Add $logaction and $logtag as variables usable within actions

- Also make action variables usable in ?if and ?elsif expressions.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
2012-12-03 12:31:47 -08:00
parent fc3606a489
commit 72aabef0fa
2 changed files with 63 additions and 45 deletions

View File

@ -472,7 +472,7 @@ my %compiler_params;
# #
# Action parameters # Action parameters
# #
my @actparms; my %actparms;
our $currentline; # Current config file line image our $currentline; # Current config file line image
my $currentfile; # File handle reference my $currentfile; # File handle reference
@ -901,7 +901,7 @@ sub initialize( $;$$) {
%compiler_params = (); %compiler_params = ();
@actparms = (); %actparms = ( );
%helpers_enabled = ( %helpers_enabled = (
amanda => 1, amanda => 1,
@ -1923,13 +1923,14 @@ sub evaluate_expression( $$$ ) {
my $count = 0; my $count = 0;
# $1 $2 $3 - $4 # $1 $2 $3 - $4
while ( $expression =~ m( ^(.*?) \$({)? (\w+) (?(2)}) (.*)$ )x ) { while ( $expression =~ m( ^(.*?) \$({)? (\d+|[a-zA-Z]\w*) (?(2)}) (.*)$ )x ) {
my ( $first, $var, $rest ) = ( $1, $3, $4); my ( $first, $var, $rest ) = ( $1, $3, $4);
$val = ( exists $ENV{$var} ? $ENV{$var} : $val = ( exists $ENV{$var} ? $ENV{$var} :
exists $params{$var} ? $params{$var} : exists $params{$var} ? $params{$var} :
exists $config{$var} ? $config{$var} : exists $config{$var} ? $config{$var} :
exists $renamed{$var} ? $config{$renamed{$var}} : exists $renamed{$var} ? $config{$renamed{$var}} :
exists $actparms{$var} ? ( $var ? $actparms{$var} : $actparms{0}->{name} ) :
exists $capdesc{$var} ? have_capability( $var ) : 0 ); exists $capdesc{$var} ? have_capability( $var ) : 0 );
$val = 0 unless defined $val; $val = 0 unless defined $val;
$val = "'$val'" unless $val =~ /^-?\d+$/; $val = "'$val'" unless $val =~ /^-?\d+$/;
@ -2469,26 +2470,28 @@ sub embedded_perl( $ ) {
# #
# Push/pop action params # Push/pop action params
# #
sub push_action_params( $$ ) { sub push_action_params( $$$$ ) {
my @params = split /,/, $_[1]; my @params = ( undef , split /,/, $_[1] );
my @oldparams = @actparms; my %oldparams = %actparms;
@actparms = (); %actparms = ();
$actparms[0] = $_[0]; for ( my $i = 1; $i < @params; $i++ ) {
my $val = $params[$i];
for ( my $i = 1; $i <= @params; $i++ ) { $actparms{$i} = $val eq '-' ? '' : $val eq '--' ? '-' : $val;
my $val = $params[$i - 1];
$actparms[$i] = $val eq '-' ? '' : $val eq '--' ? '-' : $val;
} }
\@oldparams; $actparms{0} = $_[0];
$actparms{loglevel} = $_[2];
$actparms{logtag} = $_[3];
\%oldparams;
} }
sub pop_action_params( $ ) { sub pop_action_params( $ ) {
my $oldparms = shift; my $oldparms = shift;
@actparms = @$oldparms; %actparms = %$oldparms;
} }
sub default_action_params { sub default_action_params {
@ -2497,11 +2500,11 @@ sub default_action_params {
for ( $i = 1; 1; $i++ ) { for ( $i = 1; 1; $i++ ) {
last unless defined ( $val = shift ); last unless defined ( $val = shift );
