Settings: adding sandbox and allow tls to rule edit...

shw-merge
xSmurf 7 years ago
parent ef9a0a22c2
commit 119344dbfc

@ -98,6 +98,7 @@
<property name="active">0</property> <property name="active">0</property>
<items> <items>
<item id="allow" translatable="yes">Allow</item> <item id="allow" translatable="yes">Allow</item>
<item id="allow_tls" translatable="yes">Allow TLS Only</item>
<item id="deny" translatable="yes">Deny</item> <item id="deny" translatable="yes">Deny</item>
</items> </items>
</object> </object>
@ -162,7 +163,7 @@
</object> </object>
<packing> <packing>
<property name="left_attach">0</property> <property name="left_attach">0</property>
<property name="top_attach">2</property> <property name="top_attach">3</property>
<property name="width">2</property> <property name="width">2</property>
</packing> </packing>
</child> </child>
@ -184,6 +185,34 @@
<property name="top_attach">1</property> <property name="top_attach">1</property>
</packing> </packing>
</child> </child>
<child>
<object class="GtkLabel" id="sandbox_title">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="halign">start</property>
<property name="hexpand">False</property>
<property name="label" translatable="yes">Sandbox:</property>
<attributes>
<attribute name="weight" value="bold"/>
</attributes>
</object>
<packing>
<property name="left_attach">0</property>
<property name="top_attach">2</property>
</packing>
</child>
<child>
<object class="GtkLabel" id="sandbox_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="halign">start</property>
<property name="hexpand">True</property>
</object>
<packing>
<property name="left_attach">1</property>
<property name="top_attach">2</property>
</packing>
</child>
</object> </object>
<packing> <packing>
<property name="expand">False</property> <property name="expand">False</property>

@ -108,6 +108,7 @@ func (*defRuleEdit) String() string {
<property name="active">0</property> <property name="active">0</property>
<items> <items>
<item id="allow" translatable="yes">Allow</item> <item id="allow" translatable="yes">Allow</item>
<item id="allow_tls" translatable="yes">Allow TLS Only</item>
<item id="deny" translatable="yes">Deny</item> <item id="deny" translatable="yes">Deny</item>
</items> </items>
</object> </object>
@ -172,7 +173,7 @@ func (*defRuleEdit) String() string {
</object> </object>
<packing> <packing>
<property name="left_attach">0</property> <property name="left_attach">0</property>
<property name="top_attach">2</property> <property name="top_attach">3</property>
<property name="width">2</property> <property name="width">2</property>
</packing> </packing>
</child> </child>
@ -194,6 +195,34 @@ func (*defRuleEdit) String() string {
<property name="top_attach">1</property> <property name="top_attach">1</property>
</packing> </packing>
</child> </child>
<child>
<object class="GtkLabel" id="sandbox_title">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="halign">start</property>
<property name="hexpand">False</property>
<property name="label" translatable="yes">Sandbox:</property>
<attributes>
<attribute name="weight" value="bold"/>
</attributes>
</object>
<packing>
<property name="left_attach">0</property>
<property name="top_attach">2</property>
</packing>
</child>
<child>
<object class="GtkLabel" id="sandbox_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="halign">start</property>
<property name="hexpand">True</property>
</object>
<packing>
<property name="left_attach">1</property>
<property name="top_attach">2</property>
</packing>
</child>
</object> </object>
<packing> <packing>
<property name="expand">False</property> <property name="expand">False</property>

