Replace death sequences with calls to fatal_error()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-02-16 07:32:47 -08:00
parent 430c69b8db
commit bb5b6e42d6
2 changed files with 67 additions and 104 deletions

View File

@ -3,7 +3,7 @@
# #
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 1999-2012 - Tom Eastep (teastep@shorewall.net) # (c) 1999-2013 - Tom Eastep (teastep@shorewall.net)
# #
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #
@ -277,8 +277,7 @@ logwatch() # $1 = timeout -- if negative, prompt each time that
elif [ -r $LOGFILE ]; then elif [ -r $LOGFILE ]; then
g_logread="tac $LOGFILE" g_logread="tac $LOGFILE"
else else
echo "LOGFILE ($LOGFILE) does not exist!" >&2 fatal_error "LOGFILE ($LOGFILE) does not exist!"
exit 2
fi fi
fi fi
@ -472,7 +471,10 @@ save_config() {
;; ;;
*) *)
validate_restorefile RESTOREFILE validate_restorefile RESTOREFILE
do_save && rm -f ${VARDIR}/save if do_save; then
rm -f ${VARDIR}/save
result=0
fi
;; ;;
esac esac
fi fi
@ -480,7 +482,7 @@ save_config() {
echo "$g_product isn't started" >&2 echo "$g_product isn't started" >&2
fi fi
return 0 return $result
} }
@ -914,8 +916,7 @@ show_command() {
elif [ -r $LOGFILE ]; then elif [ -r $LOGFILE ]; then
g_logread="tac $LOGFILE" g_logread="tac $LOGFILE"
else else
echo "LOGFILE ($LOGFILE) does not exist!" >&2 fatal_error "LOGFILE ($LOGFILE) does not exist!"
exit 2
fi fi
fi fi
@ -969,8 +970,7 @@ show_command() {
done < ${VARDIR}/zones done < ${VARDIR}/zones
echo echo
else else
echo " ERROR: ${VARDIR}/zones does not exist" >&2 fatal_error "${VARDIR}/zones does not exist"
exit 1
fi fi
;; ;;
capabilities) capabilities)
@ -1276,8 +1276,7 @@ do_dump_command() {
elif [ -r $LOGFILE ]; then elif [ -r $LOGFILE ]; then
g_logread="tac $LOGFILE" g_logread="tac $LOGFILE"
else else
echo "LOGFILE ($LOGFILE) does not exist! - See http://www.shorewall.net/shorewall_logging.html" >&2 fatal_error "LOGFILE ($LOGFILE) does not exist! - See http://www.shorewall.net/shorewall_logging.html"
exit 2
fi fi
fi fi
@ -1720,8 +1719,7 @@ separate_list() {
add_command() { add_command() {
local interface host hostlist zone ipset local interface host hostlist zone ipset
if ! product_is_started ; then if ! product_is_started ; then
echo "$g_product Not Started" >&2 fatal_error "$g_product Not Started"
exit 2
fi fi
determine_ipset_version determine_ipset_version
@ -1809,8 +1807,7 @@ add_command() {
delete_command() { delete_command() {
local interface host hostent hostlist zone ipset local interface host hostent hostlist zone ipset
if ! product_is_started ; then if ! product_is_started ; then
echo "$g_product Not Started" >&2 fatal_error "$g_product Not Started"
exit 2;
fi fi
determine_ipset_version determine_ipset_version
@ -1995,8 +1992,7 @@ allow_command() {
range='--src-range' range='--src-range'
if ! chain_exists dynamic; then if ! chain_exists dynamic; then
