Add and document the remote-getcaps command

Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-01-22 21:48:39 +01:00 · 2018-03-16 13:29:01 +01:00 · 2018-03-16 13:29:01 +01:00 · 47a59cdd7c
commit 47a59cdd7c
parent 676ca872d6
2 changed files with 38 additions and 1 deletions
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@ -4323,6 +4323,7 @@ usage() # $1 = exit status

    if [ -z "$g_lite" ]; then
 	echo "   remote-getrc [ -T ] [ -p <remote-dir-path-of-sw-program> ] [ -r <root-name> ] [ <directory> ] [ <system> ]"
+	echo "   remote-getcaps [ -T ] [ -R ] [ -p <remote-dir-path-of-sw-program> ] [ -r <root-name> ] [ <directory> ] [ <system> ]"
 	echo "   remote-reload [ -n ] [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
 	echo "   remote-restart [ -n ] [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
 	echo "   remote-start [ -n ] [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
--- a/Shorewall/lib.cli-std
+++ b/Shorewall/lib.cli-std
@ -1360,10 +1360,14 @@ remote_capture() # $* = original arguments less the command.
    local system
    local getrc
    getrc=
+    local getcaps
+    getcaps=
    local remote_sw_dir_path
    remote_sw_dir_path=
    local root
    root=root
+    local libexec
+    libexec=${LIBEXECDIR}

    while [ $finished -eq 0 -a $# -gt 0 ]; do
 	option=$1
@ -1381,6 +1385,10 @@ remote_capture() # $* = original arguments less the command.
 			    getrc=Yes
 			    option=${option#R}
 			    ;;
+			c*)
+			    getcaps=Yes
+			    option=${option#c}
+			    ;;
 			r)
 			    [ $# -gt 1 ] || fatal_error "Missing Root User name"
 			    root=$2
@ -1452,8 +1460,13 @@ remote_capture() # $* = original arguments less the command.
        remote-getrc)
            getrc=Yes
            ;;
+        remote-getcaps)
+            getcaps=Yes
+            ;;
    esac

+    [ -n "$getcaps" ] && getrc=Yes
+
    if [ -n "$getrc" -o ! -s $g_shorewalldir/shorewallrc ]; then
        progress_message2 "Getting RC file on system $system..."

@ -1465,6 +1478,29 @@ remote_capture() # $* = original arguments less the command.
            fatal_error "Capturing RC file on system $system failed"
        fi
    fi
+
+    remote_sw_dir_path=
+
+    if [ -n "$getcaps" -o ! -s $g_shorewalldir/capabilities ]; then
+        if [ -f $g_shorewalldir/shorewallrc -a -s $g_shorewalldir/shorewallrc ]; then
+            . $g_shorewalldir/shorewallrc
+            libexec="$LIBEXECDIR"
+
+            [ -n "$DONT_LOAD" ] && DONT_LOAD="$(echo $DONT_LOAD | tr ',' ' ')"
+
+            progress_message2 "Getting Capabilities on system $system..."
+
+            if [ $g_family -eq 4 ]; then
+                if ! rsh_command "MODULESDIR=$MODULESDIR IPTABLES=$IPTABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall-lite/shorecap" > $g_shorewalldir/capabilities; then
+                    fatal_error "Capturing capabilities on system $system failed"
+                fi
+            elif ! rsh_command "MODULESDIR=$MODULESDIR IP6TABLES=$IP6TABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall6-lite/shorecap" > $g_shorewalldir/capabilities; then
+                fatal_error "Capturing capabilities on system $system failed"
+            fi
+        else
+            fatal_error "$g_shorewalldir/shorewallrc is not present."
+        fi
+    fi
 }

 #
@ -1809,7 +1845,7 @@ compiler_command() {
 	    shift
 	    safe_commands $@
 	    ;;
-        remote-getrc)
+        remote-getrc|remote-getcaps)
            shift
            remote_capture $@
            ;;