firewall-manager: add interfaces to zones after firewall (re)start

Because firewalld has no idea what interface is part of which zone
we need to inform it after it (re)starts what interface belongs to which
zone.

src/firewall-manager/nm-firewall-manager.c

@@ -47,6 +47,14 @@ typedef struct {
 	gboolean        disposed;
 } NMFirewallManagerPrivate;
 
+enum {
+	STARTED,
+
+	LAST_SIGNAL
+};
+
+static guint signals[LAST_SIGNAL] = { 0 };
+
 /********************************************************************/
 
 typedef struct {
@@ -204,6 +212,7 @@ name_owner_changed (NMDBusManager *dbus_mgr,
 	if (!old_owner_good && new_owner_good) {
 		nm_log_dbg (LOGD_FIREWALL, "firewall started");
 		set_running (self, TRUE);
+		g_signal_emit (self, signals[STARTED], 0);
 	} else if (old_owner_good && !new_owner_good) {
 		nm_log_dbg (LOGD_FIREWALL, "firewall stopped");
 		set_running (self, FALSE);
@@ -306,5 +315,15 @@ nm_firewall_manager_class_init (NMFirewallManagerClass *klass)
 		                      "Available",
 		                      FALSE,
 		                      G_PARAM_READABLE));
+
+	signals[STARTED] =
+		g_signal_new ("started",
+					  G_OBJECT_CLASS_TYPE (object_class),
+					  G_SIGNAL_RUN_FIRST,
+					  G_STRUCT_OFFSET (NMFirewallManagerClass, started),
+					  NULL, NULL,
+					  g_cclosure_marshal_VOID__VOID,
+					  G_TYPE_NONE, 0);
+
 }
 

src/firewall-manager/nm-firewall-manager.h

@@ -47,6 +47,9 @@ typedef struct {
 
 typedef struct {
 	GObjectClass parent;
+
+	/* Signals */
+	void (*started) (NMFirewallManager *manager);
 } NMFirewallManagerClass;
 
 GType nm_firewall_manager_get_type (void);

src/nm-policy.c

@@ -55,6 +55,7 @@ struct NMPolicy {
 	gulong vpn_deactivated_id;
 
 	NMFirewallManager *fw_manager;
+	gulong fw_started_id;
 
 	NMSettings *settings;
 
@@ -1285,6 +1286,32 @@ inform_firewall_about_zone (NMPolicy *policy, NMConnection *connection)
 	}
 }
 
+static void
+firewall_started (NMFirewallManager *manager,
+                  gpointer user_data)
+{
+	NMPolicy *policy = (NMPolicy *) user_data;
+	NMConnection *connection;
+	NMSettingConnection *s_con;
+	GSList *iter, *devices;
+
+	devices = nm_manager_get_devices (policy->manager);
+	for (iter = devices; iter; iter = g_slist_next (iter)) {
+		NMDevice *dev = NM_DEVICE (iter->data);
+
+		connection = get_device_connection (dev);
+		s_con = nm_connection_get_setting_connection (connection);
+		if (nm_device_get_state (dev) == NM_DEVICE_STATE_ACTIVATED) {
+			nm_firewall_manager_add_to_zone (policy->fw_manager,
+			                                 nm_device_get_ip_iface (dev),
+			                                 nm_setting_connection_get_zone (s_con),
+			                                 add_to_zone_cb,
+			                                 g_object_ref (dev),
+			                                 NULL);
+		}
+	}
+}
+
 static void
 connection_updated (NMSettings *settings,
                     NMConnection *connection,
@@ -1416,6 +1443,9 @@ nm_policy_new (NMManager *manager,
 	policy->vpn_deactivated_id = id;
 
 	policy->fw_manager = nm_firewall_manager_get();
+	id = g_signal_connect (policy->fw_manager, "started",
+	                       G_CALLBACK (firewall_started), policy);
+	policy->fw_started_id = id;
 
 	_connect_manager_signal (policy, "state-changed", global_state_changed);
 	_connect_manager_signal (policy, "notify::" NM_MANAGER_HOSTNAME, hostname_changed);
@@ -1461,6 +1491,7 @@ nm_policy_destroy (NMPolicy *policy)
 	g_signal_handler_disconnect (policy->vpn_manager, policy->vpn_deactivated_id);
 	g_object_unref (policy->vpn_manager);
 
+	g_signal_handler_disconnect (policy->fw_manager, policy->fw_started_id);
 	g_object_unref (policy->fw_manager);
 
 	for (iter = policy->manager_ids; iter; iter = g_slist_next (iter))