From 1cdfa6f9554c42eb3a817e2cdf68f10e02be9f00 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 25 Apr 2022 15:34:24 -0400 Subject: more on firecfg --guide: fzenity --- Makefile.in | 2 +- configure | 3 +- configure.ac | 2 +- src/firecfg/firejail-welcome.sh | 11 +-- src/firecfg/main.c | 6 ++ src/fzenity/Makefile.in | 17 ++++ src/fzenity/main.c | 176 ++++++++++++++++++++++++++++++++++++++++ 7 files changed, 209 insertions(+), 8 deletions(-) create mode 100644 src/fzenity/Makefile.in create mode 100644 src/fzenity/main.c diff --git a/Makefile.in b/Makefile.in index b73e996d9..945e30e84 100644 --- a/Makefile.in +++ b/Makefile.in @@ -27,7 +27,7 @@ COMPLETIONDIRS = src/zsh_completion src/bash_completion all: all_items mydirs $(MAN_TARGET) filters APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats src/jailcheck/jailcheck SBOX_APPS = src/fbuilder/fbuilder src/ftee/ftee src/fids/fids -SBOX_APPS_NON_DUMPABLE = src/fcopy/fcopy src/fldd/fldd src/fnet/fnet src/fnetfilter/fnetfilter +SBOX_APPS_NON_DUMPABLE = src/fcopy/fcopy src/fldd/fldd src/fnet/fnet src/fnetfilter/fnetfilter src/fzenity/fzenity SBOX_APPS_NON_DUMPABLE += src/fsec-optimize/fsec-optimize src/fsec-print/fsec-print src/fseccomp/fseccomp SBOX_APPS_NON_DUMPABLE += src/fnettrace/fnettrace src/fnettrace-dns/fnettrace-dns src/fnettrace-sni/fnettrace-sni MYDIRS = src/lib $(MAN_SRC) $(COMPLETIONDIRS) diff --git a/configure b/configure index f0a678473..91d247e65 100755 --- a/configure +++ b/configure @@ -4288,7 +4288,7 @@ fi ac_config_files="$ac_config_files mkdeb.sh" -ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile src/profstats/Makefile src/man/Makefile src/zsh_completion/Makefile src/bash_completion/Makefile test/Makefile src/jailcheck/Makefile src/fids/Makefile src/fnettrace/Makefile src/fnettrace-dns/Makefile src/fnettrace-sni/Makefile" +ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile src/fzenity/Makefile src/profstats/Makefile src/man/Makefile src/zsh_completion/Makefile src/bash_completion/Makefile test/Makefile src/jailcheck/Makefile src/fids/Makefile src/fnettrace/Makefile src/fnettrace-dns/Makefile src/fnettrace-sni/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -5016,6 +5016,7 @@ do "src/fldd/Makefile") CONFIG_FILES="$CONFIG_FILES src/fldd/Makefile" ;; "src/libpostexecseccomp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libpostexecseccomp/Makefile" ;; "src/fsec-optimize/Makefile") CONFIG_FILES="$CONFIG_FILES src/fsec-optimize/Makefile" ;; + "src/fzenity/Makefile") CONFIG_FILES="$CONFIG_FILES src/fzenity/Makefile" ;; "src/profstats/Makefile") CONFIG_FILES="$CONFIG_FILES src/profstats/Makefile" ;; "src/man/Makefile") CONFIG_FILES="$CONFIG_FILES src/man/Makefile" ;; "src/zsh_completion/Makefile") CONFIG_FILES="$CONFIG_FILES src/zsh_completion/Makefile" ;; diff --git a/configure.ac b/configure.ac index 071dea228..4066618e0 100644 --- a/configure.ac +++ b/configure.ac @@ -279,7 +279,7 @@ AC_CONFIG_FILES([mkdeb.sh], [chmod +x mkdeb.sh]) AC_CONFIG_FILES([Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \ src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile \ src/ftee/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile \ -src/profstats/Makefile src/man/Makefile src/zsh_completion/Makefile src/bash_completion/Makefile test/Makefile \ +src/fzenity/Makefile src/profstats/Makefile src/man/Makefile src/zsh_completion/Makefile src/bash_completion/Makefile test/Makefile \ src/jailcheck/Makefile src/fids/Makefile src/fnettrace/Makefile src/fnettrace-dns/Makefile src/fnettrace-sni/Makefile]) AC_OUTPUT diff --git a/src/firecfg/firejail-welcome.sh b/src/firecfg/firejail-welcome.sh index 7183b74e1..a7e74ebc3 100755 --- a/src/firecfg/firejail-welcome.sh +++ b/src/firecfg/firejail-welcome.sh @@ -36,12 +36,13 @@ enable_nonewprivs=false read -r -d $'\0' MSG_INTRO <Welcome to Firejail! -This guide will walk you through some of the most common sandbox customizations. At the end of the -guide you'll have the option to save your changes in Firejail's global config file at -/etc/firejail/firejail.config. A copy of the original file is stored as -/etc/firejal/firejail.config-. +This guide will walk you through some of the most common sandbox customizations. +At the end of the guide you'll have the option to save your changes in Firejail's +global config file at /etc/firejail/firejail.config. A copy of the original file is saved +as /etc/firejal/firejail.config-. -Please note that running this script a second time can set new options, but does not clear options set in a previous run. +Please note that running this script a second time can set new options, but does +not clear options set in a previous run. Press OK to continue, or close this window to stop the program. diff --git a/src/firecfg/main.c b/src/firecfg/main.c index 0c81f69bd..07e30415b 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c @@ -444,8 +444,14 @@ int main(int argc, char **argv) { if (arg_guide) { char *cmd; +if (arg_debug) { + if (asprintf(&cmd, "sudo %s/firejail/firejail-welcome.sh /usr/lib/firejail/fzenity %s %s", LIBDIR, SYSCONFDIR, user) == -1) + errExit("asprintf"); +} +else { if (asprintf(&cmd, "sudo %s/firejail/firejail-welcome.sh /usr/bin/zenity %s %s", LIBDIR, SYSCONFDIR, user) == -1) errExit("asprintf"); +} int status = system(cmd); if (status == -1) { fprintf(stderr, "Error: cannot run firejail-welcome.sh\n"); diff --git a/src/fzenity/Makefile.in b/src/fzenity/Makefile.in new file mode 100644 index 000000000..d9f976165 --- /dev/null +++ b/src/fzenity/Makefile.in @@ -0,0 +1,17 @@ +.PHONY: all +all: fzenity + +include ../common.mk + +%.o : %.c $(H_FILE_LIST) ../include/common.h + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ + +fzenity: $(OBJS) + $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) + +.PHONY: clean +clean:; rm -fr *.o fzenity *.gcov *.gcda *.gcno *.plist + +.PHONY: distclean +distclean: clean + rm -fr Makefile diff --git a/src/fzenity/main.c b/src/fzenity/main.c new file mode 100644 index 000000000..4a0d3abac --- /dev/null +++ b/src/fzenity/main.c @@ -0,0 +1,176 @@ +#include "../include/common.h" +#include + +static char *arg_title = NULL; +static char *arg_text = NULL; +static int arg_info = 0; +static int arg_question = 0; + +static inline void ansi_topleft(void) { + char str[] = {0x1b, '[', '1', ';', '1', 'H', '\0'}; + printf("%s", str); + fflush(0); +} + +static inline void ansi_clrscr(void) { + ansi_topleft(); + char str[] = {0x1b, '[', '0', 'J', '\0'}; + printf("%s", str); + fflush(0); +} + +char *remove_markup(char *in) { + char *out = malloc(strlen(in) + 1); + if (!out) + errExit("malloc"); + memset(out, 0, strlen(in) + 1); + + char *ptr = in; + char *outptr = out; + while (*ptr != '\0') { + // skip <> markup + if (*ptr == '<') { + while (*ptr != '\0' && *ptr != '>') + ptr++; + if (*ptr == '\0') { + fprintf(stderr, "Error: invalid markup\n"); + exit(0); + } + ptr++; + } + // replace literal \n with char '\n' + else if (*ptr == '\\' && *(ptr + 1) == 'n') { + ptr += 2; + *outptr++ = '\n'; + continue; + } + // replace '/n' with ' ' + else if (*ptr == '\n') { + if (*(ptr + 1) == '\n') { + *outptr++ = '\n'; + *outptr++ = '\n'; + ptr += 2; + } + else { + *outptr++ = ' '; + ptr++; + } + } + else + *outptr++ = *ptr++; + } + + return out; +} + +char *print_line(char *in, int col) { + char *ptr = in; + int i = 0; + while (*ptr != '\n' && *ptr != '\0' && i < col) { + ptr++; + i++; + } + + if (*ptr == '\n') { + *ptr++ = '\0'; + printf("%s\n", in); + return ptr++; + } + else if (i == col) { + while (*ptr != ' ' && ptr != in) + ptr--; + *ptr++ = '\0'; + printf("%s\n", in); + return ptr; + } + assert(0); + return NULL; +} + +void paginate(char *in) { + struct winsize w; + int col = 80; + if (ioctl(0, TIOCGWINSZ, &w) == 0) + col = w.ws_col; + + char *ptr = in; + while (*ptr != '\0') { + if (strlen(ptr) < col) { + printf("%s", ptr); + return; + } + ptr =print_line(ptr, col); + } + + return; +} + +static void info(void) { + ansi_clrscr(); + if (arg_text == NULL) { + fprintf(stderr, "Error: --text argument required\n"); + exit(1); + } + + if (arg_title) + printf("%s\n\n", arg_title); + + char *ptr = strstr(arg_text, "Press OK to continue"); + if (ptr) + *ptr = '\0'; + char *out = remove_markup(arg_text); + paginate(out); + free(out); + + printf("\nContinue? (Y/N): "); + + int c = getchar(); + if (c == 'y' || c == 'Y') + exit(0); + exit(1); +} + +static void question(void) { + ansi_clrscr(); + if (arg_text == NULL) { + fprintf(stderr, "Error: --text argument required\n"); + exit(1); + } + + if (arg_title) + printf("%s\n\n", arg_title); + + char *ptr = strstr(arg_text, "Press OK to continue"); + if (ptr) + *ptr = '\0'; + char *out = remove_markup(arg_text); + paginate(out); + free(out); + + printf("\n\n(Y/N): "); + + int c = getchar(); + if (c == 'y' || c == 'Y') + exit(0); + exit(1); +} + +int main(int argc, char **argv) { + int i; + for (i = 1; i < argc; i++) { +//printf("argv %d: #%s#\n", i, argv[i]); + if (strcmp(argv[i], "--info") == 0) + arg_info = 1; + else if (strcmp(argv[i], "--question") == 0) + arg_question = 1; + else if (strncmp(argv[i], "--text=", 7) == 0) + arg_text = argv[i] + 7; + } + + if (arg_question) + question(); + else if (arg_info) + info(); + + return 0; +} -- cgit v1.2.3-54-g00ecf