diff -up system-config-printer-1.3.13/firewallsettings.py.FirewallD system-config-printer-1.3.13/firewallsettings.py --- system-config-printer-1.3.13/firewallsettings.py.FirewallD 2013-03-27 11:59:30.784128632 +0000 +++ system-config-printer-1.3.13/firewallsettings.py 2013-03-27 11:59:30.784128632 +0000 @@ -0,0 +1,279 @@ +#!/usr/bin/python + +## system-config-printer + +## Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Red Hat, Inc. +## Authors: +## Tim Waugh + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# config is generated from config.py.in by configure +import config + +import dbus +import json +from debug import * + +IPP_CLIENT_SERVICE = "ipp-client" +IPP_CLIENT_PORT = "631" +IPP_CLIENT_PROTOCOL = "udp" +IPP_SERVER_SERVICE = "ipp" +IPP_SERVER_PORT = "631" +IPP_SERVER_PROTOCOL = "tcp" +MDNS_SERVICE = "mdns" +MDNS_PORT = "5353" +MDNS_PROTOCOL = "udp" +SAMBA_CLIENT_SERVICE = "samba-client" + +class FirewallD: + DBUS_INTERFACE = "org.fedoraproject.FirewallD1" + DBUS_INTERFACE_ZONE = DBUS_INTERFACE+".zone" + DBUS_INTERFACE_CONFIG = DBUS_INTERFACE+".config" + DBUS_PATH = "/org/fedoraproject/FirewallD1" + DBUS_PATH_CONFIG = DBUS_PATH+"/config" + services_idx = 5 + ports_idx = 6 + def __init__ (self): + try: + bus = dbus.SystemBus () + obj = bus.get_object (self.DBUS_INTERFACE, self.DBUS_PATH) + self._fw = dbus.Interface(obj, self.DBUS_INTERFACE) + self._fw_zone = dbus.Interface(obj, self.DBUS_INTERFACE_ZONE) + self._fw_properties = dbus.Interface(obj, + dbus_interface='org.freedesktop.DBus.Properties') + obj_config = bus.get_object (self.DBUS_INTERFACE, + self.DBUS_PATH_CONFIG) + self._fw_config = dbus.Interface (obj_config, + self.DBUS_INTERFACE_CONFIG) + zone_name = self._get_active_zone () + if zone_name: + zone_path = self._fw_config.getZoneByName (zone_name) + self._zone = bus.get_object (self.DBUS_INTERFACE, zone_path) + else: + self._zone = None + debugprint ("Using /org/fedoraproject/FirewallD1") + except (ImportError, dbus.DBusException): + self._fw = None + self._fw_zone = None + self._fw_properties = None + self._fw_config = None + self._zone = None + + def running (self): + return self._fw_properties and \ + str(self._fw_properties.Get(self.DBUS_INTERFACE, "state")) \ + == "RUNNING" + + def _get_active_zone (self): + try: + zones = map (str, self._fw_zone.getActiveZones()) + # remove immutable zones + zones = [z for z in zones if not self._fw_zone.isImmutable(z)] + except dbus.DBusException: + debugprint ("FirewallD getting active zones failed") + zones = None + + if not zones: + debugprint ("FirewallD: no changeable zone") + return None + elif len (zones) == 1: + # most probable case + return zones[0] + else: + # Do we need to handle the 'more active zones' case ? + # It's quite unlikely case because that would mean that more + # network connections are up and running and they are + # in different network zones at the same time. + debugprint ("FirewallD returned more zones, taking first one") + return zones[0] + + def _get_fw_data (self, reply_handler=None, error_handler=None): + try: + repr_data = map (str, self._fw_data[self.services_idx]) + debugprint ("%s in _get_fw_data: _fw_data is %s" % + (self, repr(repr_data))) + if self._fw_data: + debugprint ("Using cached firewall data") + if reply_handler: + reply_handler (self._fw_data) + except AttributeError: + try: + self._fw_data = self._zone.getSettings () + debugprint ("Firewall data obtained") + if reply_handler: + reply_handler (self._fw_data) + except (dbus.DBusException, AttributeError, ValueError), e: + self._fw_data = None + debugprint ("Exception examining firewall") + if error_handler: + error_handler (e) + + return self._fw_data + + def read (self, reply_handler=None, error_handler=None): + if reply_handler: + self._get_fw_data (reply_handler, + error_handler) + else: + self._get_fw_data () + + def write (self): + if self._zone: + self._zone.update (self._fw_data) + self._fw.reload () + + def add_service (self, service): + if not self._get_fw_data (): + return + + #self._fw_data.addService (service) + if service not