Determine policy for each socks chain connection - WIP

socks-filter
David Stainton 9 years ago
parent 97e9c109fe
commit bb71d8309d

@ -1,6 +1,7 @@
package main package main
import ( import (
"fmt"
"io" "io"
"net" "net"
"os" "os"
@ -23,6 +24,10 @@ type socksChain struct {
listener net.Listener listener net.Listener
wg *sync.WaitGroup wg *sync.WaitGroup
procInfo procsnitch.ProcInfo procInfo procsnitch.ProcInfo
lock sync.Mutex
policyMap map[string]*Policy
policies []*Policy
} }
type socksChainSession struct { type socksChainSession struct {
@ -33,6 +38,7 @@ type socksChainSession struct {
bndAddr *socks5.Address bndAddr *socks5.Address
optData []byte optData []byte
procInfo procsnitch.ProcInfo procInfo procsnitch.ProcInfo
server *socksChain
} }
func NewSocksChain(cfg *socksChainConfig, wg *sync.WaitGroup, dbus *dbusServer) *socksChain { func NewSocksChain(cfg *socksChainConfig, wg *sync.WaitGroup, dbus *dbusServer) *socksChain {
@ -41,6 +47,7 @@ func NewSocksChain(cfg *socksChainConfig, wg *sync.WaitGroup, dbus *dbusServer)
dbus: dbus, dbus: dbus,
wg: wg, wg: wg,
procInfo: procsnitch.SystemProcInfo{}, procInfo: procsnitch.SystemProcInfo{},
policyMap: make(map[string]*Policy),
} }
return &chain return &chain
} }
@ -72,7 +79,7 @@ func (s *socksChain) socksAcceptLoop() error {
} }
continue continue
} }
session := &socksChainSession{cfg: s.cfg, clientConn: conn, procInfo: s.procInfo} session := &socksChainSession{cfg: s.cfg, clientConn: conn, procInfo: s.procInfo, server: s}
go session.sessionWorker() go session.sessionWorker()
} }
} }
@ -96,8 +103,14 @@ func (c *socksChainSession) sessionWorker() {
return return
} }
// target address of the socks connection // XXX work-in-progress
//addr := c.req.Addr.String() // Determine policy for the connection
// if destination not specified in existing policy
// then prompt user for policy ALLOW/DENY for that destination
c.server.lock.Lock()
policy := c.policyForPath(pinfo.ExePath)
c.server.lock.Unlock()
fmt.Printf("policyForPath %s is %s\n", pinfo.ExePath, policy)
switch c.req.Cmd { switch c.req.Cmd {
case socks5.CommandTorResolve, socks5.CommandTorResolvePTR: case socks5.CommandTorResolve, socks5.CommandTorResolvePTR:
@ -157,3 +170,24 @@ func (c *socksChainSession) dispatchTorSOCKS() (err error) {
} }
return return
} }
func (s *socksChainSession) policyForPath(path string) *Policy {
s.server.lock.Lock()
defer s.server.lock.Unlock()
if _, ok := s.server.policyMap[path]; !ok {
p := new(Policy)
// XXX is fw needed?
// p.fw = fw
p.path = path
p.application = path
entry := entryForPath(path)
if entry != nil {
p.application = entry.name
p.icon = entry.icon
}
s.server.policyMap[path] = p
s.server.policies = append(s.server.policies, p)
}
return s.server.policyMap[path]
}

Loading…
Cancel
Save