From 4fd338f3ca0da6fe8f2e55183f3c07f99f6485cc Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@wookie.(none)>
Date: Tue, 21 Jul 2009 12:32:25 -0700
Subject: [PATCH] Fix 'rpm -U' from earlier versions

---
 Shorewall-lite/shorewall-lite   | 1 +
 Shorewall/changelog.txt         | 4 ++++
 Shorewall/releasenotes.txt      | 9 +++++++++
 Shorewall/shorewall             | 1 +
 Shorewall6-lite/shorewall6-lite | 1 +
 Shorewall6/shorewall6           | 1 +
 6 files changed, 17 insertions(+)

diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite
index 845c4f6dc..974cd3296 100755
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@@ -625,6 +625,7 @@ case "$COMMAND" in
 	;;
     status)
 	[ $# -eq 1 ] || usage 1
+	[ "$(id -u)" != 0 ] && fatal_error "ERROR: The status command may only be run by root"
 	echo "Shorewall Lite $version Status at $HOSTNAME - $(date)"
 	echo
 	if shorewall_is_started ; then
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 18c6ed70e..cfa12e1be 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -8,6 +8,10 @@ Changes in Shorewall 4.4.0-RC1
 
 4)  Fix NONAT on child zone.
 
+5)  Fix rpm -U from earlier versions
+
+6)  Generate error on 'status' by non-root.
+
 Changes in Shorewall 4.4.0-Beta4
 
 1)  Add more macros.
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 20cd58108..c2a846ab8 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -121,6 +121,15 @@ Shorewall 4.4.0 RC1
 3)  Previously, NONAT rules on a sub-zone were not exempted from
     DNAT/REDIRECT rules of a parent zone.
 
+4)  Previously if the 'status' command was run by someone other than
+    root, the response always show that the firewall was stopped and
+    the state was 'Unknown'. Now an error message is generated to
+    indicate that the command may only be run by root.
+
+5)  Previously, if 'rpm -U' was used to upgrade from a version of
+    Shorewall earlier than 4.3.5, then Shorewall would not start
+    automatically at boot time.
+
 ----------------------------------------------------------------------------
              K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------
diff --git a/Shorewall/shorewall b/Shorewall/shorewall
index 0341b65e1..8fcbf85ea 100755
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@@ -1785,6 +1785,7 @@ case "$COMMAND" in
 	;;
     status)
 	[ $# -eq 1 ] || usage 1
+	[ "$(id -u)" != 0 ] && fatal_error "ERROR: The status command may only be run by root"
 	get_config
 	echo "Shorewall-$version Status at $HOSTNAME - $(date)"
 	echo
diff --git a/Shorewall6-lite/shorewall6-lite b/Shorewall6-lite/shorewall6-lite
index a45100bf1..359e4edbf 100755
--- a/Shorewall6-lite/shorewall6-lite
+++ b/Shorewall6-lite/shorewall6-lite
@@ -608,6 +608,7 @@ case "$COMMAND" in
 	;;
     status)
 	[ $# -eq 1 ] || usage 1
+	[ "$(id -u)" != 0 ] && fatal_error "ERROR: The status command may only be run by root"
 	echo "Shorewall6 Lite $version Status at $HOSTNAME - $(date)"
 	echo
 	if shorewall6_is_started ; then
diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6
index 15ba4870d..8946ad958 100755
--- a/Shorewall6/shorewall6
+++ b/Shorewall6/shorewall6
@@ -1688,6 +1688,7 @@ case "$COMMAND" in
 	;;
     status)
 	[ $# -eq 1 ] || usage 1
+	[ "$(id -u)" != 0 ] && fatal_error "ERROR: The status command may only be run by root"
 	get_config
 	echo "Shorewall6-$version Status at $HOSTNAME - $(date)"
 	echo