see #1987 Deleting object that is used as Network Zone for ASA/PIX interface results in inconsistent behavior. When an object that is used as a network zone of some interface is deleted, it should be removed from that interface configuration as well.

2026-03-22 03:07:20 +01:00 · 2011-01-27 11:35:24 -08:00 · 2011-01-27 11:35:24 -08:00 · 9cc60050ee
commit 9cc60050ee
parent 4bba7533c8
6 changed files with 46 additions and 4 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,5 +1,11 @@
 2011-01-27  vadim  <vadim@netcitadel.com>

+	* Interface.cpp (removeRef): fixes #1987 "Deleting object that is
+	used as Network Zone for ASA/PIX interface results in inconsistent
+	behavior". When an object that is used as a network zone of an
+	interface is deleted, it should be removed from the interface
+	configuration as well.
+
 	* Cluster.cpp (init): fixes #1995 "Crash when compiling a cluster
 	with identical firewalls". Method Cluster::init() must call base
 	class method Firewall::init() to get child Policy, NAT and Routing
--- a/src/libfwbuilder/src/fwbuilder/FWObjectDatabase_search.cpp
+++ b/src/libfwbuilder/src/fwbuilder/FWObjectDatabase_search.cpp
@ -181,10 +181,23 @@ bool FWObjectDatabase::_findWhereObjectIsUsed(FWObject *o,
    p->setInt(".search_id", search_id);
    p->setBool(".searchResult", false);

+    Interface *intf = Interface::cast(p);
+    if (intf)
+    {
+        string netzone_id = intf->getStr("network_zone");
+        FWObject *netzone = findInIndex(FWObjectDatabase::getIntId(netzone_id));
+        if (netzone == o)
+        {
+            resset.insert(p);
+            res = true;
+        }
+    }
+
    PolicyRule *rule = PolicyRule::cast(p);
    if (rule)
    {
-        switch (rule->getAction()) {
+        switch (rule->getAction())
+        {
        case PolicyRule::Tag:
        {
            FWObject *tagobj = rule->getTagObject();
--- a/src/libfwbuilder/src/fwbuilder/Interface.cpp
+++ b/src/libfwbuilder/src/fwbuilder/Interface.cpp
@ -67,6 +67,20 @@ Interface::Interface():Address()

 Interface::~Interface() {}

+/**
+ * Removes reference to given object among children of 'this'. In case
+ * of Interface we check if @obj is used as network zone.
+ */
+void Interface::removeRef(FWObject *obj)
+{
+    string netzone_id = getStr("network_zone");
+    FWObject *netzone = getRoot()->findInIndex(
+        FWObjectDatabase::getIntId(netzone_id));
+    if (obj == netzone) setStr("network_zone", "");
+
+    FWObject::removeRef(obj);
+}
+
 FWObject& Interface::shallowDuplicate(const FWObject *o, bool preserve_id)
    throw(FWException)
 {
--- a/src/libfwbuilder/src/fwbuilder/Interface.h
+++ b/src/libfwbuilder/src/fwbuilder/Interface.h
@ -75,6 +75,12 @@ public:
        Interface(const Interface &i);
        virtual ~Interface();

+        /**
+         * Removes reference to given object among
+         * children of 'this'. In case of an Interface, we should check for
+         * if the reference to @obj is used as a network zone.
+         */
+        virtual void removeRef(FWObject *obj);

        virtual void fromXML(xmlNodePtr parent) throw(FWException);
        virtual xmlNodePtr toXML(xmlNodePtr parent) throw(FWException);
--- a/src/libgui/ObjectManipulator_ops.cpp
+++ b/src/libgui/ObjectManipulator_ops.cpp
@ -561,7 +561,8 @@ void ObjectManipulator::deleteObject(FWObject *obj, QUndoCommand* macro)
    catch (FWException &ex)
    {
        if (fwbdebug)
-            qDebug("ObjectManipulator::deleteObject: catch:  restoreOverrideCursor");
+            qDebug() << "ObjectManipulator::deleteObject:"
+                     << "catch:  restoreOverrideCursor";
        QApplication::restoreOverrideCursor();
        QMessageBox::warning(
            this,"Firewall Builder",
@ -583,7 +584,8 @@ void ObjectManipulator::deleteObject(FWObject *obj, QUndoCommand* macro)
 void ObjectManipulator::actuallyDeleteObject(FWObject *obj, QUndoCommand* macro)
 {
    map<int, set<FWObject*> > reference_holders;
-    UsageResolver().findAllReferenceHolders(obj, m_project->db(), reference_holders);
+    UsageResolver().findAllReferenceHolders(obj, m_project->db(),
+                                            reference_holders);

    FWObject *deleted_objects_lib = m_project->db()->findInIndex(
        FWObjectDatabase::DELETED_OBJECTS_ID);
--- a/src/libgui/UsageResolver.cpp
+++ b/src/libgui/UsageResolver.cpp
@ -33,6 +33,7 @@
 #include "fwbuilder/RuleElement.h"
 #include "fwbuilder/Rule.h"
 #include "fwbuilder/Cluster.h"
+#include "fwbuilder/Interface.h"
 #include "fwbuilder/FWOptions.h"
 #include "fwbuilder/Management.h"

@ -237,7 +238,7 @@ void UsageResolver::findAllReferenceHolders(
            FWObject *holder = o->getParent();
            reference_holders.insert(holder);
        }
-        if (Rule::cast(o))
+        if (Rule::cast(o) || Interface::cast(o))
            reference_holders.insert(o);
    }