forked from extern/shorewall_code
Add $logaction and $logtag as variables usable within actions
- Also make action variables usable in ?if and ?elsif expressions. Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
fc3606a489
commit
72aabef0fa
@ -472,7 +472,7 @@ my %compiler_params;
|
||||
#
|
||||
# Action parameters
|
||||
#
|
||||
my @actparms;
|
||||
my %actparms;
|
||||
|
||||
our $currentline; # Current config file line image
|
||||
my $currentfile; # File handle reference
|
||||
@ -901,7 +901,7 @@ sub initialize( $;$$) {
|
||||
|
||||
%compiler_params = ();
|
||||
|
||||
@actparms = ();
|
||||
%actparms = ( );
|
||||
|
||||
%helpers_enabled = (
|
||||
amanda => 1,
|
||||
@ -1922,15 +1922,16 @@ sub evaluate_expression( $$$ ) {
|
||||
my $val;
|
||||
my $count = 0;
|
||||
|
||||
# $1 $2 $3 - $4
|
||||
while ( $expression =~ m( ^(.*?) \$({)? (\w+) (?(2)}) (.*)$ )x ) {
|
||||
# $1 $2 $3 - $4
|
||||
while ( $expression =~ m( ^(.*?) \$({)? (\d+|[a-zA-Z]\w*) (?(2)}) (.*)$ )x ) {
|
||||
my ( $first, $var, $rest ) = ( $1, $3, $4);
|
||||
|
||||
$val = ( exists $ENV{$var} ? $ENV{$var} :
|
||||
exists $params{$var} ? $params{$var} :
|
||||
exists $config{$var} ? $config{$var} :
|
||||
exists $renamed{$var} ? $config{$renamed{$var}} :
|
||||
exists $capdesc{$var} ? have_capability( $var ) : 0 );
|
||||
$val = ( exists $ENV{$var} ? $ENV{$var} :
|
||||
exists $params{$var} ? $params{$var} :
|
||||
exists $config{$var} ? $config{$var} :
|
||||
exists $renamed{$var} ? $config{$renamed{$var}} :
|
||||
exists $actparms{$var} ? ( $var ? $actparms{$var} : $actparms{0}->{name} ) :
|
||||
exists $capdesc{$var} ? have_capability( $var ) : 0 );
|
||||
$val = 0 unless defined $val;
|
||||
$val = "'$val'" unless $val =~ /^-?\d+$/;
|
||||
$expression = join( '', $first, $val || 0, $rest );
|
||||
@ -2469,26 +2470,28 @@ sub embedded_perl( $ ) {
|
||||
#
|
||||
# Push/pop action params
|
||||
#
|
||||
sub push_action_params( $$ ) {
|
||||
my @params = split /,/, $_[1];
|
||||
my @oldparams = @actparms;
|
||||
sub push_action_params( $$$$ ) {
|
||||
my @params = ( undef , split /,/, $_[1] );
|
||||
my %oldparams = %actparms;
|
||||
|
||||
@actparms = ();
|
||||
%actparms = ();
|
||||
|
||||
$actparms[0] = $_[0];
|
||||
for ( my $i = 1; $i < @params; $i++ ) {
|
||||
my $val = $params[$i];
|
||||
|
||||
for ( my $i = 1; $i <= @params; $i++ ) {
|
||||
my $val = $params[$i - 1];
|
||||
|
||||
$actparms[$i] = $val eq '-' ? '' : $val eq '--' ? '-' : $val;
|
||||
$actparms{$i} = $val eq '-' ? '' : $val eq '--' ? '-' : $val;
|
||||
}
|
||||
|
||||
\@oldparams;
|
||||
$actparms{0} = $_[0];
|
||||
$actparms{loglevel} = $_[2];
|
||||
$actparms{logtag} = $_[3];
|
||||
|
||||
\%oldparams;
|
||||
}
|
||||
|
||||
sub pop_action_params( $ ) {
|
||||
my $oldparms = shift;
|
||||
@actparms = @$oldparms;
|
||||
%actparms = %$oldparms;
|
||||
}
|
||||
|
||||
sub default_action_params {
|
||||
@ -2497,11 +2500,11 @@ sub default_action_params {
|
||||
|
||||
for ( $i = 1; 1; $i++ ) {
|
||||
last unless defined ( $val = shift );
|
||||
my $curval = $actparms[$i];
|
||||
$actparms[$i] = $val unless supplied( $curval );
|
||||
my $curval = $actparms{$i};
|
||||
$actparms{$i} = $val unless supplied( $curval );
|
||||
}
|
||||
|
||||
fatal_error "Too Many arguments to action $action" if defined $actparms[$i];
|
||||
fatal_error "Too Many arguments to action $action" if defined $actparms{$i};
|
||||
}
|
||||
|
||||
sub get_action_params( $ ) {
|
||||
@ -2512,7 +2515,7 @@ sub get_action_params( $ ) {
|
||||
my @return;
|
||||
|
||||
for ( my $i = 1; $i <= $num; $i++ ) {
|
||||
my $val = $actparms[$i];
|
||||
my $val = $actparms{$i};
|
||||
