holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

First phase of get_configuration() breakup

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6608 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-19 23:14:15 +00:00
parent 2bb6fe5f91
commit 35a791585c
1 changed files with 34 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
Shorewall-perl/Shorewall/Config.pm
View File

@ -915,16 +915,9 @@ sub ensure_config_path() {
} }
# #
# - Read the shorewall.conf file # Small functions called by get_configuration. We separate them so profiling is more useful
# - Read the capabilities file, if any
# - establish global hashes %config , %globals and %capabilities
# #
sub get_configuration( $ ) { sub process_shorewall_conf() {
my $export = $_[0];
ensure_config_path;
my $file = find_file 'shorewall.conf'; my $file = find_file 'shorewall.conf';
if ( -f $file ) { if ( -f $file ) {
@ -950,17 +943,14 @@ sub get_configuration( $ ) {
} else { } else {
fatal_error "$file does not exist!"; fatal_error "$file does not exist!";
} }
}
ensure_config_path; sub get_capabilities( $ ) {
my $export = $_[0];
default 'PATH' , '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin';
default 'MODULE_PREFIX', 'o gz ko o.gz ko.gz';
if ( ! $export && $> == 0 ) { # $> == $EUID if ( ! $export && $> == 0 ) { # $> == $EUID
unless ( $config{IPTABLES} ) { unless ( $config{IPTABLES} ) {
$config{IPTABLES} = mywhich 'iptables'; fatal_error "Can't find iptables executable" unless $config{IPTABLES} = mywhich 'iptables';
fatal_error "Can't find iptables executable" unless $config{IPTABLES};
} else { } else {
fatal_error "\$IPTABLES=$config{IPTABLES} does not exist or is not executable" unless -x $config{IPTABLES}; fatal_error "\$IPTABLES=$config{IPTABLES} does not exist or is not executable" unless -x $config{IPTABLES};
} }
@ -971,7 +961,10 @@ sub get_configuration( $ ) {
determine_capabilities; determine_capabilities;
} }
} else { } else {
open_file 'capabilities' or fatal_error "The -e flag requires a capabilities file"; unless ( open_file 'capabilities' ) {
fatal_error "The -e flag requires a capabilities file" if $export;
fatal_error "Compiling under non-root uid requires a capabilities file";
}
} }
# #
@ -997,6 +990,28 @@ sub get_configuration( $ ) {
} else { } else {
warning_message "Your capabilities file may not contain all of the capabilities defined by Shorewall version $globals{VERSION}"; warning_message "Your capabilities file may not contain all of the capabilities defined by Shorewall version $globals{VERSION}";
} }
}
#
# - Read the shorewall.conf file
# - Read the capabilities file, if any
# - establish global hashes %config , %globals and %capabilities
#
sub get_configuration( $ ) {
my $export = $_[0];
ensure_config_path;
process_shorewall_conf;
ensure_config_path;
default 'PATH' , '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin';
default 'MODULE_PREFIX', 'o gz ko o.gz ko.gz';
get_capabilities( $export );
$globals{ORIGINAL_POLICY_MATCH} = $capabilities{POLICY_MATCH}; $globals{ORIGINAL_POLICY_MATCH} = $capabilities{POLICY_MATCH};
@ -1120,7 +1135,7 @@ sub get_configuration( $ ) {
$val = "\L$config{TC_ENABLED}"; $val = "\L$config{TC_ENABLED}";
if ( $val eq 'yes' ) { if ( $val eq 'yes' ) {
$file = find_file 'tcstart'; my $file = find_file 'tcstart';
fatal_error "Unable to find tcstart file" unless -f $file; fatal_error "Unable to find tcstart file" unless -f $file;
$globals{TC_SCRIPT} = $file; $globals{TC_SCRIPT} = $file;
} elsif ( $val ne 'internal' ) { } elsif ( $val ne 'internal' ) {