mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-22 10:41:23 +02:00
Transfer permissions during file updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
e71fb3249a
commit
8c543ca6f8
@ -165,6 +165,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
|
|||||||
directive_callback
|
directive_callback
|
||||||
add_ipset
|
add_ipset
|
||||||
all_ipsets
|
all_ipsets
|
||||||
|
transfer_permissions
|
||||||
|
|
||||||
$product
|
$product
|
||||||
$Product
|
$Product
|
||||||
@ -5089,6 +5090,19 @@ sub update_default($$) {
|
|||||||
$config{$var} = $val unless defined $config{$var};
|
$config{$var} = $val unless defined $config{$var};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Transfer the permissions from an old .bak file to a newly-created file
|
||||||
|
#
|
||||||
|
sub transfer_permissions( $$ ) {
|
||||||
|
my ( $old, $new ) = @_;
|
||||||
|
|
||||||
|
my @stat = stat $old;
|
||||||
|
|
||||||
|
if ( @stat ) {
|
||||||
|
fatal_error "Can't transfer permissions from $old to $new" unless chmod( $stat[2] & 0777, $new );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
sub update_config_file( $ ) {
|
sub update_config_file( $ ) {
|
||||||
my ( $annotate ) = @_;
|
my ( $annotate ) = @_;
|
||||||
|
|
||||||
@ -5238,6 +5252,7 @@ EOF
|
|||||||
|
|
||||||
if ( system( "diff -q $configfile $configfile.bak > /dev/null" ) ) {
|
if ( system( "diff -q $configfile $configfile.bak > /dev/null" ) ) {
|
||||||
progress_message3 "Configuration file $configfile updated - old file renamed $configfile.bak";
|
progress_message3 "Configuration file $configfile updated - old file renamed $configfile.bak";
|
||||||
|
transfer_permissions( "$configfile.bak", $configfile );
|
||||||
} else {
|
} else {
|
||||||
if ( rename "$configfile.bak", $configfile ) {
|
if ( rename "$configfile.bak", $configfile ) {
|
||||||
progress_message3 "No update required to configuration file $configfile; $configfile.bak not saved";
|
progress_message3 "No update required to configuration file $configfile; $configfile.bak not saved";
|
||||||
|
@ -200,6 +200,7 @@ sub remove_blacklist( $ ) {
|
|||||||
if ( $changed ) {
|
if ( $changed ) {
|
||||||
rename $fn, "$fn.bak" or fatal_error "Unable to rename $fn to $fn.bak: $!";
|
rename $fn, "$fn.bak" or fatal_error "Unable to rename $fn to $fn.bak: $!";
|
||||||
rename "$fn.new", $fn or fatal_error "Unable to rename $fn.new to $fn: $!";
|
rename "$fn.new", $fn or fatal_error "Unable to rename $fn.new to $fn: $!";
|
||||||
|
transfer_permissions( "$fn.bak", $fn );
|
||||||
progress_message2 "\u$file file $fn saved in $fn.bak"
|
progress_message2 "\u$file file $fn saved in $fn.bak"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -308,6 +309,7 @@ sub convert_blacklist() {
|
|||||||
open $blrules, '>>', $fn1 or fatal_error "Unable to open $fn1: $!";
|
open $blrules, '>>', $fn1 or fatal_error "Unable to open $fn1: $!";
|
||||||
} else {
|
} else {
|
||||||
open $blrules, '>', $fn1 or fatal_error "Unable to open $fn1: $!";
|
open $blrules, '>', $fn1 or fatal_error "Unable to open $fn1: $!";
|
||||||
|
transfer_permissions( $fn, $fn1 );
|
||||||
print $blrules <<'EOF';
|
print $blrules <<'EOF';
|
||||||
#
|
#
|
||||||
# Shorewall version 5.0 - Blacklist Rules File
|
# Shorewall version 5.0 - Blacklist Rules File
|
||||||
@ -401,6 +403,7 @@ sub convert_routestopped() {
|
|||||||
open $stoppedrules, '>>', $fn1 or fatal_error "Unable to open $fn1: $!";
|
open $stoppedrules, '>>', $fn1 or fatal_error "Unable to open $fn1: $!";
|
||||||
} else {
|
} else {
|
||||||
open $stoppedrules, '>', $fn1 or fatal_error "Unable to open $fn1: $!";
|
open $stoppedrules, '>', $fn1 or fatal_error "Unable to open $fn1: $!";
|
||||||
|
transfer_permissions( $fn, $fn1 );
|
||||||
print $stoppedrules <<'EOF';
|
print $stoppedrules <<'EOF';
|
||||||
#
|
#
|
||||||
# Shorewall version 5 - Stopped Rules File
|
