fix: ufw 防火墙增加 sudo 判断 (#733)

2 years ago · 09ac40846f
3 changed files with 41 additions and 16 deletions
--- a/backend/app/service/firewall.go
+++ b/backend/app/service/firewall.go
@ -368,7 +368,11 @@ func (u *FirewallService) pingStatus() string {
 	if _, err := os.Stat("/etc/sysctl.conf"); err != nil {
 		return constant.StatusNone
 	}
-	stdout, _ := cmd.Exec("sudo cat /etc/sysctl.conf | grep net/ipv4/icmp_echo_ignore_all= ")
+	commond := "cat /etc/sysctl.conf | grep net/ipv4/icmp_echo_ignore_all= "
+	if cmd.HasSudo() {
+		commond = "sudo cat /etc/sysctl.conf | grep net/ipv4/icmp_echo_ignore_all= "
+	}
+	stdout, _ := cmd.Exec(commond)
 	if stdout == "net/ipv4/icmp_echo_ignore_all=1\n" {
 		return constant.StatusEnable
 	}
@ -404,7 +408,11 @@ func (u *FirewallService) updatePingStatus(enabel string) error {
 		return err
 	}

-	stdout, err := cmd.Exec("sudo sysctl -p")
+	commond := "sysctl -p"
+	if cmd.HasSudo() {
+		commond = "sudo sysctl -p"
+	}
+	stdout, err := cmd.Exec(commond)
 	if err != nil {
 		return fmt.Errorf("update ping status failed, err: %v", stdout)
 	}
--- a/backend/utils/cmd/cmd.go
+++ b/backend/utils/cmd/cmd.go
@ -4,10 +4,11 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"github.com/1Panel-dev/1Panel/backend/buserr"
-	"github.com/1Panel-dev/1Panel/backend/constant"
 	"os/exec"
 	"time"
+
+	"github.com/1Panel-dev/1Panel/backend/buserr"
+	"github.com/1Panel-dev/1Panel/backend/constant"
 )

 func Exec(cmdStr string) (string, error) {
@ -99,3 +100,11 @@ func HasNoPasswordSudo() bool {
 	err2 := cmd2.Run()
 	return err2 == nil
 }
+
+func HasSudo() bool {
+	cmd := exec.Command("sudo", "-nv")
+	if err := cmd.Run(); err != nil {
+		return false
+	}
+	return true
+}
--- a/backend/utils/firewall/client/ufw.go
+++ b/backend/utils/firewall/client/ufw.go
@ -7,10 +7,18 @@ import (
 	"github.com/1Panel-dev/1Panel/backend/utils/cmd"
 )

-type Ufw struct{}
+type Ufw struct {
+	CmdStr string
+}

 func NewUfw() (*Ufw, error) {
-	return &Ufw{}, nil
+	var ufw Ufw
+	if cmd.HasSudo() {
+		ufw.CmdStr = "sudo ufw"
+	} else {
+		ufw.CmdStr = "ufw"
+	}
+	return &ufw, nil
 }

 func (f *Ufw) Name() string {
@ -18,7 +26,7 @@ func (f *Ufw) Name() string {
 }

 func (f *Ufw) Status() (string, error) {
-	stdout, err := cmd.Exec("sudo ufw status | grep Status")
+	stdout, err := cmd.Execf("%s status | grep Status", f.CmdStr)
 	if err != nil {
 		return "", fmt.Errorf("load the firewall status failed, err: %s", stdout)
 	}
@ -29,7 +37,7 @@ func (f *Ufw) Status() (string, error) {
 }

 func (f *Ufw) Version() (string, error) {
-	stdout, err := cmd.Exec("sudo ufw version | grep ufw")
+	stdout, err := cmd.Execf("%s version | grep ufw", f.CmdStr)
 	if err != nil {
 		return "", fmt.Errorf("load the firewall status failed, err: %s", stdout)
 	}
@ -38,7 +46,7 @@ func (f *Ufw) Version() (string, error) {
 }

 func (f *Ufw) Start() error {
-	stdout, err := cmd.Exec("echo y | sudo ufw enable")
+	stdout, err := cmd.Execf("echo y | %s enable", f.CmdStr)
 	if err != nil {
 		return fmt.Errorf("enable the firewall failed, err: %s", stdout)
 	}
@ -46,7 +54,7 @@ func (f *Ufw) Start() error {
 }

 func (f *Ufw) Stop() error {
-	stdout, err := cmd.Exec("sudo ufw disable")
+	stdout, err := cmd.Execf("%s disable", f.CmdStr)
 	if err != nil {
 		return fmt.Errorf("stop the firewall failed, err: %s", stdout)
 	}
@ -58,7 +66,7 @@ func (f *Ufw) Reload() error {
 }

 func (f *Ufw) ListPort() ([]FireInfo, error) {
-	stdout, err := cmd.Exec("sudo ufw  status verbose")
+	stdout, err := cmd.Execf("%s status verbose", f.CmdStr)
 	if err != nil {
 		return nil, err
 	}
@ -83,7 +91,7 @@ func (f *Ufw) ListPort() ([]FireInfo, error) {
 }

 func (f *Ufw) ListAddress() ([]FireInfo, error) {
-	stdout, err := cmd.Exec("sudo ufw  status verbose")
+	stdout, err := cmd.Execf("%s status verbose", f.CmdStr)
 	if err != nil {
 		return nil, err
 	}
@ -123,9 +131,9 @@ func (f *Ufw) Port(port FireInfo, operation string) error {
 		return fmt.Errorf("unsupport strategy %s", port.Strategy)
 	}

-	command := fmt.Sprintf("sudo ufw %s %s", port.Strategy, port.Port)
+	command := fmt.Sprintf("%s %s %s", f.CmdStr, port.Strategy, port.Port)
 	if operation == "remove" {
-		command = fmt.Sprintf("sudo ufw delete %s %s", port.Strategy, port.Port)
+		command = fmt.Sprintf("%s delete %s %s", f.CmdStr, port.Strategy, port.Port)
 	}
 	if len(port.Protocol) != 0 {
 		command += fmt.Sprintf("/%s", port.Protocol)
@ -147,9 +155,9 @@ func (f *Ufw) RichRules(rule FireInfo, operation string) error {
 		return fmt.Errorf("unsupport strategy %s", rule.Strategy)
 	}

-	ruleStr := fmt.Sprintf("sudo ufw %s ", rule.Strategy)
+	ruleStr := fmt.Sprintf("%s %s ", f.CmdStr, rule.Strategy)
 	if operation == "remove" {
-		ruleStr = fmt.Sprintf("sudo ufw delete %s ", rule.Strategy)
+		ruleStr = fmt.Sprintf("%s delete %s ", f.CmdStr, rule.Strategy)
 	}
 	if len(rule.Protocol) != 0 {
 		ruleStr += fmt.Sprintf("proto %s ", rule.Protocol)