From 9c26e2d1eb45c5afc0e6430d2736aeefe9f07cf1 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Mon, 25 Jan 2021 11:29:48 -0500
Subject: [PATCH 04/22] fix(dbus): conf: setting deprecated properties should
be ignored
They weren't being written to the config file, but the runtime dbus
values were being changed.
(cherry picked from commit 9001e0cfc18fdcf8526d774fad396414d223c70a)
(cherry picked from commit e8451a455461b5cf177ea8a9aaab7a5e5100991b)
---
src/firewall/server/config.py | 23 +++++------------------
src/tests/dbus/firewalld.conf.at | 4 ++--
2 files changed, 7 insertions(+), 20 deletions(-)
diff --git a/src/firewall/server/config.py b/src/firewall/server/config.py
index 1f832a459915..031ef5d1afaa 100644
--- a/src/firewall/server/config.py
+++ b/src/firewall/server/config.py
@@ -706,22 +706,11 @@ class FirewallDConfig(slip.dbus.service.Object):
self.accessCheck(sender)
if interface_name == config.dbus.DBUS_INTERFACE_CONFIG:
- if property_name in [ "MinimalMark", "CleanupOnExit", "Lockdown",
+ if property_name in [ "CleanupOnExit", "Lockdown",
"IPv6_rpfilter", "IndividualCalls",
- "LogDenied", "AutomaticHelpers",
+ "LogDenied",
"FirewallBackend", "FlushAllOnReload",
"RFC3964_IPv4", "AllowZoneDrifting" ]:
- if property_name == "MinimalMark":
- try:
- int(new_value)
- except ValueError:
- raise FirewallError(errors.INVALID_MARK, new_value)
- try:
- new_value = str(new_value)
- except:
- raise FirewallError(errors.INVALID_VALUE,
- "'%s' for %s" % \
- (new_value, property_name))
if property_name in [ "CleanupOnExit", "Lockdown",
"IPv6_rpfilter", "IndividualCalls" ]:
if new_value.lower() not in [ "yes", "no",
@@ -734,11 +723,6 @@ class FirewallDConfig(slip.dbus.service.Object):
raise FirewallError(errors.INVALID_VALUE,
"'%s' for %s" % \
(new_value, property_name))
- if property_name == "AutomaticHelpers":
- if new_value not in config.AUTOMATIC_HELPERS_VALUES:
- raise FirewallError(errors.INVALID_VALUE,
- "'%s' for %s" % \
- (new_value, property_name))
if property_name == "FirewallBackend":
if new_value not in config.FIREWALL_BACKEND_VALUES:
raise FirewallError(errors.INVALID_VALUE,
@@ -764,6 +748,9 @@ class FirewallDConfig(slip.dbus.service.Object):
self.config.get_firewalld_conf().write()
self.PropertiesChanged(interface_name,
{ property_name: new_value }, [ ])
+ elif property_name in ["MinimalMark", "AutomaticHelpers"]:
+ # deprecated fields. Ignore setting them.
+ pass
else:
raise dbus.exceptions.DBusException(
"org.freedesktop.DBus.Error.InvalidArgs: "
diff --git a/src/tests/dbus/firewalld.conf.at b/src/tests/dbus/firewalld.conf.at
index cc15318c78dc..9fc5502a8d0b 100644
--- a/src/tests/dbus/firewalld.conf.at
+++ b/src/tests/dbus/firewalld.conf.at
@@ -37,8 +37,8 @@ $3
])
dnl Test individual Set/Get
-_helper([MinimalMark], [int32:1234], [variant int32 1234])
-_helper([AutomaticHelpers], [string:"no"], [variant string "no"])
+_helper([MinimalMark], [int32:1234], [variant int32 100])
+_helper([AutomaticHelpers], [string:"yes"], [variant string "no"])
_helper([Lockdown], [string:"yes"], [variant string "yes"])
_helper([LogDenied], [string:"all"], [variant string "all"])
_helper([IPv6_rpfilter], [string:"yes"], [variant string "yes"])
--
2.27.0