Author: jsmeix Date: Fri Oct 30 11:57:42 2009 New Revision: 59252 URL: http://svn.opensuse.org/viewcvs/yast?rev=59252&view=rev Log: - Added a generic test if a firewall is used to Printerlib.ycp and if yes show popup info to the user regarding CUPS+firewall for the "Print via Network" and "Share Printers" dialogs (see Novell/Suse Bugzilla bnc#549065). - 2.19.0 Modified: trunk/printer/VERSION trunk/printer/package/yast2-printer.changes trunk/printer/src/Printerlib.ycp trunk/printer/src/printingvianetwork.ycp trunk/printer/src/sharing.ycp Modified: trunk/printer/VERSION URL: http://svn.opensuse.org/viewcvs/yast/trunk/printer/VERSION?rev=59252&r1=59251&r2=59252&view=diff ============================================================================== --- trunk/printer/VERSION (original) +++ trunk/printer/VERSION Fri Oct 30 11:57:42 2009 @@ -1 +1 @@ -2.18.19 +2.19.0 Modified: trunk/printer/package/yast2-printer.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/printer/package/yast2-printer.changes?rev=59252&r1=59251&r2=59252&view=diff ============================================================================== --- trunk/printer/package/yast2-printer.changes (original) +++ trunk/printer/package/yast2-printer.changes Fri Oct 30 11:57:42 2009 @@ -1,4 +1,13 @@ ------------------------------------------------------------------- +Fri Oct 30 11:53:06 CET 2009 - jsmeix@suse.de + +- Added a generic test if a firewall is used to Printerlib.ycp + and if yes show popup info to the user regarding CUPS+firewall + for the "Print via Network" and "Share Printers" dialogs + (see Novell/Suse Bugzilla bnc#549065). +- 2.19.0 + +------------------------------------------------------------------- Wed Aug 5 12:38:57 CEST 2009 - jsmeix@suse.de - In the Autoconfig dialog autoconfig.ycp added support for Modified: trunk/printer/src/Printerlib.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/printer/src/Printerlib.ycp?rev=59252&r1=59251&r2=59252&view=diff ============================================================================== --- trunk/printer/src/Printerlib.ycp (original) +++ trunk/printer/src/Printerlib.ycp Fri Oct 30 11:57:42 2009 @@ -609,6 +609,28 @@ return true; } +// Determine if any kind of firewall seems to be active by calling +// "iptables -n -L | egrep -q 'DROP|REJECT'" +// to find out if there are currently dropping or rejecting packet filter rules. +// One might use a more specific test via +// "iptables -n -L | grep -v '^LOG' | egrep -q '^DROP|^REJECT'" +// to match only for DROP and REJECT targets and exclude LOG targets +// but it does not cause real problems when there is a false positive result here +// because all what happens it that then a needless firewall info popup would be shown. +global boolean FirewallSeemsToBeActive() +{ // Note the '-n' (only numeric output) option to avoid long reverse DNS lookups: + if( ExecuteBashCommand( "iptables -n -L | egrep -q 'DROP|REJECT'" ) ) + { y2milestone("A firewall seems to be active."); + return true; + } + // Return 'false' also as fallback value when the above command fails + // because of whatever reason because this fallback value is safe + // because it only results that no firewall info popup is shown + // the "Print via Network" and/or "Share Printers" dialogs + // but also the help text of those dialogs explains firewall stuff + // so that sufficient information is available in any case: + return false; +} global boolean WriteCupsSettings(map ay){ string cups_file="/etc/cups/cupsd.conf"; Modified: trunk/printer/src/printingvianetwork.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/printer/src/printingvianetwork.ycp?rev=59252&r1=59251&r2=59252&view=diff ============================================================================== --- trunk/printer/src/printingvianetwork.ycp (original) +++ trunk/printer/src/printingvianetwork.ycp Fri Oct 30 11:57:42 2009 @@ -42,6 +42,7 @@ any initial_browse_allow = nil; string initial_browse_allow_input_value = ""; string initial_server_name_input_value = ""; +boolean browsing_firewall_popup_was_shown = false; // An entry for a ComboBox from which the user can select // that printer information is accepted from // all remote CUPS servers: @@ -105,14 +106,6 @@ // from where remote printer information is accepted: _("Optional Specific IP Addresses or &Network/Netmask (separated by space)") ) - ), - `Left - ( `Label - ( `id(`firewall_label), - // A notification to make the user aware of possible Firewall restrictions - // regarding allow incomming printer information from remote CUPS servers: - _("If a firewall is used, check that incomming packages on UDP port 631 are allowed.") - ) ) ) ), @@ -326,6 +319,18 @@ return false; } +boolean