Merge 844cb19 into b0758ce

yast · Oct 23, 2020 · a19eec2 · a19eec2
2 parents b0758ce + 844cb19
commit a19eec2
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 7 deletions.
diff --git a/package/yast2-firewall.changes b/package/yast2-firewall.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Oct 22 20:44:20 UTC 2020 - Josef Reidinger <jreidinger@suse.com>
+
+- Do not warn user about ssh key only authentication when
+  ssh port is closed, but firewall is disabled.
+  (bsc#1177953)
+- 4.3.8
+
 -------------------------------------------------------------------
 Fri Oct 16 15:15:49 UTC 2020 - Josef Reidinger <jreidinger@suse.com>
 

diff --git a/package/yast2-firewall.spec b/package/yast2-firewall.spec
@@ -17,7 +17,7 @@
 
 
 Name:           yast2-firewall
-Version:        4.3.7
+Version:        4.3.8
 Release:        0
 Summary:        YaST2 - Firewall Configuration
 Group:          System/YaST

diff --git a/src/lib/y2firewall/proposal_settings.rb b/src/lib/y2firewall/proposal_settings.rb
@@ -126,9 +126,14 @@ def close_vnc!
     # @return [Boolean] true if the root user uses only public key
     #   authentication and the system is not accesible through ssh
     def access_problem?
+      # public key is not the only way
       return false unless only_public_key_auth
 
-      !(@open_ssh && @enable_sshd)
+      # without running sshd it is useless
+      return true unless @enable_sshd
+
+      # firewall is up and port for ssh is not open
+      @enable_firewall && !@open_ssh
     end
 
   private

diff --git a/test/lib/y2firewall/proposal_settings_test.rb b/test/lib/y2firewall/proposal_settings_test.rb
@@ -209,25 +209,37 @@
 
   describe "#access_problem?" do
     let(:ssh_enabled) { true }
+    let(:firewall_enabled) { true }
     let(:ssh_open) { true }
     let(:only_ssh_key_auth) { true }
 
     before do
       subject.enable_sshd = ssh_enabled
+      subject.enable_firewall = firewall_enabled
       subject.open_ssh = ssh_open
       allow(subject).to receive(:only_public_key_auth).and_return(only_ssh_key_auth)
     end
 
     context "when the root user uses only SSH key based authentication" do
       context "when sshd is enabled" do
-        context "and the SSH port is open" do
-          it "returns false" do
-            expect(subject.access_problem?).to eql(false)
+        context "and firewall is enabled" do
+          context "and the SSH port is open" do
+            it "returns false" do
+              expect(subject.access_problem?).to eql(false)
+            end
+          end
+
+          context "and the SSH port is close" do
+            let(:ssh_open) { false }
+
+            it "returns true" do
+              expect(subject.access_problem?).to eql(true)
+            end
           end
         end
 
-        context "and the SSH port is close" do
-          let(:ssh_open) { false }
+        context "and firewall is disabled" do
+          let(:firewall_enabled) { false }
 
           it "returns true" do
             expect(subject.access_problem?).to eql(true)