Settings: adding sandbox and allow tls to rule edit...

shw-merge
xSmurf 7 years ago
parent ef9a0a22c2
commit 119344dbfc

@ -98,6 +98,7 @@
<property name="active">0</property> <property name="active">0</property>
<items> <items>
<item id="allow" translatable="yes">Allow</item> <item id="allow" translatable="yes">Allow</item>
<item id="allow_tls" translatable="yes">Allow TLS Only</item>
<item id="deny" translatable="yes">Deny</item> <item id="deny" translatable="yes">Deny</item>
</items> </items>
</object> </object>
@ -162,7 +163,7 @@
</object> </object>
<packing> <packing>
<property name="left_attach">0</property> <property name="left_attach">0</property>
<property name="top_attach">2</property> <property name="top_attach">3</property>
<property name="width">2</property> <property name="width">2</property>
</packing> </packing>
</child> </child>
@ -184,6 +185,34 @@
<property name="top_attach">1</property> <property name="top_attach">1</property>
</packing> </packing>
</child> </child>
<child>
<object class="GtkLabel" id="sandbox_title">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="halign">start</property>
<property name="hexpand">False</property>
<property name="label" translatable="yes">Sandbox:</property>
<attributes>
<attribute name="weight" value="bold"/>
</attributes>
</object>
<packing>
<property name="left_attach">0</property>
<property name="top_attach">2</property>
</packing>
</child>
<child>
<object class="GtkLabel" id="sandbox_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="halign">start</property>
<property name="hexpand">True</property>
</object>
<packing>
<property name="left_attach">1</property>
<property name="top_attach">2</property>
</packing>
</child>
</object> </object>
<packing> <packing>
<property name="expand">False</property> <property name="expand">False</property>

@ -108,6 +108,7 @@ func (*defRuleEdit) String() string {
<property name="active">0</property> <property name="active">0</property>
<items> <items>
<item id="allow" translatable="yes">Allow</item> <item id="allow" translatable="yes">Allow</item>
<item id="allow_tls" translatable="yes">Allow TLS Only</item>
<item id="deny" translatable="yes">Deny</item> <item id="deny" translatable="yes">Deny</item>
</items> </items>
</object> </object>
@ -172,7 +173,7 @@ func (*defRuleEdit) String() string {
</object> </object>
<packing> <packing>
<property name="left_attach">0</property> <property name="left_attach">0</property>
<property name="top_attach">2</property> <property name="top_attach">3</property>
<property name="width">2</property> <property name="width">2</property>
</packing> </packing>
</child> </child>
@ -194,6 +195,34 @@ func (*defRuleEdit) String() string {
<property name="top_attach">1</property> <property name="top_attach">1</property>
</packing> </packing>
</child> </child>
<child>
<object class="GtkLabel" id="sandbox_title">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="halign">start</property>
<property name="hexpand">False</property>
<property name="label" translatable="yes">Sandbox:</property>
<attributes>
<attribute name="weight" value="bold"/>
</attributes>
</object>
<packing>
<property name="left_attach">0</property>
<property name="top_attach">2</property>
</packing>
</child>
<child>
<object class="GtkLabel" id="sandbox_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="halign">start</property>
<property name="hexpand">True</property>
</object>
<packing>
<property name="left_attach">1</property>
<property name="top_attach">2</property>
</packing>
</child>
</object> </object>
<packing> <packing>
<property name="expand">False</property> <property name="expand">False</property>