ShowBrowsingFirewallPopup() +{ if( Printerlib::FirewallSeemsToBeActive() ) + { Popup::MessageDetails( // Popup::MessageDetails message: + _("Check that your firewall allows incomming printer information on UDP port 631."), + // Popup::MessageDetails information regarding details: + _("For details regarding firewall see the help text of this dialog.") + ); + return true; + } + return false; +} + boolean ApplyNetworkPrintingSettings() { printing_via_network_has_changed = false; // Get the actual settings and values from the dialog: @@ -519,7 +524,15 @@ browse_allow_value = "none"; } if( browse_allow_value != "none" ) - { // Only a not-"none" browse_allow_value requires "Browsing On" in cupsd.conf. + { // When something (except 'none') regarding "Accept Printer Information" is set + // test whether or not a firewall seems to be active and + // if yes show a popup regarding firewall if it was not yet shown: + if( ! browsing_firewall_popup_was_shown ) + { if( ShowBrowsingFirewallPopup() ) + { browsing_firewall_popup_was_shown = true; + } + } + // Only a not-"none" browse_allow_value requires "Browsing On" in cupsd.conf. // Otherwise leave the "Browsing" entry in cupsd.conf unchanged. if( ! Printerlib::ExecuteBashCommand( Printerlib::yast_bin_dir + "modify_cupsd_conf Browsing On" ) ) { Popup::ErrorDetails( // Popup::ErrorDetails message: @@ -691,7 +704,6 @@ UI::ChangeWidget( `id(`browsing_off_radio_button), `Value, false ); UI::ChangeWidget( `id(`browsing_on_radio_button), `Value, false ); UI::ChangeWidget( `id(`browse_allow_combo_box), `Enabled, false ); - UI::ChangeWidget( `id(`firewall_label), `Enabled, false ); // When by accident "all" and "@LOCAL" were set as BrowseAllow values, // the "@LOCAL" entry is preselected in browse_allow_combo_box // because this is the more secure setting: @@ -764,16 +776,31 @@ { initial_radio_button = `browsing_on_radio_button; UI::ChangeWidget( `id(`browsing_on_radio_button), `Value, true ); UI::ChangeWidget( `id(`browse_allow_combo_box), `Enabled, true ); - UI::ChangeWidget( `id(`firewall_label), `Enabled, true ); // If browsing info is accepted from all hosts, // it is useless to additionally accept it from specific IPs or networks: if( ! contains( Printerlib::cupsd_conf_browse_allow, "all" ) ) { UI::ChangeWidget( `id(`browse_allow_input), `Enabled, true ); } + // When something (except 'none') regarding "Accept Printer Information" is set + // test whether or not a firewall seems to be active and + // if yes show a popup regarding firewall if it was not yet shown: + if( ! browsing_firewall_popup_was_shown ) + { if( ShowBrowsingFirewallPopup() ) + { browsing_firewall_popup_was_shown = true; + } + } } else { initial_radio_button = `browsing_off_radio_button; UI::ChangeWidget( `id(`browsing_off_radio_button), `Value, true ); + // The value of browsing_firewall_popup_was_shown is kept as long as the + // whole yast2-printer module runs so that the user could launch this dialog + // several times in one module run and switch between "Do Not Accept Printer Information" + // and "Accept Printer Information" several times in one run of the yast2-printer module. + // When in the previous run of this dialog "Do Not Accept Printer Information" has become true + // but in the current run of this dialog it was switched back to "Accept Printer Information" + // make sure to show in the current run of this dialog the popup regarding firewall again: + browsing_firewall_popup_was_shown = false; } } y2milestone( "leaving initNetworkPrinting with\ninitial_radio_button = '%1'\ninitial_browse_allow = '%2'\ninitial_browse_allow_input_value = '%3'\ninitial_server_name_input_value = '%4'", initial_radio_button, initial_browse_allow, initial_browse_allow_input_value, initial_server_name_input_value ); @@ -785,7 +812,6 @@ { if( `browsing_off_radio_button == event["ID"]:nil ) { UI::ChangeWidget( `id(`browse_allow_combo_box), `Enabled, false ); UI::ChangeWidget( `id(`browse_allow_input), `Enabled, false ); - UI::ChangeWidget( `id(`firewall_label), `Enabled, false ); UI::ChangeWidget( `id(`client_conf_server_name_input), `Enabled, false ); UI::ChangeWidget( `id(`test_client_conf_server), `Enabled, false ); if( ! Printerlib::client_only ) @@ -798,7 +824,6 @@ if( `browsing_on_radio_button == event["ID"]:nil ) { UI::ChangeWidget( `id(`browse_allow_combo_box), `Enabled, true ); UI::ChangeWidget( `id(`browse_allow_input), `Enabled, true ); - UI::ChangeWidget( `id(`firewall_label), `Enabled, true ); UI::ChangeWidget( `id(`client_conf_server_name_input), `Enabled, false ); UI::ChangeWidget( `id(`test_client_conf_server), `Enabled, false ); if( ! Printerlib::client_only ) @@ -821,7 +846,6 @@ if( `client_only_radio_button == event["ID"]:nil ) { UI::ChangeWidget( `id(`browse_allow_combo_box), `Enabled, false ); UI::ChangeWidget( `id(`browse_allow_input), `Enabled, false ); - UI::ChangeWidget( `id(`firewall_label), `Enabled, false ); UI::ChangeWidget( `id(`client_conf_server_name_input), `Enabled, true ); UI::ChangeWidget( `id(`test_client_conf_server), `Enabled, true ); UI::ChangeWidget( `id(`connection_wizard), `Enabled, false ); Modified: trunk/printer/src/sharing.