[system-config-printer/f18] FirewallD support
Jiří Popelka
jpopelka at fedoraproject.org
Thu Sep 6 10:32:56 UTC 2012
commit 54829cb99a115205cec9a8606e3aef0f2d46b12c
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Thu Sep 6 12:28:03 2012 +0200
FirewallD support
system-config-printer-FirewallD.patch | 441 +++++++++++++++++++++++++++++++++
system-config-printer.spec | 10 +-
2 files changed, 449 insertions(+), 2 deletions(-)
---
diff --git a/system-config-printer-FirewallD.patch b/system-config-printer-FirewallD.patch
new file mode 100644
index 0000000..d7d0146
--- /dev/null
+++ b/system-config-printer-FirewallD.patch
@@ -0,0 +1,441 @@
+diff -up system-config-printer-1.3.11/firewall.py.FirewallD system-config-printer-1.3.11/firewall.py
+diff -up system-config-printer-1.3.11/firewallsettings.py.FirewallD system-config-printer-1.3.11/firewallsettings.py
+--- system-config-printer-1.3.11/firewallsettings.py.FirewallD 2012-09-06 12:22:04.395872865 +0200
++++ system-config-printer-1.3.11/firewallsettings.py 2012-09-06 12:22:04.395872865 +0200
+@@ -0,0 +1,251 @@
++#!/usr/bin/python
++
++## system-config-printer
++
++## Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Red Hat, Inc.
++## Authors:
++## Tim Waugh <twaugh at redhat.com>
++
++## This program is free software; you can redistribute it and/or modify
++## it under the terms of the GNU General Public License as published by
++## the Free Software Foundation; either version 2 of the License, or
++## (at your option) any later version.
++
++## This program is distributed in the hope that it will be useful,
++## but WITHOUT ANY WARRANTY; without even the implied warranty of
++## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++## GNU General Public License for more details.
++
++## You should have received a copy of the GNU General Public License
++## along with this program; if not, write to the Free Software
++## Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
++
++# config is generated from config.py.in by configure
++import config
++
++import dbus
++import json
++from debug import *
++
++IPP_CLIENT_SERVICE = "ipp-client"
++IPP_CLIENT_PORT = "631"
++IPP_CLIENT_PROTOCOL = "udp"
++IPP_SERVER_SERVICE = "ipp"
++IPP_SERVER_PORT = "631"
++IPP_SERVER_PROTOCOL = "tcp"
++MDNS_SERVICE = "mdns"
++MDNS_PORT = "5353"
++MDNS_PROTOCOL = "udp"
++SAMBA_CLIENT_SERVICE = "samba-client"
++
++class FirewallD:
++ def __init__ (self):
++ try:
++ from firewall.client import FirewallClient
++ self._fw = FirewallClient ()
++ zone_name = self._get_active_zone ()
++ if zone_name:
++ self._zone = self._fw.config().getZoneByName (zone_name)
++ else:
++ self._zone = None
++ self.running = True
++ debugprint ("Using /org/fedoraproject/FirewallD1")
++ except (ImportError, dbus.DBusException):
++ self._fw = None
++ self._zone = None
++ self.running = False
++
++ def _get_active_zone (self):
++ zones = self._fw.getActiveZones().keys()
++ # remove immutable zones
++ zones = [z for z in zones if not self._fw.isImmutable(z)]
++
++ if not zones:
++ debugprint ("FirewallD: no changeable zone")
++ return None
++ elif len (zones) == 1:
++ # most probable case
++ return zones[0]
++ else:
++ # Do we need to handle the 'more active zones' case ?
++ # It's quite unlikely case because that would mean that more
++ # network connections are up and running and they are
++ # in different network zones at the same time.
