Add a compiler frontend for use with Shorewall-perl; avoid need for frontend to export CONFIG_PATH

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5815 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2007-04-03 01:20:56 +00:00 · 2007-04-03 01:20:56 +00:00 · 7bfed5dd6e
commit 7bfed5dd6e
parent 16c67b3472
2 changed files with 200 additions and 17 deletions
--- a/New/Shorewall/Config.pm
+++ b/New/Shorewall/Config.pm
@ -228,19 +228,6 @@ my $currentfile;
 my $currentfilename;
 my $currentlinenumber = 0;

-INIT {
-    #
-    # The shell 'compiler' program has already read shorewall.conf before starting us so the
-    # value of CONFIG_PATH is correct. We can thus use it here and ignore it's setting in
-    # shorewall.conf when we re-process that file in get_configuration().
-    #
-    @config_path = split /:/, $ENV{CONFIG_PATH};
-
-    for ( @config_path ) {
-	$_ .= '/' unless m|//$|;
-    }
-}
-
 #
 # Issue a Warning Message
 #
@ -645,6 +632,45 @@ sub require_capability( $$ ) {
      unless $capabilities{$capability};
 }

+#
+# Set default config path
+#
+sub ensure_config_path( $ ) {
+    my $export = $_[0];
+
+    my $f = "$globals{SHAREDIR}/configpath";
+
+    $ENV{CONFDIR} = $export ? '/usr/share/shorewall/configfiles/' : '/etc/shorewall/';
+    
+    unless ( $config{CONFIG_PATH} ) {
+	fatal_error "$f does not exist" unless -f $f;
+	
+	open $currentfile , '<', $f or fatal_error "Cannot open $f";
+
+	while ( read_a_line ) {
+	    if ( $line =~ /^\s*([a-zA-Z]\w*)=(.*?)\s*$/ ) {
+		my ($var, $val) = ($1, $2);
+		$config{$var} = ( $val =~ /\"([^\"]*)\"$/ ? $1 : $val ) if exists $config{$var};
+	    } else {
+		fatal_error "Unrecognized entry";
+	    }
+	}
+	
+	fatal_error "CONFIG_PATH not found in $f" unless $config{CONFIG_PATH};
+    }
+
+    @config_path = split /:/, $config{CONFIG_PATH};
+
+    for ( @config_path ) {
+        $_ .= '/' unless m|//$|;
+    }
+
+    if ( my $sd = $ENV{SHOREWALL_DIR} ) {
+	$sd .= '/' unless $sd =~ m|//$|;
+	unshift @config_path, $sd if $sd ne $config_path[0];
+    }
+}
+
 #
 # - Read the shorewall.conf file
 # - Read the capabilities file created by the compiler front-end
@ -654,6 +680,8 @@ sub get_configuration( $ ) {

    my $export = $_[0];

+    ensure_config_path( $export );
+
    my $file = find_file 'shorewall.conf';

    if ( -f $file ) {
@ -664,13 +692,13 @@ sub get_configuration( $ ) {
 		if ( $line =~ /^\s*([a-zA-Z]\w*)=(.*?)\s*$/ ) {
 		    my ($var, $val) = ($1, $2);
 		    unless ( exists $config{$var} ) {
-			warning_message "Unknown configuration option \"$var\" ignored";
+			warning_message "Unknown configuration option ($var) ignored";
 			next;
 		    }

 		    $config{$var} = ( $val =~ /\"([^\"]*)\"$/ ? $1 : $val );
 		} else {
-		    fatal_error "Unrecognized entry in $file: $line";
+		    fatal_error "Unrecognized entry";
 		}
 	    }
 	} else {
@ -680,7 +708,7 @@ sub get_configuration( $ ) {
 	fatal_error "$file does not exist!";
    }

-    $globals{ORIGINAL_POLICY_MATCH} = $capabilities{POLICY_MATCH};
+    ensure_config_path( $export );

    default 'MODULE_PREFIX', 'o gz ko o.gz ko.gz';

@ -701,6 +729,8 @@ sub get_configuration( $ ) {
 	fatal_error "The -e flag requires a capabilities file" unless open_file 'capabilities';
    }

