Rewrite safe commands and fix verbosity (broken by last night's changes)

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3367 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-01-24 15:24:20 +00:00
parent 7576eef179
commit d8b620774e
3 changed files with 124 additions and 75 deletions

View File

@ -8429,7 +8429,7 @@ __EOF__
# These variables are required by the library functions called in this script # These variables are required by the library functions called in this script
# #
[ -n \${COMMAND:=restart} ] [ -n \${COMMAND:=restart} ]
VERBOSE=${VERBOSE:=0} VERBOSE=\${VERBOSE:=0}
MODULESDIR="$MODULESDIR" MODULESDIR="$MODULESDIR"
MODULE_SUFFIX="$MODULE_SUFFIX" MODULE_SUFFIX="$MODULE_SUFFIX"
LOGLIMIT="$LOGLIMIT" LOGLIMIT="$LOGLIMIT"
@ -8445,7 +8445,7 @@ __EOF__
cat >> $RESTOREBASE << __EOF__ cat >> $RESTOREBASE << __EOF__
IPTABLES="$IPTABLES" IPTABLES="$IPTABLES"
[ -e "$IPTABLES" ] || startup_error "\$IPTABLES=$IPTABLES does not exist or is not executable" [ -e "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable"
__EOF__ __EOF__
else else
cat >> $RESTOREBASE << __EOF__ cat >> $RESTOREBASE << __EOF__
@ -8733,6 +8733,7 @@ do_initialize() {
SECTION=ESTABLISHED SECTION=ESTABLISHED
SECTIONS= SECTIONS=
ALL_PORTS= ALL_PORTS=
SAVE_VERBOSE=$VERBOSE
FUNCTIONS=$SHARED_DIR/functions FUNCTIONS=$SHARED_DIR/functions
@ -8771,6 +8772,10 @@ do_initialize() {
startup_error "$config does not exist!" startup_error "$config does not exist!"
fi fi
# #
# Restore VERBOSE
#
VERBOSE=${SAVE_VERBOSE:-0}
#
# Restore CONFIG_PATH if the shorewall.conf file cleared it # Restore CONFIG_PATH if the shorewall.conf file cleared it
# #
ensure_config_path ensure_config_path

View File

@ -2,7 +2,7 @@
# Give Usage Information # # Give Usage Information #
################################################################################ ################################################################################
usage() { usage() {
echo "Usage: $0 [ -q ] [ -n ] [ start|stop|clear|reload|restart|status|version ]" echo "Usage: $0 [ -q ] [ -v ] [ -n ] [ start|stop|clear|reload|restart|status|version ]"
exit $1 exit $1
} }
################################################################################ ################################################################################

View File

@ -410,8 +410,6 @@ logwatch() # $1 = timeout -- if negative, prompt each time that
# Save currently running configuration # Save currently running configuration
# #
save_config() { save_config() {
[ "$nolock" ] || mutex_on
if shorewall_is_started ; then if shorewall_is_started ; then
[ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall [ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall
@ -486,7 +484,6 @@ save_config() {
echo "Shorewall isn't started" echo "Shorewall isn't started"
fi fi
[ "$nolock" ] || mutex_off
} }
# #
# Start Command Executor # Start Command Executor
@ -1165,6 +1162,117 @@ dump_command() {
show_classifiers show_classifiers
fi fi
} }
#
# Safe-start/safe-restart Command Executor
#
safe_commands() {
local finished=0
# test is the shell supports timed read
read -t 0 junk 2> /dev/null
if [ $? -eq 2 -a ! -x /bin/bash ];then
echo "Your shell does not support a feature required to execute this command".
exit 2
fi
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
case $option in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
-)
finished=1
option=
;;
q*)
VERBOSE=$(($VERBOSE - 1 ))
option=${option#q}
;;
v*)
VERBOSE=$(($VERBOSE + 1 ))
option=${option#v}
;;
n*)
NOROUTES=Yes
option=${option#n}
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
[ $# -eq 0 ] || usage 2
export VERBOSE
export PROGRAM=Yes
mutex_on
if shorewall_is_started; then
running=Yes
else
running=
fi
if [ "$COMMAND" = "safe-start" -a -n "$running" ]; then
# the command is safe-start but the firewall is already running
error_message "Shorewall is already started"
mutex_off
exit 1
fi
if [ "$COMMAND" = "safe-start" -o -z "$running" ]; then
# the command is safe-start or shorewall is not started yet
command="start"
else
# the command is safe-restart and the firewall is already running
command="restart"
fi
if ! $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging nolock compile /var/lib/shorewall/.$command; then
status=$?
mutex_off
exit $status
fi
RESTOREPATH=/var/lib/shorewall/.safe
save_config
/var/lib/shorewall/.$command $command
echo -n "Do you want to accept the new firewall configuration? [y/n] "
if read_yesno_with_timeout; then
echo "New configuration has been accepted"
else
if [ "$command" = "restart" ]; then
/var/lib/shorewall/.safe
else
/var/lib/shorewall/.$command clear
fi
mutex_off
echo "New configuration has been rejected and the old one restored"
exit 2
fi
mutex_off
[ $? -eq 0 ] && [ -n "$SUBSYSLOCK" ] && touch $SUBSYSLOCK
}
# #
# Restore Comand Executor # Restore Comand Executor
# #
@ -1787,8 +1895,11 @@ case "$COMMAND" in
RESTOREPATH=/var/lib/shorewall/$RESTOREFILE RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
[ "$nolock" ] || mutex_on
save_config save_config
[ "$nolock" ] || mutex_off
;; ;;
forget) forget)
case $# in case $# in
@ -1886,77 +1997,10 @@ case "$COMMAND" in
help $@ help $@
;; ;;
safe-restart|safe-start) safe-restart|safe-start)
# test is the shell supports timed read shift
read -t 0 junk 2> /dev/null
if [ $? -eq 2 -a ! -x /bin/bash ]
then
echo "Your shell does not support a feature required to execute this command".
exit 2
fi
[ $VERBOSE -gt 0 ] && VERBOSE=$(make_verbose) safe_commands $@
mutex_on
if shorewall_is_started
then
running=0
else
running=1
fi
if [ "$1" = "safe-start" -a $running -eq 0 ]
then
# the command is safe-start but the firewall is already running
$0 $debugging nolock $VERBOSE start
ret=$?
mutex_off
exit 0
fi
if [ "$1" = "safe-start" -o $running -ne 0 ]
then
# the command is safe-start or shorewall is not started yet
command="start"
else
# the command is safe-restart and the firewall is already running
command="restart"
fi
if [ "$command" = "restart" ]
then
# save previous configuration
$0 $debugging nolock save "safe-start-restart"
fi
$0 $debugging nolock $VERBOSE $command
echo -n "Do you want to accept the new firewall configuration? [y/n] "
read_yesno_with_timeout
if [ $? -eq 0 ]
then
echo "New configuration has been accepted"
if [ "$command" = "restart" ]
then
# removed previous configuration
rm /var/lib/shorewall/safe-start-restart
fi
else
if [ "$command" = "restart" ]
then
$0 $debugging nolock restore "safe-start-restart"
rm /var/lib/shorewall/safe-start-restart
else
$0 $debugging nolock clear
fi
mutex_off
echo "New configuration has been rejected and the old one restored"
exit 2
fi
mutex_off
[ $? -eq 0 ] && [ -n "$SUBSYSLOCK" ] && touch $SUBSYSLOCK
;; ;;
*) *)
usage 1 usage 1