Hello community,
here is the log from the commit of package yast2
checked in at Sun May 7 16:47:35 CEST 2006.
--------
--- yast2/yast2.changes 2006-04-25 21:08:14.000000000 +0200
+++ STABLE/yast2/yast2.changes 2006-05-04 14:22:01.000000000 +0200
@@ -1,0 +2,14 @@
+Thu May 4 14:15:31 CEST 2006 - jsrain@suse.cz
+
+- read texts from control file (#170881)
+- 2.13.56
+
+-------------------------------------------------------------------
+Wed May 3 17:45:59 CEST 2006 - locilka@suse.cz
+
+- Properly handle special string 'any' in 'EXT' zone in CWM for
+ firewall. Creating special functions in SuSEFirewall module for
+ that (#158520).
+- 2.13.55
+
+-------------------------------------------------------------------
Old:
----
yast2-2.13.54.tar.bz2
New:
----
yast2-2.13.56.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2.spec ++++++
--- /var/tmp/diff_new_pack.pls0Qs/_old 2006-05-07 16:47:05.000000000 +0200
+++ /var/tmp/diff_new_pack.pls0Qs/_new 2006-05-07 16:47:05.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package yast2 (Version 2.13.54)
+# spec file for package yast2 (Version 2.13.56)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -11,12 +11,12 @@
# norootforbuild
Name: yast2
-Version: 2.13.54
-Release: 1
+Version: 2.13.56
+Release: 2
License: GPL
Group: System/YaST
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Source0: yast2-2.13.54.tar.bz2
+Source0: yast2-2.13.56.tar.bz2
prefix: /usr
BuildRequires: perl-XML-Writer update-desktop-files yast2-devtools yast2-pkg-bindings yast2-testsuite
# Need the new file popups
@@ -93,7 +93,7 @@
Steffen Winterfeldt iface_groups = maplist (string g, groups, {
- return SuSEFirewall::GetInterfacesInZone (g);
+ list <string> ifaces_also_supported_by_any = SuSEFirewall::GetInterfacesInZoneSupportingAnyFeature (g);
+ // If all interfaces in EXT zone are covered by the special 'any' string
+ // and none of these interfaces are selected to be open, we can remove all of them
+ // disable the service in whole EXT zone
+ if (g == SuSEFirewall::special_all_interface_zone) {
+ list <string> ifaces_left_explicitely = filter(string iface, ifaces_also_supported_by_any, {
+ return contains(ifaces, iface);
+ });
+ y2milestone("Ifaces left in zone: %1", ifaces_left_explicitely);
+ // there are no interfaces left that would be explicitely mentioned in the EXT zone
+ if (ifaces_left_explicitely == []) {
+ return [];
+ // Hmm, some interfaces left
+ } else {
+ return ifaces_also_supported_by_any;
+ }
+ // Just report all interfaces mentioned in zone
+ } else {
+ return ifaces_also_supported_by_any;
+ }
});
+ y2milestone("Ifaces touched: %1", iface_groups);
list<string> new_ifaces = toset (flatten (iface_groups));
new_ifaces = filter (string i, new_ifaces, {
return i != nil;
@@ -301,9 +325,29 @@
service_status = filter (string iface, boolean en, service_status, {
return en;
});
+ y2milestone("Status: %1", service_status);
allowed_interfaces = maplist (string iface, boolean en, service_status, {
return iface;
});
+
+ // Checking whether the string 'any' is in the 'EXT' zone
+ // If it is, checking the status of services for this zone
+ // If it is enabled, adding it these interfaces into the list of allowed interfaces
+ // and setting this zone to enabled
+ if (SuSEFirewall::IsAnyNetworkInterfaceSupported()) {
+ list <string> interfaces_supported_by_any =
+ SuSEFirewall::InterfacesSupportedByAnyFeature(SuSEFirewall::special_all_interface_zone);
+ if (size(interfaces_supported_by_any)>0) {
+ foreach (string service, services, {
+ service_status[SuSEFirewall::special_all_interface_zone] =
+ SuSEFirewall::IsServiceSupportedInZone(service, SuSEFirewall::special_all_interface_zone)
+ && service_status[SuSEFirewall::special_all_interface_zone]:true;
+ });
+ if (service_status[SuSEFirewall::special_all_interface_zone]:false) {
+ allowed_interfaces = (list <string>) union (allowed_interfaces, interfaces_supported_by_any);
+ }
+ }
+ }
//if (contains(all_interfaces, special_all_nm_interfaces)) {
// boolean special_all_nm_enabled = size(services) > 0;
@@ -347,6 +391,9 @@
// allowed_interfaces = filter(string i, allowed_interfaces, { return i != special_all_nm_interfaces; });
//}
+ list <string> interfaces_supported_by_any =
+ SuSEFirewall::InterfacesSupportedByAnyFeature(SuSEFirewall::special_all_interface_zone);
+
if (size (forbidden_interfaces) > 0)
{
SuSEFirewall::SetServices (services, forbidden_interfaces, false);
@@ -474,12 +521,17 @@
// list<string> firewall_ifaces = toset (Selected2Opened (ifaces, nm_ifaces_have_to_be_supported));
list<string> firewall_ifaces = toset (Selected2Opened (ifaces, false));
+ y2milestone("firewall_ifaces: %1", firewall_ifaces);
+
list<string> added_ifaces = filter (string i, firewall_ifaces, {
return ! contains (ifaces, i);
});
+ y2milestone("added_ifaces: %1", added_ifaces);
+
list<string> removed_ifaces = filter (string i, ifaces, {
return ! contains (firewall_ifaces, i);
});
+ y2milestone("removed_ifaces: %1", removed_ifaces);
//// to hide that special string
//added_ifaces = filter (string i, added_ifaces, { return i != special_all_nm_interfaces; });
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-2.13.54/library/network/src/SuSEFirewall.ycp new/yast2-2.13.56/library/network/src/SuSEFirewall.ycp
--- old/yast2-2.13.54/library/network/src/SuSEFirewall.ycp 2006-04-07 22:40:52.000000000 +0200
+++ new/yast2-2.13.56/library/network/src/SuSEFirewall.ycp 2006-05-04 13:27:43.000000000 +0200
@@ -1524,6 +1524,37 @@
return toset(zones);
}
+ global define list<string> GetInterfacesInZoneSupportingAnyFeature (string zone);
+
+ /**
+ * Function returns list of zones of requested interfaces.
