extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-04 20:48:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add a compiler frontend for use with Shorewall-perl; avoid need for frontend to export CONFIG_PATH

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5815 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-04-03 01:20:56 +00:00
parent 16c67b3472
commit 7bfed5dd6e
2 changed files with 200 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
New/Shorewall/Config.pm
View File

@ -228,19 +228,6 @@ my $currentfile;
my $currentfilename; my $currentfilename;
my $currentlinenumber = 0; my $currentlinenumber = 0;
INIT {
#
# The shell 'compiler' program has already read shorewall.conf before starting us so the
# value of CONFIG_PATH is correct. We can thus use it here and ignore it's setting in
# shorewall.conf when we re-process that file in get_configuration().
#
@config_path = split /:/, $ENV{CONFIG_PATH};
for ( @config_path ) {
$_ .= '/' unless m|//$|;
}
}
# #
# Issue a Warning Message # Issue a Warning Message
# #
@ -645,6 +632,45 @@ sub require_capability( $$ ) {
unless $capabilities{$capability}; unless $capabilities{$capability};
} }
#
# Set default config path
#
sub ensure_config_path( $ ) {
my $export = $_[0];
my $f = "$globals{SHAREDIR}/configpath";
$ENV{CONFDIR} = $export ? '/usr/share/shorewall/configfiles/' : '/etc/shorewall/';
unless ( $config{CONFIG_PATH} ) {
fatal_error "$f does not exist" unless -f $f;
open $currentfile , '<', $f or fatal_error "Cannot open $f";
while ( read_a_line ) {
if ( $line =~ /^\s*([a-zA-Z]\w*)=(.*?)\s*$/ ) {
my ($var, $val) = ($1, $2);
$config{$var} = ( $val =~ /\"([^\"]*)\"$/ ? $1 : $val ) if exists $config{$var};
} else {
fatal_error "Unrecognized entry";
}
}
fatal_error "CONFIG_PATH not found in $f" unless $config{CONFIG_PATH};
}
@config_path = split /:/, $config{CONFIG_PATH};
for ( @config_path ) {
$_ .= '/' unless m|//$|;
}
if ( my $sd = $ENV{SHOREWALL_DIR} ) {
$sd .= '/' unless $sd =~ m|//$|;
unshift @config_path, $sd if $sd ne $config_path[0];
}
}
# #
# - Read the shorewall.conf file # - Read the shorewall.conf file
# - Read the capabilities file created by the compiler front-end # - Read the capabilities file created by the compiler front-end
@ -654,6 +680,8 @@ sub get_configuration( $ ) {
my $export = $_[0]; my $export = $_[0];
ensure_config_path( $export );
my $file = find_file 'shorewall.conf'; my $file = find_file 'shorewall.conf';
if ( -f $file ) { if ( -f $file ) {
@ -664,13 +692,13 @@ sub get_configuration( $ ) {
if ( $line =~ /^\s*([a-zA-Z]\w*)=(.*?)\s*$/ ) { if ( $line =~ /^\s*([a-zA-Z]\w*)=(.*?)\s*$/ ) {
my ($var, $val) = ($1, $2); my ($var, $val) = ($1, $2);
unless ( exists $config{$var} ) { unless ( exists $config{$var} ) {
warning_message "Unknown configuration option \"$var\" ignored"; warning_message "Unknown configuration option ($var) ignored";
next; next;
} }
$config{$var} = ( $val =~ /\"([^\"]*)\"$/ ? $1 : $val ); $config{$var} = ( $val =~ /\"([^\"]*)\"$/ ? $1 : $val );
} else { } else {
fatal_error "Unrecognized entry in $file: $line"; fatal_error "Unrecognized entry";
} }
} }
} else { } else {
@ -680,7 +708,7 @@ sub get_configuration( $ ) {
fatal_error "$file does not exist!"; fatal_error "$file does not exist!";
} }
$globals{ORIGINAL_POLICY_MATCH} = $capabilities{POLICY_MATCH}; ensure_config_path( $export );
default 'MODULE_PREFIX', 'o gz ko o.gz ko.gz'; default 'MODULE_PREFIX', 'o gz ko o.gz ko.gz';
@ -701,6 +729,8 @@ sub get_configuration( $ ) {
fatal_error "The -e flag requires a capabilities file" unless open_file 'capabilities'; fatal_error "The -e flag requires a capabilities file" unless open_file 'capabilities';
} }
$globals{ORIGINAL_POLICY_MATCH} = $capabilities{POLICY_MATCH};
# #
# If we successfully called open_file above, then this loop will read the capabilities file. # If we successfully called open_file above, then this loop will read the capabilities file.
# Otherwise, the first call to read_a_line() below will return false # Otherwise, the first call to read_a_line() below will return false
@ -879,7 +909,6 @@ sub get_configuration( $ ) {
$globals{LOGFORMAT}='Shorewall:%s:%s:'; $globals{LOGFORMAT}='Shorewall:%s:%s:';
$globals{MAXZONENAMELENGTH} = 5; $globals{MAXZONENAMELENGTH} = 5;
} }
} }
sub propagateconfig() { sub propagateconfig() {

154
New/compiler Executable file
View File

@ -0,0 +1,154 @@
#!/bin/sh
#
# The Shoreline Firewall (Shorewall) Wrapper for the Compiler - V3.9
#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
# (c) 2007 - Tom Eastep (teastep@shorewall.net)
#
# Complete documentation is available at http://shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
#
# If an error occurs while starting or restarting the firewall, the
# firewall is automatically stopped.
#
# Commands are:
#
# compile check Verify the configuration files.
# compile compile <path name> Compile into <path name>
#
# Environmental Variables:
#
# EXPORT=Yes -e option specified to /sbin/shorewall
# SHOREWALL_DIR A directory name was passed to /sbin/shorewall
# VERBOSE Standard Shorewall verbosity control.
#
# Fatal error -- stops the compiler after issuing the error message
#
fatal_error() # $* = Error Message
{
echo " ERROR: $@" >&2
exit 2
}
#
# Initialize this program
#
do_initialize() {
# Run all utility programs using the C locale
#
# Thanks to Vincent Planchenault for this tip #
export LC_ALL=C
# Make sure umask is sane
umask 077
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
ensure_config_path
VERSION_FILE=$SHAREDIR/version
[ -f $VERSION_FILE ] && VERSION=$(cat $VERSION_FILE)
[ -d /usr/share/shorewall-perl ] && set -a;
run_user_exit params
set +a
}
#
# Give Usage Information
#
usage() {
echo "Usage: $0 [debug] check|compile <filename>}"
exit 1
}
#
# E X E C U T I O N B E G I N S H E R E
#
#
# Start trace if first arg is "debug"
#
debug='-w'
[ $# -gt 1 ] && [ "$1" = "debug" ] && { set -x ; shift ; }
if [ "$PROFILE" ]; then
debug='-wd:DProf'
elif [ "$DEBUG" ]; then
debug='-wd'
fi
NOLOCK=
[ $# -gt 1 ] && [ "$1" = "nolock" ] && { NOLOCK=Yes; shift ; }
trap "exit 2" 1 2 3 4 5 6 9
SHAREDIR=/usr/share/shorewall
VARDIR=/var/lib/shorewall
[ -z "$EXPORT" ] && CONFDIR=/etc/shorewall || CONFDIR=${SHAREDIR}/configfiles
[ -n "${VERBOSE:=2}" ]
FUNCTIONS=${SHAREDIR}/lib.base
if [ -f $FUNCTIONS ]; then
[ $VERBOSE -ge 2 ] && echo "Loading $FUNCTIONS..."
. $FUNCTIONS
else
fatal_error "Installation Error: $FUNCTIONS does not exist!"
fi
PROGRAM=compiler
COMMAND="$1"
case "$COMMAND" in
check)
[ $# -ne 1 ] && usage
do_initialize
exec perl $debug /usr/share/shorewall-perl/compiler.pl
;;
compile)
[ $# -ne 2 ] && usage
do_initialize
exec perl $debug /usr/share/shorewall-perl/compiler.pl $2
;;
call)
#
# Undocumented way to call functions in ${SHAREDIR}/compiler directly
#
shift
do_initialize
EMPTY=
$@
;;
*)
usage
;;
esac