matth
/
fw-daemon
mirror of https://github.com/subgraph/fw-daemon
1
1
Fork 0
Code Releases Activity

Merge branch 'master' into debian

Browse Source
pull/23/head
Bruce Leidl 9 years ago
parent adcf18a8a3 a860eeffa0
commit d2648919cf
197 changed files with 6939 additions and 1326 deletions
Show Stats Download Patch File Download Diff File

43
Godeps/Godeps.json generated
Unescape View File

@ -1,43 +1,58 @@
{
"ImportPath": "github.com/subgraph/fw-daemon",
"GoVersion": "go1.5",
"GoVersion": "go1.6",
"GodepVersion": "v74",
"Packages": [
"./..."
],
"Deps": [
{
"ImportPath": "github.com/godbus/dbus",
"Comment": "v3-15-g230e4b2",
"Rev": "230e4b23db2fd81c53eaa0073f76659d4849ce51"
"Comment": "v4.0.0-5-g32c6cc2",
"Rev": "32c6cc29c14570de4cf6d7e7737d68fb2d01ad15"
},
{
"ImportPath": "github.com/godbus/dbus/introspect",
"Comment": "v4.0.0-5-g32c6cc2",
"Rev": "32c6cc29c14570de4cf6d7e7737d68fb2d01ad15"
},
{
"ImportPath": "github.com/gotk3/gotk3/cairo",
"Comment": "GOTK3_0_2_0-430-ge68c426",
"Rev": "e68c42636533041787e09741c5027ea670ad6f84"
"Comment": "GOTK3_0_2_0-467-gefaac8f",
"Rev": "efaac8f907aac2f965675d64fd163097db109f95"
},
{
"ImportPath": "github.com/gotk3/gotk3/gdk",
"Comment": "GOTK3_0_2_0-430-ge68c426",
"Rev": "e68c42636533041787e09741c5027ea670ad6f84"
"Comment": "GOTK3_0_2_0-467-gefaac8f",
"Rev": "efaac8f907aac2f965675d64fd163097db109f95"
},
{
"ImportPath": "github.com/gotk3/gotk3/glib",
"Comment": "GOTK3_0_2_0-430-ge68c426",
"Rev": "e68c42636533041787e09741c5027ea670ad6f84"
"Comment": "GOTK3_0_2_0-467-gefaac8f",
"Rev": "efaac8f907aac2f965675d64fd163097db109f95"
},
{
"ImportPath": "github.com/gotk3/gotk3/gtk",
"Comment": "GOTK3_0_2_0-430-ge68c426",
"Rev": "e68c42636533041787e09741c5027ea670ad6f84"
"Comment": "GOTK3_0_2_0-467-gefaac8f",
"Rev": "efaac8f907aac2f965675d64fd163097db109f95"
},
{
"ImportPath": "github.com/gotk3/gotk3/pango",
"Comment": "GOTK3_0_2_0-430-ge68c426",
"Rev": "e68c42636533041787e09741c5027ea670ad6f84"
"Comment": "GOTK3_0_2_0-467-gefaac8f",
"Rev": "efaac8f907aac2f965675d64fd163097db109f95"
},
{
"ImportPath": "github.com/op/go-logging",
"Rev": "dfaf3dff9b631bc4236201d90d41ee0de9202889"
"Comment": "v1-7-g970db52",
"Rev": "970db520ece77730c7e4724c61121037378659d9"
},
{
"ImportPath": "github.com/subgraph/go-procsnitch",
"Rev": "9ed73dde9f6f84be72aa010394902057ac26b625"
},
{
"ImportPath": "golang.org/x/net/proxy",
"Rev": "ef2e00e88c5e0a3569f0bb9df697e9cbc6215fea"
}
]
}

2
Godeps/_workspace/.gitignore generated vendored
Unescape View File

@ -1,2 +0,0 @@
/pkg
/bin

264
Godeps/_workspace/src/github.com/godbus/dbus/prop/prop.go generated vendored
Unescape View File

@ -1,264 +0,0 @@
// Package prop provides the Properties struct which can be used to implement
// org.freedesktop.DBus.Properties.
package prop
import (
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/godbus/dbus"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/godbus/dbus/introspect"
"sync"
)
// EmitType controls how org.freedesktop.DBus.Properties.PropertiesChanged is
// emitted for a property. If it is EmitTrue, the signal is emitted. If it is
// EmitInvalidates, the signal is also emitted, but the new value of the property
// is not disclosed.
type EmitType byte
const (
EmitFalse EmitType = iota
EmitTrue
EmitInvalidates
)
// ErrIfaceNotFound is the error returned to peers who try to access properties
// on interfaces that aren't found.
var ErrIfaceNotFound = dbus.NewError("org.freedesktop.DBus.Properties.Error.InterfaceNotFound", nil)
// ErrPropNotFound is the error returned to peers trying to access properties
// that aren't found.
var ErrPropNotFound = dbus.NewError("org.freedesktop.DBus.Properties.Error.PropertyNotFound", nil)
// ErrReadOnly is the error returned to peers trying to set a read-only
// property.
var ErrReadOnly = dbus.NewError("org.freedesktop.DBus.Properties.Error.ReadOnly", nil)
// ErrInvalidArg is returned to peers if the type of the property that is being
// changed and the argument don't match.
var ErrInvalidArg = dbus.NewError("org.freedesktop.DBus.Properties.Error.InvalidArg", nil)
// The introspection data for the org.freedesktop.DBus.Properties interface.
var IntrospectData = introspect.Interface{
Name: "org.freedesktop.DBus.Properties",
Methods: []introspect.Method{
{
Name: "Get",
Args: []introspect.Arg{
{"interface", "s", "in"},
{"property", "s", "in"},
{"value", "v", "out"},
},
},
{
Name: "GetAll",
Args: []introspect.Arg{
{"interface", "s", "in"},
{"props", "a{sv}", "out"},
},
},
{
Name: "Set",
Args: []introspect.Arg{
{"interface", "s", "in"},
{"property", "s", "in"},
{"value", "v", "in"},
},
},
},
Signals: []introspect.Signal{
{
Name: "PropertiesChanged",
Args: []introspect.Arg{
{"interface", "s", "out"},
{"changed_properties", "a{sv}", "out"},
{"invalidates_properties", "as", "out"},
},
},
},
}
// The introspection data for the org.freedesktop.DBus.Properties interface, as
// a string.
const IntrospectDataString = `
<interface name="org.freedesktop.DBus.Properties">
<method name="Get">
<arg name="interface" direction="in" type="s"/>
<arg name="property" direction="in" type="s"/>
<arg name="value" direction="out" type="v"/>
</method>
<method name="GetAll">
<arg name="interface" direction="in" type="s"/>
<arg name="props" direction="out" type="a{sv}"/>
</method>
<method name="Set">
<arg name="interface" direction="in" type="s"/>
<arg name="property" direction="in" type="s"/>
<arg name="value" direction="in" type="v"/>
</method>
<signal name="PropertiesChanged">
<arg name="interface" type="s"/>
<arg name="changed_properties" type="a{sv}"/>
<arg name="invalidates_properties" type="as"/>
</signal>
</interface>
`
// Prop represents a single property. It is used for creating a Properties
// value.
type Prop struct {
// Initial value. Must be a DBus-representable type.
Value interface{}
// If true, the value can be modified by calls to Set.
Writable bool
// Controls how org.freedesktop.DBus.Properties.PropertiesChanged is
// emitted if this property changes.
Emit EmitType
// If not nil, anytime this property is changed by Set, this function is
// called with an appropiate Change as its argument. If the returned error
// is not nil, it is sent back to the caller of Set and the property is not
// changed.
Callback func(*Change) *dbus.Error
}
// Change represents a change of a property by a call to Set.
type Change struct {
Props *Properties
Iface string
Name string
Value interface{}
}
// Properties is a set of values that can be made available to the message bus
// using the org.freedesktop.DBus.Properties interface. It is safe for
// concurrent use by multiple goroutines.
type Properties struct {
m map[string]map[string]*Prop
mut sync.RWMutex
conn *dbus.Conn
path dbus.ObjectPath
}
// New returns a new Properties structure that manages the given properties.
// The key for the first-level map of props is the name of the interface; the
// second-level key is the name of the property. The returned structure will be
// exported as org.freedesktop.DBus.Properties on path.
func New(conn *dbus.Conn, path dbus.ObjectPath, props map[string]map[string]*Prop) *Properties {
p := &Properties{m: props, conn: conn, path: path}
conn.Export(p, path, "org.freedesktop.DBus.Properties")
return p
}
// Get implements org.freedesktop.DBus.Properties.Get.
func (p *Properties) Get(iface, property string) (dbus.Variant, *dbus.Error) {
p.mut.RLock()
defer p.mut.RUnlock()
m, ok := p.m[iface]
if !ok {
return dbus.Variant{}, ErrIfaceNotFound
}
prop, ok := m[property]
if !ok {
return dbus.Variant{}, ErrPropNotFound
}
return dbus.MakeVariant(prop.Value), nil
}
// GetAll implements org.freedesktop.DBus.Properties.GetAll.
func (p *Properties) GetAll(iface string) (map[string]dbus.Variant, *dbus.Error) {
p.mut.RLock()
defer p.mut.RUnlock()
m, ok := p.m[iface]
if !ok {
return nil, ErrIfaceNotFound
}
rm := make(map[string]dbus.Variant, len(m))
for k, v := range m {
rm[k] = dbus.MakeVariant(v.Value)
}
return rm, nil
}
// GetMust returns the value of the given property and panics if either the
// interface or the property name are invalid.
func (p *Properties) GetMust(iface, property string) interface{} {
p.mut.RLock()
defer p.mut.RUnlock()
return p.m[iface][property].Value
}
// Introspection returns the introspection data that represents the properties
// of iface.
func (p *Properties) Introspection(iface string) []introspect.Property {
p.mut.RLock()
defer p.mut.RUnlock()
m := p.m[iface]
s := make([]introspect.Property, 0, len(m))
for k, v := range m {
p := introspect.Property{Name: k, Type: dbus.SignatureOf(v.Value).String()}
if v.Writable {
p.Access = "readwrite"
} else {
p.Access = "read"
}
s = append(s, p)
}
return s
}
// set sets the given property and emits PropertyChanged if appropiate. p.mut
// must already be locked.
func (p *Properties) set(iface, property string, v interface{}) {
prop := p.m[iface][property]
prop.Value = v
switch prop.Emit {
case EmitFalse:
// do nothing
case EmitInvalidates:
p.conn.Emit(p.path, "org.freedesktop.DBus.Properties.PropertiesChanged",
iface, map[string]dbus.Variant{}, []string{property})
case EmitTrue:
p.conn.Emit(p.path, "org.freedesktop.DBus.Properties.PropertiesChanged",
iface, map[string]dbus.Variant{property: dbus.MakeVariant(v)},
[]string{})
default:
panic("invalid value for EmitType")
}
}
// Set implements org.freedesktop.Properties.Set.
func (p *Properties) Set(iface, property string, newv dbus.Variant) *dbus.Error {
p.mut.Lock()
defer p.mut.Unlock()
m, ok := p.m[iface]
if !ok {
return ErrIfaceNotFound
}
prop, ok := m[property]
if !ok {
return ErrPropNotFound
}
if !prop.Writable {
return ErrReadOnly
}
if newv.Signature() != dbus.SignatureOf(prop.Value) {
return ErrInvalidArg
}
if prop.Callback != nil {
err := prop.Callback(&Change{p, iface, property, newv.Value()})
if err != nil {
return err
}
}
p.set(iface, property, newv.Value())
return nil
}
// SetMust sets the value of the given property and panics if the interface or
// the property name are invalid.
func (p *Properties) SetMust(iface, property string, v interface{}) {
p.mut.Lock()
p.set(iface, property, v)
p.mut.Unlock()
}

49
Godeps/_workspace/src/github.com/op/go-logging/examples/example.go generated vendored
Unescape View File

@ -1,49 +0,0 @@
package main
import (
"os"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/op/go-logging"
)
var log = logging.MustGetLogger("example")
// Example format string. Everything except the message has a custom color
// which is dependent on the log level. Many fields have a custom output
// formatting too, eg. the time returns the hour down to the milli second.
var format = logging.MustStringFormatter(
`%{color}%{time:15:04:05.000} %{shortfunc} â–¶ %{level:.4s} %{id:03x}%{color:reset} %{message}`,
)
// Password is just an example type implementing the Redactor interface. Any
// time this is logged, the Redacted() function will be called.
type Password string
func (p Password) Redacted() interface{} {
return logging.Redact(string(p))
}
func main() {
// For demo purposes, create two backend for os.Stderr.
backend1 := logging.NewLogBackend(os.Stderr, "", 0)
backend2 := logging.NewLogBackend(os.Stderr, "", 0)
// For messages written to backend2 we want to add some additional
// information to the output, including the used log level and the name of
// the function.
backend2Formatter := logging.NewBackendFormatter(backend2, format)
// Only errors and more severe messages should be sent to backend1
backend1Leveled := logging.AddModuleLevel(backend1)
backend1Leveled.SetLevel(logging.ERROR, "")
// Set the backends to be used.
logging.SetBackend(backend1Leveled, backend2Formatter)
log.Debugf("debug %s", Password("secret"))
log.Info("info")
log.Notice("notice")
log.Warning("warning")
log.Error("err")
log.Critical("crit")
}

BIN
Godeps/_workspace/src/github.com/op/go-logging/examples/example.png generated vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 17 KiB

51
dbus.go
Unescape View File

@ -2,13 +2,11 @@ package main
import (
"errors"
"fmt"
"strings"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/godbus/dbus"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/godbus/dbus/introspect"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/op/go-logging"
"path"
"github.com/godbus/dbus"
"github.com/godbus/dbus/introspect"
"github.com/op/go-logging"
)
const introspectXml = `
@ -82,46 +80,17 @@ func newDbusServer() (*dbusServer, error) {
if err := conn.Export(ds, objectPath, interfaceName); err != nil {
return nil, err
}
ps := strings.Split(objectPath, "/")
path := "/"
for _, p := range ps {
if len(path) > 1 {
path += "/"
}
path += p
if err := conn.Export(ds, dbus.ObjectPath(path), "org.freedesktop.DBus.Introspectable"); err != nil {
return nil, err
}
if err := conn.Export(introspect.Introspectable(introspectXml), objectPath, "org.freedesktop.DBus.Introspectable"); err != nil {
return nil, err
}
ds.conn = conn
ds.prompter = newPrompter(conn)
return ds, nil
}
func (ds *dbusServer) Introspect(msg dbus.Message) (string, *dbus.Error) {
path := string(msg.Headers[dbus.FieldPath].Value().(dbus.ObjectPath))
if path == objectPath {
return introspectXml, nil
}
parts := strings.Split(objectPath, "/")
current := "/"
for i := 0; i < len(parts)-1; i++ {
if len(current) > 1 {
current += "/"
}
current += parts[i]
if path == current {
next := parts[i+1]
return fmt.Sprintf("<node><node name=\"%s\"/></node>", next), nil
}
}
return "", nil
}
func (ds *dbusServer) SetEnabled(flag bool) *dbus.Error {
log.Debug("SetEnabled(%v) called", flag)
log.Debugf("SetEnabled(%v) called", flag)
ds.fw.setEnabled(flag)
return nil
}
@ -167,7 +136,7 @@ func (ds *dbusServer) DeleteRule(id uint32) *dbus.Error {
}
func (ds *dbusServer) UpdateRule(rule DbusRule) *dbus.Error {
log.Debug("UpdateRule %v", rule)
log.Debugf("UpdateRule %v", rule)
ds.fw.lock.Lock()
r := ds.fw.rulesById[uint(rule.Id)]
ds.fw.lock.Unlock()
@ -175,7 +144,7 @@ func (ds *dbusServer) UpdateRule(rule DbusRule) *dbus.Error {
tmp := new(Rule)
tmp.addr = noAddress
if !tmp.parseTarget(rule.Target) {
log.Warning("Unable to parse target: %s", rule.Target)
log.Warningf("Unable to parse target: %s", rule.Target)
return nil
}
r.policy.lock.Lock()

8
dns.go
Unescape View File

@ -31,7 +31,7 @@ func (dc *dnsCache) processDNS(pkt *nfqueue.Packet) {
return
}
if len(dns.question) != 1 {
log.Warning("Length of DNS Question section is not 1 as expected: %d", len(dns.question))
log.Warningf("Length of DNS Question section is not 1 as expected: %d", len(dns.question))
return
}
q := dns.question[0]
@ -39,7 +39,7 @@ func (dc *dnsCache) processDNS(pkt *nfqueue.Packet) {
dc.processRecordA(q.Name, dns.answer)
return
}
log.Info("Unhandled DNS message: %v", dns)
log.Infof("Unhandled DNS message: %v", dns)
}
@ -55,10 +55,10 @@ func (dc *dnsCache) processRecordA(name string, answers []dnsRR) {
}
dc.ipMap[ip] = name
if !logRedact {
log.Info("Adding %s: %s", name, ip)
log.Infof("Adding %s: %s", name, ip)
}
default:
log.Warning("Unexpected RR type in answer section of A response: %v", rec)
log.Warningf("Unexpected RR type in answer section of A response: %v", rec)
}
}
}

4
fw-settings/builder.go
Unescape View File

@ -7,8 +7,8 @@ import (
"path/filepath"
"reflect"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/gotk3/gotk3/glib"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/gotk3/gotk3/gtk"
"github.com/gotk3/gotk3/glib"
"github.com/gotk3/gotk3/gtk"
"github.com/subgraph/fw-daemon/fw-settings/definitions"
)

4
fw-settings/config.go
Unescape View File

@ -1,8 +1,8 @@
package main
import (
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/gotk3/gotk3/gtk"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/op/go-logging"
"github.com/gotk3/gotk3/gtk"
"github.com/op/go-logging"
)
var levelToId = map[int32]string{

2
fw-settings/dbus.go
Unescape View File

@ -1,7 +1,7 @@
package main
import (
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/godbus/dbus"
"github.com/godbus/dbus"
)
type dbusObject struct {

4
fw-settings/main.go
Unescape View File

@ -4,8 +4,8 @@ import (
"os"
"fmt"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/gotk3/gotk3/glib"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/gotk3/gotk3/gtk"
"github.com/gotk3/gotk3/glib"
"github.com/gotk3/gotk3/gtk"
)
func failDialog(parent *gtk.Window, format string, args ...interface{}) {

2
fw-settings/rule_edit.go
Unescape View File

@ -2,7 +2,7 @@ package main
import (
"fmt"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/gotk3/gotk3/gtk"
"github.com/gotk3/gotk3/gtk"
"net"
"strconv"
"strings"

2
fw-settings/rules.go
Unescape View File

@ -2,7 +2,7 @@ package main
import (
"fmt"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/gotk3/gotk3/gtk"
"github.com/gotk3/gotk3/gtk"
"strings"
)

2
gnome-shell/firewall@subgraph.com/metadata.json
Unescape View File

@ -1,6 +1,6 @@
{
"description": "Firewall Extension",
"shell-version": ["3.18", "3.20"],
"shell-version": ["3.18", "3.20", "3.21", "3.21.91", "3.22"],
"uuid": "firewall@subgraph.com",
"name": "Firewall Extension",
"settings-schema": "com.subgraph.firewall"

6
icons.go
Unescape View File

@ -34,12 +34,12 @@ func initIcons() {
path := "/usr/share/applications"
dir, err := os.Open(path)
if err != nil {
log.Warning("Failed to open %s for reading: %v", path, err)
log.Warningf("Failed to open %s for reading: %v", path, err)
return
}
names, err := dir.Readdirnames(0)
if err != nil {
log.Warning("Could not read directory %s: %v", path, err)
log.Warningf("Could not read directory %s: %v", path, err)
return
}
for _, n := range names {
@ -53,7 +53,7 @@ func initIcons() {
func loadDesktopFile(path string) {
bs, err := ioutil.ReadFile(path)
if err != nil {
log.Warning("Error reading %s: %v", path, err)
log.Warningf("Error reading %s: %v", path, err)
return
}
exec := ""

6
iptables.go
Unescape View File

@ -18,9 +18,9 @@ func setupIPTables() {
func addIPTRules(rules ...string) {
for _, r := range rules {
if iptables('C', r) {
log.Info("IPTables rule already present: %s", r)
log.Infof("IPTables rule already present: %s", r)
} else {
log.Info("Installing IPTables rule: %s", r)
log.Infof("Installing IPTables rule: %s", r)
iptables('I', r)
}
}
@ -38,7 +38,7 @@ func iptables(verb rune, rule string) bool {
_, err = cmd.CombinedOutput()
_, exitErr := err.(*exec.ExitError)
if err != nil && !exitErr {
log.Warning("Error running iptables: %v", err)
log.Warningf("Error running iptables: %v", err)
}
return !exitErr
}

124
main.go
Unescape View File

@ -2,16 +2,20 @@ package main
import (
// _ "net/http/pprof"
"bufio"
"encoding/json"
"os"
"os/signal"
"time"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/op/go-logging"
"github.com/subgraph/fw-daemon/nfqueue"
"github.com/subgraph/fw-daemon/proc"
"regexp"
"strings"
"sync"
"syscall"
"time"
"unsafe"
"github.com/subgraph/fw-daemon/nfqueue"
"github.com/subgraph/go-procsnitch"
"github.com/op/go-logging"
)
var log = logging.MustGetLogger("sgfw")
@ -60,6 +64,9 @@ type Firewall struct {
ruleLock sync.Mutex
rulesById map[uint]*Rule
nextRuleId uint
reloadRulesChan chan bool
stopChan chan bool
}
func (fw *Firewall) setEnabled(flag bool) {
@ -103,6 +110,14 @@ func (fw *Firewall) getRuleById(id uint) *Rule {
return fw.rulesById[id]
}
func (fw *Firewall) stop() {
fw.stopChan <- true
}
func (fw *Firewall) reloadRules() {
fw.reloadRulesChan <- true
}
func (fw *Firewall) runFilter() {
q := nfqueue.NewNFQueue(0)
defer q.Destroy()
@ -111,12 +126,6 @@ func (fw *Firewall) runFilter() {
q.Timeout = 5 * time.Minute
packets := q.Process()
sigKillChan := make(chan os.Signal, 1)
signal.Notify(sigKillChan, os.Interrupt, os.Kill)
sigHupChan := make(chan os.Signal, 1)
signal.Notify(sigHupChan, syscall.SIGHUP)
for {
select {
case pkt := <-packets:
@ -125,18 +134,70 @@ func (fw *Firewall) runFilter() {
} else {
pkt.Accept()
}
case <-sigHupChan:
case <-fw.reloadRulesChan:
fw.loadRules()
case <-sigKillChan:
case <-fw.stopChan:
return
}
}
}
type SocksJsonConfig struct {
SocksListener string
TorSocks string
}
var commentRegexp = regexp.MustCompile("^[ \t]*#")
func loadConfiguration(configFilePath string) (*SocksJsonConfig, error) {
config := SocksJsonConfig{}
file, err := os.Open(configFilePath)
if err != nil {
return nil, err
}
scanner := bufio.NewScanner(file)
bs := ""
for scanner.Scan() {
line := scanner.Text()
if !commentRegexp.MatchString(line) {
bs += line + "\n"
}
}
if err := json.Unmarshal([]byte(bs), &config); err != nil {
return nil, err
}
return &config, nil
}
func getSocksChainConfig(config *SocksJsonConfig) *socksChainConfig {
// XXX
fields := strings.Split(config.TorSocks, "|")
torSocksNet := fields[0]
torSocksAddr := fields[1]
fields = strings.Split(config.SocksListener, "|")
socksListenNet := fields[0]
socksListenAddr := fields[1]
socksConfig := socksChainConfig{
TargetSocksNet: torSocksNet,
TargetSocksAddr: torSocksAddr,
ListenSocksNet: socksListenNet,
ListenSocksAddr: socksListenAddr,
}
return &socksConfig
}
func main() {
// XXX should this really be hardcoded?
// or should i add a CLI to specify config file location?
config, err := loadConfiguration("/etc/fw-daemon-socks.json")
if err != nil {
panic(err)
}
socksConfig := getSocksChainConfig(config)
logBackend := setupLoggerBackend()
log.SetBackend(logBackend)
proc.SetLogger(log)
procsnitch.SetLogger(log)
if os.Geteuid() != 0 {
log.Error("Must be run as root")
@ -152,11 +213,13 @@ func main() {
}
fw := &Firewall{
dbus: ds,
dns: NewDnsCache(),
enabled: true,
logBackend: logBackend,
policyMap: make(map[string]*Policy),
dbus: ds,
dns: NewDnsCache(),
enabled: true,
logBackend: logBackend,
policyMap: make(map[string]*Policy),
reloadRulesChan: make(chan bool, 0),
stopChan: make(chan bool, 0),
}
ds.fw = fw
@ -168,5 +231,28 @@ func main() {
}()
*/
wg := sync.WaitGroup{}
chain := NewSocksChain(socksConfig, &wg, fw)
chain.start()
fw.runFilter()
// observe process signals and either
// reload rules or shutdown firewall service
sigKillChan := make(chan os.Signal, 1)
signal.Notify(sigKillChan, os.Interrupt, os.Kill)
sigHupChan := make(chan os.Signal, 1)
signal.Notify(sigHupChan, syscall.SIGHUP)
for {
select {
case <-sigHupChan:
fw.reloadRules()
// XXX perhaps restart SOCKS proxy chain service with new proxy config specification?
case <-sigKillChan:
fw.stop()
return
}
}
}

