Work on portmaster restructuring
This commit is contained in:
Daniel
@@ -1,6 +1,6 @@
|
||||
package profile
|
||||
|
||||
// OS Identifier Prefix
|
||||
// OS Identifier
|
||||
const (
|
||||
IdentifierPrefix = "mac:"
|
||||
osIdentifier = "mac"
|
||||
)
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
package profile
|
||||
|
||||
// OS Identifier Prefix
|
||||
// OS Identifier
|
||||
const (
|
||||
IdentifierPrefix = "lin:"
|
||||
osIdentifier = "lin"
|
||||
)
|
||||
|
||||
99
profile/fingerprint.go
Normal file
99
profile/fingerprint.go
Normal file
@@ -0,0 +1,99 @@
|
||||
package profile
|
||||
|
||||
var (
|
||||
fingerprintWeights = map[string]int{
|
||||
"full_path": 2,
|
||||
"partial_path": 1,
|
||||
"md5_sum": 4,
|
||||
"sha1_sum": 5,
|
||||
"sha256_sum": 6,
|
||||
}
|
||||
)
|
||||
|
||||
type Fingerprint struct {
|
||||
OS string
|
||||
Type string
|
||||
Value string
|
||||
Comment string
|
||||
}
|
||||
|
||||
func (fp *Fingerprint) MatchesOS() bool {
|
||||
return fp.OS == osIdentifier
|
||||
}
|
||||
|
||||
//
|
||||
// func (fp *Fingerprint) Equals(other *Fingerprint) bool {
|
||||
// return fp.OS == other.OS &&
|
||||
// fp.Type == other.Type &&
|
||||
// fp.Value == other.Value
|
||||
// }
|
||||
//
|
||||
// func (fp *Fingerprint) Check(type, value string) (weight int) {
|
||||
// if fp.Match(fpType, value) {
|
||||
// return GetFingerprintWeight(fpType)
|
||||
// }
|
||||
// return 0
|
||||
// }
|
||||
//
|
||||
// func (fp *Fingerprint) Match(fpType, value string) (matches bool) {
|
||||
// switch fp.Type {
|
||||
// case "partial_path":
|
||||
// return
|
||||
// default:
|
||||
// return fp.OS == osIdentifier &&
|
||||
// fp.Type == fpType &&
|
||||
// fp.Value == value
|
||||
// }
|
||||
//
|
||||
func GetFingerprintWeight(fpType string) (weight int) {
|
||||
weight, ok := fingerprintWeights[fpType]
|
||||
if ok {
|
||||
return weight
|
||||
}
|
||||
return 0
|
||||
}
|
||||
|
||||
//
|
||||
// func (p *Profile) GetApplicableFingerprints() (fingerprints []*Fingerprint) {
|
||||
// for _, fp := range p.Fingerprints {
|
||||
// if fp.OS == osIdentifier {
|
||||
// fingerprints = append(fingerprints, fp)
|
||||
// }
|
||||
// }
|
||||
// return
|
||||
// }
|
||||
//
|
||||
// func (p *Profile) AddFingerprint(fp *Fingerprint) error {
|
||||
// if fp.OS == "" {
|
||||
// fp.OS = osIdentifier
|
||||
// }
|
||||
//
|
||||
// p.Fingerprints = append(p.Fingerprints, fp)
|
||||
// return p.Save()
|
||||
// }
|
||||
//
|
||||
// func (p *Profile) GetApplicableFingerprintTypes() (types []string) {
|
||||
// for _, fp := range p.Fingerprints {
|
||||
// if fp.OS == osIdentifier && !utils.StringInSlice(types, fp.Type) {
|
||||
// types = append(types, fp.Type)
|
||||
// }
|
||||
// }
|
||||
// return
|
||||
// }
|
||||
//
|
||||
// func (p *Profile) MatchFingerprints(fingerprints map[string]string) (score int) {
|
||||
// for _, fp := range p.Fingerprints {
|
||||
// if fp.OS == osIdentifier {
|
||||
//
|
||||
// }
|
||||
// }
|
||||
// return
|
||||
// }
|
||||
//
|
||||
// func FindUserProfiles() {
|
||||
//
|
||||
// }
|
||||
//
|
||||
// func FindProfiles(path string) (*ProfileSet, error) {
|
||||
//
|
||||
// }
|
||||
@@ -4,21 +4,20 @@ import (
|
||||
"fmt"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/Safing/portmaster/network/reference"
|
||||
)
|
||||
|
||||
// Ports is a list of permitted or denied ports
|
||||
type Ports map[string][]*Port
|
||||
type Ports map[int16][]*Port
|
||||
|
||||
// Check returns whether listening/connecting to a certain port is allowed, if set.
