fw-daemon/fw-prompt/fw-prompt.go

package main

import (
	"encoding/json"
	"errors"
	"fmt"
	"github.com/gotk3/gotk3/gdk"
	"github.com/gotk3/gotk3/glib"
	"github.com/gotk3/gotk3/gtk"
	"io/ioutil"
	"log"
	"os"
	"os/user"
	"strconv"
	"strings"
	"sync"
	"time"

	"github.com/subgraph/fw-daemon/sgfw"
)

type fpPreferences struct {
	Winheight uint
	Winwidth  uint
	Wintop    uint
	Winleft   uint
}

type ruleColumns struct {
	nrefs     int
	Path      string
	GUID      string
	Icon      string
	Proto     string
	Pid       int
	Target    string
	Hostname  string
	Port      int
	UID       int
	GID       int
	Uname     string
	Gname     string
	Origin    string
	Timestamp string
	IsSocks   bool
	ForceTLS  bool
	Scope     int
}

const (
	COL_NO_NREFS = iota
	COL_NO_ICON_PIXBUF
	COL_NO_GUID
	COL_NO_PATH
	COL_NO_ICON
	COL_NO_PROTO
	COL_NO_PID
	COL_NO_DSTIP
	COL_NO_HOSTNAME
	COL_NO_PORT
	COL_NO_UID
	COL_NO_GID
	COL_NO_ORIGIN
	COL_NO_TIMESTAMP
	COL_NO_IS_SOCKS
	COL_NO_OPTSTRING
	COL_NO_ACTION
	COL_NO_LAST
)

var dbuso *dbusObject
var userPrefs fpPreferences
var mainWin *gtk.Window
var Notebook *gtk.Notebook
var globalTS *gtk.TreeStore = nil
var globalTV *gtk.TreeView
var globalPromptLock = &sync.Mutex{}
var recentLock = &sync.Mutex{}
var globalIcon *gtk.Image

var editApp, editTarget, editPort, editUser, editGroup *gtk.Entry
var comboProto *gtk.ComboBoxText
var radioOnce, radioProcess, radioParent, radioSession, radioPermanent *gtk.RadioButton
var btnApprove, btnDeny, btnIgnore *gtk.Button
var chkTLS, chkUser, chkGroup *gtk.CheckButton
var recentlyRemoved = []string{}

func wasRecentlyRemoved(guid string) bool {
	recentLock.Lock()
	defer recentLock.Unlock()

	for gind, g := range recentlyRemoved {
		if g == guid {
			recentlyRemoved = append(recentlyRemoved[:gind], recentlyRemoved[gind+1:]...)
			return true
		}
	}

	return false
}

func addRecentlyRemoved(guid string) {
	recentLock.Lock()
	defer recentLock.Unlock()
	fmt.Println("RECENTLY REMOVED: ", guid)
	recentlyRemoved = append(recentlyRemoved, guid)
}

func promptInfo(msg string) {
	dialog := gtk.MessageDialogNew(mainWin, 0, gtk.MESSAGE_INFO, gtk.BUTTONS_OK, "Displaying full log info:")
	//	dialog.SetDefaultGeometry(500, 200)

	tv, err := gtk.TextViewNew()

	if err != nil {
		log.Fatal("Unable to create TextView:", err)
	}

	tvbuf, err := tv.GetBuffer()

	if err != nil {
		log.Fatal("Unable to get buffer:", err)
	}

	tvbuf.SetText(msg)
	tv.SetEditable(false)
	tv.SetWrapMode(gtk.WRAP_WORD)

	scrollbox, err := gtk.ScrolledWindowNew(nil, nil)

	if err != nil {
		log.Fatal("Unable to create scrolled window:", err)
	}

	scrollbox.Add(tv)
	scrollbox.SetSizeRequest(500, 100)

	box, err := dialog.GetContentArea()

	if err != nil {
		log.Fatal("Unable to get content area of dialog:", err)
	}

	box.Add(scrollbox)
	dialog.ShowAll()
	dialog.Run()
	dialog.Destroy()
	//self.set_default_size(150, 100)
}

func promptChoice(msg string) int {
	dialog := gtk.MessageDialogNew(mainWin, 0, gtk.MESSAGE_ERROR, gtk.BUTTONS_YES_NO, msg)
	result := dialog.Run()
	dialog.Destroy()
	return result
}

func promptError(msg string) {
	dialog := gtk.MessageDialogNew(mainWin, 0, gtk.MESSAGE_ERROR, gtk.BUTTONS_CLOSE, "Error: %s", msg)
	dialog.Run()
	dialog.Destroy()
}

func getConfigPath() string {
	usr, err := user.Current()

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error: could not determine location of user preferences file:", err, "\n")
		return ""
	}

	prefPath := usr.HomeDir + "/.fwprompt.json"
	return prefPath
}

func savePreferences() bool {
	usr, err := user.Current()

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error: could not determine location of user preferences file:", err, "\n")
		return false
	}

	prefPath := usr.HomeDir + "/.fwprompt.json"

	jsonPrefs, err := json.Marshal(userPrefs)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error: could not generate user preferences data:", err, "\n")
		return false
	}

	err = ioutil.WriteFile(prefPath, jsonPrefs, 0644)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error: could not save user preferences data:", err, "\n")
		return false
	}

	return true
}

func loadPreferences() bool {
	usr, err := user.Current()

