|
 |
dddd59 |
commit 04f5c99e5a8d82f490deeccf643a7a84941d2f7c
|
|
|
dddd59 |
Author: Thomas Woerner <twoerner@redhat.com>
|
|
|
dddd59 |
Date: Wed Aug 3 13:52:58 2016 +0200
|
|
|
dddd59 |
|
|
|
dddd59 |
firewall-cmd: Add missing action to fix --{add,remove}-entries-from-file
|
|
|
dddd59 |
|
|
|
dddd59 |
The mising action="append" setting is needed to make --{add,remove}-entries-from-file functional as a sequence option.
|
|
|
dddd59 |
|
|
|
dddd59 |
diff --git a/src/firewall-cmd b/src/firewall-cmd
|
|
|
dddd59 |
index 405d08c..3cf3059 100755
|
|
|
dddd59 |
--- a/src/firewall-cmd
|
|
|
dddd59 |
+++ b/src/firewall-cmd
|
|
|
dddd59 |
@@ -580,8 +580,8 @@ parser_ipset.add_argument("--add-entry", metavar="<entry>", action='append')
|
|
|
dddd59 |
parser_ipset.add_argument("--remove-entry", metavar="<entry>", action='append')
|
|
|
dddd59 |
parser_ipset.add_argument("--query-entry", metavar="<entry>", action='append')
|
|
|
dddd59 |
parser_ipset.add_argument("--get-entries", action="store_true")
|
|
|
dddd59 |
-parser_ipset.add_argument("--add-entries-from-file", metavar="<filename>")
|
|
|
dddd59 |
-parser_ipset.add_argument("--remove-entries-from-file", metavar="<filename>")
|
|
|
dddd59 |
+parser_ipset.add_argument("--add-entries-from-file", metavar="<filename>", action='append')
|
|
|
dddd59 |
+parser_ipset.add_argument("--remove-entries-from-file", metavar="<filename>", action='append')
|
|
|
dddd59 |
|
|
|
dddd59 |
parser.add_argument("--icmptype", metavar="<icmptype>")
|
|
|
dddd59 |
|
|
|
dddd59 |
|
|
|
dddd59 |
commit 495a1a527f03e12195ec6334a21eb7ba3924a6e8
|
|
|
dddd59 |
Author: Thomas Woerner <twoerner@redhat.com>
|
|
|
dddd59 |
Date: Wed Aug 3 13:57:53 2016 +0200
|
|
|
dddd59 |
|
|
|
dddd59 |
firewall-offline-cmd: Fix --{add,remove}-entries-from-file
|
|
|
dddd59 |
|
|
|
dddd59 |
The mising action="append" setting is needed to make --{add,remove}-entries-from-file functional as a sequence option.
|
|
|
dddd59 |
|
|
|
dddd59 |
Also changed was used undefined for --remove-entries-from-file.
|
|
|
dddd59 |
|
|
|
dddd59 |
diff --git a/src/firewall-offline-cmd b/src/firewall-offline-cmd
|
|
|
dddd59 |
index 978ad8a..a7cb36d 100755
|
|
|
dddd59 |
--- a/src/firewall-offline-cmd
|
|
|
dddd59 |
+++ b/src/firewall-offline-cmd
|
|
|
dddd59 |
@@ -619,8 +619,8 @@ parser_ipset.add_argument("--add-entry", metavar="<entry>", action='append')
|
|
|
dddd59 |
parser_ipset.add_argument("--remove-entry", metavar="<entry>", action='append')
|
|
|
dddd59 |
parser_ipset.add_argument("--query-entry", metavar="<entry>", action='append')
|
|
|
dddd59 |
parser_ipset.add_argument("--get-entries", action="store_true")
|
|
|
dddd59 |
-parser_ipset.add_argument("--add-entries-from-file", metavar="<filename>")
|
|
|
dddd59 |
-parser_ipset.add_argument("--remove-entries-from-file", metavar="<filename>")
|
|
|
dddd59 |
+parser_ipset.add_argument("--add-entries-from-file", metavar="<filename>", action='append')
|
|
|
dddd59 |
+parser_ipset.add_argument("--remove-entries-from-file", metavar="<filename>", action='append')
|
|
|
dddd59 |
|
|
|
dddd59 |
parser.add_argument("--icmptype", metavar="<icmptype>")
|
|
|
dddd59 |
|
|
|
dddd59 |
@@ -1467,6 +1467,7 @@ try:
|
|
|
dddd59 |
ipset = fw.config.get_ipset(a.ipset)
|
|
|
dddd59 |
settings = FirewallClientIPSetSettings(
|
|
|
dddd59 |
list(fw.config.get_ipset_config(ipset)))
|
|
|
dddd59 |
+ changed = False
|
|
|
dddd59 |
|
|
|
dddd59 |
for filename in a.remove_entries_from_file:
|
|
|
dddd59 |
try:
|
|
|
dddd59 |
|
|
|
dddd59 |
commit 9afdbaeb1d0ec11cff7d362618657d63df5b6dff
|
|
|
dddd59 |
Author: Thomas Woerner <twoerner@redhat.com>
|
|
|
dddd59 |
Date: Mon Aug 8 18:22:40 2016 +0200
|
|
|
dddd59 |
|
|
|
dddd59 |
firewall/core/io/*.py: Do not traceback on a general sax parsing issue
|
|
|
dddd59 |
|
|
|
dddd59 |
There is a traceback printed in case of general parsing issue (no XML). With
|
|
|
dddd59 |
this patch there is a proper error reported.
