From 45bb83a05f00ad88b06d251ce5b2a9474d001904 Mon Sep 17 00:00:00 2001
From: Ken Moore <ken@pcbsd.org>
Date: Mon, 12 Sep 2016 13:18:32 -0400
Subject: [PATCH] API CHANGE: Add a new class to sysadm: sysadm/firewall This
 is the new firewall manager (ipfw), for setting options for the system
 firewall.

Initial API Call: "action":"known_ports"
This will return a list of all known ports and any names/descriptions for them (this is a static list - it does not reflect which ports are in-use or opened on the system. It is just for matching a port to a name/description)

REST Request (example):
-------------------------------
PUT /sysadm/firewall
{
   "action" : "known_ports"
}

WebSocket Request:
-------------------------------
{
   "id" : "fooid",
   "namespace" : "sysadm",
   "args" : {
      "action" : "known_ports"
   },
   "name" : "firewall"
}

Response:
-------------------------------
{
  "args": {
    "1/tcp": {
      "description": "#TCP Port Service Multiplexer",
      "name": "tcpmux",
      "port": "1/tcp"
    },
    "1/udp": {
      "description": "#TCP Port Service Multiplexer",
      "name": "tcpmux",
      "port": "1/udp"
    },
    "100/tcp": {
      "description": "#[unauthorized use]",
      "name": "newacct",
      "port": "100/tcp"
    }
  }
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}
---
 src/server/WebBackend.cpp              | 37 +++++++++++++++++++++++++-
 src/server/WebSocket.h                 |  2 ++
 src/server/library/sysadm-firewall.cpp |  2 +-
 3 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/src/server/WebBackend.cpp b/src/server/WebBackend.cpp
index 3bb35aa..79d68e7 100644
--- a/src/server/WebBackend.cpp
+++ b/src/server/WebBackend.cpp
@@ -22,7 +22,7 @@
 #include "library/sysadm-pkg.h"
 #include "library/sysadm-users.h"
 #include "library/sysadm-servicemanager.h"
-
+#include "library/sysadm-firewall.h"
 
 #define DEBUG 0
 //#define SCLISTDELIM QString("::::") //SysCache List Delimiter
@@ -91,6 +91,8 @@ RestOutputStruct::ExitCode WebSocket::AvailableSubsystems(bool allaccess, QJsonO
   out->insert("sysadm/users","read/write");
   //- Service Manager
   out->insert("sysadm/services","read/write");
+  // - Firewall Manager
+  out->insert("sysadm/firewall","read/write");
 
   return RestOutputStruct::OK;
 }
@@ -145,6 +147,8 @@ RestOutputStruct::ExitCode WebSocket::EvaluateBackendRequest(const RestInputStru
     return EvaluateSysadmUserRequest(IN.fullaccess, AUTHSYSTEM->userForToken(SockAuthToken), IN.args, out);
   }else if(namesp=="sysadm" && name=="services"){
     return EvaluateSysadmServiceRequest(IN.args, out);
+  }else if(namesp=="sysadm" && name=="firewall"){
+    return EvaluateSysadmFirewallRequest(IN.args, out);
   }else{
     return RestOutputStruct::BADREQUEST;
   }
@@ -1096,3 +1100,34 @@ RestOutputStruct::ExitCode WebSocket::EvaluateSysadmServiceRequest(const QJsonVa
   }
   return (ok ? RestOutputStruct::OK : RestOutputStruct::BADREQUEST);
 }
+
+// FIREWALL MANAGER (sysadm/firewall)
+RestOutputStruct::ExitCode WebSocket::EvaluateSysadmFirewallRequest(const QJsonValue in_args, QJsonObject *out){
+ bool ok = false;
+  QString action = in_args.toObject().value("action").toString();
+  sysadm::Firewall FMGR;
+  //Now perform actions as needed
+  if(action=="known_ports"){
+    ok = true;
+    QList<sysadm::PortInfo> all = FMGR.allPorts(); //this is all known ports (number/type, name, description) - it does not know about open/closed
+    for(int i=0; i<all.length(); i++){
+      QJsonObject obj;
+        obj.insert("name",all[i].Keyword);
+        obj.insert("port", QString::number(all[i].Port)+"/"+all[i].Type);
+        if(all[i].Description.isEmpty() && i>0 && (all[i-1].Keyword == all[i].Keyword) ){
+          obj.insert("description", all[i-1].Description);
+        }else{
+          obj.insert("description", all[i].Description);
+        }
+      out->insert(obj.value("port").toString(), obj); //use the port number/type as the unique identifier
+    }
+  }
+
+
+  //Evaluate outputs
+  if(out->keys().isEmpty()){
+    if(ok){ out->insert("result","success"); }
+    else{ out->insert("error","error"); }
+  }
+  return (ok ? RestOutputStruct::OK : RestOutputStruct::BADREQUEST);
+}
diff --git a/src/server/WebSocket.h b/src/server/WebSocket.h
index a1df3ad..53a4750 100644
--- a/src/server/WebSocket.h
+++ b/src/server/WebSocket.h
@@ -94,6 +94,8 @@ private:
 	RestOutputStruct::ExitCode EvaluateSysadmUserRequest(bool allaccess, QString user, const QJsonValue in_args, QJsonObject *out);
 	// -- sysadm Service Manager API
 	RestOutputStruct::ExitCode EvaluateSysadmServiceRequest(const QJsonValue in_args, QJsonObject *out);
+	// -- sysadm Firewall Manager API
+	RestOutputStruct::ExitCode EvaluateSysadmFirewallRequest(const QJsonValue in_args, QJsonObject *out);
 
 private slots:
 	void sendReply(QString msg);
diff --git a/src/server/library/sysadm-firewall.cpp b/src/server/library/sysadm-firewall.cpp
index 4cc84d2..0044729 100644
--- a/src/server/library/sysadm-firewall.cpp
+++ b/src/server/library/sysadm-firewall.cpp
@@ -93,7 +93,7 @@ QList<PortInfo> Firewall::allPorts(){
     PortInfo info;
     info.Keyword = line[0];
     info.Port = line[1].section("/",0,0).toInt();
-    info.Type = line[1].section("/",1,1).toInt();
+    info.Type = line[1].section("/",1,1);
     if(line.length()>2){
       info.Description = line.mid(2,-1).join(" ");
     }