mirror of
https://github.com/openwrt/packages.git
synced 2026-05-31 15:02:01 +08:00
banip: update 1.8.8-3
- gated config sanity checks at the end of banip-functions.sh behind 'ban_action' to skip them on init script sourcing paths (enable/disable/help) - added a ubus socket guard around f_system to harden against pre-ubus sourcing - added a 'ban_bver' fallback in f_log for sourcing paths without prior f_system execution - reordered system utility references before system library sourcing, so f_log has a valid 'ban_logcmd' available if the library check fails - minor code improvements and fixes Signed-off-by: Dirk Brenken <dev@brenken.org>
This commit is contained in:
Dirk Brenken
+1
-1
@@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=banip
|
||||
PKG_VERSION:=1.8.8
|
||||
PKG_RELEASE:=2
|
||||
PKG_RELEASE:=3
|
||||
PKG_LICENSE:=GPL-3.0-or-later
|
||||
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
|
||||
|
||||
|
||||
@@ -148,13 +148,13 @@ f_cmd() {
|
||||
# check primary command,
|
||||
# if not found check secondary command if provided, otherwise log error
|
||||
#
|
||||
cmd="$(command -v "${pri_cmd}" 2>>"${ban_errorlog}")"
|
||||
if [ ! -x "${cmd}" ]; then
|
||||
cmd="$(command -v "${pri_cmd}" 2>/dev/null)"
|
||||
if [ -z "${cmd}" ]; then
|
||||
if [ -n "${sec_cmd}" ]; then
|
||||
[ "${sec_cmd}" = "optional" ] && return
|
||||
cmd="$(command -v "${sec_cmd}" 2>>"${ban_errorlog}")"
|
||||
fi
|
||||
if [ -x "${cmd}" ]; then
|
||||
if [ -n "${cmd}" ]; then
|
||||
printf '%s' "${cmd}"
|
||||
else
|
||||
f_log "emerg" "command '${pri_cmd:-"-"}'/'${sec_cmd:-"-"}' not found"
|
||||
@@ -261,19 +261,19 @@ f_log() {
|
||||
|
||||
if [ -n "${log_msg}" ] && { [ "${class}" != "debug" ] || [ "${ban_debug}" = "1" ]; }; then
|
||||
if [ -x "${ban_logcmd}" ]; then
|
||||
"${ban_logcmd}" -p "${class}" -t "banIP-${ban_bver}[${$}]" "${log_msg::512}"
|
||||
"${ban_logcmd}" -p "${class}" -t "banIP-${ban_bver:-"-"}[${$}]" "${log_msg::512}"
|
||||
else
|
||||
printf '%s %s %s\n' "${class}" "banIP-${ban_bver}[${$}]" "${log_msg::512}"
|
||||
printf '%s %s %s\n' "${class}" "banIP-${ban_bver:-"-"}[${$}]" "${log_msg::512}" >&2
|
||||
fi
|
||||
fi
|
||||
if [ "${class}" = "err" ] || [ "${class}" = "emerg" ]; then
|
||||
if [ "${class}" = "err" ]; then
|
||||
"${ban_nftcmd}" delete table inet banIP >/dev/null 2>&1
|
||||
if [ "$(uci_get banip global ban_enabled)" = "1" ]; then
|
||||
f_genstatus "error"
|
||||
[ -s "${ban_rtfile}" ] && f_genstatus "error"
|
||||
[ "${ban_mailnotification}" = "1" ] && [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ] && f_mail
|
||||
else
|
||||
f_genstatus "disabled"
|
||||
[ -s "${ban_rtfile}" ] && f_genstatus "disabled"
|
||||
fi
|
||||
fi
|
||||
f_rmdir "${ban_tmpdir}"
|
||||
@@ -512,8 +512,8 @@ f_actual() {
|
||||
f_getdl() {
|
||||
local fetch fetch_list insecure update="0"
|
||||
|
||||
ban_fetchcmd="$(command -v "${ban_fetchcmd}")"
|
||||
if { [ "${ban_autodetect}" = "1" ] && [ -z "${ban_fetchcmd}" ]; } || [ ! -x "${ban_fetchcmd}" ]; then
|
||||
ban_fetchcmd="$(command -v "${ban_fetchcmd}" 2>/dev/null)"
|
||||
if [ -z "${ban_fetchcmd}" ]; then
|
||||
fetch_list="curl wget-ssl libustream-openssl libustream-wolfssl libustream-mbedtls"
|
||||
for fetch in ${fetch_list}; do
|
||||
case "${ban_packages}" in *"\"${fetch}\""*)
|
||||
@@ -525,9 +525,9 @@ f_getdl() {
|
||||
fetch="uclient-fetch"
|
||||
;;
|
||||
esac
|
||||
if [ -x "$(command -v "${fetch}")" ]; then
|
||||
ban_fetchcmd="$(command -v "${fetch}" 2>/dev/null)"
|
||||
if [ -n "${ban_fetchcmd}" ]; then
|
||||
update="1"
|
||||
ban_fetchcmd="$(command -v "${fetch}")"
|
||||
uci_set banip global ban_fetchcmd "${fetch}"
|
||||
uci_commit "banip"
|
||||
break
|
||||
@@ -537,7 +537,7 @@ f_getdl() {
|
||||
done
|
||||
fi
|
||||
|
||||
[ ! -x "${ban_fetchcmd}" ] && f_log "err" "download utility with SSL support not found, please set 'ban_fetchcmd' manually"
