API CHANGE:

Add a new class to sysadm: sysadm/firewall This is the new firewall manager (ipfw), for setting options for the system firewall. Initial API Call: "action":"known_ports" This will return a list of all known ports and any names/descriptions for them (this is a static list - it does not reflect which ports are in-use or opened on the system. It is just for matching a port to a name/description) REST Request (example): ------------------------------- PUT /sysadm/firewall { "action" : "known_ports" } WebSocket Request: ------------------------------- { "id" : "fooid", "namespace" : "sysadm", "args" : { "action" : "known_ports" }, "name" : "firewall" } Response: ------------------------------- { "args": { "1/tcp": { "description": "#TCP Port Service Multiplexer", "name": "tcpmux", "port": "1/tcp" }, "1/udp": { "description": "#TCP Port Service Multiplexer", "name": "tcpmux", "port": "1/udp" }, "100/tcp": { "description": "#[unauthorized use]", "name": "newacct", "port": "100/tcp" } } "id": "fooid", "name": "response", "namespace": "sysadm" }
2026-01-27 02:20:17 +00:00 · 2016-09-12 13:18:32 -04:00
parent efc7bfeaad
commit 45bb83a05f
3 changed files with 39 additions and 2 deletions
--- a/src/server/WebBackend.cpp
+++ b/src/server/WebBackend.cpp
@@ -22,7 +22,7 @@
 #include "library/sysadm-pkg.h"
 #include "library/sysadm-users.h"
 #include "library/sysadm-servicemanager.h"
-
+#include "library/sysadm-firewall.h"

 #define DEBUG 0
 //#define SCLISTDELIM QString("::::") //SysCache List Delimiter
@@ -91,6 +91,8 @@ RestOutputStruct::ExitCode WebSocket::AvailableSubsystems(bool allaccess, QJsonO
  out->insert("sysadm/users","read/write");
  //- Service Manager
  out->insert("sysadm/services","read/write");
+  // - Firewall Manager
+  out->insert("sysadm/firewall","read/write");

  return RestOutputStruct::OK;
 }
@@ -145,6 +147,8 @@ RestOutputStruct::ExitCode WebSocket::EvaluateBackendRequest(const RestInputStru
    return EvaluateSysadmUserRequest(IN.fullaccess, AUTHSYSTEM->userForToken(SockAuthToken), IN.args, out);
  }else if(namesp=="sysadm" && name=="services"){
    return EvaluateSysadmServiceRequest(IN.args, out);
+  }else if(namesp=="sysadm" && name=="firewall"){
+    return EvaluateSysadmFirewallRequest(IN.args, out);
  }else{
    return RestOutputStruct::BADREQUEST;
  }
@@ -1096,3 +1100,34 @@ RestOutputStruct::ExitCode WebSocket::EvaluateSysadmServiceRequest(const QJsonVa
  }
  return (ok ? RestOutputStruct::OK : RestOutputStruct::BADREQUEST);
 }
+
+// FIREWALL MANAGER (sysadm/firewall)
+RestOutputStruct::ExitCode WebSocket::EvaluateSysadmFirewallRequest(const QJsonValue in_args, QJsonObject *out){
+ bool ok = false;
+  QString action = in_args.toObject().value("action").toString();
+  sysadm::Firewall FMGR;
+  //Now perform actions as needed
+  if(action=="known_ports"){
+    ok = true;
+    QList<sysadm::PortInfo> all = FMGR.allPorts(); //this is all known ports (number/type, name, description) - it does not know about open/closed
+    for(int i=0; i<all.length(); i++){
+      QJsonObject obj;
+        obj.insert("name",all[i].Keyword);
+        obj.insert("port", QString::number(all[i].Port)+"/"+all[i].Type);
+        if(all[i].Description.isEmpty() && i>0 && (all[i-1].Keyword == all[i].Keyword) ){
+          obj.insert("description", all[i-1].Description);
+        }else{
+          obj.insert("description", all[i].Description);
+        }
+      out->insert(obj.value("port").toString(), obj); //use the port number/type as the unique identifier
+    }
+  }
+
+
+  //Evaluate outputs
+  if(out->keys().isEmpty()){
+    if(ok){ out->insert("result","success"); }
+    else{ out->insert("error","error"); }
+  }
+  return (ok ? RestOutputStruct::OK : RestOutputStruct::BADREQUEST);
+}
--- a/src/server/WebSocket.h
+++ b/src/server/WebSocket.h
@@ -94,6 +94,8 @@ private:
 	RestOutputStruct::ExitCode EvaluateSysadmUserRequest(bool allaccess, QString user, const QJsonValue in_args, QJsonObject *out);
 	// -- sysadm Service Manager API
 	RestOutputStruct::ExitCode EvaluateSysadmServiceRequest(const QJsonValue in_args, QJsonObject *out);
+	// -- sysadm Firewall Manager API
+	RestOutputStruct::ExitCode EvaluateSysadmFirewallRequest(const QJsonValue in_args, QJsonObject *out);

 private slots:
 	void sendReply(QString msg);
--- a/src/server/library/sysadm-firewall.cpp
+++ b/src/server/library/sysadm-firewall.cpp
@@ -93,7 +93,7 @@ QList<PortInfo> Firewall::allPorts(){
    PortInfo info;
    info.Keyword = line[0];
    info.Port = line[1].section("/",0,0).toInt();
-    info.Type = line[1].section("/",1,1).toInt();
+    info.Type = line[1].section("/",1,1);
    if(line.length()>2){
      info.Description = line.mid(2,-1).join(" ");
    }