mirror/1Panel
1
0
Fork 0
mirror of https://github.com/1Panel-dev/1Panel.git synced 2024-11-27 20:49:03 +08:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

fix: ufw 防火墙增加 sudo 判断 (#733)

Browse Source
This commit is contained in:
ssongliu 2023-04-20 18:44:17 +08:00 committed by GitHub
parent a0b820649e
commit 09ac40846f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 41 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
backend/app/service/firewall.go
View File

@ -368,7 +368,11 @@ func (u *FirewallService) pingStatus() string {
if _, err := os.Stat("/etc/sysctl.conf"); err != nil { if _, err := os.Stat("/etc/sysctl.conf"); err != nil {
return constant.StatusNone return constant.StatusNone
} }
stdout, _ := cmd.Exec("sudo cat /etc/sysctl.conf | grep net/ipv4/icmp_echo_ignore_all= ") commond := "cat /etc/sysctl.conf | grep net/ipv4/icmp_echo_ignore_all= "
if cmd.HasSudo() {
commond = "sudo cat /etc/sysctl.conf | grep net/ipv4/icmp_echo_ignore_all= "
}
stdout, _ := cmd.Exec(commond)
if stdout == "net/ipv4/icmp_echo_ignore_all=1\n" { if stdout == "net/ipv4/icmp_echo_ignore_all=1\n" {
return constant.StatusEnable return constant.StatusEnable
} }
@ -404,7 +408,11 @@ func (u *FirewallService) updatePingStatus(enabel string) error {
return err return err
} }
stdout, err := cmd.Exec("sudo sysctl -p") commond := "sysctl -p"
if cmd.HasSudo() {
commond = "sudo sysctl -p"
}
stdout, err := cmd.Exec(commond)
if err != nil { if err != nil {
return fmt.Errorf("update ping status failed, err: %v", stdout) return fmt.Errorf("update ping status failed, err: %v", stdout)
} }

13
backend/utils/cmd/cmd.go
View File

@ -4,10 +4,11 @@ import (
"bytes" "bytes"
"context" "context"
"fmt" "fmt"
"github.com/1Panel-dev/1Panel/backend/buserr"
"github.com/1Panel-dev/1Panel/backend/constant"
"os/exec" "os/exec"
"time" "time"
"github.com/1Panel-dev/1Panel/backend/buserr"
"github.com/1Panel-dev/1Panel/backend/constant"
) )
func Exec(cmdStr string) (string, error) { func Exec(cmdStr string) (string, error) {
@ -99,3 +100,11 @@ func HasNoPasswordSudo() bool {
err2 := cmd2.Run() err2 := cmd2.Run()
return err2 == nil return err2 == nil
} }
func HasSudo() bool {
cmd := exec.Command("sudo", "-nv")
if err := cmd.Run(); err != nil {
return false
}
return true
}

