holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Validate comma-separated lists

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8109 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-01-26 01:07:57 +00:00
parent f960345b51
commit 7b4abdba94
9 changed files with 36 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall-perl/Shorewall/Chains.pm
View File

@ -956,7 +956,7 @@ sub validate_portpair( $$ ) {
sub validate_port_list( $$ ) { sub validate_port_list( $$ ) {
my $result = ''; my $result = '';
my ( $proto, $list ) = @_; my ( $proto, $list ) = @_;
my @list = split/,/, $list; my @list = split_list $list, 'port';
if ( @list > 1 && $list =~ /:/ ) { if ( @list > 1 && $list =~ /:/ ) {
require_capability( 'XMULTIPORT' , 'Port ranges in a port list', '' ); require_capability( 'XMULTIPORT' , 'Port ranges in a port list', '' );
@ -1506,7 +1506,7 @@ sub log_rule( $$$$ ) {
# Split a comma-separated source or destination host list but keep [...] together. # Split a comma-separated source or destination host list but keep [...] together.
# #
sub mysplit( $ ) { sub mysplit( $ ) {
my @input = split /,/, $_[0]; my @input = split_list $_[0], 'host';
return @input unless $_[0] =~ /\[/; return @input unless $_[0] =~ /\[/;
@ -2283,7 +2283,7 @@ sub create_chainlist_reload($) {
my $chains = $_[0]; my $chains = $_[0];
my @chains = split ',', $chains; my @chains = split_list $chains, 'chain';
unless ( @chains ) { unless ( @chains ) {
@chains = qw( blacklst ) if $filter_table->{blacklst}; @chains = qw( blacklst ) if $filter_table->{blacklst};

2
Shorewall-perl/Shorewall/Compiler.pm
View File

@ -138,7 +138,7 @@ sub generate_script_1() {
propagateconfig; propagateconfig;
my @dont_load = split /,/, $config{DONT_LOAD}; my @dont_load = split_list $config{DONT_LOAD}, 'module';
emit ( '[ -n "${COMMAND:=restart}" ]', emit ( '[ -n "${COMMAND:=restart}" ]',
'[ -n "${VERBOSE:=0}" ]', '[ -n "${VERBOSE:=0}" ]',

11
Shorewall-perl/Shorewall/Config.pm
View File

@ -73,6 +73,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_object
set_shorewall_dir set_shorewall_dir
set_debug set_debug
find_file find_file
split_list
split_line split_line
split_line1 split_line1
split_line2 split_line2
@ -854,6 +855,14 @@ sub find_file($)
"$globals{CONFDIR}/$filename"; "$globals{CONFDIR}/$filename";
} }
sub split_list( $$ ) {
my ($list, $type ) = @_;
fatal_error "Invalid $type list ($list)" if $list =~ /^,/ or $list =~/,$/ or $list =~ /,,/;
split /,/, $list;
}
# #
# Pre-process a line from a configuration file. # Pre-process a line from a configuration file.
@ -1441,7 +1450,7 @@ sub load_kernel_modules( ) {
if ( $moduleloader && open_file 'modules' ) { if ( $moduleloader && open_file 'modules' ) {
my %loadedmodules; my %loadedmodules;
$loadedmodules{$_}++ for split /,/, $config{DONT_LOAD}; $loadedmodules{$_}++ for split_list( $config{DONT_LOAD}, 'module' );
progress_message "Loading Modules..."; progress_message "Loading Modules...";

