Commit 5f24d46d authored by Lucas Biaggi's avatar Lucas Biaggi Committed by Tomaz Canabrava
Browse files

bugfix 448407

To fix [448407](https://bugs.kde.org/show_bug.cgi?id=448407) we need to parse settings from the active zone and use it as default incoming policy.
parent a1b5a63c
Pipeline #140615 passed with stage
in 1 minute and 42 seconds
......@@ -8,6 +8,7 @@
#include <QDBusMetaType>
#include <QDebug>
#include <QDir>
#include <QLoggingCategory>
#include <QNetworkInterface>
#include <QProcess>
#include <QStandardPaths>
......@@ -78,6 +79,7 @@ KJob *FirewalldClient::setEnabled(const bool value)
return job;
}
KJob *FirewalldClient::queryStatus(FirewallClient::DefaultDataBehavior defaultsBehavior, FirewallClient::ProfilesBehavior profilesBehavior)
{
Q_UNUSED(defaultsBehavior);
......@@ -178,7 +180,6 @@ KJob *FirewalldClient::removeRule(int index)
qCDebug(FirewallDClientDebug) << job->errorString() << job->error();
return;
}
// queryStatus(FirewallClient::DefaultDataBehavior::ReadDefaults, FirewallClient::ProfilesBehavior::DontListenProfiles);
refresh();
});
......@@ -387,14 +388,12 @@ QString FirewalldClient::defaultOutgoingPolicy() const
KJob *FirewalldClient::setDefaultIncomingPolicy(QString defaultIncomingPolicy)
{
// fake job just to change default policy
FirewalldJob *job = new FirewalldJob();
connect(job, &KJob::result, this, [this, job, defaultIncomingPolicy] {
if (job->error()) {
qCDebug(FirewallDClientDebug) << job->errorString() << job->error();
return;
}
queryStatus(FirewallClient::DefaultDataBehavior::ReadDefaults, FirewallClient::ProfilesBehavior::DontListenProfiles);
m_currentProfile.setDefaultIncomingPolicy(defaultIncomingPolicy);
});
......@@ -404,15 +403,13 @@ KJob *FirewalldClient::setDefaultIncomingPolicy(QString defaultIncomingPolicy)
KJob *FirewalldClient::setDefaultOutgoingPolicy(QString defaultOutgoingPolicy)
{
// fake job just to change default policy
FirewalldJob *job = new FirewalldJob();
connect(job, &KJob::result, this, [this, job, defaultOutgoingPolicy] {
if (job->error()) {
qCDebug(FirewallDClientDebug) << job->errorString() << job->error();
return;
}
queryStatus(FirewallClient::DefaultDataBehavior::ReadDefaults, FirewallClient::ProfilesBehavior::DontListenProfiles);
m_currentProfile.setDefaultIncomingPolicy(defaultOutgoingPolicy);
m_currentProfile.setDefaultOutgoingPolicy(defaultOutgoingPolicy);
});
job->start();
......@@ -421,7 +418,6 @@ KJob *FirewalldClient::setDefaultOutgoingPolicy(QString defaultOutgoingPolicy)
KJob *FirewalldClient::save()
{
// fake job just to change default policy
FirewalldJob *job = new FirewalldJob(FirewalldJob::SAVEFIREWALLD);
connect(job, &KJob::result, this, [this, job] {
......@@ -542,20 +538,22 @@ void FirewalldClient::setProfile(Profile profile)
auto oldProfile = m_currentProfile;
m_currentProfile = profile;
m_rulesModel->setProfile(m_currentProfile);
qCDebug(FirewallDClientDebug) << "Profile incoming policy: " << m_currentProfile.defaultIncomingPolicy()
<< "Old profile policy: " << oldProfile.defaultIncomingPolicy();
if (m_currentProfile.enabled() != oldProfile.enabled()) {
getDefaultIncomingPolicyFromDbus();
Q_EMIT enabledChanged(m_currentProfile.enabled());
}
if (m_currentProfile.defaultIncomingPolicy() != oldProfile.defaultIncomingPolicy()) {
const QString policy = Types::toString(m_currentProfile.defaultIncomingPolicy());
Q_EMIT defaultIncomingPolicyChanged(policy);
}
if (m_currentProfile.defaultOutgoingPolicy() != oldProfile.defaultOutgoingPolicy()) {
const QString policy = Types::toString(m_currentProfile.defaultOutgoingPolicy());
Q_EMIT defaultOutgoingPolicyChanged(policy);
}
if (enabled()) {
if (m_currentProfile.defaultIncomingPolicy() != oldProfile.defaultIncomingPolicy()) {