echo "Dynamic blacklisting is not enabled in the current $g_product configuration" >&2 fatal_error "Dynamic blacklisting is not enabled in the current $g_product configuration"
exit 2
fi fi
[ -n "$g_nolock" ] || mutex_on [ -n "$g_nolock" ] || mutex_on
@ -2118,8 +2114,7 @@ determine_capabilities() {
g_tool=$(mywhich $tool) g_tool=$(mywhich $tool)
if [ -z "$g_tool" ]; then if [ -z "$g_tool" ]; then
echo " ERROR: No executable $tool binary can be found on your PATH" >&2 fatal-error "No executable $tool binary can be found on your PATH"
exit 1
fi fi
fi fi
@ -2239,8 +2234,7 @@ determine_capabilities() {
qt $g_tool -F $chain qt $g_tool -F $chain
qt $g_tool -X $chain qt $g_tool -X $chain
if ! $g_tool -N $chain; then if ! $g_tool -N $chain; then
echo " ERROR: The command \"$g_tool -N $chain\" failed" >&2 fatal_error "The command \"$g_tool -N $chain\" failed"
exit 1
fi fi
chain1=${chain}1 chain1=${chain}1
@ -2249,16 +2243,14 @@ determine_capabilities() {
qt $g_tool -X $chain1 qt $g_tool -X $chain1
if ! $g_tool -N $chain1; then if ! $g_tool -N $chain1; then
qt $g_tool -X $CHAIN qt $g_tool -X $CHAIN
echo " ERROR: The command \"$g_tool -N $chain1\" failed" >&2 fatal_error "The command \"$g_tool -N $chain1\" failed"
exit 1
fi fi
if ! qt $g_tool -A $chain -m state --state ESTABLISHED,RELATED -j ACCEPT && if ! qt $g_tool -A $chain -m state --state ESTABLISHED,RELATED -j ACCEPT &&
! qt $g_tool -A $chain -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT; then ! qt $g_tool -A $chain -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT; then
qt $g_tool -x $chain qt $g_tool -x $chain
qt $g_tool -x $chain1 qt $g_tool -x $chain1
echo " ERROR: Your kernel lacks connection tracking and/or state matching -- $g_product will not run on this system" >&2 fatal_error "Your kernel lacks connection tracking and/or state matching -- $g_product will not run on this system"
exit 1
fi fi
if [ $g_family -eq 4 ]; then if [ $g_family -eq 4 ]; then
@ -2896,7 +2888,7 @@ ipcalc_command() {
valid_address $address || fatal_error "Invalid IP address: $address" valid_address $address || fatal_error "Invalid IP address: $address"
[ -z "$vlsm" ] && usage 2 [ -z "$vlsm" ] && usage 2
[ "x$address" = "x$vlsm" ] && usage 2 [ "x$address" = "x$vlsm" ] && usage 2
[ $vlsm -gt 32 ] && echo "Invalid VLSM: /$vlsm" >&2 && exit 2 [ $vlsm -gt 32 ] && fatal_error "Invalid VLSM: /$vlsm"
address=$address/$vlsm address=$address/$vlsm
@ -2978,12 +2970,10 @@ get_config() {
if [ -r $config ]; then if [ -r $config ]; then
. $config . $config
else else
echo "Cannot read $config! (Hint: Are you root?)" >&2 fatal_error "Cannot read $config! (Hint: Are you root?)"
exit 1
fi fi
else else
echo "$config does not exist!" >&2 fatal_error "$config does not exist!"
exit 2
fi fi
ensure_config_path ensure_config_path
@ -2999,8 +2989,7 @@ get_config() {
elif [ -r $LOGFILE ]; then elif [ -r $LOGFILE ]; then
g_logread="tac $LOGFILE" g_logread="tac $LOGFILE"
else else
echo "LOGFILE ($LOGFILE) does not exist!" >&2 fatal_error "LOGFILE ($LOGFILE) does not exist!"
