matth
/
fw-daemon
mirror of https://github.com/subgraph/fw-daemon
1
1
Fork 0
Code Releases Activity

Settings: adding sandbox and allow tls to rule edit...

Browse Source
shw-merge
xSmurf 7 years ago
parent ef9a0a22c2
commit 119344dbfc
7 changed files with 135 additions and 43 deletions
Show Stats Download Patch File Download Diff File

31
fw-settings/definitions/RuleEdit.ui
Unescape View File

@ -98,6 +98,7 @@
<property name="active">0</property>
<items>
<item id="allow" translatable="yes">Allow</item>
<item id="allow_tls" translatable="yes">Allow TLS Only</item>
<item id="deny" translatable="yes">Deny</item>
</items>
</object>
@ -162,7 +163,7 @@
</object>
<packing>
<property name="left_attach">0</property>
<property name="top_attach">2</property>
<property name="top_attach">3</property>
<property name="width">2</property>
</packing>
</child>
@ -184,6 +185,34 @@
<property name="top_attach">1</property>
</packing>
</child>
<child>
<object class="GtkLabel" id="sandbox_title">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="halign">start</property>
<property name="hexpand">False</property>
<property name="label" translatable="yes">Sandbox:</property>
<attributes>
<attribute name="weight" value="bold"/>
</attributes>
</object>
<packing>
<property name="left_attach">0</property>
<property name="top_attach">2</property>
</packing>
</child>
<child>
<object class="GtkLabel" id="sandbox_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="halign">start</property>
<property name="hexpand">True</property>
</object>
<packing>
<property name="left_attach">1</property>
<property name="top_attach">2</property>
</packing>
</child>
</object>
<packing>
<property name="expand">False</property>

31
fw-settings/definitions/rule_edit.go
Unescape View File

@ -108,6 +108,7 @@ func (*defRuleEdit) String() string {
<property name="active">0</property>
<items>
<item id="allow" translatable="yes">Allow</item>
<item id="allow_tls" translatable="yes">Allow TLS Only</item>
<item id="deny" translatable="yes">Deny</item>
</items>
</object>
@ -172,7 +173,7 @@ func (*defRuleEdit) String() string {
</object>
<packing>
<property name="left_attach">0</property>
<property name="top_attach">2</property>
<property name="top_attach">3</property>
<property name="width">2</property>
</packing>
</child>
@ -194,6 +195,34 @@ func (*defRuleEdit) String() string {
<property name="top_attach">1</property>
</packing>
</child>
<child>
<object class="GtkLabel" id="sandbox_title">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="halign">start</property>
<property name="hexpand">False</property>
<property name="label" translatable="yes">Sandbox:</property>
<attributes>
<attribute name="weight" value="bold"/>
</attributes>
</object>
<packing>
<property name="left_attach">0</property>
<property name="top_attach">2</property>
</packing>
</child>
<child>
<object class="GtkLabel" id="sandbox_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="halign">start</property>
<property name="hexpand">True</property>
</object>
<packing>
<property name="left_attach">1</property>
<property name="top_attach">2</property>
</packing>
</child>
</object>
<packing>
<property name="expand">False</property>

30
fw-settings/rule_edit.go
Unescape View File

@ -18,13 +18,15 @@ const (
)
type ruleEdit struct {
row *ruleRow
dialog *gtk.Dialog
pathLabel *gtk.Label
verbCombo *gtk.ComboBoxText
hostEntry *gtk.Entry
portEntry *gtk.Entry
ok *gtk.Button
row *ruleRow
dialog *gtk.Dialog
pathLabel *gtk.Label
sandboxLabel *gtk.Label
sandboxTitle *gtk.Label
verbCombo *gtk.ComboBoxText
hostEntry *gtk.Entry
portEntry *gtk.Entry
ok *gtk.Button
}
func newRuleEdit(rr *ruleRow, saveasnew bool) *ruleEdit {
@ -33,6 +35,8 @@ func newRuleEdit(rr *ruleRow, saveasnew bool) *ruleEdit {
b.getItems(
"dialog", &redit.dialog,
"path_label", &redit.pathLabel,
"sandbox_label", &redit.sandboxLabel,
"sandbox_title", &redit.sandboxTitle,
"verb_combo", &redit.verbCombo,
"host_entry", &redit.hostEntry,
"port_entry", &redit.portEntry,
@ -54,9 +58,17 @@ func (re *ruleEdit) updateDialogFields() {
re.pathLabel.SetText(r.Path)
if sgfw.RuleAction(r.Verb) == sgfw.RULE_ACTION_ALLOW {
re.verbCombo.SetActiveID("allow")
} else if sgfw.RuleAction(r.Verb) == sgfw.RULE_ACTION_ALLOW_TLSONLY {
re.verbCombo.SetActiveID("allow_tls")
} else {
re.verbCombo.SetActiveID("deny")
}
if r.Sandbox != "" {
re.sandboxLabel.SetText(r.Sandbox)
} else {
re.sandboxLabel.SetVisible(false)
re.sandboxTitle.SetVisible(false)
}
target := strings.Split(r.Target, ":")
if len(target) != 2 {
return
@ -67,7 +79,7 @@ func (re *ruleEdit) updateDialogFields() {
func (re *ruleEdit) validateFields() bool {
id := re.verbCombo.GetActiveID()
if id != "allow" && id != "deny" {
if id != "allow" && id != "allow_tls" && id != "deny" {
return false
}
host, _ := re.hostEntry.GetText()
@ -121,6 +133,8 @@ func (re *ruleEdit) updateRow() {
switch re.verbCombo.GetActiveID() {
case "allow":
r.Verb = uint16(sgfw.RULE_ACTION_ALLOW)
case "allow_tls":
r.Verb = uint16(sgfw.RULE_ACTION_ALLOW_TLSONLY)
case "deny":
r.Verb = uint16(sgfw.RULE_ACTION_DENY)
}

20
fw-settings/rules.go
Unescape View File

@ -135,6 +135,9 @@ func getVerbText(rule *sgfw.DbusRule) string {
if sgfw.RuleAction(rule.Verb) == sgfw.RULE_ACTION_ALLOW {
return sgfw.RuleActionString[sgfw.RULE_ACTION_ALLOW] + ":"
}
if sgfw.RuleAction(rule.Verb) == sgfw.RULE_ACTION_ALLOW_TLSONLY {
return sgfw.RuleActionString[sgfw.RULE_ACTION_ALLOW_TLSONLY] + ":"
}
return sgfw.RuleActionString[sgfw.RULE_ACTION_DENY] + ":"
}
@ -180,11 +183,24 @@ func (rr *ruleRow) onEdit() {
}
func (rr *ruleRow) onDelete() {
body := fmt.Sprintf(`Are you sure you want to delete this rule:
var body string
if rr.rule.Sandbox != "" {
ss := `Are you sure you want to delete this rule:
<b>Path:</b> %s
<b>Rule:</b> %s %s`, rr.rule.Path, getVerbText(rr.rule), getTargetText(rr.rule))
<b>Sandbox:</b> %s
<b>Rule:</b> %s %s`
body = fmt.Sprintf(ss, rr.rule.Path, rr.rule.Sandbox, getVerbText(rr.rule), getTargetText(rr.rule))
} else {
ss := `Are you sure you want to delete this rule:
<b>Path:</b> %s
<b>Rule:</b> %s %s`
body = fmt.Sprintf(ss, rr.rule.Path, getVerbText(rr.rule), getTargetText(rr.rule))
}
d := gtk.MessageDialogNewWithMarkup(
rr.rl.win,
gtk.DIALOG_DESTROY_WITH_PARENT,

23
sgfw/const.go
Unescape View File

@ -130,17 +130,18 @@ var FilterResultValue = map[string]FilterResult{
// DbusRule struct of the rule passed to the dbus interface
type DbusRule struct {
ID uint32
Net string
Origin string
Proto string
Pid uint32
Privs string
App string
Path string
Verb uint16
Target string
Mode uint16
ID uint32
Net string
Origin string
Proto string
Pid uint32
Privs string
App string
Path string
Verb uint16
Target string
Mode uint16
Sandbox string
}
/*const (

25
sgfw/dbus.go
Unescape View File

@ -153,18 +153,20 @@ func createDbusRule(r *Rule) DbusRule {
} else if r.gid >= 0 {
pstr += ":" + strconv.Itoa(r.gid)
}
log.Debugf("SANDBOX SANDBOX SANDBOX: %s", r.sandbox)
return DbusRule{
ID: uint32(r.id),
Net: netstr,
Origin: ostr,
Proto: r.proto,
Pid: uint32(r.pid),
Privs: pstr,
App: path.Base(r.policy.path),
Path: r.policy.path,
Verb: uint16(r.rtype),
Target: r.AddrString(false),
Mode: uint16(r.mode),
ID: uint32(r.id),
Net: netstr,
Origin: ostr,
Proto: r.proto,
Pid: uint32(r.pid),
Privs: pstr,
App: path.Base(r.policy.path),
Path: r.policy.path,
Verb: uint16(r.rtype),
Target: r.AddrString(false),
Mode: uint16(r.mode),
Sandbox: r.sandbox,
}
}
@ -223,6 +225,7 @@ func (ds *dbusServer) UpdateRule(rule DbusRule) *dbus.Error {
r.addr = tmp.addr
r.port = tmp.port
r.mode = RuleMode(rule.Mode)
r.sandbox = rule.Sandbox
r.policy.lock.Unlock()
if r.mode != RULE_MODE_SESSION {
ds.fw.saveRules()

18
sgfw/rules.go
Unescape View File

@ -187,16 +187,16 @@ func (rl *RuleList) filter(pkt *nfqueue.NFQPacket, src, dst net.IP, dstPort uint
if pkt != nil {
nfqproto = getNFQProto(pkt)
} else {
log.Noticef("Weird state: %v %v %v %v",r.port, dstPort, hostname, r.hostname)
if (r.saddr == nil && src == nil && sandboxed == false && (r.port == dstPort || r.port == matchAny) && (r.addr.Equal(anyAddress) || r.hostname == "" || r.hostname == hostname)) {
log.Noticef("Weird state: %v %v %v %v", r.port, dstPort, hostname, r.hostname)
if r.saddr == nil && src == nil && sandboxed == false && (r.port == dstPort || r.port == matchAny) && (r.addr.Equal(anyAddress) || r.hostname == "" || r.hostname == hostname) {
log.Notice("+ Socks5 MATCH SUCCEEDED")
if r.rtype == RULE_ACTION_DENY {
return FILTER_DENY
} else if r.rtype == RULE_ACTION_ALLOW {
return FILTER_ALLOW
} else if r.rtype == RULE_ACTION_ALLOW_TLSONLY {
return FILTER_ALLOW_TLSONLY
}
if r.rtype == RULE_ACTION_DENY {
return FILTER_DENY
} else if r.rtype == RULE_ACTION_ALLOW {
return FILTER_ALLOW
} else if r.rtype == RULE_ACTION_ALLOW_TLSONLY {
return FILTER_ALLOW_TLSONLY
}
} else {
return FILTER_PROMPT
}

Write Preview
Loading…
Cancel
Save