extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 01:37:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Backout - Centralize variable expansion

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4227 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-07-16 22:18:26 +00:00
parent a0f6dc4a2e
commit 3b253a39c4
2 changed files with 51 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
Shorewall/compiler
View File

@ -476,6 +476,8 @@ determine_zones()
[ "$IPSECFILE" = zones ] && new_zone_file=Yes || test -n "${FW:=fw}" [ "$IPSECFILE" = zones ] && new_zone_file=Yes || test -n "${FW:=fw}"
while read zone type rest; do while read zone type rest; do
expandv zone type
case $zone in case $zone in
*:*) *:*)
parents=${zone#*:} parents=${zone#*:}
@ -873,7 +875,8 @@ find_hosts() # $1 = host zone
local hosts interface address addresses local hosts interface address addresses
while read z hosts options; do while read z hosts options; do
if [ "x$z" = "x$1" ]; then if [ "x$(expand $z)" = "x$1" ]; then
expandv hosts
interface=${hosts%%:*} interface=${hosts%%:*}
addresses=${hosts#*:} addresses=${hosts#*:}
for address in $(separate_list $addresses); do for address in $(separate_list $addresses); do
@ -993,6 +996,7 @@ validate_interfaces_file() {
local z interface networks options r iface option local z interface networks options r iface option
while read z interface networks options; do while read z interface networks options; do
expandv z interface networks options
r="$z $interface $networks $options" r="$z $interface $networks $options"
[ "x$z" = "x-" ] && z= [ "x$z" = "x-" ] && z=
@ -1338,6 +1342,7 @@ __EOF__
save_command "DEFAULT_ROUTE=" save_command "DEFAULT_ROUTE="
while read table number mark duplicate interface gateway options copy; do while read table number mark duplicate interface gateway options copy; do
expandv table number mark duplicate interface gateway options copy
provider="$table $number $mark $duplicate $interface $gateway $options $copy" provider="$table $number $mark $duplicate $interface $gateway $options $copy"
add_a_provider add_a_provider
PROVIDERS="$PROVIDERS $table" PROVIDERS="$PROVIDERS $table"
@ -1382,6 +1387,7 @@ __EOF__
save_command save_command
while read source dest provider priority; do while read source dest provider priority; do
expandv source dest provider priority
rule="$source $dest $priority $provider" rule="$source $dest $priority $provider"
add_an_rtrule add_an_rtrule
done < $TMP_DIR/route_rules done < $TMP_DIR/route_rules
@ -1409,6 +1415,7 @@ validate_hosts_file() {
} }
while read z hosts options; do while read z hosts options; do
expandv z hosts options
r="$z $hosts $options" r="$z $hosts $options"
validate_zone1 $z || fatal_error "Invalid zone ($z) in record \"$r\"" validate_zone1 $z || fatal_error "Invalid zone ($z) in record \"$r\""
@ -1557,6 +1564,8 @@ validate_policy()
strip_file policy strip_file policy
while read client server policy loglevel synparams; do while read client server policy loglevel synparams; do
expandv client server policy loglevel synparams
clientwild= clientwild=
serverwild= serverwild=
@ -1718,9 +1727,11 @@ find_hosts_by_option() # $1 = option
local ignore hosts interface address addresses options ipsec= list local ignore hosts interface address addresses options ipsec= list
while read ignore hosts options; do while read ignore hosts options; do
expandv options
list=$(separate_list $options) list=$(separate_list $options)
if list_search $1 $list; then if list_search $1 $list; then
list_search ipsec $list && ipsec=ipsec || ipsec=none list_search ipsec $list && ipsec=ipsec || ipsec=none
expandv hosts
interface=${hosts%%:*} interface=${hosts%%:*}
addresses=${hosts#*:} addresses=${hosts#*:}
for address in $(separate_list $addresses); do for address in $(separate_list $addresses); do
@ -1770,6 +1781,7 @@ process_routestopped() # $1 = command