++ debugprint ("FirewallD returned more zones, taking first one")
++ return zones[0]
++
++ def _get_fw_data (self, reply_handler=None, error_handler=None):
++ try:
++ debugprint ("%s in _get_fw_data: _fw_data is %s" %
++ (self, repr(self._fw_data.getServices())))
++ if self._fw_data:
++ debugprint ("Using cached firewall data")
++ if reply_handler:
++ reply_handler (self._fw_data)
++ except AttributeError:
++ try:
++ self._fw_data = self._zone.getSettings ()
++ debugprint ("Firewall data obtained")
++ if reply_handler:
++ reply_handler (self._fw_data)
++ except (dbus.DBusException, AttributeError, ValueError), e:
++ self._fw_data = None
++ debugprint ("Exception examining firewall")
++ if error_handler:
++ error_handler (e)
++
++ return self._fw_data
++
++ def read (self, reply_handler=None, error_handler=None):
++ if reply_handler:
++ self._get_fw_data (reply_handler,
++ error_handler)
++ else:
++ self._get_fw_data ()
++
++ def write (self):
++ if self._zone:
++ self._zone.update (self._fw_data)
++ self._fw.reload ()
++
++ def add_service (self, service):
++ if not self._get_fw_data ():
++ return
++
++ self._fw_data.addService (service)
++
++ def check_ipp_client_allowed (self):
++ if not self._get_fw_data ():
++ return True
++
++ return (IPP_CLIENT_SERVICE in self._fw_data.getServices () or
++ [IPP_CLIENT_PORT, IPP_CLIENT_PROTOCOL] in self._fw_data.getPorts ())
++
++ def check_ipp_server_allowed (self):
++ if not self._get_fw_data ():
++ return True
++
++ return (IPP_SERVER_SERVICE in self._fw_data.getServices () or
++ [IPP_SERVER_PORT, IPP_SERVER_PROTOCOL] in self._fw_data.getPorts ())
++
++ def check_samba_client_allowed (self):
++ if not self._get_fw_data ():
++ return True
++
++ return (IPP_CLIENT_SERVICE in self._fw_data.getServices ())
++
++ def check_mdns_allowed (self):
++ if not self._get_fw_data ():
++ return True
++
++ return (MDNS_SERVICE in self._fw_data.getServices () or
++ [MDNS_PORT, MDNS_PROTOCOL] in self._fw_data.getPorts ())
++
++
++
++
++class SystemConfigFirewall:
++ DBUS_INTERFACE = "org.fedoraproject.Config.Firewall"
++ DBUS_PATH = "/org/fedoraproject/Config/Firewall"
++
++ def __init__(self):
++ try:
++ bus = dbus.SystemBus ()
++ obj = bus.get_object (self.DBUS_INTERFACE, self.DBUS_PATH)
++ self._fw = dbus.Interface (obj, self.DBUS_INTERFACE)
++ debugprint ("Using system-config-firewall")
++ except (dbus.DBusException), e:
++ debugprint ("No firewall ")
++ self._fw = None
++ self._fw_data = (None, None)
++
++ def _get_fw_data (self, reply_handler=None, error_handler=None):
++ try:
++ debugprint ("%s in _get_fw_data: _fw_data is %s" %
++ (self, repr(self._fw_data)))
++ if self._fw_data:
++ debugprint ("Using cached firewall data")
++ if reply_handler == None:
++ return self._fw_data
++
++ self._client_reply_handler (self._fw_data)
++ except AttributeError:
++ try:
++ if reply_handler:
++ self._fw.read (reply_handler=reply_handler,
++ error_handler=error_handler)
++ return
++
++ p = self._fw.read ()
++ self._fw_data = json.loads (p.encode ('utf-8'))
++ except (dbus.DBusException, AttributeError, ValueError), e:
++ self._fw_data = (None, None)
++ if error_handler:
++ debugprint ("Exception examining firewall")
++ self._client_error_handler (e)
++
++ return self._fw_data
++
++ def read (self, reply_handler=None, error_handler=None):
++ if reply_handler:
++ self._client_reply_handler = reply_handler
++ self._client_error_handler = error_handler
++ self._get_fw_data (reply_handler=self.reply_handler,
++ error_handler=self.error_handler)
++ else:
++ self._get_fw_data ()
++
++ def reply_handler (self, result):
++ try:
++ self._fw_data = json.loads (result.encode ('utf-8'))
++ except ValueError, e:
++ self.error_handler (e)
++ return
++
++ debugprint ("Firewall data obtained")
++ self._client_reply_handler (self._fw_data)
++
++ def error_handler (self, exc):
++ debugprint ("Exception fetching firewall data")
