Duplicate entries in fw-prompt are now displayed nested by changing GTK ListStore -> TreeStore

Fixed bad scope returned with new rules by fw-prompt
shw_dev
Stephen Watt 7 years ago
parent ae1f6f12d0
commit 2fb872d8ad

@ -3,11 +3,15 @@ fw-daemon:
remove all stale references to SANDBOX: rules/policyForPathAndSandbox() remove all stale references to SANDBOX: rules/policyForPathAndSandbox()
TLSGuard needs a lot of stuff removed
fw-prompt: fw-prompt:
scope returned by new rules is bad (always set to process) apply once rules still do not work because they the DBus invocation requires the guid to be passed
remove duplicate code for creating new treeview items
Each duplicate prompt needs to be expandable into individual items more nesting for similar prompts (by application, pid, target host, etc)
gnome-shell: gnome-shell:

@ -58,7 +58,7 @@ var dbuso *dbusObject
var userPrefs fpPreferences var userPrefs fpPreferences
var mainWin *gtk.Window var mainWin *gtk.Window
var Notebook *gtk.Notebook var Notebook *gtk.Notebook
var globalLS *gtk.ListStore = nil var globalTS *gtk.TreeStore = nil
var globalTV *gtk.TreeView var globalTV *gtk.TreeView
var globalPromptLock = &sync.Mutex{} var globalPromptLock = &sync.Mutex{}
var globalIcon *gtk.Image var globalIcon *gtk.Image
@ -316,39 +316,54 @@ func createColumn(title string, id int) *gtk.TreeViewColumn {
return column return column
} }
func createListStore(general bool) *gtk.ListStore { func createTreeStore(general bool) *gtk.TreeStore {
colData := []glib.Type{glib.TYPE_INT, glib.TYPE_STRING, glib.TYPE_STRING, glib.TYPE_STRING, glib.TYPE_STRING, glib.TYPE_INT, glib.TYPE_STRING, colData := []glib.Type{glib.TYPE_INT, glib.TYPE_STRING, glib.TYPE_STRING, glib.TYPE_STRING, glib.TYPE_STRING, glib.TYPE_INT, glib.TYPE_STRING,
glib.TYPE_STRING, glib.TYPE_INT, glib.TYPE_INT, glib.TYPE_INT, glib.TYPE_STRING, glib.TYPE_STRING, glib.TYPE_INT, glib.TYPE_STRING, glib.TYPE_INT} glib.TYPE_STRING, glib.TYPE_INT, glib.TYPE_INT, glib.TYPE_INT, glib.TYPE_STRING, glib.TYPE_STRING, glib.TYPE_INT, glib.TYPE_STRING, glib.TYPE_INT}
listStore, err := gtk.ListStoreNew(colData...)
treeStore, err := gtk.TreeStoreNew(colData...)
if err != nil { if err != nil {
log.Fatal("Unable to create list store:", err) log.Fatal("Unable to create list store:", err)
} }
return listStore return treeStore
} }
func removeRequest(listStore *gtk.ListStore, guid string) { func removeRequest(treeStore *gtk.TreeStore, guid string) {
removed := false removed := false
if globalLS == nil { if globalTS == nil {
return return
} }
globalPromptLock.Lock() globalPromptLock.Lock()
defer globalPromptLock.Unlock() defer globalPromptLock.Unlock()
remove_outer:
/* XXX: This is horrible. Figure out how to do this properly. */ /* XXX: This is horrible. Figure out how to do this properly. */
for ridx := 0; ridx < globalLS.IterNChildren(nil); ridx++ { for ridx := 0; ridx < globalTS.IterNChildren(nil); ridx++ {
nchildren := 0
this_iter, err := globalTS.GetIterFromString(fmt.Sprintf("%d", ridx))
if err != nil {
log.Println("Strange condition; couldn't get iter of known tree index:", err)
} else {
nchildren = globalTS.IterNChildren(this_iter)
}
for cidx := 0; cidx < nchildren-1; cidx++ {
sidx := cidx
if cidx == nchildren {
cidx = -1
}
rule, _, err := getRuleByIdx(ridx) rule, _, err := getRuleByIdx(ridx, sidx)
if err != nil { if err != nil {
break break remove_outer
} else if rule.GUID == guid { } else if rule.GUID == guid {
removeSelectedRule(ridx, true) removeSelectedRule(ridx, true)
removed = true removed = true
break break
} }
}
} }
@ -358,17 +373,17 @@ func removeRequest(listStore *gtk.ListStore, guid string) {
} }
func addRequestInc(listStore *gtk.ListStore, guid, path, icon, proto string, pid int, ipaddr, hostname string, port, uid, gid int, func addRequestInc(treeStore *gtk.TreeStore, guid, path, icon, proto string, pid int, ipaddr, hostname string, port, uid, gid int,
origin string, is_socks bool, optstring string, sandbox string, action int) bool { origin, timestamp string, is_socks bool, optstring string, sandbox string, action int) bool {
duplicated := false duplicated := false
globalPromptLock.Lock() globalPromptLock.Lock()
defer globalPromptLock.Unlock() defer globalPromptLock.Unlock()
for ridx := 0; ridx < globalLS.IterNChildren(nil); ridx++ { for ridx := 0; ridx < globalTS.IterNChildren(nil); ridx++ {
/* XXX: This is horrible. Figure out how to do this properly. */ /* XXX: This is horrible. Figure out how to do this properly. */
rule, iter, err := getRuleByIdx(ridx) rule, iter, err := getRuleByIdx(ridx, -1)
if err != nil { if err != nil {
break break
// XXX: not compared: optstring/sandbox // XXX: not compared: optstring/sandbox
@ -376,7 +391,7 @@ func addRequestInc(listStore *gtk.ListStore, guid, path, icon, proto string, pid
(rule.Port == port) && (rule.UID == uid) && (rule.GID == gid) && (rule.Origin == origin) && (rule.IsSocks == is_socks) { (rule.Port == port) && (rule.UID == uid) && (rule.GID == gid) && (rule.Origin == origin) && (rule.IsSocks == is_socks) {
rule.nrefs++ rule.nrefs++
err := globalLS.SetValue(iter, 0, rule.nrefs) err := globalTS.SetValue(iter, 0, rule.nrefs)
if err != nil { if err != nil {
log.Println("Error creating duplicate firewall prompt entry:", err) log.Println("Error creating duplicate firewall prompt entry:", err)
break break
@ -384,6 +399,53 @@ func addRequestInc(listStore *gtk.ListStore, guid, path, icon, proto string, pid
fmt.Println("YES REALLY DUPLICATE: ", rule.nrefs) fmt.Println("YES REALLY DUPLICATE: ", rule.nrefs)
duplicated = true duplicated = true
subiter := globalTS.Append(iter)
if is_socks {
if (optstring != "") && (strings.Index(optstring, "SOCKS") == -1) {
optstring = "SOCKS5 / " + optstring
} else if optstring == "" {
optstring = "SOCKS5"
}
}
var colVals = [16]interface{}{}
colVals[0] = 1
colVals[1] = guid
colVals[2] = path
colVals[3] = icon
colVals[4] = proto
colVals[5] = pid
if ipaddr == "" {
colVals[6] = "---"
} else {
colVals[6] = ipaddr
}
colVals[7] = hostname
colVals[8] = port
colVals[9] = uid
colVals[10] = gid
colVals[11] = origin
colVals[12] = timestamp
colVals[13] = 0
if is_socks {
colVals[13] = 1
}
colVals[14] = optstring
colVals[15] = action
for n := 0; n < len(colVals); n++ {
err = globalTS.SetValue(subiter, n, colVals[n])
if err != nil {
log.Fatal("Unable to add row:", err)
}
}
break break
} }
@ -392,27 +454,27 @@ func addRequestInc(listStore *gtk.ListStore, guid, path, icon, proto string, pid
return duplicated return duplicated
} }
func addRequestAsync(listStore *gtk.ListStore, guid, path, icon, proto string, pid int, ipaddr, hostname string, port, uid, gid int, func addRequestAsync(treeStore *gtk.TreeStore, guid, path, icon, proto string, pid int, ipaddr, hostname string, port, uid, gid int,