120
policy.go
Unescape View File

@ -5,14 +5,58 @@ import (
"sync"
"github.com/subgraph/fw-daemon/nfqueue"
"github.com/subgraph/fw-daemon/proc"
"github.com/subgraph/go-procsnitch"
"net"
)
type pendingConnection interface {
policy() *Policy
procInfo() *procsnitch.Info
hostname() string
dst() net.IP
dstPort() uint16
accept()
drop()
print() string
}
type pendingPkt struct {
policy *Policy
hostname string
pkt *nfqueue.Packet
pinfo *proc.ProcInfo
pol *Policy
name string
pkt *nfqueue.Packet
pinfo *procsnitch.Info
}
func (pp *pendingPkt) policy() *Policy {
return pp.pol
}
func (pp *pendingPkt) procInfo() *procsnitch.Info {
return pp.pinfo
}
func (pp *pendingPkt) hostname() string {
return pp.name
}
func (pp *pendingPkt) dst() net.IP {
return pp.pkt.Dst
}
func (pp *pendingPkt) dstPort() uint16 {
return pp.pkt.DstPort
}
func (pp *pendingPkt) accept() {
pp.pkt.Accept()
}
func (pp *pendingPkt) drop() {
pp.pkt.Mark = 1
pp.pkt.Accept()
}
func (pp *pendingPkt) print() string {
return printPacket(pp.pkt, pp.name)
}
type Policy struct {
@ -21,11 +65,18 @@ type Policy struct {
application string
icon string
rules RuleList
pendingQueue []*pendingPkt
pendingQueue []pendingConnection
promptInProgress bool
lock sync.Mutex
}
func (fw *Firewall) PolicyForPath(path string) *Policy {
fw.lock.Lock()
defer fw.lock.Unlock()
return fw.policyForPath(path)
}
func (fw *Firewall) policyForPath(path string) *Policy {
if _, ok := fw.policyMap[path]; !ok {
p := new(Policy)
@ -43,14 +94,14 @@ func (fw *Firewall) policyForPath(path string) *Policy {
return fw.policyMap[path]
}
func (p *Policy) processPacket(pkt *nfqueue.Packet, pinfo *proc.ProcInfo) {
func (p *Policy) processPacket(pkt *nfqueue.Packet, pinfo *procsnitch.Info) {
p.lock.Lock()
defer p.lock.Unlock()
name := p.fw.dns.Lookup(pkt.Dst)
if !logRedact {
log.Info("Lookup(%s): %s", pkt.Dst.String(), name)
log.Infof("Lookup(%s): %s", pkt.Dst.String(), name)
}
result := p.rules.filter(pkt, pinfo, name)
result := p.rules.filterPacket(pkt, pinfo, name)
switch result {
case FILTER_DENY:
pkt.Mark = 1
@ -58,21 +109,21 @@ func (p *Policy) processPacket(pkt *nfqueue.Packet, pinfo *proc.ProcInfo) {
case FILTER_ALLOW:
pkt.Accept()
case FILTER_PROMPT:
p.processPromptResult(&pendingPkt{policy: p, hostname: name, pkt: pkt, pinfo: pinfo})
p.processPromptResult(&pendingPkt{pol: p, name: name, pkt: pkt, pinfo: pinfo})
default:
log.Warning("Unexpected filter result: %d", result)
log.Warningf("Unexpected filter result: %d", result)
}
}
func (p *Policy) processPromptResult(pp *pendingPkt) {
p.pendingQueue = append(p.pendingQueue, pp)
func (p *Policy) processPromptResult(pc pendingConnection) {
p.pendingQueue = append(p.pendingQueue, pc)
if !p.promptInProgress {
p.promptInProgress = true
go p.fw.dbus.prompt(p)
}
}
func (p *Policy) nextPending() *pendingPkt {
func (p *Policy) nextPending() pendingConnection {
p.lock.Lock()
defer p.lock.Unlock()
if len(p.pendingQueue) == 0 {
@ -81,14 +132,14 @@ func (p *Policy) nextPending() *pendingPkt {
return p.pendingQueue[0]
}
func (p *Policy) removePending(pp *pendingPkt) {
func (p *Policy) removePending(pc pendingConnection) {
p.lock.Lock()
defer p.lock.Unlock()
remaining := []*pendingPkt{}
for _, pkt := range p.pendingQueue {
if pkt != pp {
remaining = append(remaining, pkt)
remaining := []pendingConnection{}
for _, c := range p.pendingQueue {
if c != pc {
remaining = append(remaining, c)
}
}
if len(remaining) != len(p.pendingQueue) {
@ -141,18 +192,17 @@ func (p *Policy) removeRule(r *Rule) {
}
func (p *Policy) filterPending(rule *Rule) {
remaining := []*pendingPkt{}
for _, pp := range p.pendingQueue {
if rule.match(pp.pkt, pp.hostname) {
log.Info("Also applying %s to %s", rule.getString(logRedact), printPacket(pp.pkt, pp.hostname))
remaining := []pendingConnection{}
for _, pc := range p.pendingQueue {
if rule.match(pc.dst(), pc.dstPort(), pc.hostname()) {
log.Infof("Also applying %s to %s", rule.getString(logRedact), pc.print())
if rule.rtype == RULE_ALLOW {
pp.pkt.Accept()
pc.accept()
} else {
pp.pkt.Mark = 1
pp.pkt.Accept()
pc.drop()
}
} else {
remaining = append(remaining, pp)
remaining = append(remaining, pc)
}
}
if len(remaining) != len(p.pendingQueue) {
@ -199,29 +249,27 @@ func (fw *Firewall) filterPacket(pkt *nfqueue.Packet) {
}
pinfo := findProcessForPacket(pkt)
if pinfo == nil {
log.Warning("No proc found for %s", printPacket(pkt, fw.dns.Lookup(pkt.Dst)))
log.Warningf("No proc found for %s", printPacket(pkt, fw.dns.Lookup(pkt.Dst)))
pkt.Accept()
return
}
log.Debug("filterPacket [%s] %s", pinfo.ExePath, printPacket(pkt, fw.dns.Lookup(pkt.Dst)))
log.Debugf("filterPacket [%s] %s", pinfo.ExePath, printPacket(pkt, fw.dns.Lookup(pkt.Dst)))
if basicAllowPacket(pkt) {
pkt.Accept()
return
}
fw.lock.Lock()
policy := fw.policyForPath(pinfo.ExePath)
fw.lock.Unlock()
policy := fw.PolicyForPath(pinfo.ExePath)
policy.processPacket(pkt, pinfo)
}
func findProcessForPacket(pkt *nfqueue.Packet) *proc.ProcInfo {
func findProcessForPacket(pkt *nfqueue.Packet) *procsnitch.Info {
switch pkt.Protocol {
case nfqueue.TCP:
return proc.LookupTCPSocketProcess(pkt.SrcPort, pkt.Dst, pkt.DstPort)
return procsnitch.LookupTCPSocketProcess(pkt.SrcPort, pkt.Dst, pkt.DstPort)
case nfqueue.UDP:
return proc.LookupUDPSocketProcess(pkt.SrcPort)
return procsnitch.LookupUDPSocketProcess(pkt.SrcPort)
default:
log.Warning("Packet has unknown protocol: %d", pkt.Protocol)
log.Warningf("Packet has unknown protocol: %d", pkt.Protocol)
return nil
}
}

200
proc/proc.go
Unescape View File

@ -1,200 +0,0 @@
package proc
import (
"encoding/hex"
"errors"
"fmt"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/op/go-logging"
"io/ioutil"
"net"
"strconv"
"strings"
)
var log = logging.MustGetLogger("proc")
func SetLogger(logger *logging.Logger) {
log = logger
}
var pcache = &pidCache{}
func LookupUDPSocketProcess(srcPort uint16) *ProcInfo {
ss := findUDPSocket(srcPort)
if ss == nil {
return nil
}
return pcache.lookup(ss.inode)
}
func LookupTCPSocketProcess(srcPort uint16, dstAddr net.IP, dstPort uint16) *ProcInfo {
ss := findTCPSocket(srcPort, dstAddr, dstPort)
if ss == nil {
return nil
}
return pcache.lookup(ss.inode)
}
type ConnectionInfo struct {
pinfo *ProcInfo
local *socketAddr
remote *socketAddr
}
func (ci *ConnectionInfo) String() string {
return fmt.Sprintf("%v %s %s", ci.pinfo, ci.local, ci.remote)
}
func (sa *socketAddr) parse(s string) error {
ipPort := strings.Split(s, ":")
if len(ipPort) != 2 {
return fmt.Errorf("badly formatted socket address field: %s", s)
}
ip, err := ParseIp(ipPort[0])
if err != nil {
return fmt.Errorf("error parsing ip field [%s]: %v", ipPort[0], err)
}
port, err := ParsePort(ipPort[1])
if err != nil {
return fmt.Errorf("error parsing port field [%s]: %v", ipPort[1], err)
}
sa.ip = ip
sa.port = port
return nil
}
func ParseIp(ip string) (net.IP, error) {
var result net.IP
dst, err := hex.DecodeString(ip)
if err != nil {
return result, fmt.Errorf("Error parsing IP: %s", err)
}
// Reverse byte order -- /proc/net/tcp etc. is little-endian
// TODO: Does this vary by architecture?
for i, j := 0, len(dst)-1; i < j; i, j = i+1, j-1 {
dst[i], dst[j] = dst[j], dst[i]
}
result = net.IP(dst)
return result, nil
}
func ParsePort(port string) (uint16, error) {
p64, err := strconv.ParseInt(port, 16, 32)
if err != nil {
return 0, fmt.Errorf("Error parsing port: %s", err)
}
return uint16(p64), nil
}
func getConnections() ([]*ConnectionInfo, error) {
conns, err := readConntrack()
if err != nil {
return nil, err
}
resolveProcinfo(conns)
return conns, nil
}
func resolveProcinfo(conns []*ConnectionInfo) {
var sockets []*socketStatus
for _, line := range getSocketLines("tcp") {
if len(strings.TrimSpace(line)) == 0 {
continue
}
ss := new(socketStatus)
if err := ss.parseLine(line); err != nil {
log.Warning("Unable to parse line [%s]: %v", line, err)
} else {
/*
pid := findPidForInode(ss.inode)
if pid > 0 {
ss.pid = pid
fmt.Println("Socket", ss)
sockets = append(sockets, ss)
}
*/
}
}
for _, ci := range conns {
ss := findContrackSocket(ci, sockets)
if ss == nil {
continue
}
pinfo := pcache.lookup(ss.inode)
if pinfo != nil {
ci.pinfo = pinfo
}
}
}
func findContrackSocket(ci *ConnectionInfo, sockets []*socketStatus) *socketStatus {
for _, ss := range sockets {
if ss.local.port == ci.local.port && ss.remote.ip.Equal(ci.remote.ip) && ss.remote.port == ci.remote.port {
return ss
}
}
return nil
}
func readConntrack() ([]*ConnectionInfo, error) {
path := fmt.Sprintf("/proc/net/ip_conntrack")
data, err := ioutil.ReadFile(path)
if err != nil {
return nil, err
}
var result []*ConnectionInfo
lines := strings.Split(string(data), "\n")
for _, line := range lines {
ci, err := parseConntrackLine(line)
if err != nil {
return nil, err
}
if ci != nil {
result = append(result, ci)
}
}
return result, nil
}
func parseConntrackLine(line string) (*ConnectionInfo, error) {
parts := strings.Fields(line)
if len(parts) < 8 || parts[0] != "tcp" || parts[3] != "ESTABLISHED" {
return nil, nil
}
local, err := conntrackAddr(parts[4], parts[6])
if err != nil {
return nil, err
}
remote, err := conntrackAddr(parts[5], parts[7])
if err != nil {
return nil, err
}
return &ConnectionInfo{
local: local,
remote: remote,
}, nil
}
func conntrackAddr(ip_str, port_str string) (*socketAddr, error) {
ip := net.ParseIP(stripLabel(ip_str))
if ip == nil {
return nil, errors.New("Could not parse IP: " + ip_str)
}
i64, err := strconv.Atoi(stripLabel(port_str))
if err != nil {
return nil, err
}
return &socketAddr{
ip: ip,
port: uint16(i64),
}, nil
}
func stripLabel(s string) string {
idx := strings.Index(s, "=")
if idx == -1 {
return s
}
return s[idx+1:]
}

99
proc/socket.go
Unescape View File

@ -1,99 +0,0 @@
package proc
import (
"errors"
"fmt"
"io/ioutil"
"net"
"strconv"
"strings"
)
type socketAddr struct {
ip net.IP
port uint16
}
func (sa socketAddr) String() string {
return fmt.Sprintf("%v:%d", sa.ip, sa.port)
}
type socketStatus struct {
local socketAddr
remote socketAddr
uid int
inode uint64
line string
}
func (ss *socketStatus) String() string {
return fmt.Sprintf("%s -> %s uid=%d inode=%d", ss.local, ss.remote, ss.uid, ss.inode)
}
func findUDPSocket(srcPort uint16) *socketStatus {
return findSocket("udp", func(ss socketStatus) bool {
return ss.local.port == srcPort
})
}
func findTCPSocket(srcPort uint16, dstAddr net.IP, dstPort uint16) *socketStatus {
return findSocket("tcp", func(ss socketStatus) bool {
return ss.remote.port == dstPort && ss.remote.ip.Equal(dstAddr) && ss.local.port == srcPort
})
}
func findSocket(proto string, matcher func(socketStatus) bool) *socketStatus {
var ss socketStatus
for _, line := range getSocketLines(proto) {
if len(line) == 0 {
continue
}
if err := ss.parseLine(line); err != nil {
log.Warning("Unable to parse line from /proc/net/%s [%s]: %v", proto, line, err)
continue
}
if matcher(ss) {
ss.line = line
return &ss
}
}
return nil
}
func (ss *socketStatus) parseLine(line string) error {
fs := strings.Fields(line)
if len(fs) < 10 {
return errors.New("insufficient fields")
}
if err := ss.local.parse(fs[1]); err != nil {
return err
}
if err := ss.remote.parse(fs[2]); err != nil {
return err
}
uid, err := strconv.ParseUint(fs[7], 10, 32)
if err != nil {
return err
}
ss.uid = int(uid)
inode, err := strconv.ParseUint(fs[9], 10, 64)
if err != nil {
return err
}
ss.inode = inode
return nil
}
func getSocketLines(proto string) []string {
path := fmt.Sprintf("/proc/net/%s", proto)
data, err := ioutil.ReadFile(path)
if err != nil {
log.Warning("Error reading %s: %v", path, err)
return nil
}
lines := strings.Split(string(data), "\n")
if len(lines) > 0 {
lines = lines[1:]
}
return lines
}

59
prompt.go
Unescape View File

@ -2,7 +2,7 @@ package main
import (
"fmt"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/godbus/dbus"
"github.com/godbus/dbus"
"os/user"
"strconv"
"sync"
@ -53,13 +53,13 @@ func (p *prompter) promptLoop() {
}
func (p *prompter) processNextPacket() bool {
pp := p.nextPacket()
if pp == nil {
pc := p.nextConnection()
if pc == nil {
return false
}
p.lock.Unlock()
defer p.lock.Lock()
p.processPacket(pp)
p.processConnection(pc)
return true
}
@ -76,65 +76,64 @@ func printScope(scope int32) string {
}
}
func (p *prompter) processPacket(pp *pendingPkt) {
func (p *prompter) processConnection(pc pendingConnection) {
var scope int32
var rule string
addr := pp.hostname
addr := pc.hostname()
if addr == "" {
addr = pp.pkt.Dst.String()
addr = pc.dst().String()
}
policy := pc.policy()
call := p.dbusObj.Call("com.subgraph.FirewallPrompt.RequestPrompt", 0,
pp.policy.application,
pp.policy.icon,
pp.policy.path,
policy.application,
policy.icon,
policy.path,
addr,
int32(pp.pkt.DstPort),
pp.pkt.Dst.String(),
uidToUser(pp.pinfo.Uid),
int32(pp.pinfo.Pid))
int32(pc.dstPort()),
pc.dst().String(),
uidToUser(pc.procInfo().UID),
int32(pc.procInfo().Pid))
err := call.Store(&scope, &rule)
if err != nil {
log.Warning("Error sending dbus RequestPrompt message: %v", err)
pp.policy.removePending(pp)
pp.pkt.Mark = 1
pp.pkt.Accept()
log.Warningf("Error sending dbus RequestPrompt message: %v", err)
policy.removePending(pc)
pc.drop()
return
}
r, err := pp.policy.parseRule(rule, false)
r, err := policy.parseRule(rule, false)
if err != nil {
log.Warning("Error parsing rule string returned from dbus RequestPrompt: %v", err)
pp.policy.removePending(pp)
pp.pkt.Mark = 1
pp.pkt.Accept()
log.Warningf("Error parsing rule string returned from dbus RequestPrompt: %v", err)
policy.removePending(pc)
pc.drop()
return
}
if scope == APPLY_SESSION {
r.sessionOnly = true
}
if !pp.policy.processNewRule(r, scope) {
if !policy.processNewRule(r, scope) {
p.lock.Lock()
defer p.lock.Unlock()
p.removePolicy(pp.policy)
p.removePolicy(pc.policy())
}
if scope == APPLY_FOREVER {
pp.policy.fw.saveRules()
policy.fw.saveRules()
}
}
func (p *prompter) nextPacket() *pendingPkt {
func (p *prompter) nextConnection() pendingConnection {
for {
if len(p.policyQueue) == 0 {
return nil
}
policy := p.policyQueue[0]
pp := policy.nextPending()
if pp == nil {
pc := policy.nextPending()
if pc == nil {
p.removePolicy(policy)
} else {
return pp
return pc
}
}
}

46
rules.go
Unescape View File

@ -3,16 +3,16 @@ package main
import (
"encoding/binary"
"fmt"
"io/ioutil"
"net"
"os"
"path"
"strconv"
"strings"
"unicode"
"github.com/subgraph/fw-daemon/nfqueue"
"github.com/subgraph/fw-daemon/proc"
"io/ioutil"
"os"
"path"
"strconv"
"github.com/subgraph/go-procsnitch"
)
const (
@ -70,17 +70,17 @@ func (r *Rule) AddrString(redact bool) string {
type RuleList []*Rule
func (r *Rule) match(pkt *nfqueue.Packet, name string) bool {
if r.port != matchAny && r.port != pkt.DstPort {
func (r *Rule) match(dst net.IP, dstPort uint16, hostname string) bool {
if r.port != matchAny && r.port != dstPort {
return false
}
if r.addr == matchAny {
return true
}
if r.hostname != "" {
return r.hostname == name
return r.hostname == hostname
}
return r.addr == binary.BigEndian.Uint32(pkt.Dst)
return r.addr == binary.BigEndian.Uint32(dst)
}
type FilterResult int
@ -91,18 +91,22 @@ const (
FILTER_PROMPT
)
func (rl *RuleList) filter(p *nfqueue.Packet, pinfo *proc.ProcInfo, hostname string) FilterResult {
func (rl *RuleList) filterPacket(p *nfqueue.Packet, pinfo *procsnitch.Info, hostname string) FilterResult {
return rl.filter(p.Dst, p.DstPort, hostname, pinfo)
}
func (rl *RuleList) filter(dst net.IP, dstPort uint16, hostname string, pinfo *procsnitch.Info) FilterResult {
if rl == nil {
return FILTER_PROMPT
}
result := FILTER_PROMPT
for _, r := range *rl {
if r.match(p, hostname) {
dst := p.Dst.String()
if r.match(dst, dstPort, hostname) {
dstStr := dst.String()
if logRedact {
dst = "[redacted]"
dstStr = "[redacted]"
}
log.Info("%s (%s -> %s:%d)", r.getString(logRedact), pinfo.ExePath, dst, p.DstPort)
log.Infof("%s (%s -> %s:%d)", r.getString(logRedact), pinfo.ExePath, dstStr, dstPort)
if r.rtype == RULE_DENY {
return FILTER_DENY
} else if r.rtype == RULE_ALLOW {
@ -201,12 +205,12 @@ func (fw *Firewall) saveRules() {
p, err := rulesPath()
if err != nil {
log.Warning("Failed to open %s for writing: %v", p, err)
log.Warningf("Failed to open %s for writing: %v", p, err)
return
}
f, err := os.Create(p)
if err != nil {
log.Warning("Failed to open %s for writing: %v", p, err)
log.Warningf("Failed to open %s for writing: %v", p, err)
return
}
defer f.Close()
@ -238,7 +242,7 @@ func savePolicy(f *os.File, p *Policy) {
func writeLine(f *os.File, line string) bool {
_, err := f.WriteString(line + "\n")
if err != nil {
log.Warning("Error writing to rule file: %v", err)
log.Warningf("Error writing to rule file: %v", err)
return false
}
return true
@ -252,13 +256,13 @@ func (fw *Firewall) loadRules() {
p, err := rulesPath()
if err != nil {
log.Warning("Failed to open %s for reading: %v", p, err)
log.Warningf("Failed to open %s for reading: %v", p, err)
return
}
bs, err := ioutil.ReadFile(p)
if err != nil {
if !os.IsNotExist(err) {
log.Warning("Failed to open %s for reading: %v", p, err)
log.Warningf("Failed to open %s for reading: %v", p, err)
}
return
}
@ -283,12 +287,12 @@ func (fw *Firewall) processPathLine(line string) *Policy {
func processRuleLine(policy *Policy, line string) {
if policy == nil {
log.Warning("Cannot process rule line without first seeing path line: %s", line)
log.Warningf("Cannot process rule line without first seeing path line: %s", line)
return
}
_, err := policy.parseRule(line, true)
if err != nil {
log.Warning("Error parsing rule (%s): %v", line, err)
log.Warningf("Error parsing rule (%s): %v", line, err)
return
}
}

153
socks5/client.go
Unescape View File

@ -0,0 +1,153 @@
/*
* client.go - SOCSK5 client implementation.
*
* To the extent possible under law, Yawning Angel has waived all copyright and
* related or neighboring rights to or-ctl-filter, using the creative commons
* "cc0" public domain dedication. See LICENSE or
* <http://creativecommons.org/publicdomain/zero/1.0/> for full details.
*/
package socks5
import (
"fmt"
"io"
"net"
"time"
)
// Redispatch dials the provided proxy and redispatches an existing request.
func Redispatch(proxyNet, proxyAddr string, req *Request) (conn net.Conn, bndAddr *Address, err error) {
defer func() {
if err != nil && conn != nil {
conn.Close()
}
}()
conn, err = clientHandshake(proxyNet, proxyAddr, req)
if err != nil {
return nil, nil, err
}
bndAddr, err = clientCmd(conn, req)
return
}
func clientHandshake(proxyNet, proxyAddr string, req *Request) (net.Conn, error) {
conn, err := net.Dial(proxyNet, proxyAddr)
if err != nil {
return nil, err
}
if err := conn.SetDeadline(time.Now().Add(requestTimeout)); err != nil {
return conn, err
}
authMethod, err := clientNegotiateAuth(conn, req)
if err != nil {
return conn, err
}
if err := clientAuthenticate(conn, req, authMethod); err != nil {
return conn, err
}
if err := conn.SetDeadline(time.Time{}); err != nil {
return conn, err
}
return conn, nil
}
func clientNegotiateAuth(conn net.Conn, req *Request) (byte, error) {
useRFC1929 := req.Auth.Uname != nil && req.Auth.Passwd != nil
// XXX: Validate uname/passwd lengths, though should always be valid.
var buf [3]byte
buf[0] = version
buf[1] = 1
if useRFC1929 {
buf[2] = authUsernamePassword
} else {
buf[2] = authNoneRequired
}
if _, err := conn.Write(buf[:]); err != nil {
return authNoAcceptableMethods, err
}
var resp [2]byte
if _, err := io.ReadFull(conn, resp[:]); err != nil {
return authNoAcceptableMethods, err
}
if err := validateByte("version", resp[0], version); err != nil {
return authNoAcceptableMethods, err
}
if err := validateByte("method", resp[1], buf[2]); err != nil {
return authNoAcceptableMethods, err
}
return resp[1], nil
}
func clientAuthenticate(conn net.Conn, req *Request, authMethod byte) error {
switch authMethod {
case authNoneRequired:
case authUsernamePassword:
var buf []byte
buf = append(buf, authRFC1929Ver)
buf = append(buf, byte(len(req.Auth.Uname)))
buf = append(buf, req.Auth.Uname...)
buf = append(buf, byte(len(req.Auth.Passwd)))
buf = append(buf, req.Auth.Passwd...)
if _, err := conn.Write(buf); err != nil {
return err
}
var resp [2]byte
if _, err := io.ReadFull(conn, resp[:]); err != nil {
return err
}
if err := validateByte("version", resp[0], authRFC1929Ver); err != nil {
return err
}
if err := validateByte("status", resp[1], authRFC1929Success); err != nil {
return err
}
default:
panic(fmt.Sprintf("unknown authentication method: 0x%02x", authMethod))
}
return nil
}
func clientCmd(conn net.Conn, req *Request) (*Address, error) {
var buf []byte
buf = append(buf, version)
buf = append(buf, byte(req.Cmd))
buf = append(buf, rsv)
buf = append(buf, req.Addr.raw...)
if _, err := conn.Write(buf); err != nil {
return nil, err
}
var respHdr [3]byte
if _, err := io.ReadFull(conn, respHdr[:]); err != nil {
return nil, err
}
if err := validateByte("version", respHdr[0], version); err != nil {
return nil, err
}
if err := validateByte("rep", respHdr[1], byte(ReplySucceeded)); err != nil {
return nil, clientError(respHdr[1])
}
if err := validateByte("rsv", respHdr[2], rsv); err != nil {
return nil, err
}
var bndAddr Address
if err := bndAddr.read(conn); err != nil {
return nil, err
}
if err := conn.SetDeadline(time.Time{}); err != nil {
return nil, err
}
return &bndAddr, nil
}