# Shorewall version 5 - Stopped Rules File
|
||||||
|
@ -369,11 +369,18 @@ sub setup_conntrack($) {
|
|||||||
my $conntrack;
|
my $conntrack;
|
||||||
my $empty = 1;
|
my $empty = 1;
|
||||||
my $date = compiletime;
|
my $date = compiletime;
|
||||||
|
my $fn1 = find_writable_file 'conntrack';
|
||||||
|
|
||||||
if ( $fn ) {
|
$fn = open_file( 'notrack' , 3, 1 ) || fatal_error "Unable to open the notrack file for conversion: $!";
|
||||||
open $conntrack, '>>', $fn or fatal_error "Unable to open $fn for notrack conversion: $!";
|
|
||||||
|
if ( -f $fn1 ) {
|
||||||
|
open $conntrack, '>>', $fn1 or fatal_error "Unable to open $fn for notrack conversion: $!";
|
||||||
} else {
|
} else {
|
||||||
open $conntrack, '>', $fn = find_file 'conntrack' or fatal_error "Unable to open $fn for notrack conversion: $!";
|
open $conntrack, '>' , $fn1 or fatal_error "Unable to open $fn for notrack conversion: $!";
|
||||||
|
#
|
||||||
|
# Transfer permissions from the existing notrack file
|
||||||
|
#
|
||||||
|
transfer_permissions( $fn, $fn1 );
|
||||||
|
|
||||||
print $conntrack <<'EOF';
|
print $conntrack <<'EOF';
|
||||||
#
|
#
|
||||||
@ -396,8 +403,6 @@ EOF
|
|||||||
"# Rules generated from notrack file $fn by Shorewall $globals{VERSION} - $date\n" ,
|
"# Rules generated from notrack file $fn by Shorewall $globals{VERSION} - $date\n" ,
|
||||||
"#\n" );
|
"#\n" );
|
||||||
|
|
||||||
$fn = open_file( 'notrack' , 3, 1 ) || fatal_error "Unable to open the notrack file for conversion: $!";
|
|
||||||
|
|
||||||
while ( read_a_line( PLAIN_READ ) ) {
|
while ( read_a_line( PLAIN_READ ) ) {
|
||||||
#
|
#
|
||||||
# Don't copy the header comments from the old notrack file
|
# Don't copy the header comments from the old notrack file
|
||||||
|
@ -2234,13 +2234,19 @@ sub convert_tos($$) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sub open_mangle_for_output() {
|
sub open_mangle_for_output( $ ) {
|
||||||
|
my ($fn ) = @_;
|
||||||
my ( $mangle, $fn1 );
|
my ( $mangle, $fn1 );
|
||||||
|
|
||||||
if ( -f ( $fn1 = find_writable_file( 'mangle' ) ) ) {
|
if ( -f ( $fn1 = find_writable_file( 'mangle' ) ) ) {
|
||||||
open( $mangle , '>>', $fn1 ) || fatal_error "Unable to open $fn1:$!";
|
open( $mangle , '>>', $fn1 ) || fatal_error "Unable to open $fn1:$!";
|
||||||
} else {
|
} else {
|
||||||
open( $mangle , '>', $fn1 ) || fatal_error "Unable to open $fn1:$!";
|
open( $mangle , '>', $fn1 ) || fatal_error "Unable to open $fn1:$!";
|
||||||
|
#
|
||||||
|
# Transfer permissions from the existing tcrules file to the new mangle file
|
||||||
|
#
|
||||||
|
transfer_permissions( $fn, $fn1 );
|
||||||
|
|
||||||
print $mangle <<'EOF';
|
print $mangle <<'EOF';
|
||||||
#
|
#
|
||||||
# Shorewall version 4 - Mangle File
|
# Shorewall version 4 - Mangle File
|
||||||
@ -2326,7 +2332,7 @@ sub setup_tc( $ ) {
|
|||||||
#
|
#
|
||||||
# We are going to convert this tcrules file to the equivalent mangle file
|
# We are going to convert this tcrules file to the equivalent mangle file
|
||||||
#
|
#
|
||||||
( $mangle, $fn1 ) = open_mangle_for_output;
|
( $mangle, $fn1 ) = open_mangle_for_output( $fn );
|
||||||
|
|
||||||
directive_callback( sub () { print $mangle "$_[1]\n" unless $_[0] eq 'FORMAT'; 0; } );
|
directive_callback( sub () { print $mangle "$_[1]\n" unless $_[0] eq 'FORMAT'; 0; } );
|
||||||
|
|
||||||
@ -2376,7 +2382,7 @@ sub setup_tc( $ ) {
|
|||||||
#
|
#
|
||||||
# We are going to convert this tosfile to the equivalent mangle file
|
# We are going to convert this tosfile to the equivalent mangle file
|
||||||
#
|
#
|
||||||
( $mangle, $fn1 ) = open_mangle_for_output;
|
( $mangle, $fn1 ) = open_mangle_for_output( $fn );
|
||||||
convert_tos( $mangle, $fn1 );
|
convert_tos( $mangle, $fn1 );
|
||||||
close $mangle;
|
close $mangle;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user