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/printer/src/sharing.ycp?rev=59252&r1=59251&r2=59252&view=diff ============================================================================== --- trunk/printer/src/sharing.ycp (original) +++ trunk/printer/src/sharing.ycp Fri Oct 30 11:57:42 2009 @@ -49,6 +49,7 @@ list< term > initial_interface_table_items = []; string initial_allow_input_value = ""; string initial_browse_address_input_value = ""; +boolean share_printers_firewall_popup_was_shown = false; term widgetSharing = `VBox ( `RadioButtonGroup @@ -179,14 +180,6 @@ ) ) ) - ), - `Left - ( `Label - ( `id(`firewall_label), - // A notification to make the user aware of possible Firewall restrictions - // regarding remote access to CUPS via the IPP protocol (TCP/UDP port 631): - _("If a firewall is used, check that remote access to CUPS is allowed via IPP on port 631.") - ) ) ) ) @@ -238,6 +231,18 @@ return interface_map; } +boolean ShowSharePrintersFirewallPopup() +{ if( Printerlib::FirewallSeemsToBeActive() ) + { Popup::MessageDetails( // Popup::MessageDetails message: + _("Check that your firewall allows remote access to CUPS via IPP on port 631."), + // Popup::MessageDetails information regarding details: + _("For details regarding firewall see the help text of this dialog.") + ); + return true; + } + return false; +} + boolean ApplySharingSettings() { sharing_has_changed = false; // Get the actual settings and values from the dialog. @@ -411,6 +416,16 @@ } // When allow_values is empty, it is a deny_remote_access case, see above. // Therefore allow_values is non-empty here: + if( ! issubstring( tolower( allow_values ), "none") ) + { // When something (except 'none') regarding "Allow remote access" is set + // test whether or not a firewall seems to be active and + // if yes show a popup regarding firewall if it was not yet shown: + if( ! share_printers_firewall_popup_was_shown ) + { if( ShowSharePrintersFirewallPopup() ) + { share_printers_firewall_popup_was_shown = true; + } + } + } if( ! Printerlib::ExecuteBashCommand( Printerlib::yast_bin_dir + "modify_cupsd_conf Allow '" + allow_values @@ -565,7 +580,6 @@ UI::ChangeWidget( `specific_addresses_label, `Enabled, false ); UI::ChangeWidget( `allow_input, `Enabled, false ); UI::ChangeWidget( `browse_address_input, `Enabled, false ); - UI::ChangeWidget( `firewall_label, `Enabled, false ); } // Regardless whether or not the "Share Printers" dialog is useless, // fill in the values of the current settings in the system: @@ -731,6 +745,24 @@ initial_deny_remote_access = false; UI::ChangeWidget( `allow_remote_access_radio_button, `Value, true ); initial_allow_remote_access = true; + // When something (except 'none') regarding "Allow remote access" is set + // test whether or not a firewall seems to be active and + // if yes show a popup regarding firewall if it was not yet shown: + if( ! share_printers_firewall_popup_was_shown ) + { if( ShowSharePrintersFirewallPopup() ) + { share_printers_firewall_popup_was_shown = true; + } + } + } + else + { // The value of share_printers_firewall_popup_was_shown is kept as long as the + // whole yast2-printer module runs so that the user could launch this dialog + // several times in one module run and switch between "Deny remote access" + // and "Allow remote access" several times in one run of the yast2-printer module. + // When in the previous run of this dialog "Deny remote access" has become true + // but in the current run of this dialog it was switched back to "Allow remote access" + // make sure to show in the current run of this dialog the popup regarding firewall again: + share_printers_firewall_popup_was_shown = false; } foreach( string browse_address_value, browse_address_values, @@ -954,7 +986,6 @@ UI::ChangeWidget( `specific_addresses_label, `Enabled, remote_access ); UI::ChangeWidget( `allow_input, `Enabled, remote_access ); UI::ChangeWidget( `browse_address_input, `Enabled, remote_access ); - UI::ChangeWidget( `firewall_label, `Enabled, remote_access ); if( remote_access ) { boolean interface_modify_buttons = true; if( 0 == size((list)UI::QueryWidget(`interface_table, `Items)) ) interface_modify_buttons = false; -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org