firewall: simplify rules handling code

Use directly rule provided by qubes core, not intermediate class
QubesFirewallRuleItem. This also will improve compatibility - if no
firewall changes made (but still "OK" clicked instead of "Cancel")
really the same settings are saved, even if rules contains some not
supported by Qubes Manager attributes.
This commit is contained in:
Marek Marczykowski-Górecki 2014-03-28 05:15:52 +01:00
parent f79a1ed42e
commit 3b3846eeb5
2 changed files with 31 additions and 68 deletions

View File

@ -128,59 +128,22 @@ class NewFwRuleDlg (QDialog, ui_newfwruledlg.Ui_NewFwRuleDlg):
if checked: if checked:
self.serviceComboBox.setEnabled(False) self.serviceComboBox.setEnabled(False)
class QubesFirewallRuleItem(object):
def __init__(self, address = str(), netmask = 32, portBegin = 0, portEnd = None, protocol = "any"):
self.__address = address
self.__netmask = netmask
self.__portBegin = portBegin
self.__portEnd = portEnd
self.__protocol = protocol
@property
def address(self):
return self.__address
@property
def netmask(self):
return self.__netmask
@property
def portBegin(self):
return self.__portBegin
@property
def portEnd(self):
return self.__portEnd
@property
def protocol(self):
return self.__protocol
def hasChildren(self):
return False
class QubesFirewallRulesModel(QAbstractItemModel): class QubesFirewallRulesModel(QAbstractItemModel):
def __init__(self, parent=None): def __init__(self, parent=None):
QAbstractItemModel.__init__(self, parent) QAbstractItemModel.__init__(self, parent)
self.__columnValues = { self.__columnValues = {
0: lambda x: "*" if self.children[x].address == "0.0.0.0" and self.children[x].netmask == 0 \ 0: lambda x: "*" if self.children[x]["address"] == "0.0.0.0" and
else self.children[x].address + ("" if self.children[x].netmask == 32 \ self.children[x]["netmask"] == 0 else
else " /{0}".format(self.children[x].netmask)), self.children[x]["address"] + ("" if self.children[x][ "netmask"] == 32 else
1: lambda x: "any" if self.children[x].portBegin == 0 \ " /{0}".format(self.children[x][
else "{0}-{1}".format(self.children[x].portBegin, self.children[x].portEnd) if self.children[x].portEnd is not None \ "netmask"])),
else self.get_service_name(self.children[x].portBegin), 1: lambda x: "any" if self.children[x]["portBegin"] == 0 else
2: lambda x: self.children[x].protocol, "{0}-{1}".format(self.children[x]["portBegin"], self.children[x][
} "portEnd"]) if self.children[x]["portEnd"] is not None else \
self.__columnNames = { self.get_service_name(self.children[x]["portBegin"]),
0: "Address", 2: lambda x: self.children[x]["proto"], }
1: "Service", self.__columnNames = {0: "Address", 1: "Service", 2: "Protocol", }
2: "Protocol",
}
self.__services = list() self.__services = list()
pattern = re.compile("(?P<name>[a-z][a-z0-9-]+)\s+(?P<port>[0-9]+)/(?P<protocol>[a-z]+)", re.IGNORECASE) pattern = re.compile("(?P<name>[a-z][a-z0-9-]+)\s+(?P<port>[0-9]+)/(?P<protocol>[a-z]+)", re.IGNORECASE)
f = open('/etc/services', 'r') f = open('/etc/services', 'r')
@ -198,11 +161,14 @@ class QubesFirewallRulesModel(QAbstractItemModel):
rev = (order == Qt.AscendingOrder) rev = (order == Qt.AscendingOrder)
if idx==0: if idx==0:
self.children.sort(key=attrgetter('address'), reverse = rev) self.children.sort(key=lambda x: x['address'], reverse = rev)
if idx==1: if idx==1:
self.children.sort(key=lambda x: self.get_service_name(x.portBegin) if x.portEnd == None else x.portBegin, reverse = rev) self.children.sort(key=lambda x: self.get_service_name(x[
"portBegin"]) if x["portEnd"] == None else x["portBegin"],
reverse = rev)
if idx==2: if idx==2:
self.children.sort(key=attrgetter('protocol'), reverse = rev) self.children.sort(key=lambda x: x['proto'], reverse
= rev)
index1 = self.createIndex(0, 0) index1 = self.createIndex(0, 0)
index2 = self.createIndex(len(self)-1, len(self.__columnValues)-1) index2 = self.createIndex(len(self)-1, len(self.__columnValues)-1)
self.dataChanged.emit(index1, index2) self.dataChanged.emit(index1, index2)
@ -236,9 +202,7 @@ class QubesFirewallRulesModel(QAbstractItemModel):
self.allowYumProxy = conf["allowYumProxy"] self.allowYumProxy = conf["allowYumProxy"]
for rule in conf["rules"]: for rule in conf["rules"]:
self.appendChild(QubesFirewallRuleItem( self.appendChild(rule)
rule["address"], rule["netmask"], rule["portBegin"], rule["portEnd"], rule["proto"]
))
def get_vm_name(self): def get_vm_name(self):
return self.__vm.name return self.__vm.name
@ -257,15 +221,7 @@ class QubesFirewallRulesModel(QAbstractItemModel):
} }
for rule in self.children: for rule in self.children:
conf["rules"].append( conf["rules"].append(rule)
{
"address": rule.address,
"netmask": rule.netmask,
"portBegin": rule.portBegin,
"portEnd": rule.portEnd,
"proto": rule.protocol,
}
)
if self.fw_changed: if self.fw_changed:
self.__vm.write_firewall_conf(conf) self.__vm.write_firewall_conf(conf)
@ -295,7 +251,7 @@ class QubesFirewallRulesModel(QAbstractItemModel):
def hasChildren(self, index=QModelIndex()): def hasChildren(self, index=QModelIndex()):
parentItem = index.internalPointer() parentItem = index.internalPointer()
if parentItem is not None: if parentItem is not None:
return parentItem.hasChildren() return False
else: else:
return True return True
@ -323,6 +279,7 @@ class QubesFirewallRulesModel(QAbstractItemModel):
self.endInsertRows() self.endInsertRows()
index = self.createIndex(row, 0, child) index = self.createIndex(row, 0, child)
self.dataChanged.emit(index, index) self.dataChanged.emit(index, index)
self.fw_changed = True
def removeChild(self, i): def removeChild(self, i):
if i >= len(self): if i >= len(self):
@ -333,11 +290,13 @@ class QubesFirewallRulesModel(QAbstractItemModel):
self.endRemoveRows() self.endRemoveRows()
index = self.createIndex(i, 0) index = self.createIndex(i, 0)
self.dataChanged.emit(index, index) self.dataChanged.emit(index, index)
self.fw_changed = True
def setChild(self, i, child): def setChild(self, i, child):
self.children[i] = child self.children[i] = child
index = self.createIndex(i, 0, child) index = self.createIndex(i, 0, child)
self.dataChanged.emit(index, index) self.dataChanged.emit(index, index)
self.fw_changed = True
def clearChildren(self): def clearChildren(self):
self.__children = list() self.__children = list()

View File

@ -818,7 +818,6 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
def delete_rule_button_pressed(self): def delete_rule_button_pressed(self):
for i in set([index.row() for index in self.rulesTreeView.selectedIndexes()]): for i in set([index.row() for index in self.rulesTreeView.selectedIndexes()]):
self.fw_model.removeChild(i) self.fw_model.removeChild(i)
self.fw_model.fw_changed = True
def run_rule_dialog(self, dialog, row = None): def run_rule_dialog(self, dialog, row = None):
if dialog.exec_(): if dialog.exec_():
@ -846,6 +845,8 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
protocol = "tcp" protocol = "tcp"
elif dialog.udp_radio.isChecked(): elif dialog.udp_radio.isChecked():
protocol = "udp" protocol = "udp"
else:
protocol = "any"
try: try:
range = service.split("-", 1) range = service.split("-", 1)
@ -861,13 +862,16 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
if port2 is not None and port2 <= port: if port2 is not None and port2 <= port:
QMessageBox.warning(None, "Invalid service ports range", "Port {0} is lower than port {1}.".format(port2, port)) QMessageBox.warning(None, "Invalid service ports range", "Port {0} is lower than port {1}.".format(port2, port))
else: else:
item = QubesFirewallRuleItem(address, netmask, port, port2, protocol) item = {"address": address,
"netmask": netmask,
"portBegin": port,
"portEnd": port2,
"proto": protocol,
}
if row is not None: if row is not None:
self.fw_model.setChild(row, item) self.fw_model.setChild(row, item)
self.fw_model.fw_changed = True
else: else:
self.fw_model.appendChild(item) self.fw_model.appendChild(item)
self.fw_model.fw_changed = True
else: else:
QMessageBox.warning(None, "Invalid service name", "Service '{0} is unknown.".format(service)) QMessageBox.warning(None, "Invalid service name", "Service '{0} is unknown.".format(service))