|
Packit Service |
5ffa24 |
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
|
Packit Service |
5ffa24 |
/*
|
|
Packit Service |
5ffa24 |
* Copyright (C) 2011 - 2015 Red Hat, Inc.
|
|
Packit Service |
5ffa24 |
*/
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
2bceb2 |
#include "src/core/nm-default-daemon.h"
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
#include "nm-firewall-manager.h"
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
#include "nm-glib-aux/nm-dbus-aux.h"
|
|
Packit Service |
5ffa24 |
#include "c-list/src/c-list.h"
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
#include "NetworkManagerUtils.h"
|
|
Packit Service |
5ffa24 |
#include "nm-dbus-manager.h"
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
#define FIREWALL_DBUS_SERVICE "org.fedoraproject.FirewallD1"
|
|
Packit Service |
5ffa24 |
#define FIREWALL_DBUS_PATH "/org/fedoraproject/FirewallD1"
|
|
Packit Service |
5ffa24 |
#define FIREWALL_DBUS_INTERFACE_ZONE "org.fedoraproject.FirewallD1.zone"
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
/*****************************************************************************/
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
enum { STATE_CHANGED, LAST_SIGNAL };
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
static guint signals[LAST_SIGNAL] = {0};
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
typedef struct {
|
|
Packit Service |
5ffa24 |
GDBusConnection *dbus_connection;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
GCancellable *get_name_owner_cancellable;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
CList pending_calls;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
guint name_owner_changed_id;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
bool dbus_inited : 1;
|
|
Packit Service |
5ffa24 |
bool running : 1;
|
|
Packit Service |
5ffa24 |
} NMFirewallManagerPrivate;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
struct _NMFirewallManager {
|
|
Packit Service |
5ffa24 |
GObject parent;
|
|
Packit Service |
5ffa24 |
NMFirewallManagerPrivate _priv;
|
|
Packit Service |
5ffa24 |
};
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
struct _NMFirewallManagerClass {
|
|
Packit Service |
5ffa24 |
GObjectClass parent;
|
|
Packit Service |
5ffa24 |
};
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
G_DEFINE_TYPE(NMFirewallManager, nm_firewall_manager, G_TYPE_OBJECT)
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
#define NM_FIREWALL_MANAGER_GET_PRIVATE(self) \
|
|
Packit Service |
5ffa24 |
_NM_GET_PRIVATE(self, NMFirewallManager, NM_IS_FIREWALL_MANAGER)
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
/*****************************************************************************/
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
NM_DEFINE_SINGLETON_GETTER(NMFirewallManager, nm_firewall_manager_get, NM_TYPE_FIREWALL_MANAGER);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
/*****************************************************************************/
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
typedef enum {
|
|
Packit Service |
5ffa24 |
OPS_TYPE_ADD = 1,
|
|
Packit Service |
5ffa24 |
OPS_TYPE_CHANGE,
|
|
Packit Service |
5ffa24 |
OPS_TYPE_REMOVE,
|
|
Packit Service |
5ffa24 |
} OpsType;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
struct _NMFirewallManagerCallId {
|
|
Packit Service |
5ffa24 |
CList lst;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
NMFirewallManager *self;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
char *iface;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
NMFirewallManagerAddRemoveCallback callback;
|
|
Packit Service |
5ffa24 |
gpointer user_data;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
union {
|
|
Packit Service |
5ffa24 |
struct {
|
|
Packit Service |
5ffa24 |
GCancellable *cancellable;
|
|
Packit Service |
5ffa24 |
GVariant * arg;
|
|
Packit Service |
5ffa24 |
} dbus;
|
|
Packit Service |
5ffa24 |
struct {
|
|
Packit Service |
5ffa24 |
guint id;
|
|
Packit Service |
5ffa24 |
} idle;
|
|
Packit Service |
5ffa24 |
};
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
OpsType ops_type;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
bool is_idle : 1;
|
|
Packit Service |
5ffa24 |
};
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
/*****************************************************************************/
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
static const char *
|
|
Packit Service |
5ffa24 |
_ops_type_to_string(OpsType ops_type)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
switch (ops_type) {
|
|
Packit Service |
5ffa24 |
case OPS_TYPE_ADD:
|
|
Packit Service |
5ffa24 |
return "add";
|
|
Packit Service |
5ffa24 |
case OPS_TYPE_REMOVE:
|
|
Packit Service |
5ffa24 |
return "remove";
|
|
Packit Service |
5ffa24 |
case OPS_TYPE_CHANGE:
|
|
Packit Service |
5ffa24 |
return "change";
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
nm_assert_not_reached();
|
|
Packit Service |
5ffa24 |
return NULL;
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
#define _NMLOG_DOMAIN LOGD_FIREWALL
|
|
Packit Service |
5ffa24 |
#define _NMLOG_PREFIX_NAME "firewall"
|
|
Packit Service |
5ffa24 |
#define _NMLOG(level, call_id, ...) \
|
|
Packit Service |
5ffa24 |
G_STMT_START \
|
|
Packit Service |
5ffa24 |
{ \
|
|
Packit Service |
5ffa24 |
if (nm_logging_enabled((level), (_NMLOG_DOMAIN))) { \
|
|
Packit Service |
5ffa24 |
NMFirewallManagerCallId *_call_id = (call_id); \
|
|
Packit Service |
5ffa24 |
char _prefix_name[30]; \
|
|
Packit Service |
5ffa24 |
char _prefix_info[100]; \
|
|
Packit Service |
5ffa24 |
\
|
|
Packit Service |
5ffa24 |
_nm_log((level), \
|
|
Packit Service |
5ffa24 |
(_NMLOG_DOMAIN), \
|
|
Packit Service |
5ffa24 |
0, \
|
|
Packit Service |
5ffa24 |
NULL, \
|
|
Packit Service |
5ffa24 |
NULL, \
|
|
Packit Service |
5ffa24 |
"%s: %s" _NM_UTILS_MACRO_FIRST(__VA_ARGS__), \
|
|
Packit Service |
5ffa24 |
(self) != singleton_instance ? ({ \
|
|
Packit Service |
5ffa24 |
g_snprintf(_prefix_name, \
|
|
Packit Service |
5ffa24 |
sizeof(_prefix_name), \
|
|
Packit Service |
5ffa24 |
"%s[" NM_HASH_OBFUSCATE_PTR_FMT "]", \
|
|
Packit Service |
5ffa24 |
""_NMLOG_PREFIX_NAME, \
|
|
Packit Service |
5ffa24 |
NM_HASH_OBFUSCATE_PTR(self)); \
|
|
Packit Service |
5ffa24 |
_prefix_name; \
|
|
Packit Service |
5ffa24 |
}) \
|
|
Packit Service |
5ffa24 |
: _NMLOG_PREFIX_NAME, \
|
|
Packit Service |
5ffa24 |
_call_id ? ({ \
|
|
Packit Service |
5ffa24 |
g_snprintf(_prefix_info, \
|
|
Packit Service |
5ffa24 |
sizeof(_prefix_info), \
|
|
Packit Service |
5ffa24 |
"[" NM_HASH_OBFUSCATE_PTR_FMT ",%s%s:%s%s%s]: ", \
|
|
Packit Service |
5ffa24 |
NM_HASH_OBFUSCATE_PTR(_call_id), \
|
|
Packit Service |
5ffa24 |
_ops_type_to_string(_call_id->ops_type), \
|
|
Packit Service |
5ffa24 |
_call_id->is_idle ? "*" : "", \
|
|
Packit Service |
5ffa24 |
NM_PRINT_FMT_QUOTE_STRING(_call_id->iface)); \
|
|
Packit Service |
5ffa24 |
_prefix_info; \
|
|
Packit Service |
5ffa24 |
}) \
|
|
Packit Service |
5ffa24 |
: "" _NM_UTILS_MACRO_REST(__VA_ARGS__)); \
|
|
Packit Service |
5ffa24 |
} \
|
|
Packit Service |
5ffa24 |
} \
|
|
Packit Service |
5ffa24 |
G_STMT_END
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
/*****************************************************************************/
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
static gboolean
|
|
Packit Service |
5ffa24 |
_get_running(NMFirewallManagerPrivate *priv)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
/* when starting, we need to asynchronously check whether there is
|
|
Packit Service |
5ffa24 |
* a name owner. During that time we optimistically assume that the
|
|
Packit Service |
5ffa24 |
* service is indeed running. That is the time when we queue the
|
|
Packit Service |
5ffa24 |
* requests, and they will be started once the get-name-owner call
|
|
Packit Service |
5ffa24 |
* returns. */
|
|
Packit Service |
5ffa24 |
return priv->running || (priv->dbus_connection && !priv->dbus_inited);
