
}
|
||||
|
||||
$result = 1;
|
||||
next;
|
||||
}
|
||||
|
||||
if ( $do_indent ) {
|
||||
if ( /^\s*INCLUDE\s/ ) {
|
||||
my @line = split / /;
|
||||
|
||||
fatal_error "Invalid INCLUDE command" if @line != 2;
|
||||
fatal_error "INCLUDEs nested too deeply" if @includestack >= 4;
|
||||
|
||||
my $filename = find_file $line[1];
|
||||
|
||||
fatal_error "INCLUDE file $filename not found" unless -f $filename;
|
||||
fatal_error "Directory ($filename) not allowed in INCLUDE" if -d _;
|
||||
|
||||
if ( -s _ ) {
|
||||
push @includestack, [ $currentfile, $currentfilename, $currentlinenumber ];
|
||||
$currentfile = undef;
|
||||
do_open_file $filename;
|
||||
} else {
|
||||
$currentlinenumber = 0;
|
||||
}
|
||||
|
||||
next;
|
||||
}
|
||||
|
||||
if ( $indent ) {
|
||||
s/^(\s*)/$indent1$1$indent2/;
|
||||
s/ /\t/ if $indent2;
|
||||
}
|
||||
}
|
||||
|
||||
if ( $script ) {
|
||||
print $script $_;
|
||||
print $script "\n";
|
||||
}
|
||||
|
||||
$do_indent = ! ( $here_documents || /\\$/ );
|
||||
|
||||
$result = 1 unless $result || /^\s*$/ || /^\s*#/;
|
||||
|
||||
if ( $debug ) {
|
||||
s/\n/\nGS-----> /g;
|
||||
print "GS-----> $_\n";
|
||||
}
|
||||
}
|
||||
|
||||
close_file;
|
||||
}
|
||||
}
|
||||
|
||||
$lastlineblank = 0;
|
||||
|
||||
$result;
|
||||
}
|
||||
|
||||
#
|
||||
# This one drops header comments and replaces them with a three-line banner
|
||||
#
|
||||
sub copy2( $$ ) {
|
||||
my ( $file, $trace ) = @_;
|
||||
|
||||
assert( $script_enabled );
|
||||
my $empty = 1;
|
||||
|
||||
if ( $script || $trace ) {
|
||||
my $file = $_[0];
|
||||
|
||||
open IF , $file or fatal_error "Unable to open $file: $!";
|
||||
|
||||
while ( <IF> ) {
|
||||
$empty = 0, last unless /^#/;
|
||||
}
|
||||
|
||||
unless ( $empty ) {
|
||||
emit <<EOF;
|
||||
################################################################################
|
||||
# Functions imported from $file
|
||||
################################################################################
|
||||
EOF
|
||||
chomp;
|
||||
emit( $_ ) unless /^\s*$/;
|
||||
|
||||
while ( <IF> ) {
|
||||
chomp;
|
||||
if ( /^\s*$/ ) {
|
||||
unless ( $lastlineblank ) {
|
||||
print $script "\n" if $script;
|
||||
print "GS----->\n" if $trace;
|
||||
}
|
||||
|
||||
$lastlineblank = 1;
|
||||
} else {
|
||||
if ( $indent ) {
|
||||
s/^(\s*)/$indent1$1$indent2/;
|
||||
s/ /\t/ if $indent2;
|
||||
}
|
||||
|
||||
if ( $script ) {
|
||||
print $script $_;
|
||||
print $script "\n";
|
||||
}
|
||||
|
||||
if ( $trace ) {
|
||||
s/\n/GS-----> \n/g;
|
||||
print "GS-----> $_\n";
|
||||
}
|
||||
|
||||
$lastlineblank = 0;
|
||||
}
|
||||
}
|
||||
|
||||
close IF;
|
||||
|
||||
unless ( $lastlineblank ) {
|
||||
print $script "\n" if $script;
|
||||
print "GS----->\n" if $trace;
|
||||
}
|
||||
|
||||
emit( '################################################################################',
|
||||
"# End of imports from $file",
|
||||
'################################################################################' );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# The following two functions allow module clients to nest opens. This happens frequently
|
||||
# in the Rules module.
|
||||
|
@ -1,12 +1,14 @@
|
||||
Changes in Shorewall 4.4.17 Beta 1
|
||||
|
||||
1) Improve readability of logging logic in expand_rule().
|
||||
1) Improve readability of logging logic in expand_rule().
|
||||
|
||||
2) Improve efficency of oddball targets in process_rule1().
|
||||
2) Improve efficency of oddball targets in process_rule1().
|
||||
|
||||
3) Export (param,value) pairs with EXPORTPARAMS=No.
|
||||
3) Export (param,value) pairs with EXPORTPARAMS=No.
|
||||
|
||||
4) Only produce 'done.' progress message on success.
|
||||
4) Only produce 'done.' progress message on success.
|
||||
|
||||
5) Support INCLUDE in user exits.
|
||||
|
||||
Changes in Shorewall 4.4.16 RC 1
|
||||
|
||||
|
@ -36,6 +36,25 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
/etc/shorewall/shorewall6.conf have been modified to specify
|
||||
EXPORTPARAMS=No.
|
||||
|
||||
2) The INCLUDE command may now be used in the following extension
|
||||
scripts:
|
||||
|
||||
clear
|
||||
findgw
|
||||
init
|
||||
isusable
|
||||
refresh
|
||||
refreshed
|
||||
restored
|
||||
start
|
||||
started
|
||||
stop
|
||||
stopped
|
||||
tcclear
|
||||
|
||||
The command is executed during compilation so that the INCLUDEd
|
||||
file is copied into the generated script.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
I V. R E L E A S E 4 . 4 H I G H L I G H T S
|
||||
----------------------------------------------------------------------------
|
||||
|
@ -636,12 +636,75 @@ ACCEPT net:\
|
||||
<para>INCLUDE's may be nested to a level of 3 -- further nested INCLUDE
|
||||
directives are ignored with a warning message.</para>
|
||||
|
||||
<para>Beginning with Shorewall 4.4.17, the INCLUDE directive may also
|
||||
appear in the following <ulink
|
||||
url="shorewall_extension_scripts.htm">extension scripts</ulink>:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>clear</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>findgw</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>init</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>isusable</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>refresh</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>refreshed</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>restore</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>restored</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>start</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>started</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>stop</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>stopped</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>tcclear</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>When used in these scripts, the included files are copied into the
|
||||
compiled firewall script.</para>
|
||||
|
||||
<caution>
|
||||
<para>If you are using <ulink
|
||||
<para>Prior to Shorewall 4.4.17, if you are using <ulink
|
||||
url="CompiledPrograms.html%23Lite">Shorewall Lite</ulink> , it is not
|
||||
advisable to use INCLUDE in the <filename>params</filename> file in an
|
||||
export directory. If you do that, you must ensure that the included file
|
||||
is also present on the firewall system's <filename
|
||||
export directory if you set EXPORTPARAMS=Yes in <ulink
|
||||
url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5). If you do
|
||||
that, you must ensure that the included file is also present on the
|
||||
firewall system's <filename
|
||||
class="directory">/etc/shorewall-lite/</filename> directory.</para>
|
||||
|
||||
<para>If you only need the <filename>params</filename> file at compile
|
||||
|
Loading…
Reference in New Issue
Block a user