Qubes/manager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Firewall rules window moved to settings tab.

Browse Source
This commit is contained in:
Agnieszka Kostrzewa 2012-02-10 00:30:45 +01:00
parent 8286a0b929
commit 7b5f383f13
3 changed files with 130 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
qubesmanager/firewall.py
View File

@ -31,106 +31,8 @@ from qubes.qubes import QubesVmCollection
from qubes.qubes import QubesException from qubes.qubes import QubesException
from qubes.qubes import dry_run from qubes.qubes import dry_run
import ui_editfwrulesdlg
import ui_newfwruledlg import ui_newfwruledlg
class EditFwRulesDlg (QDialog, ui_editfwrulesdlg.Ui_EditFwRulesDlg):
def __init__(self, parent = None):
super (EditFwRulesDlg, self).__init__(parent)
self.setupUi(self)
self.newRuleButton.clicked.connect(self.new_rule_button_pressed)
self.editRuleButton.clicked.connect(self.edit_rule_button_pressed)
self.deleteRuleButton.clicked.connect(self.delete_rule_button_pressed)
self.policyAllowRadioButton.toggled.connect(self.policy_radio_toggled)
self.dnsCheckBox.toggled.connect(self.dns_checkbox_toggled)
self.icmpCheckBox.toggled.connect(self.icmp_checkbox_toggled)
def set_model(self, model):
self.__model = model
self.rulesTreeView.setModel(model)
self.rulesTreeView.header().setResizeMode(QHeaderView.ResizeToContents)
self.rulesTreeView.header().setResizeMode(0, QHeaderView.Stretch)
self.set_allow(model.allow)
self.dnsCheckBox.setChecked(model.allowDns)
self.icmpCheckBox.setChecked(model.allowIcmp)
self.setWindowTitle(model.get_vm_name() + " firewall")
def set_allow(self, allow):
self.policyAllowRadioButton.setChecked(allow)
self.policyDenyRadioButton.setChecked(not allow)
def policy_radio_toggled(self, on):
self.__model.allow = self.policyAllowRadioButton.isChecked()
def dns_checkbox_toggled(self, on):
self.__model.allowDns = on
def icmp_checkbox_toggled(self, on):
self.__model.allowIcmp = on
def new_rule_button_pressed(self):
dialog = NewFwRuleDlg()
self.run_rule_dialog(dialog)
def edit_rule_button_pressed(self):
dialog = NewFwRuleDlg()
dialog.set_ok_enabled(True)
selected = self.rulesTreeView.selectedIndexes()
if len(selected) > 0:
row = self.rulesTreeView.selectedIndexes().pop().row()
address = self.__model.get_column_string(0, row).replace(' ', '')
dialog.addressComboBox.setItemText(0, address)
dialog.addressComboBox.setCurrentIndex(0)
service = self.__model.get_column_string(1, row)
dialog.serviceComboBox.setItemText(0, service)
dialog.serviceComboBox.setCurrentIndex(0)
self.run_rule_dialog(dialog, row)
def run_rule_dialog(self, dialog, row = None):
if dialog.exec_():
address = str(dialog.addressComboBox.currentText())
service = str(dialog.serviceComboBox.currentText())
port = None
port2 = None
unmask = address.split("/", 1)
if len(unmask) == 2:
address = unmask[0]
netmask = int(unmask[1])
else:
netmask = 32
if address == "*":
address = "0.0.0.0"
netmask = 0
if service == "*":
service = "0"
try:
range = service.split("-", 1)
if len(range) == 2:
port = int(range[0])
port2 = int(range[1])
else:
port = int(service)
except (TypeError, ValueError) as ex:
port = self.__model.get_service_port(service)
if port is not None:
if port2 is not None and port2 <= port:
QMessageBox.warning(None, "Invalid service ports range", "Port {0} is lower than port {1}.".format(port2, port))
else:
item = QubesFirewallRuleItem(address, netmask, port, port2)
if row is not None:
self.__model.setChild(row, item)
else:
self.__model.appendChild(item)
else:
QMessageBox.warning(None, "Invalid service name", "Service '{0} is unknown.".format(service))
def delete_rule_button_pressed(self):
for i in set([index.row() for index in self.rulesTreeView.selectedIndexes()]):
self.__model.removeChild(i)
class QIPAddressValidator(QValidator): class QIPAddressValidator(QValidator):
def __init__(self, parent = None): def __init__(self, parent = None):
@ -397,3 +299,4 @@ class QubesFirewallRulesModel(QAbstractItemModel):
def __len__(self): def __len__(self):
return len(self.children) return len(self.children)

15
qubesmanager/main.py
View File

@ -43,8 +43,6 @@ from restore import RestoreVMsWindow
from backup import BackupVMsWindow from backup import BackupVMsWindow
from global_settings import GlobalSettingsWindow from global_settings import GlobalSettingsWindow
from firewall import EditFwRulesDlg, QubesFirewallRulesModel
from pyinotify import WatchManager, Notifier, ThreadedNotifier, EventsCodes, ProcessEvent from pyinotify import WatchManager, Notifier, ThreadedNotifier, EventsCodes, ProcessEvent
import subprocess import subprocess
@ -1198,17 +1196,8 @@ class VmManagerWindow(Ui_VmManagerWindow, QMainWindow):
@pyqtSlot(name='on_action_editfwrules_triggered') @pyqtSlot(name='on_action_editfwrules_triggered')
def action_editfwrules_triggered(self): def action_editfwrules_triggered(self):
vm = self.get_selected_vm() vm = self.get_selected_vm()
dialog = EditFwRulesDlg() settings_window = VMSettingsWindow(vm, app, "firewall")
model = QubesFirewallRulesModel() settings_window.exec_()
model.set_vm(vm)
dialog.set_model(model)
if vm.netvm_vm is not None and not vm.netvm_vm.is_proxyvm():
QMessageBox.warning (None, "VM configuration problem!", "The '{0}' AppVM is not network connected to a FirewallVM!<p>".format(vm.name) +\
"You may edit the '{0}' VM firewall rules, but these will not take any effect until you connect it to a working Firewall VM.".format(vm.name))
if dialog.exec_():
model.apply_rules()
@pyqtSlot(name='on_action_global_settings_triggered') @pyqtSlot(name='on_action_global_settings_triggered')
def action_global_settings_triggered(self): def action_global_settings_triggered(self):

135
qubesmanager/settings.py
View File

@ -46,6 +46,7 @@ from operator import itemgetter
from ui_settingsdlg import * from ui_settingsdlg import *
from multiselectwidget import * from multiselectwidget import *
from appmenu_select import * from appmenu_select import *
from firewall import *
class VMSettingsWindow(Ui_SettingsDialog, QDialog): class VMSettingsWindow(Ui_SettingsDialog, QDialog):
@ -59,6 +60,13 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
def __init__(self, vm, app, init_page="basic", parent=None): def __init__(self, vm, app, init_page="basic", parent=None):
super(VMSettingsWindow, self).__init__(parent) super(VMSettingsWindow, self).__init__(parent)
self.app = app
self.vm = vm
if self.vm.template_vm:
self.source_vm = self.vm.template_vm
else:
self.source_vm = self.vm
self.setupUi(self) self.setupUi(self)
if init_page in self.tabs_indices: if init_page in self.tabs_indices:
idx = self.tabs_indices[init_page] idx = self.tabs_indices[init_page]
@ -68,19 +76,29 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
self.connect(self.buttonBox, SIGNAL("accepted()"), self.save_and_apply) self.connect(self.buttonBox, SIGNAL("accepted()"), self.save_and_apply)
self.connect(self.buttonBox, SIGNAL("rejected()"), self.reject) self.connect(self.buttonBox, SIGNAL("rejected()"), self.reject)
self.app_list = MultiSelectWidget(self) self.tabWidget.currentChanged.connect(self.current_tab_changed)
self.dev_list = MultiSelectWidget(self)
self.apps_layout.addWidget(self.app_list) ###### firewall tab
model = QubesFirewallRulesModel()
model.set_vm(vm)
self.set_fw_model(model)
self.newRuleButton.clicked.connect(self.new_rule_button_pressed)
self.editRuleButton.clicked.connect(self.edit_rule_button_pressed)
self.deleteRuleButton.clicked.connect(self.delete_rule_button_pressed)
self.policyAllowRadioButton.toggled.connect(self.policy_radio_toggled)
self.dnsCheckBox.toggled.connect(self.dns_checkbox_toggled)
self.icmpCheckBox.toggled.connect(self.icmp_checkbox_toggled)
####### devices tab
self.dev_list = MultiSelectWidget(self)
self.devices_layout.addWidget(self.dev_list) self.devices_layout.addWidget(self.dev_list)
self.app = app ####### apps tab
self.vm = vm self.app_list = MultiSelectWidget(self)
if self.vm.template_vm: self.apps_layout.addWidget(self.app_list)
self.source_vm = self.vm.template_vm
else:
self.source_vm = self.vm
self.AppListManager = AppmenuSelectManager(self.vm, self.app_list) self.AppListManager = AppmenuSelectManager(self.vm, self.app_list)
def reject(self): def reject(self):
@ -113,9 +131,106 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
self.done(0) self.done(0)
def __save_changes__(self, thread_monitor): def __save_changes__(self, thread_monitor):
self.fw_model.apply_rules()
self.AppListManager.save_appmenu_select_changes() self.AppListManager.save_appmenu_select_changes()
thread_monitor.set_finished() thread_monitor.set_finished()
def current_tab_changed(self, idx):
if idx == self.tabs_indices["firewall"]:
if self.vm.netvm_vm is not None and not self.vm.netvm_vm.is_proxyvm():
QMessageBox.warning (None, "VM configuration problem!", "The '{0}' AppVM is not network connected to a FirewallVM!<p>".format(self.vm.name) +\
"You may edit the '{0}' VM firewall rules, but these will not take any effect until you connect it to a working Firewall VM.".format(self.vm.name))
######### firewall tab related
def set_fw_model(self, model):
self.fw_model = model
self.rulesTreeView.setModel(model)
self.rulesTreeView.header().setResizeMode(QHeaderView.ResizeToContents)
self.rulesTreeView.header().setResizeMode(0, QHeaderView.Stretch)
self.set_allow(model.allow)
self.dnsCheckBox.setChecked(model.allowDns)
self.icmpCheckBox.setChecked(model.allowIcmp)
def set_allow(self, allow):
self.policyAllowRadioButton.setChecked(allow)
self.policyDenyRadioButton.setChecked(not allow)
def policy_radio_toggled(self, on):
self.fw_model.allow = self.policyAllowRadioButton.isChecked()
def dns_checkbox_toggled(self, on):
self.fw_model.allowDns = on
def icmp_checkbox_toggled(self, on):
self.fw_model.allowIcmp = on
def new_rule_button_pressed(self):
dialog = NewFwRuleDlg()
self.run_rule_dialog(dialog)
def edit_rule_button_pressed(self):
dialog = NewFwRuleDlg()
dialog.set_ok_enabled(True)
selected = self.rulesTreeView.selectedIndexes()
if len(selected) > 0:
row = self.rulesTreeView.selectedIndexes().pop().row()
address = self.fw_model.get_column_string(0, row).replace(' ', '')
dialog.addressComboBox.setItemText(0, address)
dialog.addressComboBox.setCurrentIndex(0)
service = self.fw_model.get_column_string(1, row)
dialog.serviceComboBox.setItemText(0, service)
dialog.serviceComboBox.setCurrentIndex(0)
self.run_rule_dialog(dialog, row)
def delete_rule_button_pressed(self):
for i in set([index.row() for index in self.rulesTreeView.selectedIndexes()]):
self.fw_model.removeChild(i)
def run_rule_dialog(self, dialog, row = None):
if dialog.exec_():
address = str(dialog.addressComboBox.currentText())
service = str(dialog.serviceComboBox.currentText())
port = None
port2 = None
unmask = address.split("/", 1)
if len(unmask) == 2:
address = unmask[0]
netmask = int(unmask[1])
else:
netmask = 32
if address == "*":
address = "0.0.0.0"
netmask = 0
if service == "*":
service = "0"
try:
range = service.split("-", 1)
if len(range) == 2:
port = int(range[0])
port2 = int(range[1])
else:
port = int(service)
except (TypeError, ValueError) as ex:
port = self.fw_model.get_service_port(service)
if port is not None:
if port2 is not None and port2 <= port:
QMessageBox.warning(None, "Invalid service ports range", "Port {0} is lower than port {1}.".format(port2, port))
else:
item = QubesFirewallRuleItem(address, netmask, port, port2)
if row is not None:
self.fw_model.setChild(row, item)
else:
self.fw_model.appendChild(item)
else:
QMessageBox.warning(None, "Invalid service name", "Service '{0} is unknown.".format(service))
# Bases on the original code by: # Bases on the original code by:
# Copyright (c) 2002-2007 Pascal Varet <p.varet@gmail.com> # Copyright (c) 2002-2007 Pascal Varet <p.varet@gmail.com>