@ -21,6 +21,8 @@ type ruleEdit struct {
row *ruleRow row *ruleRow
dialog *gtk.Dialog dialog *gtk.Dialog
pathLabel *gtk.Label pathLabel *gtk.Label
sandboxLabel *gtk.Label
sandboxTitle *gtk.Label
verbCombo *gtk.ComboBoxText verbCombo *gtk.ComboBoxText
hostEntry *gtk.Entry hostEntry *gtk.Entry
portEntry *gtk.Entry portEntry *gtk.Entry
@ -33,6 +35,8 @@ func newRuleEdit(rr *ruleRow, saveasnew bool) *ruleEdit {
b.getItems( b.getItems(
"dialog", &redit.dialog, "dialog", &redit.dialog,
"path_label", &redit.pathLabel, "path_label", &redit.pathLabel,
"sandbox_label", &redit.sandboxLabel,
"sandbox_title", &redit.sandboxTitle,
"verb_combo", &redit.verbCombo, "verb_combo", &redit.verbCombo,
"host_entry", &redit.hostEntry, "host_entry", &redit.hostEntry,
"port_entry", &redit.portEntry, "port_entry", &redit.portEntry,
@ -54,9 +58,17 @@ func (re *ruleEdit) updateDialogFields() {
re.pathLabel.SetText(r.Path) re.pathLabel.SetText(r.Path)
if sgfw.RuleAction(r.Verb) == sgfw.RULE_ACTION_ALLOW { if sgfw.RuleAction(r.Verb) == sgfw.RULE_ACTION_ALLOW {
re.verbCombo.SetActiveID("allow") re.verbCombo.SetActiveID("allow")
} else if sgfw.RuleAction(r.Verb) == sgfw.RULE_ACTION_ALLOW_TLSONLY {
re.verbCombo.SetActiveID("allow_tls")
} else { } else {
re.verbCombo.SetActiveID("deny") re.verbCombo.SetActiveID("deny")
} }
if r.Sandbox != "" {
re.sandboxLabel.SetText(r.Sandbox)
} else {
re.sandboxLabel.SetVisible(false)
re.sandboxTitle.SetVisible(false)
}
target := strings.Split(r.Target, ":") target := strings.Split(r.Target, ":")
if len(target) != 2 { if len(target) != 2 {
return return
@ -67,7 +79,7 @@ func (re *ruleEdit) updateDialogFields() {
func (re *ruleEdit) validateFields() bool { func (re *ruleEdit) validateFields() bool {
id := re.verbCombo.GetActiveID() id := re.verbCombo.GetActiveID()
if id != "allow" && id != "deny" { if id != "allow" && id != "allow_tls" && id != "deny" {
return false return false
} }
host, _ := re.hostEntry.GetText() host, _ := re.hostEntry.GetText()
@ -121,6 +133,8 @@ func (re *ruleEdit) updateRow() {
switch re.verbCombo.GetActiveID() { switch re.verbCombo.GetActiveID() {
case "allow": case "allow":
r.Verb = uint16(sgfw.RULE_ACTION_ALLOW) r.Verb = uint16(sgfw.RULE_ACTION_ALLOW)
case "allow_tls":
r.Verb = uint16(sgfw.RULE_ACTION_ALLOW_TLSONLY)
case "deny": case "deny":
r.Verb = uint16(sgfw.RULE_ACTION_DENY) r.Verb = uint16(sgfw.RULE_ACTION_DENY)
} }

@ -135,6 +135,9 @@ func getVerbText(rule *sgfw.DbusRule) string {
if sgfw.RuleAction(rule.Verb) == sgfw.RULE_ACTION_ALLOW { if sgfw.RuleAction(rule.Verb) == sgfw.RULE_ACTION_ALLOW {
return sgfw.RuleActionString[sgfw.RULE_ACTION_ALLOW] + ":" return sgfw.RuleActionString[sgfw.RULE_ACTION_ALLOW] + ":"
} }
if sgfw.RuleAction(rule.Verb) == sgfw.RULE_ACTION_ALLOW_TLSONLY {
return sgfw.RuleActionString[sgfw.RULE_ACTION_ALLOW_TLSONLY] + ":"
}
return sgfw.RuleActionString[sgfw.RULE_ACTION_DENY] + ":" return sgfw.RuleActionString[sgfw.RULE_ACTION_DENY] + ":"
} }
@ -180,11 +183,24 @@ func (rr *ruleRow) onEdit() {
} }
func (rr *ruleRow) onDelete() { func (rr *ruleRow) onDelete() {
body := fmt.Sprintf(`Are you sure you want to delete this rule: var body string
if rr.rule.Sandbox != "" {
ss := `Are you sure you want to delete this rule:
<b>Path:</b> %s <b>Path:</b> %s
<b>Rule:</b> %s %s`, rr.rule.Path, getVerbText(rr.rule), getTargetText(rr.rule)) <b>Sandbox:</b> %s
<b>Rule:</b> %s %s`
body = fmt.Sprintf(ss, rr.rule.Path, rr.rule.Sandbox, getVerbText(rr.rule), getTargetText(rr.rule))
} else {
ss := `Are you sure you want to delete this rule:
<b>Path:</b> %s
<b>Rule:</b> %s %s`
body = fmt.Sprintf(ss, rr.rule.Path, getVerbText(rr.rule), getTargetText(rr.rule))
}
d := gtk.MessageDialogNewWithMarkup( d := gtk.MessageDialogNewWithMarkup(
rr.rl.win, rr.rl.win,
gtk.DIALOG_DESTROY_WITH_PARENT, gtk.DIALOG_DESTROY_WITH_PARENT,

@ -141,6 +141,7 @@ type DbusRule struct {
Verb uint16 Verb uint16
Target string Target string
Mode uint16 Mode uint16
Sandbox string
} }
/*const ( /*const (

@ -153,6 +153,7 @@ func createDbusRule(r *Rule) DbusRule {
} else if r.gid >= 0 { } else if r.gid >= 0 {
pstr += ":" + strconv.Itoa(r.gid) pstr += ":" + strconv.Itoa(r.gid)
} }
log.Debugf("SANDBOX SANDBOX SANDBOX: %s", r.sandbox)
return DbusRule{ return DbusRule{
ID: uint32(r.id), ID: uint32(r.id),
Net: netstr, Net: netstr,
@ -165,6 +166,7 @@ func createDbusRule(r *Rule) DbusRule {
Verb: uint16(r.rtype), Verb: uint16(r.rtype),
Target: r.AddrString(false), Target: r.AddrString(false),
Mode: uint16(r.mode), Mode: uint16(r.mode),
Sandbox: r.sandbox,
} }
} }
@ -223,6 +225,7 @@ func (ds *dbusServer) UpdateRule(rule DbusRule) *dbus.Error {
r.addr = tmp.addr r.addr = tmp.addr
r.port = tmp.port r.port = tmp.port
r.mode = RuleMode(rule.Mode) r.mode = RuleMode(rule.Mode)
r.sandbox = rule.Sandbox
r.policy.lock.Unlock() r.policy.lock.Unlock()
if r.mode != RULE_MODE_SESSION { if r.mode != RULE_MODE_SESSION {
ds.fw.saveRules() ds.fw.saveRules()

@ -188,7 +188,7 @@ func (rl *RuleList) filter(pkt *nfqueue.NFQPacket, src, dst net.IP, dstPort uint
nfqproto = getNFQProto(pkt) nfqproto = getNFQProto(pkt)
} else { } else {
log.Noticef("Weird state: %v %v %v %v", r.port, dstPort, hostname, r.hostname) log.Noticef("Weird state: %v %v %v %v", r.port, dstPort, hostname, r.hostname)
if (r.saddr == nil && src == nil && sandboxed == false && (r.port == dstPort || r.port == matchAny) && (r.addr.Equal(anyAddress) || r.hostname == "" || r.hostname == hostname)) { if r.saddr == nil && src == nil && sandboxed == false && (r.port == dstPort || r.port == matchAny) && (r.addr.Equal(anyAddress) || r.hostname == "" || r.hostname == hostname) {
log.Notice("+ Socks5 MATCH SUCCEEDED") log.Notice("+ Socks5 MATCH SUCCEEDED")
if r.rtype == RULE_ACTION_DENY { if r.rtype == RULE_ACTION_DENY {
return FILTER_DENY return FILTER_DENY

Loading…
Cancel
Save