|
||||
[ -z "${ban_fetchcmd}" ] && f_log "err" "download utility with SSL support not found, please set 'ban_fetchcmd' manually"
|
||||
case "${ban_fetchcmd##*/}" in
|
||||
"curl")
|
||||
[ "${ban_fetchinsecure}" = "1" ] && insecure="--insecure"
|
||||
@@ -766,9 +766,16 @@ f_etag() {
|
||||
|
||||
# compare http code and etag id with stored values, update etag file and return code accordingly
|
||||
#
|
||||
etag_cnt="$("${ban_grepcmd}" -c "^${feed} " "${ban_backupdir}/banIP.etag")"
|
||||
etag_cnt="$("${ban_awkcmd}" -v f="${feed}" '$1 == f { n++ } END { print n+0 }' "${ban_backupdir}/banIP.etag")"
|
||||
if [ "${http_code}" = "200" ] && [ "${etag_cnt}" = "${feed_cnt}" ] && [ -n "${etag_id}" ] &&
|
||||
"${ban_grepcmd}" -q "^${feed} ${feed_suffix}[[:space:]]\+${etag_id}\$" "${ban_backupdir}/banIP.etag"; then
|
||||
"${ban_awkcmd}" -v f="${feed}" -v s="${feed_suffix}" -v e="${etag_id}" '
|
||||
BEGIN { rc = 1; p = f " " s }
|
||||
index($0, p) == 1 {
|
||||
rest = substr($0, length(p) + 1)
|
||||
sub(/^[[:space:]]+/, "", rest)
|
||||
if (rest == e) { rc = 0; exit }
|
||||
}
|
||||
END { exit rc }' "${ban_backupdir}/banIP.etag"; then
|
||||
out_rc="0"
|
||||
elif [ -n "${etag_id}" ]; then
|
||||
|
||||
@@ -776,11 +783,16 @@ f_etag() {
|
||||
# otherwise only remove the entry with the matching feed suffix (feed url) to allow multiple sources for the same feed
|
||||
#
|
||||
if [ "${feed_cnt}" -lt "${etag_cnt}" ]; then
|
||||
"${ban_sedcmd}" -i "/^${feed} /d" "${ban_backupdir}/banIP.etag"
|
||||
"${ban_awkcmd}" -v f="${feed}" '$1 != f' \
|
||||
"${ban_backupdir}/banIP.etag" >"${ban_backupdir}/banIP.etag.new"
|
||||
else
|
||||
"${ban_sedcmd}" -i "/^${feed} ${feed_suffix//\//\\/}/d" "${ban_backupdir}/banIP.etag"
|
||||
"${ban_awkcmd}" -v f="${feed}" -v s="${feed_suffix}" '
|
||||
BEGIN { p = f " " s }
|
||||
index($0, p) != 1' \
|
||||
"${ban_backupdir}/banIP.etag" >"${ban_backupdir}/banIP.etag.new"
|
||||
fi
|
||||
printf '%-50s%s\n' "${feed} ${feed_suffix}" "${etag_id}" >>"${ban_backupdir}/banIP.etag"
|
||||
"${ban_mvcmd}" -f "${ban_backupdir}/banIP.etag.new" "${ban_backupdir}/banIP.etag"
|
||||
printf '%s\t%s\n' "${feed} ${feed_suffix}" "${etag_id}" >>"${ban_backupdir}/banIP.etag"
|
||||
out_rc="2"
|
||||
fi
|
||||
|
||||
@@ -2784,16 +2796,6 @@ f_monitor() {
|
||||
fi
|
||||
}
|
||||
|
||||
# initial sourcing
|
||||
#
|
||||
if [ -r "/lib/functions.sh" ] && [ -r "/lib/functions/network.sh" ] && [ -r "/usr/share/libubox/jshn.sh" ]; then
|
||||
. "/lib/functions.sh"
|
||||
. "/lib/functions/network.sh"
|
||||
. "/usr/share/libubox/jshn.sh"
|
||||
else
|
||||
f_log "emerg" "system libraries not found"
|
||||
fi
|
||||
|
||||
# reference required system utilities
|
||||
#
|
||||
ban_awkcmd="$(f_cmd gawk)"
|
||||
@@ -2816,8 +2818,21 @@ ban_wccmd="$(f_cmd wc)"
|
||||
ban_mvcmd="$(f_cmd mv)"
|
||||
ban_rmcmd="$(f_cmd rm)"
|
||||
|
||||
f_system
|
||||
if [ "${ban_action}" != "stop" ]; then
|
||||
# initial sourcing
|
||||
#
|
||||
if [ -r "/lib/functions.sh" ] && [ -r "/lib/functions/network.sh" ] && [ -r "/usr/share/libubox/jshn.sh" ]; then
|
||||
. "/lib/functions.sh"
|
||||
. "/lib/functions/network.sh"
|
||||
. "/usr/share/libubox/jshn.sh"
|
||||
else
|
||||
f_log "emerg" "system libraries not found"
|
||||
fi
|
||||
|
||||
# initial system check
|
||||
#
|
||||
[ -S "/var/run/ubus/ubus.sock" ] && f_system
|
||||
|
||||
if [ -n "${ban_action}" ] && [ "${ban_action}" != "stop" ]; then
|
||||
[ ! -d "/etc/banip" ] && f_log "err" "no banIP config directory"
|
||||
[ ! -r "/etc/config/banip" ] && f_log "err" "no banIP config"
|
||||
[ "$(uci_get banip global ban_enabled)" = "0" ] && f_log "err" "banIP is disabled"
|
||||
|
||||
@@ -69,7 +69,6 @@ start_service() {
|
||||
procd_close_instance
|
||||
else
|
||||
f_log "err" "banIP service autostart is disabled"
|
||||
rm -rf "${ban_lock}"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user