18
Shorewall-perl/Shorewall/Nat.pm
View File

@ -78,7 +78,7 @@ sub do_ipsec_options($)
my $options = '-m policy --pol ipsec --dir out '; my $options = '-m policy --pol ipsec --dir out ';
my $fmt; my $fmt;
for my $e ( split ',' , $list ) { for my $e ( split_list $list, 'option' ) {
my $val = undef; my $val = undef;
my $invert = ''; my $invert = '';
@ -179,14 +179,12 @@ sub setup_one_masq($$$$$$$)
# #
$baserule .= do_test( $mark, 0xFF) if $mark ne '-'; $baserule .= do_test( $mark, 0xFF) if $mark ne '-';
for my $fullinterface (split /,/, $interfacelist ) { for my $fullinterface (split_list $interfacelist, 'interface' ) {
my $rule = ''; my $rule = '';
my $target = '-j MASQUERADE '; my $target = '-j MASQUERADE ';
# #
# Isolate and verify the interface part # Isolate and verify the interface part
# #
fatal_error "Invalid Interface List ($interfacelist)" unless defined $fullinterface && $fullinterface ne '';
( my $interface = $fullinterface ) =~ s/:.*//; ( my $interface = $fullinterface ) =~ s/:.*//;
if ( $interface =~ /(.*)[(](\w*)[)]$/ ) { if ( $interface =~ /(.*)[(](\w*)[)]$/ ) {
@ -223,14 +221,14 @@ sub setup_one_masq($$$$$$$)
fatal_error "':random' is not supported by the SAME target" if $randomize; fatal_error "':random' is not supported by the SAME target" if $randomize;
$target = '-j SAME --nodst '; $target = '-j SAME --nodst ';
$addresses =~ s/.*://; $addresses =~ s/.*://;
for my $addr ( split /,/, $addresses ) { for my $addr ( split_list $addresses, 'address' ) {
$target .= "--to $addr "; $target .= "--to $addr ";
} }
} elsif ( $addresses =~ /^SAME:/ ) { } elsif ( $addresses =~ /^SAME:/ ) {
fatal_error "':random' is not supported by the SAME target" if $randomize; fatal_error "':random' is not supported by the SAME target" if $randomize;
$target = '-j SAME '; $target = '-j SAME ';
$addresses =~ s/.*://; $addresses =~ s/.*://;
for my $addr ( split /,/, $addresses ) { for my $addr ( split_list $addresses, 'address' ) {
$target .= "--to $addr "; $target .= "--to $addr ";
} }
} elsif ( $addresses eq 'detect' ) { } elsif ( $addresses eq 'detect' ) {
@ -246,7 +244,7 @@ sub setup_one_masq($$$$$$$)
} }
} else { } else {
my $addrlist = ''; my $addrlist = '';
for my $addr ( split /,/, $addresses ) { for my $addr ( split_list $addresses , 'address' ) {
if ( $addr =~ /^.*\..*\..*\./ ) { if ( $addr =~ /^.*\..*\..*\./ ) {
$target = '-j SNAT '; $target = '-j SNAT ';
$addrlist .= "--to-source $addr "; $addrlist .= "--to-source $addr ";
@ -288,7 +286,7 @@ sub setup_one_masq($$$$$$$)
if ( $add_snat_aliases ) { if ( $add_snat_aliases ) {
my ( $interface, $alias , $remainder ) = split( /:/, $fullinterface, 3 ); my ( $interface, $alias , $remainder ) = split( /:/, $fullinterface, 3 );
fatal_error "Invalid alias ($alias:$remainder)" if defined $remainder; fatal_error "Invalid alias ($alias:$remainder)" if defined $remainder;
for my $address ( split /,/, $addresses ) { for my $address ( split_list $addresses, 'address' ) {
my ( $addrs, $port ) = split /:/, $address; my ( $addrs, $port ) = split /:/, $address;
next unless $addrs; next unless $addrs;
next if $addrs eq 'detect'; next if $addrs eq 'detect';
@ -443,7 +441,7 @@ sub setup_nat() {
$digit = defined $digit ? ":$digit" : ''; $digit = defined $digit ? ":$digit" : '';
for my $interface ( split /,/, $interfacelist ) { for my $interface ( split_list $interfacelist , 'interface' ) {
fatal_error "Invalid Interface List ($interfacelist)" unless defined $interface && $interface ne ''; fatal_error "Invalid Interface List ($interfacelist)" unless defined $interface && $interface ne '';
do_one_nat $external, "${interface}${digit}", $internal, $allints, $localnat; do_one_nat $external, "${interface}${digit}", $internal, $allints, $localnat;
} }
@ -469,7 +467,7 @@ sub setup_netmap() {
my ( $type, $net1, $interfacelist, $net2 ) = split_line 4, 4, 'netmap file'; my ( $type, $net1, $interfacelist, $net2 ) = split_line 4, 4, 'netmap file';
for my $interface ( split /,/, $interfacelist ) { for my $interface ( split_list $interfacelist, 'interface' ) {
my $rulein = ''; my $rulein = '';
my $ruleout = ''; my $ruleout = '';

