From 6cdb400d32302b715feca4baa304c53bb4d6c8d3 Mon Sep 17 00:00:00 2001
From: dma <dma@subgraph.com>
Date: Mon, 4 Sep 2017 21:00:02 +0000
Subject: [PATCH] Fix bugs related to parsing rules file and saving rules file

---
 sgfw/prompt.go |  1 +
 sgfw/rules.go  | 15 +++++++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/sgfw/prompt.go b/sgfw/prompt.go
index 798551a..19100f0 100644
--- a/sgfw/prompt.go
+++ b/sgfw/prompt.go
@@ -196,6 +196,7 @@ func (p *prompter) processConnection(pc pendingConnection) {
 		p.removePolicy(pc.policy())
 	}
 	if fscope == APPLY_FOREVER {
+		r.mode = RULE_MODE_PERMANENT
 		policy.fw.saveRules()
 	}
 	dbusp.alertRule("sgfw prompt added new rule")
diff --git a/sgfw/rules.go b/sgfw/rules.go
index 487105e..856dd16 100644
--- a/sgfw/rules.go
+++ b/sgfw/rules.go
@@ -52,13 +52,19 @@ func (r *Rule) getString(redact bool) string {
 	if r.mode == RULE_MODE_SYSTEM {
 		rmode = "|" + RuleModeString[RULE_MODE_SYSTEM]
 	}
+	if r.mode == RULE_MODE_PERMANENT {
+		rmode = "|" + RuleModeString[RULE_MODE_PERMANENT]
+	}
 
 	protostr := ""
 
 	if r.proto != "tcp" {
 		protostr = r.proto + ":"
 	}
-	return fmt.Sprintf("%s|%s%s%s", rtype, protostr, r.AddrString(redact), rmode)
+
+	rpriv := fmt.Sprintf("|%d:%d", r.uid, r.gid)
+
+	return fmt.Sprintf("%s|%s%s%s%s", rtype, protostr, r.AddrString(redact), rmode, rpriv)
 }
 
 func (r *Rule) AddrString(redact bool) string {
@@ -204,15 +210,20 @@ func (r *Rule) parse(s string) bool {
 	r.saddr = nil
 	parts := strings.Split(s, "|")
 	if len(parts) < 4 || len(parts) > 5 {
+		log.Notice("invalid number ", len(parts), " of rule parts in line ", s)
 		return false
 	}
 	if parts[2] == "SYSTEM" {
 		r.mode = RULE_MODE_SYSTEM
+	} else if parts[2] == "PERMANENT" {
+		r.mode = RULE_MODE_PERMANENT
 	} else if parts[2] != "" {
+		log.Notice("invalid rule mode ", parts[2], " in line ", s)
 		return false
 	}
 
 	if  !r.parsePrivs(parts[3]) {
+		log.Notice("invalid privs ", parts[3], " in line ", s)
 		return false
 	}
 
@@ -222,11 +233,11 @@ func (r *Rule) parse(s string) bool {
 		r.saddr = net.ParseIP(parts[4])
 
 		if r.saddr == nil {
+			log.Notice("invalid source IP ", parts[4], " in line ", s)
 			return false
 		}
 
 	}
-
 	return r.parseVerb(parts[0]) && r.parseTarget(parts[1])
 }