Commit 6b7e5230 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

new class for configuration loaded from policy files but not yet translated to iptables rules

parent c4e427e6
......@@ -115,11 +115,13 @@ if awall.util.contains({'disable', 'enable'}, mode) then
os.exit()
end
config = policyset:load()
require 'awall.iptables'
awall.loadmodules(basedir)
config = awall.Config.new(policyset)
config = awall.Config.new(config)
if mode == 'translate' then
if verify then config:test() end
......
......@@ -59,51 +59,11 @@ PolicySet = policy.PolicySet
Config = object.class(object.Object)
function Config:init(policyset)
function Config:init(policyconfig)
self.input = policyset:load()
self.input = policyconfig:expand()
self.iptables = iptables.IPTables.new()
local function expandvars(obj)
for k, v in pairs(obj) do
if type(v) == 'table' then
expandvars(v)
else
local visited = {}
local val = v
local pattern = '%$(%a[%w_]*)'
while type(val) == 'string' and string.find(val, pattern) do
local si, ei, name = string.find(val, pattern)
if util.contains(visited, name) then
error('Circular variable definition: '..name)
end
table.insert(visited, name)
local var = self.input.variable[name]
if not var then error('Invalid variable reference: '..name) end
if si == 1 and ei == string.len(val) then val = var
elseif util.contains({'number', 'string'}, type(var)) then
val = string.sub(val, 1, si - 1)..var..string.sub(val, ei + 1, -1)
else
error('Attempted to concatenate complex variable: '..name)
end
end
obj[k] = val ~= '' and val or nil
end
end
end
for k, v in pairs(self.input) do
if k ~= 'variable' then expandvars(v) end
end
local function insertrules(trules)
for i, trule in ipairs(trules) do
local t = self.iptables.config[trule.family][trule.table][trule.chain]
......
......@@ -13,9 +13,60 @@ require 'lpc'
require 'awall.object'
require 'awall.util'
local object = awall.object
local util = awall.util
local PolicyConfig = object.class(object.Object)
function PolicyConfig:init(data)
self.data = data
end
function PolicyConfig:eval(value)
local visited = {}
local pattern = '%$(%a[%w_]*)'
while type(value) == 'string' and string.find(value, pattern) do
local si, ei, name = string.find(value, pattern)
if util.contains(visited, name) then
error('Circular variable definition: '..name)
end
table.insert(visited, name)
local var = self.data.variable[name]
if not var then error('Invalid variable reference: '..name) end
if si == 1 and ei == string.len(value) then value = var
elseif util.contains({'number', 'string'}, type(var)) then
value = string.sub(value, 1, si - 1)..var..string.sub(value, ei + 1, -1)
else
error('Attempted to concatenate complex variable: '..name)
end
end
return value ~= '' and value or nil
end
function PolicyConfig:expand()
local function expand(obj)
for k, v in pairs(obj) do
if type(v) == 'table' then expand(v)
else obj[k] = self:eval(v) end
end
end
for k, v in pairs(self.data) do
if k ~= 'variable' then expand(v) end
end
return self.data
end
local function open(name, dirs)
if not string.match(name, '^[%w-]+$') then
error('Invalid characters in policy name: '..name)
......@@ -64,7 +115,7 @@ local function list(dirs)
end
PolicySet = awall.object.class(awall.object.Object)
PolicySet = object.class(object.Object)
function PolicySet:init(confdirs, importdirs)
self.autodirs = confdirs or {'/usr/share/awall/mandatory', '/etc/awall'}
......@@ -125,7 +176,7 @@ function PolicySet:load()
for i, pol in ipairs(list(self.autodirs)) do import(unpack(pol)) end
return input, imported
return PolicyConfig.new(input), imported
end
......@@ -160,7 +211,7 @@ function PolicySet:disable(name)
end
function PolicySet:list()
local input, imported = self:load()
local config, imported = self:load()
local pols = list(self.importdirs)
local i = 0
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment