shw-merge
xSmurf 7 years ago
parent 68e6d57c9b
commit 6e6e265fae

@ -1,12 +1,12 @@
package main
import (
"fmt"
"flag"
"strconv"
"fmt"
"io"
"log"
"net"
"strconv"
)
const ReceiverSocketPath = "/var/run/fw-daemon/fwoz.sock"
@ -87,4 +87,3 @@ func main() {
}
}

@ -7,7 +7,6 @@ import (
// "github.com/gotk3/gotk3/glib"
)
type dbusServer struct {
conn *dbus.Conn
run bool
@ -34,7 +33,6 @@ type promptData struct {
Action int
}
func newDbusServer() (*dbusServer, error) {
conn, err := dbus.SystemBus()

@ -1,24 +1,22 @@
package main
import (
"github.com/gotk3/gotk3/gtk"
"encoding/json"
"errors"
"fmt"
"github.com/gotk3/gotk3/glib"
"github.com/gotk3/gotk3/gtk"
"io/ioutil"
"log"
"fmt"
"strings"
"strconv"
"os"
"io/ioutil"
"encoding/json"
"os/user"
"strconv"
"strings"
"sync"
"errors"
"github.com/subgraph/fw-daemon/sgfw"
)
type fpPreferences struct {
Winheight uint
Winwidth uint
@ -49,7 +47,6 @@ type ruleColumns struct {
Scope int
}
var userPrefs fpPreferences
var mainWin *gtk.Window
var Notebook *gtk.Notebook
@ -63,7 +60,6 @@ var radioOnce, radioProcess, radioParent, radioSession, radioPermanent *gtk.Radi
var btnApprove, btnDeny, btnIgnore *gtk.Button
var chkUser, chkGroup *gtk.CheckButton
func dumpDecisions() {
fmt.Println("XXX Total of decisions pending: ", len(decisionWaiters))
for i := 0; i < len(decisionWaiters); i++ {
@ -137,7 +133,7 @@ func getConfigPath() string {
usr, err := user.Current()
if err != nil {
fmt.Fprintf(os.Stderr, "Error: could not determine location of user preferences file:", err, "\n");
fmt.Fprintf(os.Stderr, "Error: could not determine location of user preferences file:", err, "\n")
return ""
}
@ -149,7 +145,7 @@ func savePreferences() bool {
usr, err := user.Current()
if err != nil {
fmt.Fprintf(os.Stderr, "Error: could not determine location of user preferences file:", err, "\n");
fmt.Fprintf(os.Stderr, "Error: could not determine location of user preferences file:", err, "\n")
return false
}
@ -176,7 +172,7 @@ func loadPreferences() bool {
usr, err := user.Current()
if err != nil {
fmt.Fprintf(os.Stderr, "Error: could not determine location of user preferences file: %v", err, "\n");
fmt.Fprintf(os.Stderr, "Error: could not determine location of user preferences file: %v", err, "\n")
return false
}
@ -508,7 +504,6 @@ func toggleValidRuleState() {
}
}
btnApprove.SetSensitive(ok)
btnDeny.SetSensitive(ok)
btnIgnore.SetSensitive(ok)
@ -690,7 +685,7 @@ func getSelectedRule() (ruleColumns, int, error) {
func main() {
decisionWaiters = make([]*decisionWaiter, 0)
_, err := newDbusServer();
_, err := newDbusServer()
if err != nil {
log.Fatal("Error:", err)
return
@ -751,7 +746,6 @@ func main() {
scrollbox.Add(box)
tv, err := gtk.TreeViewNew()
if err != nil {
@ -980,7 +974,6 @@ func main() {
return
})
scrollbox.SetSizeRequest(600, 400)
Notebook.AppendPage(scrollbox, nbLabel)
// setup_settings()

@ -3,12 +3,11 @@ package main
import (
"errors"
"fmt"
"github.com/subgraph/fw-daemon/sgfw"
"github.com/godbus/dbus"
"github.com/gotk3/gotk3/glib"
"github.com/subgraph/fw-daemon/sgfw"
)
type dbusObject struct {
dbus.BusObject
}

@ -179,7 +179,7 @@ func main() {
}
app.Connect("activate", activate)
_, err = newDbusServer();
_, err = newDbusServer()
if err != nil {
panic(fmt.Sprintf("Error initializing Dbus server: %v", err))