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
gboolean
|
|
Packit Service |
5ffa24 |
nm_firewall_manager_get_running(NMFirewallManager *self)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
g_return_val_if_fail(NM_IS_FIREWALL_MANAGER(self), FALSE);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
return _get_running(NM_FIREWALL_MANAGER_GET_PRIVATE(self));
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
/*****************************************************************************/
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
static NMFirewallManagerCallId *
|
|
Packit Service |
5ffa24 |
_cb_info_create(NMFirewallManager * self,
|
|
Packit Service |
5ffa24 |
OpsType ops_type,
|
|
Packit Service |
5ffa24 |
const char * iface,
|
|
Packit Service |
5ffa24 |
const char * zone,
|
|
Packit Service |
5ffa24 |
NMFirewallManagerAddRemoveCallback callback,
|
|
Packit Service |
5ffa24 |
gpointer user_data)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
NMFirewallManagerPrivate *priv = NM_FIREWALL_MANAGER_GET_PRIVATE(self);
|
|
Packit Service |
5ffa24 |
NMFirewallManagerCallId * call_id;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
call_id = g_slice_new0(NMFirewallManagerCallId);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
call_id->self = g_object_ref(self);
|
|
Packit Service |
5ffa24 |
call_id->ops_type = ops_type;
|
|
Packit Service |
5ffa24 |
call_id->iface = g_strdup(iface);
|
|
Packit Service |
5ffa24 |
call_id->callback = callback;
|
|
Packit Service |
5ffa24 |
call_id->user_data = user_data;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
if (_get_running(priv)) {
|
|
Packit Service |
5ffa24 |
call_id->is_idle = FALSE;
|
|
Packit Service |
5ffa24 |
call_id->dbus.arg = g_variant_new("(ss)", zone ?: "", iface);
|
|
Packit Service |
5ffa24 |
} else
|
|
Packit Service |
5ffa24 |
call_id->is_idle = TRUE;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
c_list_link_tail(&priv->pending_calls, &call_id->lst);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
return call_id;
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
static void
|
|
Packit Service |
5ffa24 |
_cb_info_complete(NMFirewallManagerCallId *call_id, GError *error)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
c_list_unlink(&call_id->lst);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
if (call_id->callback)
|
|
Packit Service |
5ffa24 |
call_id->callback(call_id->self, call_id, error, call_id->user_data);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
if (call_id->is_idle)
|
|
Packit Service |
5ffa24 |
nm_clear_g_source(&call_id->idle.id);
|
|
Packit Service |
5ffa24 |
else {
|
|
Packit Service |
5ffa24 |
nm_g_variant_unref(call_id->dbus.arg);
|
|
Packit Service |
5ffa24 |
nm_clear_g_cancellable(&call_id->dbus.cancellable);
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
g_free(call_id->iface);
|
|
Packit Service |
5ffa24 |
g_object_unref(call_id->self);
|
|
Packit Service |
5ffa24 |
nm_g_slice_free(call_id);
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
static gboolean
|
|
Packit Service |
5ffa24 |
_handle_idle_cb(gpointer user_data)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
NMFirewallManager * self;
|
|
Packit Service |
5ffa24 |
NMFirewallManagerCallId *call_id = user_data;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
nm_assert(call_id);
|
|
Packit Service |
5ffa24 |
nm_assert(NM_IS_FIREWALL_MANAGER(call_id->self));
|
|
Packit Service |
5ffa24 |
nm_assert(call_id->is_idle);
|
|
Packit Service |
5ffa24 |
nm_assert(c_list_contains(&NM_FIREWALL_MANAGER_GET_PRIVATE(call_id->self)->pending_calls,
|
|
Packit Service |
5ffa24 |
&call_id->lst));
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
self = call_id->self;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
_LOGD(call_id, "complete: fake success");
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
call_id->idle.id = 0;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
