From c0f3ed38a8f2347e9db5679fa2488ad3cc31c94a Mon Sep 17 00:00:00 2001 From: Michael Rash Date: Sun, 12 Apr 2015 16:01:29 -0700 Subject: [PATCH] [server] further error status simplication for firewalld --- server/fw_util_firewalld.c | 56 ++++++++++++++++++-------------------- server/fw_util_firewalld.h | 4 ++- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/server/fw_util_firewalld.c b/server/fw_util_firewalld.c index 12fe3273..d6506987 100644 --- a/server/fw_util_firewalld.c +++ b/server/fw_util_firewalld.c @@ -342,7 +342,7 @@ comment_match_exists(const fko_srv_options_t * const opts) static int add_jump_rule(const fko_srv_options_t * const opts, const int chain_num) { - int res = 0; + int res = 0, rv = 0; zero_cmd_buffers(); @@ -361,19 +361,22 @@ add_jump_rule(const fko_srv_options_t * const opts, const int chain_num) cmd_buf, res, err_buf); if(EXTCMD_IS_SUCCESS(res)) + { log_msg(LOG_INFO, "Added jump rule from chain: %s to chain: %s", fwc.chain[chain_num].from_chain, fwc.chain[chain_num].to_chain); + rv = 1; + } else log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, err_buf); - return res; + return rv; } static int chain_exists(const fko_srv_options_t * const opts, const int chain_num) { - int res = 0; + int res = 0, rv = 0; zero_cmd_buffers(); @@ -390,14 +393,17 @@ chain_exists(const fko_srv_options_t * const opts, const int chain_num) log_msg(LOG_DEBUG, "chain_exists() CMD: '%s' (res: %d, err: %s)", cmd_buf, res, err_buf); - if(EXTCMD_IS_SUCCESS(res)) + if(strstr(err_buf, FIREWD_CMD_FAIL_STR) == NULL) + { log_msg(LOG_DEBUG, "'%s' table '%s' chain exists", fwc.chain[chain_num].table, fwc.chain[chain_num].to_chain); + rv = 1; + } else log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, err_buf); - return res; + return rv; } static int @@ -640,7 +646,7 @@ delete_all_chains(const fko_srv_options_t * const opts) static int create_chain(const fko_srv_options_t * const opts, const int chain_num) { - int res = 0; + int res = 0, rv = 0; zero_cmd_buffers(); @@ -660,24 +666,30 @@ create_chain(const fko_srv_options_t * const opts, const int chain_num) cmd_buf, res, err_buf); /* Expect full success on this */ - if(! EXTCMD_IS_SUCCESS(res)) + if(EXTCMD_IS_SUCCESS(res)) + rv = 1; + else log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, err_buf); - return res; + return rv; } -static void +static int mk_chain(const fko_srv_options_t * const opts, const int chain_num) { + int err = 0; + /* Make sure the required chain and jump rule exist */ - if(chain_exists(opts, chain_num) == 0) - create_chain(opts, chain_num); + if(! chain_exists(opts, chain_num)) + if (! create_chain(opts, chain_num)) + err++; - if (jump_rule_exists(opts, chain_num) == 0) - add_jump_rule(opts, chain_num); + if (jump_rule_exists(opts, chain_num)) + if(! add_jump_rule(opts, chain_num)) + err++; - return; + return err; } /* Create the fwknop custom chains (at least those that are configured). @@ -692,21 +704,7 @@ create_fw_chains(const fko_srv_options_t * const opts) if(fwc.chain[i].target[0] == '\0') continue; - if(chain_exists(opts, i) == 0) - { - - /* Create the chain - */ - if(! EXTCMD_IS_SUCCESS(create_chain(opts, i))) - got_err++; - - /* Then create the jump rule to that chain if it - * doesn't already exist (which is possible) - */ - if(jump_rule_exists(opts, i) == 0) - if(! EXTCMD_IS_SUCCESS(add_jump_rule(opts, i))) - got_err++; - } + got_err += mk_chain(opts, i); } return(got_err); diff --git a/server/fw_util_firewalld.h b/server/fw_util_firewalld.h index 861ee323..9b2534e7 100644 --- a/server/fw_util_firewalld.h +++ b/server/fw_util_firewalld.h @@ -31,7 +31,9 @@ #ifndef FW_UTIL_FIREWALLD_H #define FW_UTIL_FIREWALLD_H -#define SNAT_TARGET_BUFSIZE 64 +#define SNAT_TARGET_BUFSIZE 64 + +#define FIREWD_CMD_FAIL_STR "COMMAND_FAILED" /* returned by firewall-cmd */ #if HAVE_EXECVPE #define SH_REDIR "" /* the shell is not used when execvpe() is available */