++ self._client_error_handler (exc)
++
++ def write (self):
++ try:
++ self._fw.write (json.dumps (self._fw_data[0]))
++ except:
++ pass
++
++ def _check_any_allowed (self, search):
++ (args, filename) = self._get_fw_data ()
++ if filename == None: return True
++ isect = set (search).intersection (set (args))
++ return len (isect) != 0
++
++
++ def add_service (self, service):
++ try:
++ (args, filename) = self._fw_data
++ except AttributeError:
++ (args, filename) = self._get_fw_data ()
++ if filename == None: return
++
++ args.append ("--service=" + service)
++ self._fw_data = (args, filename)
++
++ def check_ipp_client_allowed (self):
++ return self._check_any_allowed (set(["--port=%s:%s" %
++ (IPP_CLIENT_PORT, IPP_CLIENT_PROTOCOL),
++ "--service=" + IPP_CLIENT_SERVICE]))
++
++ def check_ipp_server_allowed (self):
++ return self._check_any_allowed (set(["--port=%s:%s" %
++ (IPP_SERVER_PORT, IPP_SERVER_PROTOCOL),
++ "--service=" + IPP_SERVER_SERVICE]))
++
++ def check_samba_client_allowed (self):
++ return self._check_any_allowed (set(["--service=" + SAMBA_CLIENT_SERVICE]))
++
++ def check_mdns_allowed (self):
++ return self._check_any_allowed (set(["--port=%s:%s" %
++ (MDNS_PORT, MDNS_PROTOCOL),
++ "--service=" + MDNS_SERVICE]))
+diff -up system-config-printer-1.3.11/Makefile.in.FirewallD system-config-printer-1.3.11/Makefile.in
+--- system-config-printer-1.3.11/Makefile.in.FirewallD 2012-08-03 12:04:49.000000000 +0200
++++ system-config-printer-1.3.11/Makefile.in 2012-09-06 12:22:31.171452018 +0200
+@@ -358,7 +358,7 @@ nobase_pkgdata_DATA = \
+ dnssdresolve.py \
+ errordialogs.py \
+ HIG.py \
+- firewall.py \
++ firewallsettings.py \
+ gui.py \
+ gtkinklevel.py \
+ gtkspinner.py \
+diff -up system-config-printer-1.3.11/newprinter.py.FirewallD system-config-printer-1.3.11/newprinter.py
+--- system-config-printer-1.3.11/newprinter.py.FirewallD 2012-05-24 14:03:21.000000000 +0200
++++ system-config-printer-1.3.11/newprinter.py 2012-09-06 12:22:04.396872850 +0200
+@@ -63,7 +63,7 @@ from smburi import SMBURI
+ from errordialogs import *
+ from PhysicalDevice import PhysicalDevice
+ import gtkspinner
+-import firewall
++import firewallsettings
+ import asyncconn
+ import ppdsloader
+ import dnssdresolve
+@@ -1618,11 +1618,14 @@ class NewPrinterGUI(GtkGUI):
+ try:
+ if (self._host == 'localhost' or
+ self._host[0] == '/'):
+- self.firewall = firewall.Firewall ()
++ self.firewall = firewallsettings.FirewallD ()
++ if not self.firewall.running:
++ self.firewall = firewallsettings.SystemConfigFirewall ()
++
+ debugprint ("Examining firewall")
+ self.firewall.read (reply_handler=self.on_firewall_read,
+ error_handler=lambda x:
+- self.start_fetching_devices())
++ self.start_fetching_devices())
+ allowed = False
+ else:
+ # This is a remote server. Nothing we can do about
+@@ -1648,11 +1651,11 @@ class NewPrinterGUI(GtkGUI):
+ secondary_text += ("- " +
+ _("Allow all incoming IPP Browse packets") +
+ "\n")
+- f.add_rule (f.ALLOW_IPP_CLIENT)
++ f.add_service (firewallsettings.IPP_CLIENT_SERVICE)
+ if not mdns_allowed:
+ secondary_text += ("- " +
+ _("Allow all incoming mDNS traffic") + "\n")
+- f.add_rule (f.ALLOW_MDNS)
++ f.add_service (firewallsettings.MDNS_SERVICE)
+
+ if not allowed:
+ debugprint ("Asking for permission to adjust firewall:\n%s" %
+@@ -1678,7 +1681,7 @@ class NewPrinterGUI(GtkGUI):
+ def adjust_firewall_response (self, dialog, response):
+ dialog.destroy ()
+ if response == gtk.RESPONSE_YES:
+- self.firewall.add_rule (self.firewall.ALLOW_IPP_SERVER)
++ self.firewall.add_service (firewallsettings.IPP_SERVER_SERVICE)
+ self.firewall.write ()
+
+ debugprint ("Fetching devices after firewall dialog response")
+@@ -2070,7 +2073,9 @@ class NewPrinterGUI(GtkGUI):
+ try:
+ # Note: we do the browsing from *this* machine, regardless
+ # of which CUPS server we are connected to.
