improved error handling

do not print stack trace in case of user errors, fixes #1453
immediate fallback after failed activation, even with --force, before main process exit, fixes #1584

4 files changed, 44 insertions, 18 deletions

diff --git a/awall/iptables.lua b/awall/iptables.lua
index 02536e8..32b59b2 100644
--- a/awall/iptables.lua
+++ b/awall/iptables.lua
@@ -1,6 +1,6 @@
 --[[
 Iptables file dumper for Alpine Wall
-Copyright (C) 2012 Kaarle Ritvanen
+Copyright (C) 2012-2013 Kaarle Ritvanen
 Licensed under the terms of GPL2
 ]]--
 
@@ -10,6 +10,7 @@ module(..., package.seeall)
 require 'lpc'
 
 require 'awall.object'
+require 'awall.uerror'
 require 'awall.util'
 
 local class = awall.object.class
@@ -70,7 +71,7 @@ function BaseIPTables:restore(test)
       end
    end
 
-   if disabled then error('Firewall not enabled in kernel') end
+   if disabled then awall.uerror.raise('Firewall not enabled in kernel') end
 end
 
 function BaseIPTables:activate()
diff --git a/awall/model.lua b/awall/model.lua
index c904a53..1746c7a 100644
--- a/awall/model.lua
+++ b/awall/model.lua
@@ -12,6 +12,7 @@ require 'awall.host'
 require 'awall.iptables'
 require 'awall.object'
 require 'awall.optfrag'
+require 'awall.uerror'
 require 'awall.util'
 
 local util = awall.util
@@ -43,7 +44,9 @@ function ConfigObject:create(cls, params)
    return cls.morph(params, self.context, self.location)
 end
 
-function ConfigObject:error(msg) error(self.location..': '..msg) end
+function ConfigObject:error(msg)
+   awall.uerror.raise(self.location..': '..msg)
+end
 
 function ConfigObject:warning(msg)
    io.stderr:write(self.location..': '..msg..'\n')
diff --git a/awall/policy.lua b/awall/policy.lua
index 2ecfdc2..396a3a6 100644
--- a/awall/policy.lua
+++ b/awall/policy.lua
@@ -12,9 +12,8 @@ require 'lpc'
 
 require 'awall.dependency'
 require 'awall.object'
-require 'awall.util'
-
-local util = awall.util
+local raise = require('awall.uerror').raise
+local util = require('awall.util')
 
 
 local PolicyConfig = awall.object.class()
@@ -37,18 +36,18 @@ function PolicyConfig:expand()
 	 local si, ei, name = string.find(value, pattern)
 	 
 	 if util.contains(visited, name) then
-	    error('Circular variable definition: '..name)
+	    raise('Circular variable definition: '..name)
 	 end
 	 table.insert(visited, name)
 	 
 	 local var = self.data.variable[name]
-	 if not var then error('Invalid variable reference: '..name) end
+	 if not var then raise('Invalid variable reference: '..name) end
 	 
 	 if si == 1 and ei == string.len(value) then value = var
 	 elseif util.contains({'number', 'string'}, type(var)) then
 	    value = string.sub(value, 1, si - 1)..var..string.sub(value, ei + 1, -1)
 	 else
-	    error('Attempted to concatenate complex variable: '..name)
+	    raise('Attempted to concatenate complex variable: '..name)
 	 end
       end
 
@@ -63,7 +62,7 @@ end
 
 local function open(name, dirs)
    if not string.match(name, '^[%w-]+$') then
-      error('Invalid characters in policy name: '..name)
+      raise('Invalid characters in policy name: '..name)
    end
    for i, dir in ipairs(dirs) do
       local path = dir..'/'..name..'.json'
@@ -90,7 +89,7 @@ local function list(dirs)
 	 local si, ei, name = string.find(fname, '^([%w-]+)%.json$')
 	 if name then
 	    if util.contains(allnames, name) then
-	       error('Duplicate policy name: '..name)
+	       raise('Duplicate policy name: '..name)
 	    end
 	    table.insert(allnames, name)
 
@@ -126,7 +125,7 @@ function PolicySet:loadJSON(name, fname)
    else
       file, fname = open(name, self.importdirs)
    end
-   if not file then error('Unable to read policy file '..fname) end
+   if not file then raise('Unable to read policy file '..fname) end
 
    local data = ''
    for line in file:lines() do data = data..line end
@@ -134,7 +133,7 @@ function PolicySet:loadJSON(name, fname)
 
    local success, res = pcall(json.decode, data)
    if success then return res end
-   error(res..' while parsing '..fname)
+   raise(res..' while parsing '..fname)
 end
 
 
@@ -157,7 +156,7 @@ function PolicySet:load()
 
    local order = awall.dependency.order(policies)
    if type(order) ~= 'table' then
-      error('Circular ordering directives: '..order)
+      raise('Circular ordering directives: '..order)
    end
 
 
@@ -196,16 +195,16 @@ end
 function PolicySet:findsymlink(name)
    local symlink = find(name, {self.confdir})
    if symlink and lfs.symlinkattributes(symlink).mode ~= 'link' then
-      error('Not an optional policy: '..name)
+      raise('Not an optional policy: '..name)
    end
    return symlink
 end
 
 function PolicySet:enable(name)
-   if self:findsymlink(name) then error('Policy already enabled: '..name)
+   if self:findsymlink(name) then raise('Policy already enabled: '..name)
    else
       local target = find(name, self.importdirs)
-      if not target then error('Policy not found: '..name) end
+      if not target then raise('Policy not found: '..name) end
       if string.sub(target, 1, 1) ~= '/' then
 	 target = lfs.currentdir()..'/'..target
       end
@@ -219,7 +218,7 @@ end
 
 function PolicySet:disable(name)
    local symlink = self:findsymlink(name)
-   if not symlink then error('Policy not enabled: '..name) end
+   if not symlink then raise('Policy not enabled: '..name) end
    assert(os.remove(symlink))
 end
 
diff --git a/awall/uerror.lua b/awall/uerror.lua
new file mode 100644
index 0000000..a3df48c
--- /dev/null
+++ b/awall/uerror.lua
@@ -0,0 +1,23 @@
+--[[
+User error handling for Alpine Wall
+Copyright (C) 2012-2013 Kaarle Ritvanen
+Licensed under the terms of GPL2
+]]--
+
+module(..., package.seeall)
+
+local prefix = 'awall user error: '
+
+function raise(msg) error(prefix..msg) end
+
+function call(f, ...)
+   return xpcall(
+      function() f(unpack(arg)) end,
+      function(msg)
+	 local si, ei = string.find(msg, prefix, 1, true)
+   	 if si then msg = 'awall: '..string.sub(msg, ei + 1, -1) end
+   	 io.stderr:write(msg..'\n')
+   	 if not si then io.stderr:write(debug.traceback()..'\n') end
+      end
+   )
+end