Skip to content

Commit

Permalink
ui,prefs: node auth settings improvements
Browse files Browse the repository at this point in the history 
 - Added "More information" label to the preferences dialog, and open a
   link to our wiki with more information.
 - Allow to configure node auth settings from the GUI:
   When we added the authentication options (12b4cf3,
   6556eed, f63d9dc)
   we allowed to configure auth options from the GUI, but only if the
   nodes already had the options configured. If the auth options
   received were empty, we simply disabled the auth options on the
   preferences dialog.

   Now we build the configuration in this scenario, and sent it back to
   the nodes.

(cherry picked from commit 8c25c3f)
  • Loading branch information
@gustavo-iniguez-goya
gustavo-iniguez-goya committed Jun 13, 2024
1 parent 03439f4 commit ff407e7
Show file tree
Hide file tree
Showing 2 changed files with 105 additions and 90 deletions.
110 changes: 51 additions & 59 deletions ui/opensnitch/dialogs/preferences.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -444,7 +444,7 @@ def _load_node_config(self, addr):
node_config['Server']['Address'] = self.comboNodeAddress.currentText()
node_config['Server']['LogFile'] = self.comboNodeLogFile.currentText()

cfg = self._load_node_auth_config(node_config['Server'])
cfg = self._save_node_auth_config(node_config['Server'])
if cfg != None:
node_config['Server'] = cfg
else:
Expand All @@ -457,51 +457,67 @@ def _load_node_config(self, addr):

def _load_node_auth_settings(self, config):
try:
if config.get('Authentication') == None:
self.toolBox.setItemEnabled(self.NODE_PAGE_AUTH, False)
if config == None:
return

auth = config.get('Authentication')
authtype_idx = self.comboNodeAuthType.findData(auth['Type'])
authtype_idx = 0
if auth != None:
if auth.get('Type') != None:
authtype_idx = self.comboNodeAuthType.findData(auth['Type'])
else:
config['Authentication'] = {}
auth = config.get('Authentication')

self.lineNodeCACertFile.setEnabled(authtype_idx >= 0)
self.lineNodeServerCertFile.setEnabled(authtype_idx >= 0)
self.lineNodeCertFile.setEnabled(authtype_idx >= 0)
self.lineNodeCertKeyFile.setEnabled(authtype_idx >= 0)

tls = auth.get('TLSOptions')
if tls != None and authtype_idx >= 0:
self.lineNodeCACertFile.setText(tls['CACert'])
self.lineNodeServerCertFile.setText(tls['ServerCert'])
self.lineNodeCertFile.setText(tls['ClientCert'])
self.lineNodeCertKeyFile.setText(tls['ClientKey'])
self.checkNodeAuthSkipVerify.setChecked(tls['SkipVerify'])

clienttype_idx = self.comboNodeAuthVerifyType.findData(tls['ClientAuthType'])
if clienttype_idx >= 0:
self.comboNodeAuthVerifyType.setCurrentIndex(clienttype_idx)
else:
authtype_idx = 0
if tls.get('CACert') != None:
self.lineNodeCACertFile.setText(tls['CACert'])
if tls.get('ServerCert') != None:
self.lineNodeServerCertFile.setText(tls['ServerCert'])
if tls.get('ClientCert') != None:
self.lineNodeCertFile.setText(tls['ClientCert'])
if tls.get('ClientKey') != None:
self.lineNodeCertKeyFile.setText(tls['ClientKey'])
if tls.get('SkipVerify') != None:
self.checkNodeAuthSkipVerify.setChecked(tls['SkipVerify'])

if tls.get('ClientAuthType') != None:
clienttype_idx = self.comboNodeAuthVerifyType.findData(tls['ClientAuthType'])
if clienttype_idx >= 0:
self.comboNodeAuthVerifyType.setCurrentIndex(clienttype_idx)

self.comboNodeAuthType.setCurrentIndex(authtype_idx)
# signals are connected after this method is called
self._cb_combo_node_auth_type_changed(authtype_idx)
except Exception as e:
print("[prefs] node auth options exception:", e)
print("[prefs] load node auth options exception:", e)
self._set_status_error(str(e))

def _load_node_auth_config(self, config):
def _save_node_auth_config(self, config):
try:
if config.get('Authentication') == None:
self.toolBox.setItemEnabled(self.NODE_PAGE_AUTH, False)
return
auth = config.get('Authentication')
if auth == None:
auth = {}

auth['Type'] = self.NODE_AUTH[self.comboNodeAuthType.currentIndex()]
tls = auth.get('TLSOptions')
if tls != None:
tls['CACert']= self.lineNodeCACertFile.text()
tls['ServerCert'] = self.lineNodeServerCertFile.text()
tls['ClientCert'] = self.lineNodeCertFile.text()
tls['ClientKey'] = self.lineNodeCertKeyFile.text()
tls['SkipVerify'] = self.checkNodeAuthSkipVerify.isChecked()
tls['ClientAuthType'] = self.NODE_AUTH_VERIFY[self.comboNodeAuthVerifyType.currentIndex()]
if tls == None:
tls = {}

tls['CACert'] = self.lineNodeCACertFile.text()
tls['ServerCert'] = self.lineNodeServerCertFile.text()
tls['ClientCert'] = self.lineNodeCertFile.text()
tls['ClientKey'] = self.lineNodeCertKeyFile.text()
tls['SkipVerify'] = self.checkNodeAuthSkipVerify.isChecked()
tls['ClientAuthType'] = self.NODE_AUTH_VERIFY[self.comboNodeAuthVerifyType.currentIndex()]
auth['TLSOptions'] = tls
config['Authentication'] = auth

return config
except Exception as e:
Expand Down Expand Up @@ -544,6 +560,14 @@ def _reset_node_settings(self):
self.checkNodeLogMicro.setChecked(False)
self.labelNodeName.setText("")
self.labelNodeVersion.setText("")
self.comboNodeAuthType.setCurrentIndex(self.AUTH_SIMPLE)
self.lineNodeCACertFile.setText("")
self.lineNodeServerCertFile.setText("")
self.lineNodeCertFile.setText("")
self.lineNodeCertKeyFile.setText("")
self.checkNodeAuthSkipVerify.setChecked(False)
self.comboNodeAuthVerifyType.setCurrentIndex(0)
self._cb_combo_node_auth_type_changed(0)

def _save_settings(self):
self._reset_status_message()
Expand Down Expand Up @@ -739,38 +763,6 @@ def _save_node_config(self, notifObject, addr):

return None

def _save_node_auth_config(self, config):
try:
if config.get('Authentication') == None:
self.toolBox.setItemEnabled(self.NODE_PAGE_AUTH, False)
return

auth = config['Authentication']
authtype_idx = self.comboNodeAuthType.findData(auth['Type'])
self.lineNodeCACertFile.setEnabled(authtype_idx >= 0)
self.lineNodeServerCertFile.setEnabled(authtype_idx >= 0)
self.lineNodeCertFile.setEnabled(authtype_idx >= 0)
self.lineNodeCertKeyFile.setEnabled(authtype_idx >= 0)

tls = auth.get('TLSOptions')
if tls != None and authtype_idx >= 0:
self.lineNodeCACertFile.setText(tls['CACert'])
self.lineNodeServerCertFile.setText(tls['ServerCert'])
self.lineNodeCertFile.setText(tls['ClientCert'])
self.lineNodeCertKeyFile.setText(tls['ClientKey'])
self.checkNodeAuthSkipVerify.setChecked(tls['SkipVerify'])

clienttype_idx = self.comboNodeAuthVerifyType.findData(tls['ClientAuthType'])
if clienttype_idx >= 0:
self.comboNodeAuthVerifyType.setCurrentIndex(clienttype_idx)
else:
authtype_idx = 0
self.comboNodeAuthType.setCurrentIndex(authtype_idx)
except Exception as e:
print("[prefs] node auth options exception:", e)
self._set_status_error(str(e))