local hosts= interface host host1 options networks source= dest= matched local hosts= interface host host1 options networks source= dest= matched
while read interface host options; do while read interface host options; do
expandv interface host options
[ "x$host" = "x-" -o -z "$host" ] && host=0.0.0.0/0 [ "x$host" = "x-" -o -z "$host" ] && host=0.0.0.0/0
for h in $(separate_list $host); do for h in $(separate_list $host); do
hosts="$hosts $interface:$h" hosts="$hosts $interface:$h"
@ -1848,6 +1860,8 @@ process_criticalhosts()
[ -f $TMP_DIR/routestopped ] || strip_file routestopped [ -f $TMP_DIR/routestopped ] || strip_file routestopped
while read interface host options; do while read interface host options; do
expandv interface host options
[ "x$host" = "x-" -o -z "$host" ] && host=0.0.0.0/0 || host=$(separate_list $host) [ "x$host" = "x-" -o -z "$host" ] && host=0.0.0.0/0 || host=$(separate_list $host)
if [ -n "$options" ]; then if [ -n "$options" ]; then
@ -2104,6 +2118,7 @@ setup_tunnels() # $1 = name of tunnels file
strip_file tunnels $1 strip_file tunnels $1
while read kind z gateway z1; do while read kind z gateway z1; do
expandv kind z gateway z1
tunnel="$(echo $kind $z $gateway $z1)" tunnel="$(echo $kind $z $gateway $z1)"
if validate_zone $z; then if validate_zone $z; then
inchain=${z}2${FW} inchain=${z}2${FW}
@ -2248,6 +2263,8 @@ setup_ipsec() {
esac esac
while read zone type options in_options out_options mss; do while read zone type options in_options out_options mss; do
expandv zone type options in_options out_options mss
if [ -n "$using_ipsec" ]; then if [ -n "$using_ipsec" ]; then
validate_zone1 $zone || fatal_error "Unknown zone: $zone" validate_zone1 $zone || fatal_error "Unknown zone: $zone"
fi fi
@ -2353,6 +2370,7 @@ __EOF__
save_progress_message "Setting up Proxy ARP..." save_progress_message "Setting up Proxy ARP..."
while read address interface external haveroute persistent; do while read address interface external haveroute persistent; do
expandv address interface external haveroute persistent
list_search $interface $setlist || setlist="$setlist $interface" list_search $interface $setlist || setlist="$setlist $interface"
list_search $external $resetlist || list_search $external $setlist || resetlist="$resetlist $external" list_search $external $resetlist || list_search $external $setlist || resetlist="$resetlist $external"
setup_one_proxy_arp setup_one_proxy_arp
@ -2470,6 +2488,8 @@ setup_mac_lists() {
# Process the maclist file producing the verification rules # Process the maclist file producing the verification rules
# #
while read disposition interface mac addresses; do while read disposition interface mac addresses; do
expandv disposition interface mac addresses
level= level=
case $disposition in case $disposition in
@ -2737,7 +2757,10 @@ setup_nat() {
[ -n "$RETAIN_ALIASES" ] || save_progress_message "Setting up one-to-one NAT..." [ -n "$RETAIN_ALIASES" ] || save_progress_message "Setting up one-to-one NAT..."
while read external interface internal allints localnat; do while read external interface internal allints localnat; do
expandv external interface internal allints localnat
do_one_nat do_one_nat
progress_message_and_save " Host $internal NAT $external on $interface" progress_message_and_save " Host $internal NAT $external on $interface"
done < $TMP_DIR/nat done < $TMP_DIR/nat
} }
@ -2770,6 +2793,8 @@ __EOF__
setup_netmap() { setup_netmap() {
while read type net1 interface net2 ; do while read type net1 interface net2 ; do
expandv type net1 interface net2
list_search $interface $ALL_INTERFACES || \ list_search $interface $ALL_INTERFACES || \
fatal_error "Unknown interface $interface in entry \"$type $net1 $interface $net2\"" fatal_error "Unknown interface $interface in entry \"$type $net1 $interface $net2\""
@ -2804,6 +2829,7 @@ setup_ecn() # $1 = file name
progress_message2 "$DOING $1..." progress_message2 "$DOING $1..."
