From 54829cb99a115205cec9a8606e3aef0f2d46b12c Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Thu, 6 Sep 2012 12:28:03 +0200 Subject: [PATCH] FirewallD support --- system-config-printer-FirewallD.patch | 441 ++++++++++++++++++++++++++ system-config-printer.spec | 10 +- 2 files changed, 449 insertions(+), 2 deletions(-) create mode 100644 system-config-printer-FirewallD.patch diff --git a/system-config-printer-FirewallD.patch b/system-config-printer-FirewallD.patch new file mode 100644 index 0000000..d7d0146 --- /dev/null +++ b/system-config-printer-FirewallD.patch @@ -0,0 +1,441 @@ +diff -up system-config-printer-1.3.11/firewall.py.FirewallD system-config-printer-1.3.11/firewall.py +diff -up system-config-printer-1.3.11/firewallsettings.py.FirewallD system-config-printer-1.3.11/firewallsettings.py +--- system-config-printer-1.3.11/firewallsettings.py.FirewallD 2012-09-06 12:22:04.395872865 +0200 ++++ system-config-printer-1.3.11/firewallsettings.py 2012-09-06 12:22:04.395872865 +0200 +@@ -0,0 +1,251 @@ ++#!/usr/bin/python ++ ++## system-config-printer ++ ++## Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Red Hat, Inc. ++## Authors: ++## Tim Waugh ++ ++## This program is free software; you can redistribute it and/or modify ++## it under the terms of the GNU General Public License as published by ++## the Free Software Foundation; either version 2 of the License, or ++## (at your option) any later version. ++ ++## This program is distributed in the hope that it will be useful, ++## but WITHOUT ANY WARRANTY; without even the implied warranty of ++## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++## GNU General Public License for more details. ++ ++## You should have received a copy of the GNU General Public License ++## along with this program; if not, write to the Free Software ++## Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ++ ++# config is generated from config.py.in by configure ++import config ++ ++import dbus ++import json ++from debug import * ++ ++IPP_CLIENT_SERVICE = "ipp-client" ++IPP_CLIENT_PORT = "631" ++IPP_CLIENT_PROTOCOL = "udp" ++IPP_SERVER_SERVICE = "ipp" ++IPP_SERVER_PORT = "631" ++IPP_SERVER_PROTOCOL = "tcp" ++MDNS_SERVICE = "mdns" ++MDNS_PORT = "5353" ++MDNS_PROTOCOL = "udp" ++SAMBA_CLIENT_SERVICE = "samba-client" ++ ++class FirewallD: ++ def __init__ (self): ++ try: ++ from firewall.client import FirewallClient ++ self._fw = FirewallClient () ++ zone_name = self._get_active_zone () ++ if zone_name: ++ self._zone = self._fw.config().getZoneByName (zone_name) ++ else: ++ self._zone = None ++ self.running = True ++ debugprint ("Using /org/fedoraproject/FirewallD1") ++ except (ImportError, dbus.DBusException): ++ self._fw = None ++ self._zone = None ++ self.running = False ++ ++ def _get_active_zone (self): ++ zones = self._fw.getActiveZones().keys() ++ # remove immutable zones ++ zones = [z for z in zones if not self._fw.isImmutable(z)] ++ ++ if not zones: ++ debugprint ("FirewallD: no changeable zone") ++ return None ++ elif len (zones) == 1: ++ # most probable case ++ return zones[0] ++ else: ++ # Do we need to handle the 'more active zones' case ? ++ # It's quite unlikely case because that would mean that more ++ # network connections are up and running and they are ++ # in different network zones at the same time. ++ debugprint ("FirewallD returned more zones, taking