|
 |
4d71d0 |
From 2342548148763cca0579da98ed0a682d22beb49d Mon Sep 17 00:00:00 2001
|
|
|
4d71d0 |
From: Eric Garver <e@erig.me>
|
|
|
4d71d0 |
Date: Fri, 1 Jun 2018 09:37:34 -0400
|
|
|
4d71d0 |
Subject: [PATCH 2/5] firewall/core/io/functions: add check_config()
|
|
|
4d71d0 |
|
|
|
4d71d0 |
This is a utility function to run checks on all the configuration files.
|
|
|
4d71d0 |
|
|
|
4d71d0 |
(cherry picked from commit 4164148b88f1882eabde4eeb4cc9a45506aff0fa)
|
|
|
4d71d0 |
---
|
|
|
4d71d0 |
po/POTFILES.in | 1 +
|
|
|
4d71d0 |
src/Makefile.am | 1 +
|
|
|
4d71d0 |
src/firewall/core/io/functions.py | 84 +++++++++++++++++++++++++++++++++++++++
|
|
|
4d71d0 |
3 files changed, 86 insertions(+)
|
|
|
4d71d0 |
create mode 100644 src/firewall/core/io/functions.py
|
|
|
4d71d0 |
|
|
|
4d71d0 |
diff --git a/po/POTFILES.in b/po/POTFILES.in
|
|
|
4d71d0 |
index 12cdbf2c6929..2332f8acc4eb 100644
|
|
|
4d71d0 |
--- a/po/POTFILES.in
|
|
|
4d71d0 |
+++ b/po/POTFILES.in
|
|
|
4d71d0 |
@@ -70,6 +70,7 @@ src/firewall/core/prog.py
|
|
|
4d71d0 |
src/firewall/core/watcher.py
|
|
|
4d71d0 |
src/firewall/core/io/__init__.py
|
|
|
4d71d0 |
src/firewall/core/io/firewalld_conf.py
|
|
|
4d71d0 |
+src/firewall/core/io/functions.py
|
|
|
4d71d0 |
src/firewall/core/io/icmptype.py
|
|
|
4d71d0 |
src/firewall/core/io/io_object.py
|
|
|
4d71d0 |
src/firewall/core/io/service.py
|
|
|
4d71d0 |
diff --git a/src/Makefile.am b/src/Makefile.am
|
|
|
4d71d0 |
index b249c2e5fd46..b44ae0c1eca4 100644
|
|
|
4d71d0 |
--- a/src/Makefile.am
|
|
|
4d71d0 |
+++ b/src/Makefile.am
|
|
|
4d71d0 |
@@ -34,6 +34,7 @@ nobase_dist_python_DATA = \
|
|
|
4d71d0 |
firewall/core/__init__.py \
|
|
|
4d71d0 |
firewall/core/io/direct.py \
|
|
|
4d71d0 |
firewall/core/io/firewalld_conf.py \
|
|
|
4d71d0 |
+ firewall/core/io/functions.py \
|
|
|
4d71d0 |
firewall/core/io/helper.py \
|
|
|
4d71d0 |
firewall/core/io/icmptype.py \
|
|
|
4d71d0 |
firewall/core/io/ifcfg.py \
|
|
|
4d71d0 |
diff --git a/src/firewall/core/io/functions.py b/src/firewall/core/io/functions.py
|
|
|
4d71d0 |
new file mode 100644
|
|
|
4d71d0 |
index 000000000000..7509a5390e12
|
|
|
4d71d0 |
--- /dev/null
|
|
|
4d71d0 |
+++ b/src/firewall/core/io/functions.py
|
|
|
4d71d0 |
@@ -0,0 +1,84 @@
|
|
|
4d71d0 |
+# -*- coding: utf-8 -*-
|
|
|
4d71d0 |
+#
|
|
|
4d71d0 |
+# Copyright (C) 2018 Red Hat, Inc.
|
|
|
4d71d0 |
+#
|
|
|
4d71d0 |
+# Authors:
|
|
|
4d71d0 |
+# Eric Garver <egarver@redhat.com>
|
|
|
4d71d0 |
+#
|
|
|
4d71d0 |
+# This program is free software; you can redistribute it and/or modify
|
|
|
4d71d0 |
+# it under the terms of the GNU General Public License as published by
|
|
|
4d71d0 |
+# the Free Software Foundation; either version 2 of the License, or
|
|
|
4d71d0 |
+# (at your option) any later version.
|
|
|
4d71d0 |
+#
|
|
|
4d71d0 |
+# This program is distributed in the hope that it will be useful,
|
|
|
4d71d0 |
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
4d71d0 |
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
4d71d0 |
+# GNU General Public License for more details.
|
|
|
4d71d0 |
+#
|
|
|
4d71d0 |
+# You should have received a copy of the GNU General Public License
|
|
|
4d71d0 |
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
4d71d0 |
+#
|
|
|
4d71d0 |
+
|
|
|
4d71d0 |
+import os
|
|
|
4d71d0 |
+
|
|
|
4d71d0 |
+from firewall import config
|
|
|
4d71d0 |
+from firewall.errors import FirewallError
|
|
|
4d71d0 |
+
|
|
|
4d71d0 |
+from firewall.core.io.zone import zone_reader
|
|
|
4d71d0 |
+from firewall.core.io.service import service_reader
|
|
|
4d71d0 |
+from firewall.core.io.ipset import ipset_reader
|
|
|
4d71d0 |
+from firewall.core.io.icmptype import icmptype_reader
|
|
|
4d71d0 |
+from firewall.core.io.helper import helper_reader
|
|
|
4d71d0 |
+from firewall.core.io.direct import Direct
|
|
|
4d71d0 |
+from firewall.core.io.lockdown_whitelist import LockdownWhitelist
|
|
|
4d71d0 |
+from firewall.core.io.firewalld_conf import firewalld_conf
|
|
|
4d71d0 |
+
|
|
|
4d71d0 |
+def check_config(fw=None):
|
|
|
4d71d0 |
+ readers = {
|
|
|
4d71d0 |
+ "ipset" : (ipset_reader, [config.FIREWALLD_IPSETS, config.ETC_FIREWALLD_IPSETS]),
|
|
|
4d71d0 |
+ "helper" : (helper_reader, [config.FIREWALLD_HELPERS, config.ETC_FIREWALLD_HELPERS]),
|
|
|
4d71d0 |
+ "icmptype" : (icmptype_reader, [config.FIREWALLD_ICMPTYPES, config.ETC_FIREWALLD_ICMPTYPES]),
|
|
|
4d71d0 |
+ "service" : (service_reader, [config.FIREWALLD_SERVICES, config.ETC_FIREWALLD_SERVICES]),
|
|
|
4d71d0 |
+ "zone" : (zone_reader, [config.FIREWALLD_ZONES, config.ETC_FIREWALLD_ZONES]),
|
|
|
4d71d0 |
+ }
|
|
|
4d71d0 |
+ for reader in readers.keys():
|
|
|
4d71d0 |
+ for dir in readers[reader][1]:
|
|
|
4d71d0 |
+ if not os.path.isdir(dir):
|
|
|
4d71d0 |
+ continue
|
|
|
4d71d0 |
+ for file in sorted(os.listdir(dir)):
|
|
|
4d71d0 |
+ if file.endswith(".xml"):
|
|
|
4d71d0 |
+ try:
|
|
|
4d71d0 |
+ obj = readers[reader][0](file, dir)
|
|
|
4d71d0 |
+ if fw and reader == "zone":
|
|
|
4d71d0 |
+ obj.fw_config = fw.config
|
|
|
4d71d0 |
+ obj.check_config(obj.export_config())
|
|
|
4d71d0 |
+ except FirewallError as error:
|
|
|
4d71d0 |
+ raise FirewallError(error.code, "'%s': %s" % (file, error.msg))
|
|
|
4d71d0 |
+ except Exception as msg:
|
|
|
4d71d0 |
+ raise Exception("'%s': %s" % (file, msg))
|
|
|
4d71d0 |
+ if os.path.isfile(config.FIREWALLD_DIRECT):
|
|
|
4d71d0 |
+ try:
|
|
|
4d71d0 |
+ obj = Direct(config.FIREWALLD_DIRECT)
|
|
|
4d71d0 |
+ obj.read()
|
|
|
4d71d0 |
+ obj.check_config(obj.export_config())
|
|
|
4d71d0 |
+ except FirewallError as error:
|
|
|
4d71d0 |
+ raise FirewallError(error.code, "'%s': %s" % (config.FIREWALLD_DIRECT, error.msg))
|
|
|
4d71d0 |
+ except Exception as msg:
|
|
|
4d71d0 |
+ raise Exception("'%s': %s" % (config.FIREWALLD_DIRECT, msg))
|
|
|
4d71d0 |
+ if os.path.isfile(config.LOCKDOWN_WHITELIST):
|
|
|
4d71d0 |
+ try:
|
|
|
4d71d0 |
+ obj = LockdownWhitelist(config.LOCKDOWN_WHITELIST)
|
|
|
4d71d0 |
+ obj.read()
|
|
|
4d71d0 |
+ obj.check_config(obj.export_config())
|
|
|
4d71d0 |
+ except FirewallError as error:
|
|
|
4d71d0 |
+ raise FirewallError(error.code, "'%s': %s" % (config.LOCKDOWN_WHITELIST, error.msg))
|
|
|
4d71d0 |
+ except Exception as msg:
|
|
|
4d71d0 |
+ raise Exception("'%s': %s" % (config.LOCKDOWN_WHITELIST, msg))
|
|
|
4d71d0 |
+ if os.path.isfile(config.FIREWALLD_CONF):
|
|
|
4d71d0 |
+ try:
|
|
|
4d71d0 |
+ obj = firewalld_conf(config.FIREWALLD_CONF)
|
|
|
4d71d0 |
+ obj.read()
|
|
|
4d71d0 |
+ except FirewallError as error:
|
|
|
4d71d0 |
+ raise FirewallError(error.code, "'%s': %s" % (config.FIREWALLD_CONF, error.msg))
|
|
|
4d71d0 |
+ except Exception as msg:
|
|
|
4d71d0 |
+ raise Exception("'%s': %s" % (config.FIREWALLD_CONF, msg))
|
|
|
4d71d0 |
--
|
|
|
4d71d0 |
2.16.3
|
|
|
4d71d0 |
|