2
Shorewall-perl/Shorewall/Providers.pm
View File

@ -268,7 +268,7 @@ sub add_a_provider( $$$$$$$$ ) {
my ( $loose, $track, $balance , $optional ) = (0,0,0,interface_is_optional( $interface )); my ( $loose, $track, $balance , $optional ) = (0,0,0,interface_is_optional( $interface ));
unless ( $options eq '-' ) { unless ( $options eq '-' ) {
for my $option ( split /,/, $options ) { for my $option ( split_list $options, 'option' ) {
if ( $option eq 'track' ) { if ( $option eq 'track' ) {
$track = 1; $track = 1;
} elsif ( $option =~ /^balance=(\d+)$/ ) { } elsif ( $option =~ /^balance=(\d+)$/ ) {

8
Shorewall-perl/Shorewall/Rules.pm
View File

@ -176,7 +176,7 @@ sub setup_ecn()
$hosts = ALLIPv4 if $hosts eq '-'; $hosts = ALLIPv4 if $hosts eq '-';
for my $host( split /,/, $hosts ) { for my $host( split_list $hosts, 'host' ) {
push @hosts, [ $interface, $host ]; push @hosts, [ $interface, $host ];
} }
} }
@ -241,7 +241,7 @@ sub setup_rfc1918_filteration( $ ) {
fatal_error "Invalid target ($target) for $networks"; fatal_error "Invalid target ($target) for $networks";
} }
for my $network ( split /,/, $networks ) { for my $network ( split_list $networks, 'network' ) {
add_rule $norfc1918ref , match_source_net( $network ) . "-j $s_target"; add_rule $norfc1918ref , match_source_net( $network ) . "-j $s_target";
add_rule $chainref , match_orig_dest( $network ) . "-j $target" ; add_rule $chainref , match_orig_dest( $network ) . "-j $target" ;
} }
@ -356,13 +356,13 @@ sub process_criticalhosts() {
my @hosts; my @hosts;
for my $host ( split /,/, $hosts ) { for my $host ( split_list $hosts, 'host' ) {
validate_net $host, 1; validate_net $host, 1;
push @hosts, "$interface:$host"; push @hosts, "$interface:$host";
} }
unless ( $options eq '-' ) { unless ( $options eq '-' ) {
for my $option (split /,/, $options ) { for my $option (split_list $options, 'option' ) {
unless ( $option eq 'routeback' || $option eq 'source' || $option eq 'dest' ) { unless ( $option eq 'routeback' || $option eq 'source' || $option eq 'dest' ) {
if ( $option eq 'critical' ) { if ( $option eq 'critical' ) {
push @critical, @hosts; push @critical, @hosts;

4
Shorewall-perl/Shorewall/Tc.pm
View File

@ -327,7 +327,7 @@ sub validate_tc_device( $$$$ ) {
my $classify = 0; my $classify = 0;
if ( $options ne '-' ) { if ( $options ne '-' ) {
for my $option ( split /,/, $options ) { for my $option ( split_list $options, 'option' ) {
if ( $option eq 'classify' ) { if ( $option eq 'classify' ) {
$classify = 1; $classify = 1;
} else { } else {
@ -388,7 +388,7 @@ sub validate_tc_class( $$$$$$ ) {
$tcref = $tcref->{$markval}; $tcref = $tcref->{$markval};
unless ( $options eq '-' ) { unless ( $options eq '-' ) {
for my $option ( split /,/, "\L$options" ) { for my $option ( split_list "\L$options", 'option' ) {
my $optval = $tosoptions{$option}; my $optval = $tosoptions{$option};
$option = $optval if $optval; $option = $optval if $optval;