first one") ++ return zones[0] ++ ++ def _get_fw_data (self, reply_handler=None, error_handler=None): ++ try: ++ debugprint ("%s in _get_fw_data: _fw_data is %s" % ++ (self, repr(self._fw_data.getServices()))) ++ if self._fw_data: ++ debugprint ("Using cached firewall data") ++ if reply_handler: ++ reply_handler (self._fw_data) ++ except AttributeError: ++ try: ++ self._fw_data = self._zone.getSettings () ++ debugprint ("Firewall data obtained") ++ if reply_handler: ++ reply_handler (self._fw_data) ++ except (dbus.DBusException, AttributeError, ValueError), e: ++ self._fw_data = None ++ debugprint ("Exception examining firewall") ++ if error_handler: ++ error_handler (e) ++ ++ return self._fw_data ++ ++ def read (self, reply_handler=None, error_handler=None): ++ if reply_handler: ++ self._get_fw_data (reply_handler, ++ error_handler) ++ else: ++ self._get_fw_data () ++ ++ def write (self): ++ if self._zone: ++ self._zone.update (self._fw_data) ++ self._fw.reload () ++ ++ def add_service (self, service): ++ if not self._get_fw_data (): ++ return ++ ++ self._fw_data.addService (service) ++ ++ def check_ipp_client_allowed (self): ++ if not self._get_fw_data (): ++ return True ++ ++ return (IPP_CLIENT_SERVICE in self._fw_data.getServices () or ++ [IPP_CLIENT_PORT, IPP_CLIENT_PROTOCOL] in self._fw_data.getPorts ()) ++ ++ def check_ipp_server_allowed (self): ++ if not self._get_fw_data (): ++ return True ++ ++ return (IPP_SERVER_SERVICE in self._fw_data.getServices () or ++ [IPP_SERVER_PORT, IPP_SERVER_PROTOCOL] in self._fw_data.getPorts ()) ++ ++ def check_samba_client_allowed (self): ++ if not self._get_fw_data (): ++ return True ++ ++ return (IPP_CLIENT_SERVICE in self._fw_data.getServices ()) ++ ++ def check_mdns_allowed (self): ++ if not self._get_fw_data (): ++ return True ++ ++ return (MDNS_SERVICE in self._fw_data.getServices () or ++ [MDNS_PORT, MDNS_PROTOCOL] in self._fw_data.getPorts ()) ++ ++ ++ ++ ++class SystemConfigFirewall: ++ DBUS_INTERFACE = "org.fedoraproject.Config.Firewall" ++ DBUS_PATH = "/org/fedoraproject/Config/Firewall" ++ ++ def __init__(self): ++ try: ++ bus = dbus.SystemBus () ++ obj = bus.get_object (self.DBUS_INTERFACE, self.DBUS_PATH) ++ self._fw = dbus.Interface (obj, self.DBUS_INTERFACE) ++ debugprint ("Using system-config-firewall") ++ except (dbus.DBusException), e: ++ debugprint ("No firewall ") ++ self._fw = None ++ self._fw_data = (None, None) ++ ++ def _get_fw_data (self, reply_handler=None, error_handler=None): ++ try: ++ debugprint ("%s in _get_fw_data: _fw_data is %s" % ++ (self, repr(self._fw_data))) ++ if self._fw_data: ++ debugprint ("Using cached firewall data") ++ if reply_handler == None: ++ return self._fw_data ++ ++ self._client_reply_handler (self._fw_data) ++ except AttributeError: ++ try: ++ if reply_handler: ++ self._fw.read (reply_handler=reply_handler, ++ error_handler=error_handler) ++ return ++ ++ p = self._fw.read () ++ self._fw_data = json.loads (p.encode ('utf-8')) ++ except (dbus.DBusException, AttributeError, ValueError), e: ++ self._fw_data = (None, None) ++ if error_handler: ++ debugprint ("Exception examining firewall") ++ self._client_error_handler (e) ++ ++ return self._fw_data ++ ++ def read (self, reply_handler=None, error_handler=None): ++ if reply_handler: ++ self._client_reply_handler = reply_handler ++ self._client_error_handler = error_handler ++ self._get_fw_data (reply_handler=self.reply_handler, ++ error_handler=self.error_handler) ++ else: ++ self._get_fw_data () ++ ++ def reply_handler (self, result): ++ try: ++ self._fw_data = json.loads (result.encode ('utf-8')) ++ except ValueError, e: ++ self.error_handler (e) ++ return ++ ++ debugprint ("Firewall data obtained") ++ self._client_reply_handler (self._fw_data) ++ ++ def error_handler (self, exc): ++ debugprint ("Exception fetching firewall data") ++ self._client_error_handler (exc) ++ ++ def write (self): ++ try: ++ self._fw.write (json.dumps (self._fw_data[0])) ++ except: ++ pass ++ ++ def _check_any_allowed (self, search): ++ (args, filename) = self._get_fw_data () ++ if filename == None: return True ++ isect = set (search).intersection (set (args)) ++ return len (isect) != 0 ++ ++ ++ def add_service (self, service): ++ try: ++ (args, filename) = self._fw_data ++ except AttributeError: ++ (args, filename) = self._get_fw_data () ++ if filename == None: return ++ ++ args.append ("--service=" + service) ++ self._fw_data = (args, filename) ++ ++ def check_ipp_client_allowed (self): ++ return self._check_any_allowed (set(["--port=%s:%s" % ++ (IPP_CLIENT_PORT, IPP_CLIENT_PROTOCOL), ++ "--service=" + IPP_CLIENT_SERVICE])) ++ ++ def check_ipp_server_allowed (self): ++ return self._check_any_allowed (set(["--port=%s:%s" % ++ (IPP_SERVER_PORT, IPP_SERVER_PROTOCOL), ++ "--service=" + IPP_SERVER_SERVICE])) ++ ++ def check_samba_client_allowed (self): ++ return self._check_any_allowed (set(["--service=" + SAMBA_CLIENT_SERVICE])) ++ ++ def check_mdns_allowed (self): ++ return self._check_any_allowed (set(["--port=%s:%s" % ++ (MDNS_PORT, MDNS_PROTOCOL), ++ "--service=" + MDNS_SERVICE])) +diff -up system-config-printer-1.3.11/Makefile.in.FirewallD system-config-printer-1.3.11/Makefile.in +--- system-config-printer-1.3.11/Makefile.in.FirewallD 2012-08-03 12:04:49.000000000 +0200 ++++ system-config-printer-1.3.11/Makefile.in 2012-09-06 12:22:31.171452018 +0200 +@@ -358,7 +358,7 @@ nobase_pkgdata_DATA = \ + dnssdresolve.py \ + errordialogs.py \ + HIG.py \ +- firewall.py \ ++ firewallsettings.py \ + gui.py \ + gtkinklevel.py \ + gtkspinner.py \ +diff -up system-config-printer-1.3.11/newprinter.py.FirewallD system-config-printer-1.3.11/newprinter.py +--- system-config-printer-1.3.11/newprinter.py.FirewallD 2012-05-24 14:03:21.000000000 +0200 ++++ system-config-printer-1.3.11/newprinter.py 2012-09-06 12:22:04.396872850 +0200 +@@ -63,7 +63,7 @@ from smburi import SMBURI + from errordialogs import * + from PhysicalDevice import PhysicalDevice + import gtkspinner +-import firewall ++import firewallsettings + import asyncconn + import ppdsloader + import dnssdresolve +@@ -1618,11 +1618,14 @@ class NewPrinterGUI(GtkGUI): + try: + if (self._host == 'localhost' or + self._host[0] == '/'): +- self.firewall = firewall.Firewall () ++ self.firewall = firewallsettings.FirewallD () ++ if not self.firewall.running: ++ self.firewall = firewallsettings.SystemConfigFirewall () ++ + debugprint ("Examining firewall") + self.firewall.read (reply_handler=self.on_firewall_read, + error_handler=lambda x: +- self.start_fetching_devices()) ++ self.start_fetching_devices()) + allowed = False + else: + # This is a remote server. Nothing we can do about +@@ -1648,11 +1651,11 @@ class NewPrinterGUI(GtkGUI): + secondary_text += ("- " + + _("Allow