origin, timestamp string, is_socks bool, optstring string, sandbox string, action int) bool { origin, timestamp string, is_socks bool, optstring string, sandbox string, action int) bool {
addRequest(listStore, guid, path, icon, proto, pid, ipaddr, hostname, port, uid, gid, origin, timestamp, is_socks, addRequest(treeStore, guid, path, icon, proto, pid, ipaddr, hostname, port, uid, gid, origin, timestamp, is_socks,
optstring, sandbox, action) optstring, sandbox, action)
return true return true
} }
func addRequest(listStore *gtk.ListStore, guid, path, icon, proto string, pid int, ipaddr, hostname string, port, uid, gid int, func addRequest(treeStore *gtk.TreeStore, guid, path, icon, proto string, pid int, ipaddr, hostname string, port, uid, gid int,
origin, timestamp string, is_socks bool, optstring string, sandbox string, action int) *decisionWaiter { origin, timestamp string, is_socks bool, optstring string, sandbox string, action int) *decisionWaiter {
if listStore == nil { if treeStore == nil {
listStore = globalLS treeStore = globalTS
waitTimes := []int{1, 2, 5, 10} waitTimes := []int{1, 2, 5, 10}
if listStore == nil { if treeStore == nil {
log.Println("SGFW prompter was not ready to receive firewall request... waiting") log.Println("SGFW prompter was not ready to receive firewall request... waiting")
for _, wtime := range waitTimes { for _, wtime := range waitTimes {
time.Sleep(time.Duration(wtime) * time.Second) time.Sleep(time.Duration(wtime) * time.Second)
listStore = globalLS treeStore = globalTS
if listStore != nil { if treeStore != nil {
break break
} }
@ -423,11 +485,11 @@ func addRequest(listStore *gtk.ListStore, guid, path, icon, proto string, pid in
} }
if listStore == nil { if treeStore == nil {
log.Fatal("SGFW prompter GUI failed to load for unknown reasons") log.Fatal("SGFW prompter GUI failed to load for unknown reasons")
} }
if addRequestInc(listStore, guid, path, icon, proto, pid, ipaddr, hostname, port, uid, gid, origin, is_socks, optstring, sandbox, action) { if addRequestInc(treeStore, guid, path, icon, proto, pid, ipaddr, hostname, port, uid, gid, origin, timestamp, is_socks, optstring, sandbox, action) {
fmt.Println("REQUEST WAS DUPLICATE") fmt.Println("REQUEST WAS DUPLICATE")
decision := addDecision() decision := addDecision()
globalPromptLock.Lock() globalPromptLock.Lock()
@ -439,7 +501,8 @@ func addRequest(listStore *gtk.ListStore, guid, path, icon, proto string, pid in
} }
globalPromptLock.Lock() globalPromptLock.Lock()
iter := listStore.Append() defer globalPromptLock.Unlock()
iter := treeStore.Append(nil)
if is_socks { if is_socks {
if (optstring != "") && (strings.Index(optstring, "SOCKS") == -1) { if (optstring != "") && (strings.Index(optstring, "SOCKS") == -1) {
@ -449,7 +512,7 @@ func addRequest(listStore *gtk.ListStore, guid, path, icon, proto string, pid in
} }
} }
colVals := make([]interface{}, 16) var colVals = [16]interface{}{}
colVals[0] = 1 colVals[0] = 1
colVals[1] = guid colVals[1] = guid
colVals[2] = path colVals[2] = path
@ -478,22 +541,16 @@ func addRequest(listStore *gtk.ListStore, guid, path, icon, proto string, pid in
colVals[14] = optstring colVals[14] = optstring
colVals[15] = action colVals[15] = action
colNums := make([]int, len(colVals))
