Commit 128695c4 authored by Jiri Popelka's avatar Jiri Popelka Committed by Dan Williams

firewall-manager: changing the zone an interface belongs to

When we want to change the zone an interface belongs to
we can't use firewalld's addInterface() because this one
doesn't allow to add interface to zone when it already
has been part of some other/same zone.
We need to use changeZone() method instead - hopefuly
this is the final name of this method.
parent b2d4f66d
......@@ -73,7 +73,7 @@ cb_info_free (CBInfo *info)
}
static void
add_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data)
add_or_change_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data)
{
CBInfo *info = user_data;
GError *error = NULL;
......@@ -83,7 +83,7 @@ add_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data)
G_TYPE_STRING, &zone,
G_TYPE_INVALID)) {
g_assert (error);
nm_log_warn (LOGD_FIREWALL, "(%s) firewall zone add failed: (%d) %s",
nm_log_warn (LOGD_FIREWALL, "(%s) firewall zone add/change failed: (%d) %s",
info->iface, error->code, error->message);
}
......@@ -94,18 +94,19 @@ add_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data)
}
gpointer
nm_firewall_manager_add_to_zone (NMFirewallManager *self,
const char *iface,
const char *zone,
FwAddToZoneFunc callback,
gpointer user_data1,
gpointer user_data2)
nm_firewall_manager_add_or_change_zone (NMFirewallManager *self,
const char *iface,
const char *zone,
gboolean add, /* TRUE == add, FALSE == change */
FwAddToZoneFunc callback,
gpointer user_data1,
gpointer user_data2)
{
NMFirewallManagerPrivate *priv = NM_FIREWALL_MANAGER_GET_PRIVATE (self);
CBInfo *info;
if (priv->running == FALSE) {
nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone add skipped (not running)", iface);
nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone add/change skipped (not running)", iface);
callback (NULL, user_data1, user_data2);
return NULL;
}
......@@ -116,10 +117,10 @@ nm_firewall_manager_add_to_zone (NMFirewallManager *self,
info->user_data1 = user_data1;
info->user_data2 = user_data2;
nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone add -> %s", iface, zone );
nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone %s -> %s", iface, add ? "add" : "change", zone);
return dbus_g_proxy_begin_call_with_timeout (priv->proxy,
"addInterface",
add_cb,
add ? "addInterface" : "changeZone",
add_or_change_cb,
info,
(GDestroyNotify) cb_info_free,
10000, /* timeout */
......
......@@ -60,12 +60,13 @@ typedef void (*FwAddToZoneFunc) (GError *error,
gpointer user_data1,
gpointer user_data2);
gpointer nm_firewall_manager_add_to_zone (NMFirewallManager *mgr,
const char *iface,
const char *zone,
FwAddToZoneFunc callback,
gpointer user_data1,
gpointer user_data2);
gpointer nm_firewall_manager_add_or_change_zone (NMFirewallManager *mgr,
const char *iface,
const char *zone,
gboolean add,
FwAddToZoneFunc callback,
gpointer user_data1,
gpointer user_data2);
gpointer nm_firewall_manager_remove_from_zone (NMFirewallManager *mgr,
const char *iface,
const char *zone);
......
......@@ -2742,9 +2742,10 @@ fw_add_to_zone (NMDevice *self, int family)
connection = nm_device_get_connection (self);
g_assert (connection);
s_con = nm_connection_get_setting_connection (connection);
priv->fw_call = nm_firewall_manager_add_to_zone (priv->fw_manager,
priv->fw_call = nm_firewall_manager_add_or_change_zone (priv->fw_manager,
nm_device_get_ip_iface (self),
nm_setting_connection_get_zone (s_con),
TRUE,
fw_add_to_zone_cb,
self,
GINT_TO_POINTER (family));
......
......@@ -1251,7 +1251,7 @@ connections_loaded (NMSettings *settings, gpointer user_data)
}
static void
add_to_zone_cb (GError *error,
add_or_change_zone_cb (GError *error,
gpointer user_data1,
gpointer user_data2)
{
......@@ -1265,23 +1265,25 @@ add_to_zone_cb (GError *error,
}
static void
inform_firewall_about_zone (NMPolicy *policy, NMConnection *connection)
firewall_update_zone (NMPolicy *policy, NMConnection *connection)
{
NMSettingConnection *s_con = nm_connection_get_setting_connection (connection);
GSList *iter, *devices;
devices = nm_manager_get_devices (policy->manager);
/* find dev with passed connection and change zone its interface belongs to */
for (iter = devices; iter; iter = g_slist_next (iter)) {
NMDevice *dev = NM_DEVICE (iter->data);
if ( (get_device_connection (dev) == connection)
&& (nm_device_get_state (dev) == NM_DEVICE_STATE_ACTIVATED)) {
nm_firewall_manager_add_to_zone (policy->fw_manager,
nm_device_get_ip_iface (dev),
nm_setting_connection_get_zone (s_con),
add_to_zone_cb,
g_object_ref (dev),
NULL);
nm_firewall_manager_add_or_change_zone (policy->fw_manager,
nm_device_get_ip_iface (dev),
nm_setting_connection_get_zone (s_con),
FALSE, /* change zone */
add_or_change_zone_cb,
g_object_ref (dev),
NULL);
}
}
}
......@@ -1296,18 +1298,20 @@ firewall_started (NMFirewallManager *manager,
GSList *iter, *devices;
devices = nm_manager_get_devices (policy->manager);
/* add interface of each device to correct zone */
for (iter = devices; iter; iter = g_slist_next (iter)) {
NMDevice *dev = NM_DEVICE (iter->data);
connection = get_device_connection (dev);
s_con = nm_connection_get_setting_connection (connection);
if (nm_device_get_state (dev) == NM_DEVICE_STATE_ACTIVATED) {
nm_firewall_manager_add_to_zone (policy->fw_manager,
nm_device_get_ip_iface (dev),
nm_setting_connection_get_zone (s_con),
add_to_zone_cb,
g_object_ref (dev),
NULL);
nm_firewall_manager_add_or_change_zone (policy->fw_manager,
nm_device_get_ip_iface (dev),
nm_setting_connection_get_zone (s_con),
TRUE, /* add zone */
add_or_change_zone_cb,
g_object_ref (dev),
NULL);
}
}
}
......@@ -1319,7 +1323,7 @@ connection_updated (NMSettings *settings,
{
NMPolicy *policy = (NMPolicy *) user_data;
inform_firewall_about_zone (policy, connection);
firewall_update_zone (policy, connection);
/* Reset auto retries back to default since connection was updated */
set_connection_auto_retries (connection, RETRIES_DEFAULT);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment