From 09ac40846feb1ae72696684f0fc3d1dd7a111364 Mon Sep 17 00:00:00 2001 From: ssongliu <73214554+ssongliu@users.noreply.github.com> Date: Thu, 20 Apr 2023 18:44:17 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20ufw=20=E9=98=B2=E7=81=AB=E5=A2=99?= =?UTF-8?q?=E5=A2=9E=E5=8A=A0=20sudo=20=E5=88=A4=E6=96=AD=20(#733)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/app/service/firewall.go | 12 +++++++++-- backend/utils/cmd/cmd.go | 13 +++++++++-- backend/utils/firewall/client/ufw.go | 32 +++++++++++++++++----------- 3 files changed, 41 insertions(+), 16 deletions(-) diff --git a/backend/app/service/firewall.go b/backend/app/service/firewall.go index 74ea476b6..556c088f5 100644 --- a/backend/app/service/firewall.go +++ b/backend/app/service/firewall.go @@ -368,7 +368,11 @@ func (u *FirewallService) pingStatus() string { if _, err := os.Stat("/etc/sysctl.conf"); err != nil { return constant.StatusNone } - stdout, _ := cmd.Exec("sudo cat /etc/sysctl.conf | grep net/ipv4/icmp_echo_ignore_all= ") + commond := "cat /etc/sysctl.conf | grep net/ipv4/icmp_echo_ignore_all= " + if cmd.HasSudo() { + commond = "sudo cat /etc/sysctl.conf | grep net/ipv4/icmp_echo_ignore_all= " + } + stdout, _ := cmd.Exec(commond) if stdout == "net/ipv4/icmp_echo_ignore_all=1\n" { return constant.StatusEnable } @@ -404,7 +408,11 @@ func (u *FirewallService) updatePingStatus(enabel string) error { return err } - stdout, err := cmd.Exec("sudo sysctl -p") + commond := "sysctl -p" + if cmd.HasSudo() { + commond = "sudo sysctl -p" + } + stdout, err := cmd.Exec(commond) if err != nil { return fmt.Errorf("update ping status failed, err: %v", stdout) } diff --git a/backend/utils/cmd/cmd.go b/backend/utils/cmd/cmd.go index bbe7f92c5..7c28556b2 100644 --- a/backend/utils/cmd/cmd.go +++ b/backend/utils/cmd/cmd.go @@ -4,10 +4,11 @@ import ( "bytes" "context" "fmt" - "github.com/1Panel-dev/1Panel/backend/buserr" - "github.com/1Panel-dev/1Panel/backend/constant" "os/exec" "time" + + "github.com/1Panel-dev/1Panel/backend/buserr" + "github.com/1Panel-dev/1Panel/backend/constant" ) func Exec(cmdStr string) (string, error) { @@ -99,3 +100,11 @@ func HasNoPasswordSudo() bool { err2 := cmd2.Run() return err2 == nil } + +func HasSudo() bool { + cmd := exec.Command("sudo", "-nv") + if err := cmd.Run(); err != nil { + return false + } + return true +} diff --git a/backend/utils/firewall/client/ufw.go b/backend/utils/firewall/client/ufw.go index a0c6f3a24..fd3e184b3 100644 --- a/backend/utils/firewall/client/ufw.go +++ b/backend/utils/firewall/client/ufw.go @@ -7,10 +7,18 @@ import ( "github.com/1Panel-dev/1Panel/backend/utils/cmd" ) -type Ufw struct{} +type Ufw struct { + CmdStr string +} func NewUfw() (*Ufw, error) { - return &Ufw{}, nil + var ufw Ufw + if cmd.HasSudo() { + ufw.CmdStr = "sudo ufw" + } else { + ufw.CmdStr = "ufw" + } + return &ufw, nil } func (f *Ufw) Name() string { @@ -18,7 +26,7 @@ func (f *Ufw) Name() string { } func (f *Ufw) Status() (string, error) { - stdout, err := cmd.Exec("sudo ufw status | grep Status") + stdout, err := cmd.Execf("%s status | grep Status", f.CmdStr) if err != nil { return "", fmt.Errorf("load the firewall status failed, err: %s", stdout) } @@ -29,7 +37,7 @@ func (f *Ufw) Status() (string, error) { } func (f *Ufw) Version() (string, error) { - stdout, err := cmd.Exec("sudo ufw version | grep ufw") + stdout, err := cmd.Execf("%s version | grep ufw", f.CmdStr) if err != nil { return "", fmt.Errorf("load the firewall status failed, err: %s", stdout) } @@ -38,7 +46,7 @@ func (f *Ufw) Version() (string, error) { } func (f *Ufw) Start() error { - stdout, err := cmd.Exec("echo y | sudo ufw enable") + stdout, err := cmd.Execf("echo y | %s enable", f.CmdStr) if err != nil { return fmt.Errorf("enable the firewall failed, err: %s", stdout) } @@ -46,7 +54,7 @@ func (f *Ufw) Start() error { } func (f *Ufw) Stop() error { - stdout, err := cmd.Exec("sudo ufw disable") + stdout, err := cmd.Execf("%s disable", f.CmdStr) if err != nil { return fmt.Errorf("stop the firewall failed, err: %s", stdout) } @@ -58,7 +66,7 @@ func (f *Ufw) Reload() error { } func (f *Ufw) ListPort() ([]FireInfo, error) { - stdout, err := cmd.Exec("sudo ufw status verbose") + stdout, err := cmd.Execf("%s status verbose", f.CmdStr) if err != nil { return nil, err } @@ -83,7 +91,7 @@ func (f *Ufw) ListPort() ([]FireInfo, error) { } func (f *Ufw) ListAddress() ([]FireInfo, error) { - stdout, err := cmd.Exec("sudo ufw status verbose") + stdout, err := cmd.Execf("%s status verbose", f.CmdStr) if err != nil { return nil, err } @@ -123,9 +131,9 @@ func (f *Ufw) Port(port FireInfo, operation string) error { return fmt.Errorf("unsupport strategy %s", port.Strategy) } - command := fmt.Sprintf("sudo ufw %s %s", port.Strategy, port.Port) + command := fmt.Sprintf("%s %s %s", f.CmdStr, port.Strategy, port.Port) if operation == "remove" { - command = fmt.Sprintf("sudo ufw delete %s %s", port.Strategy, port.Port) + command = fmt.Sprintf("%s delete %s %s", f.CmdStr, port.Strategy, port.Port) } if len(port.Protocol) != 0 { command += fmt.Sprintf("/%s", port.Protocol) @@ -147,9 +155,9 @@ func (f *Ufw) RichRules(rule FireInfo, operation string) error { return fmt.Errorf("unsupport strategy %s", rule.Strategy) } - ruleStr := fmt.Sprintf("sudo ufw %s ", rule.Strategy) + ruleStr := fmt.Sprintf("%s %s ", f.CmdStr, rule.Strategy) if operation == "remove" { - ruleStr = fmt.Sprintf("sudo ufw delete %s ", rule.Strategy) + ruleStr = fmt.Sprintf("%s delete %s ", f.CmdStr, rule.Strategy) } if len(rule.Protocol) != 0 { ruleStr += fmt.Sprintf("proto %s ", rule.Protocol)