vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-01 18:19:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #73 from safing/feature/api-auth-upgrade

Browse source 
Minor api auth improvements following new portbase version
This commit is contained in:
Daniel 2020-06-05 14:51:04 +02:00 committed by GitHub
commit 6ffca6e411
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
firewall/api.go
View file

@ -20,7 +20,10 @@ import (
const (
deniedMsgUnidentified = `%wFailed to identify the requesting process.
You can enable the Development Mode to disable API authentication for development purposes.`
You can enable the Development Mode to disable API authentication for development purposes.
If you are seeing this message in the Portmaster App, please restart the app or right-click and select "Reload".
In the future, this issue will be remediated automatically.`
deniedMsgSystem = `%wSystem access to the Portmaster API is not permitted.
You can enable the Development Mode to disable API authentication for development purposes.`
@ -56,7 +59,7 @@ func startAPIAuth() {
log.Tracef("filter: api port set to %d", apiPort)
}
func apiAuthenticator(s *http.Server, r *http.Request) (err error) {
func apiAuthenticator(ctx context.Context, s *http.Server, r *http.Request) (err error) {
if devMode() {
return nil
}
@ -73,9 +76,7 @@ func apiAuthenticator(s *http.Server, r *http.Request) (err error) {
return fmt.Errorf("failed to get remote IP/Port: %s", err)
}
ctx, tracer := log.AddTracer(r.Context())
tracer.Tracef("filter: authenticating API request from %s", r.RemoteAddr)
defer tracer.Submit()
log.Tracer(r.Context()).Tracef("filter: authenticating API request from %s", r.RemoteAddr)
// It is very important that this works, retry extensively (every 250ms for 5s)
var retry bool
@ -112,6 +113,7 @@ func authenticateAPIRequest(ctx context.Context, pktInfo *packet.Info) (retry bo
return true, fmt.Errorf("failed to get process: %s", err)
}
originalPid := proc.Pid
var previousPid int
// go up up to two levels, if we don't match
for i := 0; i < 5; i++ {
@ -130,11 +132,20 @@ func authenticateAPIRequest(ctx context.Context, pktInfo *packet.Info) (retry bo
procsChecked = append(procsChecked, proc.Path)
if i < 4 {
// save previous PID
previousPid = proc.Pid
// get parent process
proc, err = process.GetOrFindProcess(ctx, proc.ParentPid)
if err != nil {
return true, fmt.Errorf("failed to get process: %s", err)
}
// abort if we are looping
if proc.Pid == previousPid {
// this also catches -1 pid loops
break
}
}
}