mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-11 16:18:13 +01:00
Use supplied() where appropriate
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
774aac1228
commit
9ab901927f
@ -205,7 +205,7 @@ sub process_accounting_rule( ) {
|
||||
require_capability 'ACCOUNT_TARGET' , 'ACCOUNT Rules' , '';
|
||||
my ( $table, $net, $rest ) = split/,/, $1;
|
||||
fatal_error "Invalid Network Address (${net},${rest})" if defined $rest;
|
||||
fatal_error "Missing Table Name" unless defined $table && $table ne '';;
|
||||
fatal_error "Missing Table Name" unless supplied $table;
|
||||
fatal_error "Invalid Table Name ($table)" unless $table =~ /^([-\w.]+)$/;
|
||||
fatal_error "Missing Network Address" unless defined $net;
|
||||
fatal_error "Invalid Network Address ($net)" unless defined $net && $net =~ '/(\d+)$';
|
||||
|
@ -2499,7 +2499,7 @@ sub verify_small_mark( $ ) {
|
||||
|
||||
sub validate_mark( $ ) {
|
||||
my $mark = shift;
|
||||
fatal_error "Missing MARK" unless defined $mark && $mark ne '';
|
||||
fatal_error "Missing MARK" unless supplied $mark;
|
||||
|
||||
if ( $mark =~ '/' ) {
|
||||
my @marks = split '/', $mark;
|
||||
@ -2669,17 +2669,17 @@ sub do_user( $ ) {
|
||||
return '' unless defined $user and $user ne '-';
|
||||
|
||||
if ( $user =~ /^(!)?(.*)\+(.*)$/ ) {
|
||||
$rule .= "! --cmd-owner $2 " if defined $2 && $2 ne '';
|
||||
$rule .= "! --cmd-owner $2 " if supplied $2;
|
||||
$user = "!$1";
|
||||
} elsif ( $user =~ /^(.*)\+(.*)$/ ) {
|
||||
$rule .= "--cmd-owner $2 " if defined $2 && $2 ne '';
|
||||
$rule .= "--cmd-owner $2 " if supplied $2;
|
||||
$user = $1;
|
||||
}
|
||||
|
||||
if ( $user =~ /^(!)?(.*):(.*)$/ ) {
|
||||
my $invert = $1 ? '! ' : '';
|
||||
my $group = defined $3 ? $3 : '';
|
||||
if ( defined $2 && $2 ne '' ) {
|
||||
if ( supplied $2 ) {
|
||||
$user = $2;
|
||||
fatal_error "Unknown user ($user)" unless $user =~ /^\d+$/ || $globals{EXPORT} || defined getpwnam( $user );
|
||||
$rule .= "${invert}--uid-owner $user ";
|
||||
|
@ -1827,7 +1827,7 @@ sub default_action_params {
|
||||
for ( my $i = 1; 1; $i++ ) {
|
||||
last unless defined ( $val = shift );
|
||||
my $curval = $actparms{$i};
|
||||
$actparms{$i} =$val eq '-' ? '' : $val eq '--' ? '-' : $val unless defined $curval && $curval ne '';
|
||||
$actparms{$i} =$val eq '-' ? '' : $val eq '--' ? '-' : $val unless supplied( $curval );
|
||||
}
|
||||
}
|
||||
|
||||
@ -1997,7 +1997,7 @@ sub read_a_line1() {
|
||||
sub default ( $$ ) {
|
||||
my ( $var, $val ) = @_;
|
||||
|
||||
$config{$var} = $val unless defined $config{$var} && $config{$var} ne '';
|
||||
$config{$var} = $val unless supplied( $config{$var} );
|
||||
}
|
||||
|
||||
#
|
||||
@ -2008,7 +2008,7 @@ sub default_yes_no ( $$ ) {
|
||||
|
||||
my $curval = $config{$var};
|
||||
|
||||
if ( defined $curval && $curval ne '' ) {
|
||||
if ( supplied $curval ) {
|
||||
$curval = lc $curval;
|
||||
|
||||
if ( $curval eq 'no' ) {
|
||||
@ -2034,7 +2034,7 @@ sub numeric_option( $$$ ) {
|
||||
|
||||
my $val = $default;
|
||||
|
||||
if ( defined $value && $value ne '' ) {
|
||||
if ( supplied $value ) {
|
||||
$val = numeric_value $value;
|
||||
fatal_error "Invalid value ($value) for '$option'" unless defined $val && $val <= 32;
|
||||
}
|
||||
@ -2061,7 +2061,7 @@ sub validate_level( $ ) {
|
||||
my $rawlevel = $_[0];
|
||||
my $level = uc $rawlevel;
|
||||
|
||||
if ( defined $level && $level ne '' ) {
|
||||
if ( supplied ( $level ) ) {
|
||||
$level =~ s/!$//;
|
||||
my $value = $validlevels{$level};
|
||||
|
||||
@ -2084,7 +2084,7 @@ sub validate_level( $ ) {
|
||||
level_error( $level ) if @options > 3;
|
||||
|
||||
for ( @options ) {
|
||||
if ( defined $_ and $_ ne '' ) {
|
||||
if ( supplied( $_ ) ) {
|
||||
level_error( $level ) unless /^\d+/;
|
||||
$olevel .= " --${prefix}-$suffixes[$index] $_";
|
||||
}
|
||||
@ -2121,7 +2121,7 @@ sub default_log_level( $$ ) {
|
||||
|
||||
my $value = $config{$level};
|
||||
|
||||
unless ( defined $value && $value ne '' ) {
|
||||
unless ( supplied $value ) {
|
||||
$config{$level} = $default;
|
||||
} else {
|
||||
$config{$level} = validate_level $value;
|
||||
@ -3699,7 +3699,7 @@ sub generate_aux_config() {
|
||||
|
||||
my $value = $config{$option};
|
||||
|
||||
emit "[ -n \"\${$option:=$value}\" ]" if defined $value && $value ne '';
|
||||
emit "[ -n \"\${$option:=$value}\" ]" if supplied $value;
|
||||
}
|
||||
|
||||
sub conditionally_add_option1( $ ) {
|
||||
|
@ -192,7 +192,7 @@ sub setup_ecn()
|
||||
sub add_rule_pair( $$$$ ) {
|
||||
my ($chainref , $predicate , $target , $level ) = @_;
|
||||
|
||||
log_rule( $level, $chainref, "\U$target", $predicate ) if defined $level && $level ne '';
|
||||
log_rule( $level, $chainref, "\U$target", $predicate ) if supplied $level;
|
||||
add_jump( $chainref , $target, 0, $predicate );
|
||||
}
|
||||
|
||||
@ -215,7 +215,7 @@ sub setup_blacklist() {
|
||||
$chainref = dont_delete new_standard_chain 'blacklst' if @$zones;
|
||||
$chainref1 = dont_delete new_standard_chain 'blackout' if @$zones1;
|
||||
|
||||
if ( defined $level && $level ne '' ) {
|
||||
if ( supplied $level ) {
|
||||
my $logchainref = new_standard_chain 'blacklog';
|
||||
|
||||
$target =~ s/A_//;
|
||||
@ -589,7 +589,7 @@ sub add_common_rules() {
|
||||
|
||||
my $smurfdest = $config{SMURF_DISPOSITION};
|
||||
|
||||
if ( defined $config{SMURF_LOG_LEVEL} && $config{SMURF_LOG_LEVEL} ne '' ) {
|
||||
if ( supplied $config{SMURF_LOG_LEVEL} ) {
|
||||
my $smurfref = new_chain( 'filter', 'smurflog' );
|
||||
|
||||
log_rule_limit( $config{SMURF_LOG_LEVEL},
|
||||
@ -922,7 +922,7 @@ sub setup_mac_lists( $ ) {
|
||||
for my $address ( split ',', $addresses ) {
|
||||
my $source = match_source_net $address;
|
||||
log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , "${mac}${source}"
|
||||
if defined $level && $level ne '';
|
||||
if supplied $level;
|
||||
|
||||
if ( $audit && $disposition ne 'ACCEPT' ) {
|
||||
if ( $config{FAKE_AUDIT} ) {
|
||||
@ -936,7 +936,7 @@ sub setup_mac_lists( $ ) {
|
||||
}
|
||||
} else {
|
||||
log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , $mac