@ -18,13 +18,15 @@ const (
) )
type ruleEdit struct { type ruleEdit struct {
row *ruleRow row *ruleRow
dialog *gtk.Dialog dialog *gtk.Dialog
pathLabel *gtk.Label pathLabel *gtk.Label
verbCombo *gtk.ComboBoxText sandboxLabel *gtk.Label
hostEntry *gtk.Entry sandboxTitle *gtk.Label
portEntry *gtk.Entry verbCombo *gtk.ComboBoxText
ok *gtk.Button hostEntry *gtk.Entry
portEntry *gtk.Entry
ok *gtk.Button
} }
func newRuleEdit(rr *ruleRow, saveasnew bool) *ruleEdit { func newRuleEdit(rr *ruleRow, saveasnew bool) *ruleEdit {
@ -33,6 +35,8 @@ func newRuleEdit(rr *ruleRow, saveasnew bool) *ruleEdit {
b.getItems( b.getItems(
"dialog", &redit.dialog, "dialog", &redit.dialog,
"path_label", &redit.pathLabel, "path_label", &redit.pathLabel,
"sandbox_label", &redit.sandboxLabel,
"sandbox_title", &redit.sandboxTitle,
"verb_combo", &redit.verbCombo, "verb_combo", &redit.verbCombo,
"host_entry", &redit.hostEntry, "host_entry", &redit.hostEntry,
"port_entry", &redit.portEntry, "port_entry", &redit.portEntry,
@ -54,9 +58,17 @@ func (re *ruleEdit) updateDialogFields() {
re.pathLabel.SetText(r.Path) re.pathLabel.SetText(r.Path)
if sgfw.RuleAction(r.Verb) == sgfw.RULE_ACTION_ALLOW { if sgfw.RuleAction(r.Verb) == sgfw.RULE_ACTION_ALLOW {
re.verbCombo.SetActiveID("allow") re.verbCombo.SetActiveID("allow")
} else if sgfw.RuleAction(r.Verb) == sgfw.RULE_ACTION_ALLOW_TLSONLY {
re.verbCombo.SetActiveID("allow_tls")
} else { } else {
re.verbCombo.SetActiveID("deny") re.verbCombo.SetActiveID("deny")
} }
if r.Sandbox != "" {
re.sandboxLabel.SetText(r.Sandbox)
} else {
re.sandboxLabel.SetVisible(false)
re.sandboxTitle.SetVisible(false)
}
target := strings.Split(r.Target, ":") target := strings.Split(r.Target, ":")
if len(target) != 2 { if len(target) != 2 {
return return
@ -67,7 +79,7 @@ func (re *ruleEdit) updateDialogFields() {
func (re *ruleEdit) validateFields() bool { func (re *ruleEdit) validateFields() bool {
id := re.verbCombo.GetActiveID() id := re.verbCombo.GetActiveID()
if id != "allow" && id != "deny" { if id != "allow" && id != "allow_tls" && id != "deny" {
return false return false
} }
host, _ := re.hostEntry.GetText() host, _ := re.hostEntry.GetText()
@ -121,6 +133,8 @@ func (re *ruleEdit) updateRow() {
switch re.verbCombo.GetActiveID() { switch re.verbCombo.GetActiveID() {
case "allow": case "allow":
r.Verb = uint16(sgfw.RULE_ACTION_ALLOW) r.Verb = uint16(sgfw.RULE_ACTION_ALLOW)
case "allow_tls":
r.Verb = uint16(sgfw.RULE_ACTION_ALLOW_TLSONLY)
case "deny": case "deny":
r.Verb = uint16(sgfw.RULE_ACTION_DENY) r.Verb = uint16(sgfw.RULE_ACTION_DENY)
} }

@ -135,6 +135,9 @@ func getVerbText(rule *sgfw.DbusRule) string {
if sgfw.RuleAction(rule.Verb) == sgfw.RULE_ACTION_ALLOW { if sgfw.RuleAction(rule.Verb) == sgfw.RULE_ACTION_ALLOW {
return sgfw.RuleActionString[sgfw.RULE_ACTION_ALLOW] + ":" return sgfw.RuleActionString[sgfw.RULE_ACTION_ALLOW] + ":"
} }
if sgfw.RuleAction(rule.Verb) == sgfw.RULE_ACTION_ALLOW_TLSONLY {
return sgfw.RuleActionString[sgfw.RULE_ACTION_ALLOW_TLSONLY] + ":"
}
return sgfw.RuleActionString[sgfw.RULE_ACTION_DENY] + ":" return sgfw.RuleActionString[sgfw.RULE_ACTION_DENY] + ":"
} }
@ -180,11 +183,24 @@ func (rr *ruleRow) onEdit() {
} }
func (rr *ruleRow) onDelete() { func (rr *ruleRow) onDelete() {
body := fmt.Sprintf(`Are you sure you want to delete this rule: var body string
if rr.rule.Sandbox != "" {
ss := `Are you sure you want to delete this rule:
<b>Path:</b> %s <b>Path:</b> %s
<b>Rule:</b> %s %s`, rr.rule.Path, getVerbText(rr.rule), getTargetText(rr.rule)) <b>Sandbox:</b> %s
<b>Rule:</b> %s %s`
body = fmt.Sprintf(ss, rr.rule.Path, rr.rule.Sandbox, getVerbText(rr.rule), getTargetText(rr.rule))
} else {
ss := `Are you sure you want to delete this rule:
<b>Path:</b> %s
<b>Rule:</b> %s %s`
body = fmt.Sprintf(ss, rr.rule.Path, getVerbText(rr.rule), getTargetText(rr.rule))
}
d := gtk.MessageDialogNewWithMarkup( d := gtk.MessageDialogNewWithMarkup(
rr.rl.win, rr.rl.win,
gtk.DIALOG_DESTROY_WITH_PARENT, gtk.DIALOG_DESTROY_WITH_PARENT,

@ -130,17 +130,18 @@ var FilterResultValue = map[string]FilterResult{
// DbusRule struct of the rule passed to the dbus interface // DbusRule struct of the rule passed to the dbus interface
type DbusRule struct { type DbusRule struct {
ID uint32 ID uint32
Net string Net string
Origin string Origin string
Proto string Proto string
Pid uint32 Pid uint32
Privs string Privs string
App string App string
Path string Path string
Verb uint16 Verb uint16
Target string Target string
Mode uint16 Mode uint16
Sandbox string
} }
/*const ( /*const (

@ -153,18 +153,20 @@ func createDbusRule(r *Rule) DbusRule {
} else if r.gid >= 0 { } else if r.gid >= 0 {
pstr += ":" + strconv.Itoa(r.gid) pstr += ":" + strconv.Itoa(r.gid)
} }
log.Debugf("SANDBOX SANDBOX SANDBOX: %s", r.sandbox)
return DbusRule{ return DbusRule{
ID: uint32(r.id), ID: uint32(r.id),
Net: netstr, Net: netstr,
Origin: ostr, Origin: ostr,
Proto: r.proto, Proto: r.proto,
Pid: uint32(r.pid), Pid: uint32(r.pid),
Privs: pstr, Privs: pstr,
App: path.Base(r.policy.path), App: path.Base(r.policy.path),
Path: r.policy.path, Path: r.policy.path,
Verb: uint16(r.rtype), Verb: uint16(r.rtype),
Target: r.AddrString(false), Target: r.AddrString(false),
Mode: uint16(r.mode), Mode: uint16(r.mode),
Sandbox: r.sandbox,
} }
} }
@ -223,6 +225,7 @@ func (ds *dbusServer) UpdateRule(rule DbusRule) *dbus.Error {
r.addr = tmp.addr r.addr = tmp.addr
r.port = tmp.port r.port = tmp.port
r.mode = RuleMode(rule.Mode) r.mode = RuleMode(rule.Mode)
r.sandbox = rule.Sandbox
r.policy.lock.Unlock() r.policy.lock.Unlock()
if r.mode != RULE_MODE_SESSION { if r.mode != RULE_MODE_SESSION {
ds.fw.saveRules() ds.fw.saveRules()

@ -187,16 +187,16 @@ func (rl *RuleList) filter(pkt *nfqueue.NFQPacket, src, dst net.IP, dstPort uint
if pkt != nil { if pkt != nil {
nfqproto = getNFQProto(pkt) nfqproto = getNFQProto(pkt)
} else { } else {
log.Noticef("Weird state: %v %v %v %v",r.port, dstPort, hostname, r.hostname) log.Noticef("Weird state: %v %v %v %v", r.port, dstPort, hostname, r.hostname)
if (r.saddr == nil && src == nil && sandboxed == false && (r.port == dstPort || r.port == matchAny) && (r.addr.Equal(anyAddress) || r.hostname == "" || r.hostname == hostname)) { if r.saddr == nil && src == nil && sandboxed == false && (r.port == dstPort || r.port == matchAny) && (r.addr.Equal(anyAddress) || r.hostname == "" || r.hostname == hostname) {
log.Notice("+ Socks5 MATCH SUCCEEDED") log.Notice("+ Socks5 MATCH SUCCEEDED")
if r.rtype == RULE_ACTION_DENY { if r.rtype == RULE_ACTION_DENY {
return FILTER_DENY return FILTER_DENY
} else if r.rtype == RULE_ACTION_ALLOW { } else if r.rtype == RULE_ACTION_ALLOW {
return FILTER_ALLOW return FILTER_ALLOW
} else if r.rtype == RULE_ACTION_ALLOW_TLSONLY { } else if r.rtype == RULE_ACTION_ALLOW_TLSONLY {
return FILTER_ALLOW_TLSONLY return FILTER_ALLOW_TLSONLY
} }
} else { } else {
return FILTER_PROMPT return FILTER_PROMPT
} }

Loading…
Cancel
Save