|
 |
dddd59 |
commit a17ce5042e807fe9e515cdc2a538fe68893983ba
|
|
|
dddd59 |
Author: Thomas Woerner <twoerner@redhat.com>
|
|
|
dddd59 |
Date: Wed Jul 27 19:36:52 2016 +0200
|
|
|
dddd59 |
|
|
|
dddd59 |
firewall.command: Do not use query methods for sequences and also single options
|
|
|
dddd59 |
|
|
|
dddd59 |
The call of the query method is not needed with deactivating the exception
|
|
|
dddd59 |
handler while calling the action method. This also makes a mutating call
|
|
|
dddd59 |
like addService behaving the same if lockdown is enabled and the call not
|
|
|
dddd59 |
allowed.
|
|
|
dddd59 |
|
|
|
dddd59 |
diff --git a/src/firewall/command.py b/src/firewall/command.py
|
|
|
dddd59 |
index 74ee8b2..8e68a04 100644
|
|
|
dddd59 |
--- a/src/firewall/command.py
|
|
|
dddd59 |
+++ b/src/firewall/command.py
|
|
|
dddd59 |
@@ -102,45 +102,14 @@ class FirewallCommand(object):
|
|
|
dddd59 |
except Exception as msg:
|
|
|
dddd59 |
if len(option) > 1:
|
|
|
dddd59 |
self.print_warning("Warning: %s" % msg)
|
|
|
dddd59 |
+ _errors += 1
|
|
|
dddd59 |
continue
|
|
|
dddd59 |
else:
|
|
|
dddd59 |
code = FirewallError.get_code(msg)
|
|
|
dddd59 |
self.print_and_exit("Error: %s" % msg, code)
|
|
|
dddd59 |
+ _errors += 1
|
|
|
dddd59 |
|
|
|
dddd59 |
- call_item = [ ]
|
|
|
dddd59 |
- if start_args is not None:
|
|
|
dddd59 |
- call_item += start_args
|
|
|
dddd59 |
- if not isinstance(item, list) and not isinstance(item, tuple):
|
|
|
dddd59 |
- call_item.append(item)
|
|
|
dddd59 |
- else:
|
|
|
dddd59 |
- call_item += item
|
|
|
dddd59 |
- self.deactivate_exception_handler()
|
|
|
dddd59 |
- try:
|
|
|
dddd59 |
- if cmd_type == "add" and not query_method(*call_item):
|
|
|
dddd59 |
- items.append(item)
|
|
|
dddd59 |
- elif cmd_type == "remove" and query_method(*call_item):
|
|
|
dddd59 |
- items.append(item)
|
|
|
dddd59 |
- else:
|
|
|
dddd59 |
- if len(option) > 1:
|
|
|
dddd59 |
- self.print_warning("Warning: %s: %s" % \
|
|
|
dddd59 |
- (warn_type[cmd_type],
|
|
|
dddd59 |
- message % item))
|
|
|
dddd59 |
- else:
|
|
|
dddd59 |
- code = FirewallError.get_code(warn_type[cmd_type])
|
|
|
dddd59 |
- self.print_and_exit("Error: %s: %s" % \
|
|
|
dddd59 |
- (warn_type[cmd_type],
|
|
|
dddd59 |
- message % item), code)
|
|
|
dddd59 |
- _errors += 1
|
|
|
dddd59 |
- except DBusException as msg:
|
|
|
dddd59 |
- code = FirewallError.get_code(msg.get_dbus_message())
|
|
|
dddd59 |
- if len(option) > 1:
|
|
|
dddd59 |
- self.print_warning("Warning: %s" % msg.get_dbus_message())
|
|
|
dddd59 |
- continue
|
|
|
dddd59 |
- else:
|
|
|
dddd59 |
- self.print_and_exit("Error: %s" % msg.get_dbus_message(),
|
|
|
dddd59 |
- code)
|
|
|
dddd59 |
- _errors += 1
|
|
|
dddd59 |
- self.activate_exception_handler()
|
|
|
dddd59 |
+ items.append(item)
|
|
|
dddd59 |
|
|
|
dddd59 |
for item in items:
|
|
|
dddd59 |
call_item = [ ]
|
|
|
dddd59 |
@@ -152,6 +121,7 @@ class FirewallCommand(object):
|
|
|
dddd59 |
call_item += item
|
|
|
dddd59 |
if end_args is not None:
|
|
|
dddd59 |
call_item += end_args
|
|
|
dddd59 |
+ self.deactivate_exception_handler()
|
|
|
dddd59 |
try:
|
|
|
dddd59 |
action_method(*call_item)
|
|
|
dddd59 |
except DBusException as msg:
|
|
|
dddd59 |
@@ -162,8 +132,11 @@ class FirewallCommand(object):
|
|
|
dddd59 |
self.print_and_exit("Error: %s" % msg.get_dbus_message(),
|
|
|
dddd59 |
code)
|
|
|
dddd59 |
_errors += 1
|
|
|
dddd59 |
+ self.activate_exception_handler()
|
|
|
dddd59 |
|
|
|
dddd59 |
if _errors == len(option) and not no_exit:
|
|
|
dddd59 |
+ sys.exit(errors.UNKNOWN_ERROR)
|
|
|
dddd59 |
+ elif not no_exit:
|
|
|
dddd59 |
sys.exit(0)
|
|
|
dddd59 |
|
|
|
dddd59 |
def add_sequence(self, option, action_method, query_method, parse_method,
|
|
|
dddd59 |
commit 229ac2900deab6cac6dc9f07da73a353af5998d1
|
|
|
dddd59 |
Author: Thomas Woerner <twoerner@redhat.com>
|
|
|
dddd59 |
Date: Wed Jul 27 21:01:37 2016 +0200
|
|
|
dddd59 |
|
|
|
dddd59 |
firewall.command: Add the removed FirewallError handling to the action (a17ce50)
|
|
|
dddd59 |
|
|
|
dddd59 |
Also drops the with a17ce50 unused warn_type dict and the added sys.exit(0)
|
|
|
dddd59 |
call again.