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error: could not determine location of user preferences file: %v", err, "\n")
		return false
	}

	prefPath := usr.HomeDir + "/.fwprompt.json"

	jfile, err := ioutil.ReadFile(prefPath)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error: could not read preference data from file: %v", err, "\n")
		return false
	}

	err = json.Unmarshal(jfile, &userPrefs)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error: could not load preferences data from file: %v", err, "\n")
		return false
	}

	fmt.Println(userPrefs)
	return true
}

func get_hbox() *gtk.Box {
	hbox, err := gtk.BoxNew(gtk.ORIENTATION_HORIZONTAL, 0)

	if err != nil {
		log.Fatal("Unable to create horizontal box:", err)
	}

	return hbox
}

func get_vbox() *gtk.Box {
	vbox, err := gtk.BoxNew(gtk.ORIENTATION_VERTICAL, 0)

	if err != nil {
		log.Fatal("Unable to create vertical box:", err)
	}

	return vbox
}

func get_checkbox(text string, activated bool) *gtk.CheckButton {
	cb, err := gtk.CheckButtonNewWithLabel(text)

	if err != nil {
		log.Fatal("Unable to create new checkbox:", err)
	}

	cb.SetActive(activated)
	return cb
}

func get_combobox() *gtk.ComboBoxText {
	combo, err := gtk.ComboBoxTextNew()

	if err != nil {
		log.Fatal("Unable to create combo box:", err)
	}

	combo.Append("tcp", "TCP")
	combo.Append("udp", "UDP")
	combo.Append("icmp", "ICMP")
	combo.SetActive(0)
	return combo
}

func get_radiobutton(group *gtk.RadioButton, label string, activated bool) *gtk.RadioButton {

	if group == nil {
		radiobutton, err := gtk.RadioButtonNewWithLabel(nil, label)

		if err != nil {
			log.Fatal("Unable to create radio button:", err)
		}

		radiobutton.SetActive(activated)
		return radiobutton
	}

	radiobutton, err := gtk.RadioButtonNewWithLabelFromWidget(group, label)

	if err != nil {
		log.Fatal("Unable to create radio button in group:", err)
	}

	radiobutton.SetActive(activated)
	return radiobutton
}

func get_entry(text string) *gtk.Entry {
	entry, err := gtk.EntryNew()

	if err != nil {
		log.Fatal("Unable to create text entry:", err)
	}

	entry.SetText(text)
	return entry
}

func get_label(text string) *gtk.Label {
	label, err := gtk.LabelNew(text)

	if err != nil {
		log.Fatal("Unable to create label in GUI:", err)
		return nil
	}

	return label
}

func createColumnImg(title string, id int) *gtk.TreeViewColumn {
	cellRenderer, err := gtk.CellRendererPixbufNew()
	if err != nil {
		log.Fatal("Unable to create image cell renderer:", err)
	}

	column, err := gtk.TreeViewColumnNewWithAttribute(title, cellRenderer, "pixbuf", id)
	if err != nil {
		log.Fatal("Unable to create cell column:", err)
	}

	return column
}

func createColumnText(title string, id int) *gtk.TreeViewColumn {
	cellRenderer, err := gtk.CellRendererTextNew()
	if err != nil {
		log.Fatal("Unable to create text cell renderer:", err)
	}

	column, err := gtk.TreeViewColumnNewWithAttribute(title, cellRenderer, "text", id)
	if err != nil {
		log.Fatal("Unable to create cell column:", err)
	}

	column.SetSortColumnID(id)
	column.SetResizable(true)
	return column
}

func createTreeStore(general bool) *gtk.TreeStore {
	colData := []glib.Type{glib.TYPE_INT, glib.TYPE_OBJECT, glib.TYPE_STRING, glib.TYPE_STRING, glib.TYPE_STRING, glib.TYPE_STRING, glib.TYPE_INT, glib.TYPE_STRING,
		glib.TYPE_STRING, glib.TYPE_INT, glib.TYPE_INT, glib.TYPE_INT, glib.TYPE_STRING, glib.TYPE_STRING, glib.TYPE_INT, glib.TYPE_STRING, glib.TYPE_INT}

	treeStore, err := gtk.TreeStoreNew(colData...)
	if err != nil {
		log.Fatal("Unable to create list store:", err)
	}

	return treeStore
}

func removeRequest(treeStore *gtk.TreeStore, guid string) {
	if wasRecentlyRemoved(guid) {
		fmt.Printf("Entry for %s was recently removed; deleting from cache\n", guid)
		return
	}

	removed := false

	if globalTS == nil {
		return
	}

	globalPromptLock.Lock()
	defer globalPromptLock.Unlock()

remove_outer:
	for ridx := 0; ridx < globalTS.IterNChildren(nil); ridx++ {
		nchildren := 0
		this_iter, err := globalTS.GetIterFromString(fmt.Sprintf("%d", ridx))
		if err != nil {
			log.Println("Strange condition; couldn't get iter of known tree index:", err)
		} else {
			nchildren = globalTS.IterNChildren(this_iter)
		}

		for cidx := 0; cidx < nchildren-1; cidx++ {
			sidx := cidx
			if cidx == nchildren {
				cidx = -1
			}

			rule, _, err := getRuleByIdx(ridx, sidx)
			if err != nil {
				break remove_outer
			} else if rule.GUID == guid {
				removeSelectedRule(ridx, sidx)
				removed = true
				break
			}
		}

	}

	if !removed {
		log.Printf("Unexpected condition: SGFW requested prompt removal for non-existent GUID %v\n", guid)
	}

}

// Needs to be locked by caller
func storeNewEntry(ts *gtk.TreeStore, iter *gtk.TreeIter, guid, path, icon, proto string, pid int, ipaddr, hostname string, port, uid, gid int, origin,
	timestamp string, is_socks bool, optstring, sandbox string, action int) {
	var colVals = [COL_NO_LAST]interface{}{}

	if is_socks {
		if (optstring != "") && (strings.Index(optstring, "SOCKS") == -1) {
			optstring = "SOCKS5 / " + optstring
		} else if optstring == "" {
			optstring = "SOCKS5"
		}
	}

	colVals[COL_NO_NREFS] = 1
	colVals[COL_NO_ICON_PIXBUF] = nil
	colVals[COL_NO_GUID] = guid
	colVals[COL_NO_PATH] = path
	colVals[COL_NO_ICON] = icon
	colVals[COL_NO_PROTO] = proto
	colVals[COL_NO_PID] = pid

	if ipaddr == "" {
		colVals[COL_NO_DSTIP] = "---"
	} else {
		colVals[COL_NO_DSTIP] = ipaddr
	}

	colVals[COL_NO_HOSTNAME] = hostname
	colVals[COL_NO_PORT] = port
	colVals[COL_NO_UID] = uid
	colVals[COL_NO_GID] = gid
	colVals[COL_NO_ORIGIN] = origin
	colVals[COL_NO_TIMESTAMP] = timestamp
	colVals[COL_NO_IS_SOCKS] = 0

	if is_socks {
		colVals[COL_NO_IS_SOCKS] = 1
	}

	colVals[COL_NO_OPTSTRING] = optstring
	colVals[COL_NO_ACTION] = action

	itheme, err := gtk.IconThemeGetDefault()
	if err != nil {
		log.Fatal("Could not load default icon theme:", err)
	}

	make_blank := false
	if icon != "" {
		pb, err := itheme.LoadIcon(icon, 24, gtk.ICON_LOOKUP_GENERIC_FALLBACK)
		if err != nil {
			log.Println("Could not load icon:", err)
			make_blank = true
		} else {
			colVals[COL_NO_ICON_PIXBUF] = pb
		}
	} else {
		make_blank = true
	}

	if make_blank {
		pb, err := gdk.PixbufNew(gdk.COLORSPACE_RGB, true, 8, 24, 24)
		if err != nil {
			log.Println("Error creating blank icon:", err)
		} else {
			colVals[COL_NO_ICON_PIXBUF] = pb

			img, err := gtk.ImageNewFromPixbuf(pb)
			if err != nil {
				log.Println("Error creating image from pixbuf:", err)
			} else {
				img.Clear()
				pb = img.GetPixbuf()
				colVals[COL_NO_ICON_PIXBUF] = pb
			}
		}

	}

	for n := 0; n < len(colVals); n++ {
		err := ts.SetValue(iter, n, colVals[n])
		if err != nil {
			log.Fatal("Unable to add row:", err)
		}
	}

	return
}

func addRequestInc(treeStore *gtk.TreeStore, guid, path, icon, proto string, pid int, ipaddr, hostname string, port, uid, gid int,
	origin, timestamp string, is_socks bool, optstring string, sandbox string, action int) bool {
	duplicated := false

	globalPromptLock.Lock()
	defer globalPromptLock.Unlock()

	for ridx := 0; ridx < globalTS.IterNChildren(nil); ridx++ {
		rule, iter, err := getRuleByIdx(ridx, -1)
		if err != nil {
			break
			// XXX: not compared: optstring/sandbox
		} else if (rule.Path == path) && (rule.Proto == proto) && (rule.Pid == pid) && (rule.Target == ipaddr) && (rule.Hostname == hostname) &&
			(rule.Port == port) && (rule.UID == uid) && (rule.GID == gid) && (rule.Origin == origin) && (rule.IsSocks == is_socks) {
			rule.nrefs++

			err := globalTS.SetValue(iter, 0, rule.nrefs)
			if err != nil {
				log.Println("Error creating duplicate firewall prompt entry:", err)
				break
			}

			duplicated = true
			subiter := globalTS.Append(iter)
			storeNewEntry(globalTS, subiter, guid, path, icon, proto, pid, ipaddr, hostname, port, uid, gid, origin, timestamp, is_socks, optstring, sandbox, action)
			break
		}