for n := 0; n < len(colVals); n++ { for n := 0; n < len(colVals); n++ {
colNums[n] = n err := treeStore.SetValue(iter, n, colVals[n])
}
err := listStore.Set(iter, colNums, colVals)
if err != nil { if err != nil {
log.Fatal("Unable to add row:", err) log.Fatal("Unable to add row:", err)
} }
}
decision := addDecision() decision := addDecision()
dumpDecisions() dumpDecisions()
toggleHover() toggleHover()
globalPromptLock.Unlock()
return decision return decision
} }
@ -559,8 +616,8 @@ func setup_settings() {
Notebook.AppendPage(scrollbox, hLabel) Notebook.AppendPage(scrollbox, hLabel)
} }
func lsGetStr(ls *gtk.ListStore, iter *gtk.TreeIter, idx int) (string, error) { func lsGetStr(ls *gtk.TreeStore, iter *gtk.TreeIter, idx int) (string, error) {
val, err := globalLS.GetValue(iter, idx) val, err := globalTS.GetValue(iter, idx)
if err != nil { if err != nil {
return "", err return "", err
} }
@ -573,8 +630,8 @@ func lsGetStr(ls *gtk.ListStore, iter *gtk.TreeIter, idx int) (string, error) {
return sval, nil return sval, nil
} }
func lsGetInt(ls *gtk.ListStore, iter *gtk.TreeIter, idx int) (int, error) { func lsGetInt(ls *gtk.TreeStore, iter *gtk.TreeIter, idx int) (int, error) {
val, err := globalLS.GetValue(iter, idx) val, err := globalTS.GetValue(iter, idx)
if err != nil { if err != nil {
return 0, err return 0, err
} }
@ -611,7 +668,7 @@ func makeDecision(idx int, rule string, scope int) error {
/* Do we need to hold the lock while this is called? Stay safe... */ /* Do we need to hold the lock while this is called? Stay safe... */
func toggleHover() { func toggleHover() {
nitems := globalLS.IterNChildren(nil) nitems := globalTS.IterNChildren(nil)
mainWin.SetKeepAbove(nitems > 0) mainWin.SetKeepAbove(nitems > 0)
} }
@ -743,12 +800,12 @@ func removeSelectedRule(idx int, rmdecision bool) error {
return err return err
} }
iter, err := globalLS.GetIter(path) iter, err := globalTS.GetIter(path)
if err != nil { if err != nil {
return err return err
} }
globalLS.Remove(iter) globalTS.Remove(iter)
if rmdecision { if rmdecision {
// decisionWaiters = append(decisionWaiters[:idx], decisionWaiters[idx+1:]...) // decisionWaiters = append(decisionWaiters[:idx], decisionWaiters[idx+1:]...)
@ -758,97 +815,103 @@ func removeSelectedRule(idx int, rmdecision bool) error {
return nil return nil
} }
// Needs to be locked by the caller
func numSelections() int { func numSelections() int {
sel, err := globalTV.GetSelection() sel, err := globalTV.GetSelection()
if err != nil { if err != nil {
return -1 return -1
} }
rows := sel.GetSelectedRows(globalLS) rows := sel.GetSelectedRows(globalTS)
return int(rows.Length()) return int(rows.Length())
} }
// Needs to be locked by the caller // Needs to be locked by the caller
func getRuleByIdx(idx int) (ruleColumns, *gtk.TreeIter, error) { func getRuleByIdx(idx, subidx int) (ruleColumns, *gtk.TreeIter, error) {
rule := ruleColumns{} rule := ruleColumns{}
tpath := fmt.Sprintf("%d", idx)
path, err := gtk.TreePathNewFromString(fmt.Sprintf("%d", idx)) if subidx != -1 {
tpath = fmt.Sprintf("%d:%d", idx, subidx)
}
path, err := gtk.TreePathNewFromString(tpath)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
iter, err := globalLS.GetIter(path) iter, err := globalTS.GetIter(path)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
rule.nrefs, err = lsGetInt(globalLS, iter, 0) rule.nrefs, err = lsGetInt(globalTS, iter, 0)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