push @return, defined $val ? $val eq '-' ? '' : $val eq '--' ? '-' : $val : $val;
|
||||
}
|
||||
|
||||
@ -2520,18 +2523,18 @@ sub get_action_params( $ ) {
|
||||
}
|
||||
|
||||
sub get_action_chain() {
|
||||
$actparms[0];
|
||||
$actparms{0};
|
||||
}
|
||||
|
||||
sub set_action_param( $$ ) {
|
||||
my $i = shift;
|
||||
|
||||
fatal_error "Parameter numbers must be numeric" unless $i =~ /^\d+$/ && $i > 0;
|
||||
$actparms[$i] = shift;
|
||||
$actparms{$i} = shift;
|
||||
}
|
||||
|
||||
#
|
||||
# Expand Shell Variables in the passed buffer using @actparms, %params, %shorewallrc and %config,
|
||||
# Expand Shell Variables in the passed buffer using %actparms, %params, %shorewallrc and %config,
|
||||
#
|
||||
sub expand_variables( \$ ) {
|
||||
my ( $lineref, $count ) = ( $_[0], 0 );
|
||||
@ -2543,12 +2546,14 @@ sub expand_variables( \$ ) {
|
||||
my $val;
|
||||
|
||||
if ( $var =~ /^\d+$/ ) {
|
||||
fatal_error "Undefined parameter (\$$var)" if ( ! defined $actparms[$var] ) || ( length( $var ) > 1 && $var =~ /^0/ );
|
||||
$val = $var ? $actparms[$var] : $actparms[0]->{name};
|
||||
fatal_error "Undefined parameter (\$$var)" if ( ! defined $actparms{$var} ) || ( length( $var ) > 1 && $var =~ /^0/ );
|
||||
$val = $var ? $actparms{$var} : $actparms{0}->{name};
|
||||
} elsif ( exists $params{$var} ) {
|
||||
$val = $params{$var};
|
||||
} elsif ( exists $shorewallrc{$var} ) {
|
||||
$val = $shorewallrc{$var}
|
||||
} elsif ( exists $actparms{$var} ) {
|
||||
$val = $actparms{$var};
|
||||
} else {
|
||||
fatal_error "Undefined shell variable (\$$var)" unless exists $config{$var};
|
||||
$val = $config{$var};
|
||||
@ -2657,7 +2662,7 @@ sub read_a_line($) {
|
||||
#
|
||||
handle_first_entry if $first_entry;
|
||||
#
|
||||
# Expand Shell Variables using %params and @actparms
|
||||
# Expand Shell Variables using %params and %actparms
|
||||
#
|
||||
expand_variables( $currentline ) if $options & EXPAND_VARIABLES;
|
||||
|
||||
|
@ -579,7 +579,7 @@ sub process_policies()
|
||||
#
|
||||
# Policy Rule application
|
||||
#
|
||||
sub process_inline ($$$$$$$$$$$$$$$$$$$);
|
||||
sub process_inline ($$$$$$$$$$$$$$$$$$$$);
|
||||
|
||||
sub policy_rules( $$$$$ ) {
|
||||
my ( $chainref , $target, $loglevel, $default, $dropmulticast ) = @_;
|
||||
@ -598,6 +598,7 @@ sub policy_rules( $$$$$ ) {
|
||||
#
|
||||
process_inline( $inline, #Inline
|
||||
$chainref, #Chain
|
||||
$loglevel, #Log Level and Tag
|
||||
$default, #Target
|
||||
$param || '', #Param
|
||||
'-', #Source
|
||||
@ -971,13 +972,13 @@ sub externalize( $ ) {
|
||||
#
|
||||
# Define an Action
|
||||
#
|
||||
sub new_action( $$$ ) {
|
||||
sub new_action( $$$$ ) {
|
||||
|
||||
my ( $action , $type, $noinline ) = @_;
|
||||
my ( $action , $type, $noinline, $nolog ) = @_;
|
||||
|
||||
fatal_error "Invalid action name($action)" if reserved_name( $action );
|
||||
|
||||
$actions{$action} = { actchain => '' , noinline => $noinline } if $type & ACTION;
|
||||
$actions{$action} = { actchain => '' , noinline => $noinline, nolog => $nolog } if $type & ACTION;
|
||||
|
||||
$targets{$action} = $type;
|
||||
}
|
||||
@ -1460,7 +1461,7 @@ sub process_actions() {
|
||||
#
|
||||
# Add built-in actions to the target table and create those actions
|
||||
#
|
||||
$targets{$_} = new_action( $_ , ACTION + BUILTIN, 1 ) for @builtins;
|
||||
$targets{$_} = new_action( $_ , ACTION + BUILTIN, 1, 0 ) for @builtins;
|
||||
|
||||
for my $file ( qw/actions.std actions/ ) {
|
||||
open_file $file;
|
||||
@ -1470,6 +1471,7 @@ sub process_actions() {
|
||||
|
||||
my $type = ACTION;
|
||||
my $noinline = 0;
|
||||
my $nolog = 0;
|
||||
|
||||