	}

	return duplicated
}

func addRequestAsync(treeStore *gtk.TreeStore, guid, path, icon, proto string, pid int, ipaddr, hostname string, port, uid, gid int,
	origin, timestamp string, is_socks bool, optstring string, sandbox string, action int) bool {
	addRequest(treeStore, guid, path, icon, proto, pid, ipaddr, hostname, port, uid, gid, origin, timestamp, is_socks,
		optstring, sandbox, action)
	return true
}

func addRequest(treeStore *gtk.TreeStore, guid, path, icon, proto string, pid int, ipaddr, hostname string, port, uid, gid int,
	origin, timestamp string, is_socks bool, optstring string, sandbox string, action int) bool {
	if treeStore == nil {
		treeStore = globalTS
		waitTimes := []int{1, 2, 5, 10}

		if treeStore == nil {
			log.Println("SGFW prompter was not ready to receive firewall request... waiting")

			for _, wtime := range waitTimes {
				time.Sleep(time.Duration(wtime) * time.Second)
				treeStore = globalTS

				if treeStore != nil {
					break
				}

				log.Println("SGFW prompter is still waiting...")
			}

		}

	}

	if treeStore == nil {
		log.Fatal("SGFW prompter GUI failed to load for unknown reasons")
	}

	if addRequestInc(treeStore, guid, path, icon, proto, pid, ipaddr, hostname, port, uid, gid, origin, timestamp, is_socks, optstring, sandbox, action) {
		fmt.Println("Request was duplicate: ", guid)
		globalPromptLock.Lock()
		toggleHover()
		globalPromptLock.Unlock()
		return true
	}

	globalPromptLock.Lock()
	defer globalPromptLock.Unlock()

	iter := treeStore.Append(nil)
	storeNewEntry(treeStore, iter, guid, path, icon, proto, pid, ipaddr, hostname, port, uid, gid, origin, timestamp, is_socks, optstring, sandbox, action)

	toggleHover()
	return true
}

func setup_settings() {
	box, err := gtk.BoxNew(gtk.ORIENTATION_VERTICAL, 0)

	if err != nil {
		log.Fatal("Unable to create settings box:", err)
	}

	scrollbox, err := gtk.ScrolledWindowNew(nil, nil)

	if err != nil {
		log.Fatal("Unable to create settings scrolled window:", err)
	}

	hLabel, err := gtk.LabelNew("Settings")

	if err != nil {
		log.Fatal("Unable to create notebook label:", err)
	}

	scrollbox.Add(box)
	scrollbox.SetSizeRequest(600, 400)

	tv, err := gtk.TreeViewNew()

	if err != nil {
		log.Fatal("Unable to create treeview:", err)
	}

	h := get_hbox()
	l := get_label("Log to file:")
	b, err := gtk.ButtonNewWithLabel("Save")

	if err != nil {
		log.Fatal("Unable to create button:", err)
	}

	h.PackStart(l, false, true, 10)
	h.PackStart(b, false, true, 10)
	h.SetMarginTop(10)
	box.Add(h)

	h = get_hbox()

	h.SetMarginTop(0)
	h.SetMarginBottom(20)
	box.Add(h)

	box.Add(tv)

	b.Connect("clicked", func() {
		fmt.Println("CLICKED")

		if err != nil {
			promptError("Unexpected error saving log file info: " + err.Error())
			return
		}

	})

	Notebook.AppendPage(scrollbox, hLabel)
}

func lsGetStr(ls *gtk.TreeStore, iter *gtk.TreeIter, idx int) (string, error) {
	val, err := globalTS.GetValue(iter, idx)
	if err != nil {
		return "", err
	}

	sval, err := val.GetString()
	if err != nil {
		return "", err
	}

	return sval, nil
}

func lsGetInt(ls *gtk.TreeStore, iter *gtk.TreeIter, idx int) (int, error) {
	val, err := globalTS.GetValue(iter, idx)
	if err != nil {
		return 0, err
	}

	ival, err := val.GoValue()
	if err != nil {
		return 0, err
	}

	return ival.(int), nil
}

func makeDecision(rule string, scope int, guid string) error {
	var dres bool
	call := dbuso.Call("AddRuleAsync", 0, uint32(scope), rule, "*", guid)

	err := call.Store(&dres)
	if err != nil {
		log.Println("Error notifying SGFW of asynchronous rule addition:", err)
		return err
	}

	fmt.Println("makeDecision remote result:", dres)
	return nil
}

/* Do we need to hold the lock while this is called? Stay safe... */
func toggleHover() {
	nitems := globalTS.IterNChildren(nil)

	mainWin.SetKeepAbove(nitems > 0)
}

func toggleValidRuleState() {
	ok := true

	// XXX: Unfortunately, this can cause deadlock since it's a part of the item removal cascade
	//	globalPromptLock.Lock()
	//	defer globalPromptLock.Unlock()

	if numSelections() <= 0 {
		ok = false
	}

	str, err := editApp.GetText()
	if err != nil || strings.Trim(str, "\t ") == "" {
		ok = false
	}

	str, err = editTarget.GetText()
	if err != nil || strings.Trim(str, "\t ") == "" {
		ok = false
	}

	str, err = editPort.GetText()
	if err != nil || strings.Trim(str, "\t ") == "" {
		ok = false
	} else {
		pval, err := strconv.Atoi(str)

		if err != nil || pval < 0 || pval > 65535 {
			ok = false
		}
	}

	if chkUser.GetActive() {
		str, err = editUser.GetText()
		if err != nil || strings.Trim(str, "\t ") == "" {
			ok = false
		}
	}

	if chkGroup.GetActive() {
		str, err = editGroup.GetText()
		if err != nil || strings.Trim(str, "\t ") == "" {
			ok = false
		}
	}

	btnApprove.SetSensitive(ok)
	btnDeny.SetSensitive(ok)
	//	btnIgnore.SetSensitive(ok)
	btnIgnore.SetSensitive(false)
}

