2013-03-27 12:17:42 +00:00
|
|
|
diff -up system-config-printer-1.3.13/firewallsettings.py.FirewallD system-config-printer-1.3.13/firewallsettings.py
|
|
|
|
--- system-config-printer-1.3.13/firewallsettings.py.FirewallD 2013-03-27 11:59:30.784128632 +0000
|
|
|
|
+++ system-config-printer-1.3.13/firewallsettings.py 2013-03-27 11:59:30.784128632 +0000
|
2012-09-21 12:00:23 +00:00
|
|
|
@@ -0,0 +1,279 @@
|
|
|
|
+#!/usr/bin/python
|
|
|
|
+
|
|
|
|
+## system-config-printer
|
|
|
|
+
|
|
|
|
+## Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Red Hat, Inc.
|
|
|
|
+## Authors:
|
|
|
|
+## Tim Waugh <twaugh@redhat.com>
|
|
|
|
+
|
|
|
|
+## This program is free software; you can redistribute it and/or modify
|
|
|
|
+## it under the terms of the GNU General Public License as published by
|
|
|
|
+## the Free Software Foundation; either version 2 of the License, or
|
|
|
|
+## (at your option) any later version.
|
|
|
|
+
|
|
|
|
+## This program is distributed in the hope that it will be useful,
|
|
|
|
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
+## GNU General Public License for more details.
|
|
|
|
+
|
|
|
|
+## You should have received a copy of the GNU General Public License
|
|
|
|
+## along with this program; if not, write to the Free Software
|
|
|
|
+## Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
+
|
|
|
|
+# config is generated from config.py.in by configure
|
|
|
|
+import config
|
|
|
|
+
|
|
|
|
+import dbus
|
|
|
|
+import json
|
|
|
|
+from debug import *
|
|
|
|
+
|
|
|
|
+IPP_CLIENT_SERVICE = "ipp-client"
|
|
|
|
+IPP_CLIENT_PORT = "631"
|
|
|
|
+IPP_CLIENT_PROTOCOL = "udp"
|
|
|
|
+IPP_SERVER_SERVICE = "ipp"
|
|
|
|
+IPP_SERVER_PORT = "631"
|
|
|
|
+IPP_SERVER_PROTOCOL = "tcp"
|
|
|
|
+MDNS_SERVICE = "mdns"
|
|
|
|
+MDNS_PORT = "5353"
|
|
|
|
+MDNS_PROTOCOL = "udp"
|
|
|
|
+SAMBA_CLIENT_SERVICE = "samba-client"
|
|
|
|
+
|
|
|
|
+class FirewallD:
|
|
|
|
+ DBUS_INTERFACE = "org.fedoraproject.FirewallD1"
|
|
|
|
+ DBUS_INTERFACE_ZONE = DBUS_INTERFACE+".zone"
|
|
|
|
+ DBUS_INTERFACE_CONFIG = DBUS_INTERFACE+".config"
|
|
|
|
+ DBUS_PATH = "/org/fedoraproject/FirewallD1"
|
|
|
|
+ DBUS_PATH_CONFIG = DBUS_PATH+"/config"
|
|
|
|
+ services_idx = 5
|
|
|
|
+ ports_idx = 6
|
|
|
|
+ def __init__ (self):
|
|
|
|
+ try:
|
|
|
|
+ bus = dbus.SystemBus ()
|
|
|
|
+ obj = bus.get_object (self.DBUS_INTERFACE, self.DBUS_PATH)
|
|
|
|
+ self._fw = dbus.Interface(obj, self.DBUS_INTERFACE)
|
|
|
|
+ self._fw_zone = dbus.Interface(obj, self.DBUS_INTERFACE_ZONE)
|
|
|
|
+ self._fw_properties = dbus.Interface(obj,
|
|
|
|
+ dbus_interface='org.freedesktop.DBus.Properties')
|
|
|
|
+ obj_config = bus.get_object (self.DBUS_INTERFACE,
|
|
|
|
+ self.DBUS_PATH_CONFIG)
|
|
|
|
+ self._fw_config = dbus.Interface (obj_config,
|
|
|
|
+ self.DBUS_INTERFACE_CONFIG)
|
|
|
|