280
socks5/common.go
Unescape View File

@ -0,0 +1,280 @@
/*
* common.go - SOCSK5 common definitons/routines.
*
* To the extent possible under law, Yawning Angel has waived all copyright and
* related or neighboring rights to or-ctl-filter, using the creative commons
* "cc0" public domain dedication. See LICENSE or
* <http://creativecommons.org/publicdomain/zero/1.0/> for full details.
*/
// Package socks5 implements a SOCKS5 client/server. For more information see
// RFC 1928 and RFC 1929.
//
// Notes:
// * GSSAPI authentication, is NOT supported.
// * The authentication provided by the client is always accepted.
// * A lot of the code is shamelessly stolen from obfs4proxy.
package socks5
import (
"errors"
"fmt"
"io"
"net"
"strconv"
"syscall"
"time"
)
const (
version = 0x05
rsv = 0x00
atypIPv4 = 0x01
atypDomainName = 0x03
atypIPv6 = 0x04
authNoneRequired = 0x00
authUsernamePassword = 0x02
authNoAcceptableMethods = 0xff
inboundTimeout = 5 * time.Second
requestTimeout = 30 * time.Second
)
var errInvalidAtyp = errors.New("invalid address type")
// ReplyCode is a SOCKS 5 reply code.
type ReplyCode byte
// The various SOCKS 5 reply codes from RFC 1928.
const (
ReplySucceeded ReplyCode = iota
ReplyGeneralFailure
ReplyConnectionNotAllowed
ReplyNetworkUnreachable
ReplyHostUnreachable
ReplyConnectionRefused
ReplyTTLExpired
ReplyCommandNotSupported
ReplyAddressNotSupported
)
// Command is a SOCKS 5 command.
type Command byte
// The various SOCKS 5 commands.
const (
CommandConnect Command = 0x01
CommandTorResolve Command = 0xf0
CommandTorResolvePTR Command = 0xf1
)
// Address is a SOCKS 5 address + port.
type Address struct {
atyp uint8
raw []byte
addrStr string
portStr string
}
// FromString parses the provided "host:port" format address and populates the
// Address fields.
func (addr *Address) FromString(addrStr string) (err error) {
addr.addrStr, addr.portStr, err = net.SplitHostPort(addrStr)
if err != nil {
return
}
var raw []byte
if ip := net.ParseIP(addr.addrStr); ip != nil {
if v4Addr := ip.To4(); v4Addr != nil {
raw = append(raw, atypIPv4)
raw = append(raw, v4Addr...)
} else if v6Addr := ip.To16(); v6Addr != nil {
raw = append(raw, atypIPv6)
raw = append(raw, v6Addr...)
} else {
return errors.New("unsupported IP address type")
}
} else {
// Must be a FQDN.
if len(addr.addrStr) > 255 {
return fmt.Errorf("invalid FQDN, len > 255 bytes (%d bytes)", len(addr.addrStr))
}
raw = append(raw, atypDomainName)
raw = append(raw, addr.addrStr...)
}
var port uint64
if port, err = strconv.ParseUint(addr.portStr, 10, 16); err != nil {
return
}
raw = append(raw, byte(port>>8))
raw = append(raw, byte(port&0xff))
addr.raw = raw
return
}
// String returns the string representation of the address, in "host:port"
// format.
func (addr *Address) String() string {
return addr.addrStr + ":" + addr.portStr
}
// HostPort returns the string representation of the addess, split into the
// host and port components.
func (addr *Address) HostPort() (string, string) {
return addr.addrStr, addr.portStr
}
// Type returns the address type from the connect command this address was
// parsed from
func (addr *Address) Type() uint8 {
return addr.atyp
}
func (addr *Address) read(conn net.Conn) (err error) {
// The address looks like:
// uint8_t atyp
// uint8_t addr[] (Length depends on atyp)
// uint16_t port
// Read the atype.
var atyp byte
if atyp, err = readByte(conn); err != nil {
return
}
addr.raw = append(addr.raw, atyp)
// Read the address.
var rawAddr []byte
switch atyp {
case atypIPv4:
rawAddr = make([]byte, net.IPv4len)
if _, err = io.ReadFull(conn, rawAddr); err != nil {
return
}
v4Addr := net.IPv4(rawAddr[0], rawAddr[1], rawAddr[2], rawAddr[3])
addr.addrStr = v4Addr.String()
case atypDomainName:
var alen byte
if alen, err = readByte(conn); err != nil {
return
}
if alen == 0 {
return fmt.Errorf("domain name with 0 length")
}
rawAddr = make([]byte, alen)
addr.raw = append(addr.raw, alen)
if _, err = io.ReadFull(conn, rawAddr); err != nil {
return
}
addr.addrStr = string(rawAddr)
case atypIPv6:
rawAddr = make([]byte, net.IPv6len)
if _, err = io.ReadFull(conn, rawAddr); err != nil {
return
}
v6Addr := make(net.IP, net.IPv6len)
copy(v6Addr[:], rawAddr)
addr.addrStr = fmt.Sprintf("[%s]", v6Addr.String())
default:
return errInvalidAtyp
}
addr.atyp = atyp
addr.raw = append(addr.raw, rawAddr...)
// Read the port.
var rawPort [2]byte
if _, err = io.ReadFull(conn, rawPort[:]); err != nil {
return
}
port := int(rawPort[0])<<8 | int(rawPort[1])
addr.portStr = fmt.Sprintf("%d", port)
addr.raw = append(addr.raw, rawPort[:]...)
return
}
// ErrorToReplyCode converts an error to the "best" reply code.
func ErrorToReplyCode(err error) ReplyCode {
if cErr, ok := err.(clientError); ok {
return ReplyCode(cErr)
}
opErr, ok := err.(*net.OpError)
if !ok {
return ReplyGeneralFailure
}
errno, ok := opErr.Err.(syscall.Errno)
if !ok {
return ReplyGeneralFailure
}
switch errno {
case syscall.EADDRNOTAVAIL:
return ReplyAddressNotSupported
case syscall.ETIMEDOUT:
return ReplyTTLExpired
case syscall.ENETUNREACH:
return ReplyNetworkUnreachable
case syscall.EHOSTUNREACH:
return ReplyHostUnreachable
case syscall.ECONNREFUSED, syscall.ECONNRESET:
return ReplyConnectionRefused
default:
return ReplyGeneralFailure
}
}
// Request describes a SOCKS 5 request.
type Request struct {
Auth AuthInfo
Cmd Command
Addr Address
conn net.Conn
}
type clientError ReplyCode
func (e clientError) Error() string {
switch ReplyCode(e) {
case ReplySucceeded:
return "socks5: succeeded"
case ReplyGeneralFailure:
return "socks5: general failure"
case ReplyConnectionNotAllowed:
return "socks5: connection not allowed"
case ReplyNetworkUnreachable:
return "socks5: network unreachable"
case ReplyHostUnreachable:
return "socks5: host unreachable"
case ReplyConnectionRefused:
return "socks5: connection refused"
case ReplyTTLExpired:
return "socks5: ttl expired"
case ReplyCommandNotSupported:
return "socks5: command not supported"
case ReplyAddressNotSupported:
return "socks5: address not supported"
default:
return fmt.Sprintf("socks5: reply code: 0x%02x", e)
}
}
func readByte(conn net.Conn) (byte, error) {
var tmp [1]byte
if _, err := conn.Read(tmp[:]); err != nil {
return 0, err
}
return tmp[0], nil
}
func validateByte(descr string, val, expected byte) error {
if val != expected {
return fmt.Errorf("message field '%s' was 0x%02x (expected 0x%02x)", descr, val, expected)
}
return nil
}

200
socks5/server.go
Unescape View File

@ -0,0 +1,200 @@
/*
* server.go - SOCSK5 server implementation.
*
* To the extent possible under law, Yawning Angel has waived all copyright and
* related or neighboring rights to or-ctl-filter, using the creative commons
* "cc0" public domain dedication. See LICENSE or
* <http://creativecommons.org/publicdomain/zero/1.0/> for full details.
*/
package socks5
import (
"bytes"
"fmt"
"io"
"net"
"time"
)
// Handshake attempts to handle a incoming client handshake over the provided
// connection and receive the SOCKS5 request. The routine handles sending
// appropriate errors if applicable, but will not close the connection.
func Handshake(conn net.Conn) (*Request, error) {
// Arm the handshake timeout.
var err error
if err = conn.SetDeadline(time.Now().Add(inboundTimeout)); err != nil {
return nil, err
}
defer func() {
// Disarm the handshake timeout, only propagate the error if
// the handshake was successful.
nerr := conn.SetDeadline(time.Time{})
if err == nil {
err = nerr
}
}()
req := new(Request)
req.conn = conn
// Negotiate the protocol version and authentication method.
var method byte
if method, err = req.negotiateAuth(); err != nil {
return nil, err
}
// Authenticate if neccecary.
if err = req.authenticate(method); err != nil {
return nil, err
}
// Read the client command.
if err = req.readCommand(); err != nil {
return nil, err
}
return req, err
}
// Reply sends a SOCKS5 reply to the corresponding request. The BND.ADDR and
// BND.PORT fields are always set to an address/port corresponding to
// "0.0.0.0:0".
func (req *Request) Reply(code ReplyCode) error {
return req.ReplyAddr(code, nil)
}
// ReplyAddr sends a SOCKS5 reply to the corresponding request. The BND.ADDR
// and BND.PORT fields are specified by addr, or "0.0.0.0:0" if not provided.
func (req *Request) ReplyAddr(code ReplyCode, addr *Address) error {
// The server sends a reply message.
// uint8_t ver (0x05)
// uint8_t rep
// uint8_t rsv (0x00)
// uint8_t atyp
// uint8_t bnd_addr[]
// uint16_t bnd_port
resp := []byte{version, byte(code), rsv}
if addr == nil {
var nilAddr [net.IPv4len + 2]byte
resp = append(resp, atypIPv4)
resp = append(resp, nilAddr[:]...)
} else {
resp = append(resp, addr.raw...)
}
_, err := req.conn.Write(resp[:])
return err
}
func (req *Request) negotiateAuth() (byte, error) {
// The client sends a version identifier/selection message.
// uint8_t ver (0x05)
// uint8_t nmethods (>= 1).
// uint8_t methods[nmethods]
var err error
if err = req.readByteVerify("version", version); err != nil {
return 0, err
}
// Read the number of methods, and the methods.
var nmethods byte
method := byte(authNoAcceptableMethods)
if nmethods, err = req.readByte(); err != nil {
return method, err
}
methods := make([]byte, nmethods)
if _, err := io.ReadFull(req.conn, methods); err != nil {
return 0, err
}
// Pick the best authentication method, prioritizing authenticating
// over not if both options are present.
if bytes.IndexByte(methods, authUsernamePassword) != -1 {
method = authUsernamePassword
} else if bytes.IndexByte(methods, authNoneRequired) != -1 {
method = authNoneRequired
}
// The server sends a method selection message.
// uint8_t ver (0x05)
// uint8_t method
msg := []byte{version, method}
if _, err = req.conn.Write(msg); err != nil {
return 0, err
}
return method, nil
}
func (req *Request) authenticate(method byte) error {
switch method {
case authNoneRequired:
return nil
case authUsernamePassword:
return req.authRFC1929()
case authNoAcceptableMethods:
return fmt.Errorf("no acceptable authentication methods")
default:
// This should never happen as only supported auth methods should be
// negotiated.
return fmt.Errorf("negotiated unsupported method 0x%02x", method)
}
}
func (req *Request) readCommand() error {
// The client sends the request details.
// uint8_t ver (0x05)
// uint8_t cmd
// uint8_t rsv (0x00)
// uint8_t atyp
// uint8_t dst_addr[]
// uint16_t dst_port
var err error
var cmd byte
if err = req.readByteVerify("version", version); err != nil {
req.Reply(ReplyGeneralFailure)
return err
}
if cmd, err = req.readByte(); err != nil {
req.Reply(ReplyGeneralFailure)
return err
}
switch Command(cmd) {
case CommandConnect, CommandTorResolve, CommandTorResolvePTR:
req.Cmd = Command(cmd)
default:
req.Reply(ReplyCommandNotSupported)
return fmt.Errorf("unsupported SOCKS command: 0x%02x", cmd)
}
if err = req.readByteVerify("reserved", rsv); err != nil {
req.Reply(ReplyGeneralFailure)
return err
}
// Read the destination address/port.
err = req.Addr.read(req.conn)
if err == errInvalidAtyp {
req.Reply(ReplyAddressNotSupported)
} else if err != nil {
req.Reply(ReplyGeneralFailure)
}
return err
}
func (req *Request) readByte() (byte, error) {
return readByte(req.conn)
}
func (req *Request) readByteVerify(descr string, expected byte) error {
val, err := req.readByte()
if err != nil {
return err
}
return validateByte(descr, val, expected)
}

84
socks5/server_rfc1929.go
Unescape View File

@ -0,0 +1,84 @@
/*
* server_rfc1929.go - SOCSK 5 server authentication.
*
* To the extent possible under law, Yawning Angel has waived all copyright and
* related or neighboring rights to or-ctl-filter, using the creative commons
* "cc0" public domain dedication. See LICENSE or
* <http://creativecommons.org/publicdomain/zero/1.0/> for full details.
*/
package socks5
import (
"fmt"
"io"
)
const (
authRFC1929Ver = 0x01
authRFC1929Success = 0x00
authRFC1929Fail = 0x01
)
// AuthInfo is the RFC 1929 Username/Password authentication data.
type AuthInfo struct {
Uname []byte
Passwd []byte
}
func (req *Request) authRFC1929() (err error) {
sendErrResp := func() {
// Swallow write/flush errors, the auth failure is the relevant error.
resp := []byte{authRFC1929Ver, authRFC1929Fail}
req.conn.Write(resp[:])
}
// The client sends a Username/Password request.
// uint8_t ver (0x01)
// uint8_t ulen (>= 1)
// uint8_t uname[ulen]
// uint8_t plen (>= 1)
// uint8_t passwd[plen]
if err = req.readByteVerify("auth version", authRFC1929Ver); err != nil {
sendErrResp()
return
}
// Read the username.
var ulen byte
if ulen, err = req.readByte(); err != nil {
sendErrResp()
return
} else if ulen < 1 {
sendErrResp()
return fmt.Errorf("username with 0 length")
}
uname := make([]byte, ulen)
if _, err = io.ReadFull(req.conn, uname); err != nil {
sendErrResp()
return
}
// Read the password.
var plen byte
if plen, err = req.readByte(); err != nil {
sendErrResp()
return
} else if plen < 1 {
sendErrResp()
return fmt.Errorf("password with 0 length")
}
passwd := make([]byte, plen)
if _, err = io.ReadFull(req.conn, passwd); err != nil {
sendErrResp()
return
}
req.Auth.Uname = uname
req.Auth.Passwd = passwd
resp := []byte{authRFC1929Ver, authRFC1929Success}
_, err = req.conn.Write(resp[:])
return
}

