From 703c9efba589c3ab8ac5a6a2c01f27fc40a5278b Mon Sep 17 00:00:00 2001 From: Olivier Blin Date: Wed, 30 Apr 2008 20:19:29 +0000 Subject: move ifw code in network::net_applet::ifw --- bin/net_applet | 223 +----------------------------------------- lib/network/net_applet/ifw.pm | 218 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 221 insertions(+), 220 deletions(-) create mode 100644 lib/network/net_applet/ifw.pm diff --git a/bin/net_applet b/bin/net_applet index 811a773..52f4bce 100755 --- a/bin/net_applet +++ b/bin/net_applet @@ -15,7 +15,6 @@ use network::vpn; use run_program; use mygtk2 qw(gtknew gtkset); use dbus_object; -use network::ifw; use network::monitor; use network::signal_strength; use detect_devices; @@ -177,20 +176,8 @@ my ($monitor); eval { $dbus = dbus_object::system_bus() } if !defined($global_settings{DBUS}) || text2bool($global_settings{DBUS}); eval { $monitor = network::monitor->new($dbus) } if $dbus; eval { - $ifw = network::ifw->new($dbus, sub { - my ($_con, $msg) = @_; - my $member = $msg->get_member; - if ($member eq 'Attack') { - handle_ifw_message($msg->get_args_list); - } elsif ($member eq 'Listen') { - handle_ifw_listen($msg->get_args_list); - } elsif ($member eq 'Init') { - $ifw->attach_object; - checkNetworkForce(); - } elsif ($member eq 'AlertAck') { - $ifw_alert = 0; - } - }); + require network::net_applet::ifw; + network::net_applet::ifw::create(); } if $dbus; $notification_queue = Gtk2::Notify::Queue->new($icon); @@ -213,7 +200,7 @@ $icon->signal_connect(popup_menu => sub { checkNetworkForce(); cronNetwork(); gtkflush(); #- for notifications to appear on the status icon position -get_unprocessed_ifw_messages(); +network::net_applet::ifw::get_unprocessed_ifw_messages(); $SIG{HUP} = sub { print "received SIGHUP, reloading network configuration\n"; @@ -360,34 +347,6 @@ sub go2State { update_applet() if $need_update; } -sub get_current_network() { - detect_devices::is_wireless_interface($current_interface) && find { $_->{current} } values %wireless_networks; -} - -sub get_state_pixbuf() { - my $wnet = $current_state eq 'connected' && get_current_network(); - $wnet ? - network::signal_strength::get_strength_icon($wnet) : - $pixbufs{state}{$current_state}; -} - -sub enable_ifw_alert() { - unless ($ifw_alert) { - $ifw_alert = 1; - network::net_applet::update_tray_icon(); - Glib::Timeout->add(1000, sub { - network::net_applet::update_tray_icon(); - $ifw_alert; - }); - } -} - -sub disable_ifw_alert() { - eval { $ifw->send_alert_ack }; - $ifw_alert = 0; - network::net_applet::update_tray_icon(); -} - sub update_applet() { $wireless_device = detect_devices::get_wireless_interface(); @@ -527,179 +486,3 @@ sub setAutoStart { qq(AUTOSTART=$state ); } - -sub get_unprocessed_ifw_messages() { - my @packets = eval { $ifw->get_reports }; - while (my @ifw_message = splice(@packets, 0, 10)) { - handle_ifw_message(@ifw_message); - } -} - -sub set_verdict { - my ($attack, $apply_verdict) = @_; - eval { $apply_verdict->($attack) }; - $@ and err_dialog(N("Interactive Firewall"), N("Unable to contact daemon")); -} - -sub apply_verdict_blacklist { - my ($attack) = @_; - $ifw->set_blacklist_verdict($attack->{seq}, 1); -} - -sub apply_verdict_ignore { - my ($attack) = @_; - $ifw->set_blacklist_verdict($attack->{seq}, 0); -} - -sub apply_verdict_whitelist { - my ($attack) = @_; - $ifw->whitelist($attack->{addr}); - apply_verdict_ignore($attack); -} - -sub handle_ifw_message { - my $message = network::ifw::attack_to_hash(\@_); - unless ($message->{msg}) { - print "unhandled attack type, skipping\n"; - return; - } - my $is_attack = $message->{prefix} ne 'NEW'; - enable_ifw_alert() if $is_attack; - $notification_queue->add({ - title => N("Interactive Firewall"), - pixbuf => $pixbufs{firewall}, - message => $message->{msg}, - timeout => sub { - set_verdict($message, \&apply_verdict_ignore); - }, - if_($is_attack, - urgency => 'critical', - actions => [ { - action => 'clicked', - label => #-PO: "Process" is a verb - N("Process attack"), - callback => sub { - disable_ifw_alert(); - ask_attack_verdict($message); - }, - } ], - ), - }); -} - -sub ask_attack_verdict { - my ($attack) = @_; - - my $w = ugtk2->new(N("Interactive Firewall: intrusion detected"), - icon => "drakfirewall"); - my ($blacklist, $whitelist, $ignore, $auto); - - my $update_automatic_mode = sub { $auto->get_active and $interactive_cb->set_active(1) }; - my $set_verdict = sub { - my ($verdict) = @_; - set_verdict($attack, $verdict); - $notification_queue->process_next; - }; - gtkadd($w->{window}, - gtknew('VBox', spacing => 5, children_loose => [ - gtknew('HBox', children => [ - 0, Gtk2::Image->new_from_stock('gtk-dialog-warning', 'dialog'), - 0, gtknew('Label', text => " "), - 1, gtknew('VBox', children => [ - 0, $attack->{msg}, - 0, N("What do you want to do with this attacker?") - ]) - ]), - gtksignal_connect(gtkadd(Gtk2::Expander->new(N("Attack details")), - gtknew('HBox', children => [ - 0, gtknew('Label', text => " "), - 1, gtknew('VBox', children_loose => [ - N("Attack time: %s", $attack->{date}), - N("Network interface: %s", $attack->{indev}), - N("Attack type: %s", $attack->{prefix}), - if_($attack->{protocol}, N("Protocol: %s", $attack->{protocol})), - N("Attacker IP address: %s", $attack->{ip_addr}), - if_($attack->{hostname} ne $attack->{ip_addr}, N("Attacker hostname: %s", $attack->{hostname})), - ( - $attack->{service} ne $attack->{port} ? - N("Service attacked: %s", $attack->{service}) : - N("Port attacked: %s", $attack->{port}), - ), - if_($attack->{icmp_type}, N("Type of ICMP attack: %s", $attack->{icmp_type})) - ]), - ])), - activate => sub { $_[0]->get_expanded and $w->shrink_topwindow } - ), - $auto = gtknew('CheckButton', text => N("Always blacklist (do not ask again)"), toggled => sub { - $whitelist->set_sensitive(!$_[0]->get_active); - $ignore->set_sensitive(!$_[0]->get_active); - }), - gtknew('HButtonBox', layout => 'edge', children_loose => [ - $blacklist = gtknew('Button', text => N("Blacklist"), clicked => sub { - $w->destroy; - $update_automatic_mode->(); - $set_verdict->(\&apply_verdict_blacklist); - }), - $whitelist = gtknew('Button', text => N("Whitelist"), clicked => sub { - $w->destroy; - $update_automatic_mode->(); - $set_verdict->(\&apply_verdict_whitelist); - }), - $ignore = gtknew('Button', text => N("Ignore"), clicked => sub { - $w->destroy; - $set_verdict->(\&apply_verdict_ignore); - }), - ]), - ])); - eval { $auto->set_active(!$ifw->get_interactive) }; - $blacklist->grab_focus; - gtksignal_connect($w->{window}, delete_event => sub { - $set_verdict->(\&apply_verdict_ignore); - }); - $w->{window}->show_all; -} - -sub handle_ifw_listen { - my $listen = network::ifw::parse_listen_message(\@_); - enable_ifw_alert(); - $notification_queue->add({ - title => N("Interactive Firewall: new service"), - pixbuf => $pixbufs{firewall}, - message => $listen->{message}, - actions => [ { - action => 'clicked', - label => #-PO: "Process" is a verb - N("Process connection"), - callback => sub { - disable_ifw_alert(); - ask_listen_verdict($listen); - }, - } ], - }); -} - -sub ask_listen_verdict { - my ($listen) = @_; - - my $w = ugtk2->new(N("Interactive Firewall: new service"), icon => "drakfirewall"); - my $set_verdict = sub { - $notification_queue->process_next; - }; - gtkadd($w->{window}, - gtknew('VBox', spacing => 5, children_loose => [ - gtknew('HBox', children => [ - 0, Gtk2::Image->new_from_stock('gtk-dialog-warning', 'dialog'), - 1, gtknew('VBox', children => [ - 0, $listen->{message}, - 0, N("Do you want to open this service?"), - ]) - ]), - gtknew('CheckButton', text => N("Remember this answer"), toggled => sub {}), - gtknew('HButtonBox', layout => 'edge', children_loose => [ - gtknew('Button', text => N("Allow"), clicked => sub { $w->destroy; $set_verdict->(1) }), - gtknew('Button', text => N("Block"), clicked => sub { $w->destroy; $set_verdict->(0) }), - ]), - ])); - gtksignal_connect($w->{window}, delete_event => sub { $set_verdict->() }); - $w->{window}->show_all; -} diff --git a/lib/network/net_applet/ifw.pm b/lib/network/net_applet/ifw.pm new file mode 100644 index 0000000..ea2e8d8 --- /dev/null +++ b/lib/network/net_applet/ifw.pm @@ -0,0 +1,218 @@ +package network::net_applet::ifw; + +use common; +use network::ifw; +use ugtk2 qw(:create :helpers :wrappers :dialogs); +use mygtk2 qw(gtknew gtkset); + +sub create() { + $network::net_applet::ifw = network::ifw->new($network::net_applet::dbus, sub { + my ($_con, $msg) = @_; + my $member = $msg->get_member; + if ($member eq 'Attack') { + handle_ifw_message($msg->get_args_list); + } elsif ($member eq 'Listen') { + handle_ifw_listen($msg->get_args_list); + } elsif ($member eq 'Init') { + $ifw->attach_object; + checkNetworkForce(); + } elsif ($member eq 'AlertAck') { + $network::net_applet::ifw_alert = 0; + } + }); +} + +sub enable_ifw_alert() { + unless ($network::net_applet::ifw_alert) { + $network::net_applet::ifw_alert = 1; + network::net_applet::update_tray_icon(); + Glib::Timeout->add(1000, sub { + network::net_applet::update_tray_icon(); + $network::net_applet::ifw_alert; + }); + } +} + +sub disable_ifw_alert() { + eval { $network::net_applet::ifw->send_alert_ack }; + $network::net_applet::ifw_alert = 0; + network::net_applet::update_tray_icon(); +} + +sub get_unprocessed_ifw_messages() { + my @packets = eval { $network::net_applet::ifw->get_reports }; + while (my @ifw_message = splice(@packets, 0, 10)) { + handle_ifw_message(@ifw_message); + } +} + +sub set_verdict { + my ($attack, $apply_verdict) = @_; + eval { $apply_verdict->($attack) }; + $@ and err_dialog(N("Interactive Firewall"), N("Unable to contact daemon")); +} + +sub apply_verdict_blacklist { + my ($attack) = @_; + $network::net_applet::ifw->set_blacklist_verdict($attack->{seq}, 1); +} + +sub apply_verdict_ignore { + my ($attack) = @_; + $network::net_applet::ifw->set_blacklist_verdict($attack->{seq}, 0); +} + +sub apply_verdict_whitelist { + my ($attack) = @_; + $network::net_applet::ifw->whitelist($attack->{addr}); + apply_verdict_ignore($attack); +} + +sub handle_ifw_message { + my $message = network::ifw::attack_to_hash(\@_); + unless ($message->{msg}) { + print "unhandled attack type, skipping\n"; + return; + } + my $is_attack = $message->{prefix} ne 'NEW'; + enable_ifw_alert() if $is_attack; + $network::net_applet::notification_queue->add({ + title => N("Interactive Firewall"), + pixbuf => $network::net_applet::pixbufs{firewall}, + message => $message->{msg}, + timeout => sub { + set_verdict($message, \&apply_verdict_ignore); + }, + if_($is_attack, + urgency => 'critical', + actions => [ { + action => 'clicked', + label => #-PO: "Process" is a verb + N("Process attack"), + callback => sub { + disable_ifw_alert(); + ask_attack_verdict($message); + }, + } ], + ), + }); +} + +sub ask_attack_verdict { + my ($attack) = @_; + + my $w = ugtk2->new(N("Interactive Firewall: intrusion detected"), + icon => "drakfirewall"); + my ($blacklist, $whitelist, $ignore, $auto); + + my $update_automatic_mode = sub { $auto->get_active and $network::net_applet::interactive_cb->set_active(1) }; + my $set_verdict = sub { + my ($verdict) = @_; + set_verdict($attack, $verdict); + $network::net_applet::notification_queue->process_next; + }; + gtkadd($w->{window}, + gtknew('VBox', spacing => 5, children_loose => [ + gtknew('HBox', children => [ + 0, Gtk2::Image->new_from_stock('gtk-dialog-warning', 'dialog'), + 0, gtknew('Label', text => " "), + 1, gtknew('VBox', children => [ + 0, $attack->{msg}, + 0, N("What do you want to do with this attacker?") + ]) + ]), + gtksignal_connect(gtkadd(Gtk2::Expander->new(N("Attack details")), + gtknew('HBox', children => [ + 0, gtknew('Label', text => " "), + 1, gtknew('VBox', children_loose => [ + N("Attack time: %s", $attack->{date}), + N("Network interface: %s", $attack->{indev}), + N("Attack type: %s", $attack->{prefix}), + if_($attack->{protocol}, N("Protocol: %s", $attack->{protocol})), + N("Attacker IP address: %s", $attack->{ip_addr}), + if_($attack->{hostname} ne $attack->{ip_addr}, N("Attacker hostname: %s", $attack->{hostname})), + ( + $attack->{service} ne $attack->{port} ? + N("Service attacked: %s", $attack->{service}) : + N("Port attacked: %s", $attack->{port}), + ), + if_($attack->{icmp_type}, N("Type of ICMP attack: %s", $attack->{icmp_type})) + ]), + ])), + activate => sub { $_[0]->get_expanded and $w->shrink_topwindow } + ), + $auto = gtknew('CheckButton', text => N("Always blacklist (do not ask again)"), toggled => sub { + $whitelist->set_sensitive(!$_[0]->get_active); + $ignore->set_sensitive(!$_[0]->get_active); + }), + gtknew('HButtonBox', layout => 'edge', children_loose => [ + $blacklist = gtknew('Button', text => N("Blacklist"), clicked => sub { + $w->destroy; + $update_automatic_mode->(); + $set_verdict->(\&apply_verdict_blacklist); + }), + $whitelist = gtknew('Button', text => N("Whitelist"), clicked => sub { + $w->destroy; + $update_automatic_mode->(); + $set_verdict->(\&apply_verdict_whitelist); + }), + $ignore = gtknew('Button', text => N("Ignore"), clicked => sub { + $w->destroy; + $set_verdict->(\&apply_verdict_ignore); + }), + ]), + ])); + eval { $auto->set_active(!$network::net_applet::ifw->get_interactive) }; + $blacklist->grab_focus; + gtksignal_connect($w->{window}, delete_event => sub { + $set_verdict->(\&apply_verdict_ignore); + }); + $w->{window}->show_all; +} + +sub handle_ifw_listen { + my $listen = network::ifw::parse_listen_message(\@_); + enable_ifw_alert(); + $network::net_applet::notification_queue->add({ + title => N("Interactive Firewall: new service"), + pixbuf => $network::net_applet::pixbufs{firewall}, + message => $listen->{message}, + actions => [ { + action => 'clicked', + label => #-PO: "Process" is a verb + N("Process connection"), + callback => sub { + disable_ifw_alert(); + ask_listen_verdict($listen); + }, + } ], + }); +} + +sub ask_listen_verdict { + my ($listen) = @_; + + my $w = ugtk2->new(N("Interactive Firewall: new service"), icon => "drakfirewall"); + my $set_verdict = sub { + $network::net_applet::notification_queue->process_next; + }; + gtkadd($w->{window}, + gtknew('VBox', spacing => 5, children_loose => [ + gtknew('HBox', children => [ + 0, Gtk2::Image->new_from_stock('gtk-dialog-warning', 'dialog'), + 1, gtknew('VBox', children => [ + 0, $listen->{message}, + 0, N("Do you want to open this service?"), + ]) + ]), + gtknew('CheckButton', text => N("Remember this answer"), toggled => sub {}), + gtknew('HButtonBox', layout => 'edge', children_loose => [ + gtknew('Button', text => N("Allow"), clicked => sub { $w->destroy; $set_verdict->(1) }), + gtknew('Button', text => N("Block"), clicked => sub { $w->destroy; $set_verdict->(0) }), + ]), + ])); + gtksignal_connect($w->{window}, delete_event => sub { $set_verdict->() }); + $w->{window}->show_all; +} + +1; -- cgit v1.2.1