+ zone_name = self._get_active_zone ()
|
|
|
|
+ if zone_name:
|
|
|
|
+ zone_path = self._fw_config.getZoneByName (zone_name)
|
|
|
|
+ self._zone = bus.get_object (self.DBUS_INTERFACE, zone_path)
|
|
|
|
+ else:
|
|
|
|
+ self._zone = None
|
|
|
|
+ debugprint ("Using /org/fedoraproject/FirewallD1")
|
|
|
|
+ except (ImportError, dbus.DBusException):
|
|
|
|
+ self._fw = None
|
|
|
|
+ self._fw_zone = None
|
|
|
|
+ self._fw_properties = None
|
|
|
|
+ self._fw_config = None
|
|
|
|
+ self._zone = None
|
|
|
|
+
|
|
|
|
+ def running (self):
|
|
|
|
+ return self._fw_properties and \
|
|
|
|
+ str(self._fw_properties.Get(self.DBUS_INTERFACE, "state")) \
|
|
|
|
+ == "RUNNING"
|
|
|
|
+
|
|
|
|
+ def _get_active_zone (self):
|
|
|
|
+ try:
|
|
|
|
+ zones = map (str, self._fw_zone.getActiveZones())
|
|
|
|
+ # remove immutable zones
|
|
|
|
+ zones = [z for z in zones if not self._fw_zone.isImmutable(z)]
|
|
|
|
+ except dbus.DBusException:
|
|
|
|
+ debugprint ("FirewallD getting active zones failed")
|
|
|
|
+ zones = None
|
|
|
|
+
|
|
|
|
+ if not zones:
|
|
|
|
+ debugprint ("FirewallD: no changeable zone")
|
|
|
|
+ return None
|
|
|
|
+ elif len (zones) == 1:
|
|
|
|
+ # most probable case
|
|
|
|
+ return zones[0]
|
|
|
|
+ else:
|
|
|
|
+ # Do we need to handle the 'more active zones' case ?
|
|
|
|
+ # It's quite unlikely case because that would mean that more
|
|
|
|
+ # network connections are up and running and they are
|
|
|
|
+ # in different network zones at the same time.
|
|
|
|
+ debugprint ("FirewallD returned more zones, taking first one")
|
|
|
|
+ return zones[0]
|
|
|
|
+
|
|
|
|
+ def _get_fw_data (self, reply_handler=None, error_handler=None):
|
|
|
|
+ try:
|
|
|
|
+ repr_data = map (str, self._fw_data[self.services_idx])
|
|
|
|
+ debugprint ("%s in _get_fw_data: _fw_data is %s" %
|
|
|
|
+ (self, repr(repr_data)))
|
|
|
|
+ if self._fw_data:
|
|
|
|
+ debugprint ("Using cached firewall data")
|
|
|
|
+ if reply_handler:
|
|
|
|
+ reply_handler (self._fw_data)
|
|
|
|
+ except AttributeError:
|
|
|
|
+ try:
|
|
|
|
+ self._fw_data = self._zone.getSettings ()
|
|
|
|
+ debugprint ("Firewall data obtained")
|
|
|
|
+ if reply_handler:
|
|
|
|
+ reply_handler (self._fw_data)
|
|
|
|
+ except (dbus.DBusException, AttributeError, ValueError), e:
|
|
|
|
+ self._fw_data = None
|
|
|
|
+ debugprint ("Exception examining firewall")
|
|
|
|
+ if error_handler:
|
|
|
|
+ error_handler (e)
|
|
|
|
+
|
|
|
|
+ return self._fw_data
|
|
|
|
+
|
|
|
|
+ def read (self, reply_handler=None, error_handler=None):
|
|
|
|
+ if reply_handler:
|
|
|
|
+ self._get_fw_data (reply_handler,
|
|
|
|
+ error_handler)
|
|
|
|
+ else:
|
|
|
|
+ self._get_fw_data ()
|
|
|
|
+
|
|
|
|
+ def write (self):
|
|
|
|
+ if self._zone:
|
|
|
|
+ self._zone.update (self._fw_data)
|
|
|
|
+ self._fw.reload ()
|