all incoming IPP Browse packets") + + "\n") +- f.add_rule (f.ALLOW_IPP_CLIENT) ++ f.add_service (firewallsettings.IPP_CLIENT_SERVICE) + if not mdns_allowed: + secondary_text += ("- " + + _("Allow all incoming mDNS traffic") + "\n") +- f.add_rule (f.ALLOW_MDNS) ++ f.add_service (firewallsettings.MDNS_SERVICE) + + if not allowed: + debugprint ("Asking for permission to adjust firewall:\n%s" % +@@ -1678,7 +1681,7 @@ class NewPrinterGUI(GtkGUI): + def adjust_firewall_response (self, dialog, response): + dialog.destroy () + if response == gtk.RESPONSE_YES: +- self.firewall.add_rule (self.firewall.ALLOW_IPP_SERVER) ++ self.firewall.add_service (firewallsettings.IPP_SERVER_SERVICE) + self.firewall.write () + + debugprint ("Fetching devices after firewall dialog response") +@@ -2070,7 +2073,9 @@ class NewPrinterGUI(GtkGUI): + try: + # Note: we do the browsing from *this* machine, regardless + # of which CUPS server we are connected to. +- f = firewall.Firewall () ++ f = firewallsettings.FirewallD () ++ if not f.running: ++ f = firewallsettings.SystemConfigFirewall () + allowed = f.check_samba_client_allowed () + secondary_text = TEXT_adjust_firewall + "\n\n" + if not allowed: +@@ -2090,7 +2095,7 @@ class NewPrinterGUI(GtkGUI): + dialog.destroy () + + if response == gtk.RESPONSE_YES: +- f.add_rule (f.ALLOW_SAMBA_CLIENT) ++ f.add_service (firewallsettings.SAMBA_CLIENT_SERVICE) + f.write () + except (dbus.DBusException, Exception): + nonfatalException () +diff -up system-config-printer-1.3.11/serversettings.py.FirewallD system-config-printer-1.3.11/serversettings.py +--- system-config-printer-1.3.11/serversettings.py.FirewallD 2012-05-24 14:03:22.000000000 +0200 ++++ system-config-printer-1.3.11/serversettings.py 2012-09-06 12:22:04.397872835 +0200 +@@ -34,7 +34,7 @@ import time + import authconn + from debug import * + from errordialogs import * +-import firewall ++import firewallsettings + from gui import GtkGUI + + try: +@@ -526,7 +526,10 @@ class ServerSettings(GtkGUI): + try: + if (self._host == 'localhost' or + self._host[0] == '/'): +- f = firewall.Firewall () ++ f = firewallsettings.FirewallD () ++ if not f.running: ++ f = firewallsettings.SystemConfigFirewall () ++ + allowed = f.check_ipp_server_allowed () + else: + # This is a remote server. Nothing we can do +@@ -549,7 +552,7 @@ class ServerSettings(GtkGUI): + dialog.destroy () + + if response == gtk.RESPONSE_YES: +- f.add_rule (f.ALLOW_IPP_SERVER) ++ f.add_service (firewallsettings.IPP_SERVER_SERVICE) + f.write () + except (dbus.DBusException, Exception): + nonfatalException () +diff -up system-config-printer-1.3.11/system-config-printer.py.FirewallD system-config-printer-1.3.11/system-config-printer.py +--- system-config-printer-1.3.11/system-config-printer.py.FirewallD 2012-08-01 17:48:26.000000000 +0200 ++++ system-config-printer-1.3.11/system-config-printer.py 2012-09-06 12:22:04.398872819 +0200 +@@ -371,6 +371,7 @@ class GUI(GtkGUI): + self.newPrinterGUI = np = newprinter.NewPrinterGUI() + np.connect ("printer-added", self.on_new_printer_added) + np.connect ("printer-modified", self.on_printer_modified) ++ np.connect ("dialog-canceled", self.on_new_printer_not_added) + + # Set up "About" dialog + self.AboutDialog.set_program_name(config.PACKAGE) +@@ -1729,26 +1730,44 @@ class GUI(GtkGUI): + # == New Printer Dialog ============================================== + # ==================================================================== + ++ def sensitise_new_printer_widgets(self, sensitive=True): ++ self.btnNew.set_sensitive (sensitive) ++ self.btnAddFirstPrinter.set_sensitive (sensitive) ++ self.ui_manager.get_action ("/new-printer").set_sensitive (sensitive) ++ self.ui_manager.get_action ("/new-class").set_sensitive (sensitive) ++ ++ def desensitise_new_printer_widgets(self): ++ self.sensitise_new_printer_widgets (False) ++ + # new printer + def on_new_printer_activate(self, widget): + busy (self.PrintersWindow) ++ self.desensitise_new_printer_widgets () + if not self.newPrinterGUI.init("printer", + host=self.connect_server, + encryption=self.connect_encrypt, + parent=self.PrintersWindow): ++ self.sensitise_new_printer_widgets () + self.monitor.update () + ready (self.PrintersWindow) + + # new class + def on_new_class_activate(self, widget): ++ self.desensitise_new_printer_widgets () + if not self.newPrinterGUI.init("class", + host=self.connect_server, + encryption=self.connect_encrypt, + parent=self.PrintersWindow): ++ self.sensitise_new_printer_widgets () + self.monitor.update () + ++ def on_new_printer_not_added (self, obj): ++ self.sensitise_new_printer_widgets () ++ + def on_new_printer_added (self, obj, name): + debugprint ("New printer added: %s" % name) ++ ++ self.sensitise_new_printer_widgets () + self.populateList () + + if not self.printers.has_key (name): +diff -up system-config-printer-1.3.11/ui/NewPrinterWindow.ui.FirewallD system-config-printer-1.3.11/ui/NewPrinterWindow.ui +--- system-config-printer-1.3.11/ui/NewPrinterWindow.ui.FirewallD 2012-05-24 14:03:22.000000000 +0200 ++++ system-config-printer-1.3.11/ui/NewPrinterWindow.ui 2012-09-06 12:22:04.400872787 +0200 +@@ -4,7 +4,7 @@ + + False + New Printer +- True ++ False + center-on-parent + 600 + 420 diff --git a/system-config-printer.spec b/system-config-printer.spec index 1c03899..e679931 100644 --- a/system-config-printer.spec +++ b/system-config-printer.spec @@ -1,12 +1,13 @@ Summary: A printer administration tool Name: system-config-printer Version: 1.3.11 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ URL: http://cyberelk.net/tim/software/system-config-printer/ Group: System Environment/Base Source0: http://cyberelk.net/tim/data/system-config-printer/1.3/%{name}-%{version}.tar.xz Patch1: system-config-printer-no-applet-in-gnome.patch +Patch2: system-config-printer-FirewallD.patch BuildRequires: cups-devel >= 1.2 BuildRequires: desktop-file-utils >= 0.2.92 BuildRequires: gettext-devel @@ -62,6 +63,8 @@ printers. # Don't start the applet in GNOME. %patch1 -p1 -b .no-applet-in-gnome +# FirewallD support +%patch2 -p1 -b .FirewallD %build %configure --with-udev-rules @@ -93,7 +96,7 @@ touch %buildroot%{_localstatedir}/run/udev-configure-printer/usb-uris %{_datadir}/%{name}/debug.py* %{_datadir}/%{name}/dnssdresolve.py* %{_datadir}/%{name}/errordialogs.py* -%{_datadir}/%{name}/firewall.py* +%{_datadir}/%{name}/firewallsettings.py* %{_datadir}/%{name}/gtkinklevel.py* %{_datadir}/%{name}/gtk_label_autowrap.py* %{_datadir}/%{name}/gtkspinner.py* @@ -171,6 +174,9 @@ exit 0 %systemd_postun_with_restart udev-configure-printer.service %changelog +* Thu Sep 06 2012 Jiri Popelka 1.3.11-3 +- FirewallD support + * Wed Aug 22 2012 Jiri Popelka 1.3.11-2 - use new systemd-rpm macros (#850334)