in self._fw_data[self.services_idx]: + self._fw_data[self.services_idx].append(service) + + def check_ipp_client_allowed (self): + if not self._get_fw_data (): + return True + + return (IPP_CLIENT_SERVICE in self._fw_data[self.services_idx] or + [IPP_CLIENT_PORT, IPP_CLIENT_PROTOCOL] in self._fw_data[self.ports_idx]) + + def check_ipp_server_allowed (self): + if not self._get_fw_data (): + return True + + return (IPP_SERVER_SERVICE in self._fw_data[self.services_idx] or + [IPP_SERVER_PORT, IPP_SERVER_PROTOCOL] in self._fw_data[self.ports_idx]) + + def check_samba_client_allowed (self): + if not self._get_fw_data (): + return True + + return (SAMBA_CLIENT_SERVICE in self._fw_data[self.services_idx]) + + def check_mdns_allowed (self): + if not self._get_fw_data (): + return True + + return (MDNS_SERVICE in self._fw_data[self.services_idx] or + [MDNS_PORT, MDNS_PROTOCOL] in self._fw_data[self.ports_idx]) + + + +class SystemConfigFirewall: + DBUS_INTERFACE = "org.fedoraproject.Config.Firewall" + DBUS_PATH = "/org/fedoraproject/Config/Firewall" + + def __init__(self): + try: + bus = dbus.SystemBus () + obj = bus.get_object (self.DBUS_INTERFACE, self.DBUS_PATH) + self._fw = dbus.Interface (obj, self.DBUS_INTERFACE) + debugprint ("Using system-config-firewall") + except (dbus.DBusException), e: + debugprint ("No firewall ") + self._fw = None + self._fw_data = (None, None) + + def _get_fw_data (self, reply_handler=None, error_handler=None): + try: + debugprint ("%s in _get_fw_data: _fw_data is %s" % + (self, repr(self._fw_data))) + if self._fw_data: + debugprint ("Using cached firewall data") + if reply_handler == None: + return self._fw_data + + self._client_reply_handler (self._fw_data) + except AttributeError: + try: + if reply_handler: + self._fw.read (reply_handler=reply_handler, + error_handler=error_handler) + return + + p = self._fw.read () + self._fw_data = json.loads (p.encode ('utf-8')) + except (dbus.DBusException, AttributeError, ValueError), e: + self._fw_data = (None, None) + if error_handler: + debugprint ("Exception examining firewall") + self._client_error_handler (e) + + return self._fw_data + + def read (self, reply_handler=None, error_handler=None): + if reply_handler: + self._client_reply_handler = reply_handler + self._client_error_handler = error_handler + self._get_fw_data (reply_handler=self.reply_handler, + error_handler=self.error_handler) + else: + self._get_fw_data () + + def reply_handler (self, result): + try: + self._fw_data = json.loads (result.encode ('utf-8')) + except ValueError, e: + self.error_handler (e) + return + + debugprint ("Firewall data obtained") + self._client_reply_handler (self._fw_data) + + def error_handler (self, exc): + debugprint ("Exception fetching firewall data") + self._client_error_handler (exc) + + def write (self): + try: + self._fw.write (json.dumps (self._fw_data[0])) + except: + pass + + def _check_any_allowed (self, search): + (args, filename) = self._get_fw_data () + if filename == None: return True + isect = set (search).intersection (set (args)) + return len (isect) != 0 + + + def add_service (self, service): + try: + (args, filename) = self._fw_data + except AttributeError: + (args, filename) = self._get_fw_data () + if filename == None: return + + args.append ("--service=" + service) + self._fw_data = (args, filename) + + def check_ipp_client_allowed (self): + return self._check_any_allowed (set(["--port=%s:%s" % + (IPP_CLIENT_PORT, IPP_CLIENT_PROTOCOL), + "--service=" + IPP_CLIENT_SERVICE])) + + def check_ipp_server_allowed (self): + return self._check_any_allowed (set(["--port=%s:%s" % + (IPP_SERVER_PORT, IPP_SERVER_PROTOCOL), + "--service=" + IPP_SERVER_SERVICE])) + + def check_samba_client_allowed (self): + return self._check_any_allowed (set(["--service=" + SAMBA_CLIENT_SERVICE])) + + def check_mdns_allowed (self): + return self._check_any_allowed (set(["--port=%s:%s" % + (MDNS_PORT, MDNS_PROTOCOL), + "--service=" + MDNS_SERVICE])) diff -up system-config-printer-1.3.13/Makefile.in.FirewallD system-config-printer-1.3.13/Makefile.in --- system-config-printer-1.3.13/Makefile.in.FirewallD 2013-03-27 11:56:39.000000000 +0000 +++ system-config-printer-1.3.13/Makefile.in 2013-03-27 11:59:30.786128639 +0000 @@ -386,7 +386,7 @@ nobase_pkgdata_DATA = \ dnssdresolve.py \ errordialogs.py \ HIG.py \ - firewall.py \ + firewallsettings.py \ gui.py \ gtkinklevel.py \ gtkspinner.py \ diff -up system-config-printer-1.3.13/newprinter.py.FirewallD system-config-printer-1.3.13/newprinter.py --- system-config-printer-1.3.13/newprinter.py.FirewallD 2013-03-27 11:54:30.000000000 +0000 +++ system-config-printer-1.3.13/newprinter.py 2013-03-27 11:59:30.789128650 +0000 @@ -69,7 +69,7 @@ from smburi import SMBURI from errordialogs import * from PhysicalDevice import PhysicalDevice import gtkspinner -import firewall +import firewallsettings import asyncconn import ppdsloader import dnssdresolve @@ -1920,11 +1920,14 @@ class NewPrinterGUI(GtkGUI): try: if (self._host == 'localhost' or self._host[0] == '/'): - self.firewall = firewall.Firewall () + self.firewall = firewallsettings.FirewallD () + if not self.firewall.running(): + self.firewall = firewallsettings.SystemConfigFirewall () + debugprint ("Examining firewall") self.firewall.read (reply_handler=self.on_firewall_read, error_handler=lambda x: - self.start_fetching_devices()) + self.start_fetching_devices()) allowed = False else: # This is a remote server. Nothing we can do about @@ -1950,11 +1953,11 @@ class NewPrinterGUI(GtkGUI): secondary_text += ("- " + _("Allow all incoming IPP Browse packets") + "\n") - f.add_rule (f.ALLOW_IPP_CLIENT) + f.add_service (firewallsettings.IPP_CLIENT_SERVICE) if not mdns_allowed: secondary_text += ("- " + _("Allow all incoming mDNS traffic") + "\n") - f.add_rule (f.ALLOW_MDNS) + f.add_service (firewallsettings.MDNS_SERVICE) if not allowed: debugprint ("Asking for permission to adjust firewall:\n%s" % @@ -1980,7 +1983,7 @@ class NewPrinterGUI(GtkGUI): def adjust_firewall_response (self, dialog, response): dialog.destroy () if response == gtk.RESPONSE_YES: - self.firewall.add_rule (self.firewall.ALLOW_IPP_SERVER) + self.firewall.add_service (firewallsettings.IPP_SERVER_SERVICE) self.firewall.write () debugprint ("Fetching devices after firewall dialog response") @@ -2372,7 +2375,9 @@ class NewPrinterGUI(GtkGUI): try: # Note: we do the browsing from *this* machine, regardless # of which CUPS server we are connected to. - f = firewall.Firewall () + f = firewallsettings.FirewallD () + if not f.running(): + f = firewallsettings.SystemConfigFirewall () allowed = f.check_samba_client_allowed () secondary_text = TEXT_adjust_firewall + "\n\n" if not allowed: @@ -2392,7 +2397,7 @@ class NewPrinterGUI(GtkGUI): dialog.destroy () if response == gtk.RESPONSE_YES: - f.add_rule (f.ALLOW_SAMBA_CLIENT) + f.add_service (firewallsettings.SAMBA_CLIENT_SERVICE) f.write () except (dbus.DBusException, Exception): nonfatalException () diff -up system-config-printer-1.3.13/serversettings.py.FirewallD system-config-printer-1.3.13/serversettings.py --- system-config-printer-1.3.13/serversettings.py.FirewallD 2013-03-27 11:54:30.000000000 +0000 +++ system-config-printer-1.3.13/serversettings.py 2013-03-27 11:59:39.351160155 +0000 @@ -34,7 +34,7 @@ import time import authconn from debug import * from errordialogs import * -import firewall +import firewallsettings from gui import GtkGUI try: @@ -533,7 +533,10 @@ class ServerSettings(GtkGUI): try: if (self._host == 'localhost' or self._host[0] == '/'): - f = firewall.Firewall () + f = firewallsettings.FirewallD () + if not f.running(): + f = firewallsettings.SystemConfigFirewall () + allowed = f.check_ipp_server_allowed () else: # This is a remote server. Nothing we can do @@ -556,7 +559,7 @@ class ServerSettings(GtkGUI): dialog.destroy () if response == gtk.RESPONSE_YES: - f.add_rule (f.ALLOW_IPP_SERVER) + f.add_service (firewallsettings.IPP_SERVER_SERVICE) f.write () except (dbus.DBusException, Exception): nonfatalException () diff -up system-config-printer-1.3.13/system-config-printer.py.FirewallD system-config-printer-1.3.13/system-config-printer.py