+    $globals{ORIGINAL_POLICY_MATCH} = $capabilities{POLICY_MATCH};
+
    #
    # If we successfully called open_file above, then this loop will read the capabilities file.
    # Otherwise, the first call to read_a_line() below will return false
@ -879,7 +909,6 @@ sub get_configuration( $ ) {
 	$globals{LOGFORMAT}='Shorewall:%s:%s:';
 	$globals{MAXZONENAMELENGTH} = 5;
    }
-
 }

 sub propagateconfig() {
--- a/New/compiler
+++ b/New/compiler
@ -0,0 +1,154 @@
+#!/bin/sh
+#
+#     The Shoreline Firewall (Shorewall) Wrapper for the Compiler - V3.9
+#
+#     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
+#
+#     (c) 2007 - Tom Eastep (teastep@shorewall.net)
+#
+#	Complete documentation is available at http://shorewall.net
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
+#
+#	If an error occurs while starting or restarting the firewall, the
+#	firewall is automatically stopped.
+#
+#	Commands are:
+#
+#          compile check                        Verify the configuration files.
+#	   compile compile <path name>          Compile into <path name>
+#
+#	Environmental Variables:
+#
+#	    EXPORT=Yes                          -e option specified to /sbin/shorewall
+#	    SHOREWALL_DIR                       A directory name was passed to /sbin/shorewall
+#	    VERBOSE                             Standard Shorewall verbosity control.
+
+#
+# Fatal error -- stops the compiler after issuing the error message
+#
+fatal_error() # $* = Error Message
+{
+    echo "   ERROR: $@" >&2
+    exit 2
+}
+
+#
+# Initialize this program
+#
+do_initialize() {
+
+    # Run all utility programs using the C locale
+    #
+    # Thanks to Vincent Planchenault for this tip #
+
+    export LC_ALL=C
+
+    # Make sure umask is sane
+    umask 077
+
+    PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+
+    ensure_config_path
+
+    VERSION_FILE=$SHAREDIR/version
+
+    [ -f $VERSION_FILE ] && VERSION=$(cat $VERSION_FILE)
+
+    [ -d /usr/share/shorewall-perl ] && set -a; 
+    
+    run_user_exit params
+
+    set +a
+
+}
+
+#
+# Give Usage Information
+#
+usage() {
+    echo "Usage: $0 [debug] check|compile <filename>}"
+    exit 1
+}
+
+#
+# E X E C U T I O N    B E G I N S   H E R E
+#
+#
+# Start trace if first arg is "debug"
+#
+debug='-w'
+
+[ $# -gt 1 ] && [ "$1" = "debug" ] && { set -x ; shift ; }
+
+if [ "$PROFILE" ]; then
+    debug='-wd:DProf'
+elif [ "$DEBUG" ]; then
+    debug='-wd'
+fi
+
+NOLOCK=
+
+[ $# -gt 1 ] && [ "$1" = "nolock" ] && { NOLOCK=Yes; shift ; }
+
+trap "exit 2" 1 2 3 4 5 6 9
+
+SHAREDIR=/usr/share/shorewall
+VARDIR=/var/lib/shorewall
+[ -z "$EXPORT" ] && CONFDIR=/etc/shorewall || CONFDIR=${SHAREDIR}/configfiles
+
+[ -n "${VERBOSE:=2}" ]
+
+FUNCTIONS=${SHAREDIR}/lib.base
+
+if [ -f $FUNCTIONS ]; then
+    [ $VERBOSE -ge 2 ] && echo "Loading $FUNCTIONS..."
+    . $FUNCTIONS
+else
+    fatal_error "Installation Error: $FUNCTIONS does not exist!"
+fi
+
+PROGRAM=compiler
+
+COMMAND="$1"
+
+case "$COMMAND" in
+
+    check)
+	[ $# -ne 1 ] && usage
+	do_initialize
+	exec perl $debug /usr/share/shorewall-perl/compiler.pl
+	;;
+
+    compile)
+	[ $# -ne 2 ] && usage
+	do_initialize
+	exec perl $debug /usr/share/shorewall-perl/compiler.pl $2
+	;;
+
+    call)
+	#
+	# Undocumented way to call functions in ${SHAREDIR}/compiler directly
+	#
+	shift
+	do_initialize
+	EMPTY=
+	$@
+	;;
+
+    *)
+	usage
+	;;
+
+esac