rule.GUID, err = lsGetStr(globalLS, iter, 1) rule.GUID, err = lsGetStr(globalTS, iter, 1)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
rule.Path, err = lsGetStr(globalLS, iter, 2) rule.Path, err = lsGetStr(globalTS, iter, 2)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
rule.Icon, err = lsGetStr(globalLS, iter, 3) rule.Icon, err = lsGetStr(globalTS, iter, 3)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
rule.Proto, err = lsGetStr(globalLS, iter, 4) rule.Proto, err = lsGetStr(globalTS, iter, 4)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
rule.Pid, err = lsGetInt(globalLS, iter, 5) rule.Pid, err = lsGetInt(globalTS, iter, 5)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
rule.Target, err = lsGetStr(globalLS, iter, 6) rule.Target, err = lsGetStr(globalTS, iter, 6)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
rule.Hostname, err = lsGetStr(globalLS, iter, 7) rule.Hostname, err = lsGetStr(globalTS, iter, 7)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
rule.Port, err = lsGetInt(globalLS, iter, 8) rule.Port, err = lsGetInt(globalTS, iter, 8)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
rule.UID, err = lsGetInt(globalLS, iter, 9) rule.UID, err = lsGetInt(globalTS, iter, 9)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
rule.GID, err = lsGetInt(globalLS, iter, 10) rule.GID, err = lsGetInt(globalTS, iter, 10)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
rule.Origin, err = lsGetStr(globalLS, iter, 11) rule.Origin, err = lsGetStr(globalTS, iter, 11)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
rule.Timestamp, err = lsGetStr(globalLS, iter, 12) rule.Timestamp, err = lsGetStr(globalTS, iter, 12)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
rule.IsSocks = false rule.IsSocks = false
is_socks, err := lsGetInt(globalLS, iter, 13) is_socks, err := lsGetInt(globalTS, iter, 13)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
@ -857,7 +920,7 @@ func getRuleByIdx(idx int) (ruleColumns, *gtk.TreeIter, error) {
rule.IsSocks = true rule.IsSocks = true
} }
rule.Scope, err = lsGetInt(globalLS, iter, 15) rule.Scope, err = lsGetInt(globalTS, iter, 15)
if err != nil { if err != nil {
return rule, nil, err return rule, nil, err
} }
@ -874,20 +937,35 @@ func getSelectedRule() (ruleColumns, int, error) {
return rule, -1, err return rule, -1, err
} }
rows := sel.GetSelectedRows(globalLS) rows := sel.GetSelectedRows(globalTS)
if rows.Length() <= 0 { if rows.Length() <= 0 {
return rule, -1, errors.New("No selection was made") return rule, -1, errors.New("no selection was made")
} }
rdata := rows.NthData(0) rdata := rows.NthData(0)
lIndex, err := strconv.Atoi(rdata.(*gtk.TreePath).String()) tpath := rdata.(*gtk.TreePath).String()
subidx := -1
ptoks := strings.Split(tpath, ":")
if len(ptoks) > 2 {
return rule, -1, errors.New("internal error parsing selected item tree path")
} else if len(ptoks) == 2 {
subidx, err = strconv.Atoi(ptoks[1])
if err != nil {
return rule, -1, err
}
tpath = ptoks[0]
}
lIndex, err := strconv.Atoi(tpath)
if err != nil { if err != nil {
return rule, -1, err return rule, -1, err
} }
fmt.Println("lindex = ", lIndex) fmt.Printf("lindex = %d : %d\n", lIndex, subidx)
rule, _, err = getRuleByIdx(lIndex) rule, _, err = getRuleByIdx(lIndex, subidx)
if err != nil { if err != nil {
return rule, -1, err return rule, -1, err
} }
@ -1203,10 +1281,10 @@ func main() {
acol.SetVisible(false) acol.SetVisible(false)
tv.AppendColumn(acol) tv.AppendColumn(acol)
listStore := createListStore(true) treeStore := createTreeStore(true)
globalLS = listStore globalTS = treeStore
tv.SetModel(listStore) tv.SetModel(treeStore)
btnApprove.Connect("clicked", func() { btnApprove.Connect("clicked", func() {
buttonAction("ALLOW") buttonAction("ALLOW")
@ -1242,7 +1320,7 @@ func main() {
editPort.SetText(strconv.Itoa(seldata.Port)) editPort.SetText(strconv.Itoa(seldata.Port))
radioOnce.SetActive(seldata.Scope == int(sgfw.APPLY_ONCE)) radioOnce.SetActive(seldata.Scope == int(sgfw.APPLY_ONCE))
radioProcess.SetSensitive(seldata.Pid > 0) radioProcess.SetSensitive(seldata.Scope == int(sgfw.APPLY_PROCESS))
radioParent.SetActive(false) radioParent.SetActive(false)
radioSession.SetActive(seldata.Scope == int(sgfw.APPLY_SESSION)) radioSession.SetActive(seldata.Scope == int(sgfw.APPLY_SESSION))
radioPermanent.SetActive(seldata.Scope == int(sgfw.APPLY_FOREVER)) radioPermanent.SetActive(seldata.Scope == int(sgfw.APPLY_FOREVER))

@ -58,7 +58,7 @@ func readConfig() {
PromptExpanded: false, PromptExpanded: false,
PromptExpert: false, PromptExpert: false,
DefaultAction: "SESSION", DefaultAction: "SESSION",
DefaultActionID: 1, DefaultActionID: 0,
} }
if len(buf) > 0 { if len(buf) > 0 {

@ -41,6 +41,7 @@ const (
RULE_MODE_PROCESS RULE_MODE_PROCESS
RULE_MODE_PERMANENT RULE_MODE_PERMANENT
RULE_MODE_SYSTEM RULE_MODE_SYSTEM
RULE_MODE_ONCE
) )
// RuleModeString is used to get a rule mode string from its id // RuleModeString is used to get a rule mode string from its id
@ -49,6 +50,7 @@ var RuleModeString = map[RuleMode]string{
RULE_MODE_PROCESS: "PROCESS", RULE_MODE_PROCESS: "PROCESS",
RULE_MODE_PERMANENT: "PERMANENT", RULE_MODE_PERMANENT: "PERMANENT",
RULE_MODE_SYSTEM: "SYSTEM", RULE_MODE_SYSTEM: "SYSTEM",
RULE_MODE_ONCE: "ONCE",
} }
// RuleModeValue converts a mode string to its id // RuleModeValue converts a mode string to its id
@ -57,16 +59,18 @@ var RuleModeValue = map[string]RuleMode{
RuleModeString[RULE_MODE_PROCESS]: RULE_MODE_PROCESS, RuleModeString[RULE_MODE_PROCESS]: RULE_MODE_PROCESS,
RuleModeString[RULE_MODE_PERMANENT]: RULE_MODE_PERMANENT, RuleModeString[RULE_MODE_PERMANENT]: RULE_MODE_PERMANENT,
RuleModeString[RULE_MODE_SYSTEM]: RULE_MODE_SYSTEM, RuleModeString[RULE_MODE_SYSTEM]: RULE_MODE_SYSTEM,
RuleModeString[RULE_MODE_ONCE]: RULE_MODE_ONCE,
} }
//FilterScope contains a filter's time scope //FilterScope contains a filter's time scope
type FilterScope uint16 type FilterScope uint16
const ( const (
APPLY_ONCE FilterScope = iota APPLY_SESSION FilterScope = iota
APPLY_SESSION
APPLY_PROCESS APPLY_PROCESS
APPLY_FOREVER APPLY_FOREVER
APPLY_SYSTEM
APPLY_ONCE
) )
// FilterScopeString converts a filter scope ID to its string // FilterScopeString converts a filter scope ID to its string

@ -223,7 +223,7 @@ func stripTLSData(record []byte, start_ind, end_ind int, len_ind int, len_size i
if len_size < 1 || len_size > 2 { if len_size < 1 || len_size > 2 {
return nil return nil
} else if (start_ind >= end_ind) { } else if start_ind >= end_ind {
return nil return nil
} else if len_ind >= start_ind { } else if len_ind >= start_ind {
return nil return nil

Loading…
Cancel
Save