32
backend/utils/firewall/client/ufw.go
View File

@ -7,10 +7,18 @@ import (
"github.com/1Panel-dev/1Panel/backend/utils/cmd" "github.com/1Panel-dev/1Panel/backend/utils/cmd"
) )
type Ufw struct{} type Ufw struct {
CmdStr string
}
func NewUfw() (*Ufw, error) { func NewUfw() (*Ufw, error) {
return &Ufw{}, nil var ufw Ufw
if cmd.HasSudo() {
ufw.CmdStr = "sudo ufw"
} else {
ufw.CmdStr = "ufw"
}
return &ufw, nil
} }
func (f *Ufw) Name() string { func (f *Ufw) Name() string {
@ -18,7 +26,7 @@ func (f *Ufw) Name() string {
} }
func (f *Ufw) Status() (string, error) { func (f *Ufw) Status() (string, error) {
stdout, err := cmd.Exec("sudo ufw status | grep Status") stdout, err := cmd.Execf("%s status | grep Status", f.CmdStr)
if err != nil { if err != nil {
return "", fmt.Errorf("load the firewall status failed, err: %s", stdout) return "", fmt.Errorf("load the firewall status failed, err: %s", stdout)
} }
@ -29,7 +37,7 @@ func (f *Ufw) Status() (string, error) {
} }
func (f *Ufw) Version() (string, error) { func (f *Ufw) Version() (string, error) {
stdout, err := cmd.Exec("sudo ufw version | grep ufw") stdout, err := cmd.Execf("%s version | grep ufw", f.CmdStr)
if err != nil { if err != nil {
return "", fmt.Errorf("load the firewall status failed, err: %s", stdout) return "", fmt.Errorf("load the firewall status failed, err: %s", stdout)
} }
@ -38,7 +46,7 @@ func (f *Ufw) Version() (string, error) {
} }
func (f *Ufw) Start() error { func (f *Ufw) Start() error {
stdout, err := cmd.Exec("echo y | sudo ufw enable") stdout, err := cmd.Execf("echo y | %s enable", f.CmdStr)
if err != nil { if err != nil {
return fmt.Errorf("enable the firewall failed, err: %s", stdout) return fmt.Errorf("enable the firewall failed, err: %s", stdout)
} }
@ -46,7 +54,7 @@ func (f *Ufw) Start() error {
} }
func (f *Ufw) Stop() error { func (f *Ufw) Stop() error {
stdout, err := cmd.Exec("sudo ufw disable") stdout, err := cmd.Execf("%s disable", f.CmdStr)
if err != nil { if err != nil {
return fmt.Errorf("stop the firewall failed, err: %s", stdout) return fmt.Errorf("stop the firewall failed, err: %s", stdout)
} }
@ -58,7 +66,7 @@ func (f *Ufw) Reload() error {
} }
func (f *Ufw) ListPort() ([]FireInfo, error) { func (f *Ufw) ListPort() ([]FireInfo, error) {
stdout, err := cmd.Exec("sudo ufw status verbose") stdout, err := cmd.Execf("%s status verbose", f.CmdStr)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -83,7 +91,7 @@ func (f *Ufw) ListPort() ([]FireInfo, error) {
} }
func (f *Ufw) ListAddress() ([]FireInfo, error) { func (f *Ufw) ListAddress() ([]FireInfo, error) {
stdout, err := cmd.Exec("sudo ufw status verbose") stdout, err := cmd.Execf("%s status verbose", f.CmdStr)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -123,9 +131,9 @@ func (f *Ufw) Port(port FireInfo, operation string) error {
return fmt.Errorf("unsupport strategy %s", port.Strategy) return fmt.Errorf("unsupport strategy %s", port.Strategy)
} }
command := fmt.Sprintf("sudo ufw %s %s", port.Strategy, port.Port) command := fmt.Sprintf("%s %s %s", f.CmdStr, port.Strategy, port.Port)
if operation == "remove" { if operation == "remove" {
command = fmt.Sprintf("sudo ufw delete %s %s", port.Strategy, port.Port) command = fmt.Sprintf("%s delete %s %s", f.CmdStr, port.Strategy, port.Port)
} }
if len(port.Protocol) != 0 { if len(port.Protocol) != 0 {
command += fmt.Sprintf("/%s", port.Protocol) command += fmt.Sprintf("/%s", port.Protocol)
@ -147,9 +155,9 @@ func (f *Ufw) RichRules(rule FireInfo, operation string) error {
return fmt.Errorf("unsupport strategy %s", rule.Strategy) return fmt.Errorf("unsupport strategy %s", rule.Strategy)
} }
ruleStr := fmt.Sprintf("sudo ufw %s ", rule.Strategy) ruleStr := fmt.Sprintf("%s %s ", f.CmdStr, rule.Strategy)
if operation == "remove" { if operation == "remove" {
ruleStr = fmt.Sprintf("sudo ufw delete %s ", rule.Strategy) ruleStr = fmt.Sprintf("%s delete %s ", f.CmdStr, rule.Strategy)
} }
if len(rule.Protocol) != 0 { if len(rule.Protocol) != 0 {
ruleStr += fmt.Sprintf("proto %s ", rule.Protocol) ruleStr += fmt.Sprintf("proto %s ", rule.Protocol)