@ -3,8 +3,8 @@ package main
import (
"fmt"
"os"
"strings"
"strconv"
"strings"
"github.com/subgraph/fw-daemon/sgfw"
@ -122,7 +122,7 @@ func (rr *ruleRow) update() {
}
rr.gtkLabelApp.SetTooltipText(rr.rule.Path)
rr.gtkLabelVerb.SetText(getVerbText(rr.rule))
if (rr.rule.Proto == "tcp") {
if rr.rule.Proto == "tcp" {
rr.gtkLabelOrigin.SetText(rr.rule.Origin)
} else {
rr.gtkLabelOrigin.SetText(rr.rule.Origin + " (" + rr.rule.Proto + ")")

@ -2,15 +2,14 @@ package pcoroner
import (
"fmt"
"time"
"strings"
"os"
"strconv"
"strings"
"sync"
"os"
"syscall"
"time"
)
type WatchProcess struct {
Pid int
Inode uint64
@ -25,14 +24,11 @@ type CallbackEntry struct {
type procCB func(int, interface{})
var Callbacks []CallbackEntry
var pmutex = &sync.Mutex{}
var pidMap map[int]WatchProcess = make(map[int]WatchProcess)
func MonitorProcess(pid int) bool {
pmutex.Lock()
defer pmutex.Unlock()

@ -12,17 +12,20 @@ const (
//RuleAction is the action to apply to a rule
type RuleAction uint16
const (
RULE_ACTION_DENY RuleAction = iota
RULE_ACTION_ALLOW
RULE_ACTION_ALLOW_TLSONLY
)
// RuleActionString is used to get a string from an action id
var RuleActionString = map[RuleAction]string{
RULE_ACTION_DENY: "DENY",
RULE_ACTION_ALLOW: "ALLOW",
RULE_ACTION_ALLOW_TLSONLY: "ALLOW_TLSONLY",
}
// RuleActionValue is used to get an action id using the action string
var RuleActionValue = map[string]RuleAction{
RuleActionString[RULE_ACTION_DENY]: RULE_ACTION_DENY,
@ -32,12 +35,14 @@ var RuleActionValue = map[string]RuleAction{
//RuleMode contains the time scope of a rule
type RuleMode uint16
const (
RULE_MODE_SESSION RuleMode = iota
RULE_MODE_PROCESS
RULE_MODE_PERMANENT
RULE_MODE_SYSTEM
)
// RuleModeString is used to get a rule mode string from its id
var RuleModeString = map[RuleMode]string{
RULE_MODE_SESSION: "SESSION",
@ -45,6 +50,7 @@ var RuleModeString = map[RuleMode]string{
RULE_MODE_PERMANENT: "PERMANENT",
RULE_MODE_SYSTEM: "SYSTEM",
}
// RuleModeValue converts a mode string to its id
var RuleModeValue = map[string]RuleMode{
RuleModeString[RULE_MODE_SESSION]: RULE_MODE_SESSION,
@ -55,12 +61,14 @@ var RuleModeValue = map[string]RuleMode{
//FilterScope contains a filter's time scope
type FilterScope uint16
const (
APPLY_ONCE FilterScope = iota
APPLY_SESSION
APPLY_PROCESS
APPLY_FOREVER
)
// FilterScopeString converts a filter scope ID to its string
var FilterScopeString = map[FilterScope]string{
APPLY_ONCE: "ONCE",
@ -68,6 +76,7 @@ var FilterScopeString = map[FilterScope]string{
APPLY_PROCESS: "PROCESS",
APPLY_FOREVER: "FOREVER",
}
// FilterScopeString converts a filter scope string to its ID
var FilterScopeValue = map[string]FilterScope{
FilterScopeString[APPLY_ONCE]: APPLY_ONCE,
@ -75,6 +84,7 @@ var FilterScopeValue = map[string]FilterScope{
FilterScopeString[APPLY_PROCESS]: APPLY_PROCESS,
FilterScopeString[APPLY_FOREVER]: APPLY_FOREVER,
}
// GetFilterScopeString is used to safely return a filter scope string
func GetFilterScopeString(scope FilterScope) string {
if val, ok := FilterScopeString[scope]; ok {
@ -82,6 +92,7 @@ func GetFilterScopeString(scope FilterScope) string {
}
return FilterScopeString[APPLY_SESSION]
}
// GetFilterScopeValue is used to safely return a filter scope ID
func GetFilterScopeValue(scope string) FilterScope {
scope = strings.ToUpper(scope)
@ -93,12 +104,14 @@ func GetFilterScopeValue(scope string) FilterScope {
//FilterResult contains the filtering resulting action
type FilterResult uint16
const (
FILTER_DENY FilterResult = iota
FILTER_ALLOW
FILTER_PROMPT
FILTER_ALLOW_TLSONLY
)
// FilterResultString converts a filter value ID to its string
var FilterResultString = map[FilterResult]string{
FILTER_DENY: "DENY",
@ -106,6 +119,7 @@ var FilterResultString = map[FilterResult]string{
FILTER_PROMPT: "PROMPT",
FILTER_ALLOW_TLSONLY: "ALLOW_TLSONLY",
}
// FilterResultValue converts a filter value string to its ID
var FilterResultValue = map[string]FilterResult{
FilterResultString[FILTER_DENY]: FILTER_DENY,