exit 2
fi fi
# #
# See if we have a real version of "tail" -- use separate redirection so # See if we have a real version of "tail" -- use separate redirection so
@ -3017,14 +3006,12 @@ get_config() {
if [ $g_family -eq 4 ]; then if [ $g_family -eq 4 ]; then
if [ -n "$IPTABLES" ]; then if [ -n "$IPTABLES" ]; then
if [ ! -x "$IPTABLES" ]; then if [ ! -x "$IPTABLES" ]; then
echo " ERROR: The program specified in IPTABLES does not exist or is not executable" >&2 fatal_error "The program specified in IPTABLES does not exist or is not executable"
exit 2
fi fi
else else
IPTABLES=$(mywhich iptables 2> /dev/null) IPTABLES=$(mywhich iptables 2> /dev/null)
if [ -z "$IPTABLES" ] ; then if [ -z "$IPTABLES" ] ; then
echo " ERROR: Can't find iptables executable" >&2 fatal_error "Can't find iptables executable"
exit 2
fi fi
fi fi
@ -3032,14 +3019,12 @@ get_config() {
else else
if [ -n "$IP6TABLES" ]; then if [ -n "$IP6TABLES" ]; then
if [ ! -x "$IP6TABLES" ]; then if [ ! -x "$IP6TABLES" ]; then
echo " ERROR: The program specified in IP6TABLES does not exist or is not executable" >&2 fatal_error "The program specified in IP6TABLES does not exist or is not executable"
exit 2
fi fi
else else
IP6TABLES=$(mywhich ip6tables 2> /dev/null) IP6TABLES=$(mywhich ip6tables 2> /dev/null)
if [ -z "$IP6TABLES" ] ; then if [ -z "$IP6TABLES" ] ; then
echo " ERROR: Can't find ip6tables executable" >&2 fatal_error "Can't find ip6tables executable"
exit 2
fi fi
fi fi
@ -3071,23 +3056,20 @@ get_config() {
IP=$(mywhich ip 2> /dev/null) IP=$(mywhich ip 2> /dev/null)
if [ -z "$IP" ] ; then if [ -z "$IP" ] ; then
echo " ERROR: Can't find ip executable" >&2 fatal_error "Can't find ip executable"
exit 2
fi fi
if [ -n "$IPSET" ]; then if [ -n "$IPSET" ]; then
case "$IPSET" in case "$IPSET" in
*/*) */*)
if [ ! -x "$IPSET" ] ; then if [ ! -x "$IPSET" ] ; then
echo " ERROR: The program specified in IPSET ($IPSET) does not exist or is not executable" >&2 fatal_error "The program specified in IPSET ($IPSET) does not exist or is not executable"
exit 2
fi fi
;; ;;
*) *)
prog="$(mywhich $IPSET 2> /dev/null)" prog="$(mywhich $IPSET 2> /dev/null)"
if [ -z "$prog" ] ; then if [ -z "$prog" ] ; then
echo " ERROR: Can't find $IPSET executable" >&2 fatal_error "Can't find $IPSET executable"
exit 2
fi fi
IPSET=$prog IPSET=$prog
;; ;;
@ -3390,9 +3372,9 @@ shorewall_cli() {
if [ ! -d $2 ]; then if [ ! -d $2 ]; then
if [ -e $2 ]; then if [ -e $2 ]; then
echo "$2 is not a directory" >&2 && exit 2 fatal_error "$2 is not a directory"
else else
echo "Directory $2 does not exist" >&2 && exit 2 fatal_error "Directory $2 does not exist"
fi fi
fi fi

View File

@ -3,7 +3,7 @@
# #
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 1999-2012 - Tom Eastep (teastep@shorewall.net) # (c) 1999-2013 - Tom Eastep (teastep@shorewall.net)
# #
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #
@ -76,8 +76,7 @@ get_config() {
elif [ -r $LOGFILE ]; then elif [ -r $LOGFILE ]; then
g_logread="tac $LOGFILE" g_logread="tac $LOGFILE"
else else
echo "LOGFILE ($LOGFILE) does not exist!" >&2 fatal_error "LOGFILE ($LOGFILE) does not exist!"