while read interface host; do while read interface host; do
expandv interface host
list_search $interface $ALL_INTERFACES || \ list_search $interface $ALL_INTERFACES || \
fatal_error "Unknown interface $interface" fatal_error "Unknown interface $interface"
list_search $interface $interfaces || \ list_search $interface $interfaces || \
@ -2891,6 +2917,7 @@ setup_tc1() {
strip_file tcrules strip_file tcrules
while read mark sources dests proto ports sports user testval length tos; do while read mark sources dests proto ports sports user testval length tos; do
expandv mark sources dests proto ports sports user testval length tos
rule=$(echo "$mark $sources $dests $proto $ports $sports $user $testval $length $tos") rule=$(echo "$mark $sources $dests $proto $ports $sports $user $testval $length $tos")
process_tc_rule process_tc_rule
done < $TMP_DIR/tcrules done < $TMP_DIR/tcrules
@ -3187,6 +3214,7 @@ setup_accounting() # $1 = Name of accounting file
strip_file accounting $1 strip_file accounting $1
while read action chain source dest proto port sport user ; do while read action chain source dest proto port sport user ; do
expandv action chain source dest proto port sport user
process_accounting_rule process_accounting_rule
done < $TMP_DIR/accounting done < $TMP_DIR/accounting
@ -3502,9 +3530,11 @@ process_action() # $1 = chain (Chain to add the rules to)
else else
loglevel="${target#*:}" loglevel="${target#*:}"
target="${target%%:*}" target="${target%%:*}"
expandv loglevel
if [ "$loglevel" != "${loglevel%:*}" ]; then if [ "$loglevel" != "${loglevel%:*}" ]; then
logtag="${loglevel#*:}" logtag="${loglevel#*:}"
loglevel="${loglevel%:*}" loglevel="${loglevel%:*}"
expandv logtag
fi fi
case $loglevel in case $loglevel in
@ -3999,6 +4029,7 @@ process_actions1() {
progress_message2 " Pre-processing $fn..." progress_message2 " Pre-processing $fn..."
strip_file $f $fn strip_file $f $fn
while read xtarget xclients xservers xprotocol xports xcports xratelimit $xuserspec; do while read xtarget xclients xservers xprotocol xports xcports xratelimit $xuserspec; do
expandv xtarget
temp="${xtarget%%:*}" temp="${xtarget%%:*}"
case "$temp" in case "$temp" in
ACCEPT|DROP|REJECT|LOG|QUEUE|CONTINUE) ACCEPT|DROP|REJECT|LOG|QUEUE|CONTINUE)
@ -4038,6 +4069,7 @@ process_actions1() {
progress_message " ..Expanding Macro $fn..." progress_message " ..Expanding Macro $fn..."
while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do
expandv mtarget
temp="${mtarget%%:*}" temp="${mtarget%%:*}"
case "$temp" in case "$temp" in
ACCEPT|DROP|REJECT|LOG|QUEUE|CONTINUE|PARAM) ACCEPT|DROP|REJECT|LOG|QUEUE|CONTINUE|PARAM)
@ -4283,6 +4315,7 @@ __EOF__
progress_message2 "$DOING $(find_file $f) for Chain $xchain..." progress_message2 "$DOING $(find_file $f) for Chain $xchain..."
while read xtarget xclients xservers xprotocol xports xcports xratelimit xuserspec; do while read xtarget xclients xservers xprotocol xports xcports xratelimit xuserspec; do
expandv xtarget
# #
# Generate the target:level:tag to pass to process_action() # Generate the target:level:tag to pass to process_action()
# #
@ -4315,6 +4348,8 @@ __EOF__
;; ;;
esac esac
expandv xclients xservers xprotocol xports xcports xratelimit xuserspec
if [ -n "$is_macro" ]; then if [ -n "$is_macro" ]; then
xtarget1=$(map_old_action $xtarget1) xtarget1=$(map_old_action $xtarget1)
@ -4328,6 +4363,8 @@ __EOF__
progress_message "..Expanding Macro $(find_file macro.$xtarget1)..." progress_message "..Expanding Macro $(find_file macro.$xtarget1)..."
while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do
expandv mtarget mclients mservers mprotocol mports mcports mratelimit muserspec
mtarget=$(merge_levels $xaction2 $mtarget) mtarget=$(merge_levels $xaction2 $mtarget)
case $mtarget in case $mtarget in
@ -4981,9 +5018,11 @@ __EOF__
else else
loglevel="${target#*:}" loglevel="${target#*:}"
target="${target%%:*}" target="${target%%:*}"
expandv loglevel
if [ "$loglevel" != "${loglevel%:*}" ]; then if [ "$loglevel" != "${loglevel%:*}" ]; then
logtag="${loglevel#*:}" logtag="${loglevel#*:}"
loglevel="${loglevel%:*}" loglevel="${loglevel%:*}"
expandv logtag
fi fi
case $loglevel in case $loglevel in
@ -5373,6 +5412,8 @@ process_macro() # $1 = target
progress_message "..Expanding Macro $(find_file macro.${itarget%%:*})..." progress_message "..Expanding Macro $(find_file macro.${itarget%%:*})..."