const QString policy = Types::toString(m_currentProfile.defaultIncomingPolicy());
Q_EMIT defaultIncomingPolicyChanged(policy);
}
if (m_currentProfile.defaultOutgoingPolicy() != oldProfile.defaultOutgoingPolicy()) {
const QString policy = Types::toString(m_currentProfile.defaultOutgoingPolicy());
Q_EMIT defaultOutgoingPolicyChanged(policy);
}
queryKnownApplications();
}
}
......@@ -618,4 +616,28 @@ void FirewalldClient::queryKnownApplications()
});
job->start();
}
void FirewalldClient::getDefaultIncomingPolicyFromDbus()
{
FirewalldJob *job = new FirewalldJob("getZoneSettings2", {""}, FirewalldJob::SIMPLELIST);
connect(job, &KJob::result, this, [this, job] {
if (job->error()) {
qCDebug(FirewallDClientDebug) << job->name() << job->errorString() << job->error();
return;
}
QString policy = job->getDefaultIncomingPolicy();
qCDebug(FirewallDClientDebug) << "Incoming Policy (firewalld definition): " << policy;
if (policy == "default" || policy == "reject") {
qCDebug(FirewallDClientDebug) << "Setting incoming Policy: rejected";
m_currentProfile.setDefaultIncomingPolicy("reject");
} else if (policy == "allow") {
qCDebug(FirewallDClientDebug) << "Setting incoming Policy: allowed";
m_currentProfile.setDefaultIncomingPolicy("allow");
} else {
qCDebug(FirewallDClientDebug) << "Setting incoming Policy: denied";
m_currentProfile.setDefaultIncomingPolicy("deny");
}
});
job->exec();
}
#include "firewalldclient.moc"
......@@ -7,9 +7,9 @@
#ifndef FIREWALLDCLIENT_H
#define FIREWALLDCLIENT_H
#include <QLoggingCategory>
#include <QString>
#include <QTimer>
#include <QLoggingCategory>
#include <ifirewallclientbackend.h>
#include <profile.h>
......@@ -66,11 +66,12 @@ protected slots:
void refreshLogs();
protected:
QVector<Rule*> extractRulesFromResponse(const QList<firewalld_reply> &reply) const;
QVector<Rule *> extractRulesFromResponse(const QList<firewalld_reply> &reply) const;
QVector<Rule *> extractRulesFromResponse(const QStringList &reply) const;
QVariantList buildRule(const Rule *r) const;
void setProfile(Profile profile);
void queryKnownApplications();
void getDefaultIncomingPolicyFromDbus();
private:
QString m_status;
......
......@@ -106,6 +106,7 @@ void FirewalldJob::firewalldAction(const QString &bus, const QString &path, cons
if (!reply.isEmpty()) {
m_services = reply;
}
} else {
connectCall(watcher); // save executed here
}
......@@ -122,6 +123,10 @@ void FirewalldJob::firewalldAction(const QString &bus, const QString &path, cons
if (!reply.isEmpty())
qCDebug(FirewallDJobDebug) << "manipulated zone: " << reply;
} else if (method == "getZoneSettings2") {
QMap<QString, QVariant> settings;
settings = connectCall<QMap<QString, QVariant>>(watcher);
m_target = settings["target"].toString();
} else {
QStringList reply = connectCall<QStringList>(watcher);
if (!reply.isEmpty()) {
......@@ -149,7 +154,7 @@ void FirewalldJob::start()
switch (m_type) {
case FirewalldJob::SIMPLIFIEDRULE:
case FirewalldJob::SIMPLELIST: {
qCDebug(FirewallDJobDebug) << "firewalld simple interface: " << m_call << m_args;
qCDebug(FirewallDJobDebug) << "firewalld zone interface: " << m_call << m_args;
firewalldAction(FIREWALLD::BUS, FIREWALLD::PATH, SIMPLE::INTERFACE, m_call, m_args);
break;
}
......@@ -187,3 +192,8 @@ QStringList FirewalldJob::getServices()
{
return m_services;
}
QString FirewalldJob::getDefaultIncomingPolicy()
{
return m_target;
}
......@@ -28,6 +28,7 @@ public:
QList<firewalld_reply> getFirewalldreply();
QStringList getServices();
QString name();
QString getDefaultIncomingPolicy();
private:
template<typename T>
......@@ -40,5 +41,7 @@ private:
QVariantList m_args;
QStringList m_services = {};
QList<firewalld_reply> m_firewalldreply = {};
QString m_target;
};
#endif
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment