|
|
e9ad3f |
From 9c26e2d1eb45c5afc0e6430d2736aeefe9f07cf1 Mon Sep 17 00:00:00 2001
|
|
|
e9ad3f |
From: Eric Garver <eric@garver.life>
|
|
|
e9ad3f |
Date: Mon, 25 Jan 2021 11:29:48 -0500
|
|
|
e9ad3f |
Subject: [PATCH 04/22] fix(dbus): conf: setting deprecated properties should
|
|
|
e9ad3f |
be ignored
|
|
|
e9ad3f |
|
|
|
e9ad3f |
They weren't being written to the config file, but the runtime dbus
|
|
|
e9ad3f |
values were being changed.
|
|
|
e9ad3f |
|
|
|
e9ad3f |
(cherry picked from commit 9001e0cfc18fdcf8526d774fad396414d223c70a)
|
|
|
e9ad3f |
(cherry picked from commit e8451a455461b5cf177ea8a9aaab7a5e5100991b)
|
|
|
e9ad3f |
---
|
|
|
e9ad3f |
src/firewall/server/config.py | 23 +++++------------------
|
|
|
e9ad3f |
src/tests/dbus/firewalld.conf.at | 4 ++--
|
|
|
e9ad3f |
2 files changed, 7 insertions(+), 20 deletions(-)
|
|
|
e9ad3f |
|
|
|
e9ad3f |
diff --git a/src/firewall/server/config.py b/src/firewall/server/config.py
|
|
|
e9ad3f |
index 1f832a459915..031ef5d1afaa 100644
|
|
|
e9ad3f |
--- a/src/firewall/server/config.py
|
|
|
e9ad3f |
+++ b/src/firewall/server/config.py
|
|
|
e9ad3f |
@@ -706,22 +706,11 @@ class FirewallDConfig(slip.dbus.service.Object):
|
|
|
e9ad3f |
self.accessCheck(sender)
|
|
|
e9ad3f |
|
|
|
e9ad3f |
if interface_name == config.dbus.DBUS_INTERFACE_CONFIG:
|
|
|
e9ad3f |
- if property_name in [ "MinimalMark", "CleanupOnExit", "Lockdown",
|
|
|
e9ad3f |
+ if property_name in [ "CleanupOnExit", "Lockdown",
|
|
|
e9ad3f |
"IPv6_rpfilter", "IndividualCalls",
|
|
|
e9ad3f |
- "LogDenied", "AutomaticHelpers",
|
|
|
e9ad3f |
+ "LogDenied",
|
|
|
e9ad3f |
"FirewallBackend", "FlushAllOnReload",
|
|
|
e9ad3f |
"RFC3964_IPv4", "AllowZoneDrifting" ]:
|
|
|
e9ad3f |
- if property_name == "MinimalMark":
|
|
|
e9ad3f |
- try:
|
|
|
e9ad3f |
- int(new_value)
|
|
|
e9ad3f |
- except ValueError:
|
|
|
e9ad3f |
- raise FirewallError(errors.INVALID_MARK, new_value)
|
|
|
e9ad3f |
- try:
|
|
|
e9ad3f |
- new_value = str(new_value)
|
|
|
e9ad3f |
- except:
|
|
|
e9ad3f |
- raise FirewallError(errors.INVALID_VALUE,
|
|
|
e9ad3f |
- "'%s' for %s" % \
|
|
|
e9ad3f |
- (new_value, property_name))
|
|
|
e9ad3f |
if property_name in [ "CleanupOnExit", "Lockdown",
|
|
|
e9ad3f |
"IPv6_rpfilter", "IndividualCalls" ]:
|
|
|
e9ad3f |
if new_value.lower() not in [ "yes", "no",
|
|
|
e9ad3f |
@@ -734,11 +723,6 @@ class FirewallDConfig(slip.dbus.service.Object):
|
|
|
e9ad3f |
raise FirewallError(errors.INVALID_VALUE,
|
|
|
e9ad3f |
"'%s' for %s" % \
|
|
|
e9ad3f |
(new_value, property_name))
|
|
|
e9ad3f |
- if property_name == "AutomaticHelpers":
|
|
|
e9ad3f |
- if new_value not in config.AUTOMATIC_HELPERS_VALUES:
|
|
|
e9ad3f |
- raise FirewallError(errors.INVALID_VALUE,
|
|
|
e9ad3f |
- "'%s' for %s" % \
|
|
|
e9ad3f |
- (new_value, property_name))
|
|
|
e9ad3f |
if property_name == "FirewallBackend":
|
|
|
e9ad3f |
if new_value not in config.FIREWALL_BACKEND_VALUES:
|
|
|
e9ad3f |
raise FirewallError(errors.INVALID_VALUE,
|
|
|
e9ad3f |
@@ -764,6 +748,9 @@ class FirewallDConfig(slip.dbus.service.Object):
|
|
|
e9ad3f |
self.config.get_firewalld_conf().write()
|
|
|
e9ad3f |
self.PropertiesChanged(interface_name,
|
|
|
e9ad3f |
{ property_name: new_value }, [ ])
|
|
|
e9ad3f |
+ elif property_name in ["MinimalMark", "AutomaticHelpers"]:
|
|
|
e9ad3f |
+ # deprecated fields. Ignore setting them.
|
|
|
e9ad3f |
+ pass
|
|
|
e9ad3f |
else:
|
|
|
e9ad3f |
raise dbus.exceptions.DBusException(
|
|
|
e9ad3f |
"org.freedesktop.DBus.Error.InvalidArgs: "
|
|
|
e9ad3f |
diff --git a/src/tests/dbus/firewalld.conf.at b/src/tests/dbus/firewalld.conf.at
|
|
|
e9ad3f |
index cc15318c78dc..9fc5502a8d0b 100644
|
|
|
e9ad3f |
--- a/src/tests/dbus/firewalld.conf.at
|
|
|
e9ad3f |
+++ b/src/tests/dbus/firewalld.conf.at
|
|
|
e9ad3f |
@@ -37,8 +37,8 @@ $3
|
|
|
e9ad3f |
])
|
|
|
e9ad3f |
|
|
|
e9ad3f |
dnl Test individual Set/Get
|
|
|
e9ad3f |
-_helper([MinimalMark], [int32:1234], [variant int32 1234])
|
|
|
e9ad3f |
-_helper([AutomaticHelpers], [string:"no"], [variant string "no"])
|
|
|
e9ad3f |
+_helper([MinimalMark], [int32:1234], [variant int32 100])
|
|
|
e9ad3f |
+_helper([AutomaticHelpers], [string:"yes"], [variant string "no"])
|
|
|
e9ad3f |
_helper([Lockdown], [string:"yes"], [variant string "yes"])
|
|
|
e9ad3f |
_helper([LogDenied], [string:"all"], [variant string "all"])
|
|
|
e9ad3f |
_helper([IPv6_rpfilter], [string:"yes"], [variant string "yes"])
|
|
|
e9ad3f |
--
|
|
|
e9ad3f |
2.27.0
|
|
|
e9ad3f |
|