exit 2
fi fi
fi fi
fi fi
@ -85,14 +84,12 @@ get_config() {
if [ $g_family -eq 4 ]; then if [ $g_family -eq 4 ]; then
if [ -n "$IPTABLES" ]; then if [ -n "$IPTABLES" ]; then
if [ ! -x "$IPTABLES" ]; then if [ ! -x "$IPTABLES" ]; then
echo " ERROR: The program specified in IPTABLES does not exist or is not executable" >&2 fatal_error "The program specified in IPTABLES does not exist or is not executable"
exit 2
fi fi
else else
IPTABLES=$(mywhich iptables 2> /dev/null) IPTABLES=$(mywhich iptables 2> /dev/null)
if [ -z "$IPTABLES" ] ; then if [ -z "$IPTABLES" ] ; then
echo " ERROR: Can't find iptables executable" >&2 fatal_error "Can't find iptables executable"
exit 2
fi fi
fi fi
@ -100,14 +97,12 @@ get_config() {
else else
if [ -n "$IP6TABLES" ]; then if [ -n "$IP6TABLES" ]; then
if [ ! -x "$IP6TABLES" ]; then if [ ! -x "$IP6TABLES" ]; then
echo " ERROR: The program specified in IP6TABLES does not exist or is not executable" >&2 fatal_error "The program specified in IP6TABLES does not exist or is not executable"
exit 2
fi fi
else else
IP6TABLES=$(mywhich ip6tables 2> /dev/null) IP6TABLES=$(mywhich ip6tables 2> /dev/null)
if [ -z "$IP6TABLES" ] ; then if [ -z "$IP6TABLES" ] ; then
echo " ERROR: Can't find ip6tables executable" >&2 fatal_error "Can't find ip6tables executable"
exit 2
fi fi
fi fi
@ -118,15 +113,13 @@ get_config() {
case "$IP" in case "$IP" in
*/*) */*)
if [ ! -x "$IP" ] ; then if [ ! -x "$IP" ] ; then
echo " ERROR: The program specified in IP ($IP) does not exist or is not executable" >&2 fatal_error "The program specified in IP ($IP) does not exist or is not executable"
exit 2
fi fi
;; ;;
*) *)
prog="$(mywhich $IP 2> /dev/null)" prog="$(mywhich $IP 2> /dev/null)"
if [ -z "$prog" ] ; then if [ -z "$prog" ] ; then
echo " ERROR: Can't find $IP executable" >&2 fatal_error "Can't find $IP executable"
exit 2
fi fi
IP=$prog IP=$prog
;; ;;
@ -139,8 +132,7 @@ get_config() {
case "$IPSET" in case "$IPSET" in
*/*) */*)
if [ ! -x "$IPSET" ] ; then if [ ! -x "$IPSET" ] ; then
echo " ERROR: The program specified in IPSET ($IPSET) does not exist or is not executable" >&2 fatal_error "The program specified in IPSET ($IPSET) does not exist or is not executable"
exit 2
fi fi
;; ;;
ipset) ipset)
@ -152,8 +144,7 @@ get_config() {
*) *)
prog="$(mywhich $IPSET 2> /dev/null)" prog="$(mywhich $IPSET 2> /dev/null)"
if [ -z "$prog" ] ; then if [ -z "$prog" ] ; then
echo " ERROR: Can't find $IPSET executable" >&2 fatal_error "Can't find $IPSET executable"
exit 2
fi fi
IPSET=$prog IPSET=$prog
;; ;;
@ -166,15 +157,13 @@ get_config() {
case "$TC" in case "$TC" in
*/*) */*)
if [ ! -x "$TC" ] ; then if [ ! -x "$TC" ] ; then
echo " ERROR: The program specified in TC ($TC) does not exist or is not executable" >&2 fatal_error "The program specified in TC ($TC) does not exist or is not executable"
exit 2
fi fi
;; ;;
*) *)
prog="$(mywhich $TC 2> /dev/null)" prog="$(mywhich $TC 2> /dev/null)"
if [ -z "$prog" ] ; then if [ -z "$prog" ] ; then
echo " ERROR: Can't find $TC executable" >&2 fatal_error "Can't find $TC executable"
exit 2
fi fi
TC=$prog TC=$prog
;; ;;
@ -192,14 +181,13 @@ get_config() {
if [ "$2" = Yes ]; then if [ "$2" = Yes ]; then
case $STARTUP_ENABLED in case $STARTUP_ENABLED in
No|no|NO) No|no|NO)
echo " ERROR: $g_product startup is disabled. To enable startup, set STARTUP_ENABLED=Yes in ${g_confdir}/${g_program}.conf" >&2 fatal_error "$g_product startup is disabled. To enable startup, set STARTUP_ENABLED=Yes in ${g_confdir}/${g_program}.conf"
exit 2
;; ;;
Yes|yes|YES) Yes|yes|YES)
;; ;;
*) *)
if [ -n "$STARTUP_ENABLED" ]; then if [ -n "$STARTUP_ENABLED" ]; then
echo " ERROR: Invalid Value for STARTUP_ENABLED: $STARTUP_ENABLED" >&2 fatal_error "Invalid Value for STARTUP_ENABLED: $STARTUP_ENABLED"
exit 2 exit 2
fi fi
;; ;;
@ -213,8 +201,7 @@ get_config() {
echo " WARNING: SHOREWALL_COMPILER=shell ignored. Shorewall-shell support has been removed in this release" >&2 echo " WARNING: SHOREWALL_COMPILER=shell ignored. Shorewall-shell support has been removed in this release" >&2
;; ;;
*) *)
echo " ERROR: Invalid value ($SHOREWALL_COMPILER) for SHOREWALL_COMPILER" >&2 fatal_error "Invalid value ($SHOREWALL_COMPILER) for SHOREWALL_COMPILER"
exit 2
;; ;;
esac esac
@ -236,8 +223,7 @@ get_config() {
0|1|2) 0|1|2)
;; ;;
*) *)
echo " ERROR: Invalid LOG_VERBOSITY ($LOG_VERBOSITY)" >&2 fatal_error "Invalid LOG_VERBOSITY ($LOG_VERBOSITY)"
exit 2;
;; ;;
esac esac
else else
@ -264,8 +250,7 @@ get_config() {
;; ;;
*) *)
if [ -n "$VERBOSITY" ]; then if [ -n "$VERBOSITY" ]; then
echo " ERROR: Invalid VERBOSITY setting ($VERBOSITY)" >&2 fatal_error "Invalid VERBOSITY setting ($VERBOSITY)"
exit 2
else else
VERBOSITY=2 VERBOSITY=2
fi fi
@ -293,8 +278,7 @@ get_config() {
;; ;;
*) *)
if [ -n "$MANGLE_ENABLED" ]; then if [ -n "$MANGLE_ENABLED" ]; then
echo " ERROR: Invalid MANGLE_ENABLED setting ($MANGLE_ENABLED)" >&2 fatal_error "Invalid MANGLE_ENABLED setting ($MANGLE_ENABLED)"
exit 2
fi fi
;; ;;
esac esac
@ -307,8 +291,7 @@ get_config() {
;; ;;
*) *)
if [ -n "$AUTOMAKE" ]; then if [ -n "$AUTOMAKE" ]; then
echo " ERROR: Invalid AUTOMAKE setting ($AUTOMAKE)" >&2 fatal_error "Invalid AUTOMAKE setting ($AUTOMAKE)"
exit 1
fi fi
;; ;;
esac esac
@ -321,8 +304,7 @@ get_config() {
;; ;;
*) *)
if [ -n "$LOAD_HELPERS_ONLY" ]; then if [ -n "$LOAD_HELPERS_ONLY" ]; then
echo " ERROR: Invalid LOAD_HELPERS_ONLY setting ($LOAD_HELPERS_ONLY)" >&2 fatal_error "Invalid LOAD_HELPERS_ONLY setting ($LOAD_HELPERS_ONLY)"
exit 1
fi fi
;; ;;
esac esac
@ -335,8 +317,7 @@ get_config() {
;; ;;
*) *)
if [ -n "$LEGACY_FASTSTART" ]; then if [ -n "$LEGACY_FASTSTART" ]; then