|
|
|
+
|
|
|
|
+ def add_service (self, service):
|
|
|
|
+ if not self._get_fw_data ():
|
|
|
|
+ return
|
|
|
|
+
|
|
|
|
+ #self._fw_data.addService (service)
|
|
|
|
+ if service not in self._fw_data[self.services_idx]:
|
|
|
|
+ self._fw_data[self.services_idx].append(service)
|
|
|
|
+
|
|
|
|
+ def check_ipp_client_allowed (self):
|
|
|
|
+ if not self._get_fw_data ():
|
|
|
|
+ return True
|
|
|
|
+
|
|
|
|
+ return (IPP_CLIENT_SERVICE in self._fw_data[self.services_idx] or
|
|
|
|
+ [IPP_CLIENT_PORT, IPP_CLIENT_PROTOCOL] in self._fw_data[self.ports_idx])
|
|
|
|
+
|
|
|
|
+ def check_ipp_server_allowed (self):
|
|
|
|
+ if not self._get_fw_data ():
|
|
|
|
+ return True
|
|
|
|
+
|
|
|
|
+ return (IPP_SERVER_SERVICE in self._fw_data[self.services_idx] or
|
|
|
|
+ [IPP_SERVER_PORT, IPP_SERVER_PROTOCOL] in self._fw_data[self.ports_idx])
|
|
|
|
+
|
|
|
|
+ def check_samba_client_allowed (self):
|
|
|
|
+ if not self._get_fw_data ():
|
|
|
|
+ return True
|
|
|
|
+
|
|
|
|
+ return (SAMBA_CLIENT_SERVICE in self._fw_data[self.services_idx])
|
|
|
|
+
|
|
|
|
+ def check_mdns_allowed (self):
|
|
|
|
+ if not self._get_fw_data ():
|
|
|
|
+ return True
|
|
|
|
+
|
|
|
|
+ return (MDNS_SERVICE in self._fw_data[self.services_idx] or
|
|
|
|
+ [MDNS_PORT, MDNS_PROTOCOL] in self._fw_data[self.ports_idx])
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+class SystemConfigFirewall:
|
|
|
|
+ DBUS_INTERFACE = "org.fedoraproject.Config.Firewall"
|
|
|
|
+ DBUS_PATH = "/org/fedoraproject/Config/Firewall"
|
|
|
|
+
|
|
|
|
+ def __init__(self):
|
|
|
|
+ try:
|
|
|
|
+ bus = dbus.SystemBus ()
|
|
|
|
+ obj = bus.get_object (self.DBUS_INTERFACE, self.DBUS_PATH)
|
|
|
|
+ self._fw = dbus.Interface (obj, self.DBUS_INTERFACE)
|
|
|
|
+ debugprint ("Using system-config-firewall")
|
|
|
|
+ except (dbus.DBusException), e:
|
|
|
|
+ debugprint ("No firewall ")
|
|
|
|
+ self._fw = None
|
|
|
|
+ self._fw_data = (None, None)
|
|
|
|
+
|
|
|
|
+ def _get_fw_data (self, reply_handler=None, error_handler=None):
|
|
|
|
+ try:
|
|
|
|
+ debugprint ("%s in _get_fw_data: _fw_data is %s" %
|
|
|
|
+ (self, repr(self._fw_data)))
|
|
|
|
+ if self._fw_data:
|
|
|
|
+ debugprint ("Using cached firewall data")
|
|
|
|
+ if reply_handler == None:
|
|
|
|
+ return self._fw_data
|
|
|
|
+
|
|
|
|
+ self._client_reply_handler (self._fw_data)
|
|
|
|
+ except AttributeError:
|
|
|
|
+ try:
|
|
|
|
+ if reply_handler:
|
|
|
|
+ self._fw.read (reply_handler=reply_handler,
|
|
|
|
+ error_handler=error_handler)
|
|
|
|
+ return
|
|
|
|
+
|
|
|
|
+ p = self._fw.read ()
|
|
|
|
+ self._fw_data = json.loads (p.encode ('utf-8'))
|
|
|
|
+ except (dbus.DBusException, AttributeError, ValueError), e:
|
|
|
|
+ self._fw_data = (None, None)
|
|
|
|
+ if error_handler:
|
|
|
|
+ debugprint ("Exception examining firewall")
|
|
|
|
