File indexing completed on 2025-04-27 11:37:43 

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 // SPDX-FileCopyrightText: 2011 Craig Drummond <craig.p.drummond@gmail.com>
0003 // SPDX-FileCopyrightText: 2018 Alexis Lopes Zubeta <contact@azubieta.net>
0004 // SPDX-FileCopyrightText: 2020 Tomaz Canabrava <tcanabrava@kde.org>
0005 /*
0006  * UFW KControl Module
0007  */
0008 
0009 #pragma once
0010 
0011 #include <kcm_firewall_core_export.h>
0012 
0013 #include <QFlags>
0014 #include <QObject>
0015 #include <QTimer>
0016 
0017 #include <QLoggingCategory>
0018 
0019 Q_DECLARE_LOGGING_CATEGORY(FirewallClientDebug)
0020 
0021 class KJob;
0022 class RuleListModel;
0023 class LogListModel;
0024 class IFirewallClientBackend;
0025 class Rule;
0026 
0027 /* This class is the entry point of the Firewall KCM
0028  * It uses internal FirewallImplementations defined in
0029  * the backend/ folder.
0030  *
0031  * To setup a firewall, this will look first for "higher abstractions"
0032  * like firewalld and ufw, then bsd specifics, etc.
0033  */
0034 
0035 class KCM_FIREWALL_CORE_EXPORT FirewallClient : public QObject
0036 {
0037     Q_OBJECT
0038     /**
0039      * Whether the firewall is enabled
0040      */
0041     Q_PROPERTY(bool enabled READ enabled NOTIFY enabledChanged)
0042     Q_PROPERTY(QString defaultIncomingPolicy READ defaultIncomingPolicy NOTIFY defaultIncomingPolicyChanged)
0043     Q_PROPERTY(QString defaultOutgoingPolicy READ defaultOutgoingPolicy NOTIFY defaultOutgoingPolicyChanged)
0044     Q_PROPERTY(RuleListModel *rulesModel READ rulesModel CONSTANT)
0045     Q_PROPERTY(LogListModel *logsModel READ logsModel CONSTANT)
0046     Q_PROPERTY(bool logsAutoRefresh READ logsAutoRefresh WRITE setLogsAutoRefresh NOTIFY logsAutoRefreshChanged)
0047     Q_PROPERTY(bool hasExecutable READ hasExecutable NOTIFY hasExecutableChanged)
0048     Q_PROPERTY(Capabilities capabilities READ capabilities NOTIFY capabilitiesChanged)
0049     Q_PROPERTY(QString name READ name)
0050     Q_PROPERTY(bool supportsRuleUpdate READ supportsRuleUpdate CONSTANT)
0051 
0052 public:
0053     enum DefaultDataBehavior { DontReadDefaults, ReadDefaults };
0054     enum ProfilesBehavior { DontListenProfiles, ListenProfiles };
0055     explicit FirewallClient(QObject *parent = nullptr);
0056     ~FirewallClient();
0057 
0058     void setBackend(const QStringList &backendList);
0059 
0060     Q_INVOKABLE static QStringList knownProtocols();
0061     Q_INVOKABLE static QStringList knownInterfaces();
0062     Q_INVOKABLE QStringList knownApplications();
0063     Q_INVOKABLE static bool isTcpAndUdp(int protocolIdx);
0064     static int indexOfProtocol(const QString &protocol);
0065 
0066     Q_INVOKABLE void refresh();
0067 
0068     RuleListModel *rulesModel() const;
0069     LogListModel *logsModel() const;
0070 
0071     Q_INVOKABLE Rule *ruleAt(int index); // TODO move into the model?
0072     Q_INVOKABLE KJob *addRule(Rule *rule);
0073     Q_INVOKABLE KJob *removeRule(int index);
0074     Q_INVOKABLE KJob *updateRule(Rule *rule);
0075     Q_INVOKABLE KJob *moveRule(int from, int to);
0076 
0077     Q_INVOKABLE KJob *setEnabled(bool enabled);
0078     Q_INVOKABLE KJob *setDefaultIncomingPolicy(const QString &defaultIncomingPolicy);
0079     Q_INVOKABLE KJob *setDefaultOutgoingPolicy(const QString &defaultOutgoingPolicy);
0080     Q_INVOKABLE KJob *save();
0081     /* Creates a new Rule and returns it to the Qml side, passing arguments based on the Connection Table. */
0082     Q_INVOKABLE Rule *createRuleFromConnection(const QString &protocol, const QString &localAddress, const QString &foreignAddres, const QString &status);
0083 
0084     Q_INVOKABLE Rule *createRuleFromLog(const QString &protocol,
0085                                         const QString &sourceAddress,
0086                                         const QString &sourcePort,
0087                                         const QString &destinationAddress,
0088                                         const QString &destinationPort,
0089                                         const QString &inn);
0090 
0091     Q_INVOKABLE QString version() const;
0092 
0093     bool enabled() const;
0094     bool hasExecutable() const;
0095     QString name() const;
0096     QString defaultIncomingPolicy() const;
0097     QString defaultOutgoingPolicy() const;
0098     QString backend() const;
0099     bool logsAutoRefresh() const;
0100     bool supportsRuleUpdate() const;
0101     enum Capability {
0102         None = 0x0,
0103         SaveCapability = 0x1,
0104     };
0105 
0106     Q_ENUM(Capability)
0107     Q_DECLARE_FLAGS(Capabilities, Capability)
0108     Q_FLAG(Capabilities);
0109 
0110     Capabilities capabilities() const;
0111 
0112 Q_SIGNALS:
0113     void enabledChanged(const bool enabled);
0114     void defaultIncomingPolicyChanged(const QString &defaultIncomingPolicy);
0115     void defaultOutgoingPolicyChanged(const QString &defaultOutgoingPolicy);
0116     void logsAutoRefreshChanged(bool logsAutoRefresh);
0117     void backendChanged(const QString &backend);
0118     void hasExecutableChanged(bool changed);
0119     void capabilitiesChanged(const FirewallClient::Capabilities &capabilities);
0120     /**
0121      * Emitted when an error message should be displayed.
0122      *
0123      * This is typically shown as an inline message, e.g. "Failed to create action: Not authorized."
0124      */
0125     void showErrorMessage(const QString &message);
0126 
0127 private:
0128     void setLogsAutoRefresh(bool logsAutoRefresh);
0129     void queryStatus(DefaultDataBehavior defaultDataBehavior = ReadDefaults, ProfilesBehavior ProfilesBehavior = ListenProfiles);
0130 
0131     static IFirewallClientBackend *m_currentBackend;
0132 };
0133 
0134 Q_DECLARE_OPERATORS_FOR_FLAGS(FirewallClient::Capabilities)