_cb_info_complete(call_id, NULL);
|
|
Packit Service |
5ffa24 |
return G_SOURCE_REMOVE;
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
static gboolean
|
|
Packit Service |
5ffa24 |
_handle_idle_start(NMFirewallManager *self, NMFirewallManagerCallId *call_id)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
if (!call_id->callback) {
|
|
Packit Service |
5ffa24 |
/* if the user did not provide a callback and firewalld is not running,
|
|
Packit Service |
5ffa24 |
* there is no point in scheduling an idle-request to fake success. Just
|
|
Packit Service |
5ffa24 |
* return right away. */
|
|
Packit Service |
5ffa24 |
_LOGD(call_id, "complete: drop request simulating success");
|
|
Packit Service |
5ffa24 |
_cb_info_complete(call_id, NULL);
|
|
Packit Service |
5ffa24 |
return FALSE;
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
call_id->idle.id = g_idle_add(_handle_idle_cb, call_id);
|
|
Packit Service |
5ffa24 |
return TRUE;
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
static void
|
|
Packit Service |
5ffa24 |
_handle_dbus_cb(GObject *source, GAsyncResult *result, gpointer user_data)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
NMFirewallManager * self;
|
|
Packit Service |
5ffa24 |
NMFirewallManagerCallId *call_id;
|
|
Packit Service |
5ffa24 |
gs_free_error GError *error = NULL;
|
|
Packit Service |
5ffa24 |
gs_unref_variant GVariant *ret = NULL;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
ret = g_dbus_connection_call_finish(G_DBUS_CONNECTION(source), result, &error);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
if (!ret && nm_utils_error_is_cancelled(error))
|
|
Packit Service |
5ffa24 |
return;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
call_id = user_data;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
nm_assert(call_id);
|
|
Packit Service |
5ffa24 |
nm_assert(NM_IS_FIREWALL_MANAGER(call_id->self));
|
|
Packit Service |
5ffa24 |
nm_assert(!call_id->is_idle);
|
|
Packit Service |
5ffa24 |
nm_assert(c_list_contains(&NM_FIREWALL_MANAGER_GET_PRIVATE(call_id->self)->pending_calls,
|
|
Packit Service |
5ffa24 |
&call_id->lst));
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
self = call_id->self;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
if (error) {
|
|
Packit Service |
5ffa24 |
const char *non_error = NULL;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
g_dbus_error_strip_remote_error(error);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
switch (call_id->ops_type) {
|
|
Packit Service |
5ffa24 |
case OPS_TYPE_ADD:
|
|
Packit Service |
5ffa24 |
case OPS_TYPE_CHANGE:
|
|
Packit Service |
5ffa24 |
non_error = "ZONE_ALREADY_SET";
|
|
Packit Service |
5ffa24 |
break;
|
|
Packit Service |
5ffa24 |
case OPS_TYPE_REMOVE:
|
|
Packit Service |
5ffa24 |
non_error = "UNKNOWN_INTERFACE";
|
|
Packit Service |
5ffa24 |
break;
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
if (error->message && non_error && g_str_has_prefix(error->message, non_error)
|
|
Packit Service |
5ffa24 |
&& NM_IN_SET(error->message[strlen(non_error)], '\0', ':')) {
|
|
Packit Service |
5ffa24 |
_LOGD(call_id, "complete: request failed with a non-error (%s)", error->message);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
/* The operation failed with an error reason that we don't want
|
|
Packit Service |
5ffa24 |
* to propagate. Instead, signal success. */
|
|
Packit Service |
5ffa24 |
g_clear_error(&error);
|
|
Packit Service |
5ffa24 |
} else
|
|
Packit Service |
5ffa24 |
_LOGW(call_id, "complete: request failed (%s)", error->message);
|
|
Packit Service |
5ffa24 |
} else
|
|
Packit Service |
5ffa24 |
_LOGD(call_id, "complete: success");
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
g_clear_object(&call_id->dbus.cancellable);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
_cb_info_complete(call_id, error);
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
static void
|
|
Packit Service |
5ffa24 |
