policy: let firewall know about the zone when connection gets updated

2011-10-07 15:58:09 +02:00
parent 1c0aeb4575
commit 62cd6ece48
1 changed files with 59 additions and 1 deletions
--- a/src/nm-policy.c
+++ b/src/nm-policy.c
@@ -47,6 +47,7 @@
 #include "nm-vpn-manager.h"
 #include "nm-policy-hostname.h"
 #include "nm-manager-auth.h"
+#include "nm-firewall-manager.h"

 struct NMPolicy {
 	NMManager *manager;
@@ -60,6 +61,8 @@ struct NMPolicy {
 	gulong vpn_activated_id;
 	gulong vpn_deactivated_id;

+	NMFirewallManager *fw_manager;
+
 	NMSettings *settings;

 	NMDevice *default_device4;
@@ -1199,15 +1202,66 @@ connections_loaded (NMSettings *settings, gpointer user_data)
 	schedule_activate_all ((NMPolicy *) user_data);
 }

+static void
+add_to_zone_cb (DBusGProxy       *proxy,
+                DBusGProxyCall   *call_id,
+                void             *user_data)
+{
+	GError *error = NULL;
+
+	if (!proxy || !call_id)
+		return;
+
+	if (!dbus_g_proxy_end_call (proxy, call_id, &error, G_TYPE_INVALID)) {
+		nm_log_warn (LOGD_DEVICE, "adding iface to zone failed: (%d) %s",
+				     error ? error->code : -1,
+				     error && error->message ? error->message : "(unknown)");
+		g_clear_error (&error);
+
+		/* TODO: do we need to do anything else here ? */
+	}
+
+}
+
+static void
+inform_firewall_about_zone (NMPolicy * policy,
+                            NMConnection *connection)
+{
+	NMSettingConnection *s_con = nm_connection_get_setting_connection(connection);
+	const char *zone = nm_setting_connection_get_zone(s_con);
+	const char *uuid = nm_setting_connection_get_uuid(s_con);
+	GSList *iter, *devices;
+
+	if (!zone)
+		return;
+
+	devices = nm_manager_get_devices (policy->manager);
+	for (iter = devices; iter; iter = g_slist_next (iter)) {
+		NMDevice *dev = NM_DEVICE (iter->data);
+		NMConnection *dev_connection = get_device_connection (dev);
+		if (g_strcmp0 (uuid, nm_connection_get_uuid (dev_connection)) == 0) {
+			nm_firewall_manager_add_to_zone (policy->fw_manager,
+			                                 nm_device_get_ip_iface(dev),
+			                                 zone,
+			                                 add_to_zone_cb,
+			                                 NULL);
+		}
+	}
+}
+
 static void
 connection_updated (NMSettings *settings,
                    NMConnection *connection,
                    gpointer user_data)
 {
+	NMPolicy *policy = (NMPolicy *) user_data;
+
+	inform_firewall_about_zone (policy, connection);
+
 	/* Reset auto retries back to default since connection was updated */
 	set_connection_auto_retries (connection, RETRIES_DEFAULT);

-	schedule_activate_all ((NMPolicy *) user_data);
+	schedule_activate_all (policy);
 }

 static void
@@ -1325,6 +1379,8 @@ nm_policy_new (NMManager *manager,
 	                       G_CALLBACK (vpn_connection_deactivated), policy);
 	policy->vpn_deactivated_id = id;

+	policy->fw_manager = nm_firewall_manager_get();
+
 	_connect_manager_signal (policy, "state-changed", global_state_changed);
 	_connect_manager_signal (policy, "notify::" NM_MANAGER_HOSTNAME, hostname_changed);
 	_connect_manager_signal (policy, "notify::" NM_MANAGER_SLEEPING, sleeping_changed);
@@ -1369,6 +1425,8 @@ nm_policy_destroy (NMPolicy *policy)
 	g_signal_handler_disconnect (policy->vpn_manager, policy->vpn_deactivated_id);
 	g_object_unref (policy->vpn_manager);

+	g_object_unref (policy->fw_manager);
+
 	for (iter = policy->manager_ids; iter; iter = g_slist_next (iter))
 		g_signal_handler_disconnect (policy->manager, GPOINTER_TO_UINT (iter->data));
 	g_slist_free (policy->manager_ids);