+- f = firewall.Firewall ()
++ f = firewallsettings.FirewallD ()
++ if not f.running:
++ f = firewallsettings.SystemConfigFirewall ()
+ allowed = f.check_samba_client_allowed ()
+ secondary_text = TEXT_adjust_firewall + "\n\n"
+ if not allowed:
+@@ -2090,7 +2095,7 @@ class NewPrinterGUI(GtkGUI):
+ dialog.destroy ()
+
+ if response == gtk.RESPONSE_YES:
+- f.add_rule (f.ALLOW_SAMBA_CLIENT)
++ f.add_service (firewallsettings.SAMBA_CLIENT_SERVICE)
+ f.write ()
+ except (dbus.DBusException, Exception):
+ nonfatalException ()
+diff -up system-config-printer-1.3.11/serversettings.py.FirewallD system-config-printer-1.3.11/serversettings.py
+--- system-config-printer-1.3.11/serversettings.py.FirewallD 2012-05-24 14:03:22.000000000 +0200
++++ system-config-printer-1.3.11/serversettings.py 2012-09-06 12:22:04.397872835 +0200
+@@ -34,7 +34,7 @@ import time
+ import authconn
+ from debug import *
+ from errordialogs import *
+-import firewall
++import firewallsettings
+ from gui import GtkGUI
+
+ try:
+@@ -526,7 +526,10 @@ class ServerSettings(GtkGUI):
+ try:
+ if (self._host == 'localhost' or
+ self._host[0] == '/'):
+- f = firewall.Firewall ()
++ f = firewallsettings.FirewallD ()
++ if not f.running:
++ f = firewallsettings.SystemConfigFirewall ()
++
+ allowed = f.check_ipp_server_allowed ()
+ else:
+ # This is a remote server. Nothing we can do
+@@ -549,7 +552,7 @@ class ServerSettings(GtkGUI):
+ dialog.destroy ()
+
+ if response == gtk.RESPONSE_YES:
+- f.add_rule (f.ALLOW_IPP_SERVER)
++ f.add_service (firewallsettings.IPP_SERVER_SERVICE)
+ f.write ()
+ except (dbus.DBusException, Exception):
+ nonfatalException ()
+diff -up system-config-printer-1.3.11/system-config-printer.py.FirewallD system-config-printer-1.3.11/system-config-printer.py
+--- system-config-printer-1.3.11/system-config-printer.py.FirewallD 2012-08-01 17:48:26.000000000 +0200
++++ system-config-printer-1.3.11/system-config-printer.py 2012-09-06 12:22:04.398872819 +0200
+@@ -371,6 +371,7 @@ class GUI(GtkGUI):
+ self.newPrinterGUI = np = newprinter.NewPrinterGUI()
+ np.connect ("printer-added", self.on_new_printer_added)
+ np.connect ("printer-modified", self.on_printer_modified)
++ np.connect ("dialog-canceled", self.on_new_printer_not_added)
+
+ # Set up "About" dialog
+ self.AboutDialog.set_program_name(config.PACKAGE)
+@@ -1729,26 +1730,44 @@ class GUI(GtkGUI):
+ # == New Printer Dialog ==============================================
+ # ====================================================================
+
++ def sensitise_new_printer_widgets(self, sensitive=True):
++ self.btnNew.set_sensitive (sensitive)
++ self.btnAddFirstPrinter.set_sensitive (sensitive)
++ self.ui_manager.get_action ("/new-printer").set_sensitive (sensitive)
++ self.ui_manager.get_action ("/new-class").set_sensitive (sensitive)
++
++ def desensitise_new_printer_widgets(self):
++ self.sensitise_new_printer_widgets (False)
++
+ # new printer
+ def on_new_printer_activate(self, widget):
+ busy (self.PrintersWindow)
++ self.desensitise_new_printer_widgets ()
+ if not self.newPrinterGUI.init("printer",
+ host=self.connect_server,
+ encryption=self.connect_encrypt,
+ parent=self.PrintersWindow):
++ self.sensitise_new_printer_widgets ()
+ self.monitor.update ()
+ ready (self.PrintersWindow)
+
+ # new class
+ def on_new_class_activate(self, widget):
++ self.desensitise_new_printer_widgets ()
+ if not self.newPrinterGUI.init("class",
+ host=self.connect_server,
+ encryption=self.connect_encrypt,
+ parent=self.PrintersWindow):
++ self.sensitise_new_printer_widgets ()
+ self.monitor.update ()
+
++ def on_new_printer_not_added (self, obj):
++ self.sensitise_new_printer_widgets ()
++
+ def on_new_printer_added (self, obj, name):
+ debugprint ("New printer added: %s" % name)
++
++ self.sensitise_new_printer_widgets ()
+ self.populateList ()
+
+ if not self.printers.has_key (name):
+diff -up system-config-printer-1.3.11/ui/NewPrinterWindow.ui.FirewallD system-config-printer-1.3.11/ui/NewPrinterWindow.ui
+--- system-config-printer-1.3.11/ui/NewPrinterWindow.ui.FirewallD 2012-05-24 14:03:22.000000000 +0200
++++ system-config-printer-1.3.11/ui/NewPrinterWindow.ui 2012-09-06 12:22:04.400872787 +0200
+@@ -4,7 +4,7 @@
+ <object class="GtkWindow" id="NewPrinterWindow">
+ <property name="can_focus">False</property>
+ <property name="title" translatable="yes">New Printer</property>
+- <property name="modal">True</property>
++ <property name="modal">False</property>
+ <property name="window_position">center-on-parent</property>
+ <property name="default_width">600</property>
+ <property name="default_height">420</property>
diff --git a/system-config-printer.spec b/system-config-printer.spec
index 1c03899..e679931 100644
--- a/system-config-printer.spec
+++ b/system-config-printer.spec
@@ -1,12 +1,13 @@
Summary: A printer administration tool
Name: system-config-printer
Version: 1.3.11
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2+
URL: http://cyberelk.net/tim/software/system-config-printer/
Group: System Environment/Base
Source0: http://cyberelk.net/tim/data/system-config-printer/1.3/%{name}-%{version}.tar.xz
Patch1: system-config-printer-no-applet-in-gnome.patch
+Patch2: system-config-printer-FirewallD.patch
BuildRequires: cups-devel >= 1.2
BuildRequires: desktop-file-utils >= 0.2.92
BuildRequires: gettext-devel
@@ -62,6 +63,8 @@ printers.
# Don't start the applet in GNOME.
%patch1 -p1 -b .no-applet-in-gnome
+# FirewallD support
+%patch2 -p1 -b .FirewallD
%build
%configure --with-udev-rules
@@ -93,7 +96,7 @@ touch %buildroot%{_localstatedir}/run/udev-configure-printer/usb-uris
%{_datadir}/%{name}/debug.py*
%{_datadir}/%{name}/dnssdresolve.py*
%{_datadir}/%{name}/errordialogs.py*
-%{_datadir}/%{name}/firewall.py*
+%{_datadir}/%{name}/firewallsettings.py*
%{_datadir}/%{name}/gtkinklevel.py*
%{_datadir}/%{name}/gtk_label_autowrap.py*
%{_datadir}/%{name}/gtkspinner.py*
@@ -171,6 +174,9 @@ exit 0
%systemd_postun_with_restart udev-configure-printer.service
%changelog
+* Thu Sep 06 2012 Jiri Popelka <jpopelka at redhat.com> 1.3.11-3
+- FirewallD support
+
* Wed Aug 22 2012 Jiri Popelka <jpopelka at redhat.com> 1.3.11-2
- use new systemd-rpm macros (#850334)
More information about the scm-commits
mailing list