while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do
expandv mtarget mclients mservers mprotocol mports mcports mratelimit muserspec
mtarget=$(merge_levels $itarget $mtarget) mtarget=$(merge_levels $itarget $mtarget)
case $mtarget in case $mtarget in
@ -5478,6 +5519,8 @@ process_rules()
do_it() # $1 = "Yes" if the target is a macro. do_it() # $1 = "Yes" if the target is a macro.
{ {
expandv xprotocol xports xcports xaddress xratelimit xuserspec intrazone=
if [ -z "$SECTIONS" ]; then if [ -z "$SECTIONS" ]; then
finish_section ESTABLISHED,RELATED finish_section ESTABLISHED,RELATED
SECTIONS="ESTABLISHED RELATED NEW" SECTIONS="ESTABLISHED RELATED NEW"
@ -5538,6 +5581,8 @@ process_rules()
} }
while read xtarget xclients xservers xprotocol xports xcports xaddress xratelimit xuserspec; do while read xtarget xclients xservers xprotocol xports xcports xaddress xratelimit xuserspec; do
expandv xtarget xclients xservers
if [ "x$xclients" = xnone -o "x$servers" = xnone ]; then if [ "x$xclients" = xnone -o "x$servers" = xnone ]; then
rule="$xtarget $xclients $xservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec" rule="$xtarget $xclients $xservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec"
progress_message " Rule \"$rule\" ignored." progress_message " Rule \"$rule\" ignored."
@ -5812,6 +5857,7 @@ process_tos() # $1 = name of tos file
createmanglechain outtos createmanglechain outtos
while read src dst protocol sport dport tos; do while read src dst protocol sport dport tos; do
expandv src dst protocol sport dport tos
rule="$(echo $src $dst $protocol $sport $dport $tos)" rule="$(echo $src $dst $protocol $sport $dport $tos)"
process_tos_rule process_tos_rule
done < $TMP_DIR/tos done < $TMP_DIR/tos
@ -6455,6 +6501,7 @@ __EOF__
fi fi
while read fullinterface networks addresses proto ports ipsec; do while read fullinterface networks addresses proto ports ipsec; do
expandv fullinterface networks addresses proto ports ipsec
if [ -n "$NAT_ENABLED" ]; then if [ -n "$NAT_ENABLED" ]; then
setup_one setup_one
else else
@ -6596,6 +6643,7 @@ setup_blacklist() {
if [ -z "$DELAYBLACKLISTLOAD" ]; then if [ -z "$DELAYBLACKLISTLOAD" ]; then
while read networks protocol ports; do while read networks protocol ports; do
expandv networks protocol ports
process_blacklist_rec process_blacklist_rec
done < $TMP_DIR/blacklist done < $TMP_DIR/blacklist
fi fi
@ -6619,6 +6667,7 @@ refresh_blacklist() {
run_iptables -F blacklst run_iptables -F blacklst
while read networks protocol ports; do while read networks protocol ports; do
expandv networks protocol ports
process_blacklist_rec process_blacklist_rec
done < $TMP_DIR/blacklist done < $TMP_DIR/blacklist
} }
@ -6637,6 +6686,7 @@ validate_blacklist() {
[ "$disposition" = REJECT ] && disposition=reject [ "$disposition" = REJECT ] && disposition=reject
while read networks protocol ports; do while read networks protocol ports; do
expandv networks protocol ports
process_blacklist_rec process_blacklist_rec
done < $TMP_DIR/blacklist done < $TMP_DIR/blacklist
} }

1
Shorewall/functions
View File

@ -594,7 +594,6 @@ read_file() # $1 = file name, $2 = nest count
if [ -f $1 ]; then if [ -f $1 ]; then
while read first rest; do while read first rest; do
expandv first rest
if [ "x$first" = "xINCLUDE" ]; then if [ "x$first" = "xINCLUDE" ]; then
if [ $2 -lt 4 ]; then if [ $2 -lt 4 ]; then
read_file $(find_file $(expand ${rest%#*})) $(($2 + 1)) read_file $(find_file $(expand ${rest%#*})) $(($2 + 1))