Diff for /loncom/lciptables between versions 1.2 and 1.7

version 1.2, 2010/03/25 01:28:34 version 1.7, 2018/10/24 04:19:27
Line 57  print "In lciptables\n" unless $noprint; Line 57  print "In lciptables\n" unless $noprint;
   
 # ----------------------------- Make sure this process is running from user=www  # ----------------------------- Make sure this process is running from user=www
 my $wwwid=getpwnam('www');  my $wwwid=getpwnam('www');
 &DisableRoot;  
 if ($wwwid!=$>) {  if ($wwwid!=$<) {
     print("User ID mismatch.  This program must be run as user 'www'\n")      print("User ID mismatch.  This program must be run as user 'www'\n")
         unless $noprint;          unless $noprint;
     &Exit(1);      &Exit(1);
 }  }
   
 # ----------------------------------- Retrieve IP addreses for hosts in cluster  # ----------------------------------- Retrieve IP addreses for hosts in cluster
 &DisableRoot;  
   
 my %iphost;  my %iphost;
 if (@ARGV != 1) {  if (@ARGV != 1) {
Line 88  if (-e $tmpfile) { Line 88  if (-e $tmpfile) {
     &Exit(3);      &Exit(3);
 }  }
   
 # --------------------------- Handle case of another lciptables process (locking)  my ($opened,$closed);
 unless (&try_to_lock("/tmp/lock_lciptables")) {  my $lond_port = &LONCAPA::Firewall::get_lond_port();
     print "Error. Too many other simultaneous iptables manipulation requests being ".  if (($lond_port eq '') || ($lond_port =~ /\D/)) {
         "made.\n" unless $noprint;      print "Error. Invalid lond port\n" unless $noprint;
     &Exit(4);      &Exit(3);
   }
   my $iptables = &LONCAPA::Firewall::get_pathto_iptables();
   if ($iptables eq '') {
       print "Error. No path to iptables\n" unless $noprint;
       &Exit(3);
 }  }
   
 my $lond_port = &LONCAPA::Firewall::get_lond_port();  my $firewalld = &LONCAPA::Firewall::uses_firewalld();
   
 ($>,$<)=($wwwid,0);  
 &EnableRoot();  &EnableRoot();
   
 my @fw_chains = &LONCAPA::Firewall::get_fw_chains();  my @fw_chains = &LONCAPA::Firewall::get_fw_chains();
 my $iptables = &LONCAPA::Firewall::get_pathto_iptables();  if ($firewalld) {
 my $firewall_result =       $<=0;
      &LONCAPA::Firewall::firewall_close_port($iptables,\@fw_chains,$lond_port,[$lond_port]);  
 if ($firewall_result) {  
     print "$firewall_result\n";  
 }  
 my $firewall_result = &LONCAPA::Firewall::firewall_open_port($iptables,\@fw_chains,$lond_port,\%iphost,[$lond_port]);  
 if ($firewall_result) {  
     print "$firewall_result\n";  
 }  }
   $opened =
       &LONCAPA::Firewall::firewall_close_port($iptables,\@fw_chains,$lond_port,\%iphost,[$lond_port]);
   $closed =
       &LONCAPA::Firewall::firewall_open_port($iptables,\@fw_chains,$lond_port,\%iphost,[$lond_port]);
   if ($firewalld) {
       $<=$wwwid;
   }
   &DisableRoot();
   
 # -------------------------------------------------------- Exit script  # -------------------------------------------------------- Exit script
   if ($opened) {
       print "$opened\n";
   }
   if ($closed) {
       print "$closed\n";
   }
 print "lciptables Exiting\n" unless $noprint;  print "lciptables Exiting\n" unless $noprint;
 &DisableRoot;  
 unlink('/tmp/lock_lciptables');  
 &Exit(0);  &Exit(0);
   
   
 sub EnableRoot {  sub EnableRoot {
     if ($wwwid==$>) {      if ($wwwid==$>) {
         ($<,$>)=($>,$<);          ($<,$>)=($>,$<);
Line 140  sub DisableRoot { Line 147  sub DisableRoot {
     }      }
 }  }
   
 sub try_to_lock {  
     my ($lockfile)=@_;  
     my $currentpid;  
     my $lastpid;  
     # Do not manipulate lock file as root  
     if ($>==0) {  
         return 0;  
     }  
     # Try to generate lock file.  
     # Wait 3 seconds.  If same process id is in  
     # lock file, then assume lock file is stale, and  
     # go ahead.  If process id's fluctuate, try  
     # for a maximum of 10 times.  
     for (0..10) {  
         if (-e $lockfile) {  
             open(LOCK,"<$lockfile");  
             $currentpid=<LOCK>;  
             close LOCK;  
             if ($currentpid==$lastpid) {  
                 last;  
             }  
             sleep 3;  
             $lastpid=$currentpid;  
         } else {  
             last;  
         }  
         if ($_==10) {  
             return 0;  
         }  
     }  
     open(LOCK,">$lockfile");  
     print LOCK $$;  
     close LOCK;  
     return 1;  
 }  
   
 sub Exit {  sub Exit {
     my ($code) = @_;      my ($code) = @_;
     &DisableRoot();      &DisableRoot();

Removed from v.1.2  
changed lines
  Added in v.1.7


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>