my $curval = $actparms[$i]; my $curval = $actparms{$i};
$actparms[$i] = $val unless supplied( $curval ); $actparms{$i} = $val unless supplied( $curval );
} }
fatal_error "Too Many arguments to action $action" if defined $actparms[$i]; fatal_error "Too Many arguments to action $action" if defined $actparms{$i};
} }
sub get_action_params( $ ) { sub get_action_params( $ ) {
@ -2512,7 +2515,7 @@ sub get_action_params( $ ) {
my @return; my @return;
for ( my $i = 1; $i <= $num; $i++ ) { for ( my $i = 1; $i <= $num; $i++ ) {
my $val = $actparms[$i]; my $val = $actparms{$i};
push @return, defined $val ? $val eq '-' ? '' : $val eq '--' ? '-' : $val : $val; push @return, defined $val ? $val eq '-' ? '' : $val eq '--' ? '-' : $val : $val;
} }
@ -2520,18 +2523,18 @@ sub get_action_params( $ ) {
} }
sub get_action_chain() { sub get_action_chain() {
$actparms[0]; $actparms{0};
} }
sub set_action_param( $$ ) { sub set_action_param( $$ ) {
my $i = shift; my $i = shift;
fatal_error "Parameter numbers must be numeric" unless $i =~ /^\d+$/ && $i > 0; fatal_error "Parameter numbers must be numeric" unless $i =~ /^\d+$/ && $i > 0;
$actparms[$i] = shift; $actparms{$i} = shift;
} }
# #
# Expand Shell Variables in the passed buffer using @actparms, %params, %shorewallrc and %config, # Expand Shell Variables in the passed buffer using %actparms, %params, %shorewallrc and %config,
# #
sub expand_variables( \$ ) { sub expand_variables( \$ ) {
my ( $lineref, $count ) = ( $_[0], 0 ); my ( $lineref, $count ) = ( $_[0], 0 );
@ -2543,12 +2546,14 @@ sub expand_variables( \$ ) {
my $val; my $val;
if ( $var =~ /^\d+$/ ) { if ( $var =~ /^\d+$/ ) {
fatal_error "Undefined parameter (\$$var)" if ( ! defined $actparms[$var] ) || ( length( $var ) > 1 && $var =~ /^0/ ); fatal_error "Undefined parameter (\$$var)" if ( ! defined $actparms{$var} ) || ( length( $var ) > 1 && $var =~ /^0/ );
$val = $var ? $actparms[$var] : $actparms[0]->{name}; $val = $var ? $actparms{$var} : $actparms{0}->{name};
} elsif ( exists $params{$var} ) { } elsif ( exists $params{$var} ) {
$val = $params{$var}; $val = $params{$var};
} elsif ( exists $shorewallrc{$var} ) { } elsif ( exists $shorewallrc{$var} ) {
$val = $shorewallrc{$var} $val = $shorewallrc{$var}
} elsif ( exists $actparms{$var} ) {
$val = $actparms{$var};
} else { } else {
fatal_error "Undefined shell variable (\$$var)" unless exists $config{$var}; fatal_error "Undefined shell variable (\$$var)" unless exists $config{$var};
$val = $config{$var}; $val = $config{$var};
@ -2657,7 +2662,7 @@ sub read_a_line($) {
# #
handle_first_entry if $first_entry; handle_first_entry if $first_entry;
# #
# Expand Shell Variables using %params and @actparms # Expand Shell Variables using %params and %actparms
# #
expand_variables( $currentline ) if $options & EXPAND_VARIABLES; expand_variables( $currentline ) if $options & EXPAND_VARIABLES;