|
|
|
dddd59 |
|
|
|
dddd59 |
diff --git a/src/firewall/command.py b/src/firewall/command.py
|
|
|
dddd59 |
index 8e68a04..7964fab 100644
|
|
|
dddd59 |
--- a/src/firewall/command.py
|
|
|
dddd59 |
+++ b/src/firewall/command.py
|
|
|
dddd59 |
@@ -87,10 +87,6 @@ class FirewallCommand(object):
|
|
|
dddd59 |
def __cmd_sequence(self, cmd_type, option, action_method, query_method,
|
|
|
dddd59 |
parse_method, message, start_args=None, end_args=None,
|
|
|
dddd59 |
no_exit=False):
|
|
|
dddd59 |
- warn_type = {
|
|
|
dddd59 |
- "add": "ALREADY_ENABLED",
|
|
|
dddd59 |
- "remove": "NOT_ENABLED",
|
|
|
dddd59 |
- }
|
|
|
dddd59 |
if self.fw is not None:
|
|
|
dddd59 |
self.fw.authorizeAll()
|
|
|
dddd59 |
items = [ ]
|
|
|
dddd59 |
@@ -132,12 +128,19 @@ class FirewallCommand(object):
|
|
|
dddd59 |
self.print_and_exit("Error: %s" % msg.get_dbus_message(),
|
|
|
dddd59 |
code)
|
|
|
dddd59 |
_errors += 1
|
|
|
dddd59 |
+ except Exception as msg:
|
|
|
dddd59 |
+ if len(option) > 1:
|
|
|
dddd59 |
+ self.print_warning("Warning: %s" % msg)
|
|
|
dddd59 |
+ _errors += 1
|
|
|
dddd59 |
+ continue
|
|
|
dddd59 |
+ else:
|
|
|
dddd59 |
+ code = FirewallError.get_code(str(msg))
|
|
|
dddd59 |
+ self.print_and_exit("Error: %s" % msg, code)
|
|
|
dddd59 |
+ _errors += 1
|
|
|
dddd59 |
self.activate_exception_handler()
|
|
|
dddd59 |
|
|
|
dddd59 |
if _errors == len(option) and not no_exit:
|
|
|
dddd59 |
sys.exit(errors.UNKNOWN_ERROR)
|
|
|
dddd59 |
- elif not no_exit:
|
|
|
dddd59 |
- sys.exit(0)
|
|
|
dddd59 |
|
|
|
dddd59 |
def add_sequence(self, option, action_method, query_method, parse_method,
|
|
|
dddd59 |
message, no_exit=False):
|
|
|
dddd59 |
commit 192a563e444a03d06560d5598f255a3cc42c04ab
|
|
|
dddd59 |
Author: Thomas Woerner <twoerner@redhat.com>
|
|
|
dddd59 |
Date: Wed Jul 27 21:56:58 2016 +0200
|
|
|
dddd59 |
|
|
|
dddd59 |
firewall.client: Use {ALREADY,NOT}_ENABLED errors in icmptype destination calls
|
|
|
dddd59 |
|
|
|
dddd59 |
This been hidden by the query calls in the commands before.
