Merge lp:~tintou/switchboard-plug-security-privacy/firewalld into lp:~elementary-apps/switchboard-plug-security-privacy/trunk
- firewalld
- Merge into trunk
Proposed by
Corentin Noël
Status: | Needs review | ||||
---|---|---|---|---|---|
Proposed branch: | lp:~tintou/switchboard-plug-security-privacy/firewalld | ||||
Merge into: | lp:~elementary-apps/switchboard-plug-security-privacy/trunk | ||||
Diff against target: |
805 lines (+199/-491) 8 files modified
CMakeLists.txt (+0/-4) data/org.pantheon.security-privacy.policy.cmake (+0/-20) data/security-privacy-plug-helper (+0/-24) src/CMakeLists.txt (+1/-1) src/FirewallPanel.vala (+149/-209) src/Firewalld.vala (+49/-0) src/Plug.vala (+0/-35) src/UFWHelpers.vala (+0/-198) |
||||
To merge this branch: | bzr merge lp:~tintou/switchboard-plug-security-privacy/firewalld | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Danielle Foré | Needs Fixing | ||
Review via email: mp+313927@code.launchpad.net |
Commit message
Description of the change
Use firewalld instead of UFW
To post a comment you must log in.
- 279. By Corentin Noël
-
Use Firewalld instead of UFW
Revision history for this message
Cody Garver (codygarver) wrote : | # |
Revision history for this message
Danielle Foré (danrabbit) wrote : | # |
from Cody via Slack, "This should be a build flag so it doesn't break Loki support.
review:
Needs Fixing
Unmerged revisions
- 279. By Corentin Noël
-
Use Firewalld instead of UFW
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'CMakeLists.txt' |
2 | --- CMakeLists.txt 2016-12-01 11:56:30 +0000 |
3 | +++ CMakeLists.txt 2016-12-31 02:17:48 +0000 |
4 | @@ -38,10 +38,6 @@ |
5 | include (CPack) |
6 | add_custom_target (dist COMMAND ${CMAKE_MAKE_PROGRAM} package_source) |
7 | |
8 | -configure_file (${CMAKE_SOURCE_DIR}/data/org.pantheon.security-privacy.policy.cmake ${CMAKE_BINARY_DIR}/data/org.pantheon.security-privacy.policy) |
9 | -install(FILES ${CMAKE_BINARY_DIR}/data/org.pantheon.security-privacy.policy DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/polkit-1/actions/) |
10 | -install(FILES ${CMAKE_SOURCE_DIR}/data/security-privacy-plug-helper PERMISSIONS OWNER_EXECUTE OWNER_READ DESTINATION ${PKGDATADIR}/) |
11 | - |
12 | # Traslation stuff |
13 | add_subdirectory (po) |
14 | |
15 | |
16 | === removed directory 'data' |
17 | === removed file 'data/org.pantheon.security-privacy.policy.cmake' |
18 | --- data/org.pantheon.security-privacy.policy.cmake 2014-08-09 18:22:03 +0000 |
19 | +++ data/org.pantheon.security-privacy.policy.cmake 1970-01-01 00:00:00 +0000 |
20 | @@ -1,20 +0,0 @@ |
21 | -<?xml version="1.0" encoding="UTF-8"?> |
22 | -<!DOCTYPE policyconfig PUBLIC |
23 | - "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" |
24 | - "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> |
25 | -<policyconfig> |
26 | - <vendor>elementary</vendor> |
27 | - <vendor_url>http://www.elementaryos.org/</vendor_url> |
28 | - |
29 | - <action id="org.pantheon.security-privacy"> |
30 | - <message gettext-domain="@GETTEXT_PACKAGE@">Authentication is required to run the Firewall Configuration</message> |
31 | - <icon_name>preferences-system-privacy</icon_name> |
32 | - <defaults> |
33 | - <allow_any>no</allow_any> |
34 | - <allow_inactive>no</allow_inactive> |
35 | - <allow_active>auth_admin_keep</allow_active> |
36 | - </defaults> |
37 | - <annotate key="org.freedesktop.policykit.exec.path">@PKGDATADIR@/security-privacy-plug-helper</annotate> |
38 | - </action> |
39 | - |
40 | -</policyconfig> |
41 | \ No newline at end of file |
42 | |
43 | === removed file 'data/security-privacy-plug-helper' |
44 | --- data/security-privacy-plug-helper 2014-04-24 16:28:52 +0000 |
45 | +++ data/security-privacy-plug-helper 1970-01-01 00:00:00 +0000 |
46 | @@ -1,24 +0,0 @@ |
47 | -#!/bin/bash |
48 | - |
49 | - while getopts "12345:6:" OPTION; do |
50 | - case ${OPTION} in |
51 | - 1) |
52 | - LANGUAGE=C |
53 | - export LANGUAGE |
54 | - ufw status;; |
55 | - 2) |
56 | - ufw --force enable;; |
57 | - 3) |
58 | - ufw disable;; |
59 | - 4) |
60 | - LANGUAGE=C |
61 | - export LANGUAGE |
62 | - ufw status numbered;; |
63 | - 5) |
64 | - ufw $2;; |
65 | - 6) |
66 | - ufw --force delete $OPTARG;; |
67 | - \?) |
68 | - exit 1;; |
69 | - esac |
70 | - done |
71 | \ No newline at end of file |
72 | |
73 | === modified file 'src/CMakeLists.txt' |
74 | --- src/CMakeLists.txt 2014-12-02 21:20:07 +0000 |
75 | +++ src/CMakeLists.txt 2016-12-31 02:17:48 +0000 |
76 | @@ -19,7 +19,7 @@ |
77 | FirewallPanel.vala |
78 | LockPanel.vala |
79 | TrackPanel.vala |
80 | - UFWHelpers.vala |
81 | + Firewalld.vala |
82 | ZGUtilities.vala |
83 | ${CMAKE_CURRENT_BINARY_DIR}/config.vala |
84 | PACKAGES |
85 | |
86 | === modified file 'src/FirewallPanel.vala' |
87 | --- src/FirewallPanel.vala 2015-05-10 13:54:39 +0000 |
88 | +++ src/FirewallPanel.vala 2016-12-31 02:17:48 +0000 |
89 | @@ -1,6 +1,6 @@ |
90 | // -*- Mode: vala; indent-tabs-mode: nil; tab-width: 4 -*- |
91 | /*- |
92 | - * Copyright (c) 2014 Security & Privacy Plug (http://launchpad.net/your-project) |
93 | + * Copyright (c) 2014-2017 elementary LLC. (https://elementary.io) |
94 | * |
95 | * This library is free software; you can redistribute it and/or |
96 | * modify it under the terms of the GNU Library General Public |
97 | @@ -17,223 +17,121 @@ |
98 | * Free Software Foundation, Inc., 59 Temple Place - Suite 330, |
99 | * Boston, MA 02111-1307, USA. |
100 | * |
101 | - * Authored by: Corentin Noël <tintou@mailoo.org> |
102 | + * Authored by: Corentin Noël <corentin@elementary.io> |
103 | */ |
104 | |
105 | -public class SecurityPrivacy.FirewallPanel : Gtk.Grid { |
106 | +public class SecurityPrivacy.FirewallPanel : Gtk.Stack { |
107 | private Gtk.ListStore list_store; |
108 | - private Gtk.TreeView view; |
109 | - private Gtk.Toolbar list_toolbar; |
110 | - private bool loading = false; |
111 | - private Gtk.Popover add_popover; |
112 | - private Gtk.ToolButton remove_button; |
113 | + private Firewalld firewalld; |
114 | + private FirewalldZone firewalld_zone; |
115 | |
116 | private enum Columns { |
117 | - ACTION, |
118 | PROTOCOL, |
119 | - DIRECTION, |
120 | PORTS, |
121 | - V6, |
122 | - RULE, |
123 | N_COLUMNS |
124 | } |
125 | |
126 | public FirewallPanel () { |
127 | - column_spacing = 12; |
128 | - row_spacing = 6; |
129 | + |
130 | + } |
131 | + |
132 | + construct { |
133 | margin = 12; |
134 | margin_top = 0; |
135 | - orientation = Gtk.Orientation.VERTICAL; |
136 | - |
137 | - var status_grid = new Gtk.Grid (); |
138 | - status_grid.orientation = Gtk.Orientation.HORIZONTAL; |
139 | - status_grid.column_spacing = 12; |
140 | - status_grid.halign = Gtk.Align.CENTER; |
141 | - |
142 | - var status_label = new Gtk.Label (""); |
143 | - status_label.set_markup ("<b>%s</b>".printf (_("Firewall Status:"))); |
144 | - |
145 | - var status_switch = new Gtk.Switch (); |
146 | - status_switch.notify["active"].connect (() => { |
147 | - if (loading == false) { |
148 | - view.sensitive = status_switch.active; |
149 | - UFWHelpers.set_status (status_switch.active); |
150 | - } |
151 | - show_rules (); |
152 | - }); |
153 | - |
154 | - status_grid.add (status_label); |
155 | - status_grid.add (status_switch); |
156 | - |
157 | - add (status_grid); |
158 | - sensitive = false; |
159 | - lock_button.get_permission ().notify["allowed"].connect (() => { |
160 | - loading = true; |
161 | - sensitive = lock_button.get_permission ().allowed; |
162 | - status_switch.active = UFWHelpers.get_status (); |
163 | - list_store.clear (); |
164 | - remove_button.sensitive = false; |
165 | - if (status_switch.active == true) { |
166 | - view.sensitive = true; |
167 | - foreach (var rule in UFWHelpers.get_rules ()) { |
168 | - add_rule (rule); |
169 | - } |
170 | - } else { |
171 | - view.sensitive = false; |
172 | - } |
173 | - loading = false; |
174 | - }); |
175 | - |
176 | - create_treeview (); |
177 | - } |
178 | - |
179 | - private void show_rules () { |
180 | - list_store.clear (); |
181 | - remove_button.sensitive = false; |
182 | - foreach (var rule in UFWHelpers.get_rules ()) { |
183 | - add_rule (rule); |
184 | - } |
185 | - } |
186 | - |
187 | - public void add_rule (UFWHelpers.Rule rule) { |
188 | - Gtk.TreeIter iter; |
189 | - string action = _("Unknown"); |
190 | - if (rule.action == UFWHelpers.Rule.Action.ALLOW) { |
191 | - action = _("Allow"); |
192 | - } else if (rule.action == UFWHelpers.Rule.Action.DENY) { |
193 | - action = _("Deny"); |
194 | - } else if (rule.action == UFWHelpers.Rule.Action.REJECT) { |
195 | - action = _("Reject"); |
196 | - } else if (rule.action == UFWHelpers.Rule.Action.LIMIT) { |
197 | - action = _("Limit"); |
198 | - } |
199 | - string protocol = _("Unknown"); |
200 | - if (rule.protocol == UFWHelpers.Rule.Protocol.UDP) { |
201 | - protocol = "UDP"; |
202 | - } else if (rule.protocol == UFWHelpers.Rule.Protocol.TCP) { |
203 | - protocol = "TCP"; |
204 | - } |
205 | - string direction = _("Unknown"); |
206 | - if (rule.direction == UFWHelpers.Rule.Direction.IN) { |
207 | - direction = _("In"); |
208 | - } else if (rule.direction == UFWHelpers.Rule.Direction.OUT) { |
209 | - direction = _("Out"); |
210 | - } |
211 | - list_store.append (out iter); |
212 | - list_store.set (iter, Columns.ACTION, action, Columns.PROTOCOL, protocol, |
213 | - Columns.DIRECTION, direction, Columns.PORTS, rule.ports.replace (":", "-"), |
214 | - Columns.V6, rule.is_v6, Columns.RULE, rule); |
215 | - } |
216 | - |
217 | - private void create_treeview () { |
218 | - list_store = new Gtk.ListStore (Columns.N_COLUMNS, typeof (string), |
219 | - typeof (string), typeof (string), typeof (string), typeof (bool), typeof (UFWHelpers.Rule)); |
220 | + var main_grid = new Gtk.Grid (); |
221 | + main_grid.orientation = Gtk.Orientation.VERTICAL; |
222 | + |
223 | + list_store = new Gtk.ListStore (Columns.N_COLUMNS, typeof (string), typeof (string)); |
224 | |
225 | // The View: |
226 | - view = new Gtk.TreeView.with_model (list_store); |
227 | + var view = new Gtk.TreeView.with_model (list_store); |
228 | view.vexpand = true; |
229 | |
230 | - var celltoggle = new Gtk.CellRendererToggle (); |
231 | var cell = new Gtk.CellRendererText (); |
232 | - view.insert_column_with_attributes (-1, _("IPv6"), celltoggle, "active", Columns.V6); |
233 | - view.insert_column_with_attributes (-1, _("Action"), cell, "text", Columns.ACTION); |
234 | view.insert_column_with_attributes (-1, _("Protocol"), cell, "text", Columns.PROTOCOL); |
235 | - view.insert_column_with_attributes (-1, _("Direction"), cell, "text", Columns.DIRECTION); |
236 | view.insert_column_with_attributes (-1, _("Ports"), cell, "text", Columns.PORTS); |
237 | |
238 | - list_toolbar = new Gtk.Toolbar (); |
239 | + var add_button = new Gtk.ToggleToolButton (); |
240 | + add_button.icon_widget = new Gtk.Image.from_icon_name ("list-add-symbolic", Gtk.IconSize.SMALL_TOOLBAR); |
241 | + var remove_button = new Gtk.ToolButton (new Gtk.Image.from_icon_name ("list-remove-symbolic", Gtk.IconSize.SMALL_TOOLBAR), null); |
242 | + remove_button.sensitive = false; |
243 | + |
244 | + var list_toolbar = new Gtk.Toolbar (); |
245 | list_toolbar.get_style_context ().add_class (Gtk.STYLE_CLASS_INLINE_TOOLBAR); |
246 | list_toolbar.set_icon_size (Gtk.IconSize.SMALL_TOOLBAR); |
247 | - var add_button = new Gtk.ToolButton (new Gtk.Image.from_icon_name ("list-add-symbolic", Gtk.IconSize.SMALL_TOOLBAR), null); |
248 | - add_button.clicked.connect (() => { |
249 | - var popover_grid = new Gtk.Grid (); |
250 | - popover_grid.margin = 6; |
251 | - popover_grid.margin_top = 12; |
252 | - popover_grid.margin_start = 12; |
253 | - popover_grid.margin_bottom = 9; |
254 | - popover_grid.column_spacing = 12; |
255 | - popover_grid.row_spacing = 6; |
256 | - add_popover = new Gtk.Popover (add_button); |
257 | - add_popover.add (popover_grid); |
258 | - |
259 | - var policy_label = new Gtk.Label (_("Action:")); |
260 | - policy_label.xalign = 1; |
261 | - var policy_combobox = new Gtk.ComboBoxText (); |
262 | - policy_combobox.append_text (_("Allow")); |
263 | - policy_combobox.append_text (_("Deny")); |
264 | - policy_combobox.append_text (_("Reject")); |
265 | - policy_combobox.append_text (_("Limit")); |
266 | - policy_combobox.active = 0; |
267 | - |
268 | - var protocol_label = new Gtk.Label (_("Protocol:")); |
269 | - protocol_label.xalign = 1; |
270 | - var protocol_combobox = new Gtk.ComboBoxText (); |
271 | - protocol_combobox.append_text ("TCP"); |
272 | - protocol_combobox.append_text ("UDP"); |
273 | - protocol_combobox.active = 0; |
274 | - |
275 | - var direction_label = new Gtk.Label (_("Direction:")); |
276 | - direction_label.xalign = 1; |
277 | - var direction_combobox = new Gtk.ComboBoxText (); |
278 | - direction_combobox.append_text (_("In")); |
279 | - direction_combobox.append_text (_("Out")); |
280 | - direction_combobox.active = 0; |
281 | - |
282 | - var ports_label = new Gtk.Label (_("Ports:")); |
283 | - ports_label.xalign = 1; |
284 | - var ports_entry = new Gtk.Entry (); |
285 | - ports_entry.input_purpose = Gtk.InputPurpose.NUMBER; |
286 | - ports_entry.placeholder_text = _("%d or %d-%d").printf (80, 80, 85); |
287 | - |
288 | - var do_add_button = new Gtk.Button.with_label (_("Add Rule")); |
289 | - do_add_button.get_style_context ().add_class (Gtk.STYLE_CLASS_SUGGESTED_ACTION); |
290 | - do_add_button.clicked.connect (() => { |
291 | - var rule = new UFWHelpers.Rule (); |
292 | - if (direction_combobox.active == 0) |
293 | - rule.direction = UFWHelpers.Rule.Direction.IN; |
294 | - else |
295 | - rule.direction = UFWHelpers.Rule.Direction.OUT; |
296 | - |
297 | - if (protocol_combobox.active == 0) |
298 | - rule.protocol = UFWHelpers.Rule.Protocol.TCP; |
299 | - else |
300 | - rule.protocol = UFWHelpers.Rule.Protocol.UDP; |
301 | - |
302 | - if (policy_combobox.active == 0) |
303 | - rule.action = UFWHelpers.Rule.Action.ALLOW; |
304 | - else if (policy_combobox.active == 1) |
305 | - rule.action = UFWHelpers.Rule.Action.DENY; |
306 | - else if (policy_combobox.active == 2) |
307 | - rule.action = UFWHelpers.Rule.Action.REJECT; |
308 | - else |
309 | - rule.action = UFWHelpers.Rule.Action.LIMIT; |
310 | - |
311 | - rule.ports = ports_entry.text.replace ("-", ":"); |
312 | - UFWHelpers.add_rule (rule); |
313 | - add_popover.hide (); |
314 | - show_rules (); |
315 | - }); |
316 | - |
317 | - var add_button_grid = new Gtk.Grid (); |
318 | - add_button_grid.add (do_add_button); |
319 | - add_button_grid.halign = Gtk.Align.END; |
320 | - |
321 | - popover_grid.attach (policy_label, 0, 0, 1, 1); |
322 | - popover_grid.attach (policy_combobox, 1, 0, 1, 1); |
323 | - popover_grid.attach (protocol_label, 0, 1, 1, 1); |
324 | - popover_grid.attach (protocol_combobox, 1, 1, 1, 1); |
325 | - popover_grid.attach (direction_label, 0, 2, 1, 1); |
326 | - popover_grid.attach (direction_combobox, 1, 2, 1, 1); |
327 | - popover_grid.attach (ports_label, 0, 3, 1, 1); |
328 | - popover_grid.attach (ports_entry, 1, 3, 1, 1); |
329 | - popover_grid.attach (add_button_grid, 0, 4, 2, 1); |
330 | - |
331 | - add_popover.show_all (); |
332 | - }); |
333 | - |
334 | list_toolbar.insert (add_button, -1); |
335 | - remove_button = new Gtk.ToolButton (new Gtk.Image.from_icon_name ("list-remove-symbolic", Gtk.IconSize.SMALL_TOOLBAR), null); |
336 | - remove_button.sensitive = false; |
337 | + list_toolbar.insert (remove_button, -1); |
338 | + |
339 | + var scrolled = new Gtk.ScrolledWindow (null, null); |
340 | + scrolled.expand = true; |
341 | + scrolled.add (view); |
342 | + |
343 | + var view_frame = new Gtk.Frame (null); |
344 | + view_frame.add (scrolled); |
345 | + |
346 | + main_grid.add (view_frame); |
347 | + main_grid.add (list_toolbar); |
348 | + |
349 | + var protocol_label = new Gtk.Label (_("Protocol:")); |
350 | + protocol_label.xalign = 1; |
351 | + var protocol_combobox = new Gtk.ComboBoxText (); |
352 | + protocol_combobox.append ("tcp", "TCP"); |
353 | + protocol_combobox.append ("udp", "UDP"); |
354 | + protocol_combobox.active_id = "tcp"; |
355 | + |
356 | + var ports_label = new Gtk.Label (_("Ports:")); |
357 | + ports_label.xalign = 1; |
358 | + var ports_entry = new Gtk.Entry (); |
359 | + ports_entry.input_purpose = Gtk.InputPurpose.NUMBER; |
360 | + ports_entry.placeholder_text = _("%d or %d-%d").printf (80, 80, 85); |
361 | + |
362 | + var do_add_button = new Gtk.Button.with_label (_("Add Rule")); |
363 | + do_add_button.get_style_context ().add_class (Gtk.STYLE_CLASS_SUGGESTED_ACTION); |
364 | + |
365 | + var add_button_grid = new Gtk.Grid (); |
366 | + add_button_grid.add (do_add_button); |
367 | + add_button_grid.halign = Gtk.Align.END; |
368 | + |
369 | + var popover_grid = new Gtk.Grid (); |
370 | + popover_grid.margin = 12; |
371 | + popover_grid.column_spacing = 12; |
372 | + popover_grid.row_spacing = 6; |
373 | + popover_grid.attach (protocol_label, 0, 0, 1, 1); |
374 | + popover_grid.attach (protocol_combobox, 1, 0, 1, 1); |
375 | + popover_grid.attach (ports_label, 0, 1, 1, 1); |
376 | + popover_grid.attach (ports_entry, 1, 1, 1, 1); |
377 | + popover_grid.attach (add_button_grid, 0, 2, 2, 1); |
378 | + popover_grid.show_all (); |
379 | + |
380 | + var add_popover = new Gtk.Popover (add_button); |
381 | + add_popover.add (popover_grid); |
382 | + |
383 | + var alert = new Granite.Widgets.AlertView (_("Unauthorized"), _("Firewall settings require advanced privilege to be changed"), "security-high-symbolic"); |
384 | + alert.show_action (_("Change settings…")); |
385 | + var alert_frame = new Gtk.Frame (null); |
386 | + alert_frame.add (alert); |
387 | + |
388 | + add_named (alert_frame, "alert"); |
389 | + add_named (main_grid, "main"); |
390 | + |
391 | + add_button.bind_property ("active", add_popover, "visible", BindingFlags.BIDIRECTIONAL); |
392 | + |
393 | + alert.action_activated.connect (() => { |
394 | + start (); |
395 | + }); |
396 | + |
397 | + do_add_button.clicked.connect (() => { |
398 | + var port = SecurityPrivacy.Port (); |
399 | + port.port = ports_entry.text; |
400 | + port.protocol = protocol_combobox.active_id; |
401 | + try { |
402 | + firewalld_zone.add_port (port.port, port.protocol); |
403 | + add_port (port); |
404 | + } catch (Error e) { |
405 | + critical (e.message); |
406 | + } |
407 | + }); |
408 | + |
409 | remove_button.clicked.connect (() => { |
410 | Gtk.TreePath path; |
411 | Gtk.TreeViewColumn column; |
412 | @@ -241,25 +139,67 @@ |
413 | Gtk.TreeIter iter; |
414 | list_store.get_iter (out iter, path); |
415 | Value val; |
416 | - list_store.get_value (iter, Columns.RULE, out val); |
417 | - UFWHelpers.remove_rule ((UFWHelpers.Rule) val.get_object ()); |
418 | - show_rules (); |
419 | + Value val2; |
420 | + list_store.get_value (iter, Columns.PORTS, out val); |
421 | + list_store.get_value (iter, Columns.PROTOCOL, out val2); |
422 | + try { |
423 | + firewalld_zone.remove_port (val.get_string (), val2.get_string ()); |
424 | + list_store.remove (iter); |
425 | + } catch (Error e) { |
426 | + critical (e.message); |
427 | + } |
428 | }); |
429 | - list_toolbar.insert (remove_button, -1); |
430 | |
431 | view.cursor_changed.connect (() => { |
432 | remove_button.sensitive = true; |
433 | }); |
434 | - |
435 | - var view_grid = new Gtk.Grid (); |
436 | - |
437 | - var scrolled = new Gtk.ScrolledWindow (null, null); |
438 | - scrolled.shadow_type = Gtk.ShadowType.IN; |
439 | - scrolled.expand = true; |
440 | - scrolled.add (view); |
441 | - |
442 | - view_grid.attach (scrolled, 0, 0, 1, 1); |
443 | - view_grid.attach (list_toolbar, 0, 1, 1, 1); |
444 | - add (view_grid); |
445 | + } |
446 | + |
447 | + private void start () { |
448 | + try { |
449 | + firewalld = Bus.get_proxy_sync (BusType.SYSTEM, "org.fedoraproject.FirewallD1", "/org/fedoraproject/FirewallD1"); |
450 | + firewalld.default_zone_changed.connect ((new_zone) => { |
451 | + load_zone (new_zone); |
452 | + }); |
453 | + |
454 | + load_zone (firewalld.get_default_zone ()); |
455 | + } catch (IOError e) { |
456 | + critical (e.message); |
457 | + set_visible_child_name ("alert"); |
458 | + } |
459 | + } |
460 | + |
461 | + private void load_zone (string zone_name) { |
462 | + ObjectPath zone_path = null; |
463 | + try { |
464 | + FirewalldConfig f_conf = Bus.get_proxy_sync (BusType.SYSTEM, "org.fedoraproject.FirewallD1", "/org/fedoraproject/FirewallD1/config"); |
465 | + zone_path = f_conf.get_zone_by_name (zone_name); |
466 | + } catch (IOError e) { |
467 | + critical (e.message); |
468 | + } |
469 | + |
470 | + if (zone_path == null) { |
471 | + set_visible_child_name ("alert"); |
472 | + return; |
473 | + } else { |
474 | + set_visible_child_name ("main"); |
475 | + } |
476 | + |
477 | + try { |
478 | + firewalld_zone = Bus.get_proxy_sync (BusType.SYSTEM, "org.fedoraproject.FirewallD1", zone_path); |
479 | + list_store.clear (); |
480 | + foreach (var port in firewalld_zone.get_ports ()) { |
481 | + add_port (port); |
482 | + } |
483 | + } catch (IOError e) { |
484 | + critical (e.message); |
485 | + set_visible_child_name ("alert"); |
486 | + } |
487 | + } |
488 | + |
489 | + private void add_port (SecurityPrivacy.Port port) { |
490 | + Gtk.TreeIter iter; |
491 | + list_store.append (out iter); |
492 | + list_store.set (iter, Columns.PROTOCOL, port.protocol, Columns.PORTS, port.port); |
493 | } |
494 | } |
495 | |
496 | === added file 'src/Firewalld.vala' |
497 | --- src/Firewalld.vala 1970-01-01 00:00:00 +0000 |
498 | +++ src/Firewalld.vala 2016-12-31 02:17:48 +0000 |
499 | @@ -0,0 +1,49 @@ |
500 | +// -*- Mode: vala; indent-tabs-mode: nil; tab-width: 4 -*- |
501 | +/*- |
502 | + * Copyright (c) 2014-2017 elementary LLC. (https://elementary.io) |
503 | + * |
504 | + * This library is free software; you can redistribute it and/or |
505 | + * modify it under the terms of the GNU Library General Public |
506 | + * License as published by the Free Software Foundation; either |
507 | + * version 3 of the License, or (at your option) any later version. |
508 | + * |
509 | + * This library is distributed in the hope that it will be useful, |
510 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of |
511 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
512 | + * Library General Public License for more details. |
513 | + * |
514 | + * You should have received a copy of the GNU Library General Public |
515 | + * License along with this library; if not, write to the |
516 | + * Free Software Foundation, Inc., 59 Temple Place - Suite 330, |
517 | + * Boston, MA 02111-1307, USA. |
518 | + * |
519 | + * Authored by: Corentin Noël <corentin@elementary.io> |
520 | + */ |
521 | + |
522 | +[DBus (name = "org.fedoraproject.FirewallD1")] |
523 | +public interface SecurityPrivacy.Firewalld : Object { |
524 | + [DBus (name = "getDefaultZone")] |
525 | + public abstract string get_default_zone () throws IOError; |
526 | + public signal void default_zone_changed (string new_default); |
527 | +} |
528 | + |
529 | +[DBus (name = "org.fedoraproject.FirewallD1.config")] |
530 | +public interface SecurityPrivacy.FirewalldConfig : Object { |
531 | + [DBus (name = "getZoneByName")] |
532 | + public abstract ObjectPath get_zone_by_name (string zone) throws IOError; |
533 | +} |
534 | + |
535 | +[DBus (name = "org.fedoraproject.FirewallD1.config.zone")] |
536 | +public interface SecurityPrivacy.FirewalldZone : Object { |
537 | + [DBus (name = "getPorts")] |
538 | + public abstract SecurityPrivacy.Port[] get_ports () throws IOError; |
539 | + [DBus (name = "removePort")] |
540 | + public abstract void remove_port (string port, string protocol) throws IOError; |
541 | + [DBus (name = "addPort")] |
542 | + public abstract void add_port (string port, string protocol) throws IOError; |
543 | +} |
544 | + |
545 | +public struct SecurityPrivacy.Port { |
546 | + public string port; |
547 | + public string protocol; |
548 | +} |
549 | |
550 | === modified file 'src/Plug.vala' |
551 | --- src/Plug.vala 2016-11-02 00:52:31 +0000 |
552 | +++ src/Plug.vala 2016-12-31 02:17:48 +0000 |
553 | @@ -22,7 +22,6 @@ |
554 | namespace SecurityPrivacy { |
555 | |
556 | public static Plug plug; |
557 | - public static Gtk.LockButton lock_button; |
558 | public static Blacklist blacklist; |
559 | |
560 | public class Plug : Switchboard.Plug { |
561 | @@ -63,40 +62,6 @@ |
562 | stack = new Gtk.Stack (); |
563 | stack.expand = true; |
564 | |
565 | - try { |
566 | - var permission = new Polkit.Permission.sync ("org.pantheon.security-privacy", Polkit.UnixProcess.new (Posix.getpid ())); |
567 | - var infobar = new Gtk.InfoBar (); |
568 | - infobar.message_type = Gtk.MessageType.INFO; |
569 | - lock_button = new Gtk.LockButton (permission); |
570 | - var area = infobar.get_action_area () as Gtk.Container; |
571 | - var content = infobar.get_content_area () as Gtk.Container; |
572 | - var label = new Gtk.Label (_("Some settings require administrator rights to be changed")); |
573 | - area.add (lock_button); |
574 | - content.add (label); |
575 | - main_grid.attach (infobar, 0, 0, 1, 1); |
576 | - infobar.no_show_all = true; |
577 | - stack.notify["visible-child-name"].connect (() => { |
578 | - if (permission.allowed == false && stack.visible_child_name == "firewall") { |
579 | - infobar.no_show_all = false; |
580 | - infobar.show_all (); |
581 | - } else { |
582 | - infobar.no_show_all = true; |
583 | - infobar.hide (); |
584 | - } |
585 | - }); |
586 | - permission.notify["allowed"].connect (() => { |
587 | - if (permission.allowed == false && stack.visible_child_name == "firewall") { |
588 | - infobar.no_show_all = false; |
589 | - infobar.show_all (); |
590 | - } else { |
591 | - infobar.no_show_all = true; |
592 | - infobar.hide (); |
593 | - } |
594 | - }); |
595 | - } catch (Error e) { |
596 | - critical (e.message); |
597 | - } |
598 | - |
599 | var stack_switcher = new Gtk.StackSwitcher (); |
600 | stack_switcher.set_stack (stack); |
601 | stack_switcher.halign = Gtk.Align.CENTER; |
602 | |
603 | === removed file 'src/UFWHelpers.vala' |
604 | --- src/UFWHelpers.vala 2014-04-24 16:28:52 +0000 |
605 | +++ src/UFWHelpers.vala 1970-01-01 00:00:00 +0000 |
606 | @@ -1,198 +0,0 @@ |
607 | -// -*- Mode: vala; indent-tabs-mode: nil; tab-width: 4 -*- |
608 | -/*- |
609 | - * Copyright (c) 2014 Security & Privacy Plug (http://launchpad.net/your-project) |
610 | - * |
611 | - * This library is free software; you can redistribute it and/or |
612 | - * modify it under the terms of the GNU Library General Public |
613 | - * License as published by the Free Software Foundation; either |
614 | - * version 3 of the License, or (at your option) any later version. |
615 | - * |
616 | - * This library is distributed in the hope that it will be useful, |
617 | - * but WITHOUT ANY WARRANTY; without even the implied warranty of |
618 | - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
619 | - * Library General Public License for more details. |
620 | - * |
621 | - * You should have received a copy of the GNU Library General Public |
622 | - * License along with this library; if not, write to the |
623 | - * Free Software Foundation, Inc., 59 Temple Place - Suite 330, |
624 | - * Boston, MA 02111-1307, USA. |
625 | - * |
626 | - * Authored by: Corentin Noël <tintou@mailoo.org> |
627 | - */ |
628 | - |
629 | -#if TRANSLATION |
630 | - _("Authentication is required to run the Firewall Configuration") |
631 | -#endif |
632 | - |
633 | -namespace SecurityPrivacy.UFWHelpers { |
634 | - |
635 | - private string get_helper_path () { |
636 | - return "%s/security-privacy-plug-helper".printf (Build.PKGDATADIR); |
637 | - } |
638 | - |
639 | - public bool get_status () { |
640 | - try { |
641 | - string standard_output; |
642 | - Process.spawn_command_line_sync ("pkexec %s -4".printf (get_helper_path ()), out standard_output); |
643 | - return (standard_output.contains ("inactive") == false); |
644 | - } catch (Error e) { |
645 | - warning (e.message); |
646 | - return false; |
647 | - } |
648 | - } |
649 | - |
650 | - public void set_status (bool status) { |
651 | - try { |
652 | - if (status == true) |
653 | - Process.spawn_command_line_sync ("pkexec %s -2".printf (get_helper_path ())); |
654 | - else |
655 | - Process.spawn_command_line_sync ("pkexec %s -3".printf (get_helper_path ())); |
656 | - } catch (Error e) { |
657 | - warning (e.message); |
658 | - } |
659 | - } |
660 | - |
661 | - public Gee.LinkedList<Rule> get_rules () { |
662 | - var rules = new Gee.LinkedList<Rule> (); |
663 | - try { |
664 | - string standard_output; |
665 | - Process.spawn_command_line_sync ("pkexec %s -4".printf (get_helper_path ()), out standard_output); |
666 | - var lines = standard_output.split("\n"); |
667 | - foreach (var line in lines) { |
668 | - if ("ALLOW" in line || "DENY" in line || "LIMIT" in line || "REJECT" in line) { |
669 | - var rule = new Rule.from_line (line); |
670 | - rules.add (rule); |
671 | - } |
672 | - } |
673 | - } catch (Error e) { |
674 | - warning (e.message); |
675 | - } |
676 | - return rules; |
677 | - } |
678 | - |
679 | - public void remove_rule (Rule rule) { |
680 | - try { |
681 | - Process.spawn_command_line_sync ("pkexec %s -6 \"%d\"".printf (get_helper_path (), rule.number)); |
682 | - } catch (Error e) { |
683 | - warning (e.message); |
684 | - } |
685 | - } |
686 | - |
687 | - public void add_rule (Rule rule) { |
688 | - string rule_str = ""; |
689 | - try { |
690 | - switch (rule.action) { |
691 | - case Rule.Action.DENY: |
692 | - rule_str = "deny"; |
693 | - break; |
694 | - case Rule.Action.REJECT: |
695 | - rule_str = "reject"; |
696 | - break; |
697 | - case Rule.Action.LIMIT: |
698 | - rule_str = "limit"; |
699 | - break; |
700 | - default: |
701 | - rule_str = "allow"; |
702 | - break; |
703 | - } |
704 | - |
705 | - switch (rule.direction) { |
706 | - case Rule.Direction.OUT: |
707 | - rule_str = "%s out".printf (rule_str); |
708 | - break; |
709 | - default: |
710 | - rule_str = "%s in".printf (rule_str); |
711 | - break; |
712 | - } |
713 | - |
714 | - switch (rule.protocol) { |
715 | - case Rule.Protocol.UDP: |
716 | - rule_str = "%s %s/udp".printf (rule_str, rule.ports); |
717 | - break; |
718 | - default: |
719 | - rule_str = "%s %s/tcp".printf (rule_str, rule.ports); |
720 | - break; |
721 | - } |
722 | - |
723 | - Process.spawn_command_line_sync ("pkexec %s -5 \"%s\"".printf (get_helper_path (), rule_str)); |
724 | - } catch (Error e) { |
725 | - warning (e.message); |
726 | - } |
727 | - } |
728 | - |
729 | - public class Rule : GLib.Object { |
730 | - public enum Action { |
731 | - ALLOW, |
732 | - DENY, |
733 | - REJECT, |
734 | - LIMIT |
735 | - } |
736 | - |
737 | - public enum Protocol { |
738 | - UDP, |
739 | - TCP |
740 | - } |
741 | - |
742 | - public enum Direction { |
743 | - IN, |
744 | - OUT |
745 | - } |
746 | - |
747 | - public Action action; |
748 | - public Protocol protocol; |
749 | - public Direction direction; |
750 | - public string ports; |
751 | - public bool is_v6 = false; |
752 | - public int number; |
753 | - |
754 | - public Rule () { |
755 | - |
756 | - } |
757 | - |
758 | - public Rule.from_line (string line) { |
759 | - if (line.contains ("(v6)")) |
760 | - is_v6 = true; |
761 | - var first = line.replace ("(v6)", "").split ("] "); |
762 | - number = int.parse (first[0].replace ("[", "")); |
763 | - var second = first[1]; |
764 | - var third = second.split ("/"); |
765 | - ports = third[0]; |
766 | - string current = ""; |
767 | - int position = 0; |
768 | - foreach (var car in third[1].data) { |
769 | - if (car == ' ') { |
770 | - if (current == "") { |
771 | - continue; |
772 | - } |
773 | - |
774 | - if (position == 0) { |
775 | - if ("udp" in current) |
776 | - protocol = Protocol.UDP; |
777 | - else if ("tcp" in current) |
778 | - protocol = Protocol.TCP; |
779 | - } else if (position == 1) { |
780 | - if ("ALLOW" in current) |
781 | - action = Action.ALLOW; |
782 | - else if ("DENY" in current) |
783 | - action = Action.DENY; |
784 | - else if ("REJECT" in current) |
785 | - action = Action.REJECT; |
786 | - else if ("LIMIT" in current) |
787 | - action = Action.LIMIT; |
788 | - } else if (position == 2) { |
789 | - if ("IN" in current) |
790 | - direction = Direction.IN; |
791 | - else if ("OUT" in current) |
792 | - direction = Direction.OUT; |
793 | - break; |
794 | - } |
795 | - |
796 | - current = ""; |
797 | - position++; |
798 | - continue; |
799 | - } |
800 | - current = "%s%c".printf (current, car); |
801 | - } |
802 | - } |
803 | - } |
804 | -} |
805 | \ No newline at end of file |
This should be a build flag so it does not break Loki support yet.