+ self._client_error_handler (e)
|
|
|
|
+
|
|
|
|
+ return self._fw_data
|
|
|
|
+
|
|
|
|
+ def read (self, reply_handler=None, error_handler=None):
|
|
|
|
+ if reply_handler:
|
|
|
|
+ self._client_reply_handler = reply_handler
|
|
|
|
+ self._client_error_handler = error_handler
|
|
|
|
+ self._get_fw_data (reply_handler=self.reply_handler,
|
|
|
|
+ error_handler=self.error_handler)
|
|
|
|
+ else:
|
|
|
|
+ self._get_fw_data ()
|
|
|
|
+
|
|
|
|
+ def reply_handler (self, result):
|
|
|
|
+ try:
|
|
|
|
+ self._fw_data = json.loads (result.encode ('utf-8'))
|
|
|
|
+ except ValueError, e:
|
|
|
|
+ self.error_handler (e)
|
|
|
|
+ return
|
|
|
|
+
|
|
|
|
+ debugprint ("Firewall data obtained")
|
|
|
|
+ self._client_reply_handler (self._fw_data)
|
|
|
|
+
|
|
|
|
+ def error_handler (self, exc):
|
|
|
|
+ debugprint ("Exception fetching firewall data")
|
|
|
|
+ self._client_error_handler (exc)
|
|
|
|
+
|
|
|
|
+ def write (self):
|
|
|
|
+ try:
|
|
|
|
+ self._fw.write (json.dumps (self._fw_data[0]))
|
|
|
|
+ except:
|
|
|
|
+ pass
|
|
|
|
+
|
|
|
|
+ def _check_any_allowed (self, search):
|
|
|
|
+ (args, filename) = self._get_fw_data ()
|
|
|
|
+ if filename == None: return True
|
|
|
|
+ isect = set (search).intersection (set (args))
|
|
|
|
+ return len (isect) != 0
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+ def add_service (self, service):
|
|
|
|
+ try:
|
|
|
|
+ (args, filename) = self._fw_data
|
|
|
|
+ except AttributeError:
|
|
|
|
+ (args, filename) = self._get_fw_data ()
|
|
|
|
+ if filename == None: return
|
|
|
|
+
|
|
|
|
+ args.append ("--service=" + service)
|
|
|
|
+ self._fw_data = (args, filename)
|
|
|
|
+
|
|
|
|
+ def check_ipp_client_allowed (self):
|
|
|
|
+ return self._check_any_allowed (set(["--port=%s:%s" %
|
|
|
|
+ (IPP_CLIENT_PORT, IPP_CLIENT_PROTOCOL),
|
|
|
|
+ "--service=" + IPP_CLIENT_SERVICE]))
|
|
|
|
+
|
|
|
|
+ def check_ipp_server_allowed (self):
|
|
|
|
+ return self._check_any_allowed (set(["--port=%s:%s" %
|
|
|
|
+ (IPP_SERVER_PORT, IPP_SERVER_PROTOCOL),
|
|
|
|
+ "--service=" + IPP_SERVER_SERVICE]))
|
|
|
|
+
|
|
|
|
+ def check_samba_client_allowed (self):
|
|
|
|
+ return self._check_any_allowed (set(["--service=" + SAMBA_CLIENT_SERVICE]))
|
|
|
|
+
|
|
|
|
+ def check_mdns_allowed (self):
|
|
|
|
+ return self._check_any_allowed (set(["--port=%s:%s" %
|
|
|
|
+ (MDNS_PORT, MDNS_PROTOCOL),
|
|
|
|
+ "--service=" + MDNS_SERVICE]))
|
2013-03-27 12:17:42 +00:00
|
|
|
diff -up system-config-printer-1.3.13/Makefile.in.FirewallD system-config-printer-1.3.13/Makefile.in
|
|
|
|
--- system-config-printer-1.3.13/Makefile.in.FirewallD 2013-03-27 11:56:39.000000000 +0000
|
|
|
|
+++ system-config-printer-1.3.13/Makefile.in 2013-03-27 11:59:30.786128639 +0000
|
|
|
|
@@ -386,7 +386,7 @@ nobase_pkgdata_DATA = \
|
2012-09-21 12:00:23 +00:00
|
|
|
dnssdresolve.py \
|
|
|
|
errordialogs.py \
|
|
|
|
HIG.py \
|
|
|
|
- firewall.py \
|
|
|
|
+ firewallsettings.py \
|
|
|
|
gui.py \
|
|
|
|
gtkinklevel.py \
|
|
|
|
gtkspinner.py \
|
2013-03-27 12:17:42 +00:00
|
|
|
diff -up system-config-printer-1.3.13/newprinter.py.FirewallD system-config-printer-1.3.13/newprinter.py
|
|
|
|
--- system-config-printer-1.3.13/newprinter.py.FirewallD 2013-03-27 11:54:30.000000000 +0000
|
|
|
|
+++ system-config-printer-1.3.13/newprinter.py 2013-03-27 11:59:30.789128650 +0000
|
|
|
|
@@ -69,7 +69,7 @@ from smburi import SMBURI
|
2012-09-21 12:00:23 +00:00
|
|
|
from errordialogs import *
|
|
|
|
from PhysicalDevice import PhysicalDevice
|
|
|
|
import gtkspinner
|
|
|
|
-import firewall
|
|
|
|
+import firewallsettings
|
|
|
|
import asyncconn
|
|
|
|
import ppdsloader
|
|
|
|
import dnssdresolve
|
2013-03-27 12:17:42 +00:00
|
|
|
@@ -1920,11 +1920,14 @@ class NewPrinterGUI(GtkGUI):
|
2012-09-21 12:00:23 +00:00
|
|
|
try:
|
|
|
|
if (self._host == 'localhost' or
|
|
|
|
self._host[0] == '/'):
|
|
|
|
- self.firewall = firewall.Firewall ()
|
|
|
|
+ self.firewall = firewallsettings.FirewallD ()
|
|
|
|
+ if not self.firewall.running():
|
|
|
|
+ self.firewall = firewallsettings.SystemConfigFirewall ()
|
|
|
|
+
|
|
|
|
debugprint ("Examining firewall")
|
|
|
|
self.firewall.read (reply_handler=self.on_firewall_read,
|
|
|
|
error_handler=lambda x:
|
|
|
|
- self.start_fetching_devices())
|
|
|
|
+ self.start_fetching_devices())
|
|
|
|
allowed = False
|
|
|
|
else:
|
|
|
|
# This is a remote server. Nothing we can do about
|
2013-03-27 12:17:42 +00:00
|
|
|
@@ -1950,11 +1953,11 @@ class NewPrinterGUI(GtkGUI):
|
2012-09-21 12:00:23 +00:00
|
|
|
secondary_text += ("- " +
|
|
|
|
_("Allow all incoming IPP Browse packets") +
|
|
|
|
"\n")
|
|
|
|
- f.add_rule (f.ALLOW_IPP_CLIENT)
|
|
|
|
+ f.add_service (firewallsettings.IPP_CLIENT_SERVICE)
|
|
|
|
if not mdns_allowed:
|
|
|
|
secondary_text += ("- " +
|
|
|
|
_("Allow all incoming mDNS traffic") + "\n")
|
|
|
|
- f.add_rule (f.ALLOW_MDNS)
|
|
|
|
+ f.add_service (firewallsettings.MDNS_SERVICE)
|
|
|
|
|
|
|
|
if not allowed:
|
|
|
|
debugprint ("Asking for permission to adjust firewall:\n%s" %
|
2013-03-27 12:17:42 +00:00
|
|
|
@@ -1980,7 +1983,7 @@ class NewPrinterGUI(GtkGUI):
|
2012-09-21 12:00:23 +00:00
|
|
|
def adjust_firewall_response (self, dialog, response):
|
|
|
|
dialog.destroy ()
|
|
|
|
if response == gtk.RESPONSE_YES:
|
|
|
|
- self.firewall.add_rule (self.firewall.ALLOW_IPP_SERVER)
|
|
|
|
+ self.firewall.add_service (firewallsettings.IPP_SERVER_SERVICE)
|
|
|
|
self.firewall.write ()
|
|
|
|
|
|
|
|
debugprint ("Fetching devices after firewall dialog response")
|
2013-03-27 12:17:42 +00:00
|
|
|
@@ -2372,7 +2375,9 @@ class NewPrinterGUI(GtkGUI):
|
2012-09-21 12:00:23 +00:00
|
|
|
try:
|
|
|
|
# Note: we do the browsing from *this* machine, regardless
|
|
|
|
# of which CUPS server we are connected to.
|
|
|
|
- f = firewall.Firewall ()
|
|
|
|
+ f = firewallsettings.FirewallD ()
|
|
|
|
+ if not f.running():
|
|
|
|
+ f = firewallsettings.SystemConfigFirewall ()
|
|
|
|
allowed = f.check_samba_client_allowed ()
|
|
|
|
secondary_text = TEXT_adjust_firewall + "\n\n"
|
|
|
|
if not allowed:
|
2013-03-27 12:17:42 +00:00
|
|
|
@@ -2392,7 +2397,7 @@ class NewPrinterGUI(GtkGUI):
|
2012-09-21 12:00:23 +00:00
|
|
|
dialog.destroy ()
|
|
|
|
|
|
|
|
if response == gtk.RESPONSE_YES:
|
|
|
|
- f.add_rule (f.ALLOW_SAMBA_CLIENT)
|
|
|
|
+ f.add_service (firewallsettings.SAMBA_CLIENT_SERVICE)
|
|
|
|
f.write ()
|
|
|
|
except (dbus.DBusException, Exception):
|
|
|
|
nonfatalException ()
|
2013-03-27 12:17:42 +00:00
|
|
|
diff -up system-config-printer-1.3.13/serversettings.py.FirewallD system-config-printer-1.3.13/serversettings.py
|
|
|
|
--- system-config-printer-1.3.13/serversettings.py.FirewallD 2013-03-27 11:54:30.000000000 +0000
|
|
|
|
+++ system-config-printer-1.3.13/serversettings.py 2013-03-27 11:59:39.351160155 +0000
|
2012-09-21 12:00:23 +00:00
|
|
|
@@ -34,7 +34,7 @@ import time
|
|
|
|
import authconn
|
|
|
|
from debug import *
|
|
|
|
from errordialogs import *
|
|
|
|
-import firewall
|
|
|
|
+import firewallsettings
|
|
|
|
from gui import GtkGUI
|
|
|
|
|
|
|
|
try:
|
2013-03-27 12:17:42 +00:00
|
|
|
@@ -533,7 +533,10 @@ class ServerSettings(GtkGUI):
|
2012-09-21 12:00:23 +00:00
|
|
|
try:
|
|
|
|
if (self._host == 'localhost' or
|
|
|
|
self._host[0] == '/'):
|
|
|
|
- f = firewall.Firewall ()
|
|
|
|
+ f = firewallsettings.FirewallD ()
|
|
|
|
+ if not f.running():
|
|
|
|
+ f = firewallsettings.SystemConfigFirewall ()
|
|
|
|
+
|
|
|
|
allowed = f.check_ipp_server_allowed ()
|
|
|
|
else:
|
|
|
|
# This is a remote server. Nothing we can do
|
2013-03-27 12:17:42 +00:00
|
|
|
@@ -556,7 +559,7 @@ class ServerSettings(GtkGUI):
|
2012-09-21 12:00:23 +00:00
|
|
|
dialog.destroy ()
|
|
|
|
|
|
|
|
if response == gtk.RESPONSE_YES:
|
|
|
|
- f.add_rule (f.ALLOW_IPP_SERVER)
|
|
|
|
+ f.add_service (firewallsettings.IPP_SERVER_SERVICE)
|
|
|
|
f.write ()
|
|
|
|
except (dbus.DBusException, Exception):
|
|
|
|
nonfatalException ()
|
2013-03-27 12:17:42 +00:00
|
|
|
diff -up system-config-printer-1.3.13/system-config-printer.py.FirewallD system-config-printer-1.3.13/system-config-printer.py
|