|
|
|
dddd59 |
|
|
|
dddd59 |
diff --git a/src/firewall/client.py b/src/firewall/client.py
|
|
|
dddd59 |
index 2eca855..e2434ce 100644
|
|
|
dddd59 |
--- a/src/firewall/client.py
|
|
|
dddd59 |
+++ b/src/firewall/client.py
|
|
|
dddd59 |
@@ -1460,14 +1460,14 @@ class FirewallClientIcmpTypeSettings(object):
|
|
|
dddd59 |
def addDestination(self, destination):
|
|
|
dddd59 |
if destination not in self.settings[3]:
|
|
|
dddd59 |
self.settings[3].append(destination)
|
|
|
dddd59 |
+ else:
|
|
|
dddd59 |
+ raise FirewallError(errors.ALREADY_ENABLED, destination)
|
|
|
dddd59 |
@handle_exceptions
|
|
|
dddd59 |
def removeDestination(self, destination):
|
|
|
dddd59 |
if destination in self.settings[3]:
|
|
|
dddd59 |
self.settings[3].remove(destination)
|
|
|
dddd59 |
- # empty means all
|
|
|
dddd59 |
- elif not self.settings[3]:
|
|
|
dddd59 |
- self.setDestinations(list(set(['ipv4','ipv6']) - \
|
|
|
dddd59 |
- set([destination])))
|
|
|
dddd59 |
+ else:
|
|
|
dddd59 |
+ raise FirewallError(errors.NOT_ENABLED, destination)
|
|
|
dddd59 |
|
|
|
dddd59 |
@handle_exceptions
|
|
|
dddd59 |
def queryDestination(self, destination):
|
|
|
dddd59 |
commit 192a563e444a03d06560d5598f255a3cc42c04ab
|
|
|
dddd59 |
Author: Thomas Woerner <twoerner@redhat.com>
|
|
|
dddd59 |
Date: Wed Jul 27 21:56:58 2016 +0200
|
|
|
dddd59 |
|
|
|
dddd59 |
firewall.client: Use {ALREADY,NOT}_ENABLED errors in icmptype destination calls
|
|
|
dddd59 |
|
|
|
dddd59 |
This been hidden by the query calls in the commands before.
|
|
|
dddd59 |
|
|
|
dddd59 |
commit 0061429920ffff6e47cfcbfa7541badf3af88b8e
|
|
|
dddd59 |
Author: Thomas Woerner <twoerner@redhat.com>
|
|
|
dddd59 |
Date: Thu Jul 28 12:48:06 2016 +0200
|
|
|
dddd59 |
|
|
|
dddd59 |
firewall.client: Fix NOT_ENABLED errors in icmptype destination calls
|
|
|
dddd59 |
|
|
|
dddd59 |
The former patch accidently removed the empty setting case.
|
|
|
dddd59 |
|
|
|
dddd59 |
diff --git a/src/firewall/client.py b/src/firewall/client.py
|
|
|
dddd59 |
index e2434ce..f6fbf86 100644
|
|
|
dddd59 |
--- a/src/firewall/client.py
|
|
|
dddd59 |
+++ b/src/firewall/client.py
|
|
|
dddd59 |
@@ -1466,6 +1466,10 @@ class FirewallClientIcmpTypeSettings(object):
|
|
|
dddd59 |
def removeDestination(self, destination):
|
|
|
dddd59 |
if destination in self.settings[3]:
|
|
|
dddd59 |
self.settings[3].remove(destination)
|
|
|
dddd59 |
+ # empty means all
|
|
|
dddd59 |
+ elif not self.settings[3]:
|
|
|
dddd59 |
+ self.setDestinations(list(set(['ipv4','ipv6']) - \
|
|
|
dddd59 |
+ set([destination])))
|
|
|
dddd59 |
else:
|
|
|
dddd59 |
raise FirewallError(errors.NOT_ENABLED, destination)
|
|
|
dddd59 |
|
|
|
dddd59 |
commit 4970490018ef97b589982a8fbd3c68f19aa090d9
|
|
|
dddd59 |
Author: Thomas Woerner <twoerner@redhat.com>
|
|
|
dddd59 |
Date: Thu Jul 28 13:06:59 2016 +0200
|
|
|
dddd59 |
|
|
|
dddd59 |
firewall.client: Fix ALREADY_ENABLED errors in icmptype destination calls
|
|
|
dddd59 |
|
|
|
dddd59 |
There needs to be an additional check for an empty setting, which means that
|
|
|
dddd59 |
the destination is enabled already.
|
|
|
dddd59 |
|
|
|
dddd59 |
diff --git a/src/firewall/client.py b/src/firewall/client.py
|
|
|
dddd59 |
index f6fbf86..177a74e 100644
|
|
|
dddd59 |
--- a/src/firewall/client.py
|
|
|
dddd59 |
+++ b/src/firewall/client.py
|
|
|
dddd59 |
@@ -1458,7 +1458,10 @@ class FirewallClientIcmpTypeSettings(object):
|
|
|
dddd59 |
self.settings[3] = destinations
|
|
|
dddd59 |
@handle_exceptions
|
|
|
dddd59 |
def addDestination(self, destination):
|
|
|
dddd59 |
- if destination not in self.settings[3]:
|
|
|
dddd59 |
+ # empty means all
|
|
|
dddd59 |
+ if not self.settings[3]:
|
|
|
dddd59 |
+ raise FirewallError(errors.ALREADY_ENABLED, destination)
|
|
|
dddd59 |
+ elif destination not in self.settings[3]:
|
|
|
dddd59 |
self.settings[3].append(destination)
|
|
|
dddd59 |
else:
|
|
|
dddd59 |
raise FirewallError(errors.ALREADY_ENABLED, destination)
|