> On Dec 30, 2016, at 8:14 PM, Corentin Noël <email address hidden> wrote: /bugs.launchpad .net/switchboar d-plug- security- privacy/ +bug/1639775 /code.launchpad .net/~tintou/ switchboard- plug-security- privacy/ firewalld/ +merge/ 313927 MAKE_PROGRAM} package_source) -configure_file (${CMAKE_ SOURCE_ DIR}/data/ org.pantheon. security- privacy. policy. cmake ${CMAKE_ BINARY_ DIR}/data/ org.pantheon. security- privacy. policy) -install(FILES ${CMAKE_ BINARY_ DIR}/data/ org.pantheon. security- privacy. policy DESTINATION ${CMAKE_ INSTALL_ FULL_DATAROOTDI R}/polkit- 1/actions/ ) -install(FILES ${CMAKE_ SOURCE_ DIR}/data/ security- privacy- plug-helper PERMISSIONS OWNER_EXECUTE OWNER_READ DESTINATION ${PKGDATADIR}/) - # Traslation stuff add_subdirectory (po) === removed directory 'data' === removed file 'data/org. pantheon. security- privacy. policy. cmake' --- data/org. pantheon. security- privacy. policy. cmake 2014-08-09 18:22:03 +0000 +++ data/org. pantheon. security- privacy. policy. cmake 1970-01-01 00:00:00 +0000 @@ -1,20 +0,0 @@ - - - - elementary - http:// www.elementaryo s.org/ - - - Authentication is required to run the Firewall Configuration - preferences- system- privacy - - no - no - auth_admin_keep - - @PKGDATADIR@ /security- privacy- plug-helper - - - \ No newline at end of file === removed file 'data/security- privacy- plug-helper' --- data/security- privacy- plug-helper 2014-04-24 16:28:52 +0000 +++ data/security- privacy- plug-helper 1970-01-01 00:00:00 +0000 @@ -1,24 +0,0 @@ -#!/bin/bash - - while getopts "12345:6:" OPTION; do - case ${OPTION} in - 1) - LANGUAGE=C - export LANGUAGE - ufw status;; - 2) - ufw --force enable;; - 3) - ufw disable;; - 4) - LANGUAGE=C - export LANGUAGE - ufw status numbered;; - 5) - ufw $2;; - 6) - ufw --force delete $OPTARG;; - \?) - exit 1;; - esac - done \ No newline at end of file === modified file 'src/CMakeLists .txt' --- src/CMakeLists.txt 2014-12-02 21:20:07 +0000 +++ src/CMakeLists.txt 2016-12-31 02:13:20 +0000 @@ -19,7 +19,7 @@ FirewallPanel.vala LockPanel.vala TrackPanel.vala - UFWHelpers.vala + Firewalld.vala ZGUtilities.vala ${CMAKE_ CURRENT_ BINARY_ DIR}/config. vala PACKAGES === modified file 'src/FirewallPa nel.vala' --- src/FirewallPan el.vala 2015-05-10 13:54:39 +0000 +++ src/FirewallPan el.vala 2016-12-31 02:13:20 +0000 @@ -1,6 +1,6 @@ // -*- Mode: vala; indent-tabs-mode: nil; tab-width: 4 -*-...
>
> Corentin Noël has proposed merging lp:~tintou/switchboard-plug-security-privacy/firewalld into lp:switchboard-plug-security-privacy.
>
> Requested reviews:
> elementary Apps team (elementary-apps)
> Related bugs:
> Bug #1639775 in Switchboard Security & Privacy Plug: "Firewall portion of plug should use FirewallD instead of ufw"
> https:/
>
> For more details, see:
> https:/
>
> Use firewalld instead of UFW
> --
> Your team elementary Apps team is requested to review the proposed merge of lp:~tintou/switchboard-plug-security-privacy/firewalld into lp:switchboard-plug-security-privacy.
> === modified file 'CMakeLists.txt' --- CMakeLists.txt 2016-12-01 11:56:30 +0000 +++ CMakeLists.txt 2016-12-31 02:13:20 +0000 @@ -38,10 +38,6 @@ include (CPack) add_custom_target (dist COMMAND ${CMAKE_