func createCurrentRule() (ruleColumns, error) {
	rule := ruleColumns{Scope: int(sgfw.APPLY_ONCE)}
	var err error = nil

	if radioProcess.GetActive() {
		rule.Scope = int(sgfw.APPLY_PROCESS)
	} else if radioParent.GetActive() {
		return rule, errors.New("Parent process scope is unsupported at the moment")
	} else if radioSession.GetActive() {
		rule.Scope = int(sgfw.APPLY_SESSION)
	} else if radioPermanent.GetActive() {
		rule.Scope = int(sgfw.APPLY_FOREVER)
	} else {
		rule.Scope = int(sgfw.APPLY_ONCE)
	}

	rule.Path, err = editApp.GetText()
	if err != nil {
		return rule, err
	}

	ports, err := editPort.GetText()
	if err != nil {
		return rule, err
	}

	rule.Port, err = strconv.Atoi(ports)
	if err != nil {
		return rule, err
	}

	rule.Target, err = editTarget.GetText()
	if err != nil {
		return rule, err
	}

	rule.Proto = comboProto.GetActiveID()

	rule.UID, rule.GID = 0, 0
	rule.Uname, rule.Gname = "", ""

	rule.ForceTLS = chkTLS.GetActive()

	/*	Pid      int
		Origin   string */

	return rule, nil
}

func clearEditor() {
	globalIcon.Clear()
	editApp.SetText("")
	editTarget.SetText("")
	editPort.SetText("")
	editUser.SetText("")
	editGroup.SetText("")
	comboProto.SetActive(0)
	radioOnce.SetActive(true)
	radioProcess.SetActive(false)
	radioParent.SetActive(false)
	radioSession.SetActive(false)
	radioPermanent.SetActive(false)
	chkUser.SetActive(false)
	chkGroup.SetActive(false)
	chkTLS.SetActive(false)
}

func removeSelectedRule(idx, subidx int) error {
	fmt.Printf("XXX: attempting to remove idx = %v, %v\n", idx, subidx)
	ppathstr := fmt.Sprintf("%d", idx)
	pathstr := ppathstr

	if subidx > -1 {
		pathstr = fmt.Sprintf("%d:%d", idx, subidx)
	}

	iter, err := globalTS.GetIterFromString(pathstr)
	if err != nil {
		return err
	}

	nchildren := globalTS.IterNChildren(iter)

	if nchildren >= 1 {
		firstpath := fmt.Sprintf("%d:0", idx)
		citer, err := globalTS.GetIterFromString(firstpath)
		if err != nil {
			return err
		}

		gnrefs, err := globalTS.GetValue(iter, COL_NO_NREFS)
		if err != nil {
			return err
		}

		vnrefs, err := gnrefs.GoValue()
		if err != nil {
			return err
		}

		nrefs := vnrefs.(int) - 1

		for n := 0; n < COL_NO_LAST; n++ {
			val, err := globalTS.GetValue(citer, n)
			if err != nil {
				return err
			}

			if n == COL_NO_NREFS {
				err = globalTS.SetValue(iter, n, nrefs)
			} else {
				err = globalTS.SetValue(iter, n, val)
			}

			if err != nil {
				return err
			}
		}

		globalTS.Remove(citer)
		return nil
	}

	globalTS.Remove(iter)

	if subidx > -1 {
		ppath, err := gtk.TreePathNewFromString(ppathstr)
		if err != nil {
			return err
		}

		piter, err := globalTS.GetIter(ppath)
		if err != nil {
			return err
		}

		nrefs, err := lsGetInt(globalTS, piter, COL_NO_NREFS)
		if err != nil {
			return err
		}

		err = globalTS.SetValue(piter, COL_NO_NREFS, nrefs-1)
		if err != nil {
			return err
		}
	}

	toggleHover()
	return nil
}

// Needs to be locked by the caller
func numSelections() int {
	sel, err := globalTV.GetSelection()
	if err != nil {
		return -1
	}

	rows := sel.GetSelectedRows(globalTS)
	return int(rows.Length())
}

// Needs to be locked by the caller
func getRuleByIdx(idx, subidx int) (ruleColumns, *gtk.TreeIter, error) {
	rule := ruleColumns{}
	tpath := fmt.Sprintf("%d", idx)

	if subidx != -1 {
		tpath = fmt.Sprintf("%d:%d", idx, subidx)
	}

	path, err := gtk.TreePathNewFromString(tpath)
	if err != nil {
		return rule, nil, err
	}

	iter, err := globalTS.GetIter(path)
	if err != nil {
		return rule, nil, err
	}

	rule.nrefs, err = lsGetInt(globalTS, iter, COL_NO_NREFS)
	if err != nil {
		return rule, nil, err
	}

	rule.GUID, err = lsGetStr(globalTS, iter, COL_NO_GUID)
	if err != nil {
		return rule, nil, err
	}

	rule.Path, err = lsGetStr(globalTS, iter, COL_NO_PATH)
	if err != nil {
		return rule, nil, err
	}

	rule.Icon, err = lsGetStr(globalTS, iter, COL_NO_ICON)
	if err != nil {
		return rule, nil, err
	}

	rule.Proto, err = lsGetStr(globalTS, iter, COL_NO_PROTO)
	if err != nil {
		return rule, nil, err
	}

