[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
03/14: services: static-networking: Sanitize <network-address> values.
From: |
guix-commits |
Subject: |
03/14: services: static-networking: Sanitize <network-address> values. |
Date: |
Mon, 20 Dec 2021 10:24:11 -0500 (EST) |
civodul pushed a commit to branch master
in repository guix.
commit 4df584aeac56fb6575ba43bc94f60f04522caf88
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Sat Dec 18 17:55:04 2021 +0100
services: static-networking: Sanitize <network-address> values.
This makes sure users do not mistakenly configuring a network with "/0"
as its netmask.
* gnu/services/base.scm (assert-valid-address): New procedure.
(<network-address>)[value]: Add it as 'sanitize'.
---
gnu/services/base.scm | 28 ++++++++++++++++++++++++++--
1 file changed, 26 insertions(+), 2 deletions(-)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 5f93483..49ec856 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -35,8 +35,9 @@
(define-module (gnu services base)
#:use-module (guix store)
#:use-module (guix deprecation)
- #:autoload (guix diagnostics) (warning)
+ #:autoload (guix diagnostics) (warning &fix-hint)
#:autoload (guix i18n) (G_)
+ #:use-module (guix combinators)
#:use-module (gnu services)
#:use-module (gnu services admin)
#:use-module (gnu services shepherd)
@@ -72,6 +73,8 @@
#:use-module (guix i18n)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
+ #:use-module (srfi srfi-34)
+ #:use-module (srfi srfi-35)
#:use-module (ice-9 match)
#:use-module (ice-9 format)
#:re-export (user-processes-service-type ;backwards compatibility
@@ -2388,6 +2391,26 @@ Linux @dfn{kernel mode setting} (KMS).")))
"Return true if STR denotes an IPv6 address."
(false-if-exception (->bool (inet-pton AF_INET6 str))))
+(define-compile-time-procedure (assert-valid-address (address string?))
+ "Ensure ADDRESS has a valid netmask."
+ (unless (or (cidr->netmask address)
+ (and=> (false-if-exception (inet-pton AF_INET address))
+ (cut = INADDR_LOOPBACK <>))
+ (and=> (false-if-exception (inet-pton AF_INET6 address))
+ (cut = 1 <>)))
+ (raise
+ (make-compound-condition
+ (formatted-message (G_ "address '~a' lacks a network mask")
+ address)
+ (condition (&error-location
+ (location
+ (source-properties->location procedure-call-location))))
+ (condition (&fix-hint
+ (hint (format #f (G_ "\
+Write, say, @samp{\"~a/24\"} for a 24-bit network mask.")
+ address)))))))
+ address)
+
(define-record-type* <static-networking>
static-networking make-static-networking
static-networking?
@@ -2405,7 +2428,8 @@ Linux @dfn{kernel mode setting} (KMS).")))
network-address make-network-address
network-address?
(device network-address-device) ;string--e.g., "en01"
- (value network-address-value) ;string--CIDR notation
+ (value network-address-value ;string--CIDR notation
+ (sanitize assert-valid-address))
(ipv6? network-address-ipv6? ;Boolean
(thunked)
(default
- 06/14: gnu: Add udpcast, (continued)
- 06/14: gnu: Add udpcast, guix-commits, 2021/12/20
- 10/14: doc: Fix wrong home-shepherd-configuration data type., guix-commits, 2021/12/20
- 14/14: doc: Remove extra closing paren., guix-commits, 2021/12/20
- 01/14: build-system/meson: Define build variables when cross-compiling., guix-commits, 2021/12/20
- 04/14: gnu: rust-rayon@1.5: Update dependencies., guix-commits, 2021/12/20
- 13/14: gnu: Add tkrev., guix-commits, 2021/12/20
- 08/14: gnu: rcs: Install man page for rcsfreeze., guix-commits, 2021/12/20
- 11/14: gnu: ghc-microlens: Update home page., guix-commits, 2021/12/20
- 02/14: combinators: Add 'define-compile-time-procedure'., guix-commits, 2021/12/20
- 07/14: doc: cookbook: Simplify inputs in examples., guix-commits, 2021/12/20
- 03/14: services: static-networking: Sanitize <network-address> values.,
guix-commits <=
- 09/14: gnu: Add rcshist., guix-commits, 2021/12/20