From b0c050ef13de23cc05f79057cf984359a389e9ff Mon Sep 17 00:00:00 2001
From: bryan <bryanroessler@gmail.com>
Date: Sat, 25 Apr 2020 12:50:16 -0400
Subject: [PATCH] Refactor openFirewall() and add support for x11vnc/vncserver

---
 installJRMC | 59 ++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 40 insertions(+), 19 deletions(-)

diff --git a/installJRMC b/installJRMC
index 8e63504..ea91285 100755
--- a/installJRMC
+++ b/installJRMC
@@ -900,11 +900,14 @@ EOF"
 
 
     #######################################
-    # Open the default JRiver Media Center ports using the system firewall tool
+    # Opens ports using the system firewall tool
+    # Arguments
+    #   Takes one argument, the pre-specified name of the service to enable
     # Requires:
     #   ID
     #   _bash_cmd
     #   _firewall_cmd
+    #    _port
     # Returns:
     #   0 if ports opened sucessfully, 1 if not
     #######################################
@@ -912,26 +915,40 @@ EOF"
 
         _runDebug "${FUNCNAME[0]}"
 
+        # Create OS-specific port rules based on argument (service) name
+        local -a _f_ports # for firewall_cmd
+        local _u_ports # for ufw
+        if [[ "$1" == "jriver" ]]; then
+            _f_ports=("52100-52200/tcp" "1900/udp")
+            _u_ports="52100:52200/tcp|1900/udp"
+        elif [[ "$1" =~ ^(x11vnc|vncserver)$ ]]; then
+            _f_ports=("$_port/tcp")
+            _u_ports="$_port/tcp"
+        fi
+
+        # Open the ports
         if [[ "$ID" =~ ^(fedora|centos)$ ]] && [[ -x $(command -v firewall-cmd) ]]; then
-            if ! firewall-cmd --get-services | grep -q jriver; then
-                _firewall_cmd --permanent --new-service=jriver > /dev/null 2>&1
-                _firewall_cmd --permanent --service=jriver --set-description="JRiver Media Center Media Server" > /dev/null 2>&1
-                _firewall_cmd --permanent --service=jriver --set-short="jriver" > /dev/null 2>&1
-                _firewall_cmd --permanent --service=jriver --add-port=52100-52200/tcp > /dev/null 2>&1
-                _firewall_cmd --permanent --service=jriver --add-port=1900/udp > /dev/null 2>&1
-                _firewall-cmd --add-service jriver --permanent > /dev/null 2>&1
+            if ! _firewall_cmd --get-services | grep -q "$1"; then
+                _firewall_cmd --permanent --new-service="$1" > /dev/null 2>&1
+                _firewall_cmd --permanent --service="$1" --set-description="$1 installed by installJRMC" > /dev/null 2>&1
+                _firewall_cmd --permanent --service="$1" --set-short="$1" > /dev/null 2>&1
+                for _f_port in "${_f_ports[@]}"; do
+                    _firewall_cmd --permanent --service="$1" --add-port="$_f_port" > /dev/null 2>&1
+                done
+                _firewall-cmd --add-service "$1" --permanent > /dev/null 2>&1
                 _firewall_cmd --reload > /dev/null 2>&1
             fi
         elif [[ "$ID" =~ ^(ubuntu|debian)$ ]] && [[ -x $(command -v ufw) ]]; then
-            if [[ ! -f "/etc/ufw/applications.d/jriver.service" ]]; then
-                _bash_cmd "cat <<-EOF > /etc/ufw/applications.d/jriver.service
-[jriver]
-title=JRiver Media Center
-description=Allows JRiver Media Server access
-ports=52100:52200/tcp|1900/udp
+            if [[ ! -f "/etc/ufw/applications.d/$1.service" ]]; then
+                _bash_cmd "cat <<-EOF > /etc/ufw/applications.d/$1.service
+[$1]
+title=$1
+description=$1 installed by installJRMC
+ports=$_u_ports
 EOF"
             fi
-            _firewall_cmd allow jriver > /dev/null 2>&1
+            _firewall_cmd app update "$1"
+            _firewall_cmd allow "$1" > /dev/null 2>&1
         fi
 
         # shellcheck disable=SC2181
@@ -1127,8 +1144,7 @@ EOF"
             fi
         fi
 
-        # Alert user to the likely vnc port
-        local _port=$(( ${_display#:} + 5900 ))
+        declare -g _port=$(( ${_display#:} + 5900 ))
 
         _bash_cmd "cat <<-EOF > $_service_fname
 [Unit]
@@ -1162,6 +1178,8 @@ EOF"
 
         [[ -z $_display ]] && _display="${DISPLAY:-":0"}"
 
+        declare -g _port=$(( ${_display#:} + 5900 ))
+
         # Get current desktop resolution
         # TODO: may need to break this out into its own function and get smarter at identifying multi-monitors
         local _res
@@ -1192,6 +1210,7 @@ EOF"
         _systemctl_reload && \
         _systemctl_start "$_service_name" && \
         _systemctl_enable "$_service_name"
+        echo "x11vnc running on localhost:$_port"
     }
 
 
@@ -1322,7 +1341,7 @@ EOF"
             _installMCFromRepo
             _symlinkCerts
             _restoreLicense
-            _openFirewall
+            _openFirewall "jriver"
         fi
 
         # Build RPM from source DEB
@@ -1343,7 +1362,7 @@ EOF"
                 _installPackage --noquery "$_mcrpm"
                 _symlinkCerts
                 _restoreLicense
-                _openFirewall
+                _openFirewall "jriver"
             fi
         fi
 
@@ -1356,6 +1375,7 @@ EOF"
                     ;;
                 x11vnc)
                     _serviceX11VNC
+                    _openFirewall "x11vnc"
                     ;;
                 mediaserver)
                     _serviceMediaserver
@@ -1365,6 +1385,7 @@ EOF"
                     ;;
                 mediacenter-vncserver)
                     _serviceVNC
+                    _openFirewall "vncserver"
                     ;;
                 *)
             esac