+ * Special string 'any' in 'EXT' zone is supported.
+ *
+ * @param list<string> interfaces
+ * @param list<string> firewall zones
+ */
+ global define list<string> GetZonesOfInterfacesWithAnyFeatureSupported (list<string> interfaces) {
+ list<string> zones = [];
+ string zone = "";
+
+ // 'any' in 'EXT'
+ list <string> interfaces_covered_by_any =
+ SuSEFirewall::GetInterfacesInZoneSupportingAnyFeature(special_all_interface_zone);
+
+ foreach (string interface, interfaces, {
+ // interface is covered by 'any' in 'EXT'
+ if (contains(interfaces_covered_by_any, interface))
+ zone = special_all_interface_zone;
+ // interface is explicitely mentioned in some zone
+ else
+ zone = GetZoneOfInterface(interface);
+
+ if (zone != nil) zones = add(zones, zone);
+ });
+
+ return toset(zones);
+ }
+
/**
* Function returns list of maps of known interfaces.
* Interfaces handled by a NetworkManager are not returned at all.
@@ -1683,6 +1714,52 @@
return toset(firewall_configured_devices);
}
+ /**
+ * Returns list of interfaces not mentioned in any zone and covered by the
+ * special string 'any' in zone 'EXT' if such string exists there and the zone
+ * is EXT.
+ *
+ * @param string zone
+ * @return list <string> of interfaces covered by special string 'any'
+ */
+ global define list<string> InterfacesSupportedByAnyFeature (string zone) {
+ list <string> result = [];
+
+ if (zone == special_all_interface_zone && IsAnyNetworkInterfaceSupported()) {
+ list <string> known_interfaces_now = GetListOfKnownInterfaces();
+ list <string> configured_interfaces = GetFirewallInterfaces();
+ foreach (string one_interface, known_interfaces_now, {
+ if (! contains(configured_interfaces, one_interface)) {
+ y2milestone("Interface '%1' supported by special string '%2' in zone '%3'",
+ one_interface, special_all_interface_string, special_all_interface_zone);
+ result = add (result, one_interface);
+ }
+ });
+ }
+
+ return result;
+ }
+
+ /**
+ * Function returns list of known interfaces in requested zone.
+ * Special string 'any' in EXT zone covers all interfaces without
+ * any zone assignment.
+ *
+ * @param string zone
+ * @return list <string> of interfaces
+ */
+ global define list<string> GetInterfacesInZoneSupportingAnyFeature (string zone) {
+ list <string> interfaces_in_zone = GetInterfacesInZone(zone);
+
+ // 'any' in EXT zone, add all interfaces without zone to this one
+ list <string> interfaces_covered_by_any = InterfacesSupportedByAnyFeature(zone);
+ if (size(interfaces_covered_by_any)>0) {
+ interfaces_in_zone = (list <string>) union (interfaces_in_zone, interfaces_covered_by_any);
+ }
+
+ return interfaces_in_zone;
+ }
+
boolean ArePortsOrServicesAllowed (list <string> needed_ports, string protocol, string zone, boolean check_for_aliases);
/**
@@ -2075,7 +2152,7 @@
* @return boolean if successfull
*/
global define boolean SetServices (list<string> services_ids, list<string> interfaces, boolean new_status) {
- list<string> firewall_zones = GetZonesOfInterfaces(interfaces);
+ list<string> firewall_zones = GetZonesOfInterfacesWithAnyFeatureSupported(interfaces);
if (size(firewall_zones)==0) {
y2error("Interfaces '%1' are not in any group if interfaces", interfaces);
return false;
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...