matth
/
fw-daemon
mirror of https://github.com/subgraph/fw-daemon
1
1
Fork 0
Code Releases Activity

Commit Graph

  • 76b194840a experimental realms / citadel integration shw-merge dma 2018-11-16 13:14:04 -0500
  • 20c648026a additional fixes for citadel support + performance dma 2018-11-10 00:24:25 -0500
  • 04bd4ec052 starting to add realmsd integration dma 2018-11-09 14:20:13 -0500
  • 6a6f3b75e5 Experimental changes for use in citadel dma 2018-11-08 20:11:21 -0500
  • c4f2187341 Push_modal failure final... master xSmurf 2018-01-07 22:09:32 +0000
  • 9c379123e7 Push_modal failure tentative five... xSmurf 2018-01-07 20:26:12 +0000
  • 9131da5623 Push_modal failure tentative four... xSmurf 2018-01-07 15:14:52 +0000
  • a739a92eb4 Push_modal failure tentative three... xSmurf 2018-01-06 11:56:24 +0000
  • f6b8712712 Push_modal failure tentative two... xSmurf 2018-01-06 11:15:21 +0000
  • 875b7607d9 Removed some superfluous logging... xSmurf 2018-01-06 09:55:46 +0000
  • f30bd106d8 Tentative fix for push_modal fail... xSmurf 2018-01-06 09:41:56 +0000
  • 06c099b8b0 Testing fixes to TLSGuard dma 2018-01-05 22:10:36 +0000
  • 571f43158a TLSGuard fix dma 2017-11-13 03:11:47 +0000
  • 81dc903f7a Fixed destroying of keybindings... xSmurf 2018-01-05 14:11:04 +0000
  • cfaf7b84ff Integrating fw-prompt into fw-settings Updated fw-settings to reflect all recent changes Moved rule notifications to dbus signal Lots of various fixes Local changes to gtk bindings ... And so much more... xSmurf 2017-12-22 16:52:11 +0000
  • efdb9d450a Merge 683586adc9 into 9f5bdf987c #59 Matt Carroll 2017-12-18 20:36:39 +0000
  • 683586adc9 Removed spurious paxrat args #59 Matt Carroll 2017-12-18 20:23:36 +0000
  • 4231f25686 Fix mono-sgen paxrat problem Matt Carroll 2017-11-12 15:18:24 +0000
  • 61710110d2 Merge branch 'shw_dev' of ssh://github.com/subgraph/fw-daemon into shw-merge xSmurf 2017-10-22 14:15:30 +0000
  • 178d8ea272 Fix mistake in tlsguard commit dma 2017-10-18 22:52:26 +0000
  • f616f54b2c Fix TLSGuard handshake timeout issue by breaking total timeout period into one second polling intervals. shw_dev Stephen Watt 2017-10-10 23:09:59 -0400
  • 2012b070c7 Further improvements to tlsguard by uT / remove dumb debugging stuff I left in there dma 2017-10-06 23:34:52 +0000
  • 85d7d60d76 Added new SGFW DBus method RunDebugCmd() for retrieving firewall state debugging information. Eliminated heavy SGFW CPU usage due to long loop condition. Implemented much more helpful print() method for pendingSocksConnection interface. testfw program updated to show use of new debugging interface. Removed lots of noisy debug print statements (and moved many to new debugging facility). Stephen Watt 2017-10-04 00:27:06 -0400
  • d7df165517 Support for securely logging unredacted messages to sublogmon via new com.subgraph.sublogmon.Logger DBus method. Stephen Watt 2017-10-03 19:54:33 -0400
  • 96061fb18d More redaction and less noise dma 2017-10-03 04:35:45 +0000
  • 792726545e Small changes necessary to make fw-prompt a DBus autostart service. Stephen Watt 2017-10-03 00:28:08 -0400
  • 9152ff8153 Merge branch 'shw_dev' of ssh://github.com/subgraph/fw-daemon into shw-merge xSmurf 2017-10-03 01:33:55 +0000
  • 0666e9c3c7 Added firewall testing framework. Fixed simple bug in fw-prompt that accidentally disabled process scope option. Stephen Watt 2017-10-02 21:29:59 -0400
  • c61a85800f Merge... xSmurf 2017-10-02 23:02:34 +0000
  • 32983deba4 Merged with latest commits to master. Stephen Watt 2017-10-02 16:11:36 -0400
  • b6ff6c4857 Merge back... xSmurf 2017-10-01 22:50:13 +0000
  • 13d2e049c7 Quick documentation on config file params David Mirza Ahmad 2017-10-01 18:25:03 +0000
  • 372cc52f2a Clean up output dma 2017-10-01 18:07:15 +0000
  • a3e38de6e5 Reduce log noise + honor log redact config option dma 2017-10-01 17:56:27 +0000
  • 139c4a08b8 Fixes https://github.com/subgraph/fw-daemon/issues/52 + redacts logs per config dma 2017-10-01 17:56:01 +0000
  • 35e7b07e43 Proper locking to fix OzInitPids-related crash conditions. Stephen Watt 2017-09-30 20:37:14 -0400
  • 62713d74f0 AddRuleAsync DBus calls now include reference guid for proper application of "once" rules. Deletes of fw-prompt entries at root of tree now fold up the first child entry into the deleted parent entry. Fixed fw-prompt bug resulting in return of improper scope. Application name is no longer editable in fw-prompt. Icon mapping properly supported for symlinked application paths. Removed spurious warnings for valid fw-prompt removal requests. Awful hacked up fix to make icons for non-existent applications properly blank and remove GTK warnings. Removed old/deprecated Oz firewall rules routines. Stephen Watt 2017-09-30 19:55:08 -0400
  • e5dd1cb538 Merge... xSmurf 2017-09-30 20:23:16 +0000
  • 71c17675f5 TLSGuard working again, needs clean-up and testing dma 2017-09-30 18:42:31 +0000
  • b9c2e03afd Overhaul of GetPendingRequests DBus method to call AddRuleAsync multiple times instead of returning a string array. TLSGuard now handles multiple expected client and server message types. Stephen Watt 2017-09-29 18:40:24 -0400
  • bdca5d330d Disabled TLSGuard handshake rewrites and passed through resumed encrypted sessions. Stephen Watt 2017-09-29 18:02:56 -0400
  • 5ba55a2d96 Removed old/deprecated decision code. Stephen Watt 2017-09-29 17:01:36 -0400
  • 819edd1962 Consolidated code for creating new entries in fw-prompt. Stephen Watt 2017-09-29 16:53:12 -0400
  • 4f685222e1 Added application icons to fw-prompt treeview. Code cleanup (removal of lots of hardcoded values) Stephen Watt 2017-09-29 16:34:50 -0400
  • 2fb872d8ad Duplicate entries in fw-prompt are now displayed nested by changing GTK ListStore -> TreeStore Fixed bad scope returned with new rules by fw-prompt Stephen Watt 2017-09-29 15:29:12 -0400
  • ae1f6f12d0 Added (untested) fix for possibly spurious IPC crash condition. Stephen Watt 2017-09-29 11:59:48 -0400
  • 96f6e3bbe5 A bunch of "fixes" to TLSGuard that are pointless because this is a dead end. Fix of possible fw-prompt crash. Stephen Watt 2017-09-28 21:47:26 -0400
  • 4c816b2392 Solved done channel notification by creating one for both client and server connections. Stephen Watt 2017-09-28 20:37:34 -0400
  • 7279b46310 Fixed TLS extension parsing routines. Added lots of constant values to TLSGuard; general code cleanup. Stephen Watt 2017-09-28 20:30:23 -0400
  • 7472b4d828 Merged from shw_dev xSmurf 2017-09-28 20:38:51 +0000
  • 71ee1964f4 Very messy experimental extensions to TLSGuard to strip out sessions and TLS extensions in the handshake protocol. Stephen Watt 2017-09-28 15:32:34 -0400
  • ff8be65566 Added connection timestamps to firewall prompting. Disabled old synchronous RequestPrompt Dbus method in fw-prompt. fw-prompt GUI now (as originally) remains above other windows when there are pending decisions. Fixed improper traversal of pending connections in fw-prompt GUI. Consolidated redundant code blocks in fw-prompt GUI. Stephen Watt 2017-09-28 11:01:41 -0400
  • 0bda150abc Various code cleanups (still buggy/WIP). Fixed lock/race condition in fw-prompt; consolidated redundant rule action code. Started fuller TLS implementation in TLSGuard; probably broke a lot of stuff in the process. Removal/reorganization of old/stale/unused code. Stephen Watt 2017-09-27 23:35:45 -0400
  • 0d13c7bb9c *WORK IN PROGRESS*: New file descriptor monitor thread removes prompt requests if associated socket closes/dies before user reacts. fw-prompt request entries are now properly tethered to their default rule scope included by SGFW. pendingConnection now operates on prompter instead of raw DBus object. Fixed prompter bug in cycling through pending connections. Fixed inadequacies in SGFW rules parsing/error handling. go fmt. Stephen Watt 2017-09-27 16:26:59 -0400
  • 2eac4c7dc5 *Very experimental*/under-dev release of new fully asynchronous multi-prompter. New Dbus method "RequestPromptAsync" to handle "return-less" prompter invocations in fw-prompt. Proper GUI locking in fw-prompt eliminates old race/crash conditions. New DBus method "GetPendingRequests" in SGFW allows prompter to retrieve pending connections. Policies now maintain rulesPending list of unapplied asynchronously submitted FW rules from the prompter. Fixed reentrance/crash bug in UID and GID to name lookups. Stephen Watt 2017-09-26 23:13:18 -0400
  • 5f26317c44 Control prompt via full keyboard navigation... xSmurf 2017-09-26 04:00:55 +0000
  • 2f5e10d53d Merge newest branch changes with latest changes to master. Stephen Watt 2017-09-25 18:52:18 -0400
  • 2fc7525cc7 Added new RemovePrompt DBus call to complement RequestPrompt (GUID-based prompt removal). The addition of a rule matching multiple pending connections in fw-prompt now removes all of them. fw-prompter now increments ref# column for identical prompt requests. Fixed/cleaned up/updated TLSGuard code. Added TLSGuard toggle option to fw-prompt GUI (default for SOCKS connections). fw-prompt now displays icon of filtered application. DBus RequestPrompt() now "works" asynchronously. TLSGuard fixed under certain conditions but still very buggy. Fixed some fw-prompt crash conditions with treeview mutex locking. Fixed SOCKS connection panic condition linked to closed channel. Cleanup of unused data structures/values. Stephen Watt 2017-09-25 18:34:16 -0400
  • a8f61a2d4e Re-sync to master. Stephen Watt 2017-09-25 18:30:56 -0400
  • 2b7bed6fde Fmting... xSmurf 2017-09-25 20:33:32 +0000
  • fc19ebc2ef Fixed icons to passed name > sandbox name > path basename xSmurf 2017-09-25 20:31:13 +0000
  • 00aa12f140 FMT'ing some more log output... xSmurf 2017-09-25 20:06:51 +0000
  • bfa28d89da Fmt'ing some log outputs... xSmurf 2017-09-25 17:28:46 +0000
  • 7c657b9f53 Fix sandbox rule evaluation from policy file bug after fw-daemon start dma 2017-09-24 23:07:17 +0000
  • 972f733b63 fmt.. xSmurf 2017-09-24 21:53:14 +0000
  • 7d3e31a005 Read more TLS messages during handshake dma 2017-09-24 21:14:16 +0000
  • 38fabc3327 Apply rules contextually by policy defined sandbox dma 2017-09-24 18:04:44 +0000
  • c395ad85f8 Fix dumb bug where sgfw accepting DNS packet before passing to DNS processor dma 2017-09-24 16:53:55 +0000
  • ccd3792609 Fixed com.subgraph.fwprompt.EventNotifier.conf policy xSmurf 2017-09-23 03:54:49 +0000
  • fdd5e4a194 Moved com.Subgraph.fwprompt.EventNotifier.conf > com.subgraph.fwprompt.EventNotifier.conf for consistency... xSmurf 2017-09-23 03:53:41 +0000
  • 970a4c9cee Fixed rule mode in getString and save methods... xSmurf 2017-09-23 03:35:51 +0000
  • 31eb87c580 gnome-shell disabled unused connection monitor... xSmurf 2017-09-23 03:32:09 +0000
  • c209d1b376 gnome-shell fixed handling of multiple prompt requests... xSmurf 2017-09-23 03:31:33 +0000
  • 11b8ec9818 gnome-shell fmt... xSmurf 2017-09-23 03:30:22 +0000
  • c01894f35c fmt.. xSmurf 2017-09-22 20:55:22 +0000
  • 8054062418 More checks in SGFW prompt GUI to prevent accidental startup race/panic condition. Increased default max concurrent prompts in standalone prompter to 5 connections. Fixed NULL dereference crash condition from recvfrom() error in go-nfnetlink vendor dependency. Stephen Watt 2017-09-21 16:28:39 -0400
  • e3ab56486b Upgraded standalone fw-prompt for DBus compatibility with new fw-daemon. Averted potential panic issue in SOCKS5 listener. Fixed strange whole-window scrolling behavior in fw-prompt. Removed verbose debug output in fw-prompt. Stephen Watt 2017-09-21 14:31:31 -0400
  • a3fa1b1285 Slightly kludgy workaround for gtk-3.20 dependence in gtk-3.18 builds. Added SGFW_CONF environment variable for overriding default SGFW configuration path. Added SGFW_SOCKS_CONFIG environment variable for overriding default SGFW SOCKS json config file path. Updated readme with information on building outside SGOS. Stephen Watt 2017-09-21 13:40:21 -0400
  • 9f5bdf987c Bump version after cleanup and important bugfix debian dma 2017-09-20 04:08:32 +0000
  • 92276eed47 fmt v0.0.11 dma 2017-09-20 04:05:55 +0000
  • 5f454f2c6b Remove debug output dma 2017-09-20 04:02:29 +0000
  • 2869f15ba1 Remove hack + debug output because of fix in af1a925b11 dma 2017-09-20 03:49:23 +0000
  • af1a925b11 Fix bug where sometimes not all of /proc/net/tcp is read dma 2017-09-19 23:56:03 +0000
  • 119344dbfc Settings: adding sandbox and allow tls to rule edit... xSmurf 2017-09-15 19:13:54 +0000
  • 242f6c820a Bump version dma 2017-09-14 18:18:29 +0000
  • ef9a0a22c2 Make log more sublogmon friendly v0.0.10 dma 2017-09-14 18:10:23 +0000
  • ed8c254404 Add TLSGuard to SOCKS5 filter clients not coming from oz-daemon dma 2017-09-13 20:23:45 +0000
  • e7a803f84f Temporary workaround dma 2017-09-13 18:46:22 +0000
  • 9ac3c3fa92 Temporary workaround to drop connections from the sandbox manager that we can't further identify. dma 2017-09-13 18:37:39 +0000
  • 755e0088c5 typo and fmt... xSmurf 2017-09-12 18:24:02 +0000
  • 6e6e265fae Fmt.. xSmurf 2017-09-12 00:33:23 +0000
  • 68e6d57c9b Remove bad deps, fix exec erroneous path truncation for processes outside of oz dma 2017-09-12 18:17:23 +0000
  • e2ed0b68e7 Increase stylesheet width dma 2017-09-11 03:09:44 +0000
  • 68e57f21e9 Update changelog dma 2017-09-10 23:11:13 +0000
  • 0d26458f21 Adjust permissions dma 2017-09-10 23:10:15 +0000
  • 5dd4dea30e Remove duplicate systemd unit file v0.0.9 dma 2017-09-10 22:57:23 +0000
  • 0d125455e4 Update packaging systemd unit file and remove duplicate dma 2017-09-10 22:56:39 +0000
  • 9bf792b062 Bump version dma 2017-09-10 22:42:58 +0000
  • 17c7cc2872 Try 2 dma 2017-09-10 22:23:00 +0000
  • e183e0e741 Update packaging metadata dma 2017-09-10 21:30:57 +0000