From 167cffff3b3a976d4bf454808d3054fdb323b1a1 Mon Sep 17 00:00:00 2001
From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Fri, 28 Mar 2014 21:32:09 -0400
Subject: [PATCH] Re-enable querying user firewall rules

---
 src/main.sml             |  6 +++---
 src/msg.sml              |  9 ++++++---
 src/msgTypes.sml         |  2 +-
 src/plugins/firewall.sig |  2 +-
 src/plugins/firewall.sml | 15 ++++++++++++---
 5 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/src/main.sml b/src/main.sml
index e2df22b..5783348 100644
--- a/src/main.sml
+++ b/src/main.sml
@@ -937,7 +937,7 @@ fun requestFirewall {node, uname} =
 						 else
 						     Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
 		  
-	val _ = Msg.send (bio, MsgQuery (QFirewall uname))
+	val _ = Msg.send (bio, MsgQuery (QFirewall {node = node, user = uname}))
 
 	fun loop () =
 	    case Msg.recv bio of
@@ -1223,7 +1223,7 @@ fun answerQuery q =
       | QFtp user => if Ftp.allowed user then MsgYes else MsgNo
       | QTrustedPath user => if TrustedPath.query user then MsgYes else MsgNo
       | QSocket user => MsgSocket (SocketPerm.query user)
-      | QFirewall user => MsgFirewall (Firewall.query user)
+      | QFirewall {node, user} => MsgFirewall (Firewall.query (node, user))
 
 fun describeQuery q =
     case q of
@@ -1233,7 +1233,7 @@ fun describeQuery q =
       | QFtp user => "Asked about FTP permissions for user " ^ user
       | QTrustedPath user => "Asked about trusted path settings for user " ^ user
       | QSocket user => "Asked about socket permissions for user " ^ user
-      | QFirewall user => "Asked about firewall rules for user " ^ user
+      | QFirewall {node, user} => "Asked about firewall rules on " ^ node ^ " for user " ^ user
 
 fun doIt' loop bio f cleanup =
 	       ((case f () of
diff --git a/src/msg.sml b/src/msg.sml
index 22f548c..f6b0051 100644
--- a/src/msg.sml
+++ b/src/msg.sml
@@ -117,8 +117,9 @@ fun sendQuery (bio, q) =
 			   OpenSSL.writeString (bio, s))
       | QSocket s => (OpenSSL.writeInt (bio, 4);
 		      OpenSSL.writeString (bio, s))
-      | QFirewall s => (OpenSSL.writeInt (bio, 5);
-			OpenSSL.writeString (bio, s))
+      | QFirewall {node, user} => (OpenSSL.writeInt (bio, 5);
+				   OpenSSL.writeString (bio, node);
+				   OpenSSL.writeString (bio, user))
       | QAptExists s => (OpenSSL.writeInt (bio, 6);
 			 OpenSSL.writeString (bio, s))
 
@@ -131,7 +132,9 @@ fun recvQuery bio =
 	   | 2 => Option.map QFtp (OpenSSL.readString bio)
 	   | 3 => Option.map QTrustedPath (OpenSSL.readString bio)
 	   | 4 => Option.map QSocket (OpenSSL.readString bio)
-	   | 5 => Option.map QFirewall (OpenSSL.readString bio)
+	   | 5 => (case ((OpenSSL.readString bio), (OpenSSL.readString bio)) of
+		      (SOME node, SOME user) => SOME (QFirewall { node = node, user = user })
+		    | _ => NONE)
 	   | 6 => Option.map QAptExists (OpenSSL.readString bio)
 	   | _ => NONE)
       | NONE => NONE
diff --git a/src/msgTypes.sml b/src/msgTypes.sml
index 9b7d02c..591ec31 100644
--- a/src/msgTypes.sml
+++ b/src/msgTypes.sml
@@ -37,7 +37,7 @@ datatype query =
        (* Is this user restricted to trusted-path executables? *)
        | QSocket of string
        (* What socket permissions does this user have? *)
-       | QFirewall of string
+       | QFirewall of {node : string, user : string}
        (* What firewall rules does this user have? *)
        | QAptExists of string
        (* Does this apt package exist *)
diff --git a/src/plugins/firewall.sig b/src/plugins/firewall.sig
index d69f3b7..27cea5b 100644
--- a/src/plugins/firewall.sig
+++ b/src/plugins/firewall.sig
@@ -32,7 +32,7 @@ signature FIREWALL = sig
 
     type firewall_rules = (user * fwnode * fwrule) list
 
-    val query : string -> string list
+    val query : string * string -> string list
     (* List a user's local firewall rules. *)
 
     val parseRules : unit -> firewall_rules
diff --git a/src/plugins/firewall.sml b/src/plugins/firewall.sml
index 5da168f..d58c251 100644
--- a/src/plugins/firewall.sml
+++ b/src/plugins/firewall.sml
@@ -61,13 +61,22 @@ fun parseRules () =
 	loop []
     end
 
-fun query uname =
+fun formatQueryRule (Client (ports, hosts)) =
+    "Client " ^ String.concatWith "," (map Int.toString ports) ^ " " ^ String.concatWith " " hosts
+  | formatQueryRule  (Server (ports, hosts)) =
+    "Server " ^ String.concatWith "," (map Int.toString ports) ^ " " ^ String.concatWith " " hosts
+  | formatQueryRule (ProxiedServer ports) =
+    "ProxiedServer " ^ String.concatWith "," (map Int.toString ports)
+  | formatQueryRule (LocalServer ports) =
+    "LocalServer " ^ String.concatWith "," (map Int.toString ports)
+
+fun query (node, uname) =
     (* completely broken *)
     let
 	val rules = parseRules ()
     in
-	(* map (fn (_, FirewallNode n, r) => (n, r)) (List.filter (fn (User u, _, _) => u = uname) rules) *)
-	["broken"]
+	map (fn (_, _, r) => formatQueryRule r)
+	    (List.filter (fn (User u, FirewallNode n, _) => u = uname andalso n = node) rules)
     end
 
 fun formatPorts ports = "(" ^ String.concatWith " " (map Int.toString ports) ^ ")"
-- 
2.20.1