	rule.Pid, err = lsGetInt(globalTS, iter, COL_NO_PID)
	if err != nil {
		return rule, nil, err
	}

	rule.Target, err = lsGetStr(globalTS, iter, COL_NO_DSTIP)
	if err != nil {
		return rule, nil, err
	}

	rule.Hostname, err = lsGetStr(globalTS, iter, COL_NO_HOSTNAME)
	if err != nil {
		return rule, nil, err
	}

	rule.Port, err = lsGetInt(globalTS, iter, COL_NO_PORT)
	if err != nil {
		return rule, nil, err
	}

	rule.UID, err = lsGetInt(globalTS, iter, COL_NO_UID)
	if err != nil {
		return rule, nil, err
	}

	rule.GID, err = lsGetInt(globalTS, iter, COL_NO_GID)
	if err != nil {
		return rule, nil, err
	}

	rule.Origin, err = lsGetStr(globalTS, iter, COL_NO_ORIGIN)
	if err != nil {
		return rule, nil, err
	}

	rule.Timestamp, err = lsGetStr(globalTS, iter, COL_NO_TIMESTAMP)
	if err != nil {
		return rule, nil, err
	}

	rule.IsSocks = false
	is_socks, err := lsGetInt(globalTS, iter, COL_NO_IS_SOCKS)
	if err != nil {
		return rule, nil, err
	}

	if is_socks != 0 {
		rule.IsSocks = true
	}

	rule.Scope, err = lsGetInt(globalTS, iter, COL_NO_ACTION)
	if err != nil {
		return rule, nil, err
	}

	return rule, iter, nil
}

// Needs to be locked by the caller
func getSelectedRule() (ruleColumns, int, int, error) {
	rule := ruleColumns{}

	sel, err := globalTV.GetSelection()
	if err != nil {
		return rule, -1, -1, err
	}

	rows := sel.GetSelectedRows(globalTS)

	if rows.Length() <= 0 {
		return rule, -1, -1, errors.New("no selection was made")
	}

	rdata := rows.NthData(0)
	tpath := rdata.(*gtk.TreePath).String()

	subidx := -1
	ptoks := strings.Split(tpath, ":")

	if len(ptoks) > 2 {
		return rule, -1, -1, errors.New("internal error parsing selected item tree path")
	} else if len(ptoks) == 2 {
		subidx, err = strconv.Atoi(ptoks[1])
		if err != nil {
			return rule, -1, -1, err
		}
		tpath = ptoks[0]
	}

	lIndex, err := strconv.Atoi(tpath)
	if err != nil {
		return rule, -1, -1, err
	}

	//	fmt.Printf("lindex = %d : %d\n", lIndex, subidx)
	rule, _, err = getRuleByIdx(lIndex, subidx)
	if err != nil {
		return rule, -1, -1, err
	}

	return rule, lIndex, subidx, nil
}

func buttonAction(action string) {
	globalPromptLock.Lock()
	rule, idx, subidx, err := getSelectedRule()
	if err != nil {
		globalPromptLock.Unlock()
		promptError("Error occurred processing request: " + err.Error())
		return
	}

	urule, err := createCurrentRule()
	if err != nil {
		globalPromptLock.Unlock()
		promptError("Error occurred constructing new rule: " + err.Error())
		return
	}

	// Overlay the rules
	rule.Scope = urule.Scope
	//rule.Path = urule.Path
	rule.Port = urule.Port
	rule.Target = urule.Target
	rule.Proto = urule.Proto
	// rule.UID = urule.UID
	// rule.GID = urule.GID
	// rule.Uname = urule.Uname
	// rule.Gname = urule.Gname
	rule.ForceTLS = urule.ForceTLS

	fmt.Println("rule = ", rule)
	rulestr := action

	if action == "ALLOW" && rule.ForceTLS {
		rulestr += "_TLSONLY"
	}

	rulestr += "|" + rule.Proto + ":" + rule.Target + ":" + strconv.Itoa(rule.Port)
	rulestr += "|" + sgfw.RuleModeString[sgfw.RuleMode(rule.Scope)]
	fmt.Println("RULESTR = ", rulestr)
	makeDecision(rulestr, int(rule.Scope), rule.GUID)
	err = removeSelectedRule(idx, subidx)
	addRecentlyRemoved(rule.GUID)
	globalPromptLock.Unlock()
	if err == nil {
		clearEditor()
	} else {
		promptError("Error setting new rule: " + err.Error())
	}

}

func main() {
	_, err := newDbusServer()
	if err != nil {
		log.Fatal("Error:", err)
		return
	}

	dbuso, err = newDbusObjectAdd()
	if err != nil {
		log.Fatal("Failed to connect to dbus system bus: %v", err)
	}

	loadPreferences()
	gtk.Init(nil)

	// Create a new toplevel window, set its title, and connect it to the "destroy" signal to exit the GTK main loop when it is destroyed.
	mainWin, err = gtk.WindowNew(gtk.WINDOW_TOPLEVEL)

	if err != nil {
		log.Fatal("Unable to create window:", err)
	}

	mainWin.SetTitle("SGOS fw-daemon Prompter")

	mainWin.Connect("destroy", func() {
		fmt.Println("Shutting down...")
		savePreferences()
		gtk.MainQuit()
	})

	mainWin.Connect("configure-event", func() {
		w, h := mainWin.GetSize()
		userPrefs.Winwidth, userPrefs.Winheight = uint(w), uint(h)
		l, t := mainWin.GetPosition()
		userPrefs.Winleft, userPrefs.Wintop = uint(l), uint(t)
	})

	mainWin.SetPosition(gtk.WIN_POS_CENTER)