if ( $action =~ /:/ ) {
|
||||
warning_message 'Default Actions are now specified in /etc/shorewall/shorewall.conf';
|
||||
@ -1484,6 +1486,8 @@ sub process_actions() {
|
||||
$type = INLINE;
|
||||
} elsif ( $_ eq 'noinline' ) {
|
||||
$noinline = 1;
|
||||
} elsif ( $_ eq 'nolog' ) {
|
||||
$nolog = 1;
|
||||
} else {
|
||||
fatal_error "Invalid option ($_)";
|
||||
}
|
||||
@ -1507,13 +1511,13 @@ sub process_actions() {
|
||||
}
|
||||
}
|
||||
|
||||
new_action $action, $type, $noinline;
|
||||
new_action $action, $type, $noinline, $nolog;
|
||||
|
||||
my $actionfile = find_file( "action.$action" );
|
||||
|
||||
fatal_error "Missing Action File ($actionfile)" unless -f $actionfile;
|
||||
|
||||
$inlines{$action} = $actionfile if $type == INLINE;
|
||||
$inlines{$action} = { file => $actionfile, nolog => $nolog } if $type == INLINE;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1525,7 +1529,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ );
|
||||
# Populate an action invocation chain. As new action tuples are encountered,
|
||||
# the function will be called recursively by process_rule1().
|
||||
#
|
||||
sub process_action( $) {
|
||||
sub process_action($) {
|
||||
my $chainref = shift;
|
||||
my $wholeaction = $chainref->{action};
|
||||
my ( $action, $level, $tag, $param ) = split /:/, $wholeaction, 4;
|
||||
@ -1543,7 +1547,9 @@ sub process_action( $) {
|
||||
|
||||
push_open $actionfile;
|
||||
|
||||
my $oldparms = push_action_params( $chainref, $param );
|
||||
my $oldparms = push_action_params( $chainref, $param, $level, $tag );
|
||||
|
||||
my $nolog = $actions{$action}{nolog};
|
||||
|
||||
$active{$action}++;
|
||||
push @actionstack, $wholeaction;
|
||||
@ -1582,7 +1588,7 @@ sub process_action( $) {
|
||||
}
|
||||
|
||||
process_rule1( $chainref,
|
||||
merge_levels( "$action:$level:$tag", $target ),
|
||||
$nolog ? $target : merge_levels( "$action:$level:$tag", $target ),
|
||||
'',
|
||||
$source,
|
||||
$dest,
|
||||
@ -1764,8 +1770,8 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$) {
|
||||
#
|
||||
# Expand an inline action rule from the rules file
|
||||
#
|
||||
sub process_inline ($$$$$$$$$$$$$$$$$$$) {
|
||||
my ($inline, $chainref, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;
|
||||
sub process_inline ($$$$$$$$$$$$$$$$$$$$) {
|
||||
my ($inline, $chainref, $loglevel, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;
|
||||
|
||||
my $nocomment = no_comment;
|
||||
|
||||
@ -1773,9 +1779,15 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$) {
|
||||
|
||||
macro_comment $inline;
|
||||
|
||||
my $oldparms = push_action_params( $chainref, $param );
|
||||
my ( $level, $tag ) = split( ':', $loglevel, 2 );
|
||||
|
||||
my $inlinefile = $inlines{$inline};
|
||||
my $oldparms = push_action_params( $chainref,
|
||||
$param,
|
||||
supplied $level ? $level : 'none',
|
||||
defined $tag ? $tag : '');
|
||||
|
||||
my $inlinefile = $inlines{$inline}{file};
|
||||
my $nolog = $inlines{$inline}{nolog};
|
||||
|
||||
progress_message "..Expanding inline action $inlinefile...";
|
||||
|
||||
@ -1815,7 +1827,7 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$) {
|
||||
next;
|
||||
}
|
||||
|
||||
$mtarget = merge_levels $target, $mtarget;
|
||||
$mtarget = merge_levels( $target, $mtarget ) unless $nolog;
|
||||
|
||||
my $action = isolate_basic_target $mtarget;
|
||||
|
||||
@ -2277,6 +2289,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
|
||||
|
||||
my $generated = process_inline( $basictarget,
|
||||
$chainref,
|
||||
$loglevel,
|
||||
$target,
|
||||
$current_param,
|
||||
$source,
|
||||
|
Loading…
Reference in New Issue
Block a user