rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/0004-fix-dbus-conf-setting-deprecated-properties-should-b.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   e9ad3f83665d617d5ecd6c856458a6b6eafbd82e
  2.   SOURCES
  3.   0004-fix-dbus-conf-setting-deprecated-properties-should-b.patch
Blob History Raw
e9ad3f 
From 9c26e2d1eb45c5afc0e6430d2736aeefe9f07cf1 Mon Sep 17 00:00:00 2001
e9ad3f 
From: Eric Garver <eric@garver.life>
e9ad3f 
Date: Mon, 25 Jan 2021 11:29:48 -0500
e9ad3f 
Subject: [PATCH 04/22] fix(dbus): conf: setting deprecated properties should
e9ad3f 
 be ignored
e9ad3f
e9ad3f 
They weren't being written to the config file, but the runtime dbus
e9ad3f 
values were being changed.
e9ad3f
e9ad3f 
(cherry picked from commit 9001e0cfc18fdcf8526d774fad396414d223c70a)
e9ad3f 
(cherry picked from commit e8451a455461b5cf177ea8a9aaab7a5e5100991b)
e9ad3f 
---
e9ad3f 
 src/firewall/server/config.py    | 23 +++++------------------
e9ad3f 
 src/tests/dbus/firewalld.conf.at |  4 ++--
e9ad3f 
 2 files changed, 7 insertions(+), 20 deletions(-)
e9ad3f
e9ad3f 
diff --git a/src/firewall/server/config.py b/src/firewall/server/config.py
e9ad3f 
index 1f832a459915..031ef5d1afaa 100644
e9ad3f 
--- a/src/firewall/server/config.py
e9ad3f 
+++ b/src/firewall/server/config.py
e9ad3f 
@@ -706,22 +706,11 @@ class FirewallDConfig(slip.dbus.service.Object):
e9ad3f 
         self.accessCheck(sender)
e9ad3f
e9ad3f 
         if interface_name == config.dbus.DBUS_INTERFACE_CONFIG:
e9ad3f 
-            if property_name in [ "MinimalMark", "CleanupOnExit", "Lockdown",
e9ad3f 
+            if property_name in [ "CleanupOnExit", "Lockdown",
e9ad3f 
                                   "IPv6_rpfilter", "IndividualCalls",
e9ad3f 
-                                  "LogDenied", "AutomaticHelpers",
e9ad3f 
+                                  "LogDenied",
e9ad3f 
                                   "FirewallBackend", "FlushAllOnReload",
e9ad3f 
                                   "RFC3964_IPv4", "AllowZoneDrifting" ]:
e9ad3f 
-                if property_name == "MinimalMark":
e9ad3f 
-                    try:
e9ad3f 
-                        int(new_value)
e9ad3f 
-                    except ValueError:
e9ad3f 
-                        raise FirewallError(errors.INVALID_MARK, new_value)
e9ad3f 
-                try:
e9ad3f 
-                    new_value = str(new_value)
e9ad3f 
-                except:
e9ad3f 
-                    raise FirewallError(errors.INVALID_VALUE,
e9ad3f 
-                                        "'%s' for %s" % \
e9ad3f 
-                                        (new_value, property_name))
e9ad3f 
                 if property_name in [ "CleanupOnExit", "Lockdown",
e9ad3f 
                                       "IPv6_rpfilter", "IndividualCalls" ]:
e9ad3f 
                     if new_value.lower() not in [ "yes", "no",
e9ad3f 
@@ -734,11 +723,6 @@ class FirewallDConfig(slip.dbus.service.Object):
e9ad3f 
                         raise FirewallError(errors.INVALID_VALUE,
e9ad3f 
                                             "'%s' for %s" % \
e9ad3f 
                                             (new_value, property_name))
e9ad3f 
-                if property_name == "AutomaticHelpers":
e9ad3f 
-                    if new_value not in config.AUTOMATIC_HELPERS_VALUES:
e9ad3f 
-                        raise FirewallError(errors.INVALID_VALUE,
e9ad3f 
-                                            "'%s' for %s" % \
e9ad3f 
-                                            (new_value, property_name))
e9ad3f 
                 if property_name == "FirewallBackend":
e9ad3f 
                     if new_value not in config.FIREWALL_BACKEND_VALUES:
e9ad3f 
                         raise FirewallError(errors.INVALID_VALUE,
e9ad3f 
@@ -764,6 +748,9 @@ class FirewallDConfig(slip.dbus.service.Object):
e9ad3f 
                 self.config.get_firewalld_conf().write()
e9ad3f 
                 self.PropertiesChanged(interface_name,
e9ad3f 
                                        { property_name: new_value }, [ ])
e9ad3f 
+            elif property_name in ["MinimalMark", "AutomaticHelpers"]:
e9ad3f 
+                # deprecated fields. Ignore setting them.
e9ad3f 
+                pass
e9ad3f 
             else:
e9ad3f 
                 raise dbus.exceptions.DBusException(
e9ad3f 
                     "org.freedesktop.DBus.Error.InvalidArgs: "
e9ad3f 
diff --git a/src/tests/dbus/firewalld.conf.at b/src/tests/dbus/firewalld.conf.at
e9ad3f 
index cc15318c78dc..9fc5502a8d0b 100644
e9ad3f 
--- a/src/tests/dbus/firewalld.conf.at
e9ad3f 
+++ b/src/tests/dbus/firewalld.conf.at
e9ad3f 
@@ -37,8 +37,8 @@ $3
e9ad3f 
 ])
e9ad3f
e9ad3f 
 dnl Test individual Set/Get
e9ad3f 
-_helper([MinimalMark], [int32:1234], [variant int32 1234])
e9ad3f 
-_helper([AutomaticHelpers], [string:"no"], [variant string "no"])
e9ad3f 
+_helper([MinimalMark], [int32:1234], [variant int32 100])
e9ad3f 
+_helper([AutomaticHelpers], [string:"yes"], [variant string "no"])
e9ad3f 
 _helper([Lockdown], [string:"yes"], [variant string "yes"])
e9ad3f 
 _helper([LogDenied], [string:"all"], [variant string "all"])
e9ad3f 
 _helper([IPv6_rpfilter], [string:"yes"], [variant string "yes"])
e9ad3f 
--
e9ad3f 
2.27.0
e9ad3f

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation