commit a17ce5042e807fe9e515cdc2a538fe68893983ba
Author: Thomas Woerner <twoerner@redhat.com>
Date: Wed Jul 27 19:36:52 2016 +0200
firewall.command: Do not use query methods for sequences and also single options
The call of the query method is not needed with deactivating the exception
handler while calling the action method. This also makes a mutating call
like addService behaving the same if lockdown is enabled and the call not
allowed.
diff --git a/src/firewall/command.py b/src/firewall/command.py
index 74ee8b2..8e68a04 100644
--- a/src/firewall/command.py
+++ b/src/firewall/command.py
@@ -102,45 +102,14 @@ class FirewallCommand(object):
except Exception as msg:
if len(option) > 1:
self.print_warning("Warning: %s" % msg)
+ _errors += 1
continue
else:
code = FirewallError.get_code(msg)
self.print_and_exit("Error: %s" % msg, code)
+ _errors += 1
- call_item = [ ]
- if start_args is not None:
- call_item += start_args
- if not isinstance(item, list) and not isinstance(item, tuple):
- call_item.append(item)
- else:
- call_item += item
- self.deactivate_exception_handler()
- try:
- if cmd_type == "add" and not query_method(*call_item):
- items.append(item)
- elif cmd_type == "remove" and query_method(*call_item):
- items.append(item)
- else:
- if len(option) > 1:
- self.print_warning("Warning: %s: %s" % \
- (warn_type[cmd_type],
- message % item))
- else:
- code = FirewallError.get_code(warn_type[cmd_type])
- self.print_and_exit("Error: %s: %s" % \
- (warn_type[cmd_type],
- message % item), code)
- _errors += 1
- except DBusException as msg:
- code = FirewallError.get_code(msg.get_dbus_message())
- if len(option) > 1:
- self.print_warning("Warning: %s" % msg.get_dbus_message())
- continue
- else:
- self.print_and_exit("Error: %s" % msg.get_dbus_message(),
- code)
- _errors += 1
- self.activate_exception_handler()
+ items.append(item)
for item in items:
call_item = [ ]
@@ -152,6 +121,7 @@ class FirewallCommand(object):
call_item += item
if end_args is not None:
call_item += end_args
+ self.deactivate_exception_handler()
try:
action_method(*call_item)
except DBusException as msg:
@@ -162,8 +132,11 @@ class FirewallCommand(object):
self.print_and_exit("Error: %s" % msg.get_dbus_message(),
code)
_errors += 1
+ self.activate_exception_handler()
if _errors == len(option) and not no_exit:
+ sys.exit(errors.UNKNOWN_ERROR)
+ elif not no_exit:
sys.exit(0)
def add_sequence(self, option, action_method, query_method, parse_method,
commit 229ac2900deab6cac6dc9f07da73a353af5998d1
Author: Thomas Woerner <twoerner@redhat.com>
Date: Wed Jul 27 21:01:37 2016 +0200
firewall.command: Add the removed FirewallError handling to the action (a17ce50)
Also drops the with a17ce50 unused warn_type dict and the added sys.exit(0)
call again.
diff --git a/src/firewall/command.py b/src/firewall/command.py
index 8e68a04..7964fab 100644
--- a/src/firewall/command.py
+++ b/src/firewall/command.py
@@ -87,10 +87,6 @@ class FirewallCommand(object):
def __cmd_sequence(self, cmd_type, option, action_method, query_method,
parse_method, message, start_args=None, end_args=None,
no_exit=False):
- warn_type = {
- "add": "ALREADY_ENABLED",
- "remove": "NOT_ENABLED",
- }
if self.fw is not None:
self.fw.authorizeAll()
items = [ ]
@@ -132,12 +128,19 @@ class FirewallCommand(object):
self.print_and_exit("Error: %s" % msg.get_dbus_message(),
code)
_errors += 1
+ except Exception as msg:
+ if len(option) > 1:
+ self.print_warning("Warning: %s" % msg)
+ _errors += 1
+ continue
+ else:
+ code = FirewallError.get_code(str(msg))
+ self.print_and_exit("Error: %s" % msg, code)
+ _errors += 1
self.activate_exception_handler()
if _errors == len(option) and not no_exit:
sys.exit(errors.UNKNOWN_ERROR)
- elif not no_exit:
- sys.exit(0)
def add_sequence(self, option, action_method, query_method, parse_method,
message, no_exit=False):
commit 192a563e444a03d06560d5598f255a3cc42c04ab
Author: Thomas Woerner <twoerner@redhat.com>
Date: Wed Jul 27 21:56:58 2016 +0200
firewall.client: Use {ALREADY,NOT}_ENABLED errors in icmptype destination calls
This been hidden by the query calls in the commands before.
