[BACK]Return to lciptables CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom

Diff for /loncom/lciptables between versions 1.2 and 1.9

version 1.2, 2010/03/25 01:28:34 version 1.9, 2019/06/09 02:35:37
Line 57  print "In lciptables\n" unless $noprint; Line 57  print "In lciptables\n" unless $noprint;
   
 # ----------------------------- Make sure this process is running from user=www  # ----------------------------- Make sure this process is running from user=www
 my $wwwid=getpwnam('www');  my $wwwid=getpwnam('www');
 &DisableRoot;  
 if ($wwwid!=$>) {  if ($wwwid!=$<) {
     print("User ID mismatch.  This program must be run as user 'www'\n")      print("User ID mismatch.  This program must be run as user 'www'\n")
         unless $noprint;          unless $noprint;
     &Exit(1);      &Exit(1);
 }  }
   
 # ----------------------------------- Retrieve IP addreses for hosts in cluster  # ----------------------------------- Retrieve IP addreses for hosts in cluster
 &DisableRoot;  
   
 my %iphost;  my %iphost;
 if (@ARGV != 1) {  if (@ARGV != 1) {
Line 73  if (@ARGV != 1) { Line 73  if (@ARGV != 1) {
     &Exit(2);      &Exit(2);
 }  }
 my $tmpfile = $ARGV[0];  my $tmpfile = $ARGV[0];
 if (-e $tmpfile) {  if ($tmpfile =~ m{^\Q/home/httpd/perl/tmp/lciptables_iphost_\E\d+$}) {
     if (open(my $fh,"<$tmpfile")) {      if (-e $tmpfile) {
         while(<$fh>) {          if (open(my $fh,"<$tmpfile")) {
             chomp();              while(<$fh>) {
             $iphost{$_} = 1;                  chomp();
                   if (/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/) {
                       if (($1<=255) && ($2<=255) && ($3<=255) && ($4<=255)) {
                           $iphost{$_} = 1;
                       }
                   }
               }
               close($fh);
           } else {
               &Exit(3);  
         }          }
         close($fh);  
     } else {      } else {
        &Exit(3);            print "Error. File containing IP addresses of hosts in cluster does not exist\n" unless $noprint;
           &Exit(3);
     }      }
 } else {  } else {
     print "Error. File containing IP addresses of hosts in cluster does not exist\n" unless $noprint;      print "Error. Invalid filename for file containing IP addresses\n" unless $noprint; 
     &Exit(3);      &Exit(3);
 }  }
   
 # --------------------------- Handle case of another lciptables process (locking)  my ($opened,$closed);
 unless (&try_to_lock("/tmp/lock_lciptables")) {  my $lond_port = &LONCAPA::Firewall::get_lond_port();
     print "Error. Too many other simultaneous iptables manipulation requests being ".  if (($lond_port eq '') || ($lond_port =~ /\D/)) {
         "made.\n" unless $noprint;      print "Error. Invalid lond port\n" unless $noprint;
     &Exit(4);      &Exit(3);
   }
   my $iptables = &LONCAPA::Firewall::get_pathto_iptables();
   if ($iptables eq '') {
       print "Error. No path to iptables\n" unless $noprint;
       &Exit(3);
 }  }
   
 my $lond_port = &LONCAPA::Firewall::get_lond_port();  my ($firewalld) = &LONCAPA::Firewall::uses_firewalld();
   
 ($>,$<)=($wwwid,0);  
 &EnableRoot();  &EnableRoot();
   
 my @fw_chains = &LONCAPA::Firewall::get_fw_chains();  my @fw_chains = &LONCAPA::Firewall::get_fw_chains();
 my $iptables = &LONCAPA::Firewall::get_pathto_iptables();  if ($firewalld) {
 my $firewall_result =       $<=0;
      &LONCAPA::Firewall::firewall_close_port($iptables,\@fw_chains,$lond_port,[$lond_port]);  
 if ($firewall_result) {  
     print "$firewall_result\n";  
 }  
 my $firewall_result = &LONCAPA::Firewall::firewall_open_port($iptables,\@fw_chains,$lond_port,\%iphost,[$lond_port]);  
 if ($firewall_result) {  
     print "$firewall_result\n";  
 }  }
   $opened =
       &LONCAPA::Firewall::firewall_close_port($iptables,\@fw_chains,$lond_port,\%iphost,[$lond_port],$firewalld);
   $closed =
       &LONCAPA::Firewall::firewall_open_port($iptables,\@fw_chains,$lond_port,\%iphost,[$lond_port],$firewalld);
   if ($firewalld) {
       $<=$wwwid;
   }
   &DisableRoot();
   
 # -------------------------------------------------------- Exit script  # -------------------------------------------------------- Exit script
   if ($opened) {
       print "$opened\n";
   }
   if ($closed) {
       print "$closed\n";
   }
 print "lciptables Exiting\n" unless $noprint;  print "lciptables Exiting\n" unless $noprint;
 &DisableRoot;  
 unlink('/tmp/lock_lciptables');  
 &Exit(0);  &Exit(0);
   
   
 sub EnableRoot {  sub EnableRoot {
     if ($wwwid==$>) {      if ($wwwid==$>) {
         ($<,$>)=($>,$<);          ($<,$>)=($>,$<);
Line 140  sub DisableRoot { Line 156  sub DisableRoot {
     }      }
 }  }
   
 sub try_to_lock {  
     my ($lockfile)=@_;  
     my $currentpid;  
     my $lastpid;  
     # Do not manipulate lock file as root  
     if ($>==0) {  
         return 0;  
     }  
     # Try to generate lock file.  
     # Wait 3 seconds.  If same process id is in  
     # lock file, then assume lock file is stale, and  
     # go ahead.  If process id's fluctuate, try  
     # for a maximum of 10 times.  
     for (0..10) {  
         if (-e $lockfile) {  
             open(LOCK,"<$lockfile");  
             $currentpid=<LOCK>;  
             close LOCK;  
             if ($currentpid==$lastpid) {  
                 last;  
             }  
             sleep 3;  
             $lastpid=$currentpid;  
         } else {  
             last;  
         }  
         if ($_==10) {  
             return 0;  
         }  
     }  
     open(LOCK,">$lockfile");  
     print LOCK $$;  
     close LOCK;  
     return 1;  
 }  
   
 sub Exit {  sub Exit {
     my ($code) = @_;      my ($code) = @_;
     &DisableRoot();      &DisableRoot();
Removed from v.1.2  
changed lines
  Added in v.1.9

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>