[server] further error status simplication for firewalld

server/fw_util_firewalld.c

@@ -342,7 +342,7 @@ comment_match_exists(const fko_srv_options_t * const opts)
 static int
 add_jump_rule(const fko_srv_options_t * const opts, const int chain_num)
 {
-    int res = 0;
+    int res = 0, rv = 0;
 
     zero_cmd_buffers();
 
@@ -361,19 +361,22 @@ add_jump_rule(const fko_srv_options_t * const opts, const int chain_num)
         cmd_buf, res, err_buf);
 
     if(EXTCMD_IS_SUCCESS(res))
+    {
         log_msg(LOG_INFO, "Added jump rule from chain: %s to chain: %s",
             fwc.chain[chain_num].from_chain,
             fwc.chain[chain_num].to_chain);
+        rv = 1;
+    }
     else
         log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, err_buf);
 
-    return res;
+    return rv;
 }
 
 static int
 chain_exists(const fko_srv_options_t * const opts, const int chain_num)
 {
-    int res = 0;
+    int res = 0, rv = 0;
 
     zero_cmd_buffers();
 
@@ -390,14 +393,17 @@ chain_exists(const fko_srv_options_t * const opts, const int chain_num)
     log_msg(LOG_DEBUG, "chain_exists() CMD: '%s' (res: %d, err: %s)",
         cmd_buf, res, err_buf);
 
-    if(EXTCMD_IS_SUCCESS(res))
+    if(strstr(err_buf, FIREWD_CMD_FAIL_STR) == NULL)
+    {
         log_msg(LOG_DEBUG, "'%s' table '%s' chain exists",
             fwc.chain[chain_num].table,
             fwc.chain[chain_num].to_chain);
+        rv = 1;
+    }
     else
         log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, err_buf);
 
-    return res;
+    return rv;
 }
 
 static int
@@ -640,7 +646,7 @@ delete_all_chains(const fko_srv_options_t * const opts)
 static int
 create_chain(const fko_srv_options_t * const opts, const int chain_num)
 {
-    int res = 0;
+    int res = 0, rv = 0;
 
     zero_cmd_buffers();
 
@@ -660,24 +666,30 @@ create_chain(const fko_srv_options_t * const opts, const int chain_num)
         cmd_buf, res, err_buf);
 
     /* Expect full success on this */
-    if(! EXTCMD_IS_SUCCESS(res))
+    if(EXTCMD_IS_SUCCESS(res))
+        rv = 1;
+    else
         log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, err_buf);
 
-    return res;
+    return rv;
 }
 
-static void
+static int
 mk_chain(const fko_srv_options_t * const opts, const int chain_num)
 {
+    int err = 0;
+
     /* Make sure the required chain and jump rule exist
     */
-    if(chain_exists(opts, chain_num) == 0)
-        create_chain(opts, chain_num);
+    if(! chain_exists(opts, chain_num))
+        if (! create_chain(opts, chain_num))
+            err++;
 
-    if (jump_rule_exists(opts, chain_num) == 0)
-        add_jump_rule(opts, chain_num);
+    if (jump_rule_exists(opts, chain_num))
+        if(! add_jump_rule(opts, chain_num))
+            err++;
 
-    return;
+    return err;
 }
 
 /* Create the fwknop custom chains (at least those that are configured).
@@ -692,21 +704,7 @@ create_fw_chains(const fko_srv_options_t * const opts)
         if(fwc.chain[i].target[0] == '\0')
             continue;
 
-        if(chain_exists(opts, i) == 0)
-        {
-
-            /* Create the chain
-            */
-            if(! EXTCMD_IS_SUCCESS(create_chain(opts, i)))
-                got_err++;
-
-            /* Then create the jump rule to that chain if it
-             * doesn't already exist (which is possible)
-            */
-            if(jump_rule_exists(opts, i) == 0)
-                if(! EXTCMD_IS_SUCCESS(add_jump_rule(opts, i)))
-                    got_err++;
-        }
+        got_err += mk_chain(opts, i);
     }
 
     return(got_err);

server/fw_util_firewalld.h

@@ -33,6 +33,8 @@
 
 #define SNAT_TARGET_BUFSIZE   64
 
+#define FIREWD_CMD_FAIL_STR   "COMMAND_FAILED" /* returned by firewall-cmd */
+
 #if HAVE_EXECVPE
   #define SH_REDIR "" /* the shell is not used when execvpe() is available */
 #else