2
Shorewall-perl/Shorewall/Tunnels.pm
View File

@ -81,7 +81,7 @@ sub setup_tunnels() {
} }
unless ( $gatewayzones eq '-' ) { unless ( $gatewayzones eq '-' ) {
for my $zone ( split /,/, $gatewayzones ) { for my $zone ( split_list $gatewayzones, 'zone' ) {
my $type = zone_type( $zone ); my $type = zone_type( $zone );
fatal_error "Invalid zone ($zone) for GATEWAY ZONE" if $type eq 'firewall' || $type eq 'bport4'; fatal_error "Invalid zone ($zone) for GATEWAY ZONE" if $type eq 'firewall' || $type eq 'bport4';
$inchainref = ensure_filter_chain "${zone}2${fw}", 1; $inchainref = ensure_filter_chain "${zone}2${fw}", 1;

12
Shorewall-perl/Shorewall/Zones.pm
View File

@ -187,7 +187,7 @@ sub parse_zone_option_list($$)
my $fmt; my $fmt;
if ( $list ne '-' ) { if ( $list ne '-' ) {
for my $e ( split ',' , $list ) { for my $e ( split_list $list, 'option' ) {
my $val = undef; my $val = undef;
my $invert = ''; my $invert = '';
@ -248,7 +248,7 @@ sub determine_zones()
if ( $zone =~ /(\w+):([\w,]+)/ ) { if ( $zone =~ /(\w+):([\w,]+)/ ) {
$zone = $1; $zone = $1;
@parents = split ',', $2; @parents = split_list $2, 'zone';
for my $p ( @parents ) { for my $p ( @parents ) {
fatal_error "Invalid Parent List ($2)" unless $p; fatal_error "Invalid Parent List ($2)" unless $p;
@ -647,7 +647,7 @@ sub validate_interfaces_file( $ )
} }
unless ( $networks eq '' || $networks eq 'detect' ) { unless ( $networks eq '' || $networks eq 'detect' ) {
my @broadcasts = split /,/, $networks; my @broadcasts = split $networks, 'address';
for my $address ( @broadcasts ) { for my $address ( @broadcasts ) {
fatal_error 'Invalid BROADCAST address' unless $address =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/; fatal_error 'Invalid BROADCAST address' unless $address =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/;
@ -666,7 +666,7 @@ sub validate_interfaces_file( $ )
if ( $options ) { if ( $options ) {
for my $option (split ',', $options ) { for my $option (split_list $options, 'option' ) {
next if $option eq '-'; next if $option eq '-';
( $option, my $value ) = split /=/, $option; ( $option, my $value ) = split /=/, $option;
@ -931,7 +931,7 @@ sub validate_hosts_file()
my $optionsref = {}; my $optionsref = {};
if ( $options ne '-' ) { if ( $options ne '-' ) {
my @options = split ',', $options; my @options = split_list $options, 'option';
my %options; my %options;
for my $option ( @options ) for my $option ( @options )
@ -964,7 +964,7 @@ sub validate_hosts_file()
# #
$hosts = join( '', ALLIPv4 , $hosts ) if substr($hosts, 0, 2 ) eq ',!'; $hosts = join( '', ALLIPv4 , $hosts ) if substr($hosts, 0, 2 ) eq ',!';
add_group_to_zone( $zone, $type , $interface, [ split( ',', $hosts ) ] , $optionsref); add_group_to_zone( $zone, $type , $interface, [ split_list( $hosts, 'host' ) ] , $optionsref);
progress_message " Host \"$currentline\" validated"; progress_message " Host \"$currentline\" validated";
} }