ACC SHELL
/**
* File: clients/firewall_proposal.ycp
* Package: Firewall configuration
* Summary: Firewall configuration proposal
* Authors: Lukas Ocilka <locilka@suse.cz>
*
* $Id: firewall_proposal.ycp 59187 2009-10-23 16:01:47Z kmachalkova $
*/
{
textdomain "firewall";
/* The main () */
y2milestone("----------------------------------------");
y2milestone("Firewall proposal started");
y2milestone("Arguments: %1", WFM::Args());
import "SuSEFirewall";
import "SuSEFirewallServices";
import "SuSEFirewallProposal";
import "Popup";
import "Progress";
import "ProductFeatures";
import "Report";
import "Service";
include "firewall/helps.ycp";
boolean enable_firewall_init_default = ProductFeatures::GetBooleanFeature ("globals", "enable_firewall");
boolean enable_ssh = ProductFeatures::GetBooleanFeature ("globals", "firewall_enable_ssh");
// run this only once
if (!SuSEFirewallProposal::GetProposalInitialized()) {
// Package must be installed
if (SuSEFirewall::SuSEFirewallIsInstalled()) {
// variables from control file
y2milestone("Default firewall values: enable_firewall=%1, enable_ssh=%2",
ProductFeatures::GetBooleanFeature ("globals", "enable_firewall"), ProductFeatures::GetBooleanFeature ("globals", "firewall_enable_ssh"));
SuSEFirewall::SetEnableService(ProductFeatures::GetBooleanFeature ("globals", "enable_firewall"));
SuSEFirewall::SetStartService (ProductFeatures::GetBooleanFeature ("globals", "enable_firewall"));
// Package is missing
} else {
// variables from control file
y2milestone("Default firewall values: enable_firewall=%1, enable_ssh=%2",
false, false);
SuSEFirewall::SetEnableService(false);
SuSEFirewall::SetStartService (false);
}
SuSEFirewallProposal::SetProposalInitialized(true);
}
string func = (string) WFM::Args(0);
map param = (map) WFM::Args(1);
map ret = $[];
/* create a textual proposal */
if(func == "MakeProposal") {
boolean progress_orig = Progress::set (false);
boolean force_reset = param["force_reset"]:false;
if (force_reset) {
SuSEFirewallProposal::Reset();
SuSEFirewallProposal::SetChangedByUser(false);
}
SuSEFirewallProposal::Propose();
// setting start-firewall to the same value as enable-firewall
SuSEFirewall::SetStartService(SuSEFirewall::GetEnableService());
// reseting modified-flag, until called Write
SuSEFirewall::ResetModified();
string warning = nil;
symbol warning_level = nil;
map<string, string> proposal = (map<string, string>) SuSEFirewallProposal::ProposalSummary();
ret = $[
"preformatted_proposal" : proposal["output"]:"",
"warning_level" : `warning,
"warning" : proposal["warning"]:nil,
"links" : [
"firewall--enable_firewall_in_proposal", "firewall--disable_firewall_in_proposal",
"firewall--enable_ssh_in_proposal", "firewall--disable_ssh_in_proposal",
"firewall--enable_vnc_in_proposal", "firewall--disable_vnc_in_proposal",
],
"help" : HelpForDialog ("installation_proposal"),
];
Progress::set (progress_orig);
}
/* run the module */
else if(func == "AskUser") {
any chosen_id = param["chosen_id"]:nil;
y2milestone("Firewall Proposal wanted to change with id %1", chosen_id);
/*
* When user clicks on any clickable <a href> in firewall proposal,
* one of these actions is called
*/
// Package SuSEfirewall2 is not installed
if (! SuSEFirewall::SuSEFirewallIsInstalled()) {
// TRANSLATORS: message popup
Report::Message (_("Firewall configuration cannot be changed.
The SuSEfirewall2 package is not installed."));
ret = $[ "workflow_sequence" : `next ];
// Enable firewall
} else if (chosen_id == "firewall--enable_firewall_in_proposal") {
y2milestone("Firewall enabled by a single-click");
SuSEFirewall::SetEnableService(true);
SuSEFirewall::SetStartService(true);
ret = $[ "workflow_sequence" : `next ];
SuSEFirewallProposal::SetChangedByUser(true);
// Disable firewall
} else if (chosen_id == "firewall--disable_firewall_in_proposal") {
y2milestone("Firewall disabled by a single-click");
SuSEFirewall::SetEnableService(false);
SuSEFirewall::SetStartService(false);
ret = $[ "workflow_sequence" : `next ];
SuSEFirewallProposal::SetChangedByUser(true);
// Enable SSH service
} else if (chosen_id == "firewall--enable_ssh_in_proposal") {
y2milestone("SSH enabled by a single-click");
if (SuSEFirewallServices::IsKnownService("service:sshd")) {
y2milestone ("Service 'service:sshd' is known");
SuSEFirewallProposal::OpenServiceOnNonDialUpInterfaces("service:sshd", ["ssh"]);
} else if (SuSEFirewallServices::IsKnownService("ssh")) {
y2warning ("Only service 'ssh' is known");
SuSEFirewallProposal::OpenServiceOnNonDialUpInterfaces("ssh", ["ssh"]);
}
enable_ssh = true;
ret = $[ "workflow_sequence" : `next ];
SuSEFirewallProposal::SetChangedByUser(true);
// Disable SSH service
} else if (chosen_id == "firewall--disable_ssh_in_proposal") {
y2milestone("SSH disabled by a single-click");
// new service definition
if (SuSEFirewallServices::IsKnownService("service:sshd"))
SuSEFirewall::SetServicesForZones (["service:sshd"], SuSEFirewall::GetKnownFirewallZones(), false);
// old service definition
if (SuSEFirewallServices::IsKnownService("ssh"))
SuSEFirewall::SetServicesForZones (["ssh"], SuSEFirewall::GetKnownFirewallZones(), false);
// SSH might be also defined by a port, not only using a service:sshd
foreach (string zone, SuSEFirewall::GetKnownFirewallZones(), {
if (SuSEFirewall::HaveService("ssh", "TCP", zone))
SuSEFirewall::RemoveService("ssh", "TCP", zone);
});
enable_ssh = false;
ret = $[ "workflow_sequence" : `next ];
SuSEFirewallProposal::SetChangedByUser(true);
// Enable VNC service
} else if (chosen_id == "firewall--enable_vnc_in_proposal") {
y2milestone("VNC enabled by a single-click");
SuSEFirewallProposal::OpenServiceOnNonDialUpInterfaces("service:xorg-x11-Xvnc", ["5801", "5901"]);
ret = $[ "workflow_sequence" : `next ];
SuSEFirewallProposal::SetChangedByUser(true);
// Disable VNC service
} else if (chosen_id == "firewall--disable_vnc_in_proposal") {
y2milestone("VNC disabled by a single-click");
SuSEFirewall::SetServicesForZones (["service:xorg-x11-Xvnc"], SuSEFirewall::GetKnownFirewallZones(), false);
ret = $[ "workflow_sequence" : `next ];
SuSEFirewallProposal::SetChangedByUser(true);
// Change the firewall settings in usual configuration dialogs
} else {
map <string, any> stored = (map <string, any>) SuSEFirewall::Export();
y2milestone("Editing firewall settings");
symbol result = (symbol) WFM::CallFunction("firewall");
if (result != `next) SuSEFirewall::Import(stored);
else SuSEFirewallProposal::SetChangedByUser(true);
y2debug("stored=%1", stored);
y2debug("result=%1", result);
ret = $[ "workflow_sequence" : result ];
}
}
/* create titles */
else if(func == "Description") {
ret = $[
/* RichText label */
"rich_text_title" : _("Firewall"),
/* Menu label */
"menu_title" : _("&Firewall"),
"id" : "firewall",
];
}
/* write the proposal */
else if(func == "Write") {
// Allways modified
SuSEFirewall::SetModified();
SuSEFirewall::Write();
if (enable_ssh)
Service::Enable("sshd");
}
/* unknown function */
else {
y2error("unknown function: %1", func);
}
/* Finish */
y2debug("ret=%1",ret);
y2milestone("Firewall proposal finished");
y2milestone("----------------------------------------");
return ret;
/* EOF */
}
ACC SHELL 2018