policyview.c

Linux系统下著名的个人防火墙

/*---[ policyview.c ]-------------------------------------------------
 * Copyright (C) 2004 Tomas Junnonen (majix@sci.fi)
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * The traffic policy editor page
 *--------------------------------------------------------------------*/

#include <config.h>
#include <gnome.h>
#include <stdarg.h>
#include <sys/wait.h>

#include "policyview.h"
#include "gui.h"
#include "globals.h"
#include "preferences.h"
#include "menus.h"
#include "firestarter.h"
#include "util.h"
#include "scriptwriter.h"
#include "service.h"

#define RULEVIEW_HEIGHT 110

static GtkTreeView *modifying_view, *selected_view;
static GtkWidget *in_allow_from, *in_allow_service, *in_forward,
	*out_deny_from, *out_deny_to, *out_deny_service,
	*out_allow_from, *out_allow_to, *out_allow_service;

static gboolean modified_inbound, modified_outbound, modifications_require_restart;

static GtkWidget *inbound_group;
static GtkWidget *outbound_group;

/* Feature mask for a target selector widget */
typedef enum
{
	TARGET_ANYONE   = 1 << 1,
	TARGET_FIREWALL = 1 << 2,
	TARGET_LAN      = 1 << 3,
	TARGET_HOST     = 1 << 4,
	TARGET_ALL      = 0x3FFFFE
} TargetMask;

/* The different types of policy widgets implemented */
enum
{
	RULE_HOST_SELECTOR,
	RULE_SERVICE_SELECTOR,
	RULE_TARGET_SELECTOR,
	RULE_FORWARD_SELECTOR,
	RULE_COMMENT
} ;

enum
{
	POLICY_GROUP_INBOUND,
	POLICY_GROUP_OUTBOUND,
};

static GtkWidget *
embed_in_scrolled_window (GtkWidget *widget)
{
	GtkWidget *window;

	window = gtk_scrolled_window_new (NULL, NULL);
	gtk_scrolled_window_set_shadow_type (GTK_SCROLLED_WINDOW (window), GTK_SHADOW_IN);
	gtk_scrolled_window_set_policy (GTK_SCROLLED_WINDOW (window),
	                                GTK_POLICY_NEVER,
	                                GTK_POLICY_AUTOMATIC);

	gtk_container_add (GTK_CONTAINER (window), widget);

	return window;	
}

static void
widget_visibility_sync_toggle (GtkWidget *source, GtkWidget *target) {
	gboolean visible;

	visible = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (source));
	if (visible)
		gtk_widget_show (target);
	else
		gtk_widget_hide (target);
}

/* [ append_to_view ]
 * Append rule data to a rule view
 * Either pass the view to be appended to, OR the already initialized store and iter
 */
static gboolean
append_to_view (GtkTreeView *view, GtkListStore *user_store, GtkTreeIter *user_iter, gchar *data)
{
	GtkTreeIter *iter;
	GtkListStore *store;

	gchar **tokens;
	gchar *token;
	gint elements_read;
	gint i, columns;


	if (view == NULL) {
		iter = user_iter;
		store = user_store;
	} else {
		iter = g_new (GtkTreeIter, 1);
		store = (GtkListStore *)gtk_tree_view_get_model(GTK_TREE_VIEW (view));
	}

	columns = gtk_tree_model_get_n_columns (GTK_TREE_MODEL (store));

	tokens = g_strsplit (data, ",", -1);
	for (i = 0, token = tokens[0]; token != NULL; i++) {
		token = tokens[i];
	}
	elements_read = i-1;

	if (elements_read != columns) { /* Check that the rule entry has the correct number of parameters */
		g_printerr ("Malformed user rule encountered: %s. Cause: insufficient elements!\n", data);
		g_free (data);
		g_strfreev (tokens);
		return FALSE;
	}

	gtk_list_store_append (store, iter);

	for (i = 0; i < columns; i++) {
		token = g_strstrip (tokens[i]);

		if (gtk_tree_model_get_column_type (GTK_TREE_MODEL (store), i) == G_TYPE_INT)
			gtk_list_store_set (store, iter, i, atoi(token), -1);
		else
			gtk_list_store_set (store, iter, i, token, -1);
	}

	if (preferences_get_bool (PREFS_APPLY_POLICY_INSTANTLY))
		policyview_apply ();
	else
		menus_policy_apply_enabled (TRUE);

	g_strfreev (tokens);
	if (view != NULL)
		gtk_tree_iter_free (iter);
	return TRUE;
}

/* [ reload_view ]
 * Reload the data in a view from a rule file
 */
static void
reload_view (GtkTreeView *view, gchar *path)
{
	GtkTreeIter iter;
	GtkListStore *store;
	GIOChannel* in;
	GError *error = NULL;
	gchar *line;

	store = (GtkListStore *)gtk_tree_view_get_model(GTK_TREE_VIEW (view));
	in = g_io_channel_new_file (path, "r", &error);
	
	if (in == NULL) {
		g_printerr ("Error reading file %s: %s\n", path, error->message);
		return;
	}

	while (g_io_channel_read_line (in, &line, NULL, NULL, &error) == G_IO_STATUS_NORMAL) {
		if (g_str_has_prefix(g_strstrip (line), "#")) /* Skip comments */
			continue;

		append_to_view (NULL, store, &iter, line);
	}

	g_io_channel_shutdown (in, FALSE, NULL);
}

static void
rule_dialog_reset (GtkDialog *dialog)
{
	GtkWidget *element = NULL;

	element = g_object_get_data (G_OBJECT (dialog), "host_selector");
	if (element) {
		gtk_entry_set_text (GTK_ENTRY (element), "");
		gtk_widget_grab_focus (element); /* Reset focus */
	}

	element = g_object_get_data (G_OBJECT (dialog), "service_selector_service");
	if (element) {
		element = gtk_bin_get_child (GTK_BIN (element));
		gtk_entry_set_text (GTK_ENTRY (element), "");
		element = g_object_get_data (G_OBJECT (dialog), "service_selector_port");
		gtk_entry_set_text (GTK_ENTRY (element), "");
	}
	
	element = g_object_get_data (G_OBJECT (dialog), "target_selector_anyone");
	if (element) {
		gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (element), TRUE); /* Reset the dialog */
		element = g_object_get_data (G_OBJECT (dialog), "target_selector_host");
		gtk_entry_set_text (GTK_ENTRY (element), "");
	}

	element = g_object_get_data (G_OBJECT (dialog), "forward_selector_host");
	if (element) {
		gtk_entry_set_text (GTK_ENTRY (element), "");
		element = g_object_get_data (G_OBJECT (dialog), "forward_selector_port");
		gtk_entry_set_text (GTK_ENTRY (element), "");
	}

	element = g_object_get_data (G_OBJECT (dialog), "comment");
	if (element) {
		gtk_entry_set_text (GTK_ENTRY (element), "");
	}

	g_object_steal_data (G_OBJECT (dialog), "editing");
}

static gboolean
rule_dialog_validate_data (GtkDialog *dialog)
{
	GtkWidget *element = NULL;
	GtkWidget *toggle;

	element = g_object_get_data (G_OBJECT (dialog), "host_selector");
	if (element) {
		if (!is_a_valid_host (gtk_entry_get_text (GTK_ENTRY (element)))) {
			error_dialog (_("Invalid host"),
			              _("Invalid host"),
				      _("The host you have specified is not a valid host,\n"
			                "please review your choice."),
			              Firestarter.window);
			return FALSE;
		}
	}

	element = g_object_get_data (G_OBJECT (dialog), "service_selector_port");
	if (element) {
		if (!is_a_valid_port (gtk_entry_get_text (GTK_ENTRY (element)))) {
			error_dialog (_("Invalid port"),
			              _("Invalid port"),
				      _("The port you have specified is not a valid port,\n"
			                "please review your choice."),
			              Firestarter.window);
			return FALSE;
		}
	}
	
	element = g_object_get_data (G_OBJECT (dialog), "target_selector_host");
	toggle = g_object_get_data (G_OBJECT (dialog), "target_selector_ip");
	if (element &&
	    gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (toggle))) {
		if (!is_a_valid_host (gtk_entry_get_text (GTK_ENTRY (element)))) {
			error_dialog (_("Invalid host"),
			              _("Invalid host"),
				      _("The host you have specified is not a valid host,\n"
			                "please review your choice."),
			              Firestarter.window);
			return FALSE;
		}
	}

	element = g_object_get_data (G_OBJECT (dialog), "forward_selector_host");
	if (element) {
		if (!is_a_valid_host (gtk_entry_get_text (GTK_ENTRY (element)))) {
			error_dialog (_("Invalid internal host"),
			              _("Invalid internal host"),
				      _("The host you have specified is not a valid host,\n"
			                "please review your choice."),
			              Firestarter.window);
			return FALSE;
		}
		element = g_object_get_data (G_OBJECT (dialog), "forward_selector_port");
		if (!is_a_valid_port (gtk_entry_get_text (GTK_ENTRY (element)))) {
			error_dialog (_("Invalid internal port"),
			              _("Invalid internal port"),
				      _("The port you have specified is not a valid port,\n"
			                "please review your choice."),
			              Firestarter.window);
			return FALSE;
		}
	}

	return TRUE;
}

static void unescape_string (gchar *src, gchar *dst)
{
	char c;

	while ((c = *src++) != '\0') {
		switch (c) {
		  case '\\':
		    switch (c = *src++) {
			case 'c':
			  *dst++ = ',';
			  break;
			case '\0':
			  *src--;
			default:
			  *dst++ = '\\'; 
			  break;
		    }
		    break;
		  default:
		    *dst++ = c;
		    break;
		}
	}

	*dst = 0;
}

static void escape_string (gchar *src, gchar *dst)
{
	char c;

	while ((c = *src++) != '\0') {
		switch (c) {
		  case ',':
		     *dst++ = '\\';
		     *dst++ = 'c';
		     break;
		  default:
		    *dst++ = c;
		    break;
		}
	}

	*dst = 0;
}

static gchar*
rule_dialog_extract_data (GtkDialog *dialog)
{
	GtkWidget *element = NULL;
	gchar *data = "";

	element = g_object_get_data (G_OBJECT (dialog), "host_selector");
	if (element) {
		data = g_strconcat (data, ", ", gtk_entry_get_text (GTK_ENTRY (element)), NULL);
	}

	element = g_object_get_data (G_OBJECT (dialog), "service_selector_service");
	if (element) {
		element = gtk_bin_get_child (GTK_BIN (element));
		data = g_strconcat (data, ", ", gtk_entry_get_text (GTK_ENTRY (element)), NULL);
			
		element = g_object_get_data (G_OBJECT (dialog), "service_selector_port");
		data = g_strconcat (data, ", ", gtk_entry_get_text (GTK_ENTRY (element)), NULL);
	}

	element = g_object_get_data (G_OBJECT (dialog), "target_selector_anyone");
	if (element) {
		if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (element)))
			data = g_strconcat (data, ", everyone", NULL);

		element = g_object_get_data (G_OBJECT (dialog), "target_selector_firewall");
		if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (element)))
			data = g_strconcat (data, ", firewall", NULL);
			
		element = g_object_get_data (G_OBJECT (dialog), "target_selector_lan");
		if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (element)))
			data = g_strconcat (data, ", lan", NULL);

		element = g_object_get_data (G_OBJECT (dialog), "target_selector_ip");
		if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (element))) {