diff --git a/src/firewall/client.py b/src/firewall/client.py
index 2eca855..e2434ce 100644
--- a/src/firewall/client.py
+++ b/src/firewall/client.py
@@ -1460,14 +1460,14 @@ class FirewallClientIcmpTypeSettings(object):
def addDestination(self, destination):
if destination not in self.settings[3]:
self.settings[3].append(destination)
+ else:
+ raise FirewallError(errors.ALREADY_ENABLED, destination)
@handle_exceptions
def removeDestination(self, destination):
if destination in self.settings[3]:
self.settings[3].remove(destination)
- # empty means all
- elif not self.settings[3]:
- self.setDestinations(list(set(['ipv4','ipv6']) - \
- set([destination])))
+ else:
+ raise FirewallError(errors.NOT_ENABLED, destination)
@handle_exceptions
def queryDestination(self, destination):
commit 192a563e444a03d06560d5598f255a3cc42c04ab
Author: Thomas Woerner <twoerner@redhat.com>
Date: Wed Jul 27 21:56:58 2016 +0200
firewall.client: Use {ALREADY,NOT}_ENABLED errors in icmptype destination calls
This been hidden by the query calls in the commands before.
commit 0061429920ffff6e47cfcbfa7541badf3af88b8e
Author: Thomas Woerner <twoerner@redhat.com>
Date: Thu Jul 28 12:48:06 2016 +0200
firewall.client: Fix NOT_ENABLED errors in icmptype destination calls
The former patch accidently removed the empty setting case.
diff --git a/src/firewall/client.py b/src/firewall/client.py
index e2434ce..f6fbf86 100644
--- a/src/firewall/client.py
+++ b/src/firewall/client.py
@@ -1466,6 +1466,10 @@ class FirewallClientIcmpTypeSettings(object):
def removeDestination(self, destination):
if destination in self.settings[3]:
self.settings[3].remove(destination)
+ # empty means all
+ elif not self.settings[3]:
+ self.setDestinations(list(set(['ipv4','ipv6']) - \
+ set([destination])))
else:
raise FirewallError(errors.NOT_ENABLED, destination)
commit 4970490018ef97b589982a8fbd3c68f19aa090d9
Author: Thomas Woerner <twoerner@redhat.com>
Date: Thu Jul 28 13:06:59 2016 +0200
firewall.client: Fix ALREADY_ENABLED errors in icmptype destination calls
There needs to be an additional check for an empty setting, which means that
the destination is enabled already.
diff --git a/src/firewall/client.py b/src/firewall/client.py
index f6fbf86..177a74e 100644
--- a/src/firewall/client.py
+++ b/src/firewall/client.py
@@ -1458,7 +1458,10 @@ class FirewallClientIcmpTypeSettings(object):
self.settings[3] = destinations
@handle_exceptions
def addDestination(self, destination):
- if destination not in self.settings[3]:
+ # empty means all
+ if not self.settings[3]:
+ raise FirewallError(errors.ALREADY_ENABLED, destination)
+ elif destination not in self.settings[3]:
self.settings[3].append(destination)
else:
raise FirewallError(errors.ALREADY_ENABLED, destination)