Fix bugs related to parsing rules file and saving rules file

7 years ago · 6cdb400d32
parent 14e1f99b03
commit 6cdb400d32
2 changed files with 14 additions and 2 deletions
--- a/sgfw/prompt.go
+++ b/sgfw/prompt.go
@ -196,6 +196,7 @@ func (p *prompter) processConnection(pc pendingConnection) {
 		p.removePolicy(pc.policy())
 	}
 	if fscope == APPLY_FOREVER {
+		r.mode = RULE_MODE_PERMANENT
 		policy.fw.saveRules()
 	}
 	dbusp.alertRule("sgfw prompt added new rule")
--- a/sgfw/rules.go
+++ b/sgfw/rules.go
@ -52,13 +52,19 @@ func (r *Rule) getString(redact bool) string {
 	if r.mode == RULE_MODE_SYSTEM {
 		rmode = "|" + RuleModeString[RULE_MODE_SYSTEM]
 	}
+	if r.mode == RULE_MODE_PERMANENT {
+		rmode = "|" + RuleModeString[RULE_MODE_PERMANENT]
+	}

 	protostr := ""

 	if r.proto != "tcp" {
 		protostr = r.proto + ":"
 	}
-	return fmt.Sprintf("%s|%s%s%s", rtype, protostr, r.AddrString(redact), rmode)
+
+	rpriv := fmt.Sprintf("|%d:%d", r.uid, r.gid)
+
+	return fmt.Sprintf("%s|%s%s%s%s", rtype, protostr, r.AddrString(redact), rmode, rpriv)
 }

 func (r *Rule) AddrString(redact bool) string {
@ -204,15 +210,20 @@ func (r *Rule) parse(s string) bool {
 	r.saddr = nil
 	parts := strings.Split(s, "|")
 	if len(parts) < 4 || len(parts) > 5 {
+		log.Notice("invalid number ", len(parts), " of rule parts in line ", s)
 		return false
 	}
 	if parts[2] == "SYSTEM" {
 		r.mode = RULE_MODE_SYSTEM
+	} else if parts[2] == "PERMANENT" {
+		r.mode = RULE_MODE_PERMANENT
 	} else if parts[2] != "" {
+		log.Notice("invalid rule mode ", parts[2], " in line ", s)
 		return false
 	}

 	if  !r.parsePrivs(parts[3]) {
+		log.Notice("invalid privs ", parts[3], " in line ", s)
 		return false
 	}

@ -222,11 +233,11 @@ func (r *Rule) parse(s string) bool {
 		r.saddr = net.ParseIP(parts[4])

 		if r.saddr == nil {
+			log.Notice("invalid source IP ", parts[4], " in line ", s)
 			return false
 		}

 	}
-
 	return r.parseVerb(parts[0]) && r.parseTarget(parts[1])
 }