|
||||
func (p Ports) Check(listen bool, protocol string, port uint16) (permit, ok bool) {
|
||||
func (p Ports) Check(signedProtocol int16, port uint16) (permit, ok bool) {
|
||||
if p == nil {
|
||||
return false, false
|
||||
}
|
||||
|
||||
if listen {
|
||||
protocol = "<" + protocol
|
||||
}
|
||||
portDefinitions, ok := p[protocol]
|
||||
portDefinitions, ok := p[signedProtocol]
|
||||
if ok {
|
||||
for _, portD := range portDefinitions {
|
||||
if portD.Matches(port) {
|
||||
@@ -29,16 +28,23 @@ func (p Ports) Check(listen bool, protocol string, port uint16) (permit, ok bool
|
||||
return false, false
|
||||
}
|
||||
|
||||
func formatSignedProtocol(sP int16) string {
|
||||
if sP < 0 {
|
||||
return fmt.Sprintf("<%s", reference.GetProtocolName(uint8(-1*sP)))
|
||||
}
|
||||
return reference.GetProtocolName(uint8(sP))
|
||||
}
|
||||
|
||||
func (p Ports) String() string {
|
||||
var s []string
|
||||
|
||||
for protocol, ports := range p {
|
||||
for signedProtocol, ports := range p {
|
||||
var portStrings []string
|
||||
for _, port := range ports {
|
||||
portStrings = append(portStrings, port.String())
|
||||
}
|
||||
|
||||
s = append(s, fmt.Sprintf("%s:[%s]", protocol, strings.Join(portStrings, ", ")))
|
||||
s = append(s, fmt.Sprintf("%s:[%s]", formatSignedProtocol(signedProtocol), strings.Join(portStrings, ", ")))
|
||||
}
|
||||
|
||||
if len(s) == 0 {
|
||||
|
||||
@@ -23,8 +23,7 @@ type Profile struct {
|
||||
// Icon is a path to the icon and is either prefixed "f:" for filepath, "d:" for a database path or "e:" for the encoded data.
|
||||
Icon string
|
||||
|
||||
// Identification
|
||||
Identifiers []string
|
||||
// Fingerprints
|
||||
Fingerprints []string
|
||||
|
||||
// The mininum security level to apply to connections made with this profile
|
||||
@@ -33,7 +32,8 @@ type Profile struct {
|
||||
Domains Domains
|
||||
Ports Ports
|
||||
|
||||
StampProfileKey string
|
||||
StampProfileKey string
|
||||
StampProfileAssigned int64
|
||||
|
||||
// If a Profile is declared as a Framework (i.e. an Interpreter and the likes), then the real process must be found
|
||||
// Framework *Framework `json:",omitempty bson:",omitempty"`
|
||||
|
||||
@@ -51,7 +51,7 @@ func (set *Set) Update(securityLevel uint8) {
|
||||
}
|
||||
|
||||
// update independence
|
||||
if active, ok := set.CheckFlag(Independent); active && ok {
|
||||
if set.CheckFlag(Independent) {
|
||||
set.independent = true
|
||||
} else {
|
||||
set.independent = false
|
||||
@@ -59,7 +59,7 @@ func (set *Set) Update(securityLevel uint8) {
|
||||
}
|
||||
|
||||
// CheckFlag returns whether a given flag is set.
|
||||
func (set *Set) CheckFlag(flag) (active bool) {
|
||||
func (set *Set) CheckFlag(flag uint8) (active bool) {
|
||||
|
||||
for i, profile := range set.profiles {
|
||||
if i == 2 && set.independent {
|
||||
@@ -97,7 +97,12 @@ func (set *Set) CheckDomain(domain string) (permit, ok bool) {
|
||||
}
|
||||
|
||||
// Ports returns the highest prioritized Ports configuration.
|
||||
func (set *Set) CheckPort() (permit, ok bool) {
|
||||
func (set *Set) CheckPort(listen bool, protocol uint8, port uint16) (permit, ok bool) {
|
||||
|
||||
signedProtocol := int16(protocol)
|
||||
if listen {
|
||||
signedProtocol = -1 * signedProtocol
|
||||
}
|
||||
|
||||
for i, profile := range set.profiles {
|
||||
if i == 2 && set.independent {
|
||||
@@ -105,13 +110,13 @@ func (set *Set) CheckPort() (permit, ok bool) {
|
||||
}
|
||||
|
||||
if profile != nil {
|
||||
if profile.Ports.Check() {
|
||||
return profile.Ports
|
||||
if permit, ok = profile.Ports.Check(signedProtocol, port); ok {
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false, false
|
||||
return false, false
|
||||
}
|
||||
|
||||
// SecurityLevel returns the highest prioritized security level.
|
||||
|
||||
17
profile/profileset_test.go
Normal file
17
profile/profileset_test.go
Normal file
@@ -0,0 +1,17 @@
|
||||
package profile
|
||||
|
||||
import "testing"
|
||||
|
||||
func TestProfileSet(t *testing.T) {
|
||||
|
||||
// new := &Set{
|
||||
// profiles: [4]*Profile{
|
||||
// user, // Application
|
||||
// nil, // Global
|
||||
// stamp, // Stamp
|
||||
// nil, // Default
|
||||
// },
|
||||
// }
|
||||
// new.Update(status.SecurityLevelFortress)
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user