|
|
|
dddd59 |
|
|
|
dddd59 |
diff --git a/src/firewall/core/io/direct.py b/src/firewall/core/io/direct.py
|
|
|
dddd59 |
index 3916db0..ebbd12d 100644
|
|
|
dddd59 |
--- a/src/firewall/core/io/direct.py
|
|
|
dddd59 |
+++ b/src/firewall/core/io/direct.py
|
|
|
dddd59 |
@@ -361,8 +361,12 @@ class Direct(IO_Object):
|
|
|
dddd59 |
parser = sax.make_parser()
|
|
|
dddd59 |
parser.setContentHandler(handler)
|
|
|
dddd59 |
with open(self.filename, "r") as f:
|
|
|
dddd59 |
- parser.parse(f)
|
|
|
dddd59 |
-
|
|
|
dddd59 |
+ try:
|
|
|
dddd59 |
+ parser.parse(f)
|
|
|
dddd59 |
+ except sax.SAXParseException as msg:
|
|
|
dddd59 |
+ raise FirewallError(errors.INVALID_TYPE,
|
|
|
dddd59 |
+ "Not a valid file: %s" % \
|
|
|
dddd59 |
+ msg.getException())
|
|
|
dddd59 |
|
|
|
dddd59 |
def write(self):
|
|
|
dddd59 |
if os.path.exists(self.filename):
|
|
|
dddd59 |
diff --git a/src/firewall/core/io/icmptype.py b/src/firewall/core/io/icmptype.py
|
|
|
dddd59 |
index 36c2d70..99df326 100644
|
|
|
dddd59 |
--- a/src/firewall/core/io/icmptype.py
|
|
|
dddd59 |
+++ b/src/firewall/core/io/icmptype.py
|
|
|
dddd59 |
@@ -122,7 +122,12 @@ def icmptype_reader(filename, path):
|
|
|
dddd59 |
parser.setContentHandler(handler)
|
|
|
dddd59 |
name = "%s/%s" % (path, filename)
|
|
|
dddd59 |
with open(name, "r") as f:
|
|
|
dddd59 |
- parser.parse(f)
|
|
|
dddd59 |
+ try:
|
|
|
dddd59 |
+ parser.parse(f)
|
|
|
dddd59 |
+ except sax.SAXParseException as msg:
|
|
|
dddd59 |
+ raise FirewallError(errors.INVALID_ICMPTYPE,
|
|
|
dddd59 |
+ "not a valid icmptype file: %s" % \
|
|
|
dddd59 |
+ msg.getException())
|
|
|
dddd59 |
del handler
|
|
|
dddd59 |
del parser
|
|
|
dddd59 |
if PY2:
|
|
|
dddd59 |
diff --git a/src/firewall/core/io/ipset.py b/src/firewall/core/io/ipset.py
|
|
|
dddd59 |
index a9e7777..e397f84 100644
|
|
|
dddd59 |
--- a/src/firewall/core/io/ipset.py
|
|
|
dddd59 |
+++ b/src/firewall/core/io/ipset.py
|
|
|
dddd59 |
@@ -223,7 +223,12 @@ def ipset_reader(filename, path):
|
|
|
dddd59 |
parser.setContentHandler(handler)
|
|
|
dddd59 |
name = "%s/%s" % (path, filename)
|
|
|
dddd59 |
with open(name, "r") as f:
|
|
|
dddd59 |
- parser.parse(f)
|
|
|
dddd59 |
+ try:
|
|
|
dddd59 |
+ parser.parse(f)
|
|
|
dddd59 |
+ except sax.SAXParseException as msg:
|
|
|
dddd59 |
+ raise FirewallError(errors.INVALID_IPSET,
|
|
|
dddd59 |
+ "not a valid ipset file: %s" % \
|
|
|
dddd59 |
+ msg.getException())
|
|
|
dddd59 |
del handler
|
|
|
dddd59 |
del parser
|
|
|
dddd59 |
if "timeout" in ipset.options and len(ipset.entries) > 0:
|
|
|
dddd59 |
diff --git a/src/firewall/core/io/lockdown_whitelist.py b/src/firewall/core/io/lockdown_whitelist.py
|
|
|
dddd59 |
index 28aa8da..b7e24b2 100644
|
|
|
dddd59 |
--- a/src/firewall/core/io/lockdown_whitelist.py
|
|
|
dddd59 |
+++ b/src/firewall/core/io/lockdown_whitelist.py
|
|
|
dddd59 |
@@ -322,7 +322,12 @@ class LockdownWhitelist(IO_Object):
|
|
|
dddd59 |
handler = lockdown_whitelist_ContentHandler(self)
|
|
|
dddd59 |
parser = sax.make_parser()
|
|
|
dddd59 |
parser.setContentHandler(handler)
|
|
|
dddd59 |
- parser.parse(self.filename)
|
|
|
dddd59 |
+ try:
|
|
|
dddd59 |
+ parser.parse(self.filename)
|
|
|
dddd59 |
+ except sax.SAXParseException as msg:
|
|
|
dddd59 |
+ raise FirewallError(errors.INVALID_TYPE,
|
|
|
dddd59 |
+ "Not a valid file: %s" % \
|
|
|
dddd59 |
+ msg.getException())
|
|
|
dddd59 |
del handler
|
|
|
dddd59 |
del parser
|
|
|
dddd59 |
if PY2:
|
|
|
dddd59 |
diff --git a/src/firewall/core/io/service.py b/src/firewall/core/io/service.py
|
|
|
dddd59 |
index 705affe..a65a4f4 100644
|
|
|
dddd59 |
--- a/src/firewall/core/io/service.py
|
|
|
dddd59 |
+++ b/src/firewall/core/io/service.py
|
|
|
dddd59 |
@@ -217,7 +217,12 @@ def service_reader(filename, path):
|
|
|
dddd59 |
parser.setContentHandler(handler)
|
|
|
dddd59 |
name = "%s/%s" % (path, filename)
|
|
|
dddd59 |
with open(name, "r") as f:
|
|
|
dddd59 |
- parser.parse(f)
|
|
|
dddd59 |
+ try:
|
|
|
dddd59 |
+ parser.parse(f)
|
|
|
dddd59 |
+ except sax.SAXParseException as msg:
|
|
|
dddd59 |
+ raise FirewallError(errors.INVALID_SERVICE,
|
|
|
dddd59 |
+ "not a valid service file: %s" % \
|
|
|
dddd59 |
+ msg.getException())
|
|
|
dddd59 |
del handler
|
|
|
dddd59 |
del parser
|
|
|
dddd59 |
if PY2:
|
|
|
dddd59 |
diff --git a/src/firewall/core/io/zone.py b/src/firewall/core/io/zone.py
|
|
|
dddd59 |
index 274a633..5dfd1f5 100644
|
|
|
dddd59 |
--- a/src/firewall/core/io/zone.py
|
|
|
dddd59 |
+++ b/src/firewall/core/io/zone.py
|
|
|
dddd59 |
@@ -676,7 +676,12 @@ def zone_reader(filename, path):
|
|
|
dddd59 |
parser.setContentHandler(handler)
|
|
|
dddd59 |
name = "%s/%s" % (path, filename)
|
|
|
dddd59 |
with open(name, "r") as f:
|
|
|
dddd59 |
- parser.parse(f)
|
|
|
dddd59 |
+ try:
|
|
|
dddd59 |
+ parser.parse(f)
|
|
|
dddd59 |
+ except sax.SAXParseException as msg:
|
|
|
dddd59 |
+ raise FirewallError(errors.INVALID_ZONE,
|
|
|
dddd59 |
+ "not a valid zone file: %s" % \
|
|
|
dddd59 |
+ msg.getException())
|
|
|
dddd59 |
del handler
|
|
|
dddd59 |
del parser
|
|
|
dddd59 |
if PY2:
|