[WIP] Fix ui api authentication
This commit is contained in:
Vladimir Stoilov
@@ -120,7 +120,6 @@ fn show_webview_not_installed_dialog() -> i32 {
|
||||
}
|
||||
|
||||
fn main() {
|
||||
env::set_var("GDK_BACKEND", "x11");
|
||||
if tauri::webview_version().is_err() {
|
||||
std::process::exit(show_webview_not_installed_dialog());
|
||||
}
|
||||
@@ -139,7 +138,7 @@ fn main() {
|
||||
|
||||
// TODO(vladimir): Permission for logs/app2 folder are not guaranteed. Use the default location for now.
|
||||
#[cfg(target_os = "windows")]
|
||||
let log_target = if let Some(data_dir) = cli.data {
|
||||
let log_target = if let Some(data_dir) = cli_args.data {
|
||||
tauri_plugin_log::Target::new(tauri_plugin_log::TargetKind::LogDir { file_name: None })
|
||||
} else {
|
||||
tauri_plugin_log::Target::new(tauri_plugin_log::TargetKind::Stdout)
|
||||
|
||||
@@ -11,6 +11,9 @@ if command -V semanage >/dev/null 2>&1; then
|
||||
restorecon -R /usr/lib/portmaster/portmaster-core 2>/dev/null >&2 || :
|
||||
fi
|
||||
|
||||
mv /usr/bin/portmaster /usr/lib/portmaster/portmaster
|
||||
ln -s /usr/lib/portmaster/portmaster /usr/bin/portmaster
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl enable portmaster.service
|
||||
|
||||
|
||||
@@ -132,8 +132,7 @@ func authenticateAPIRequest(ctx context.Context, pktInfo *packet.Info) (retry bo
|
||||
var originalPid int
|
||||
|
||||
// Get authenticated path.
|
||||
// FIXME(vladimir): provide a better check for detecting filepath. Note there is exception on linux with portmaster ui.
|
||||
authenticatedPath := "" // updates.RootPath()
|
||||
authenticatedPath := module.instance.BinaryUpdates().GetRootPath()
|
||||
if authenticatedPath == "" {
|
||||
return false, fmt.Errorf(deniedMsgMisconfigured, api.ErrAPIAccessDeniedMessage) //nolint:stylecheck // message for user
|
||||
}
|
||||
|
||||
@@ -16,6 +16,7 @@ import (
|
||||
"github.com/safing/portmaster/service/netquery"
|
||||
"github.com/safing/portmaster/service/network"
|
||||
"github.com/safing/portmaster/service/profile"
|
||||
"github.com/safing/portmaster/service/updates"
|
||||
"github.com/safing/portmaster/spn/access"
|
||||
"github.com/safing/portmaster/spn/captain"
|
||||
)
|
||||
@@ -160,6 +161,7 @@ func New(instance instance) (*Firewall, error) {
|
||||
|
||||
type instance interface {
|
||||
Config() *config.Config
|
||||
BinaryUpdates() *updates.Updates
|
||||
Profile() *profile.ProfileModule
|
||||
Captain() *captain.Captain
|
||||
Access() *access.Access
|
||||
|
||||
@@ -4,12 +4,16 @@ import (
|
||||
"errors"
|
||||
"sync/atomic"
|
||||
|
||||
"github.com/safing/portmaster/base/log"
|
||||
"github.com/safing/portmaster/service/mgr"
|
||||
"github.com/safing/portmaster/service/updates"
|
||||
)
|
||||
|
||||
type ProcessModule struct {
|
||||
mgr *mgr.Manager
|
||||
instance instance
|
||||
|
||||
portmasterUIPath string
|
||||
}
|
||||
|
||||
func (pm *ProcessModule) Manager() *mgr.Manager {
|
||||
@@ -17,6 +21,12 @@ func (pm *ProcessModule) Manager() *mgr.Manager {
|
||||
}
|
||||
|
||||
func (pm *ProcessModule) Start() error {
|
||||
file, err := pm.instance.BinaryUpdates().GetFile("portmaster")
|
||||
if err != nil {
|
||||
log.Errorf("process: failed to get path of ui: %s", err)
|
||||
} else {
|
||||
pm.portmasterUIPath = file.Path()
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -59,4 +69,6 @@ func New(instance instance) (*ProcessModule, error) {
|
||||
return module, nil
|
||||
}
|
||||
|
||||
type instance interface{}
|
||||
type instance interface {
|
||||
BinaryUpdates() *updates.Updates
|
||||
}
|
||||
|
||||
@@ -72,20 +72,9 @@ func (p *Process) getSpecialProfileID() (specialProfileID string) {
|
||||
specialProfileID = profile.PortmasterProfileID
|
||||
default:
|
||||
// Check if this is another Portmaster component.
|
||||
// FIXME(vladimir): provide a better check for detecting filepath. Note there is exception on linux with portmaster ui.
|
||||
// if updatesPath != "" && strings.HasPrefix(p.Path, updatesPath) {
|
||||
// switch {
|
||||
// case strings.Contains(p.Path, "portmaster-app"):
|
||||
// specialProfileID = profile.PortmasterAppProfileID
|
||||
// case strings.Contains(p.Path, "portmaster-notifier"):
|
||||
// specialProfileID = profile.PortmasterNotifierProfileID
|
||||
// default:
|
||||
// // Unexpected binary from within the Portmaster updates directpry.
|
||||
// log.Warningf("process: unexpected binary in the updates directory: %s", p.Path)
|
||||
// // TODO: Assign a fully restricted profile in the future when we are
|
||||
// // sure that we won't kill any of our own things.
|
||||
// }
|
||||
// }
|
||||
if module.portmasterUIPath != "" && p.Path == module.portmasterUIPath {
|
||||
specialProfileID = profile.PortmasterAppProfileID
|
||||
}
|
||||
// Check if this is the system resolver.
|
||||
switch runtime.GOOS {
|
||||
case "windows":
|
||||
|
||||
@@ -188,6 +188,10 @@ func (u *Updates) Start() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (u *Updates) GetRootPath() string {
|
||||
return u.registry.dir
|
||||
}
|
||||
|
||||
// GetFile returns the path of a file given the name.
|
||||
func (u *Updates) GetFile(id string) (*File, error) {
|
||||
file, ok := u.registry.files[id]
|
||||
|
||||
Reference in New Issue
Block a user