Do not allow to re-add fileshare rules

NordSecurity · Dec 16, 2024 · 2051eae · 2051eae
1 parent c998da9
commit 2051eae
Show file tree

Hide file tree

Showing 9 changed files with 333 additions and 97 deletions.
diff --git a/cmd/daemon/main.go b/cmd/daemon/main.go
@@ -467,13 +467,11 @@ func main() {
 	)
 
 	filesharePortController := meshnet.NewPortAccessController(
-		cfgMgr,
 		netw,
-		meshRegistry,
 		meshnet.NewProcessChecker(),
 	)
 	fileshareProcMonitor := meshnet.NewProcMonitor(
-		&filesharePortController,
+		filesharePortController,
 		netlinkMonitorSetupFn,
 	)
 

diff --git a/daemon/jobs_test.go b/daemon/jobs_test.go
@@ -129,6 +129,10 @@ func (n *meshNetworker) AllowFileshare(address meshnet.UniqueAddress) error {
 	return nil
 }
 
+func (n *meshNetworker) PermitFileshare() error {
+	return nil
+}
+
 func (n *meshNetworker) AllowIncoming(address meshnet.UniqueAddress, lanAllowed bool) error {
 	n.allowedIncoming = append(n.allowedIncoming, address)
 	return nil
@@ -144,6 +148,10 @@ func (n *meshNetworker) BlockFileshare(address meshnet.UniqueAddress) error {
 	return nil
 }
 
+func (n *meshNetworker) ForbidFileshare() error {
+	return nil
+}
+
 func (*meshNetworker) ResetRouting(mesh.MachinePeer, mesh.MachinePeers) error { return nil }
 func (*meshNetworker) BlockRouting(meshnet.UniqueAddress) error               { return nil }
 func (*meshNetworker) Refresh(mesh.MachineMap) error                          { return nil }

diff --git a/meshnet/monitor_event_handler.go b/meshnet/monitor_event_handler.go
@@ -2,34 +2,24 @@ package meshnet
 
 import (
 	"errors"
-	"fmt"
 	"log"
 	"sync"
 
-	"github.com/NordSecurity/nordvpn-linux/config"
-	"github.com/NordSecurity/nordvpn-linux/core/mesh"
 	"github.com/NordSecurity/nordvpn-linux/internal"
 )
 
 var ErrIncorrectCmdlineContent = errors.New("invalid content of cmdline file of /proc")
 
-// FilesharePortAccessController blocks or allows fileshare port when
-// fileshare process stopped or was restarted accordingly.
+// FilesharePortAccessController forbids or permits fileshare port
+// use when fileshare process stopped or was restarted accordingly.
 type FilesharePortAccessController struct {
-	cm             config.Manager
-	netw           Networker
-	reg            mesh.Registry
+	netw           FileshareNetworker
 	filesharePID   PID
 	processChecker ProcessChecker
 	mu             sync.Mutex
 }
 
-func NewPortAccessController(
-	cm config.Manager,
-	netw Networker,
-	reg mesh.Registry,
-	pc ProcessChecker,
-) FilesharePortAccessController {
+func NewPortAccessController(netw FileshareNetworker, pc ProcessChecker) *FilesharePortAccessController {
 	filesharePID := PID(0)
 	// NOTE:if the fileshare is already running, set the initial PID.
 	// This can happen only when the daemon was restarted, but nordfileshare
@@ -38,10 +28,8 @@ func NewPortAccessController(
 	if PID != nil {
 		filesharePID = *PID
 	}
-	return FilesharePortAccessController{
-		cm:             cm,
+	return &FilesharePortAccessController{
 		netw:           netw,
-		reg:            reg,
 		filesharePID:   filesharePID,
 		processChecker: pc,
 	}
@@ -70,76 +58,19 @@ func (eventHandler *FilesharePortAccessController) OnProcessStarted(ev ProcEvent
 
 	log.Println(internal.InfoPrefix, "updating fileshare process pid to:", ev.PID)
 	eventHandler.filesharePID = ev.PID
-	go eventHandler.allowFileshare()
-}
-
-func (eventHandler *FilesharePortAccessController) allowFileshare() error {
-	log.Println(internal.InfoPrefix, "allowing fileshare port")
-
-	eventHandler.mu.Lock()
-	defer eventHandler.mu.Unlock()
-
-	peers, err := eventHandler.listPeers()
-	if err != nil {
-		return err
-	}
-
-	for _, peer := range peers {
-		peerUniqAddr := UniqueAddress{UID: peer.PublicKey, Address: peer.Address}
-		if err := eventHandler.netw.AllowFileshare(peerUniqAddr); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (eventHandler *FilesharePortAccessController) listPeers() (mesh.MachinePeers, error) {
-	var cfg config.Config
-	if err := eventHandler.cm.Load(&cfg); err != nil {
-		return nil, fmt.Errorf("reading configuration when listing peers: %w", err)
-	}
-
-	if cfg.MeshDevice == nil {
-		return nil, fmt.Errorf("meshnet is not configured")
-	}
-
-	token := cfg.TokensData[cfg.AutoConnectData.ID].Token
-	peers, err := eventHandler.reg.List(token, cfg.MeshDevice.ID)
-	if err != nil {
-		return nil, fmt.Errorf("listing peers: %w", err)
-	}
-	return peers, nil
+	go eventHandler.netw.PermitFileshare()
 }
 
 func (eventHandler *FilesharePortAccessController) OnProcessStopped(ev ProcEvent) {
+	if eventHandler.filesharePID == 0 {
+		return
+	}
 	if eventHandler.filesharePID != ev.PID {
 		return
 	}
 	log.Println(internal.InfoPrefix, "resetting fileshare pid")
 	eventHandler.filesharePID = 0
-	go eventHandler.blockFileshare()
-}
-
-func (eventHandler *FilesharePortAccessController) blockFileshare() error {
-	log.Println(internal.InfoPrefix, "blocking fileshare port")
-
-	eventHandler.mu.Lock()
-	defer eventHandler.mu.Unlock()
-
-	peers, err := eventHandler.listPeers()
-	if err != nil {
-		return err
-	}
-
-	for _, peer := range peers {
-		peerUniqAddr := UniqueAddress{UID: peer.PublicKey, Address: peer.Address}
-		if err := eventHandler.netw.BlockFileshare(peerUniqAddr); err != nil {
-			return err
-		}
-	}
-
-	return nil
+	go eventHandler.netw.ForbidFileshare()
 }
 
 // ProcessChecker represents process-related utilities
@@ -148,3 +79,9 @@ type ProcessChecker interface {
 	GiveProcessPID(string) *PID
 	CurrentPID() PID
 }
+
+// FileshareNetworker represents ability of a networker to permit or forbid fileshare
+type FileshareNetworker interface {
+	PermitFileshare() error
+	ForbidFileshare() error
+}