def _validate_certs(self):
try:
if self.comboAuthType.currentIndex() == PreferencesDialog.AUTH_SIMPLE:
Expand Down
85 changes: 54 additions & 31 deletions ui/opensnitch/res/preferences.ui
View file
Original file line number Diff line number Diff line change
Expand Up @@ -901,6 +901,32 @@ Use ; to define multiple screens: 1;1.5 etc...</string>
</item>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="label_24">
<property name="toolTip">
<string>&lt;p&gt;Simple: no authentication&lt;/p&gt;
&lt;p&gt;TLS simple/mutual: use SSL certificates to authenticate nodes.&lt;/p&gt;
&lt;p&gt;Visit the wiki for more information.&lt;/p&gt;</string>
</property>
<property name="text">
<string>Authentication type</string>
</property>
</widget>
</item>
<item row="3" column="0" colspan="2">
<widget class="QLineEdit" name="lineCertFile">
<property name="placeholderText">
<string>Absolute path to the cert file</string>
</property>
</widget>
</item>
<item row="4" column="0" colspan="2">
<widget class="QLineEdit" name="lineCertKeyFile">
<property name="placeholderText">
<string>Absolute path to the cert key file</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QComboBox" name="comboAuthType">
<item>
Expand All @@ -920,10 +946,10 @@ Use ; to define multiple screens: 1;1.5 etc...</string>
</item>
</widget>
</item>
<item row="3" column="0" colspan="2">
<widget class="QLineEdit" name="lineCertFile">
<item row="2" column="0" colspan="2">
<widget class="QLineEdit" name="lineCACertFile">
<property name="placeholderText">
<string>Absolute path to the cert file</string>
<string>Absolute path to the CA cert file</string>
</property>
</widget>
</item>
Expand All @@ -937,29 +963,22 @@ Use ; to define multiple screens: 1;1.5 etc...</string>
</property>
</widget>
</item>
<item row="4" column="0" colspan="2">
<widget class="QLineEdit" name="lineCertKeyFile">
<property name="placeholderText">
<string>Absolute path to the cert key file</string>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="label_24">
<property name="toolTip">
<string>&lt;p&gt;Simple: no authentication&lt;/p&gt;
&lt;p&gt;TLS simple/mutual: use SSL certificates to authenticate nodes.&lt;/p&gt;
&lt;p&gt;Visit the wiki for more information.&lt;/p&gt;</string>
<item row="5" column="0" colspan="2">
<widget class="QLabel" name="label_28">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Maximum">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>Authentication type</string>
<string>&lt;a href=&quot;https://github.com/evilsocket/opensnitch/wiki/Nodes-authentication#nodes-authentication-added-in-v161&quot;&gt;More information&lt;/a&gt;</string>
</property>
</widget>
</item>
<item row="2" column="0" colspan="2">
<widget class="QLineEdit" name="lineCACertFile">
<property name="placeholderText">
<string>Absolute path to the CA cert file</string>
<property name="openExternalLinks">
<bool>true</bool>
</property>
<property name="textInteractionFlags">
<set>Qt::LinksAccessibleByKeyboard|Qt::LinksAccessibleByMouse</set>
</property>
</widget>
</item>
Expand All @@ -970,8 +989,8 @@ Use ; to define multiple screens: 1;1.5 etc...</string>
<rect>
<x>0</x>
<y>0</y>
<width>586</width>
<height>301</height>
<width>321</width>
<height>112</height>
</rect>
</property>
<attribute name="label">
Expand Down Expand Up @@ -1066,8 +1085,8 @@ Use ; to define multiple screens: 1;1.5 etc...</string>
<rect>
<x>0</x>
<y>0</y>
<width>586</width>
<height>301</height>
<width>219</width>
<height>115</height>
</rect>
</property>
<attribute name="label">
Expand Down Expand Up @@ -1487,7 +1506,8 @@ Temporary rules will still be valid, and you can use them when prompted to allow
<string>reject</string>
</property>
<property name="icon">
<iconset theme="window-close"/>
<iconset theme="window-close">
<normaloff>.</normaloff>.</iconset>
</property>
</item>
</widget>
Expand Down Expand Up @@ -1567,8 +1587,8 @@ Temporary rules will still be valid, and you can use them when prompted to allow
<rect>
<x>0</x>
<y>0</y>
<width>586</width>
<height>260</height>
<width>376</width>
<height>118</height>
</rect>
</property>
<attribute name="label">
Expand Down Expand Up @@ -1821,7 +1841,10 @@ Temporary rules will still be valid, and you can use them when prompted to allow
<item row="9" column="0">
<widget class="QLabel" name="label_26">
<property name="text">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;&lt;a href=&quot;https://github.com/evilsocket/opensnitch/wiki/Nodes-authentication#nodes-authentication-added-in-v161&quot;&gt;&lt;span style=&quot; text-decoration: underline; color:#0000ff;&quot;&gt;More information&lt;/span&gt;&lt;/a&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
<string>&lt;a href=&quot;https://github.com/evilsocket/opensnitch/wiki/Nodes-authentication#nodes-authentication-added-in-v161&quot;&gt;More information&lt;/a&gt;</string>
</property>
<property name="openExternalLinks">
<bool>true</bool>
</property>
<property name="textInteractionFlags">
<set>Qt::LinksAccessibleByMouse|Qt::TextSelectableByMouse</set>
Expand Down

0 comments on commit ff407e7

Please sign in to comment.