From 62cd6ece482c7cb04b0bb13d9d5cd92abe595b2c Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Fri, 7 Oct 2011 15:58:09 +0200 Subject: [PATCH] policy: let firewall know about the zone when connection gets updated --- src/nm-policy.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/src/nm-policy.c b/src/nm-policy.c index 669db28b0..efe0a00e6 100644 --- a/src/nm-policy.c +++ b/src/nm-policy.c @@ -47,6 +47,7 @@ #include "nm-vpn-manager.h" #include "nm-policy-hostname.h" #include "nm-manager-auth.h" +#include "nm-firewall-manager.h" struct NMPolicy { NMManager *manager; @@ -60,6 +61,8 @@ struct NMPolicy { gulong vpn_activated_id; gulong vpn_deactivated_id; + NMFirewallManager *fw_manager; + NMSettings *settings; NMDevice *default_device4; @@ -1199,15 +1202,66 @@ connections_loaded (NMSettings *settings, gpointer user_data) schedule_activate_all ((NMPolicy *) user_data); } +static void +add_to_zone_cb (DBusGProxy *proxy, + DBusGProxyCall *call_id, + void *user_data) +{ + GError *error = NULL; + + if (!proxy || !call_id) + return; + + if (!dbus_g_proxy_end_call (proxy, call_id, &error, G_TYPE_INVALID)) { + nm_log_warn (LOGD_DEVICE, "adding iface to zone failed: (%d) %s", + error ? error->code : -1, + error && error->message ? error->message : "(unknown)"); + g_clear_error (&error); + + /* TODO: do we need to do anything else here ? */ + } + +} + +static void +inform_firewall_about_zone (NMPolicy * policy, + NMConnection *connection) +{ + NMSettingConnection *s_con = nm_connection_get_setting_connection(connection); + const char *zone = nm_setting_connection_get_zone(s_con); + const char *uuid = nm_setting_connection_get_uuid(s_con); + GSList *iter, *devices; + + if (!zone) + return; + + devices = nm_manager_get_devices (policy->manager); + for (iter = devices; iter; iter = g_slist_next (iter)) { + NMDevice *dev = NM_DEVICE (iter->data); + NMConnection *dev_connection = get_device_connection (dev); + if (g_strcmp0 (uuid, nm_connection_get_uuid (dev_connection)) == 0) { + nm_firewall_manager_add_to_zone (policy->fw_manager, + nm_device_get_ip_iface(dev), + zone, + add_to_zone_cb, + NULL); + } + } +} + static void connection_updated (NMSettings *settings, NMConnection *connection, gpointer user_data) { + NMPolicy *policy = (NMPolicy *) user_data; + + inform_firewall_about_zone (policy, connection); + /* Reset auto retries back to default since connection was updated */ set_connection_auto_retries (connection, RETRIES_DEFAULT); - schedule_activate_all ((NMPolicy *) user_data); + schedule_activate_all (policy); } static void @@ -1325,6 +1379,8 @@ nm_policy_new (NMManager *manager, G_CALLBACK (vpn_connection_deactivated), policy); policy->vpn_deactivated_id = id; + policy->fw_manager = nm_firewall_manager_get(); + _connect_manager_signal (policy, "state-changed", global_state_changed); _connect_manager_signal (policy, "notify::" NM_MANAGER_HOSTNAME, hostname_changed); _connect_manager_signal (policy, "notify::" NM_MANAGER_SLEEPING, sleeping_changed); @@ -1369,6 +1425,8 @@ nm_policy_destroy (NMPolicy *policy) g_signal_handler_disconnect (policy->vpn_manager, policy->vpn_deactivated_id); g_object_unref (policy->vpn_manager); + g_object_unref (policy->fw_manager); + for (iter = policy->manager_ids; iter; iter = g_slist_next (iter)) g_signal_handler_disconnect (policy->manager, GPOINTER_TO_UINT (iter->data)); g_slist_free (policy->manager_ids);