yast · kobliha · Aug 21, 2012 · Aug 16, 2012 · Aug 16, 2012 · Aug 16, 2012
diff --git a/library/modules/Linuxrc.ycp b/library/modules/Linuxrc.ycp
@@ -103,6 +103,13 @@
 	return InstallInf ("UseSSH") == "1";
     }
 
+    /**
+     * Returns if iSCSI has been requested in Linuxrc.
+     */
+    global boolean useiscsi () {
+        return Linuxrc::InstallInf("WithiSCSI") == "1";
+    }
+
     /**
      * we're running in textmode (-> UI::GetDisplayInfo())
      */

diff --git a/library/network/src/DnsServerAPI.pm b/library/network/src/DnsServerAPI.pm
@@ -306,7 +306,7 @@ sub CheckHostameInZone {
 
 The hostname must be relative to the zone or must end 
 with the zone name followed by a dot, for example,
-'dhcp1' or 'dhcp1.example.org.' for the zone 'dhcp.org'.
+'dhcp1' or 'dhcp1.example.org.' for the zone 'example.org'.
 "), $hostname, $zone));
 	    return 0;
 	}

diff --git a/library/network/src/SuSEFirewall.ycp b/library/network/src/SuSEFirewall.ycp
@@ -1440,6 +1440,11 @@
 	    if (IsInterfaceInZone(interface, zone)) interface_zone = add (interface_zone, zone);
 	});
 
+        // Fallback handling for 'any' in the FW_DEV_* configuration
+        if (interface == special_all_interface_string && size(interface_zone) == 0) {
+          interface_zone = [special_all_interface_zone];
+        }
+
 	if (IsVerbose() && size(interface_zone) > 1) {
 	    // TRANSLATORS: Error message, %1 = interface name (like eth0)
 	    Report::Error(sformat(_("Interface '%1' is included in multiple firewall zones.

diff --git a/library/network/src/SuSEFirewallProposal.ycp b/library/network/src/SuSEFirewallProposal.ycp
@@ -40,6 +40,10 @@
 
     string ssh_service = "service:sshd";
 
+    string iscsi_target_service = "service:iscsitarget";
+
+    list <string> iscsi_target_fallback_ports = ["iscsi-target"];
+
     # <!-- SuSEFirewall LOCAL VARIABLES //-->
 
     # <!-- SuSEFirewall LOCAL FUNCTIONS //-->
@@ -209,60 +213,89 @@
 	});
     }
 
+    /**
+     * Function opens service for network interfaces given as the third parameter.
+     * Fallback ports are used if the given service is uknown.
+     *
+     * @see OpenServiceOnNonDialUpInterfaces for more info.
+     *
+     * @param string service, e.g., "service:http-server"
+     * @param list <string> fallback_ports, e.g., ["80"]
+     * @param list <string> interfaces, e.g., ["eth3"]
+     */
+    define void OpenServiceInInterfaces(string service, list <string> fallback_ports, list <string> interfaces) {
+        list <string> zones = SuSEFirewall::GetZonesOfInterfaces(interfaces);
+
+        if (SuSEFirewallServices::IsKnownService (service)) {
+            y2milestone("Opening service %1 on interfaces %2 (zones %3)",
+                service, interfaces, zones);
+            SuSEFirewall::SetServicesForZones([service], zones, true);
+        }
+
+        if (SuSEFirewallServices::IsKnownService (service) != true || ServiceEnabled (service, interfaces) != true) {
+            EnableFallbackPorts (fallback_ports, interfaces);
+        }
+    }
+
+    /**
+     * Checks whether the given service or (TCP) ports are open at least in
+     * one FW zone.
+     *
+     * @param string service, e.g., "service:http-server"
+     * @param list <string> fallback_ports, e.g., ["80"]
+     */
+    define boolean IsServiceOrPortsOpen(string service, list <string> fallback_ports) {
+        boolean ret = false;
+
+        foreach (string zone, SuSEFirewall::GetKnownFirewallZones(), {
+            // either service is supported
+            if (SuSEFirewall::IsServiceSupportedInZone(service, zone)) {
+                ret = true;
+            // or check for ports
+            } else {
+                boolean all_ports = true;
+
+                // all ports have to be open
+                foreach (string port, fallback_ports, {
+                    if (! SuSEFirewall::HaveService (port, "TCP", zone)) {
+                        all_ports = false;
+                        break;
+                    }
+                });
+
+                if (all_ports) ret = true;
+            }
+
+            if (ret == true) break;
+        });
+
+        return ret;
+    }
+
     /**
      * Function opens up the service on all non-dial-up network interfaces.
      * If there are no network interfaces known and the 'any' feature is supported,
      * function opens the service for the zone supporting that feature. If there
      * are only dial-up interfaces, function opens the service for them.
      *
      * @param string service such as "service:koo" or "serice:boo"
+     * @param list <string> list of ports used as a fallback if the given service doesn't exist
      */
     global define void OpenServiceOnNonDialUpInterfaces (string service, list <string> fallback_ports) {
 	list <string> non_dial_up_interfaces = SuSEFirewall::GetAllNonDialUpInterfaces();
 	list <string> dial_up_interfaces     = SuSEFirewall::GetAllDialUpInterfaces();
 
 	// Opening the service for non-dial-up interfaces
 	if (size(non_dial_up_interfaces)>0) {
-	    list <string> non_dial_up_interfaces_zones = SuSEFirewall::GetZonesOfInterfaces(non_dial_up_interfaces);
-
-	    if (SuSEFirewallServices::IsKnownService (service)) {
-		y2milestone("Opening service %1 on interfaces %2 (zones %3)",
-		    service, non_dial_up_interfaces, non_dial_up_interfaces_zones);
-		SuSEFirewall::SetServicesForZones([service], non_dial_up_interfaces_zones, true);
-	    }
-
-	    if (SuSEFirewallServices::IsKnownService (service) != true || ServiceEnabled (service, non_dial_up_interfaces_zones) != true) {
-		EnableFallbackPorts (fallback_ports, non_dial_up_interfaces_zones);
-	    }
-
+	    OpenServiceInInterfaces(service, fallback_ports, non_dial_up_interfaces);
 	// Only dial-up network interfaces, there mustn't be any non-dial-up one
 	} else if (size(dial_up_interfaces) > 0) {
-	    list <string> dial_up_interfaces_zones = SuSEFirewall::GetZonesOfInterfaces(dial_up_interfaces);
-
-	    if (SuSEFirewallServices::IsKnownService (service)) {
-		y2warning("Opening service %1 on interfaces %2 (zones %3)",
-		    service, dial_up_interfaces, dial_up_interfaces_zones);
-		SuSEFirewall::SetServicesForZones([service], dial_up_interfaces_zones, true);
-	    }
-
-	    if (SuSEFirewallServices::IsKnownService (service) != true || ServiceEnabled (service, dial_up_interfaces) != true) {
-		EnableFallbackPorts (fallback_ports, dial_up_interfaces);
-	    }
-
+	    OpenServiceInInterfaces(service, fallback_ports, dial_up_interfaces);
 	// No network interfaces are known
 	} else if (size(known_interfaces) == 0) {
 	    if (SuSEFirewall::IsAnyNetworkInterfaceSupported() == true) {
-		if (SuSEFirewallServices::IsKnownService (service) == true) {
-		    y2warning("WARNING: Opening %1 for the External zone without any known interface!", toupper(service));
-		    SuSEFirewall::SetServicesForZones([service], [SuSEFirewall::special_all_interface_zone], true);
-		    y2milestone("By now, %1 for %2 zone is %3",
-			service,
-			SuSEFirewall::special_all_interface_zone,
-			SuSEFirewall::IsServiceSupportedInZone (service, SuSEFirewall::special_all_interface_zone)
-		    );
-		} else {
-		    EnableFallbackPorts (fallback_ports, [SuSEFirewall::special_all_interface_zone]);
-		}
+                y2warning("WARNING: Opening %1 for the External zone without any known interface!", toupper(service));
+                OpenServiceInInterfaces(service, fallback_ports, [SuSEFirewall::special_all_interface_string]);
 	    }
 	}
     }
@@ -357,6 +390,13 @@
 	    SuSEFirewall::AddXenSupport();
 	}
 
+        // BNC #766300 - Automatically propose opening iscsi-target port
+        // when installing with withiscsi=1
+        if (Linuxrc::useiscsi()) {
+            y2milestone("iSCSI has been used during installation, opening %1 service", iscsi_target_service);
+            OpenServiceOnNonDialUpInterfaces (iscsi_target_service, iscsi_target_fallback_ports);
+        }
+
 	SetKnownInterfaces(SuSEFirewall::GetListOfKnownInterfaces());
     }
 
@@ -564,7 +604,23 @@
 		    // TRANSLATORS: This is a warning message. Installation over VNC without VNC allowed on firewall
 		    AddWarning(_("You are installing a system using remote administration (VNC), but you have not opened the VNC ports on the firewall."));
 	    }
-
+
+            if (Linuxrc::useiscsi()) {
+                boolean is_iscsi_enabled = IsServiceOrPortsOpen(iscsi_target_service, iscsi_target_fallback_ports);
+
+                output = output + "<li>" + (is_iscsi_enabled ?
+                    // TRANSLATORS: Network proposal informative text
+                    _("iSCSI Target ports are open")
+                    :
+                    // TRANSLATORS: Network proposal informative text
+                    _("iSCSI Target ports are blocked")
+                ) + "</li>\n";
+
+                if (! is_iscsi_enabled)
+                    // TRANSLATORS: This is a warning message. Installation to iSCSI without iSCSI allowed on firewall
+                    AddWarning(_("You are installing a system using iSCSI Target, but you have not opened the needed ports on the firewall."));
+            }
+
 	    list <string> warnings_strings = GetWarnings();
 	    if (size(warnings_strings)>0) {
 		ClearWarnings();

diff --git a/package/yast2.changes b/package/yast2.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Aug 17 15:47:42 CEST 2012 - locilka@suse.com
+
+- Fixed a typo (BNC #766703)
+- Added support for iSCSI Target into the Firewall proposal
+  (BNC #766300)
+
 -------------------------------------------------------------------
 Tue Aug  7 14:53:33 CEST 2012 - jsuchome@suse.cz