echo " ERROR: Invalid LEGACY_FASTSTART setting ($LEGACY_FASTSTART)" >&2 fatal_error "Invalid LEGACY_FASTSTART setting ($LEGACY_FASTSTART)"
exit 1
fi fi
LEGACY_FASTSTART=Yes LEGACY_FASTSTART=Yes
@ -563,9 +544,9 @@ start_command() {
if [ ! -d $1 ]; then if [ ! -d $1 ]; then
if [ -e $1 ]; then if [ -e $1 ]; then
echo "$1 is not a directory" >&2 && exit 2 fatal_error "$1 is not a directory"
else else
echo "Directory $1 does not exist" >&2 && exit 2 fatal_error "Directory $1 does not exist"
fi fi
fi fi
@ -676,16 +657,16 @@ compile_command() {
;; ;;
1) 1)
file=$1 file=$1
[ -d $file ] && echo " ERROR: $file is a directory" >&2 && exit 2; [ -d $file ] && fatal_error "$file is a directory"
;; ;;
2) 2)
[ -n "$g_shorewalldir" -a -z "$g_export" ] && usage 2 [ -n "$g_shorewalldir" -a -z "$g_export" ] && usage 2
if [ ! -d $1 ]; then if [ ! -d $1 ]; then
if [ -e $1 ]; then if [ -e $1 ]; then
echo "$1 is not a directory" >&2 && exit 2 fatal_error "$1 is not a directory"
else else
echo "Directory $1 does not exist" >&2 && exit 2 fatal_error "Directory $1 does not exist"
fi fi
fi fi
@ -763,9 +744,9 @@ check_command() {
if [ ! -d $1 ]; then if [ ! -d $1 ]; then
if [ -e $1 ]; then if [ -e $1 ]; then
echo "$1 is not a directory" >&2 && exit 2 fatal_error "$1 is not a directory"
else else
echo "Directory $1 does not exist" >&2 && exit 2 fatal_error "Directory $1 does not exist"
fi fi
fi fi
@ -855,9 +836,9 @@ update_command() {
if [ ! -d $1 ]; then if [ ! -d $1 ]; then
if [ -e $1 ]; then if [ -e $1 ]; then
echo "$1 is not a directory" >&2 && exit 2 fatal_error "$1 is not a directory"
else else
echo "Directory $1 does not exist" >&2 && exit 2 fatal_error "Directory $1 does not exist"
fi fi
fi fi
@ -941,9 +922,9 @@ restart_command() {
if [ ! -d $1 ]; then if [ ! -d $1 ]; then
if [ -e $1 ]; then if [ -e $1 ]; then
echo "$1 is not a directory" >&2 && exit 2 fatal_error "$1 is not a directory"
else else
echo "Directory $1 does not exist" >&2 && exit 2 fatal_error "Directory $1 does not exist"
fi fi
fi fi
@ -1023,7 +1004,7 @@ refresh_command() {
option= option=
shift shift
else else
fatal_error "ERROR: the -D option requires a directory name" fatal_error "The -D option requires a directory name"
fi fi
;; ;;
*) *)
@ -1131,9 +1112,9 @@ safe_commands() {
if [ ! -d $1 ]; then if [ ! -d $1 ]; then
if [ -e $1 ]; then if [ -e $1 ]; then
echo "$1 is not a directory" >&2 && exit 2 fatal_error "$1 is not a directory"
else else
echo "Directory $1 does not exist" >&2 && exit 2 fatal_error "Directory $1 does not exist"
fi fi
fi fi
@ -1228,9 +1209,9 @@ try_command() {
if [ ! -d $1 ]; then if [ ! -d $1 ]; then
if [ -e $1 ]; then if [ -e $1 ]; then
echo "$1 is not a directory" >&2 && exit 2 fatal_error "$1 is not a directory"
else else
echo "Directory $1 does not exist" >&2 && exit 2 fatal_error "Directory $1 does not exist"
fi fi
fi fi