	Notebook, err = gtk.NotebookNew()

	if err != nil {
		log.Fatal("Unable to create new notebook:", err)
	}

	loglevel := "Firewall Traffic Pending Approval"

	nbLabel, err := gtk.LabelNew(loglevel)

	if err != nil {
		log.Fatal("Unable to create notebook label:", err)
	}

	box, err := gtk.BoxNew(gtk.ORIENTATION_VERTICAL, 0)

	if err != nil {
		log.Fatal("Unable to create box:", err)
	}

	scrollbox, err := gtk.ScrolledWindowNew(nil, nil)

	if err != nil {
		log.Fatal("Unable to create scrolled window:", err)
	}

	tv, err := gtk.TreeViewNew()

	if err != nil {
		log.Fatal("Unable to create treeview:", err)
	}

	globalTV = tv
	tv.SetSizeRequest(300, 300)
	tv.SetHeadersClickable(true)

	btnApprove, err = gtk.ButtonNewWithLabel("Approve")
	if err != nil {
		log.Fatal("Unable to create button:", err)
	}

	btnDeny, err = gtk.ButtonNewWithLabel("Deny")
	if err != nil {
		log.Fatal("Unable to create button:", err)
	}

	btnIgnore, err = gtk.ButtonNewWithLabel("Ignore")
	if err != nil {
		log.Fatal("Unable to create button:", err)
	}

	btnApprove.SetSensitive(false)
	btnDeny.SetSensitive(false)
	btnIgnore.SetSensitive(false)

	bb := get_hbox()
	bb.PackStart(btnApprove, false, false, 5)
	bb.PackStart(btnDeny, false, false, 5)
	bb.PackStart(btnIgnore, false, false, 5)

	editbox := get_vbox()
	hbox := get_hbox()
	lbl := get_label("Application path:")

	globalIcon, err = gtk.ImageNew()
	if err != nil {
		log.Fatal("Unable to create image:", err)
	}

	//	globalIcon.SetFromIconName("firefox", gtk.ICON_SIZE_DND)
	editApp = get_entry("")
	editApp.SetEditable(false)
	editApp.Connect("changed", toggleValidRuleState)
	hbox.PackStart(lbl, false, false, 10)
	hbox.PackStart(editApp, true, true, 10)
	hbox.PackStart(globalIcon, false, false, 10)
	editbox.PackStart(hbox, false, false, 5)

	hbox = get_hbox()
	lbl = get_label("Target host/IP:")
	editTarget = get_entry("")
	editTarget.Connect("changed", toggleValidRuleState)
	hbox.PackStart(lbl, false, false, 10)
	hbox.PackStart(editTarget, false, false, 5)
	lbl = get_label("Port:")
	editPort = get_entry("")
	editPort.Connect("changed", toggleValidRuleState)
	hbox.PackStart(lbl, false, false, 5)
	hbox.PackStart(editPort, false, false, 5)
	lbl = get_label("Protocol:")
	comboProto = get_combobox()
	hbox.PackStart(lbl, false, true, 5)
	hbox.PackStart(comboProto, false, false, 5)
	editbox.PackStart(hbox, false, false, 5)

	hbox = get_hbox()
	lbl = get_label("Apply rule:")
	radioOnce = get_radiobutton(nil, "Once", true)
	radioProcess = get_radiobutton(radioOnce, "This Process", false)
	radioParent = get_radiobutton(radioOnce, "Parent Process", false)
	radioSession = get_radiobutton(radioOnce, "Session", false)
	radioPermanent = get_radiobutton(radioOnce, "Permanent", false)
	radioParent.SetSensitive(false)
	chkTLS = get_checkbox("Require TLS", false)
	hbox.PackStart(chkTLS, false, false, 10)
	hbox.PackStart(lbl, false, false, 20)
	hbox.PackStart(radioOnce, false, false, 5)
	hbox.PackStart(radioProcess, false, false, 5)
	hbox.PackStart(radioParent, false, false, 5)
	hbox.PackStart(radioSession, false, false, 5)
	hbox.PackStart(radioPermanent, false, false, 5)
	editbox.PackStart(hbox, false, false, 5)

	hbox = get_hbox()
	chkUser = get_checkbox("Apply to UID/username", false)
	chkUser.Connect("toggled", toggleValidRuleState)
	editUser = get_entry("")
	editUser.Connect("changed", toggleValidRuleState)
	hbox.PackStart(chkUser, false, false, 10)
	hbox.PackStart(editUser, false, false, 10)
	chkGroup = get_checkbox("Apply to GID/group:", false)
	chkGroup.Connect("toggled", toggleValidRuleState)
	editGroup = get_entry("")
	editGroup.Connect("changed", toggleValidRuleState)
	hbox.PackStart(chkGroup, false, false, 10)
	hbox.PackStart(editGroup, false, false, 10)
	editbox.PackStart(hbox, false, false, 5)

	box.PackStart(bb, false, false, 5)
	box.PackStart(editbox, false, false, 5)
	scrollbox.Add(tv)
	//	box.PackStart(tv, false, true, 5)
	box.PackStart(scrollbox, false, true, 5)

	tv.AppendColumn(createColumnText("#", COL_NO_NREFS))
	tv.AppendColumn(createColumnImg("", COL_NO_ICON_PIXBUF))

	guidcol := createColumnText("GUID", COL_NO_GUID)
	guidcol.SetVisible(false)
	tv.AppendColumn(guidcol)

	tv.AppendColumn(createColumnText("Path", COL_NO_PATH))

	icol := createColumnText("Icon", COL_NO_ICON)
	icol.SetVisible(false)
	tv.AppendColumn(icol)

	tv.AppendColumn(createColumnText("Protocol", COL_NO_PROTO))
	tv.AppendColumn(createColumnText("PID", COL_NO_PID))
	tv.AppendColumn(createColumnText("IP Address", COL_NO_DSTIP))
	tv.AppendColumn(createColumnText("Hostname", COL_NO_HOSTNAME))
	tv.AppendColumn(createColumnText("Port", COL_NO_PORT))
	tv.AppendColumn(createColumnText("UID", COL_NO_UID))
	tv.AppendColumn(createColumnText("GID", COL_NO_GID))
	tv.AppendColumn(createColumnText("Origin", COL_NO_ORIGIN))
	tv.AppendColumn(createColumnText("Timestamp", COL_NO_TIMESTAMP))

	scol := createColumnText("Is SOCKS", COL_NO_IS_SOCKS)
	scol.SetVisible(false)
	tv.AppendColumn(scol)

	tv.AppendColumn(createColumnText("Details", COL_NO_OPTSTRING))

	acol := createColumnText("Scope", COL_NO_ACTION)
	acol.SetVisible(false)
	tv.AppendColumn(acol)

	treeStore := createTreeStore(true)
	globalTS = treeStore

	tv.SetModel(treeStore)

	btnApprove.Connect("clicked", func() {
		buttonAction("ALLOW")
	})
	btnDeny.Connect("clicked", func() {
		buttonAction("DENY")
	})
	//	btnIgnore.Connect("clicked", buttonAction)

	//	tv.SetActivateOnSingleClick(true)
	tv.Connect("row-activated", func() {
		globalPromptLock.Lock()
		seldata, _, _, err := getSelectedRule()
		globalPromptLock.Unlock()
		if err != nil {
			promptError("Unexpected error reading selected rule: " + err.Error())
			return
		}

		editApp.SetText(seldata.Path)

		if seldata.Icon != "" {
			globalIcon.SetFromIconName(seldata.Icon, gtk.ICON_SIZE_DND)
		} else {
			globalIcon.Clear()
		}

		if seldata.Hostname != "" {
			editTarget.SetText(seldata.Hostname)
		} else {
			editTarget.SetText(seldata.Target)
		}

		editPort.SetText(strconv.Itoa(seldata.Port))
		radioOnce.SetActive(seldata.Scope == int(sgfw.APPLY_ONCE))
		radioProcess.SetSensitive(seldata.Scope == int(sgfw.APPLY_PROCESS))
		radioParent.SetActive(false)
		radioSession.SetActive(seldata.Scope == int(sgfw.APPLY_SESSION))
		radioPermanent.SetActive(seldata.Scope == int(sgfw.APPLY_FOREVER))

		comboProto.SetActiveID(seldata.Proto)
		chkTLS.SetActive(seldata.IsSocks)

		if seldata.Uname != "" {
			editUser.SetText(seldata.Uname)
		} else if seldata.UID != -1 {
			editUser.SetText(strconv.Itoa(seldata.UID))
		} else {
			editUser.SetText("")
		}

		if seldata.Gname != "" {
			editGroup.SetText(seldata.Gname)
		} else if seldata.GID != -1 {
			editGroup.SetText(strconv.Itoa(seldata.GID))
		} else {
			editGroup.SetText("")
		}

		chkUser.SetActive(false)
		chkGroup.SetActive(false)
		return
	})

	scrollbox.SetSizeRequest(600, 400)
	//	Notebook.AppendPage(scrollbox, nbLabel)
	Notebook.AppendPage(box, nbLabel)
	//		setup_settings()
	mainWin.Add(Notebook)

	if userPrefs.Winheight > 0 && userPrefs.Winwidth > 0 {
		// fmt.Printf("height was %d, width was %d\n", userPrefs.Winheight, userPrefs.Winwidth)
		mainWin.Resize(int(userPrefs.Winwidth), int(userPrefs.Winheight))
	} else {
		mainWin.SetDefaultSize(850, 450)
	}

	if userPrefs.Wintop > 0 && userPrefs.Winleft > 0 {
		mainWin.Move(int(userPrefs.Winleft), int(userPrefs.Wintop))
	}

	mainWin.ShowAll()
	//	mainWin.SetKeepAbove(true)

	var dres bool
	call := dbuso.Call("GetPendingRequests", 0, "*")
	err = call.Store(&dres)
	if err != nil {
		errmsg := "Could not query running SGFW instance (maybe it's not running?): " + err.Error()
		promptError(errmsg)
	} else if !dres {
		promptError("Call to sgfw did not succeed; fw-prompt may have loaded without retrieving all pending connections")
	}

	gtk.Main()
}