262
socks_server_chain.go
Unescape View File

@ -0,0 +1,262 @@
package main
import (
"io"
"net"
"os"
"sync"
"github.com/subgraph/fw-daemon/socks5"
"github.com/subgraph/go-procsnitch"
"strconv"
)
type socksChainConfig struct {
TargetSocksNet string
TargetSocksAddr string
ListenSocksNet string
ListenSocksAddr string
}
type socksChain struct {
cfg *socksChainConfig
fw *Firewall
listener net.Listener
wg *sync.WaitGroup
procInfo procsnitch.ProcInfo
}
type socksChainSession struct {
cfg *socksChainConfig
clientConn net.Conn
upstreamConn net.Conn
req *socks5.Request
bndAddr *socks5.Address
optData []byte
procInfo procsnitch.ProcInfo
server *socksChain
}
const (
socksVerdictDrop = 1
socksVerdictAccept = 2
)
type pendingSocksConnection struct {
pol *Policy
hname string
destIP net.IP
destPort uint16
pinfo *procsnitch.Info
verdict chan int
}
func (sc *pendingSocksConnection) policy() *Policy {
return sc.pol
}
func (sc *pendingSocksConnection) procInfo() *procsnitch.Info {
return sc.pinfo
}
func (sc *pendingSocksConnection) hostname() string {
return sc.hname
}
func (sc *pendingSocksConnection) dst() net.IP {
return sc.destIP
}
func (sc *pendingSocksConnection) dstPort() uint16 {
return sc.destPort
}
func (sc *pendingSocksConnection) deliverVerdict(v int) {
sc.verdict <- v
close(sc.verdict)
}
func (sc *pendingSocksConnection) accept() { sc.deliverVerdict(socksVerdictAccept) }
func (sc *pendingSocksConnection) drop() { sc.deliverVerdict(socksVerdictDrop) }
func (sc *pendingSocksConnection) print() string { return "socks connection" }
func NewSocksChain(cfg *socksChainConfig, wg *sync.WaitGroup, fw *Firewall) *socksChain {
chain := socksChain{
cfg: cfg,
fw: fw,
wg: wg,
procInfo: procsnitch.SystemProcInfo{},
}
return &chain
}
// Start initializes the SOCKS 5 server and starts
// accepting connections.
func (s *socksChain) start() {
var err error
s.listener, err = net.Listen(s.cfg.ListenSocksNet, s.cfg.ListenSocksAddr)
if err != nil {
log.Errorf("ERR/socks: Failed to listen on the socks address: %v", err)
os.Exit(1)
}
s.wg.Add(1)
go s.socksAcceptLoop()
}
func (s *socksChain) socksAcceptLoop() error {
defer s.wg.Done()
defer s.listener.Close()
for {
conn, err := s.listener.Accept()
if err != nil {
if e, ok := err.(net.Error); ok && !e.Temporary() {
log.Infof("ERR/socks: Failed to Accept(): %v", err)
return err
}
continue
}
session := &socksChainSession{cfg: s.cfg, clientConn: conn, procInfo: s.procInfo, server: s}
go session.sessionWorker()
}
}
func (c *socksChainSession) sessionWorker() {
defer c.clientConn.Close()
clientAddr := c.clientConn.RemoteAddr()
log.Infof("INFO/socks: New connection from: %v", clientAddr)
// Do the SOCKS handshake with the client, and read the command.
var err error
if c.req, err = socks5.Handshake(c.clientConn); err != nil {
log.Infof("ERR/socks: Failed SOCKS5 handshake: %v", err)
return
}
switch c.req.Cmd {
case socks5.CommandTorResolve, socks5.CommandTorResolvePTR:
err = c.dispatchTorSOCKS()
// If we reach here, the request has been dispatched and completed.
if err == nil {
// Successfully even, send the response back with the addresc.
c.req.ReplyAddr(socks5.ReplySucceeded, c.bndAddr)
}
case socks5.CommandConnect:
if !c.filterConnect() {
c.req.Reply(socks5.ReplyConnectionRefused)
return
}
c.handleConnect()
default:
// Should *NEVER* happen, validated as part of handshake.
log.Infof("BUG/socks: Unsupported SOCKS command: 0x%02x", c.req.Cmd)
c.req.Reply(socks5.ReplyCommandNotSupported)
}
}
func (c *socksChainSession) addressDetails() (string, net.IP, uint16) {
addr := c.req.Addr
host, pstr := addr.HostPort()
port, err := strconv.ParseUint(pstr, 10, 16)
if err != nil || port == 0 || port > 0xFFFF {
log.Warningf("Illegal port value in socks address: %v", addr)
return "", nil, 0
}
if addr.Type() == 3 {
return host, nil, uint16(port)
}
ip := net.ParseIP(host)
if ip == nil {
log.Warningf("Failed to extract address information from socks address: %v", addr)
}
return "", ip, uint16(port)
}
func (c *socksChainSession) filterConnect() bool {
pinfo := procsnitch.FindProcessForConnection(c.clientConn, c.procInfo)
if pinfo == nil {
log.Warningf("No proc found for connection from: %s", c.clientConn.RemoteAddr())
return false
}
policy := c.server.fw.PolicyForPath(pinfo.ExePath)
hostname, ip, port := c.addressDetails()
if ip == nil && hostname == "" {
return false
}
result := policy.rules.filter(ip, port, hostname, pinfo)
switch result {
case FILTER_DENY:
return false
case FILTER_ALLOW:
return true
case FILTER_PROMPT:
pending := &pendingSocksConnection{
pol: policy,
hname: hostname,
destIP: ip,
destPort: port,
pinfo: pinfo,
verdict: make(chan int),
}
policy.processPromptResult(pending)
v := <-pending.verdict
if v == socksVerdictAccept {
return true
}
}
return false
}
func (c *socksChainSession) handleConnect() {
err := c.dispatchTorSOCKS()
if err != nil {
return
}
c.req.Reply(socks5.ReplySucceeded)
defer c.upstreamConn.Close()
if c.optData != nil {
if _, err = c.upstreamConn.Write(c.optData); err != nil {
log.Infof("ERR/socks: Failed writing OptData: %v", err)
return
}
c.optData = nil
}
// A upstream connection has been established, push data back and forth
// till the session is done.
c.forwardTraffic()
log.Infof("INFO/socks: Closed SOCKS connection from: %v", c.clientConn.RemoteAddr())
}
func (c *socksChainSession) forwardTraffic() {
var wg sync.WaitGroup
wg.Add(2)
copyLoop := func(dst, src net.Conn) {
defer wg.Done()
defer dst.Close()
io.Copy(dst, src)
}
go copyLoop(c.upstreamConn, c.clientConn)
go copyLoop(c.clientConn, c.upstreamConn)
wg.Wait()
}
func (c *socksChainSession) dispatchTorSOCKS() (err error) {
c.upstreamConn, c.bndAddr, err = socks5.Redispatch(c.cfg.TargetSocksNet, c.cfg.TargetSocksAddr, c.req)
if err != nil {
c.req.Reply(socks5.ErrorToReplyCode(err))
}
return
}

305
socks_server_chain_test.go
Unescape View File

@ -0,0 +1,305 @@
package main
import (
"bufio"
"bytes"
"fmt"
"io"
"net"
"strings"
"sync"
"testing"
"time"
"github.com/subgraph/fw-daemon/socks5"
"golang.org/x/net/proxy"
)
// MortalService can be killed at any time.
type MortalService struct {
network string
address string
connectionCallback func(net.Conn) error
conns []net.Conn
quit chan bool
listener net.Listener
waitGroup *sync.WaitGroup
}
// NewMortalService creates a new MortalService
func NewMortalService(network, address string, connectionCallback func(net.Conn) error) *MortalService {
l := MortalService{
network: network,
address: address,
connectionCallback: connectionCallback,
conns: make([]net.Conn, 0, 10),
quit: make(chan bool),
waitGroup: &sync.WaitGroup{},
}
return &l
}
// Stop will kill our listener and all it's connections
func (l *MortalService) Stop() {
log.Infof("stopping listener service %s:%s", l.network, l.address)
close(l.quit)
if l.listener != nil {
l.listener.Close()
}
l.waitGroup.Wait()
}
func (l *MortalService) acceptLoop() {
defer l.waitGroup.Done()
defer func() {
log.Infof("stoping listener service %s:%s", l.network, l.address)
for i, conn := range l.conns {
if conn != nil {
log.Infof("Closing connection #%d", i)
conn.Close()
}
}
}()
defer l.listener.Close()
for {
conn, err := l.listener.Accept()
if nil != err {
if opErr, ok := err.(*net.OpError); ok && opErr.Timeout() {
continue
} else {
log.Infof("MortalService connection accept failure: %s\n", err)
select {
case <-l.quit:
return
default:
}
continue
}
}
l.conns = append(l.conns, conn)
go l.handleConnection(conn, len(l.conns)-1)
}
}
func (l *MortalService) createDeadlinedListener() error {
if l.network == "tcp" {
tcpAddr, err := net.ResolveTCPAddr("tcp", l.address)
if err != nil {
return fmt.Errorf("MortalService.createDeadlinedListener %s %s failure: %s", l.network, l.address, err)
}
tcpListener, err := net.ListenTCP("tcp", tcpAddr)
if err != nil {
return fmt.Errorf("MortalService.createDeadlinedListener %s %s failure: %s", l.network, l.address, err)
}
tcpListener.SetDeadline(time.Now().Add(1e9))
l.listener = tcpListener
return nil
} else if l.network == "unix" {
unixAddr, err := net.ResolveUnixAddr("unix", l.address)
if err != nil {
return fmt.Errorf("MortalService.createDeadlinedListener %s %s failure: %s", l.network, l.address, err)
}
unixListener, err := net.ListenUnix("unix", unixAddr)
if err != nil {
return fmt.Errorf("MortalService.createDeadlinedListener %s %s failure: %s", l.network, l.address, err)
}
unixListener.SetDeadline(time.Now().Add(1e9))
l.listener = unixListener
return nil
} else {
panic("")
}
return nil
}
// Start the MortalService
func (l *MortalService) Start() error {
var err error
err = l.createDeadlinedListener()
if err != nil {
return err
}
l.waitGroup.Add(1)
go l.acceptLoop()
return nil
}
func (l *MortalService) handleConnection(conn net.Conn, id int) error {
defer func() {
log.Infof("Closing connection #%d", id)
conn.Close()
l.conns[id] = nil
}()
log.Infof("Starting connection #%d", id)
for {
if err := l.connectionCallback(conn); err != nil {
log.Error(err.Error())
return err
}
return nil
}
}
type AccumulatingService struct {
net, address string
banner string
buffer bytes.Buffer
mortalService *MortalService
hasProtocolInfo bool
hasAuthenticate bool
receivedChan chan bool
}
func NewAccumulatingService(net, address, banner string) *AccumulatingService {
l := AccumulatingService{
net: net,
address: address,
banner: banner,
hasProtocolInfo: true,
hasAuthenticate: true,
receivedChan: make(chan bool, 0),
}
return &l
}
func (a *AccumulatingService) Start() {
a.mortalService = NewMortalService(a.net, a.address, a.SessionWorker)
a.mortalService.Start()
}
func (a *AccumulatingService) Stop() {
fmt.Println("AccumulatingService STOP")
a.mortalService.Stop()
}
func (a *AccumulatingService) WaitUntilReceived() {
<-a.receivedChan
}
func (a *AccumulatingService) SessionWorker(conn net.Conn) error {
connReader := bufio.NewReader(conn)
conn.Write([]byte(a.banner))
for {
line, err := connReader.ReadBytes('\n')
if err != nil {
fmt.Printf("AccumulatingService read error: %s\n", err)
}
lineStr := strings.TrimSpace(string(line))
a.buffer.WriteString(lineStr + "\n")
a.receivedChan <- true
}
return nil
}
func fakeSocksSessionWorker(clientConn net.Conn, targetNet, targetAddr string) error {
defer clientConn.Close()
clientAddr := clientConn.RemoteAddr()
fmt.Printf("INFO/socks: New connection from: %v\n", clientAddr)
// Do the SOCKS handshake with the client, and read the command.
req, err := socks5.Handshake(clientConn)
if err != nil {
panic(fmt.Sprintf("ERR/socks: Failed SOCKS5 handshake: %v", err))
}
var upstreamConn net.Conn
upstreamConn, err = net.Dial(targetNet, targetAddr)
if err != nil {
panic(err)
}
defer upstreamConn.Close()
req.Reply(socks5.ReplySucceeded)
// A upstream connection has been established, push data back and forth
// till the session is done.
var wg sync.WaitGroup
wg.Add(2)
copyLoop := func(dst, src net.Conn) {
defer wg.Done()
defer dst.Close()
io.Copy(dst, src)
}
go copyLoop(upstreamConn, clientConn)
go copyLoop(clientConn, upstreamConn)
wg.Wait()
fmt.Printf("INFO/socks: Closed SOCKS connection from: %v\n", clientAddr)
return nil
}
func TestSocksServerProxyChain(t *testing.T) {
// socks client ---> socks chain ---> socks server ---> service
socksChainNet := "tcp"
socksChainAddr := "127.0.0.1:7750"
socksServerNet := "tcp"
socksServerAddr := "127.0.0.1:8850"
serviceNet := "tcp"
serviceAddr := "127.0.0.1:9950"
banner := "meow 123\r\n"
// setup the service listener
service := NewAccumulatingService(serviceNet, serviceAddr, banner)
service.Start()
defer service.Stop()
// setup the "socks server"
session := func(clientConn net.Conn) error {
return fakeSocksSessionWorker(clientConn, serviceNet, serviceAddr)
}
socksService := NewMortalService(socksServerNet, socksServerAddr, session)
socksService.Start()
defer socksService.Stop()
// setup the SOCKS proxy chain
socksConfig := socksChainConfig{
TargetSocksNet: socksServerNet,
TargetSocksAddr: socksServerAddr,
ListenSocksNet: socksChainNet,
ListenSocksAddr: socksChainAddr,
}
wg := sync.WaitGroup{}
ds := dbusServer{}
chain := NewSocksChain(&socksConfig, &wg, &ds)
chain.start()
// setup the SOCKS client
auth := proxy.Auth{
User: "",
Password: "",
}
forward := proxy.NewPerHost(proxy.Direct, proxy.Direct)
socksClient, err := proxy.SOCKS5(socksChainNet, socksChainAddr, &auth, forward)
conn, err := socksClient.Dial(serviceNet, serviceAddr)
if err != nil {
panic(err)
}
// read a banner from the service
rd := bufio.NewReader(conn)
line := []byte{}
line, err = rd.ReadBytes('\n')
if err != nil {
panic(err)
}
if string(line) != banner {
t.Errorf("Did not receive expected banner. Got %s, wanted %s\n", string(line), banner)
t.Fail()
}
// send the service some data and verify it was received
clientData := "hello world\r\n"
conn.Write([]byte(clientData))
service.WaitUntilReceived()
if service.buffer.String() != strings.TrimSpace(clientData)+"\n" {
t.Errorf("Client sent %s but service only received %s\n", "hello world\n", service.buffer.String())
t.Fail()
}
}

0
Godeps/_workspace/src/github.com/godbus/dbus/CONTRIBUTING.md → vendor/github.com/godbus/dbus/CONTRIBUTING.md generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/LICENSE → vendor/github.com/godbus/dbus/LICENSE generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/MAINTAINERS → vendor/github.com/godbus/dbus/MAINTAINERS generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/README.markdown → vendor/github.com/godbus/dbus/README.markdown generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/auth.go → vendor/github.com/godbus/dbus/auth.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/auth_external.go → vendor/github.com/godbus/dbus/auth_external.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/auth_sha1.go → vendor/github.com/godbus/dbus/auth_sha1.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/call.go → vendor/github.com/godbus/dbus/call.go generated vendored
Unescape View File

30
Godeps/_workspace/src/github.com/godbus/dbus/conn.go → vendor/github.com/godbus/dbus/conn.go generated vendored
Unescape View File

@ -16,6 +16,7 @@ var (
systemBusLck sync.Mutex
sessionBus *Conn
sessionBusLck sync.Mutex
sessionEnvLck sync.Mutex
)
// ErrClosed is the error returned by calls on a closed connection.
@ -53,8 +54,9 @@ type Conn struct {
closed bool
outLck sync.RWMutex
signals []chan<- *Signal
signalsLck sync.Mutex
signals []chan<- *Signal
signalsClosed bool
signalsLck sync.Mutex
eavesdropped chan<- *Message
eavesdroppedLck sync.Mutex
@ -91,6 +93,8 @@ func SessionBus() (conn *Conn, err error) {
// SessionBusPrivate returns a new private connection to the session bus.
func SessionBusPrivate() (*Conn, error) {
sessionEnvLck.Lock()
defer sessionEnvLck.Unlock()
address := os.Getenv("DBUS_SESSION_BUS_ADDRESS")
if address != "" && address != "autolaunch:" {
return Dial(address)
@ -186,6 +190,7 @@ func (conn *Conn) Close() error {
conn.closed = true
conn.outLck.Unlock()
conn.signalsLck.Lock()
conn.signalsClosed = true
for _, ch := range conn.signals {
close(ch)
}
@ -338,6 +343,10 @@ func (conn *Conn) inWorker() {
Body: msg.Body,
}
conn.signalsLck.Lock()
if conn.signalsClosed {
conn.signalsLck.Unlock()
return
}
for _, ch := range conn.signals {
ch <- signal
}
@ -621,16 +630,11 @@ func dereferenceAll(vs []interface{}) []interface{} {
// getKey gets a key from a the list of keys. Returns "" on error / not found...
func getKey(s, key string) string {
i := strings.Index(s, key)
if i == -1 {
return ""
}
if i+len(key)+1 >= len(s) || s[i+len(key)] != '=' {
return ""
}
j := strings.Index(s, ",")
if j == -1 {
j = len(s)
for _, keyEqualsValue := range strings.Split(s, ",") {
keyValue := strings.SplitN(keyEqualsValue, "=", 2)
if len(keyValue) == 2 && keyValue[0] == key {
return keyValue[1]
}
}
return s[i+len(key)+1 : j]
return ""
}

0
Godeps/_workspace/src/github.com/godbus/dbus/conn_darwin.go → vendor/github.com/godbus/dbus/conn_darwin.go generated vendored
Unescape View File

6
Godeps/_workspace/src/github.com/godbus/dbus/conn_other.go → vendor/github.com/godbus/dbus/conn_other.go generated vendored
Unescape View File

@ -5,6 +5,7 @@ package dbus
import (
"bytes"
"errors"
"os"
"os/exec"
)
@ -23,5 +24,8 @@ func sessionBusPlatform() (*Conn, error) {
return nil, errors.New("dbus: couldn't determine address of session bus")
}
return Dial(string(b[i+1 : j]))
env, addr := string(b[0:i]), string(b[i+1:j])
os.Setenv(env, addr)
return Dial(addr)
}

0
Godeps/_workspace/src/github.com/godbus/dbus/dbus.go → vendor/github.com/godbus/dbus/dbus.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/decoder.go → vendor/github.com/godbus/dbus/decoder.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/doc.go → vendor/github.com/godbus/dbus/doc.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/encoder.go → vendor/github.com/godbus/dbus/encoder.go generated vendored
Unescape View File

23
Godeps/_workspace/src/github.com/godbus/dbus/export.go → vendor/github.com/godbus/dbus/export.go generated vendored
Unescape View File

@ -1,6 +1,7 @@
package dbus
import (
"bytes"
"errors"
"fmt"
"reflect"
@ -126,6 +127,28 @@ func (conn *Conn) handleCall(msg *Message) {
conn.sendError(errmsgUnknownMethod, sender, serial)
}
return
} else if ifaceName == "org.freedesktop.DBus.Introspectable" && name == "Introspect" {
if _, ok := conn.handlers[path]; !ok {
subpath := make(map[string]struct{})
var xml bytes.Buffer
xml.WriteString("<node>")
for h, _ := range conn.handlers {
p := string(path)
if p != "/" {
p += "/"
}
if strings.HasPrefix(string(h), p) {
node_name := strings.Split(string(h[len(p):]), "/")[0]
subpath[node_name] = struct{}{}
}
}
for s, _ := range subpath {
xml.WriteString("\n\t<node name=\"" + s + "\"/>")
}
xml.WriteString("\n</node>")
conn.sendReply(sender, serial, xml.String())
return
}
}
if len(name) == 0 {
conn.sendError(errmsgUnknownMethod, sender, serial)

0
Godeps/_workspace/src/github.com/godbus/dbus/homedir.go → vendor/github.com/godbus/dbus/homedir.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/homedir_dynamic.go → vendor/github.com/godbus/dbus/homedir_dynamic.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/homedir_static.go → vendor/github.com/godbus/dbus/homedir_static.go generated vendored
Unescape View File

2
Godeps/_workspace/src/github.com/godbus/dbus/introspect/call.go → vendor/github.com/godbus/dbus/introspect/call.go generated vendored
Unescape View File

@ -2,7 +2,7 @@ package introspect
import (
"encoding/xml"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/godbus/dbus"
"github.com/godbus/dbus"
"strings"
)

0
Godeps/_workspace/src/github.com/godbus/dbus/introspect/introspect.go → vendor/github.com/godbus/dbus/introspect/introspect.go generated vendored
Unescape View File

2
Godeps/_workspace/src/github.com/godbus/dbus/introspect/introspectable.go → vendor/github.com/godbus/dbus/introspect/introspectable.go generated vendored
Unescape View File

@ -2,7 +2,7 @@ package introspect
import (
"encoding/xml"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/godbus/dbus"
"github.com/godbus/dbus"
"reflect"
"strings"
)

9
Godeps/_workspace/src/github.com/godbus/dbus/message.go → vendor/github.com/godbus/dbus/message.go generated vendored
Unescape View File

@ -22,6 +22,13 @@ const (
// FlagNoAutoStart signals that the message bus should not automatically
// start an application when handling this message.
FlagNoAutoStart
// FlagAllowInteractiveAuthorization may be set on a method call
// message to inform the receiving side that the caller is prepared
// to wait for interactive authorization, which might take a
// considerable time to complete. For instance, if this flag is set,
// it would be appropriate to query the user for passwords or
// confirmation via Polkit or a similar framework.
FlagAllowInteractiveAuthorization
)
// Type represents the possible types of a D-Bus message.
@ -248,7 +255,7 @@ func (msg *Message) EncodeTo(out io.Writer, order binary.ByteOrder) error {
// IsValid checks whether msg is a valid message and returns an
// InvalidMessageError if it is not.
func (msg *Message) IsValid() error {
if msg.Flags & ^(FlagNoAutoStart|FlagNoReplyExpected) != 0 {
if msg.Flags & ^(FlagNoAutoStart|FlagNoReplyExpected|FlagAllowInteractiveAuthorization) != 0 {
return InvalidMessageError("invalid flags")
}
if msg.Type == 0 || msg.Type >= typeMax {

0
Godeps/_workspace/src/github.com/godbus/dbus/object.go → vendor/github.com/godbus/dbus/object.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/sig.go → vendor/github.com/godbus/dbus/sig.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/transport_darwin.go → vendor/github.com/godbus/dbus/transport_darwin.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/transport_generic.go → vendor/github.com/godbus/dbus/transport_generic.go generated vendored
Unescape View File

43
vendor/github.com/godbus/dbus/transport_tcp.go generated vendored
Unescape View File

@ -0,0 +1,43 @@
//+build !windows
package dbus
import (
"errors"
"net"
)
func init() {
transports["tcp"] = newTcpTransport
}
func tcpFamily(keys string) (string, error) {
switch getKey(keys, "family") {
case "":
return "tcp", nil
case "ipv4":
return "tcp4", nil
case "ipv6":
return "tcp6", nil
default:
return "", errors.New("dbus: invalid tcp family (must be ipv4 or ipv6)")
}
}
func newTcpTransport(keys string) (transport, error) {
host := getKey(keys, "host")
port := getKey(keys, "port")
if host == "" || port == "" {
return nil, errors.New("dbus: unsupported address (must set host and port)")
}
protocol, err := tcpFamily(keys)
if err != nil {
return nil, err
}
socket, err := net.Dial(protocol, net.JoinHostPort(host, port))
if err != nil {
return nil, err
}
return NewConn(socket)
}

0
Godeps/_workspace/src/github.com/godbus/dbus/transport_unix.go → vendor/github.com/godbus/dbus/transport_unix.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/transport_unixcred_dragonfly.go → vendor/github.com/godbus/dbus/transport_unixcred_dragonfly.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/transport_unixcred_linux.go → vendor/github.com/godbus/dbus/transport_unixcred_linux.go generated vendored
Unescape View File

14
vendor/github.com/godbus/dbus/transport_unixcred_openbsd.go generated vendored
Unescape View File

@ -0,0 +1,14 @@
package dbus
import "io"
func (t *unixTransport) SendNullByte() error {
n, _, err := t.UnixConn.WriteMsgUnix([]byte{0}, nil, nil)
if err != nil {
return err
}
if n != 1 {
return io.ErrShortWrite
}
return nil
}

0
Godeps/_workspace/src/github.com/godbus/dbus/variant.go → vendor/github.com/godbus/dbus/variant.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/variant_lexer.go → vendor/github.com/godbus/dbus/variant_lexer.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/godbus/dbus/variant_parser.go → vendor/github.com/godbus/dbus/variant_parser.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/LICENSE → vendor/github.com/gotk3/gotk3/LICENSE generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/cairo/antialias.go → vendor/github.com/gotk3/gotk3/cairo/antialias.go generated vendored
Unescape View File

2
Godeps/_workspace/src/github.com/gotk3/gotk3/cairo/cairo.go → vendor/github.com/gotk3/gotk3/cairo/cairo.go generated vendored
Unescape View File

@ -26,7 +26,7 @@ import "C"
import (
"unsafe"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/gotk3/gotk3/glib"
"github.com/gotk3/gotk3/glib"
)
func init() {

0
Godeps/_workspace/src/github.com/gotk3/gotk3/cairo/canvas.go → vendor/github.com/gotk3/gotk3/cairo/canvas.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/cairo/errors.go → vendor/github.com/gotk3/gotk3/cairo/errors.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/cairo/fillrule.go → vendor/github.com/gotk3/gotk3/cairo/fillrule.go generated vendored
Unescape View File

28
vendor/github.com/gotk3/gotk3/cairo/format.go generated vendored
Unescape View File

@ -0,0 +1,28 @@
package cairo
// #cgo pkg-config: cairo cairo-gobject
// #include <stdlib.h>
// #include <cairo.h>
// #include <cairo-gobject.h>
import "C"
import (
"unsafe"
)
// Format is a representation of Cairo's cairo_format_t.
type Format int
const (
FORMAT_INVALID Format = C.CAIRO_FORMAT_INVALID
FORMAT_ARGB32 Format = C.CAIRO_FORMAT_ARGB32
FORMAT_RGB24 Format = C.CAIRO_FORMAT_RGB24
FORMAT_A8 Format = C.CAIRO_FORMAT_A8
FORMAT_A1 Format = C.CAIRO_FORMAT_A1
FORMAT_RGB16_565 Format = C.CAIRO_FORMAT_RGB16_565
FORMAT_RGB30 Format = C.CAIRO_FORMAT_RGB30
)
func marshalFormat(p uintptr) (interface{}, error) {
c := C.g_value_get_enum((*C.GValue)(unsafe.Pointer(p)))
return Format(c), nil
}

0
Godeps/_workspace/src/github.com/gotk3/gotk3/cairo/linecap.go → vendor/github.com/gotk3/gotk3/cairo/linecap.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/cairo/linejoin.go → vendor/github.com/gotk3/gotk3/cairo/linejoin.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/cairo/mimetype.go → vendor/github.com/gotk3/gotk3/cairo/mimetype.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/cairo/operator.go → vendor/github.com/gotk3/gotk3/cairo/operator.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/cairo/status.go → vendor/github.com/gotk3/gotk3/cairo/status.go generated vendored
Unescape View File

9
Godeps/_workspace/src/github.com/gotk3/gotk3/cairo/surface.go → vendor/github.com/gotk3/gotk3/cairo/surface.go generated vendored
Unescape View File

@ -39,6 +39,15 @@ func NewSurfaceFromPNG(fileName string) (*Surface, error) {
return &Surface{surfaceNative}, nil
}
// CreateImageSurface is a wrapper around cairo_image_surface_create().
func CreateImageSurface(format Format, width, height int) *Surface {
c := C.cairo_image_surface_create(C.cairo_format_t(format),
C.int(width), C.int(height))
s := wrapSurface(c)
runtime.SetFinalizer(s, (*Surface).destroy)
return s
}
// native returns a pointer to the underlying cairo_surface_t.
func (v *Surface) native() *C.cairo_surface_t {
if v == nil {

0
Godeps/_workspace/src/github.com/gotk3/gotk3/cairo/surfacetype.go → vendor/github.com/gotk3/gotk3/cairo/surfacetype.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/cairo/text.go → vendor/github.com/gotk3/gotk3/cairo/text.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/cairo/translations.go → vendor/github.com/gotk3/gotk3/cairo/translations.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/cairo/util.go → vendor/github.com/gotk3/gotk3/cairo/util.go generated vendored
Unescape View File

36
Godeps/_workspace/src/github.com/gotk3/gotk3/gdk/gdk.go → vendor/github.com/gotk3/gotk3/gdk/gdk.go generated vendored
Unescape View File

@ -28,7 +28,7 @@ import (
"strconv"
"unsafe"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/gotk3/gotk3/glib"
"github.com/gotk3/gotk3/glib"
)
func init() {
@ -1077,6 +1077,29 @@ func (v *EventScroll) Type() EventType {
return EventType(c)
}
func (v *EventScroll) Direction() ScrollDirection {
c := v.native().direction
return ScrollDirection(c)
}
/*
* GdkGravity
*/
type GdkGravity int
const (
GDK_GRAVITY_NORTH_WEST = C.GDK_GRAVITY_NORTH_WEST
GDK_GRAVITY_NORTH = C.GDK_GRAVITY_NORTH
GDK_GRAVITY_NORTH_EAST = C.GDK_GRAVITY_NORTH_EAST
GDK_GRAVITY_WEST = C.GDK_GRAVITY_WEST
GDK_GRAVITY_CENTER = C.GDK_GRAVITY_CENTER
GDK_GRAVITY_EAST = C.GDK_GRAVITY_EAST
GDK_GRAVITY_SOUTH_WEST = C.GDK_GRAVITY_SOUTH_WEST
GDK_GRAVITY_SOUTH = C.GDK_GRAVITY_SOUTH
GDK_GRAVITY_SOUTH_EAST = C.GDK_GRAVITY_SOUTH_EAST
GDK_GRAVITY_STATIC = C.GDK_GRAVITY_STATIC
)
/*
* GdkPixbuf
*/
@ -1517,6 +1540,17 @@ type Rectangle struct {
GdkRectangle C.GdkRectangle
}
func WrapRectangle(p uintptr) *Rectangle {
return wrapRectangle((*C.GdkRectangle)(unsafe.Pointer(p)))
}
func wrapRectangle(obj *C.GdkRectangle) *Rectangle {
if obj == nil {
return nil
}
return &Rectangle{*obj}
}
// Native() returns a pointer to the underlying GdkRectangle.
func (r *Rectangle) native() *C.GdkRectangle {
return &r.GdkRectangle

0
Godeps/_workspace/src/github.com/gotk3/gotk3/gdk/gdk.go.h → vendor/github.com/gotk3/gotk3/gdk/gdk.go.h generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/gdk/gdk_3_6-8.go → vendor/github.com/gotk3/gotk3/gdk/gdk_3_6-8.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/gdk/gdk_deprecated_since_3_16.go → vendor/github.com/gotk3/gotk3/gdk/gdk_deprecated_since_3_16.go generated vendored
Unescape View File

2279
vendor/github.com/gotk3/gotk3/gdk/keys.go generated vendored
View File

File diff suppressed because it is too large Load Diff

2
Godeps/_workspace/src/github.com/gotk3/gotk3/gdk/screen.go → vendor/github.com/gotk3/gotk3/gdk/screen.go generated vendored
Unescape View File

@ -8,7 +8,7 @@ import (
"runtime"
"unsafe"
"github.com/subgraph/fw-daemon/Godeps/_workspace/src/github.com/gotk3/gotk3/glib"
"github.com/gotk3/gotk3/glib"
)
/*

0
Godeps/_workspace/src/github.com/gotk3/gotk3/gdk/screen_no_x11.go → vendor/github.com/gotk3/gotk3/gdk/screen_no_x11.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/gdk/screen_x11.go → vendor/github.com/gotk3/gotk3/gdk/screen_x11.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/gdk/window_no_x11.go → vendor/github.com/gotk3/gotk3/gdk/window_no_x11.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/gdk/window_x11.go → vendor/github.com/gotk3/gotk3/gdk/window_x11.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/glib/application.go → vendor/github.com/gotk3/gotk3/glib/application.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/glib/connect.go → vendor/github.com/gotk3/gotk3/glib/connect.go generated vendored
Unescape View File

8
Godeps/_workspace/src/github.com/gotk3/gotk3/glib/glib.go → vendor/github.com/gotk3/gotk3/glib/glib.go generated vendored
Unescape View File

@ -1333,3 +1333,11 @@ func InitI18n(domain string, dir string) {
C.init_i18n(domainStr, dirStr)
}
// Local localizes a string using gettext
func Local(input string) string {
cstr := C.CString(input)
defer C.free(unsafe.Pointer(cstr))
return C.GoString(C.localize(cstr))
}

328
Godeps/_workspace/src/github.com/gotk3/gotk3/glib/glib.go.h → vendor/github.com/gotk3/gotk3/glib/glib.go.h generated vendored
Unescape View File

@ -1,166 +1,180 @@
/*
* Copyright (c) 2013-2014 Conformal Systems <info@conformal.com>
*
* This file originated from: http://opensource.conformal.com/
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* Copyright (c) 2013-2014 Conformal Systems <info@conformal.com>
*
* This file originated from: http://opensource.conformal.com/
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef __GLIB_GO_H__
#define __GLIB_GO_H__
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
#include <gio/gio.h>
#define G_SETTINGS_ENABLE_BACKEND
#include <gio/gsettingsbackend.h>
#include <glib.h>
#include <glib-object.h>
#include <glib/gi18n.h>
#include <locale.h>
/* GObject Type Casting */
static GObject *
toGObject(void *p)
{
return (G_OBJECT(p));
}
static GMenuModel *
toGMenuModel(void *p)
{
return (G_MENU_MODEL(p));
}
static GMenu *
toGMenu(void *p)
{
return (G_MENU(p));
}
static GMenuItem *
toGMenuItem(void *p)
{
return (G_MENU_ITEM(p));
}
static GNotification *
toGNotification(void *p)
{
return (G_NOTIFICATION(p));
}
static GApplication *
toGApplication(void *p)
{
return (G_APPLICATION(p));
}
static GType
_g_type_from_instance(gpointer instance)
{
return (G_TYPE_FROM_INSTANCE(instance));
}
/* Wrapper to avoid variable arg list */
static void
_g_object_set_one(gpointer object, const gchar *property_name, void *val)
{
g_object_set(object, property_name, *(gpointer **)val, NULL);
}
static GValue *
alloc_gvalue_list(int n)
{
GValue *valv;
valv = g_new0(GValue, n);
return (valv);
}
static void
val_list_insert(GValue *valv, int i, GValue *val)
{
valv[i] = *val;
}
/*
* GValue
*/
static GValue *
_g_value_alloc()
{
return (g_new0(GValue, 1));
}
static GValue *
_g_value_init(GType g_type)
{
GValue *value;
value = g_new0(GValue, 1);
return (g_value_init(value, g_type));
}
static gboolean
_g_is_value(GValue *val)
{
return (G_IS_VALUE(val));
}
static GType
_g_value_type(GValue *val)
{
return (G_VALUE_TYPE(val));
}
static GType
_g_value_fundamental(GType type)
{
return (G_TYPE_FUNDAMENTAL(type));
}
static GObjectClass *
_g_object_get_class (GObject *object)
{
return (G_OBJECT_GET_CLASS(object));
}
/*
* Closure support
*/
extern void goMarshal(GClosure *, GValue *, guint, GValue *, gpointer, GValue *);
static GClosure *
_g_closure_new()
{
GClosure *closure;
closure = g_closure_new_simple(sizeof(GClosure), NULL);
g_closure_set_marshal(closure, (GClosureMarshal)(goMarshal));
return (closure);
}
extern void removeClosure(gpointer, GClosure *);
static void
_g_closure_add_finalize_notifier(GClosure *closure)
{
g_closure_add_finalize_notifier(closure, NULL, removeClosure);
}
/* GObject Type Casting */
static GObject *
toGObject(void *p)
{
return (G_OBJECT(p));
}
static GMenuModel *
toGMenuModel(void *p)
{
return (G_MENU_MODEL(p));
}
static GMenu *
toGMenu(void *p)
{
return (G_MENU(p));
}
static GMenuItem *
toGMenuItem(void *p)
{
return (G_MENU_ITEM(p));
}
static GNotification *
toGNotification(void *p)
{
return (G_NOTIFICATION(p));
}
static GApplication *
toGApplication(void *p)
{
return (G_APPLICATION(p));
}
static GSettings *
toGSettings(void *p)
{
return (G_SETTINGS(p));
}
static GSettingsBackend *
toGSettingsBackend(void *p)
{
return (G_SETTINGS_BACKEND(p));
}
static GType
_g_type_from_instance(gpointer instance)
{
return (G_TYPE_FROM_INSTANCE(instance));
}
/* Wrapper to avoid variable arg list */
static void
_g_object_set_one(gpointer object, const gchar *property_name, void *val)
{
g_object_set(object, property_name, *(gpointer **)val, NULL);
}
static GValue *
alloc_gvalue_list(int n)
{
GValue *valv;
valv = g_new0(GValue, n);
return (valv);
}
static void
val_list_insert(GValue *valv, int i, GValue *val)
{
valv[i] = *val;
}
/*
* GValue
*/
static GValue *
_g_value_alloc()
{
return (g_new0(GValue, 1));
}
static GValue *
_g_value_init(GType g_type)
{
GValue *value;
value = g_new0(GValue, 1);
return (g_value_init(value, g_type));
}
static gboolean
_g_is_value(GValue *val)
{
return (G_IS_VALUE(val));
}
static GType
_g_value_type(GValue *val)
{
return (G_VALUE_TYPE(val));
}
static GType
_g_value_fundamental(GType type)
{
return (G_TYPE_FUNDAMENTAL(type));
}
static GObjectClass *
_g_object_get_class (GObject *object)
{
return (G_OBJECT_GET_CLASS(object));
}
/*
* Closure support
*/
extern void goMarshal(GClosure *, GValue *, guint, GValue *, gpointer, GValue *);
static GClosure *
_g_closure_new()
{
GClosure *closure;
closure = g_closure_new_simple(sizeof(GClosure), NULL);
g_closure_set_marshal(closure, (GClosureMarshal)(goMarshal));
return (closure);
}
extern void removeClosure(gpointer, GClosure *);
static void
_g_closure_add_finalize_notifier(GClosure *closure)
{
g_closure_add_finalize_notifier(closure, NULL, removeClosure);
}
static inline guint _g_signal_new(const gchar *name) {
return g_signal_new(name,
@ -180,6 +194,10 @@ static void init_i18n(const char *domain, const char *dir) {
textdomain(domain);
}
static const char* localize(const char *string) {
return _(string);
}
static inline char** make_strings(int count) {
return (char**)malloc(sizeof(char*) * count);
}
@ -196,4 +214,6 @@ static inline void set_string(char** strings, int n, char* str) {
strings[n] = str;
}
static inline gchar** next_gcharptr(gchar** s) { return (s+1); }
#endif

0
Godeps/_workspace/src/github.com/gotk3/gotk3/glib/glib_extension.go → vendor/github.com/gotk3/gotk3/glib/glib_extension.go generated vendored
Unescape View File

32
vendor/github.com/gotk3/gotk3/glib/gmain_context.go generated vendored
Unescape View File

@ -0,0 +1,32 @@
package glib
// #cgo pkg-config: glib-2.0 gobject-2.0 gio-2.0
// #include <gio/gio.h>
// #include <glib.h>
// #include <glib-object.h>
// #include "glib.go.h"
import "C"
type MainContext C.GMainContext
// native returns a pointer to the underlying GMainContext.
func (v *MainContext) native() *C.GMainContext {
if v == nil {
return nil
}
return (*C.GMainContext)(v)
}
// MainContextDefault is a wrapper around g_main_context_default().
func MainContextDefault() *MainContext {
c := C.g_main_context_default()
if c == nil {
return nil
}
return (*MainContext)(c)
}
// MainDepth is a wrapper around g_main_depth().
func MainDepth() int {
return int(C.g_main_depth())
}

27
vendor/github.com/gotk3/gotk3/glib/gsource.go generated vendored
Unescape View File

@ -0,0 +1,27 @@
package glib
// #cgo pkg-config: glib-2.0 gobject-2.0 gio-2.0
// #include <gio/gio.h>
// #include <glib.h>
// #include <glib-object.h>
// #include "glib.go.h"
import "C"
type Source C.GSource
// native returns a pointer to the underlying GSource.
func (v *Source) native() *C.GSource {
if v == nil {
return nil
}
return (*C.GSource)(v)
}
// MainCurrentSource is a wrapper around g_main_current_source().
func MainCurrentSource() *Source {
c := C.g_main_current_source()
if c == nil {
return nil
}
return (*Source)(c)
}

0
Godeps/_workspace/src/github.com/gotk3/gotk3/glib/gvariant.go → vendor/github.com/gotk3/gotk3/glib/gvariant.go generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/glib/gvariant.go.h → vendor/github.com/gotk3/gotk3/glib/gvariant.go.h generated vendored
Unescape View File

0
Godeps/_workspace/src/github.com/gotk3/gotk3/glib/gvariantbuilder.go → vendor/github.com/gotk3/gotk3/glib/gvariantbuilder.go generated vendored
Unescape View File

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save