ui,prefs: node auth settings improvements

gustavo-iniguez-goya · gustavo-iniguez-goya · commit ff407e72af7e · 2024-06-14T01:17:39.000+02:00
- Added "More information" label to the preferences dialog, and open a link to our wiki with more information. - Allow to configure node auth settings from the GUI: When we added the authentication options (12b4cf3, 6556eed, f63d9dc) we allowed to configure auth options from the GUI, but only if the nodes already had the options configured. If the auth options received were empty, we simply disabled the auth options on the preferences dialog. Now we build the configuration in this scenario, and sent it back to the nodes. (cherry picked from commit 8c25c3f)
diff --git a/ui/opensnitch/dialogs/preferences.py b/ui/opensnitch/dialogs/preferences.py
@@ -444,7 +444,7 @@ def _load_node_config(self, addr):
                 node_config['Server']['Address'] = self.comboNodeAddress.currentText()
                 node_config['Server']['LogFile'] = self.comboNodeLogFile.currentText()
 
-                cfg = self._load_node_auth_config(node_config['Server'])
+                cfg = self._save_node_auth_config(node_config['Server'])
                 if cfg != None:
                     node_config['Server'] = cfg
             else:
@@ -457,51 +457,67 @@ def _load_node_config(self, addr):
 
     def _load_node_auth_settings(self, config):
         try:
-            if config.get('Authentication') == None:
-                self.toolBox.setItemEnabled(self.NODE_PAGE_AUTH, False)
+            if config == None:
                 return
+
             auth = config.get('Authentication')
-            authtype_idx = self.comboNodeAuthType.findData(auth['Type'])
+            authtype_idx = 0
+            if auth != None:
+                if auth.get('Type') != None:
+                    authtype_idx = self.comboNodeAuthType.findData(auth['Type'])
+            else:
+                config['Authentication'] = {}
+                auth = config.get('Authentication')
+
             self.lineNodeCACertFile.setEnabled(authtype_idx >= 0)
             self.lineNodeServerCertFile.setEnabled(authtype_idx >= 0)
             self.lineNodeCertFile.setEnabled(authtype_idx >= 0)
             self.lineNodeCertKeyFile.setEnabled(authtype_idx >= 0)
 
             tls = auth.get('TLSOptions')
             if tls != None and authtype_idx >= 0:
-                self.lineNodeCACertFile.setText(tls['CACert'])
-                self.lineNodeServerCertFile.setText(tls['ServerCert'])
-                self.lineNodeCertFile.setText(tls['ClientCert'])
-                self.lineNodeCertKeyFile.setText(tls['ClientKey'])
-                self.checkNodeAuthSkipVerify.setChecked(tls['SkipVerify'])
-
-                clienttype_idx = self.comboNodeAuthVerifyType.findData(tls['ClientAuthType'])
-                if clienttype_idx >= 0:
-                    self.comboNodeAuthVerifyType.setCurrentIndex(clienttype_idx)
-            else:
-                authtype_idx = 0
+                if tls.get('CACert') != None:
+                    self.lineNodeCACertFile.setText(tls['CACert'])
+                if tls.get('ServerCert') != None:
+                    self.lineNodeServerCertFile.setText(tls['ServerCert'])
+                if tls.get('ClientCert') != None:
+                    self.lineNodeCertFile.setText(tls['ClientCert'])
+                if tls.get('ClientKey') != None:
+                    self.lineNodeCertKeyFile.setText(tls['ClientKey'])
+                if tls.get('SkipVerify') != None:
+                    self.checkNodeAuthSkipVerify.setChecked(tls['SkipVerify'])
+
+                if tls.get('ClientAuthType') != None:
+                    clienttype_idx = self.comboNodeAuthVerifyType.findData(tls['ClientAuthType'])
+                    if clienttype_idx >= 0:
+                        self.comboNodeAuthVerifyType.setCurrentIndex(clienttype_idx)
+
             self.comboNodeAuthType.setCurrentIndex(authtype_idx)
             # signals are connected after this method is called
             self._cb_combo_node_auth_type_changed(authtype_idx)
         except Exception as e:
-            print("[prefs] node auth options exception:", e)
+            print("[prefs] load node auth options exception:", e)
             self._set_status_error(str(e))
 
-    def _load_node_auth_config(self, config):
+    def _save_node_auth_config(self, config):
         try:
-            if config.get('Authentication') == None:
-                self.toolBox.setItemEnabled(self.NODE_PAGE_AUTH, False)
-                return
             auth = config.get('Authentication')
+            if auth == None:
+                auth = {}
+
             auth['Type'] = self.NODE_AUTH[self.comboNodeAuthType.currentIndex()]
             tls = auth.get('TLSOptions')
-            if tls != None:
-                tls['CACert']= self.lineNodeCACertFile.text()
-                tls['ServerCert'] = self.lineNodeServerCertFile.text()
-                tls['ClientCert'] = self.lineNodeCertFile.text()
-                tls['ClientKey'] = self.lineNodeCertKeyFile.text()
-                tls['SkipVerify'] = self.checkNodeAuthSkipVerify.isChecked()
-                tls['ClientAuthType'] = self.NODE_AUTH_VERIFY[self.comboNodeAuthVerifyType.currentIndex()]
+            if tls == None:
+                tls = {}
+
+            tls['CACert'] = self.lineNodeCACertFile.text()
+            tls['ServerCert'] = self.lineNodeServerCertFile.text()
+            tls['ClientCert'] = self.lineNodeCertFile.text()
+            tls['ClientKey'] = self.lineNodeCertKeyFile.text()
+            tls['SkipVerify'] = self.checkNodeAuthSkipVerify.isChecked()
+            tls['ClientAuthType'] = self.NODE_AUTH_VERIFY[self.comboNodeAuthVerifyType.currentIndex()]
+            auth['TLSOptions'] = tls
+            config['Authentication'] = auth
 
             return config
         except Exception as e:
@@ -544,6 +560,14 @@ def _reset_node_settings(self):
         self.checkNodeLogMicro.setChecked(False)
         self.labelNodeName.setText("")
         self.labelNodeVersion.setText("")
+        self.comboNodeAuthType.setCurrentIndex(self.AUTH_SIMPLE)
+        self.lineNodeCACertFile.setText("")
+        self.lineNodeServerCertFile.setText("")
+        self.lineNodeCertFile.setText("")
+        self.lineNodeCertKeyFile.setText("")
+        self.checkNodeAuthSkipVerify.setChecked(False)
+        self.comboNodeAuthVerifyType.setCurrentIndex(0)
+        self._cb_combo_node_auth_type_changed(0)
 
     def _save_settings(self):
         self._reset_status_message()
@@ -739,38 +763,6 @@ def _save_node_config(self, notifObject, addr):
 
         return None
 
-    def _save_node_auth_config(self, config):
-        try:
-            if config.get('Authentication') == None:
-                self.toolBox.setItemEnabled(self.NODE_PAGE_AUTH, False)
-                return
-
-            auth = config['Authentication']
-            authtype_idx = self.comboNodeAuthType.findData(auth['Type'])
-            self.lineNodeCACertFile.setEnabled(authtype_idx >= 0)
-            self.lineNodeServerCertFile.setEnabled(authtype_idx >= 0)
-            self.lineNodeCertFile.setEnabled(authtype_idx >= 0)
-            self.lineNodeCertKeyFile.setEnabled(authtype_idx >= 0)
-
-            tls = auth.get('TLSOptions')
-            if tls != None and authtype_idx >= 0:
-                self.lineNodeCACertFile.setText(tls['CACert'])
-                self.lineNodeServerCertFile.setText(tls['ServerCert'])
-                self.lineNodeCertFile.setText(tls['ClientCert'])
-                self.lineNodeCertKeyFile.setText(tls['ClientKey'])
-                self.checkNodeAuthSkipVerify.setChecked(tls['SkipVerify'])
-
-                clienttype_idx = self.comboNodeAuthVerifyType.findData(tls['ClientAuthType'])
-                if clienttype_idx >= 0:
-                    self.comboNodeAuthVerifyType.setCurrentIndex(clienttype_idx)
-            else:
-                authtype_idx = 0
-            self.comboNodeAuthType.setCurrentIndex(authtype_idx)
-        except Exception as e:
-            print("[prefs] node auth options exception:", e)
-            self._set_status_error(str(e))
-
-
     def _validate_certs(self):
         try:
             if self.comboAuthType.currentIndex() == PreferencesDialog.AUTH_SIMPLE:
diff --git a/ui/opensnitch/res/preferences.ui b/ui/opensnitch/res/preferences.ui
@@ -901,6 +901,32 @@ Use ; to define multiple screens: 1;1.5 etc...</string>
              </item>
             </widget>
            </item>
+           <item row="1" column="0">
+            <widget class="QLabel" name="label_24">
+             <property name="toolTip">
+              <string>&lt;p&gt;Simple: no authentication&lt;/p&gt;
+&lt;p&gt;TLS simple/mutual: use SSL certificates to authenticate nodes.&lt;/p&gt;
+&lt;p&gt;Visit the wiki for more information.&lt;/p&gt;</string>
+             </property>
+             <property name="text">
+              <string>Authentication type</string>
+             </property>
+            </widget>
+           </item>
+           <item row="3" column="0" colspan="2">
+            <widget class="QLineEdit" name="lineCertFile">
+             <property name="placeholderText">
+              <string>Absolute path to the cert file</string>
+             </property>
+            </widget>
+           </item>
+           <item row="4" column="0" colspan="2">
+            <widget class="QLineEdit" name="lineCertKeyFile">
+             <property name="placeholderText">
+              <string>Absolute path to the cert key file</string>
+             </property>
+            </widget>
+           </item>
            <item row="1" column="1">
             <widget class="QComboBox" name="comboAuthType">
              <item>
@@ -920,10 +946,10 @@ Use ; to define multiple screens: 1;1.5 etc...</string>
              </item>
             </widget>
            </item>
-           <item row="3" column="0" colspan="2">
-            <widget class="QLineEdit" name="lineCertFile">
+           <item row="2" column="0" colspan="2">
+            <widget class="QLineEdit" name="lineCACertFile">
              <property name="placeholderText">
-              <string>Absolute path to the cert file</string>
+              <string>Absolute path to the CA cert file</string>
              </property>
             </widget>
            </item>
@@ -937,29 +963,22 @@ Use ; to define multiple screens: 1;1.5 etc...</string>
              </property>
             </widget>
            </item>
-           <item row="4" column="0" colspan="2">
-            <widget class="QLineEdit" name="lineCertKeyFile">
-             <property name="placeholderText">
-              <string>Absolute path to the cert key file</string>
-             </property>
-            </widget>
-           </item>
-           <item row="1" column="0">
-            <widget class="QLabel" name="label_24">
-             <property name="toolTip">
-              <string>&lt;p&gt;Simple: no authentication&lt;/p&gt;
-&lt;p&gt;TLS simple/mutual: use SSL certificates to authenticate nodes.&lt;/p&gt;
-&lt;p&gt;Visit the wiki for more information.&lt;/p&gt;</string>
+           <item row="5" column="0" colspan="2">
+            <widget class="QLabel" name="label_28">
+             <property name="sizePolicy">
+              <sizepolicy hsizetype="Preferred" vsizetype="Maximum">
+               <horstretch>0</horstretch>
+               <verstretch>0</verstretch>
+              </sizepolicy>
              </property>
              <property name="text">
-              <string>Authentication type</string>
+              <string>&lt;a href=&quot;https://github.com/evilsocket/opensnitch/wiki/Nodes-authentication#nodes-authentication-added-in-v161&quot;&gt;More information&lt;/a&gt;</string>
              </property>
-            </widget>
-           </item>
-           <item row="2" column="0" colspan="2">
-            <widget class="QLineEdit" name="lineCACertFile">
-             <property name="placeholderText">
-              <string>Absolute path to the CA cert file</string>
+             <property name="openExternalLinks">
+              <bool>true</bool>
+             </property>
+             <property name="textInteractionFlags">
+              <set>Qt::LinksAccessibleByKeyboard|Qt::LinksAccessibleByMouse</set>
              </property>
             </widget>
            </item>
@@ -970,8 +989,8 @@ Use ; to define multiple screens: 1;1.5 etc...</string>
            <rect>
             <x>0</x>
             <y>0</y>
-            <width>586</width>
-            <height>301</height>
+            <width>321</width>
+            <height>112</height>
            </rect>
           </property>
           <attribute name="label">
@@ -1066,8 +1085,8 @@ Use ; to define multiple screens: 1;1.5 etc...</string>
            <rect>
             <x>0</x>
             <y>0</y>
-            <width>586</width>
-            <height>301</height>
+            <width>219</width>
+            <height>115</height>
            </rect>
           </property>
           <attribute name="label">
@@ -1487,7 +1506,8 @@ Temporary rules will still be valid, and you can use them when prompted to allow
                <string>reject</string>
               </property>
               <property name="icon">
-               <iconset theme="window-close"/>
+               <iconset theme="window-close">
+                <normaloff>.</normaloff>.</iconset>
               </property>
              </item>
             </widget>
@@ -1567,8 +1587,8 @@ Temporary rules will still be valid, and you can use them when prompted to allow
            <rect>
             <x>0</x>
             <y>0</y>
-            <width>586</width>
-            <height>260</height>
+            <width>376</width>
+            <height>118</height>
            </rect>
           </property>
           <attribute name="label">
@@ -1821,7 +1841,10 @@ Temporary rules will still be valid, and you can use them when prompted to allow
            <item row="9" column="0">
             <widget class="QLabel" name="label_26">
              <property name="text">
-              <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;&lt;a href=&quot;https://github.com/evilsocket/opensnitch/wiki/Nodes-authentication#nodes-authentication-added-in-v161&quot;&gt;&lt;span style=&quot; text-decoration: underline; color:#0000ff;&quot;&gt;More information&lt;/span&gt;&lt;/a&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
+              <string>&lt;a href=&quot;https://github.com/evilsocket/opensnitch/wiki/Nodes-authentication#nodes-authentication-added-in-v161&quot;&gt;More information&lt;/a&gt;</string>
+             </property>
+             <property name="openExternalLinks">
+              <bool>true</bool>
              </property>
              <property name="textInteractionFlags">
               <set>Qt::LinksAccessibleByMouse|Qt::TextSelectableByMouse</set>
