Transfer permissions during file updates

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-06-16 16:04:32 -07:00
parent e71fb3249a
commit 8c543ca6f8
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
4 changed files with 37 additions and 8 deletions

View File

@ -165,6 +165,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
directive_callback directive_callback
add_ipset add_ipset
all_ipsets all_ipsets
transfer_permissions
$product $product
$Product $Product
@ -5089,6 +5090,19 @@ sub update_default($$) {
$config{$var} = $val unless defined $config{$var}; $config{$var} = $val unless defined $config{$var};
} }
#
# Transfer the permissions from an old .bak file to a newly-created file
#
sub transfer_permissions( $$ ) {
my ( $old, $new ) = @_;
my @stat = stat $old;
if ( @stat ) {
fatal_error "Can't transfer permissions from $old to $new" unless chmod( $stat[2] & 0777, $new );
}
}
sub update_config_file( $ ) { sub update_config_file( $ ) {
my ( $annotate ) = @_; my ( $annotate ) = @_;
@ -5238,6 +5252,7 @@ EOF
if ( system( "diff -q $configfile $configfile.bak > /dev/null" ) ) { if ( system( "diff -q $configfile $configfile.bak > /dev/null" ) ) {
progress_message3 "Configuration file $configfile updated - old file renamed $configfile.bak"; progress_message3 "Configuration file $configfile updated - old file renamed $configfile.bak";
transfer_permissions( "$configfile.bak", $configfile );
} else { } else {
if ( rename "$configfile.bak", $configfile ) { if ( rename "$configfile.bak", $configfile ) {
progress_message3 "No update required to configuration file $configfile; $configfile.bak not saved"; progress_message3 "No update required to configuration file $configfile; $configfile.bak not saved";

View File

@ -200,6 +200,7 @@ sub remove_blacklist( $ ) {
if ( $changed ) { if ( $changed ) {
rename $fn, "$fn.bak" or fatal_error "Unable to rename $fn to $fn.bak: $!"; rename $fn, "$fn.bak" or fatal_error "Unable to rename $fn to $fn.bak: $!";
rename "$fn.new", $fn or fatal_error "Unable to rename $fn.new to $fn: $!"; rename "$fn.new", $fn or fatal_error "Unable to rename $fn.new to $fn: $!";
transfer_permissions( "$fn.bak", $fn );
progress_message2 "\u$file file $fn saved in $fn.bak" progress_message2 "\u$file file $fn saved in $fn.bak"
} }
} }
@ -308,6 +309,7 @@ sub convert_blacklist() {
open $blrules, '>>', $fn1 or fatal_error "Unable to open $fn1: $!"; open $blrules, '>>', $fn1 or fatal_error "Unable to open $fn1: $!";
} else { } else {
open $blrules, '>', $fn1 or fatal_error "Unable to open $fn1: $!"; open $blrules, '>', $fn1 or fatal_error "Unable to open $fn1: $!";
transfer_permissions( $fn, $fn1 );
print $blrules <<'EOF'; print $blrules <<'EOF';
# #
# Shorewall version 5.0 - Blacklist Rules File # Shorewall version 5.0 - Blacklist Rules File
@ -401,6 +403,7 @@ sub convert_routestopped() {
open $stoppedrules, '>>', $fn1 or fatal_error "Unable to open $fn1: $!"; open $stoppedrules, '>>', $fn1 or fatal_error "Unable to open $fn1: $!";
} else { } else {
open $stoppedrules, '>', $fn1 or fatal_error "Unable to open $fn1: $!"; open $stoppedrules, '>', $fn1 or fatal_error "Unable to open $fn1: $!";
transfer_permissions( $fn, $fn1 );
print $stoppedrules <<'EOF'; print $stoppedrules <<'EOF';
# #
# Shorewall version 5 - Stopped Rules File # Shorewall version 5 - Stopped Rules File

View File

@ -369,11 +369,18 @@ sub setup_conntrack($) {
my $conntrack; my $conntrack;
my $empty = 1; my $empty = 1;
my $date = compiletime; my $date = compiletime;
my $fn1 = find_writable_file 'conntrack';
if ( $fn ) { $fn = open_file( 'notrack' , 3, 1 ) || fatal_error "Unable to open the notrack file for conversion: $!";
open $conntrack, '>>', $fn or fatal_error "Unable to open $fn for notrack conversion: $!";
if ( -f $fn1 ) {
open $conntrack, '>>', $fn1 or fatal_error "Unable to open $fn for notrack conversion: $!";
} else { } else {
open $conntrack, '>', $fn = find_file 'conntrack' or fatal_error "Unable to open $fn for notrack conversion: $!"; open $conntrack, '>' , $fn1 or fatal_error "Unable to open $fn for notrack conversion: $!";
#
# Transfer permissions from the existing notrack file
#
transfer_permissions( $fn, $fn1 );
print $conntrack <<'EOF'; print $conntrack <<'EOF';
# #
@ -396,8 +403,6 @@ EOF
"# Rules generated from notrack file $fn by Shorewall $globals{VERSION} - $date\n" , "# Rules generated from notrack file $fn by Shorewall $globals{VERSION} - $date\n" ,
"#\n" ); "#\n" );
$fn = open_file( 'notrack' , 3, 1 ) || fatal_error "Unable to open the notrack file for conversion: $!";
while ( read_a_line( PLAIN_READ ) ) { while ( read_a_line( PLAIN_READ ) ) {
# #
# Don't copy the header comments from the old notrack file # Don't copy the header comments from the old notrack file

View File

@ -2234,13 +2234,19 @@ sub convert_tos($$) {
} }
} }
sub open_mangle_for_output() { sub open_mangle_for_output( $ ) {
my ($fn ) = @_;
my ( $mangle, $fn1 ); my ( $mangle, $fn1 );
if ( -f ( $fn1 = find_writable_file( 'mangle' ) ) ) { if ( -f ( $fn1 = find_writable_file( 'mangle' ) ) ) {
open( $mangle , '>>', $fn1 ) || fatal_error "Unable to open $fn1:$!"; open( $mangle , '>>', $fn1 ) || fatal_error "Unable to open $fn1:$!";
} else { } else {
open( $mangle , '>', $fn1 ) || fatal_error "Unable to open $fn1:$!"; open( $mangle , '>', $fn1 ) || fatal_error "Unable to open $fn1:$!";
#
# Transfer permissions from the existing tcrules file to the new mangle file
#
transfer_permissions( $fn, $fn1 );
print $mangle <<'EOF'; print $mangle <<'EOF';
# #
# Shorewall version 4 - Mangle File # Shorewall version 4 - Mangle File
@ -2326,7 +2332,7 @@ sub setup_tc( $ ) {
# #
# We are going to convert this tcrules file to the equivalent mangle file # We are going to convert this tcrules file to the equivalent mangle file
# #
( $mangle, $fn1 ) = open_mangle_for_output; ( $mangle, $fn1 ) = open_mangle_for_output( $fn );
directive_callback( sub () { print $mangle "$_[1]\n" unless $_[0] eq 'FORMAT'; 0; } ); directive_callback( sub () { print $mangle "$_[1]\n" unless $_[0] eq 'FORMAT'; 0; } );
@ -2376,7 +2382,7 @@ sub setup_tc( $ ) {
# #
# We are going to convert this tosfile to the equivalent mangle file # We are going to convert this tosfile to the equivalent mangle file
# #
( $mangle, $fn1 ) = open_mangle_for_output; ( $mangle, $fn1 ) = open_mangle_for_output( $fn );
convert_tos( $mangle, $fn1 ); convert_tos( $mangle, $fn1 );
close $mangle; close $mangle;
} }