From b2d4f66dd3bcc5c036f2942f25b1fe73e6a31c62 Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Thu, 1 Mar 2012 18:54:22 +0100 Subject: [PATCH] firewall-manager: add interfaces to zones after firewall (re)start Because firewalld has no idea what interface is part of which zone we need to inform it after it (re)starts what interface belongs to which zone. --- src/firewall-manager/nm-firewall-manager.c | 19 +++++++++++++ src/firewall-manager/nm-firewall-manager.h | 3 +++ src/nm-policy.c | 31 ++++++++++++++++++++++ 3 files changed, 53 insertions(+) diff --git a/src/firewall-manager/nm-firewall-manager.c b/src/firewall-manager/nm-firewall-manager.c index b2fd1ce4dd..d9122af06c 100644 --- a/src/firewall-manager/nm-firewall-manager.c +++ b/src/firewall-manager/nm-firewall-manager.c @@ -47,6 +47,14 @@ typedef struct { gboolean disposed; } NMFirewallManagerPrivate; +enum { + STARTED, + + LAST_SIGNAL +}; + +static guint signals[LAST_SIGNAL] = { 0 }; + /********************************************************************/ typedef struct { @@ -204,6 +212,7 @@ name_owner_changed (NMDBusManager *dbus_mgr, if (!old_owner_good && new_owner_good) { nm_log_dbg (LOGD_FIREWALL, "firewall started"); set_running (self, TRUE); + g_signal_emit (self, signals[STARTED], 0); } else if (old_owner_good && !new_owner_good) { nm_log_dbg (LOGD_FIREWALL, "firewall stopped"); set_running (self, FALSE); @@ -306,5 +315,15 @@ nm_firewall_manager_class_init (NMFirewallManagerClass *klass) "Available", FALSE, G_PARAM_READABLE)); + + signals[STARTED] = + g_signal_new ("started", + G_OBJECT_CLASS_TYPE (object_class), + G_SIGNAL_RUN_FIRST, + G_STRUCT_OFFSET (NMFirewallManagerClass, started), + NULL, NULL, + g_cclosure_marshal_VOID__VOID, + G_TYPE_NONE, 0); + } diff --git a/src/firewall-manager/nm-firewall-manager.h b/src/firewall-manager/nm-firewall-manager.h index b6d6da7153..ffc6a30a2e 100644 --- a/src/firewall-manager/nm-firewall-manager.h +++ b/src/firewall-manager/nm-firewall-manager.h @@ -47,6 +47,9 @@ typedef struct { typedef struct { GObjectClass parent; + + /* Signals */ + void (*started) (NMFirewallManager *manager); } NMFirewallManagerClass; GType nm_firewall_manager_get_type (void); diff --git a/src/nm-policy.c b/src/nm-policy.c index 65ef1b8057..5ea41c5f71 100644 --- a/src/nm-policy.c +++ b/src/nm-policy.c @@ -55,6 +55,7 @@ struct NMPolicy { gulong vpn_deactivated_id; NMFirewallManager *fw_manager; + gulong fw_started_id; NMSettings *settings; @@ -1285,6 +1286,32 @@ inform_firewall_about_zone (NMPolicy *policy, NMConnection *connection) } } +static void +firewall_started (NMFirewallManager *manager, + gpointer user_data) +{ + NMPolicy *policy = (NMPolicy *) user_data; + NMConnection *connection; + NMSettingConnection *s_con; + GSList *iter, *devices; + + devices = nm_manager_get_devices (policy->manager); + for (iter = devices; iter; iter = g_slist_next (iter)) { + NMDevice *dev = NM_DEVICE (iter->data); + + connection = get_device_connection (dev); + s_con = nm_connection_get_setting_connection (connection); + if (nm_device_get_state (dev) == NM_DEVICE_STATE_ACTIVATED) { + nm_firewall_manager_add_to_zone (policy->fw_manager, + nm_device_get_ip_iface (dev), + nm_setting_connection_get_zone (s_con), + add_to_zone_cb, + g_object_ref (dev), + NULL); + } + } +} + static void connection_updated (NMSettings *settings, NMConnection *connection, @@ -1416,6 +1443,9 @@ nm_policy_new (NMManager *manager, policy->vpn_deactivated_id = id; policy->fw_manager = nm_firewall_manager_get(); + id = g_signal_connect (policy->fw_manager, "started", + G_CALLBACK (firewall_started), policy); + policy->fw_started_id = id; _connect_manager_signal (policy, "state-changed", global_state_changed); _connect_manager_signal (policy, "notify::" NM_MANAGER_HOSTNAME, hostname_changed); @@ -1461,6 +1491,7 @@ nm_policy_destroy (NMPolicy *policy) g_signal_handler_disconnect (policy->vpn_manager, policy->vpn_deactivated_id); g_object_unref (policy->vpn_manager); + g_signal_handler_disconnect (policy->fw_manager, policy->fw_started_id); g_object_unref (policy->fw_manager); for (iter = policy->manager_ids; iter; iter = g_slist_next (iter))