|
||||
if defined $level && $level ne '';
|
||||
if supplied $level;
|
||||
|
||||
if ( $audit && $disposition ne 'ACCEPT' ) {
|
||||
if ( $config{FAKE_AUDIT} ) {
|
||||
|
@ -384,7 +384,7 @@ sub setup_nat() {
|
||||
$digit = defined $digit ? ":$digit" : '';
|
||||
|
||||
for my $interface ( split_list $interfacelist , 'interface' ) {
|
||||
fatal_error "Invalid Interface List ($interfacelist)" unless defined $interface && $interface ne '';
|
||||
fatal_error "Invalid Interface List ($interfacelist)" unless supplied $interface;
|
||||
do_one_nat $external, "${interface}${digit}", $internal, $allints, $localnat;
|
||||
}
|
||||
|
||||
|
@ -332,7 +332,7 @@ sub process_a_policy() {
|
||||
if ( "\L$default" eq 'none' ) {
|
||||
$default = 'none';
|
||||
} elsif ( $actions{$def} ) {
|
||||
$default = defined $param && $param ne '' ? normalize_action( $def, 'none', $param ) : normalize_action_name $default;
|
||||
$default = supplied $param ? normalize_action( $def, 'none', $param ) : normalize_action_name $default;
|
||||
use_policy_action( $default );
|
||||
} else {
|
||||
fatal_error "Unknown Default Action ($default)";
|
||||
@ -385,7 +385,7 @@ sub process_a_policy() {
|
||||
push @policy_chains, ( $chainref ) unless $config{EXPAND_POLICIES} && ( $clientwild || $serverwild );
|
||||
}
|
||||
|
||||
$chainref->{loglevel} = validate_level( $loglevel ) if defined $loglevel && $loglevel ne '';
|
||||
$chainref->{loglevel} = validate_level( $loglevel ) if supplied $loglevel;
|
||||
|
||||
if ( $synparams ne '' || $connlimit ne '' ) {
|
||||
my $value = '';
|
||||
@ -477,7 +477,7 @@ sub process_policies()
|
||||
if ( "\L$action" eq 'none' ) {
|
||||
$action = 'none';
|
||||
} elsif ( $actions{$act} ) {
|
||||
$action = defined $param && $param ne '' ? normalize_action( $act, 'none', $param ) : normalize_action_name $action;
|
||||
$action = supplied $param ? normalize_action( $act, 'none', $param ) : normalize_action_name $action;
|
||||
use_policy_action( $action );
|
||||
} elsif ( $targets{$act} ) {
|
||||
fatal_error "Invalid setting ($action) for $option";
|
||||
@ -837,7 +837,7 @@ sub normalize_action( $$$ ) {
|
||||
|
||||
( $level, my $tag ) = split ':', $level;
|
||||
|
||||
$level = 'none' unless defined $level && $level ne '';
|
||||
$level = 'none' unless supplied $level;
|
||||
$tag = '' unless defined $tag;
|
||||
$param = '' unless defined $param;
|
||||
|
||||
@ -1102,7 +1102,7 @@ sub merge_macro_source_dest( $$ ) {
|
||||
sub merge_macro_column( $$ ) {
|
||||
my ( $body, $invocation ) = @_;
|
||||
|
||||
if ( defined $invocation && $invocation ne '' && $invocation ne '-' ) {
|
||||
if ( supplied( $invocation ) && $invocation ne '-' ) {
|
||||
$invocation;
|
||||
} else {
|
||||
$body;
|
||||
@ -1192,7 +1192,7 @@ sub ensure_audit_chain( $;$$ ) {
|
||||
sub require_audit($$;$) {
|
||||
my ($action, $audit, $tgt ) = @_;
|
||||
|
||||
return $action unless defined $audit and $audit ne '';
|
||||
return $action unless supplied $audit;
|
||||
|
||||
my $target = 'A_' . $action;
|
||||
|
||||
@ -1295,7 +1295,7 @@ sub rejNotSyn ( $$$$ ) {
|
||||
|
||||
my $target = 'REJECT --reject-with tcp-reset';
|
||||
|
||||
if ( defined $audit && $audit ne '' ) {
|
||||
if ( supplied $audit ) {
|
||||
$target = require_audit( 'REJECT' , $audit );
|
||||
}
|
||||
|
||||
@ -1822,7 +1822,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ ) {
|
||||
REJECT => sub { $action = 'reject'; } ,
|
||||
CONTINUE => sub { $action = 'RETURN'; } ,
|
||||
COUNT => sub { $action = ''; } ,
|
||||
LOG => sub { fatal_error 'LOG requires a log level' unless defined $loglevel and $loglevel ne ''; } ,
|
||||
LOG => sub { fatal_error 'LOG requires a log level' unless supplied $loglevel; } ,
|
||||
);
|
||||
|
||||
my $function = $functions{ $bt };
|
||||
|
@ -328,13 +328,13 @@ sub process_tc_rule( ) {
|
||||
fatal_error "Invalid IPMARK parameter ($sd)" unless ( $sd eq 'src' || $sd eq 'dst' );
|
||||
$srcdst = $sd;
|
||||
|
||||
if ( defined $m1 && $m1 ne '' ) {
|
||||
if ( supplied $m1 ) {
|
||||
$val = numeric_value ($m1);
|
||||
fatal_error "Invalid Mask ($m1)" unless defined $val && $val && $val <= 0xffffffff;
|
||||
$mask1 = in_hex ( $val & 0xffffffff );
|
||||
}
|
||||
|
||||
if ( defined $m2 && $m2 ne '' ) {
|
||||
if ( supplied $m2 ) {
|
||||
$val = numeric_value ($m2);
|
||||
fatal_error "Invalid Mask ($m2)" unless defined $val && $val <= 0xffffffff;
|
||||
$mask2 = in_hex ( $val & 0xffffffff );
|
||||
@ -375,7 +375,7 @@ sub process_tc_rule( ) {
|
||||
|
||||
$target .= "--on-port $port";
|
||||
|
||||
if ( defined $ip && $ip ne '' ) {
|
||||
if ( supplied $ip ) {
|
||||
validate_address $ip, 1;
|
||||
$target .= " --on-ip $ip";
|
||||
}
|
||||
@ -510,7 +510,7 @@ sub process_simple_device() {
|
||||
if ( $in_bandwidth =~ /:/ ) {
|
||||
my ( $in_band, $burst ) = split /:/, $in_bandwidth, 2;
|
||||
|
||||
if ( defined $burst && $burst ne '' ) {
|
||||
if ( supplied $burst ) {
|
||||
fatal_error "Invalid IN-BANDWIDTH" if $burst =~ /:/;
|
||||
fatal_error "Invalid burst ($burst)" unless $burst =~ /^\d+(k|kb|m|mb|mbit|kbit|b)?$/;
|
||||
$in_burst = $burst;
|
||||
@ -544,14 +544,14 @@ sub process_simple_device() {
|
||||
|
||||
my $command = "run_tc qdisc add dev $physical root handle $number: tbf rate ${out_bandwidth}kbit";
|
||||
|
||||
if ( defined $burst && $burst ne '' ) {
|
||||
if ( supplied $burst ) {
|
||||
fatal_error "Invalid burst ($burst)" unless $burst =~ /^\d+(?:\.\d+)?(k|kb|m|mb|mbit|kbit|b)?$/;
|
||||
$command .= " burst $burst";
|
||||
} else {
|
||||
$command .= ' burst 10kb';
|
||||
}
|
||||
|
||||
if ( defined $latency && $latency ne '' ) {
|
||||
if ( supplied $latency ) {
|
||||
fatal_error "Invalid latency ($latency)" unless $latency =~ /^\d+(?:\.\d+)?(s|sec|secs|ms|msec|msecs|us|usec|usecs)?$/;
|
||||
$command .= " latency $latency";
|
||||
} else {
|
||||
@ -560,12 +560,12 @@ sub process_simple_device() {
|
||||
|
||||
$command .= ' mpu 64'; #Assume Ethernet
|
||||
|
||||
if ( defined $peak && $peak ne '' ) {
|
||||
if ( supplied $peak ) {
|
||||
fatal_error "Invalid peak ($peak)" unless $peak =~ /^\d+(?:\.\d+)?(k|kb|m|mb|mbit|kbit|b)?$/;
|
||||
$command .= " peakrate $peak";
|
||||
}
|
||||
|
||||
if ( defined $minburst && $minburst ne '' ) {
|
||||
if ( supplied $minburst ) {
|
||||
fatal_error "Invalid minburst ($minburst)" unless $minburst =~ /^\d+(?:\.\d+)?(k|kb|m|mb|mbit|kbit|b)?$/;
|
||||
$command .= " minburst $minburst";
|
||||
}
|
||||
@ -679,7 +679,7 @@ sub validate_tc_device( ) {
|
||||
if ( $inband =~ /:/ ) {
|
||||
my ( $in_band, $burst ) = split /:/, $inband, 2;
|
||||
|
||||
if ( defined $burst && $burst ne '' ) {
|
||||
if ( supplied $burst ) {
|
||||
fatal_error "Invalid IN-BANDWIDTH" if $burst =~ /:/;
|
||||
fatal_error "Invalid burst ($burst)" unless $burst =~ /^\d+(k|kb|m|mb|mbit|kbit|b)?$/;
|
||||
$in_burst = $burst;
|
||||
|
@ -141,10 +141,10 @@ sub setup_tunnels() {
|
||||
|
||||
fatal_error "Invalid port ($p:$remainder)" if defined $remainder;
|
||||
|
||||
if ( defined $p && $p ne '' ) {
|
||||
if ( supplied $p ) {
|
||||
$port = $p;
|
||||
$protocol = $proto;
|
||||
} elsif ( defined $proto && $proto ne '' ) {
|
||||
} elsif ( supplied $proto ) {
|
||||
if ( "\L$proto" =~ /udp|tcp/ ) {
|
||||
$protocol = $proto;
|
||||
} else {
|
||||
@ -166,10 +166,10 @@ sub setup_tunnels() {
|
||||
|
||||
fatal_error "Invalid port ($p:$remainder)" if defined $remainder;
|
||||
|
||||
if ( defined $p && $p ne '' ) {
|
||||
if ( supplied $p ) {
|
||||
$port = $p;
|
||||
$protocol = $proto;
|
||||
} elsif ( defined $proto && $proto ne '' ) {
|
||||
} elsif ( supplied $proto ) {
|
||||
if ( "\L$proto" =~ /udp|tcp/ ) {
|
||||
$protocol = $proto;
|
||||
} else {
|
||||
@ -191,10 +191,10 @@ sub setup_tunnels() {
|
||||
|
||||
fatal_error "Invalid port ($p:$remainder)" if defined $remainder;
|
||||
|
||||
if ( defined $p && $p ne '' ) {
|
||||
if ( supplied $p ) {
|
||||
$port = $p;
|
||||
$protocol = $proto;
|
||||
} elsif ( defined $proto && $proto ne '' ) {
|
||||
} elsif ( supplied $proto ) {
|
||||
if ( "\L$proto" =~ /udp|tcp/ ) {
|
||||
$protocol = $proto;
|
||||
} else {
|
||||
|
@ -692,7 +692,7 @@ sub add_group_to_zone($$$$$)
|
||||
|
||||
$interfaceref->{nets}++;
|
||||
|
||||
fatal_error "Invalid Host List" unless defined $host and $host ne '';
|
||||
fatal_error "Invalid Host List" unless supplied $host;
|
||||
|
||||
if ( substr( $host, 0, 1 ) eq '!' ) {
|
||||
fatal_error "Only one exclusion allowed in a host list" if $switched;
|
||||
@ -887,7 +887,7 @@ sub process_interface( $$ ) {
|
||||
|
||||
fatal_error "Invalid INTERFACE ($originalinterface)" if ! $interface || defined $extra;
|
||||
|
||||
if ( defined $port && $port ne '' ) {
|
||||
if ( supplied $port ) {
|
||||
fatal_error qq("Virtual" interfaces are not supported -- see http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html) if $port =~ /^\d+$/;
|
||||
require_capability( 'PHYSDEV_MATCH', 'Bridge Ports', '');
|
||||
fatal_error "Your iptables is not recent enough to support bridge ports" unless have_capability( 'KLUDGEFREE' );
|
||||
|
Loading…
Reference in New Issue
Block a user