// Invalid routing destination network: network address and netmask mismatch. 
bool RoutingCompiler::validateNetwork::processNext()
{
    RoutingRule *rule=getNext(); if (rule==NULL) return false;
    
    tmp_queue.push_back(rule);
    
    RuleElementRDst *dstrel=rule->getRDst();
    FWObject *o = FWReference::cast(dstrel->front())->getPointer();
     
    // currently we do not support run-time DNSName and AddressTable objects
    // in routing rules.
    MultiAddress *ma = MultiAddress::cast(o);
    if (ma && ma->isRunTime()) 
    {
        compiler->abort(rule, "Use of dynamic run-time objects "
                        "as destination in routing rules is not supported.");
    }

    if( checkValidNetwork(o) == false)
    {
        string msg;
        msg = "Object \"" + o->getName() +
            "\" used as destination in the routing rule " +
            rule->getLabel() + " has invalid netmask";
        compiler->abort(rule, msg.c_str());
    }
    return true;
    
}
FWObject* AddressObjectMaker::createObject(ObjectSignature &sig)
{
    FWObject *obj = nullptr;

    if (sig.type_name == AddressRange::TYPENAME)
        obj = createAddressRange(sig);

    if (sig.type_name == AddressTable::TYPENAME)
        obj = createAddressTable(sig);

    if (sig.type_name == DNSName::TYPENAME)
        obj = createDNSName(sig);

    if (obj == nullptr)
        obj = createAddress(sig);

    // Now I should build new signature because actual object type has
    // only been determined in createAddress()

    ObjectSignature new_sig(error_tracker);

    if ( ! sig.object_name.isEmpty())
    {
        obj->setName(sig.object_name.toUtf8().constData());
        obj->dispatch(&new_sig, (void*)(nullptr));
        registerNamedObject(new_sig, obj);
    } else
    {
        obj->dispatch(&new_sig, (void*)(nullptr));
        registerAnonymousObject(new_sig, obj);
    }

    return obj;
}
Exemple #3
0
xmlNodePtr RuleSet::toXML(xmlNodePtr parent)
{
    xmlNodePtr me = FWObject::toXML(parent, false);
    xmlNewProp(me, XMLTools::ToXmlCast("name"), XMLTools::StrToXmlCast(getName()));
    xmlNewProp(me, XMLTools::ToXmlCast("comment"), XMLTools::StrToXmlCast(getComment()));
    xmlNewProp(me, XMLTools::ToXmlCast("ro"), XMLTools::ToXmlCast(((getRO()) ? "True" : "False")));
    xmlNewProp(me, XMLTools::ToXmlCast("ipv4_rule_set"),
               XMLTools::ToXmlCast(((ipv4) ? "True" : "False")));

    xmlNewProp(me, XMLTools::ToXmlCast("ipv6_rule_set"),
               XMLTools::ToXmlCast(((ipv6) ? "True" : "False")));

    xmlNewProp(me, XMLTools::ToXmlCast("top_rule_set"), 
               XMLTools::ToXmlCast(((top) ? "True" : "False")));

    // First all rules, skip options
    for(list<FWObject*>::const_iterator j=begin(); j!=end(); ++j)
    {
        if (FWOptions::cast(*j) == nullptr) (*j)->toXML(me);
    }

    FWObject *o;
    if ( (o=getFirstByType( RuleSetOptions::TYPENAME ))!=nullptr )
	o->toXML(me);

    return me;
}
void ObjectManipulator::moveObject(FWObject *targetLib, FWObject *obj)
{
    FWObject *cl=getCurrentLib();
    if (cl==targetLib) return;

    FWObject *grp = NULL;

    if (FWObjectDatabase::isA(targetLib)) grp = targetLib;
    else
    {
        grp = FWBTree().getStandardSlotForObject(
            targetLib, obj->getTypeName().c_str());
    }
    if (grp==NULL) grp=targetLib;

    if (!grp->isReadOnly())
    {
        map<int, set<FWObject*> > reference_holders;
        FWCmdMoveObject *cmd = new FWCmdMoveObject(m_project,
                                                   obj->getParent(),
                                                   grp,
                                                   obj,
                                                   reference_holders,
                                                   "Move object");
        m_project->undoStack->push(cmd);
    }
    if (fwbdebug) qDebug("ObjectManipulator::moveObject  all done");
}
void ObjectManipulator::unlockObject()
{
    if (fwbdebug)
        qDebug() << "ObjectManipulator::unlockObject selected:"
                 << getCurrentObjectTree()->getNumSelected();

    if (getCurrentObjectTree()->getNumSelected()==0) return;

    try
    {
        FWObject *obj;

        vector<FWObject*> so = getCurrentObjectTree()->getSimplifiedSelection();
        for (vector<FWObject*>::iterator i=so.begin();  i!=so.end(); ++i)
        {
            obj= *i;
            FWObject *lib = obj->getLibrary();
            if (lib->getId()!=FWObjectDatabase::STANDARD_LIB_ID)
            {
                std::auto_ptr<FWCmdLockObject> cmd(
                    new FWCmdLockObject(m_project, obj, tr("Unlock object ") +
                                        QString::fromUtf8(obj->getName().c_str())));
                FWObject* new_state = cmd->getNewState();
                new_state->setReadOnly(false);
                if (!cmd->getOldState()->cmp(new_state, true))
                    m_project->undoStack->push(cmd.release());
            }
        }
    } catch (FWException &ex)
    {
        qDebug() << ex.toString().c_str();
    }
}
void FWObjectDropArea::dragEnterEvent( QDragEnterEvent *ev)
{
    list<FWObject*> dragol;
    if (FWObjectDrag::decode(ev, dragol))
    {
        if (dragol.size()>0)
        {
            FWObject * o = dragol.front();
            bool ok = false ;
            if (acceptedTypes.size()==0)
                ok = true ;
            for (int p = 0 ; p < acceptedTypes.size(); p++)
            {
                QString type =o->getTypeName().c_str(); 
                if (type==acceptedTypes[p])
                {
                    ok = true ;
                    break ;
                }
            }
            if (!ok)
            {
                ev->setAccepted(false);
                return ;
            }
        }
    }

    ev->setAccepted( ev->mimeData()->hasFormat(FWObjectDrag::FWB_MIME_TYPE) );
}
void CreateObjectGroupsForTSrc::packObjects(RuleElement *re,
                                            BaseObjectGroup *obj_group)
{
    if (libfwbuilder::XMLTools::version_compare(
            compiler->fw->getStr("version"), "8.3")>=0)
    {
        // put all objects inside of the group, except for the interface
        // if it belongs to the firewall
        FWObject *re_interface = NULL;
        for (FWObject::iterator i1=re->begin(); i1!=re->end(); ++i1) 
        {
            FWObject *o = *i1;
            FWObject *obj = o;
            if (FWReference::cast(o)!=NULL)
                obj = FWReference::cast(o)->getPointer();
            if (Interface::isA(obj) && obj->isChildOf(compiler->fw))
            {
                re_interface = obj;
                continue;
            }
            obj_group->addRef(obj);
        }
        re->clearChildren(false); //do not want to destroy children objects
        if (re_interface)
        {
            // add interface back.
            re->addRef(re_interface);
        }
        re->addRef(obj_group);
    } else
    {
        CreateObjectGroups::packObjects(re, obj_group);
    }
}
bool PolicyCompiler::ConvertToAtomicForAddresses::processNext()
{
    PolicyRule *rule=getNext(); if (rule==NULL) return false;

    RuleElementSrc *src=rule->getSrc();    assert(src);
    RuleElementDst *dst=rule->getDst();    assert(dst);

    for (FWObject::iterator i1=src->begin(); i1!=src->end(); ++i1) {
	for (FWObject::iterator i2=dst->begin(); i2!=dst->end(); ++i2) {

	    PolicyRule *r = compiler->dbcopy->createPolicyRule();
	    r->duplicate(rule);
	    compiler->temp_ruleset->add(r);

	    FWObject *s;
	    s=r->getSrc();	assert(s);
	    s->clearChildren();
	    s->addCopyOf( *i1 );

	    s=r->getDst();	assert(s);
	    s->clearChildren();
	    s->addCopyOf( *i2 );

	    tmp_queue.push_back(r);
	}
    }
    return true;
}
bool PolicyCompiler::ConvertToAtomicForIntervals::processNext()
{
    PolicyRule *rule=getNext(); if (rule==NULL) return false;

    RuleElementInterval *ivl=rule->getWhen();

    if (ivl==NULL || ivl->isAny()) {
        tmp_queue.push_back(rule);
        return true;
    }

    for (FWObject::iterator i1=ivl->begin(); i1!=ivl->end(); ++i1) {

        PolicyRule *r = compiler->dbcopy->createPolicyRule();
        r->duplicate(rule);
        compiler->temp_ruleset->add(r);
        
        FWObject *s;

        s=r->getWhen();	assert(s);
        s->clearChildren();
        s->addCopyOf( *i1 );

        tmp_queue.push_back(r);
    }
    return true;
}
Exemple #10
0
QDrag* ObjectListView::dragObject()
{
    QTreeWidgetItem *ovi = currentItem();
    // currentItem returns NULL if the list is empty
    if (ovi==NULL) return NULL;

    int obj_id = ovi->data(0, Qt::UserRole).toInt();
    FWObject *obj = db->findInIndex(obj_id);
    QString icn = (":/Icons/"+obj->getTypeName()+"/icon-ref").c_str();
        //Resources::global_res->getObjResourceStr(obj, "icon-ref").c_str();

    list<FWObject*> dragobj;
    dragobj.push_back(obj);

    FWObjectDrag    *drag = new FWObjectDrag(dragobj, this);
    //QPixmap          pm   = QPixmap::fromMimeSource( icn_filename );

    QPixmap pm;
    if ( ! QPixmapCache::find( icn, pm) )
    {
        pm.load( icn );
        QPixmapCache::insert( icn, pm);
    }

    drag->setPixmap( pm );
    drag->setHotSpot( QPoint( pm.rect().width() / 2,
                             pm.rect().height() / 2 ) );

    return drag;
}
void ObjectManipulator::removeUserFolder()
{
    ObjectTreeViewItem *item = dynamic_cast<ObjectTreeViewItem *>
        (getCurrentObjectTree()->currentItem());
    if (item == 0 || item->getUserFolderParent() == 0) return;
    ObjectTreeViewItem *parent = dynamic_cast<ObjectTreeViewItem *>
        (item->parent());
    assert(parent != 0);

    vector<FWObject *> objs;
    for (int ii = 0; ii < item->childCount(); ii++) {
        ObjectTreeViewItem *child = dynamic_cast<ObjectTreeViewItem *>
            (item->child(ii));

        FWObject *obj = child->getFWObject();
        if (obj->getRO()) {
            QMessageBox::critical(this, "Firewall Builder",
                                  tr("Folder with locked object "
                                     "cannot be deleted"));
            return;
        }

        objs.push_back(obj);
    }

    if (objs.size() > 0) {
        QApplication::setOverrideCursor(QCursor(Qt::WaitCursor));
        ConfirmDeleteObjectDialog confirm(this);
        confirm.load(objs);
        QApplication::restoreOverrideCursor();
        if (confirm.exec() == QDialog::Rejected) return;
    }

    FWCmdMacro *macro = new FWCmdMacro(tr("Delete user folder"));

    QList<QTreeWidgetItem *> children = item->takeChildren();
    while (!children.isEmpty()) {
        ObjectTreeViewItem *child = dynamic_cast<ObjectTreeViewItem *>
            (children.takeFirst());
        assert(child != 0);

        FWObject *obj = child->getFWObject();
        if (mw->isEditorVisible() && mw->getOpenedEditor() == obj) {
            mw->hideEditor();
        }

        deleteObject(obj, macro);
    }

    FWCmdRemoveUserFolder *cmd =
        new FWCmdRemoveUserFolder(m_project, parent->getFWObject(),
                                  item->getUserFolderName(), "", macro);
    FWObject *newObj = cmd->getNewState();
    set<string> folders = stringToSet(newObj->getStr("subfolders"));
    folders.erase(item->getUserFolderName().toUtf8().constData());
    newObj->setStr("subfolders", setToString(folders));

    m_project->undoStack->push(macro);
}
void ObjectManipulator::groupObjects()
{
    if (getCurrentObjectTree()->getNumSelected()==0) return;

    FWObject *co = getCurrentObjectTree()->getSelectedObjects().front();

    newGroupDialog ngd(this, m_project->db());

    if (ngd.exec()==QDialog::Accepted)
    {
        QString objName = ngd.m_dialog->obj_name->text();
        QString libName = ngd.m_dialog->libs->currentText();

        QString type = ObjectGroup::TYPENAME;
        if (Service::cast(co)!=NULL)  type=ServiceGroup::TYPENAME;
        if (Interval::cast(co)!=NULL) type=IntervalGroup::TYPENAME;

        FWObject *parent = NULL;
        FWObject *newgrp = NULL;

        list<FWObject*> ll = m_project->db()->getByType( Library::TYPENAME );
        for (FWObject::iterator i=ll.begin(); i!=ll.end(); i++)
        {
            FWObject *lib=*i;
            if (libName==QString::fromUtf8(lib->getName().c_str()))
            {
/* TODO: need to show a dialog and say that chosen library is
 * read-only.  this is not critical though since newGroupDialog fills
 * the pull-down only with names of read-write libraries
 */
                if (lib->isReadOnly()) return;
                parent = FWBTree().getStandardSlotForObject(lib,type);
                if (parent==NULL)
                {
                    if (fwbdebug)
                        qDebug("ObjectManipulator::groupObjects(): could not find standard slot for object of type %s in library %s",
                               type.toAscii().constData(),lib->getName().c_str());
                    return;
                }
                newgrp = m_project->db()->create(type.toStdString());
                newgrp->setName(string(objName.toUtf8().constData()));
                break;
            }
        }
        if (newgrp==NULL) return;

        FWCmdAddObject *cmd = new FWCmdAddObject(
            m_project, parent, newgrp, QObject::tr("Create new group"));
        FWObject *new_state = cmd->getNewState();
        new_state->add(newgrp);

        vector<FWObject*> so = getCurrentObjectTree()->getSimplifiedSelection();
        for (vector<FWObject*>::iterator i=so.begin();  i!=so.end(); ++i)
            newgrp->addRef(*i);

        m_project->undoStack->push(cmd);
    }
}
/*
 * checks if one of the children of RuleElement is a host, IPv4 or
 * network object with address 0.0.0.0 and netmask 0.0.0.0.
 *
 * Exceptions: 
 *   - object 'any'
 *   - interface with dynamic address.
 *
 * In addition check for address A.B.C.D/0 which is most likely a
 * mistake if A.B.C.D != 0.0.0.0. See #475
 */
Address* PolicyCompiler::checkForZeroAddr::findZeroAddress(RuleElement *re)
{
    Address *a=NULL;

    for (FWObject::iterator i=re->begin(); i!=re->end(); i++) 
    {
        FWObject *o = FWReference::getObject(*i);
	assert(o!=NULL);

        MultiAddress *maddr = MultiAddress::cast(o);
        if (maddr && maddr->isRunTime()) continue;

        Address *addr = Address::cast(o);
        
        if (addr==NULL && o!=NULL)
            compiler->warning(
                    re->getParent(), 
                    string("findZeroAddress: Unknown object in rule element: ") +
                    o->getName() +
                    "  type=" + o->getTypeName());

        if (addr && addr->hasInetAddress())
        {
            if (Interface::cast(o)!=NULL && 
                (Interface::cast(o)->isDyn() ||
                 Interface::cast(o)->isUnnumbered() ||
                 Interface::cast(o)->isBridgePort()))
                continue;

            if ( ! addr->isAny())
            {
                const InetAddr *ad = addr->getAddressPtr();
                const InetAddr *nm = addr->getNetmaskPtr();
                // AddressRange has address but not netmask
                // AddressRange with address 0.0.0.0 is acceptable
                // (not equivalent to "any")
                if (ad->isAny() && nm!=NULL && nm->isAny())
                {
                    a = addr;
                    break;
                }
                // Address A.B.C.D/0 is most likely a mistake if
                // A.B.C.D != 0.0.0.0
                if ((Network::cast(addr) || NetworkIPv6::cast(addr)) &&
                    !ad->isAny() && nm!=NULL && nm->isAny())
                {
                    a = addr;
                    break;
                }
            }
        }
    }

    return a;
}
string RoutingCompiler::debugPrintRule(Rule *r)
{
    RoutingRule *rule = RoutingRule::cast(r);

    RuleElementRDst *dstrel = rule->getRDst();
    RuleElementRItf *itfrel = rule->getRItf();
    RuleElementRGtw *gtwrel = rule->getRGtw();

    ostringstream str;

//    str << setw(70) << setfill('-') << "-";

    string dst, itf, gtw;
   
    FWObject *obj = FWReference::getObject(itfrel->front());
    itf = (obj) ? obj->getName() : "NULL";

    obj = FWReference::getObject(gtwrel->front());
    gtw = (obj) ? obj->getName() : "NULL";
     
    
    int no = 0;
    FWObject::iterator i1 = dstrel->begin();
    while ( i1!=dstrel->end())
    {
        str << endl;

        dst = " ";

        if (i1 != dstrel->end())
        {
            FWObject *o = FWReference::getObject(*i1);
            dst = (o) ? o->getName() : "NULL";
        }

        int w = 0;
        if (no==0)
        {
            str << rule->getLabel();
            w = rule->getLabel().length();
        }
        
        str <<  setw(10-w)  << setfill(' ') << " ";

        str <<  setw(18) << setfill(' ') << dst.c_str() << " ";
        str <<  setw(18) << setfill(' ') << itf.c_str() << " ";
        str <<  setw(18) << setfill(' ') << gtw.c_str() << " ";
        str <<  setw(18) << setfill(' ') << " ";

        ++no;

        if ( i1 != dstrel->end() ) ++i1;
    }
    return str.str();
}
Exemple #15
0
void PolicyRule::setDummySource()
{
    FWObjectDatabase *root = getRoot();
    FWObject *dummySource = root->findInIndex(FWObjectDatabase::DUMMY_ADDRESS_ID);
    if (!dummySource || (root->getStringId(dummySource->getId()) != "dummyaddressid0"))
        return;

    FWObject::iterator i1 = begin();
    (*i1)->addRef(dummySource);
    src_re = RuleElementSrc::cast(*i1);
}
bool NATCompiler_ipf::ExpandPortRange::processNext()
{
    NATRule *rule=getNext(); if (rule==NULL) return false;

    Service          *osrv=compiler->getFirstOSrv(rule);

    if (UDPService::isA(osrv) || TCPService::isA(osrv))
    {
	int rs = TCPUDPService::cast(osrv)->getDstRangeStart();
	int re = TCPUDPService::cast(osrv)->getDstRangeEnd();

        int numPorts = re-rs+1;
        if (numPorts==1)
        {
            tmp_queue.push_back(rule);
            return true;
        }

        if (numPorts > 20)
        {
            ostringstream ostr;
            ostr << string("Expanding port range ") << osrv->getName()
                 << " creates " << numPorts << " rules";
            compiler->warning(rule, ostr.str());
        }

        string newSrvType = TCPService::TYPENAME;
        if (UDPService::isA(osrv)) newSrvType = UDPService::TYPENAME;

        for (int p=rs; p<=re; ++p)
        {
            NATRule *r = compiler->dbcopy->createNATRule();
            r->duplicate(rule);

            FWObject *newSrv = compiler->dbcopy->create(newSrvType);
            newSrv->duplicate(osrv,true);
            TCPUDPService::cast(newSrv)->setDstRangeStart(p);
            TCPUDPService::cast(newSrv)->setDstRangeEnd(p);
            compiler->persistent_objects->add(newSrv,false);
            compiler->dbcopy->addToIndex(newSrv);

            RuleElementOSrv *nosrv = r->getOSrv();
            nosrv->clearChildren();
            nosrv->addRef(newSrv);

            compiler->temp_ruleset->add(r);
            tmp_queue.push_back(r);
        }
    } else
    {
        tmp_queue.push_back(rule);
    }
    return true;
}
void ProjectPanel::fileExport()
{
    LibExportDialog ed;
    list<FWObject*>  selectedLibs;
    map<int,FWObject*>::iterator i;
    int lib_idx = -1;
    do
    {
        if (ed.exec()!=QDialog::Accepted) return;

        QList<QListWidgetItem*> selitems = ed.m_dialog->libs->selectedItems();

        for (i=ed.mapOfLibs.begin(); i!=ed.mapOfLibs.end(); i++)
            if (selitems.contains(ed.m_dialog->libs->item(i->first)))
                selectedLibs.push_back(i->second);

        lib_idx=ed.m_dialog->libs->currentRow ();

        if (lib_idx<0 || selectedLibs.size()==0)
        {
            QMessageBox::critical(
                this,"Firewall Builder",
                tr("Please select a library you want to export."),
                "&Continue", QString::null,QString::null,
                0, 1 );

            return;
        }
    } while (!exportLibraryTest(selectedLibs));

    FWObject *selLib = ed.mapOfLibs[ lib_idx ];
    QString path = st->getOpenFileDir() + QString::fromUtf8(selLib->getName().c_str()) + ".fwl";

    resetFD();

    QString fname = QFileDialog::getSaveFileName(
        this,
        "Choose a filename to save under",
        path,
        "Firewall Builder library files (*.fwl)");

    if (fname.isEmpty()) return;

    if (QFile::exists(fname) &&
         QMessageBox::warning(
             this,"Firewall Builder",
             tr("The file %1 already exists.\nDo you want to overwrite it ?")
             .arg(fname),
             tr("&Yes"), tr("&No"), QString::null,
             0, 1 )==1 ) return;

    st->setOpenFileDir(path);
    exportLibraryTo(fname,selectedLibs,ed.m_dialog->exportRO->isChecked());
}
void GroupRegistry::registerGroup(FWObject *grp, const list<FWObject*> &objects)
{
    for (list<FWObject*>::const_iterator it=objects.begin();
         it!=objects.end(); ++it)
    {
        FWObject *o = FWReference::getObject(*it);
        string str_id = FWObjectDatabase::getStringId(o->getId());
        group_registry[str_id].insert(grp->getName());
        setGroupRegistryKey(o, str_id);
    }
}
bool PolicyCompiler::InterfacePolicyRules::processNext()
{
    PolicyRule *rule = getNext(); if (rule==NULL) return false;

    RuleElementItf *itfre = rule->getItf(); assert(itfre);
    if (itfre->isAny())
    {
//        rule->setInterfaceId(-1);
        tmp_queue.push_back(rule);
        return true;
    }

    for (FWObject::iterator i=itfre->begin(); i!=itfre->end(); ++i)
    {
        FWObject *o = FWReference::getObject(*i);
        if (ObjectGroup::isA(o))
        {
            // a group in "interface" rule element. GUI checks that only
            // interfaces are allowed in such group, but we should check anyway.
            for (FWObject::iterator i=o->begin(); i!=o->end(); ++i)
            {
                FWObject *o1 = FWReference::getObject(*i);
                if (!Interface::isA(o1))
                {
                    compiler->warning(
                        "Object '" + o1->getName() +
                        "', which is not an interface, is a member of the group '" +
                        o->getName() +
                        "' used in 'Interface' element of a rule.");
                    continue;
                }
                PolicyRule *r= compiler->dbcopy->createPolicyRule();
                compiler->temp_ruleset->add(r);
                r->duplicate(rule);
                RuleElementItf *nitf = r->getItf();
                nitf->clearChildren();
                nitf->setAnyElement();
                nitf->addRef(o1);
                tmp_queue.push_back(r);
            }
        } else
        {
            PolicyRule *r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            RuleElementItf *nitf = r->getItf();
	    nitf->clearChildren();
	    nitf->setAnyElement();
            nitf->addRef(o);
            tmp_queue.push_back(r);
        }
    }
    return true;
}
Exemple #20
0
void PolicyRule::setDummyDestination()
{
    FWObjectDatabase *root = getRoot();
    FWObject *dummyDestination = root->findInIndex(FWObjectDatabase::DUMMY_ADDRESS_ID);
    if (!dummyDestination || (root->getStringId(dummyDestination->getId()) != "dummyaddressid0"))
        return;

    FWObject::iterator i1 = begin();
    i1++;
    (*i1)->addRef(dummyDestination);
    dst_re = RuleElementDst::cast(*i1);
}
Exemple #21
0
void ProjectPanel::updateFirewallName()
{
    if (visibleRuleSet==NULL) return ;
    QString name;
//     mw->buildEditorTitleAndIcon(visibleRuleSet, ObjectEditor::optNone,
//                                 &name, NULL, false);
//    name = "<b>" + name  + "</b>";
    FWObject *fw = visibleRuleSet->getParent();
    name = QString("%1 / %2")
           .arg(QString::fromUtf8(fw->getName().c_str()))
           .arg(QString::fromUtf8(visibleRuleSet->getName().c_str()));
    m_panel->rulesetname->setText(name );
}
Exemple #22
0
void PolicyRule::setDummyService()
{
    FWObjectDatabase *root = getRoot();
    FWObject *dummyService = root->findInIndex(FWObjectDatabase::DUMMY_SERVICE_ID);
    if (!dummyService || (root->getStringId(dummyService->getId()) != "dummyserviceid0"))
        return;

    FWObject::iterator i1 = begin();
    i1++;
    i1++;
    (*i1)->addRef(dummyService);
    srv_re = RuleElementSrv::cast(*i1);
}
Exemple #23
0
void PolicyRule::setDummyInterface()
{
    FWObjectDatabase *root = getRoot();
    FWObject *dummyInterface = root->findInIndex(FWObjectDatabase::DUMMY_INTERFACE_ID);
    if (!dummyInterface || (root->getStringId(dummyInterface->getId()) != "dummyinterfaceid0"))
        return;

    FWObject::iterator i1 = begin();
    i1++;
    i1++;
    i1++;
    (*i1)->addRef(dummyInterface);
    itf_re = RuleElementItf::cast(*i1);
}
void MetricEditorPanel::loadFWObject(libfwbuilder::FWObject *obj)
{
    RoutingRule *r=RoutingRule::cast(obj);
    if (r==nullptr) return;
    rule=r;

    FWObject *o = r;
    while (o!=nullptr && Firewall::cast(o)==nullptr) o=o->getParent();
    assert(o!=nullptr);

    m_widget->spin_box->setMinimum( 0);
    m_widget->spin_box->setMaximum( 255);
    m_widget->spin_box->setValue( r->getMetric());
}
Exemple #25
0
void ObjectListView::dragEnterEvent( QDragEnterEvent *ev)
{
    if (fwbdebug)
        qDebug("ObjectListView::dragEnterEvent");
    //ev->setAccepted( ev->mimeData()->hasFormat(FWObjectDrag::FWB_MIME_TYPE) );

#if QT_VERSION < QT_VERSION_CHECK(5, 0, 0)
    QWidget *fromWidget = ev->source();
#else
    QWidget *fromWidget = qobject_cast<QWidget*>(ev->source());
#endif

    // The source of DnD object must be the same instance of fwbuilder
    if (!fromWidget)
    {
        ev->setAccepted(false);
        return;
    }
   
    if (!ev->mimeData()->hasFormat(FWObjectDrag::FWB_MIME_TYPE))
    {
        ev->setAccepted(false);
        return;
    }

    list<FWObject*> dragol;
    if (!FWObjectDrag::decode(ev, dragol))
        ev->setAccepted(false);
    for (list<FWObject*>::iterator i=dragol.begin();i!=dragol.end(); ++i)
    {
        FWObject *dragobj = *i;
        assert(dragobj!=NULL);

        if (FWBTree().isSystem(dragobj))
        {
// can not drop system folder anywhere 
            ev->setAccepted(false);
            return;
        }

        // see #1976 do not allow pasting object that has been deleted
        if (dragobj->getLibrary()->getId() == FWObjectDatabase::DELETED_OBJECTS_ID)
        {
            ev->setAccepted(false);
            return;
        }
    }

    ev->setAccepted(true);
}
Exemple #26
0
string TableFactory::generateTblID(RuleElement *re)
{
    string res;
    list<string> lids;
    for (FWObject::iterator i=re->begin(); i!=re->end(); i++)
    {
        FWObject *o   = *i;
        if (FWReference::cast(o)!=nullptr) o=FWReference::cast(o)->getPointer();
        lids.push_back(FWObjectDatabase::getStringId(o->getId()));
    }
    lids.sort();
    joinIDs R = for_each(lids.begin(), lids.end(), joinIDs("_"));
    return R.out;
}
void GroupObjectDialog::deleteObj()
{
    // make a copy of the list of selected objects because selection
    // changes when we delete items 
    vector<int> tv;
    copy(selectedObjects.begin(),selectedObjects.end(),inserter(tv,tv.begin()));

    for(vector<int>::iterator it=tv.begin(); it!=tv.end(); ++it)
    {
        if (fwbdebug)
            qDebug("GroupObjectDialog::deleteObj()  (*it)=%d", (*it));

        FWObject* selectedObject = m_project->db()->findInIndex(*it);

        // Bugfix: Do not delete an object in locked group with the Delete key
        set<FWObject*> res_tmp;
        m_project->db()->getRoot()->findWhereObjectIsUsed(selectedObject, m_project->db()->getRoot(), res_tmp);
        foreach(FWObject* o, res_tmp) {
            if (FWObjectReference::cast(o))
                if (Group::cast(o->getParent()))
                    if (o->isReadOnly())
                        return;
        }


        int o_id = selectedObject->getId();

        for (int it=0; it<listView->topLevelItemCount(); ++it)
        {
            QTreeWidgetItem *itm = listView->topLevelItem(it);
            if (o_id == itm->data(0, Qt::UserRole).toInt())
            {
                listView->takeTopLevelItem(it);
                break;
            }
        }

        for (int it=0; it<iconView->count(); ++it)
        {
            QListWidgetItem *itm = iconView->item(it);
            if (o_id == itm->data(Qt::UserRole).toInt())
            {
                iconView->takeItem(it);
                break;
            }
        }
    }
    changed();
}
/*
 * Ticket #727
 *
 * if type is ethernet and has vlan subinterfaces, not eligible
 * if type is vlan, eligible
 * if type is bridge, eligible
 * if type is bonding, eligible
 * if type is ethernet and interface with the same name is used for bonding, then not eligible
 * if type is ethernet and parent is bridge, then not eligible
 */
bool interfaceProperties::isEligibleForCluster(Interface *intf)
{
    list<FWObject*> subinterfaces = intf->getByType(Interface::TYPENAME);
    string interface_type = intf->getOptionsObject()->getStr("type");

    if (intf->isBridgePort())
        return false;

    if (interface_type.empty())
        interface_type = "ethernet";
    if (interface_type == "8021q")
        return true;
    if (interface_type == "bridge")
        return true;
    if (interface_type == "bonding")
        return true;

    if (interface_type == "ethernet")
    {
        Interface *parent_iface = Interface::cast(intf->getParent());
        if (parent_iface &&
            parent_iface->getOptionsObject()->getStr("type") == "bridge")
            return false;

        FWObject *fw = Host::getParentHost(intf);
        //FWObject *fw = intf->getParentHost();
        list<FWObject*> interfaces = fw->getByTypeDeep(Interface::TYPENAME);
        list<FWObject*>::iterator i;
        for (i=interfaces.begin(); i!=interfaces.end(); ++i )
        {
            Interface *iface = Interface::cast(*i);
            assert(iface);
            Interface *parent_iface = Interface::cast(iface->getParent());
            if (parent_iface == nullptr)
         continue;
            if (parent_iface->getOptionsObject()->getStr("type") == "bonding" &&
                iface->getName() == intf->getName())
            {
                // @intf is used as a bond slave and can't be used for cluster
                return false;
            }

        }

        if (subinterfaces.size() > 0)
            return false;
    }
    return true;
}
void RuleOptionsDialog::fillInterfaces(QComboBox* cb)
{
    QSet<QString> deduplicated_interface_names;

    list<FWObject*> interfaces = firewall->getByTypeDeep(Interface::TYPENAME);
    for (list<FWObject*>::iterator i=interfaces.begin(); i!=interfaces.end(); ++i)
    {
        Interface *iface = Interface::cast(*i);
        assert(iface);

        if (iface->isLoopback()) continue;

        deduplicated_interface_names.insert(iface->getName().c_str());

        if (Cluster::isA(firewall))
        {
            FailoverClusterGroup *failover_group =
                FailoverClusterGroup::cast(
                    iface->getFirstByType(FailoverClusterGroup::TYPENAME));
            if (failover_group)
            {
                for (FWObject::iterator it=failover_group->begin();
                     it!=failover_group->end(); ++it)
                {
                    FWObject *mi = FWReference::getObject(*it);
                    if (Interface::isA(mi) && ! iface->isLoopback())
                    {
                        deduplicated_interface_names.insert(mi->getName().c_str());
                    }
                }
            }
        }
    }

    QStringList sorted_interfaces;
    QSetIterator<QString> it(deduplicated_interface_names);
    while (it.hasNext())
    {
        sorted_interfaces << it.next();
    }
    sorted_interfaces.sort();

    cb->clear();
    cb->addItem("");
    cb->addItems(sorted_interfaces);
}
Exemple #30
0
FWObject* TableFactory::createTableObject(const string &tblname,
                                          const string &tblid)
{
    FWObject *tblgrp = dbroot->createObjectGroup();

    tblgrp->setName( tblname );
    tblgrp->setId(FWObjectDatabase::generateUniqueId()); //  "id_" + tblname );

    persistent_tables->add(tblgrp, false);
    dbroot->addToIndex(tblgrp);

    tblgrp->setBool("pf_table", true);
    tblgrp->setStr("pf_table_id", tblid);

    registerTable(tblname, tblid, tblgrp);

    return tblgrp;
}