version 1.2, 2010/03/25 01:28:34
|
version 1.6, 2011/05/14 23:38:07
|
Line 57 print "In lciptables\n" unless $noprint;
|
Line 57 print "In lciptables\n" unless $noprint;
|
|
|
# ----------------------------- Make sure this process is running from user=www |
# ----------------------------- Make sure this process is running from user=www |
my $wwwid=getpwnam('www'); |
my $wwwid=getpwnam('www'); |
&DisableRoot; |
|
if ($wwwid!=$>) { |
if ($wwwid!=$<) { |
print("User ID mismatch. This program must be run as user 'www'\n") |
print("User ID mismatch. This program must be run as user 'www'\n") |
unless $noprint; |
unless $noprint; |
&Exit(1); |
&Exit(1); |
} |
} |
|
|
# ----------------------------------- Retrieve IP addreses for hosts in cluster |
# ----------------------------------- Retrieve IP addreses for hosts in cluster |
&DisableRoot; |
|
|
|
my %iphost; |
my %iphost; |
if (@ARGV != 1) { |
if (@ARGV != 1) { |
Line 88 if (-e $tmpfile) {
|
Line 88 if (-e $tmpfile) {
|
&Exit(3); |
&Exit(3); |
} |
} |
|
|
# --------------------------- Handle case of another lciptables process (locking) |
|
unless (&try_to_lock("/tmp/lock_lciptables")) { |
|
print "Error. Too many other simultaneous iptables manipulation requests being ". |
|
"made.\n" unless $noprint; |
|
&Exit(4); |
|
} |
|
|
|
my $lond_port = &LONCAPA::Firewall::get_lond_port(); |
my $lond_port = &LONCAPA::Firewall::get_lond_port(); |
|
|
($>,$<)=($wwwid,0); |
|
&EnableRoot(); |
&EnableRoot(); |
|
|
my @fw_chains = &LONCAPA::Firewall::get_fw_chains(); |
my @fw_chains = &LONCAPA::Firewall::get_fw_chains(); |
my $iptables = &LONCAPA::Firewall::get_pathto_iptables(); |
my $iptables = &LONCAPA::Firewall::get_pathto_iptables(); |
my $firewall_result = |
my $firewall_result = |
&LONCAPA::Firewall::firewall_close_port($iptables,\@fw_chains,$lond_port,[$lond_port]); |
&LONCAPA::Firewall::firewall_close_port($iptables,\@fw_chains,$lond_port,\%iphost,[$lond_port]); |
if ($firewall_result) { |
if ($firewall_result) { |
print "$firewall_result\n"; |
print "$firewall_result\n"; |
} |
} |
my $firewall_result = &LONCAPA::Firewall::firewall_open_port($iptables,\@fw_chains,$lond_port,\%iphost,[$lond_port]); |
$firewall_result = &LONCAPA::Firewall::firewall_open_port($iptables,\@fw_chains,$lond_port,\%iphost,[$lond_port]); |
if ($firewall_result) { |
if ($firewall_result) { |
print "$firewall_result\n"; |
print "$firewall_result\n"; |
} |
} |
Line 115 if ($firewall_result) {
|
Line 108 if ($firewall_result) {
|
# -------------------------------------------------------- Exit script |
# -------------------------------------------------------- Exit script |
print "lciptables Exiting\n" unless $noprint; |
print "lciptables Exiting\n" unless $noprint; |
&DisableRoot; |
&DisableRoot; |
unlink('/tmp/lock_lciptables'); |
|
&Exit(0); |
&Exit(0); |
|
|
|
|
Line 140 sub DisableRoot {
|
Line 132 sub DisableRoot {
|
} |
} |
} |
} |
|
|
sub try_to_lock { |
|
my ($lockfile)=@_; |
|
my $currentpid; |
|
my $lastpid; |
|
# Do not manipulate lock file as root |
|
if ($>==0) { |
|
return 0; |
|
} |
|
# Try to generate lock file. |
|
# Wait 3 seconds. If same process id is in |
|
# lock file, then assume lock file is stale, and |
|
# go ahead. If process id's fluctuate, try |
|
# for a maximum of 10 times. |
|
for (0..10) { |
|
if (-e $lockfile) { |
|
open(LOCK,"<$lockfile"); |
|
$currentpid=<LOCK>; |
|
close LOCK; |
|
if ($currentpid==$lastpid) { |
|
last; |
|
} |
|
sleep 3; |
|
$lastpid=$currentpid; |
|
} else { |
|
last; |
|
} |
|
if ($_==10) { |
|
return 0; |
|
} |
|
} |
|
open(LOCK,">$lockfile"); |
|
print LOCK $$; |
|
close LOCK; |
|
return 1; |
|
} |
|
|
|
sub Exit { |
sub Exit { |
my ($code) = @_; |
my ($code) = @_; |
&DisableRoot(); |
&DisableRoot(); |