View File

@ -579,7 +579,7 @@ sub process_policies()
# #
# Policy Rule application # Policy Rule application
# #
sub process_inline ($$$$$$$$$$$$$$$$$$$); sub process_inline ($$$$$$$$$$$$$$$$$$$$);
sub policy_rules( $$$$$ ) { sub policy_rules( $$$$$ ) {
my ( $chainref , $target, $loglevel, $default, $dropmulticast ) = @_; my ( $chainref , $target, $loglevel, $default, $dropmulticast ) = @_;
@ -598,6 +598,7 @@ sub policy_rules( $$$$$ ) {
# #
process_inline( $inline, #Inline process_inline( $inline, #Inline
$chainref, #Chain $chainref, #Chain
$loglevel, #Log Level and Tag
$default, #Target $default, #Target
$param || '', #Param $param || '', #Param
'-', #Source '-', #Source
@ -971,13 +972,13 @@ sub externalize( $ ) {
# #
# Define an Action # Define an Action
# #
sub new_action( $$$ ) { sub new_action( $$$$ ) {
my ( $action , $type, $noinline ) = @_; my ( $action , $type, $noinline, $nolog ) = @_;
fatal_error "Invalid action name($action)" if reserved_name( $action ); fatal_error "Invalid action name($action)" if reserved_name( $action );
$actions{$action} = { actchain => '' , noinline => $noinline } if $type & ACTION; $actions{$action} = { actchain => '' , noinline => $noinline, nolog => $nolog } if $type & ACTION;
$targets{$action} = $type; $targets{$action} = $type;
} }
@ -1460,7 +1461,7 @@ sub process_actions() {
# #
# Add built-in actions to the target table and create those actions # Add built-in actions to the target table and create those actions
# #
$targets{$_} = new_action( $_ , ACTION + BUILTIN, 1 ) for @builtins; $targets{$_} = new_action( $_ , ACTION + BUILTIN, 1, 0 ) for @builtins;
for my $file ( qw/actions.std actions/ ) { for my $file ( qw/actions.std actions/ ) {
open_file $file; open_file $file;
@ -1470,6 +1471,7 @@ sub process_actions() {
my $type = ACTION; my $type = ACTION;
my $noinline = 0; my $noinline = 0;
my $nolog = 0;
if ( $action =~ /:/ ) { if ( $action =~ /:/ ) {
warning_message 'Default Actions are now specified in /etc/shorewall/shorewall.conf'; warning_message 'Default Actions are now specified in /etc/shorewall/shorewall.conf';
@ -1484,6 +1486,8 @@ sub process_actions() {
$type = INLINE; $type = INLINE;
} elsif ( $_ eq 'noinline' ) { } elsif ( $_ eq 'noinline' ) {
$noinline = 1; $noinline = 1;
} elsif ( $_ eq 'nolog' ) {
$nolog = 1;
} else { } else {
fatal_error "Invalid option ($_)"; fatal_error "Invalid option ($_)";
} }
@ -1507,13 +1511,13 @@ sub process_actions() {
} }
} }
new_action $action, $type, $noinline; new_action $action, $type, $noinline, $nolog;
my $actionfile = find_file( "action.$action" ); my $actionfile = find_file( "action.$action" );
fatal_error "Missing Action File ($actionfile)" unless -f $actionfile; fatal_error "Missing Action File ($actionfile)" unless -f $actionfile;
$inlines{$action} = $actionfile if $type == INLINE; $inlines{$action} = { file => $actionfile, nolog => $nolog } if $type == INLINE;
} }
} }
@ -1543,7 +1547,9 @@ sub process_action( $) {
push_open $actionfile; push_open $actionfile;
my $oldparms = push_action_params( $chainref, $param ); my $oldparms = push_action_params( $chainref, $param, $level, $tag );
my $nolog = $actions{$action}{nolog};
$active{$action}++; $active{$action}++;
push @actionstack, $wholeaction; push @actionstack, $wholeaction;
@ -1582,7 +1588,7 @@ sub process_action( $) {
} }
process_rule1( $chainref, process_rule1( $chainref,
merge_levels( "$action:$level:$tag", $target ), $nolog ? $target : merge_levels( "$action:$level:$tag", $target ),
'', '',
$source, $source,
$dest, $dest,
@ -1764,8 +1770,8 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$) {
# #
# Expand an inline action rule from the rules file # Expand an inline action rule from the rules file
# #
sub process_inline ($$$$$$$$$$$$$$$$$$$) { sub process_inline ($$$$$$$$$$$$$$$$$$$$) {
my ($inline, $chainref, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_; my ($inline, $chainref, $loglevel, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;
my $nocomment = no_comment; my $nocomment = no_comment;
@ -1773,9 +1779,15 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$) {
macro_comment $inline; macro_comment $inline;
my $oldparms = push_action_params( $chainref, $param ); my ( $level, $tag ) = split( ':', $loglevel, 2 );
my $inlinefile = $inlines{$inline}; my $oldparms = push_action_params( $chainref,
$param,
supplied $level ? $level : 'none',
defined $tag ? $tag : '');
my $inlinefile = $inlines{$inline}{file};
my $nolog = $inlines{$inline}{nolog};
progress_message "..Expanding inline action $inlinefile..."; progress_message "..Expanding inline action $inlinefile...";
@ -1815,7 +1827,7 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$) {
next; next;
} }
$mtarget = merge_levels $target, $mtarget; $mtarget = merge_levels( $target, $mtarget ) unless $nolog;
my $action = isolate_basic_target $mtarget; my $action = isolate_basic_target $mtarget;
@ -2277,6 +2289,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
my $generated = process_inline( $basictarget, my $generated = process_inline( $basictarget,
$chainref, $chainref,
$loglevel,
$target, $target,
$current_param, $current_param,
$source, $source,