@ -62,7 +62,6 @@ func newDbusObjectPrompt() (*dbusObjectP, error) {
return &dbusObjectP{conn.Object("com.subgraph.fwprompt.EventNotifier", "/com/subgraph/fwprompt/EventNotifier")}, nil
}
type dbusServer struct {
fw *Firewall
conn *dbus.Conn

@ -1,17 +1,17 @@
package sgfw
import (
"encoding/binary"
"net"
"strings"
"sync"
"time"
"encoding/binary"
// "github.com/subgraph/go-nfnetlink"
"github.com/google/gopacket/layers"
"github.com/subgraph/fw-daemon/proc-coroner"
nfqueue "github.com/subgraph/go-nfnetlink/nfqueue"
"github.com/subgraph/go-procsnitch"
"github.com/subgraph/fw-daemon/proc-coroner"
)
type dnsEntry struct {

@ -1,20 +1,19 @@
package sgfw
import (
"bufio"
"errors"
"fmt"
"net"
"os"
"bufio"
"strings"
"strconv"
"errors"
"strings"
"github.com/subgraph/oz/ipc"
)
const ReceiverSocketPath = "/var/run/fw-daemon/fwoz.sock"
type OzInitProc struct {
Name string
Pid int
@ -23,7 +22,6 @@ type OzInitProc struct {
var OzInitPids []OzInitProc = []OzInitProc{}
func addInitPid(pid int, name string, sboxid int) {
fmt.Println("::::::::::: init pid added: ", pid, " -> ", name)
for i := 0; i < len(OzInitPids); i++ {
@ -268,13 +266,11 @@ func ReceiverLoop(fw *Firewall, c net.Conn) {
log.Notice("Removing new rule from oz sandbox/fw... ")
}
log.Notice("IPC received command: " + data)
c.Write([]byte("OK.\n"))
return
}
}
}
@ -317,7 +313,6 @@ func OzReceiver(fw *Firewall) {
}
type ListProxiesMsg struct {
_ string "ListProxies"
}
@ -339,6 +334,7 @@ func ListProxies() ([]string, error) {
}
const OzSocketName = "@oz-control"
var bSockName = OzSocketName
var messageFactory = ipc.NewMsgFactory(

@ -1,10 +1,10 @@
package sgfw
import (
"fmt"
"os"
"syscall"
"unsafe"
"fmt"
"github.com/op/go-logging"
)

@ -13,9 +13,10 @@ import (
"github.com/subgraph/fw-daemon/proc-coroner"
)
var DoMultiPrompt = true
const MAX_PROMPTS = 3
var outstandingPrompts = 0
var promptLock = &sync.Mutex{}
@ -193,7 +194,7 @@ func (p *prompter) processConnection(pc pendingConnection) {
tempRule := fmt.Sprintf("%s|%s", toks[0], toks[1])
if (pc.src() != nil && !pc.src().Equal(net.ParseIP("127.0.0.1")) && sandbox != "") {
if pc.src() != nil && !pc.src().Equal(net.ParseIP("127.0.0.1")) && sandbox != "" {
//if !strings.HasSuffix(rule, "SYSTEM") && !strings.HasSuffix(rule, "||") {
//rule += "||"

@ -8,8 +8,8 @@ import (
"time"
"github.com/subgraph/go-procsnitch"
"strings"
"strconv"
"strings"
)
type socksChainConfig struct {

@ -2,12 +2,11 @@ package sgfw
import (
"crypto/x509"
"errors"
"io"
"net"
"errors"
)
func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
// Should this be a requirement?
// if strings.HasSuffix(request.DestAddr.FQDN, "onion") {

Loading…
Cancel
Save