--- loncom/lciptables 2009/06/11 00:15:27 1.1 +++ loncom/lciptables 2011/05/14 23:38:07 1.6 @@ -2,7 +2,7 @@ # # The Learning Online Network with CAPA # -# $Id: lciptables,v 1.1 2009/06/11 00:15:27 raeburn Exp $ +# $Id: lciptables,v 1.6 2011/05/14 23:38:07 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -57,15 +57,15 @@ print "In lciptables\n" unless $noprint; # ----------------------------- Make sure this process is running from user=www my $wwwid=getpwnam('www'); -&DisableRoot; -if ($wwwid!=$>) { + +if ($wwwid!=$<) { print("User ID mismatch. This program must be run as user 'www'\n") unless $noprint; &Exit(1); } # ----------------------------------- Retrieve IP addreses for hosts in cluster -&DisableRoot; + my %iphost; if (@ARGV != 1) { @@ -88,26 +88,19 @@ if (-e $tmpfile) { &Exit(3); } -# --------------------------- Handle case of another lciptables process (locking) -unless (&try_to_lock("/tmp/lock_lciptables")) { - print "Error. Too many other simultaneous iptables manipulation requests being ". - "made.\n" unless $noprint; - &Exit(4); -} - my $lond_port = &LONCAPA::Firewall::get_lond_port(); -($>,$<)=($wwwid,0); + &EnableRoot(); -my $fw_chain = &LONCAPA::Firewall::get_fw_chain(); +my @fw_chains = &LONCAPA::Firewall::get_fw_chains(); my $iptables = &LONCAPA::Firewall::get_pathto_iptables(); my $firewall_result = - &LONCAPA::Firewall::firewall_close_port($iptables,$fw_chain,$lond_port,[$lond_port]); + &LONCAPA::Firewall::firewall_close_port($iptables,\@fw_chains,$lond_port,\%iphost,[$lond_port]); if ($firewall_result) { print "$firewall_result\n"; } -my $firewall_result = &LONCAPA::Firewall::firewall_open_port($iptables,$fw_chain,$lond_port,\%iphost,[$lond_port]); +$firewall_result = &LONCAPA::Firewall::firewall_open_port($iptables,\@fw_chains,$lond_port,\%iphost,[$lond_port]); if ($firewall_result) { print "$firewall_result\n"; } @@ -115,7 +108,6 @@ if ($firewall_result) { # -------------------------------------------------------- Exit script print "lciptables Exiting\n" unless $noprint; &DisableRoot; -unlink('/tmp/lock_lciptables'); &Exit(0); @@ -140,42 +132,6 @@ sub DisableRoot { } } -sub try_to_lock { - my ($lockfile)=@_; - my $currentpid; - my $lastpid; - # Do not manipulate lock file as root - if ($>==0) { - return 0; - } - # Try to generate lock file. - # Wait 3 seconds. If same process id is in - # lock file, then assume lock file is stale, and - # go ahead. If process id's fluctuate, try - # for a maximum of 10 times. - for (0..10) { - if (-e $lockfile) { - open(LOCK,"<$lockfile"); - $currentpid=; - close LOCK; - if ($currentpid==$lastpid) { - last; - } - sleep 3; - $lastpid=$currentpid; - } else { - last; - } - if ($_==10) { - return 0; - } - } - open(LOCK,">$lockfile"); - print LOCK $$; - close LOCK; - return 1; -} - sub Exit { my ($code) = @_; &DisableRoot();