From 2d037f5e7340d205d74baf7f04f195805bf182c8 Mon Sep 17 00:00:00 2001 From: Rahul Thakur Date: Fri, 29 Nov 2024 15:10:28 +0530 Subject: [PATCH] hostmngr: read access control schedule from schedules * The Schedule object is deprecated in 2.18 and ScheduleRef is introduced, update script to generate rules accordingly. * Some shell script improvements. --- hostmngr/files/scripts/hosts_acl.sh | 34 ++++++++++++----------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/hostmngr/files/scripts/hosts_acl.sh b/hostmngr/files/scripts/hosts_acl.sh index 89c4eb237..f0388865d 100755 --- a/hostmngr/files/scripts/hosts_acl.sh +++ b/hostmngr/files/scripts/hosts_acl.sh @@ -114,16 +114,16 @@ ip_rule_east_zone() { add_access_rule() { local rule="$1" - echo "iptables -w -A hosts_forward ${rule}" >> $ACL_FILE - echo "ip6tables -w -A hosts_forward ${rule}" >> $ACL_FILE + echo "iptables -w -A hosts_forward ${rule}" >> "$ACL_FILE" + echo "ip6tables -w -A hosts_forward ${rule}" >> "$ACL_FILE" } handle_day_list() { local value=$1 - val=$(echo $value | cut -c 1-3) - next_day_val=$(get_next_day $val) - prev_day_val=$(get_previous_day $val) + val=$(echo "$value" | cut -c 1-3) + next_day_val=$(get_next_day "$val") + prev_day_val=$(get_previous_day "$val") if [ -z $day ]; then day="$val" next_days="$next_day_val" @@ -137,8 +137,6 @@ handle_day_list() { handle_schedule() { local schd_section="$1" - local ac_section="$2" - local acs_id local start_time local duration @@ -148,11 +146,7 @@ handle_schedule() { next_days="" prev_days="" - config_get acs_id "$schd_section" "dm_parent" - - if [ "$acs_id" != "$ac_section" ]; then - return # schedule not for this access control section - fi + config_load schedules local is_enabled config_get is_enabled "$schd_section" "enable" 0 @@ -166,7 +160,7 @@ handle_schedule() { IFS=" " for d in $day_config; do - handle_day_list $d + handle_day_list "$d" done config_get start_time "$schd_section" "start_time" "00:00" @@ -174,8 +168,8 @@ handle_schedule() { zone=$(date +%z | cut -c 1) local_start_time=$start_time - hh=$(echo $local_start_time | awk -F: '{ print $1 }') - mm=$(echo $local_start_time | awk -F: '{ print $2 }') + hh=$(echo "$local_start_time" | awk -F: '{ print $1 }') + mm=$(echo "$local_start_time" | awk -F: '{ print $2 }') hh_s=`expr $hh \* 3600` mm_s=`expr $mm \* 60` ss=$(( hh_s + mm_s )) @@ -197,12 +191,12 @@ handle_schedule() { utc_start_time=$(date -u -d @$(date "+%s" -d "$local_start_time") +%H:%M) utc_stop_time=$(date -u -d @$(date "+%s" -d "$local_stop_time") +%H:%M) - utc_start_hh=$(echo $utc_start_time | awk -F: '{ print $1 }') - utc_stop_hh=$(echo $utc_stop_time | awk -F: '{ print $1 }') + utc_start_hh=$(echo "$utc_start_time" | awk -F: '{ print $1 }') + utc_stop_hh=$(echo "$utc_stop_time" | awk -F: '{ print $1 }') if [ "$zone" == "-" ]; then - ip_rule_west_zone $utc_start_hh $utc_stop_hh $local_start_hh $local_stop_hh $utc_start_time $utc_stop_time + ip_rule_west_zone "$utc_start_hh" "$utc_stop_hh" "$local_start_hh" "$local_stop_hh" "$utc_start_time" "$utc_stop_time" else - ip_rule_east_zone $utc_start_hh $utc_stop_hh $local_start_hh $local_stop_hh $utc_start_time $utc_stop_time + ip_rule_east_zone "$utc_start_hh" "$utc_stop_hh" "$local_start_hh" "$local_stop_hh" "$utc_start_time" "$utc_stop_time" fi IP_RULE="$IP_RULE -j ACCEPT" @@ -258,7 +252,7 @@ handle_access_control() { schedule_added="0" # check if schedule is defined for this access_control instance # and if yes, create rule accordingly - config_foreach handle_schedule ac_schedule "$ac_section" + config_list_foreach "$ac_section" access_control_schedule handle_schedule # for access rule to work, need to have default drop rule as last rule if [ "$schedule_added" == "1" ]; then