Author: locilka Date: Wed Apr 23 14:57:28 2008 New Revision: 46982 URL: http://svn.opensuse.org/viewcvs/yast?rev=46982&view=rev Log: - Fixing CWMFirewallInterfaces to appropriately handle interfaces in unprotected internal zone (bnc #382686). Modified: trunk/yast2/library/network/src/CWMFirewallInterfaces.ycp trunk/yast2/package/yast2.changes Modified: trunk/yast2/library/network/src/CWMFirewallInterfaces.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/yast2/library/network/src/CWMFire... ============================================================================== --- trunk/yast2/library/network/src/CWMFirewallInterfaces.ycp (original) +++ trunk/yast2/library/network/src/CWMFirewallInterfaces.ycp Wed Apr 23 14:57:28 2008 @@ -32,6 +32,7 @@ //import "NetworkService"; import "Popup"; import "SuSEFirewall"; +import "Report"; // used only for (Mode::installation() || Mode::update()) import "SuSEFirewallProposal"; @@ -332,6 +333,16 @@ } } + // Check the INT zone, it's not protected by default + // See bnc #382686 + list <string> internal_interfaces = SuSEFirewall::GetInterfacesInZone ("INT"); + if (size (internal_interfaces) > 0 && SuSEFirewall::GetProtectFromInternalZone() == false) { + y2milestone ("Unprotected internal interfaces: %1", internal_interfaces); + allowed_interfaces = (list <string>) union (allowed_interfaces, internal_interfaces); + } else { + y2milestone ("Internal zone is protected or there are no interfaces in it"); + } + //if (contains(all_interfaces, special_all_nm_interfaces)) { // boolean special_all_nm_enabled = size(services) > 0; // foreach (string sr, services, { @@ -470,14 +481,43 @@ UI::QueryWidget (`id ("_cwm_interface_list"), `SelectedItems); ifaces = toset (ifaces); y2milestone("Selected ifaces: %1", ifaces); - if (size (ifaces) == 0) - { + + // Check the INT zone, it's not protected by default + // See bnc #382686 + list <string> internal_interfaces = SuSEFirewall::GetInterfacesInZone ("INT"); + + if (size (internal_interfaces) > 0 && SuSEFirewall::GetProtectFromInternalZone() == false) { + list <string> int_not_selected = []; + foreach (string one_internal, internal_interfaces, { + if (! contains (ifaces, one_internal)) { + int_not_selected = add (int_not_selected, one_internal); + } + }); + + if (size (int_not_selected) > 0) { + y2warning ("Unprotected internal interfaces not selected: %1", int_not_selected); + + Report::Message ( + sformat ( + _("These network interfaces assigned to internal network cannot be unselected: +%1"), + mergestring (int_not_selected, "\n") + ) + ); + + ifaces = (list <string>) union (ifaces, int_not_selected); + y2milestone ("Selected interfaces: %1", ifaces); + UI::ChangeWidget (`id ("_cwm_interface_list"), `SelectedItems, ifaces); + return false; + } + } + + if (size (ifaces) == 0) { // question popup if (! Popup::YesNo (_("No interface is selected. Service will not be available for other computers. -Continue?"))) - { +Continue?"))) { return false; } } Modified: trunk/yast2/package/yast2.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/yast2/package/yast2.changes?rev=4... ============================================================================== --- trunk/yast2/package/yast2.changes (original) +++ trunk/yast2/package/yast2.changes Wed Apr 23 14:57:28 2008 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Wed Apr 23 14:59:43 CEST 2008 - locilka@suse.cz + +- Fixing CWMFirewallInterfaces to appropriately handle interfaces + in unprotected internal zone (bnc #382686). + +------------------------------------------------------------------- Wed Apr 23 13:27:18 CEST 2008 - mvidner@suse.cz - Make the yast2 script work even with trailing slashes in $PATH -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org