only sending keepalive chars to unix firewalls; prperly setting installation status to "failure" if user refuses to accept firewall host ssh key

2026-05-02 15:17:28 +02:00 · 2009-01-02 00:53:35 +00:00 · 2009-01-02 00:53:35 +00:00 · e6010add12
commit e6010add12
parent bff50df97e
7 changed files with 22 additions and 15 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-#define BUILD_NUM 728
+#define BUILD_NUM 729
--- a/src/gui/SSHPIX.cpp
+++ b/src/gui/SSHPIX.cpp
@ -206,9 +206,9 @@ void SSHPIX::stateMachine()

            stopHeartBeat();

-            int res =QMessageBox::warning( parent, tr("New RSA key"), msg,
-                                           tr("Yes"), tr("No"), 0,
-                                           0, -1 );
+            int res = QMessageBox::warning( parent, tr("New RSA key"), msg,
+                                            tr("Yes"), tr("No"), 0,
+                                            0, -1 );

            if (fwbdebug)
                qDebug("User said: res=%d", res);
--- a/src/gui/SSHSession.cpp
+++ b/src/gui/SSHSession.cpp
@ -81,6 +81,7 @@ SSHSession::SSHSession(QWidget *_par,
    closeStdin = false;
    error = false;
    endOfCopy = false;
+    send_keepalive = false;

    proc = NULL;
    retcode = 0;
@ -382,12 +383,13 @@ void SSHSession::stopHeartBeat()
 {
    if (fwbdebug) qDebug("SSHSession::stopHeartBeat");
    heartBeatTimer->stop();
+    send_keepalive = false;
 }

 void SSHSession::heartBeat()
 {
    if (fwbdebug) qDebug("SSHSession::heartBeat");
-    proc->write("\n");
+    if (send_keepalive) proc->write("\n");
    readFromStderr();
    readFromStdout();
    if (endOfCopy && closeStdin)
--- a/src/gui/SSHSession.h
+++ b/src/gui/SSHSession.h
@ -67,6 +67,7 @@ class SSHSession : public QObject {
    bool       enable;
    bool       configure;
    bool       endOfCopy;
+    bool       send_keepalive;
    
    enum State { NONE,
                 LOGGEDIN,
--- a/src/gui/SSHUnx.cpp
+++ b/src/gui/SSHUnx.cpp
@ -151,18 +151,20 @@ void SSHUnx::stateMachine()
            proc->write( "\n" );
            break;
        }
-/* we may get to LOGGEDIN state directly from NONE, for example when
- * password is supplied on command line to plink.exe
- */
+        // we may get to LOGGEDIN state directly from NONE, for
+        // example when password is supplied on command line to
+        // plink.exe
        if (cmpPrompt(stdoutBuffer,normal_prompt) ||
            cmpPrompt(stdoutBuffer,fwb_prompt))
        {
-            state=PUSHING_CONFIG;
+            state = PUSHING_CONFIG;
+            // start sending keepalive chars (just "\n", done in
+            // SSHSession::heartBeat()) to keep session alive and to
+            // force firewall to restore session state after policy
+            // has been reloaded  and state possibly purged.
+            send_keepalive = true;
            if (!quiet) emit printStdout_sign( tr("Logged in") + "\n" );
-            if (fwbdebug)
-                qDebug("SSHUnx::stateMachine logged in");
-//            proc->write( "\n" );
-//            stdoutBuffer="";
+            if (fwbdebug) qDebug("SSHUnx::stateMachine logged in");
            goto push_files;
        }

@ -242,7 +244,8 @@ void SSHUnx::stateMachine()

 /* we get to this state when previous ssh or scp command terminates */
    case FINISH:
-        if ( (proc->state()==QProcess::NotRunning) && (proc->exitStatus()==QProcess::NormalExit))
+        if ( (proc->state()==QProcess::NotRunning) &&
+             (proc->exitStatus()==QProcess::NormalExit))
        {
            emit printStdout_sign( "\n");
            emit printStdout_sign( tr("Done") );
--- a/src/gui/instDialog_installer.cpp
+++ b/src/gui/instDialog_installer.cpp
@ -189,5 +189,6 @@ void instDialog::installerError()
    opError(cnf.fwobj);
    currentProgressBar->setValue(currentProgressBar->maximum());
    QTimer::singleShot( 0, this, SLOT(mainLoopInstall()));
+    opListMapping[cnf.fwobj->getId()]->setText(1, tr("Failure"));
 }

--- a/test/pix/objects-for-regression-tests.fwb
+++ b/test/pix/objects-for-regression-tests.fwb
@ -13899,7 +13899,7 @@ no sysopt nodnsalias outbound
          <Option name="xlate_ss">0</Option>
        </FirewallOptions>
      </Firewall>
-      <Firewall id="id47B7A69C21818" host_OS="pix_os" inactive="False" lastCompiled="1230855485" lastInstalled="1230855510" lastModified="1230855132" platform="pix" version="7.0" name="pix515" comment="Similar to fw 1, but the firewall is used as DHCP and DNS server for internal network.&#10;This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside.&#10;Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall can send DNS queries to servers out on the Internet. Another rule permits DNS queries from internal network to the firewall. Special rules permit DHCP requests from internal network and replies sent by the firewall." ro="False">
+      <Firewall id="id47B7A69C21818" host_OS="pix_os" inactive="False" lastCompiled="1230857551" lastInstalled="1230857537" lastModified="1230855132" platform="pix" version="7.0" name="pix515" comment="Similar to fw 1, but the firewall is used as DHCP and DNS server for internal network.&#10;This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside.&#10;Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall can send DNS queries to servers out on the Internet. Another rule permits DNS queries from internal network to the firewall. Special rules permit DHCP requests from internal network and replies sent by the firewall." ro="False">
        <NAT id="id47B7A71321818" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
          <NATRule id="id47B7A71421818" disabled="False" position="0" comment="">
            <OSrc neg="False">