// Invalid routing destination network: network address and netmask mismatch.
bool RoutingCompiler::validateNetwork::processNext()
{
RoutingRule *rule=getNext(); if (rule==NULL) return false;
tmp_queue.push_back(rule);
RuleElementRDst *dstrel=rule->getRDst();
FWObject *o = FWReference::cast(dstrel->front())->getPointer();
// currently we do not support run-time DNSName and AddressTable objects
// in routing rules.
MultiAddress *ma = MultiAddress::cast(o);
if (ma && ma->isRunTime())
{
compiler->abort(rule, "Use of dynamic run-time objects "
"as destination in routing rules is not supported.");
}
if( checkValidNetwork(o) == false)
{
string msg;
msg = "Object \"" + o->getName() +
"\" used as destination in the routing rule " +
rule->getLabel() + " has invalid netmask";
compiler->abort(rule, msg.c_str());
}
return true;
}
FWObject* AddressObjectMaker::createObject(ObjectSignature &sig)
{
FWObject *obj = nullptr;
if (sig.type_name == AddressRange::TYPENAME)
obj = createAddressRange(sig);
if (sig.type_name == AddressTable::TYPENAME)
obj = createAddressTable(sig);
if (sig.type_name == DNSName::TYPENAME)
obj = createDNSName(sig);
if (obj == nullptr)
obj = createAddress(sig);
// Now I should build new signature because actual object type has
// only been determined in createAddress()
ObjectSignature new_sig(error_tracker);
if ( ! sig.object_name.isEmpty())
{
obj->setName(sig.object_name.toUtf8().constData());
obj->dispatch(&new_sig, (void*)(nullptr));
registerNamedObject(new_sig, obj);
} else
{
obj->dispatch(&new_sig, (void*)(nullptr));
registerAnonymousObject(new_sig, obj);
}
return obj;
}
xmlNodePtr RuleSet::toXML(xmlNodePtr parent)
{
xmlNodePtr me = FWObject::toXML(parent, false);
xmlNewProp(me, XMLTools::ToXmlCast("name"), XMLTools::StrToXmlCast(getName()));
xmlNewProp(me, XMLTools::ToXmlCast("comment"), XMLTools::StrToXmlCast(getComment()));
xmlNewProp(me, XMLTools::ToXmlCast("ro"), XMLTools::ToXmlCast(((getRO()) ? "True" : "False")));
xmlNewProp(me, XMLTools::ToXmlCast("ipv4_rule_set"),
XMLTools::ToXmlCast(((ipv4) ? "True" : "False")));
xmlNewProp(me, XMLTools::ToXmlCast("ipv6_rule_set"),
XMLTools::ToXmlCast(((ipv6) ? "True" : "False")));
xmlNewProp(me, XMLTools::ToXmlCast("top_rule_set"),
XMLTools::ToXmlCast(((top) ? "True" : "False")));
// First all rules, skip options
for(list<FWObject*>::const_iterator j=begin(); j!=end(); ++j)
{
if (FWOptions::cast(*j) == nullptr) (*j)->toXML(me);
}
FWObject *o;
if ( (o=getFirstByType( RuleSetOptions::TYPENAME ))!=nullptr )
o->toXML(me);
return me;
}
void ObjectManipulator::moveObject(FWObject *targetLib, FWObject *obj)
{
FWObject *cl=getCurrentLib();
if (cl==targetLib) return;
FWObject *grp = NULL;
if (FWObjectDatabase::isA(targetLib)) grp = targetLib;
else
{
grp = FWBTree().getStandardSlotForObject(
targetLib, obj->getTypeName().c_str());
}
if (grp==NULL) grp=targetLib;
if (!grp->isReadOnly())
{
map<int, set<FWObject*> > reference_holders;
FWCmdMoveObject *cmd = new FWCmdMoveObject(m_project,
obj->getParent(),
grp,
obj,
reference_holders,
"Move object");
m_project->undoStack->push(cmd);
}
if (fwbdebug) qDebug("ObjectManipulator::moveObject all done");
}
void ObjectManipulator::unlockObject()
{
if (fwbdebug)
qDebug() << "ObjectManipulator::unlockObject selected:"
<< getCurrentObjectTree()->getNumSelected();
if (getCurrentObjectTree()->getNumSelected()==0) return;
try
{
FWObject *obj;
vector<FWObject*> so = getCurrentObjectTree()->getSimplifiedSelection();
for (vector<FWObject*>::iterator i=so.begin(); i!=so.end(); ++i)
{
obj= *i;
FWObject *lib = obj->getLibrary();
if (lib->getId()!=FWObjectDatabase::STANDARD_LIB_ID)
{
std::auto_ptr<FWCmdLockObject> cmd(
new FWCmdLockObject(m_project, obj, tr("Unlock object ") +
QString::fromUtf8(obj->getName().c_str())));
FWObject* new_state = cmd->getNewState();
new_state->setReadOnly(false);
if (!cmd->getOldState()->cmp(new_state, true))
m_project->undoStack->push(cmd.release());
}
}
} catch (FWException &ex)
{
qDebug() << ex.toString().c_str();
}
}
void FWObjectDropArea::dragEnterEvent( QDragEnterEvent *ev)
{
list<FWObject*> dragol;
if (FWObjectDrag::decode(ev, dragol))
{
if (dragol.size()>0)
{
FWObject * o = dragol.front();
bool ok = false ;
if (acceptedTypes.size()==0)
ok = true ;
for (int p = 0 ; p < acceptedTypes.size(); p++)
{
QString type =o->getTypeName().c_str();
if (type==acceptedTypes[p])
{
ok = true ;
break ;
}
}
if (!ok)
{
ev->setAccepted(false);
return ;
}
}
}
ev->setAccepted( ev->mimeData()->hasFormat(FWObjectDrag::FWB_MIME_TYPE) );
}
void CreateObjectGroupsForTSrc::packObjects(RuleElement *re,
BaseObjectGroup *obj_group)
{
if (libfwbuilder::XMLTools::version_compare(
compiler->fw->getStr("version"), "8.3")>=0)
{
// put all objects inside of the group, except for the interface
// if it belongs to the firewall
FWObject *re_interface = NULL;
for (FWObject::iterator i1=re->begin(); i1!=re->end(); ++i1)
{
FWObject *o = *i1;
FWObject *obj = o;
if (FWReference::cast(o)!=NULL)
obj = FWReference::cast(o)->getPointer();
if (Interface::isA(obj) && obj->isChildOf(compiler->fw))
{
re_interface = obj;
continue;
}
obj_group->addRef(obj);
}
re->clearChildren(false); //do not want to destroy children objects
if (re_interface)
{
// add interface back.
re->addRef(re_interface);
}
re->addRef(obj_group);
} else
{
CreateObjectGroups::packObjects(re, obj_group);
}
}
bool PolicyCompiler::ConvertToAtomicForAddresses::processNext()
{
PolicyRule *rule=getNext(); if (rule==NULL) return false;
RuleElementSrc *src=rule->getSrc(); assert(src);
RuleElementDst *dst=rule->getDst(); assert(dst);
for (FWObject::iterator i1=src->begin(); i1!=src->end(); ++i1) {
for (FWObject::iterator i2=dst->begin(); i2!=dst->end(); ++i2) {
PolicyRule *r = compiler->dbcopy->createPolicyRule();
r->duplicate(rule);
compiler->temp_ruleset->add(r);
FWObject *s;
s=r->getSrc(); assert(s);
s->clearChildren();
s->addCopyOf( *i1 );
s=r->getDst(); assert(s);
s->clearChildren();
s->addCopyOf( *i2 );
tmp_queue.push_back(r);
}
}
return true;
}
bool PolicyCompiler::ConvertToAtomicForIntervals::processNext()
{
PolicyRule *rule=getNext(); if (rule==NULL) return false;
RuleElementInterval *ivl=rule->getWhen();
if (ivl==NULL || ivl->isAny()) {
tmp_queue.push_back(rule);
return true;
}
for (FWObject::iterator i1=ivl->begin(); i1!=ivl->end(); ++i1) {
PolicyRule *r = compiler->dbcopy->createPolicyRule();
r->duplicate(rule);
compiler->temp_ruleset->add(r);
FWObject *s;
s=r->getWhen(); assert(s);
s->clearChildren();
s->addCopyOf( *i1 );
tmp_queue.push_back(r);
}
return true;
}
QDrag* ObjectListView::dragObject()
{
QTreeWidgetItem *ovi = currentItem();
// currentItem returns NULL if the list is empty
if (ovi==NULL) return NULL;
int obj_id = ovi->data(0, Qt::UserRole).toInt();
FWObject *obj = db->findInIndex(obj_id);
QString icn = (":/Icons/"+obj->getTypeName()+"/icon-ref").c_str();
//Resources::global_res->getObjResourceStr(obj, "icon-ref").c_str();
list<FWObject*> dragobj;
dragobj.push_back(obj);
FWObjectDrag *drag = new FWObjectDrag(dragobj, this);
//QPixmap pm = QPixmap::fromMimeSource( icn_filename );
QPixmap pm;
if ( ! QPixmapCache::find( icn, pm) )
{
pm.load( icn );
QPixmapCache::insert( icn, pm);
}
drag->setPixmap( pm );
drag->setHotSpot( QPoint( pm.rect().width() / 2,
pm.rect().height() / 2 ) );
return drag;
}
void ObjectManipulator::removeUserFolder()
{
ObjectTreeViewItem *item = dynamic_cast<ObjectTreeViewItem *>
(getCurrentObjectTree()->currentItem());
if (item == 0 || item->getUserFolderParent() == 0) return;
ObjectTreeViewItem *parent = dynamic_cast<ObjectTreeViewItem *>
(item->parent());
assert(parent != 0);
vector<FWObject *> objs;
for (int ii = 0; ii < item->childCount(); ii++) {
ObjectTreeViewItem *child = dynamic_cast<ObjectTreeViewItem *>
(item->child(ii));
FWObject *obj = child->getFWObject();
if (obj->getRO()) {
QMessageBox::critical(this, "Firewall Builder",
tr("Folder with locked object "
"cannot be deleted"));
return;
}
objs.push_back(obj);
}
if (objs.size() > 0) {
QApplication::setOverrideCursor(QCursor(Qt::WaitCursor));
ConfirmDeleteObjectDialog confirm(this);
confirm.load(objs);
QApplication::restoreOverrideCursor();
if (confirm.exec() == QDialog::Rejected) return;
}
FWCmdMacro *macro = new FWCmdMacro(tr("Delete user folder"));
QList<QTreeWidgetItem *> children = item->takeChildren();
while (!children.isEmpty()) {
ObjectTreeViewItem *child = dynamic_cast<ObjectTreeViewItem *>
(children.takeFirst());
assert(child != 0);
FWObject *obj = child->getFWObject();
if (mw->isEditorVisible() && mw->getOpenedEditor() == obj) {
mw->hideEditor();
}
deleteObject(obj, macro);
}
FWCmdRemoveUserFolder *cmd =
new FWCmdRemoveUserFolder(m_project, parent->getFWObject(),
item->getUserFolderName(), "", macro);
FWObject *newObj = cmd->getNewState();
set<string> folders = stringToSet(newObj->getStr("subfolders"));
folders.erase(item->getUserFolderName().toUtf8().constData());
newObj->setStr("subfolders", setToString(folders));
m_project->undoStack->push(macro);
}
void ObjectManipulator::groupObjects()
{
if (getCurrentObjectTree()->getNumSelected()==0) return;
FWObject *co = getCurrentObjectTree()->getSelectedObjects().front();
newGroupDialog ngd(this, m_project->db());
if (ngd.exec()==QDialog::Accepted)
{
QString objName = ngd.m_dialog->obj_name->text();
QString libName = ngd.m_dialog->libs->currentText();
QString type = ObjectGroup::TYPENAME;
if (Service::cast(co)!=NULL) type=ServiceGroup::TYPENAME;
if (Interval::cast(co)!=NULL) type=IntervalGroup::TYPENAME;
FWObject *parent = NULL;
FWObject *newgrp = NULL;
list<FWObject*> ll = m_project->db()->getByType( Library::TYPENAME );
for (FWObject::iterator i=ll.begin(); i!=ll.end(); i++)
{
FWObject *lib=*i;
if (libName==QString::fromUtf8(lib->getName().c_str()))
{
/* TODO: need to show a dialog and say that chosen library is
* read-only. this is not critical though since newGroupDialog fills
* the pull-down only with names of read-write libraries
*/
if (lib->isReadOnly()) return;
parent = FWBTree().getStandardSlotForObject(lib,type);
if (parent==NULL)
{
if (fwbdebug)
qDebug("ObjectManipulator::groupObjects(): could not find standard slot for object of type %s in library %s",
type.toAscii().constData(),lib->getName().c_str());
return;
}
newgrp = m_project->db()->create(type.toStdString());
newgrp->setName(string(objName.toUtf8().constData()));
break;
}
}
if (newgrp==NULL) return;
FWCmdAddObject *cmd = new FWCmdAddObject(
m_project, parent, newgrp, QObject::tr("Create new group"));
FWObject *new_state = cmd->getNewState();
new_state->add(newgrp);
vector<FWObject*> so = getCurrentObjectTree()->getSimplifiedSelection();
for (vector<FWObject*>::iterator i=so.begin(); i!=so.end(); ++i)
newgrp->addRef(*i);
m_project->undoStack->push(cmd);
}
}
/*
* checks if one of the children of RuleElement is a host, IPv4 or
* network object with address 0.0.0.0 and netmask 0.0.0.0.
*
* Exceptions:
* - object 'any'
* - interface with dynamic address.
*
* In addition check for address A.B.C.D/0 which is most likely a
* mistake if A.B.C.D != 0.0.0.0. See #475
*/
Address* PolicyCompiler::checkForZeroAddr::findZeroAddress(RuleElement *re)
{
Address *a=NULL;
for (FWObject::iterator i=re->begin(); i!=re->end(); i++)
{
FWObject *o = FWReference::getObject(*i);
assert(o!=NULL);
MultiAddress *maddr = MultiAddress::cast(o);
if (maddr && maddr->isRunTime()) continue;
Address *addr = Address::cast(o);
if (addr==NULL && o!=NULL)
compiler->warning(
re->getParent(),
string("findZeroAddress: Unknown object in rule element: ") +
o->getName() +
" type=" + o->getTypeName());
if (addr && addr->hasInetAddress())
{
if (Interface::cast(o)!=NULL &&
(Interface::cast(o)->isDyn() ||
Interface::cast(o)->isUnnumbered() ||
Interface::cast(o)->isBridgePort()))
continue;
if ( ! addr->isAny())
{
const InetAddr *ad = addr->getAddressPtr();
const InetAddr *nm = addr->getNetmaskPtr();
// AddressRange has address but not netmask
// AddressRange with address 0.0.0.0 is acceptable
// (not equivalent to "any")
if (ad->isAny() && nm!=NULL && nm->isAny())
{
a = addr;
break;
}
// Address A.B.C.D/0 is most likely a mistake if
// A.B.C.D != 0.0.0.0
if ((Network::cast(addr) || NetworkIPv6::cast(addr)) &&
!ad->isAny() && nm!=NULL && nm->isAny())
{
a = addr;
break;
}
}
}
}
return a;
}
string RoutingCompiler::debugPrintRule(Rule *r)
{
RoutingRule *rule = RoutingRule::cast(r);
RuleElementRDst *dstrel = rule->getRDst();
RuleElementRItf *itfrel = rule->getRItf();
RuleElementRGtw *gtwrel = rule->getRGtw();
ostringstream str;
// str << setw(70) << setfill('-') << "-";
string dst, itf, gtw;
FWObject *obj = FWReference::getObject(itfrel->front());
itf = (obj) ? obj->getName() : "NULL";
obj = FWReference::getObject(gtwrel->front());
gtw = (obj) ? obj->getName() : "NULL";
int no = 0;
FWObject::iterator i1 = dstrel->begin();
while ( i1!=dstrel->end())
{
str << endl;
dst = " ";
if (i1 != dstrel->end())
{
FWObject *o = FWReference::getObject(*i1);
dst = (o) ? o->getName() : "NULL";
}
int w = 0;
if (no==0)
{
str << rule->getLabel();
w = rule->getLabel().length();
}
str << setw(10-w) << setfill(' ') << " ";
str << setw(18) << setfill(' ') << dst.c_str() << " ";
str << setw(18) << setfill(' ') << itf.c_str() << " ";
str << setw(18) << setfill(' ') << gtw.c_str() << " ";
str << setw(18) << setfill(' ') << " ";
++no;
if ( i1 != dstrel->end() ) ++i1;
}
return str.str();
}
void PolicyRule::setDummySource()
{
FWObjectDatabase *root = getRoot();
FWObject *dummySource = root->findInIndex(FWObjectDatabase::DUMMY_ADDRESS_ID);
if (!dummySource || (root->getStringId(dummySource->getId()) != "dummyaddressid0"))
return;
FWObject::iterator i1 = begin();
(*i1)->addRef(dummySource);
src_re = RuleElementSrc::cast(*i1);
}
bool NATCompiler_ipf::ExpandPortRange::processNext()
{
NATRule *rule=getNext(); if (rule==NULL) return false;
Service *osrv=compiler->getFirstOSrv(rule);
if (UDPService::isA(osrv) || TCPService::isA(osrv))
{
int rs = TCPUDPService::cast(osrv)->getDstRangeStart();
int re = TCPUDPService::cast(osrv)->getDstRangeEnd();
int numPorts = re-rs+1;
if (numPorts==1)
{
tmp_queue.push_back(rule);
return true;
}
if (numPorts > 20)
{
ostringstream ostr;
ostr << string("Expanding port range ") << osrv->getName()
<< " creates " << numPorts << " rules";
compiler->warning(rule, ostr.str());
}
string newSrvType = TCPService::TYPENAME;
if (UDPService::isA(osrv)) newSrvType = UDPService::TYPENAME;
for (int p=rs; p<=re; ++p)
{
NATRule *r = compiler->dbcopy->createNATRule();
r->duplicate(rule);
FWObject *newSrv = compiler->dbcopy->create(newSrvType);
newSrv->duplicate(osrv,true);
TCPUDPService::cast(newSrv)->setDstRangeStart(p);
TCPUDPService::cast(newSrv)->setDstRangeEnd(p);
compiler->persistent_objects->add(newSrv,false);
compiler->dbcopy->addToIndex(newSrv);
RuleElementOSrv *nosrv = r->getOSrv();
nosrv->clearChildren();
nosrv->addRef(newSrv);
compiler->temp_ruleset->add(r);
tmp_queue.push_back(r);
}
} else
{
tmp_queue.push_back(rule);
}
return true;
}
void ProjectPanel::fileExport()
{
LibExportDialog ed;
list<FWObject*> selectedLibs;
map<int,FWObject*>::iterator i;
int lib_idx = -1;
do
{
if (ed.exec()!=QDialog::Accepted) return;
QList<QListWidgetItem*> selitems = ed.m_dialog->libs->selectedItems();
for (i=ed.mapOfLibs.begin(); i!=ed.mapOfLibs.end(); i++)
if (selitems.contains(ed.m_dialog->libs->item(i->first)))
selectedLibs.push_back(i->second);
lib_idx=ed.m_dialog->libs->currentRow ();
if (lib_idx<0 || selectedLibs.size()==0)
{
QMessageBox::critical(
this,"Firewall Builder",
tr("Please select a library you want to export."),
"&Continue", QString::null,QString::null,
0, 1 );
return;
}
} while (!exportLibraryTest(selectedLibs));
FWObject *selLib = ed.mapOfLibs[ lib_idx ];
QString path = st->getOpenFileDir() + QString::fromUtf8(selLib->getName().c_str()) + ".fwl";
resetFD();
QString fname = QFileDialog::getSaveFileName(
this,
"Choose a filename to save under",
path,
"Firewall Builder library files (*.fwl)");
if (fname.isEmpty()) return;
if (QFile::exists(fname) &&
QMessageBox::warning(
this,"Firewall Builder",
tr("The file %1 already exists.\nDo you want to overwrite it ?")
.arg(fname),
tr("&Yes"), tr("&No"), QString::null,
0, 1 )==1 ) return;
st->setOpenFileDir(path);
exportLibraryTo(fname,selectedLibs,ed.m_dialog->exportRO->isChecked());
}
void GroupRegistry::registerGroup(FWObject *grp, const list<FWObject*> &objects)
{
for (list<FWObject*>::const_iterator it=objects.begin();
it!=objects.end(); ++it)
{
FWObject *o = FWReference::getObject(*it);
string str_id = FWObjectDatabase::getStringId(o->getId());
group_registry[str_id].insert(grp->getName());
setGroupRegistryKey(o, str_id);
}
}
bool PolicyCompiler::InterfacePolicyRules::processNext()
{
PolicyRule *rule = getNext(); if (rule==NULL) return false;
RuleElementItf *itfre = rule->getItf(); assert(itfre);
if (itfre->isAny())
{
// rule->setInterfaceId(-1);
tmp_queue.push_back(rule);
return true;
}
for (FWObject::iterator i=itfre->begin(); i!=itfre->end(); ++i)
{
FWObject *o = FWReference::getObject(*i);
if (ObjectGroup::isA(o))
{
// a group in "interface" rule element. GUI checks that only
// interfaces are allowed in such group, but we should check anyway.
for (FWObject::iterator i=o->begin(); i!=o->end(); ++i)
{
FWObject *o1 = FWReference::getObject(*i);
if (!Interface::isA(o1))
{
compiler->warning(
"Object '" + o1->getName() +
"', which is not an interface, is a member of the group '" +
o->getName() +
"' used in 'Interface' element of a rule.");
continue;
}
PolicyRule *r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
RuleElementItf *nitf = r->getItf();
nitf->clearChildren();
nitf->setAnyElement();
nitf->addRef(o1);
tmp_queue.push_back(r);
}
} else
{
PolicyRule *r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
RuleElementItf *nitf = r->getItf();
nitf->clearChildren();
nitf->setAnyElement();
nitf->addRef(o);
tmp_queue.push_back(r);
}
}
return true;
}
void PolicyRule::setDummyDestination()
{
FWObjectDatabase *root = getRoot();
FWObject *dummyDestination = root->findInIndex(FWObjectDatabase::DUMMY_ADDRESS_ID);
if (!dummyDestination || (root->getStringId(dummyDestination->getId()) != "dummyaddressid0"))
return;
FWObject::iterator i1 = begin();
i1++;
(*i1)->addRef(dummyDestination);
dst_re = RuleElementDst::cast(*i1);
}
void ProjectPanel::updateFirewallName()
{
if (visibleRuleSet==NULL) return ;
QString name;
// mw->buildEditorTitleAndIcon(visibleRuleSet, ObjectEditor::optNone,
// &name, NULL, false);
// name = "<b>" + name + "</b>";
FWObject *fw = visibleRuleSet->getParent();
name = QString("%1 / %2")
.arg(QString::fromUtf8(fw->getName().c_str()))
.arg(QString::fromUtf8(visibleRuleSet->getName().c_str()));
m_panel->rulesetname->setText(name );
}
void PolicyRule::setDummyService()
{
FWObjectDatabase *root = getRoot();
FWObject *dummyService = root->findInIndex(FWObjectDatabase::DUMMY_SERVICE_ID);
if (!dummyService || (root->getStringId(dummyService->getId()) != "dummyserviceid0"))
return;
FWObject::iterator i1 = begin();
i1++;
i1++;
(*i1)->addRef(dummyService);
srv_re = RuleElementSrv::cast(*i1);
}
void PolicyRule::setDummyInterface()
{
FWObjectDatabase *root = getRoot();
FWObject *dummyInterface = root->findInIndex(FWObjectDatabase::DUMMY_INTERFACE_ID);
if (!dummyInterface || (root->getStringId(dummyInterface->getId()) != "dummyinterfaceid0"))
return;
FWObject::iterator i1 = begin();
i1++;
i1++;
i1++;
(*i1)->addRef(dummyInterface);
itf_re = RuleElementItf::cast(*i1);
}
void MetricEditorPanel::loadFWObject(libfwbuilder::FWObject *obj)
{
RoutingRule *r=RoutingRule::cast(obj);
if (r==nullptr) return;
rule=r;
FWObject *o = r;
while (o!=nullptr && Firewall::cast(o)==nullptr) o=o->getParent();
assert(o!=nullptr);
m_widget->spin_box->setMinimum( 0);
m_widget->spin_box->setMaximum( 255);
m_widget->spin_box->setValue( r->getMetric());
}
void ObjectListView::dragEnterEvent( QDragEnterEvent *ev)
{
if (fwbdebug)
qDebug("ObjectListView::dragEnterEvent");
//ev->setAccepted( ev->mimeData()->hasFormat(FWObjectDrag::FWB_MIME_TYPE) );
#if QT_VERSION < QT_VERSION_CHECK(5, 0, 0)
QWidget *fromWidget = ev->source();
#else
QWidget *fromWidget = qobject_cast<QWidget*>(ev->source());
#endif
// The source of DnD object must be the same instance of fwbuilder
if (!fromWidget)
{
ev->setAccepted(false);
return;
}
if (!ev->mimeData()->hasFormat(FWObjectDrag::FWB_MIME_TYPE))
{
ev->setAccepted(false);
return;
}
list<FWObject*> dragol;
if (!FWObjectDrag::decode(ev, dragol))
ev->setAccepted(false);
for (list<FWObject*>::iterator i=dragol.begin();i!=dragol.end(); ++i)
{
FWObject *dragobj = *i;
assert(dragobj!=NULL);
if (FWBTree().isSystem(dragobj))
{
// can not drop system folder anywhere
ev->setAccepted(false);
return;
}
// see #1976 do not allow pasting object that has been deleted
if (dragobj->getLibrary()->getId() == FWObjectDatabase::DELETED_OBJECTS_ID)
{
ev->setAccepted(false);
return;
}
}
ev->setAccepted(true);
}
string TableFactory::generateTblID(RuleElement *re)
{
string res;
list<string> lids;
for (FWObject::iterator i=re->begin(); i!=re->end(); i++)
{
FWObject *o = *i;
if (FWReference::cast(o)!=nullptr) o=FWReference::cast(o)->getPointer();
lids.push_back(FWObjectDatabase::getStringId(o->getId()));
}
lids.sort();
joinIDs R = for_each(lids.begin(), lids.end(), joinIDs("_"));
return R.out;
}
void GroupObjectDialog::deleteObj()
{
// make a copy of the list of selected objects because selection
// changes when we delete items
vector<int> tv;
copy(selectedObjects.begin(),selectedObjects.end(),inserter(tv,tv.begin()));
for(vector<int>::iterator it=tv.begin(); it!=tv.end(); ++it)
{
if (fwbdebug)
qDebug("GroupObjectDialog::deleteObj() (*it)=%d", (*it));
FWObject* selectedObject = m_project->db()->findInIndex(*it);
// Bugfix: Do not delete an object in locked group with the Delete key
set<FWObject*> res_tmp;
m_project->db()->getRoot()->findWhereObjectIsUsed(selectedObject, m_project->db()->getRoot(), res_tmp);
foreach(FWObject* o, res_tmp) {
if (FWObjectReference::cast(o))
if (Group::cast(o->getParent()))
if (o->isReadOnly())
return;
}
int o_id = selectedObject->getId();
for (int it=0; it<listView->topLevelItemCount(); ++it)
{
QTreeWidgetItem *itm = listView->topLevelItem(it);
if (o_id == itm->data(0, Qt::UserRole).toInt())
{
listView->takeTopLevelItem(it);
break;
}
}
for (int it=0; it<iconView->count(); ++it)
{
QListWidgetItem *itm = iconView->item(it);
if (o_id == itm->data(Qt::UserRole).toInt())
{
iconView->takeItem(it);
break;
}
}
}
changed();
}
/*
* Ticket #727
*
* if type is ethernet and has vlan subinterfaces, not eligible
* if type is vlan, eligible
* if type is bridge, eligible
* if type is bonding, eligible
* if type is ethernet and interface with the same name is used for bonding, then not eligible
* if type is ethernet and parent is bridge, then not eligible
*/
bool interfaceProperties::isEligibleForCluster(Interface *intf)
{
list<FWObject*> subinterfaces = intf->getByType(Interface::TYPENAME);
string interface_type = intf->getOptionsObject()->getStr("type");
if (intf->isBridgePort())
return false;
if (interface_type.empty())
interface_type = "ethernet";
if (interface_type == "8021q")
return true;
if (interface_type == "bridge")
return true;
if (interface_type == "bonding")
return true;
if (interface_type == "ethernet")
{
Interface *parent_iface = Interface::cast(intf->getParent());
if (parent_iface &&
parent_iface->getOptionsObject()->getStr("type") == "bridge")
return false;
FWObject *fw = Host::getParentHost(intf);
//FWObject *fw = intf->getParentHost();
list<FWObject*> interfaces = fw->getByTypeDeep(Interface::TYPENAME);
list<FWObject*>::iterator i;
for (i=interfaces.begin(); i!=interfaces.end(); ++i )
{
Interface *iface = Interface::cast(*i);
assert(iface);
Interface *parent_iface = Interface::cast(iface->getParent());
if (parent_iface == nullptr)
continue;
if (parent_iface->getOptionsObject()->getStr("type") == "bonding" &&
iface->getName() == intf->getName())
{
// @intf is used as a bond slave and can't be used for cluster
return false;
}
}
if (subinterfaces.size() > 0)
return false;
}
return true;
}
void RuleOptionsDialog::fillInterfaces(QComboBox* cb)
{
QSet<QString> deduplicated_interface_names;
list<FWObject*> interfaces = firewall->getByTypeDeep(Interface::TYPENAME);
for (list<FWObject*>::iterator i=interfaces.begin(); i!=interfaces.end(); ++i)
{
Interface *iface = Interface::cast(*i);
assert(iface);
if (iface->isLoopback()) continue;
deduplicated_interface_names.insert(iface->getName().c_str());
if (Cluster::isA(firewall))
{
FailoverClusterGroup *failover_group =
FailoverClusterGroup::cast(
iface->getFirstByType(FailoverClusterGroup::TYPENAME));
if (failover_group)
{
for (FWObject::iterator it=failover_group->begin();
it!=failover_group->end(); ++it)
{
FWObject *mi = FWReference::getObject(*it);
if (Interface::isA(mi) && ! iface->isLoopback())
{
deduplicated_interface_names.insert(mi->getName().c_str());
}
}
}
}
}
QStringList sorted_interfaces;
QSetIterator<QString> it(deduplicated_interface_names);
while (it.hasNext())
{
sorted_interfaces << it.next();
}
sorted_interfaces.sort();
cb->clear();
cb->addItem("");
cb->addItems(sorted_interfaces);
}
FWObject* TableFactory::createTableObject(const string &tblname,
const string &tblid)
{
FWObject *tblgrp = dbroot->createObjectGroup();
tblgrp->setName( tblname );
tblgrp->setId(FWObjectDatabase::generateUniqueId()); // "id_" + tblname );
persistent_tables->add(tblgrp, false);
dbroot->addToIndex(tblgrp);
tblgrp->setBool("pf_table", true);
tblgrp->setStr("pf_table_id", tblid);
registerTable(tblname, tblid, tblgrp);
return tblgrp;
}
