diff options
| author | Thomas Haller <thaller@redhat.com> | 2014-02-17 21:20:42 +0100 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2014-04-14 11:46:56 +0200 |
| commit | cbf3155e118618114dabe61d920f12a3f6ebf9aa (patch) | |
| tree | 7ab36cfc21aebeb1d9836e05bd880a97881d3017 | |
| parent | 52dfc777bb12f094404eb6143a91db54a6b05658 (diff) | |
| download | NetworkManager-th/rh1065948_vpn_firewall_zone.tar.gz | |
https://bugzilla.redhat.com/show_bug.cgi?id=1065948
Signed-off-by: Thomas Haller <thaller@redhat.com>
| -rw-r--r-- | src/vpn-manager/nm-vpn-connection.c | 65 |
1 files changed, 64 insertions, 1 deletions
diff --git a/src/vpn-manager/nm-vpn-connection.c b/src/vpn-manager/nm-vpn-connection.c index 96a9acacc8..6fa0ddaf58 100644 --- a/src/vpn-manager/nm-vpn-connection.c +++ b/src/vpn-manager/nm-vpn-connection.c @@ -88,6 +88,10 @@ typedef struct { int ip_ifindex; char *banner; guint32 mtu; + + NMFirewallManager *fw_manager; + DBusGProxyCall *fw_call; + gboolean fw_set; } NMVPNConnectionPrivate; #define NM_VPN_CONNECTION_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_VPN_CONNECTION, NMVPNConnectionPrivate)) @@ -745,6 +749,21 @@ nm_vpn_connection_apply_config (NMVPNConnection *connection) } static void +fw_add_to_zone_cb (GError *error, gpointer user_data) +{ + NMVPNConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE (connection); + + if (!priv->fw_call) + return; + + nm_log_info (LOGD_DEVICE, "Activation (%s) Stage 3 of 5 (IP Configure Start) scheduled.", + nm_device_get_iface (self)); + nm_log_dbg (LOGD_VPN, "VPN connection '%s' setting firewall zon:qe %c%s%c", + nm_connection_get_id (priv->connection), zone?'\'':'(', zone?zone:"null", zone?'\'':')'); + +} + +static void nm_vpn_connection_config_maybe_complete (NMVPNConnection *connection, gboolean success) { @@ -757,9 +776,53 @@ nm_vpn_connection_config_maybe_complete (NMVPNConnection *connection, return; } + if (success && !priv->fw_set) { + const char *ip_iface = nm_vpn_connection_get_ip_iface (connection); + NMSettingConnection *s_con = nm_connection_get_setting_connection (priv->connection); + const char *zone = nm_setting_connection_get_zone (s_con); + + priv->fw_set = TRUE; + + if (ip_iface) { + /* not yet started setting the firewall zone. Start now. */ + nm_log_dbg (LOGD_VPN, "VPN connection '%s' setting firewall zone %c%s%c", + nm_connection_get_id (priv->connection), zone?'\'':'(', zone?zone:"null", zone?'\'':')'); + priv->fw_call = nm_firewall_manager_add_or_change_zone (priv->fw_manager, + ip_iface, + zone, + TRUE, + fw_add_to_zone_cb, + connection); + return; + } else { + NMDevice *parent; + NMConnection *connection; + + parent = nm_active_connection_get_device (NM_ACTIVE_CONNECTION (vpn)); + connection = parent ? nm_device_get_connection (parent) : NULL; + if (!connection) { + nm_log_warn (LOGD_VPN, "VPN connection '%s' has no device to set the firewall zone %c%s%c and there is no active parent device", + nm_connection_get_id (priv->connection), zone?'\'':'(', zone?zone:"null", zone?'\'':')'); + } else { + NMSettingConnection *parent_s_con = nm_connection_get_setting_connection (connection); + const char *parent_zone = parent_s_con ? nm_setting_connection_get_zone (parent_s_con) : NULL; + + if (!parent_s_con || g_strcmp0 (parent_zone, zone) != 0) { + nm_log_warn (LOGD_VPN, "VPN connection '%s' has no device to set the firewall zone %c%s%c, but the parent device is configured for a different zone: %c%s%c", + nm_connection_get_id (priv->connection), zone?'\'':'(', zone?zone:"null", zone?'\'':')', + parent_zone?'\'':'(', parent_zone?parent_zone:"null", parent_zone?'\'':')'); + } else { + nm_log_warn (LOGD_VPN, "VPN connection '%s' has no device to set the firewall zone %c%s%c, but the parent device is configured for the same zone", + nm_connection_get_id (priv->connection), zone?'\'':'(', zone?zone:"null", zone?'\'':')'); + } + } + } + } + if (success) { if ( (priv->has_ip4 && !priv->ip4_config) - || (priv->has_ip6 && !priv->ip6_config)) { + || (priv->has_ip6 && !priv->ip6_config) + || !priv->fw_set) { /* Need to wait for other config */ return; } |