_handle_dbus_start(NMFirewallManager *self, NMFirewallManagerCallId *call_id)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
NMFirewallManagerPrivate *priv = NM_FIREWALL_MANAGER_GET_PRIVATE(self);
|
|
Packit Service |
5ffa24 |
const char * dbus_method = NULL;
|
|
Packit Service |
5ffa24 |
GVariant * arg;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
nm_assert(call_id);
|
|
Packit Service |
5ffa24 |
nm_assert(priv->running);
|
|
Packit Service |
5ffa24 |
nm_assert(!call_id->is_idle);
|
|
Packit Service |
5ffa24 |
nm_assert(c_list_contains(&priv->pending_calls, &call_id->lst));
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
switch (call_id->ops_type) {
|
|
Packit Service |
5ffa24 |
case OPS_TYPE_ADD:
|
|
Packit Service |
5ffa24 |
dbus_method = "addInterface";
|
|
Packit Service |
5ffa24 |
break;
|
|
Packit Service |
5ffa24 |
case OPS_TYPE_CHANGE:
|
|
Packit Service |
5ffa24 |
dbus_method = "changeZone";
|
|
Packit Service |
5ffa24 |
break;
|
|
Packit Service |
5ffa24 |
case OPS_TYPE_REMOVE:
|
|
Packit Service |
5ffa24 |
dbus_method = "removeInterface";
|
|
Packit Service |
5ffa24 |
break;
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
nm_assert(dbus_method);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
arg = g_steal_pointer(&call_id->dbus.arg);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
nm_assert(arg && g_variant_is_floating(arg));
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
nm_assert(!call_id->dbus.cancellable);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
call_id->dbus.cancellable = g_cancellable_new();
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
g_dbus_connection_call(priv->dbus_connection,
|
|
Packit Service |
5ffa24 |
FIREWALL_DBUS_SERVICE,
|
|
Packit Service |
5ffa24 |
FIREWALL_DBUS_PATH,
|
|
Packit Service |
5ffa24 |
FIREWALL_DBUS_INTERFACE_ZONE,
|
|
Packit Service |
5ffa24 |
dbus_method,
|
|
Packit Service |
5ffa24 |
arg,
|
|
Packit Service |
5ffa24 |
NULL,
|
|
Packit Service |
5ffa24 |
G_DBUS_CALL_FLAGS_NONE,
|
|
Packit Service |
5ffa24 |
10000,
|
|
Packit Service |
5ffa24 |
call_id->dbus.cancellable,
|
|
Packit Service |
5ffa24 |
_handle_dbus_cb,
|
|
Packit Service |
5ffa24 |
call_id);
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
static NMFirewallManagerCallId *
|
|
Packit Service |
5ffa24 |
_start_request(NMFirewallManager * self,
|
|
Packit Service |
5ffa24 |
OpsType ops_type,
|
|
Packit Service |
5ffa24 |
const char * iface,
|
|
Packit Service |
5ffa24 |
const char * zone,
|
|
Packit Service |
5ffa24 |
NMFirewallManagerAddRemoveCallback callback,
|
|
Packit Service |
5ffa24 |
gpointer user_data)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
NMFirewallManagerPrivate *priv;
|
|
Packit Service |
5ffa24 |
NMFirewallManagerCallId * call_id;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
g_return_val_if_fail(NM_IS_FIREWALL_MANAGER(self), NULL);
|
|
Packit Service |
5ffa24 |
g_return_val_if_fail(iface && *iface, NULL);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
priv = NM_FIREWALL_MANAGER_GET_PRIVATE(self);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
call_id = _cb_info_create(self, ops_type, iface, zone, callback, user_data);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
_LOGD(call_id,
|
|
Packit Service |
5ffa24 |
"firewall zone %s %s:%s%s%s%s",
|
|
Packit Service |
5ffa24 |
_ops_type_to_string(call_id->ops_type),
|
|
Packit Service |
5ffa24 |
iface,
|
|
Packit Service |
5ffa24 |
NM_PRINT_FMT_QUOTED(zone, "\"", zone, "\"", "default"),
|
|
Packit Service |
5ffa24 |
call_id->is_idle ? " (not running, simulate success)"
|
|
Packit Service |
5ffa24 |
: (!priv->running ? " (waiting to initialize)" : ""));
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
if (!call_id->is_idle) {
|
|
Packit Service |
5ffa24 |
if (priv->running)
|
|
Packit Service |
5ffa24 |
_handle_dbus_start(self, call_id);
|
|
Packit Service |
5ffa24 |
if (!call_id->callback) {
|
|
Packit Service |
5ffa24 |
/* if the user did not provide a callback, the call_id is useless.
|
|
Packit Service |
5ffa24 |
* Especially, the user cannot use the call-id to cancel the request,
|
|
Packit Service |
5ffa24 |
* because he cannot know whether the request is still pending.
|
|
Packit Service |
5ffa24 |
*
|
|
Packit Service |
5ffa24 |
* Hence, returning %NULL doesn't mean that the request could not be started
|
|
Packit Service |
5ffa24 |
* (this function never fails and always starts a request). */
|
|
Packit Service |
5ffa24 |
return NULL;
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
} else {
|
|
Packit Service |
5ffa24 |
if (!_handle_idle_start(self, call_id)) {
|
|
Packit Service |
5ffa24 |
/* if the user did not provide a callback and firewalld is not running,
|
|
Packit Service |
5ffa24 |
* there is no point in scheduling an idle-request to fake success. Just
|
|
Packit Service |
5ffa24 |
* return right away. */
|
|
Packit Service |
5ffa24 |
return NULL;
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
return call_id;
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
NMFirewallManagerCallId *
|
|
Packit Service |
5ffa24 |
nm_firewall_manager_add_or_change_zone(NMFirewallManager *self,
|
|
Packit Service |
5ffa24 |
const char * iface,
|
|
Packit Service |
5ffa24 |
const char * zone,
|
|
Packit Service |
5ffa24 |
gboolean add, /* TRUE == add, FALSE == change */
|
|
Packit Service |
5ffa24 |
NMFirewallManagerAddRemoveCallback callback,
|
|
Packit Service |
5ffa24 |
gpointer user_data)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
return _start_request(self,
|
|
Packit Service |
5ffa24 |
add ? OPS_TYPE_ADD : OPS_TYPE_CHANGE,
|
|
Packit Service |
5ffa24 |
iface,
|
|
Packit Service |
5ffa24 |
zone,
|
|
Packit Service |
5ffa24 |
callback,
|
|
Packit Service |
5ffa24 |
user_data);
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
NMFirewallManagerCallId *
|
|
Packit Service |
5ffa24 |
nm_firewall_manager_remove_from_zone(NMFirewallManager * self,
|
|
Packit Service |
5ffa24 |
const char * iface,
|
|
Packit Service |
5ffa24 |
const char * zone,
|
|
Packit Service |
5ffa24 |
NMFirewallManagerAddRemoveCallback callback,
|
|
Packit Service |
5ffa24 |
gpointer user_data)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
return _start_request(self, OPS_TYPE_REMOVE, iface, zone, callback, user_data);
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
void
|
|
Packit Service |
5ffa24 |
nm_firewall_manager_cancel_call(NMFirewallManagerCallId *call_id)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
NMFirewallManager * self;
|
|
Packit Service |
5ffa24 |
NMFirewallManagerPrivate *priv;
|
|
Packit Service |
5ffa24 |
gs_free_error GError *error = NULL;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
g_return_if_fail(call_id);
|
|
Packit Service |
5ffa24 |
g_return_if_fail(NM_IS_FIREWALL_MANAGER(call_id->self));
|
|
Packit Service |
5ffa24 |
g_return_if_fail(!c_list_is_empty(&call_id->lst));
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
self = call_id->self;
|
|
Packit Service |
5ffa24 |
priv = NM_FIREWALL_MANAGER_GET_PRIVATE(self);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
nm_assert(c_list_contains(&priv->pending_calls, &call_id->lst));
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
nm_utils_error_set_cancelled(&error, FALSE, "NMFirewallManager");
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
_LOGD(call_id, "complete: cancel (%s)", error->message);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
_cb_info_complete(call_id, error);
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
/*****************************************************************************/
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
static void
|
|
Packit Service |
5ffa24 |
name_owner_changed(NMFirewallManager *self, const char *owner)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
_nm_unused gs_unref_object NMFirewallManager *self_keep_alive = g_object_ref(self);
|
|
Packit Service |
5ffa24 |
NMFirewallManagerPrivate * priv = NM_FIREWALL_MANAGER_GET_PRIVATE(self);
|
|
Packit Service |
5ffa24 |
gboolean was_running;
|
|
Packit Service |
5ffa24 |
gboolean now_running;
|
|
Packit Service |
5ffa24 |
gboolean just_initied;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
owner = nm_str_not_empty(owner);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
if (!owner)
|
|
Packit Service |
5ffa24 |
_LOGT(NULL, "D-Bus name for firewalld has no owner (firewall stopped)");
|
|
Packit Service |
5ffa24 |
else
|
|
Packit Service |
5ffa24 |
_LOGT(NULL, "D-Bus name for firewalld has owner %s (firewall started)", owner);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
was_running = _get_running(priv);
|
|
Packit Service |
5ffa24 |
just_initied = !priv->dbus_inited;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
priv->dbus_inited = TRUE;
|
|
Packit Service |
5ffa24 |
priv->running = !!owner;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
now_running = _get_running(priv);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
if (just_initied) {
|
|
Packit Service |
5ffa24 |
NMFirewallManagerCallId *call_id_safe;
|
|
Packit Service |
5ffa24 |
NMFirewallManagerCallId *call_id;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
/* We kick of the requests that we have pending. Note that this is
|
|
Packit Service |
5ffa24 |
* entirely asynchronous and also we don't invoke any callbacks for
|
|
Packit Service |
5ffa24 |
* the user.
|
|
Packit Service |
5ffa24 |
* Even _handle_idle_start() just schedules an idle handler. That is,
|
|
Packit Service |
5ffa24 |
* because we don't want to callback to the user before emitting the
|
|
Packit Service |
5ffa24 |
* DISCONNECTED signal below. Also, emitting callbacks means the user
|
|
Packit Service |
5ffa24 |
* can call back to modify the list of pending-calls and we'd have
|
|
Packit Service |
5ffa24 |
* to handle reentrancy. */
|
|
Packit Service |
5ffa24 |
c_list_for_each_entry_safe (call_id, call_id_safe, &priv->pending_calls, lst) {
|
|
Packit Service |
5ffa24 |
nm_assert(!call_id->is_idle);
|
|
Packit Service |
5ffa24 |
nm_assert(call_id->dbus.arg);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
if (priv->running) {
|
|
Packit Service |
5ffa24 |
_LOGD(call_id, "initalizing: make D-Bus call");
|
|
Packit Service |
5ffa24 |
_handle_dbus_start(self, call_id);
|
|
Packit Service |
5ffa24 |
} else {
|
|
Packit Service |
5ffa24 |
/* we don't want to invoke callbacks to the user right away. That is because
|
|
Packit Service |
5ffa24 |
* the user might schedule/cancel more calls, which messes up the order.
|
|
Packit Service |
5ffa24 |
*
|
|
Packit Service |
5ffa24 |
* Instead, convert the pending calls to idle requests... */
|
|
Packit Service |
5ffa24 |
nm_clear_pointer(&call_id->dbus.arg, g_variant_unref);
|
|
Packit Service |
5ffa24 |
call_id->is_idle = TRUE;
|
|
Packit Service |
5ffa24 |
_LOGD(call_id, "initializing: fake success on idle");
|
|
Packit Service |
5ffa24 |
_handle_idle_start(self, call_id);
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
if (was_running != now_running)
|
|
Packit Service |
5ffa24 |
g_signal_emit(self, signals[STATE_CHANGED], 0, FALSE);
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
static void
|
|
Packit Service |
5ffa24 |
name_owner_changed_cb(GDBusConnection *connection,
|
|
Packit Service |
5ffa24 |
const char * sender_name,
|
|
Packit Service |
5ffa24 |
const char * object_path,
|
|
Packit Service |
5ffa24 |
const char * interface_name,
|
|
Packit Service |
5ffa24 |
const char * signal_name,
|
|
Packit Service |
5ffa24 |
GVariant * parameters,
|
|
Packit Service |
5ffa24 |
gpointer user_data)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
NMFirewallManager *self = user_data;
|
|
Packit Service |
5ffa24 |
const char * new_owner;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
if (!g_variant_is_of_type(parameters, G_VARIANT_TYPE("(sss)")))
|
|
Packit Service |
5ffa24 |
return;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
g_variant_get(parameters, "(&s&s&s)", NULL, NULL, &new_owner);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
name_owner_changed(self, new_owner);
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
static void
|
|
Packit Service |
5ffa24 |
get_name_owner_cb(const char *name_owner, GError *error, gpointer user_data)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
NMFirewallManager * self;
|
|
Packit Service |
5ffa24 |
NMFirewallManagerPrivate *priv;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
if (!name_owner && g_error_matches(error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
|
|
Packit Service |
5ffa24 |
return;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
self = user_data;
|
|
Packit Service |
5ffa24 |
priv = NM_FIREWALL_MANAGER_GET_PRIVATE(self);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
g_clear_object(&priv->get_name_owner_cancellable);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
name_owner_changed(self, name_owner);
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
/*****************************************************************************/
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
static void
|
|
Packit Service |
5ffa24 |
nm_firewall_manager_init(NMFirewallManager *self)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
NMFirewallManagerPrivate *priv = NM_FIREWALL_MANAGER_GET_PRIVATE(self);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
c_list_init(&priv->pending_calls);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
priv->dbus_connection = nm_g_object_ref(NM_MAIN_DBUS_CONNECTION_GET);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
if (!priv->dbus_connection) {
|
|
Packit Service |
5ffa24 |
_LOGD(NULL, "no D-Bus connection");
|
|
Packit Service |
5ffa24 |
return;
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
priv->name_owner_changed_id =
|
|
Packit Service |
5ffa24 |
nm_dbus_connection_signal_subscribe_name_owner_changed(priv->dbus_connection,
|
|
Packit Service |
5ffa24 |
FIREWALL_DBUS_SERVICE,
|
|
Packit Service |
5ffa24 |
name_owner_changed_cb,
|
|
Packit Service |
5ffa24 |
self,
|
|
Packit Service |
5ffa24 |
NULL);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
priv->get_name_owner_cancellable = g_cancellable_new();
|
|
Packit Service |
5ffa24 |
nm_dbus_connection_call_get_name_owner(priv->dbus_connection,
|
|
Packit Service |
5ffa24 |
FIREWALL_DBUS_SERVICE,
|
|
Packit Service |
5ffa24 |
-1,
|
|
Packit Service |
5ffa24 |
priv->get_name_owner_cancellable,
|
|
Packit Service |
5ffa24 |
get_name_owner_cb,
|
|
Packit Service |
5ffa24 |
self);
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
static void
|
|
Packit Service |
5ffa24 |
dispose(GObject *object)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
NMFirewallManager * self = NM_FIREWALL_MANAGER(object);
|
|
Packit Service |
5ffa24 |
NMFirewallManagerPrivate *priv = NM_FIREWALL_MANAGER_GET_PRIVATE(self);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
/* as every pending operation takes a reference to the manager,
|
|
Packit Service |
5ffa24 |
* we don't expect pending operations at this point. */
|
|
Packit Service |
5ffa24 |
nm_assert(c_list_is_empty(&priv->pending_calls));
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
nm_clear_g_dbus_connection_signal(priv->dbus_connection, &priv->name_owner_changed_id);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
nm_clear_g_cancellable(&priv->get_name_owner_cancellable);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
G_OBJECT_CLASS(nm_firewall_manager_parent_class)->dispose(object);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
g_clear_object(&priv->dbus_connection);
|
|
Packit Service |
5ffa24 |
}
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
static void
|
|
Packit Service |
5ffa24 |
nm_firewall_manager_class_init(NMFirewallManagerClass *klass)
|
|
Packit Service |
5ffa24 |
{
|
|
Packit Service |
5ffa24 |
GObjectClass *object_class = G_OBJECT_CLASS(klass);
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
object_class->dispose = dispose;
|
|
Packit Service |
5ffa24 |
|
|
Packit Service |
5ffa24 |
signals[STATE_CHANGED] = g_signal_new(NM_FIREWALL_MANAGER_STATE_CHANGED,
|
|
Packit Service |
5ffa24 |
G_OBJECT_CLASS_TYPE(object_class),
|
|
Packit Service |
5ffa24 |
G_SIGNAL_RUN_FIRST,
|
|
Packit Service |
5ffa24 |
0,
|
|
Packit Service |
5ffa24 |
NULL,
|
|
Packit Service |
5ffa24 |
NULL,
|
|
Packit Service |
5ffa24 |
g_cclosure_marshal_VOID__BOOLEAN,
|
|
Packit Service |
5ffa24 |
G_TYPE_NONE,
|
|
Packit Service |
5ffa24 |
1,
|
|
Packit Service |
5ffa24 |
G_TYPE_BOOLEAN /* initialized_now */);
|
|
Packit Service |
5ffa24 |
}
|