From 913d71e9bc2c4ab87b75bb3b2608903232b5acb1 Mon Sep 17 00:00:00 2001
From: Joseph Nuthalapati <njoseph@thoughtworks.com>
Date: Thu, 21 Jun 2018 15:22:59 +0530
Subject: [PATCH] firewall: Display information that a service is internal only

Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
---
 actions/firewall                      | 39 ++++++++++++++++++-------
 plinth/modules/firewall/__init__.py   |  6 ++++
 plinth/modules/tor/__init__.py        |  2 +-
 plinth/modules/tor/templates/tor.html |  2 ++
 plinth/modules/tor/views.py           | 11 +++----
 plinth/service.py                     |  5 ++++
 plinth/templates/internal-zone.html   | 41 +++++++++++++++++++++++++++
 plinth/templates/service.html         |  2 ++
 static/themes/default/css/plinth.css  | 13 +++++++--
 9 files changed, 102 insertions(+), 19 deletions(-)
 create mode 100644 plinth/templates/internal-zone.html

diff --git a/actions/firewall b/actions/firewall
index c389353bf..e6f172a96 100755
--- a/actions/firewall
+++ b/actions/firewall
@@ -42,12 +42,18 @@ def parse_arguments():
         '--zone', help='Zone from which the list is to be retrieved',
         required=True)
 
+    # Get interface status
+    get_interfaces = subparsers.add_parser(
+        'get-interfaces', help='Get list of interfaces in a zone')
+    get_interfaces.add_argument(
+        '--zone', help='Zone from which the list is to be retrieved',
+        required=True)
+
     # Add a service
     add_service = subparsers.add_parser('add-service', help='Add a service')
     add_service.add_argument('service', help='Name of the service to add')
-    add_service.add_argument('--zone',
-                             help='Zone to which service is to be added',
-                             required=True)
+    add_service.add_argument(
+        '--zone', help='Zone to which service is to be added', required=True)
 
     # Remove a service status
     remove_service = subparsers.add_parser('remove-service',
@@ -81,8 +87,14 @@ def subcommand_get_status(_):
 
 def subcommand_get_enabled_services(arguments):
     """Print the status of variours services"""
-    subprocess.call(['firewall-cmd', '--zone', arguments.zone,
-                     '--list-services'])
+    subprocess.call(
+        ['firewall-cmd', '--zone', arguments.zone, '--list-services'])
+
+
+def subcommand_get_interfaces(arguments):
+    """Print the list of interfaces in a zone."""
+    subprocess.call(
+        ['firewall-cmd', '--zone', arguments.zone, '--list-interfaces'])
 
 
 def subcommand_add_service(arguments):
@@ -93,16 +105,21 @@ def subcommand_add_service(arguments):
 def add_service(zone, service):
     """Permit a service in the firewall."""
     subprocess.call(['firewall-cmd', '--zone', zone, '--add-service', service])
-    subprocess.call(['firewall-cmd', '--zone', zone, '--permanent',
-                     '--add-service', service])
+    subprocess.call([
+        'firewall-cmd', '--zone', zone, '--permanent', '--add-service', service
+    ])
 
 
 def subcommand_remove_service(arguments):
     """Block a service in the firewall"""
-    subprocess.call(['firewall-cmd', '--zone', arguments.zone,
-                     '--remove-service', arguments.service])
-    subprocess.call(['firewall-cmd', '--zone', arguments.zone, '--permanent',
-                     '--remove-service', arguments.service])
+    subprocess.call([
+        'firewall-cmd', '--zone', arguments.zone, '--remove-service',
+        arguments.service
+    ])
+    subprocess.call([
+        'firewall-cmd', '--zone', arguments.zone, '--permanent',
+        '--remove-service', arguments.service
+    ])
 
 
 def main():
diff --git a/plinth/modules/firewall/__init__.py b/plinth/modules/firewall/__init__.py
index 9d0244fb1..d351d4ac5 100644
--- a/plinth/modules/firewall/__init__.py
+++ b/plinth/modules/firewall/__init__.py
@@ -78,6 +78,12 @@ def get_enabled_services(zone):
     return output.split()
 
 
+def get_interfaces(zone):
+    """Return the list of interfaces in a zone."""
+    output = _run(['get-interfaces', '--zone', zone], superuser=True)
+    return output.split()
+
+
 def add_service(port, zone):
     """Enable a service in firewall"""
     _run(['add-service', port, '--zone', zone], superuser=True)
diff --git a/plinth/modules/tor/__init__.py b/plinth/modules/tor/__init__.py
index dd22c8c9d..96fe38515 100644
--- a/plinth/modules/tor/__init__.py
+++ b/plinth/modules/tor/__init__.py
@@ -74,7 +74,7 @@ def init():
     if not needs_setup:
         global socks_service
         socks_service = service_module.Service(
-            'tor-socks', _('Tor Anonymity Network'), ports=['tor-socks'],
+            'tor-socks', _('Tor Socks Proxy'), ports=['tor-socks'],
             is_external=False, is_enabled=utils.is_enabled,
             is_running=utils.is_running)
 
diff --git a/plinth/modules/tor/templates/tor.html b/plinth/modules/tor/templates/tor.html
index 371f354cc..66f7fc21a 100644
--- a/plinth/modules/tor/templates/tor.html
+++ b/plinth/modules/tor/templates/tor.html
@@ -80,6 +80,8 @@
       </table>
     {% endif %}
 
+    {% include "internal-zone.html" with service=socks_service %}
+
     <h3>{% trans "Configuration" %}</h3>
 
     <form class="form form-configuration" method="post">
diff --git a/plinth/modules/tor/views.py b/plinth/modules/tor/views.py
index eb514ad77..ce5ee532b 100644
--- a/plinth/modules/tor/views.py
+++ b/plinth/modules/tor/views.py
@@ -57,7 +57,8 @@ def index(request):
             'manual_page': tor.manual_page,
             'status': status,
             'config_running': bool(config_process),
-            'form': form
+            'form': form,
+            'socks_service': tor.socks_service
         })
 
 
@@ -66,10 +67,10 @@ def _apply_changes(request, old_status, new_status):
     try:
         __apply_changes(request, old_status, new_status)
     except ActionError as exception:
-        messages.error(request,
-                       _('Action error: {0} [{1}] [{2}]').format(
-                           exception.args[0], exception.args[1],
-                           exception.args[2]))
+        messages.error(
+            request,
+            _('Action error: {0} [{1}] [{2}]').format(
+                exception.args[0], exception.args[1], exception.args[2]))
 
 
 def __apply_changes(request, old_status, new_status):
diff --git a/plinth/service.py b/plinth/service.py
index 26845d734..f56218f72 100644
--- a/plinth/service.py
+++ b/plinth/service.py
@@ -110,6 +110,11 @@ class Service(object):
         """Returns is_enabled relying on a correct service_id"""
         return action_utils.service_is_enabled(self.service_id)
 
+    def get_internal_interfaces(self):
+        """Returns a list of interfaces in a firewall zone."""
+        from plinth.modules import firewall
+        return firewall.get_interfaces('internal')
+
 
 def init():
     """Register some misc. services that don't fit elsewhere."""
diff --git a/plinth/templates/internal-zone.html b/plinth/templates/internal-zone.html
new file mode 100644
index 000000000..0d8ecaa57
--- /dev/null
+++ b/plinth/templates/internal-zone.html
@@ -0,0 +1,41 @@
+{% comment %}
+#
+# This file is part of FreedomBox.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+{% endcomment %}
+
+{% load i18n %}
+
+{% block internal_zone_warning %}
+  {% if not service.is_external %}
+    <div class="bg-warning">
+      {% blocktrans trimmed with service_name=service.name %}
+        <em>{{ service_name }}</em> is available only on internal networks.
+      {% endblocktrans %}
+      <p>
+        {% with interfaces=service.get_internal_interfaces %}
+          {% if not interfaces %}
+            {% trans "Currently there are no network interfaces configured as internal." %}
+          {% else %}
+            {% blocktrans trimmed with interface_list=interfaces|join:", " %}
+              Currently the following network interfaces are configured as internal: {{ interface_list }}
+            {% endblocktrans %}
+          {% endif %}
+        {% endwith %}
+      </p>
+    </div>
+  {% endif %}
+{% endblock %}
diff --git a/plinth/templates/service.html b/plinth/templates/service.html
index 4377d9bbf..9b8009890 100644
--- a/plinth/templates/service.html
+++ b/plinth/templates/service.html
@@ -73,6 +73,8 @@
     {% endif %}
   {% endblock %}
 
+  {% include "internal-zone.html" %}
+
   {% block configuration %}
     <h3>{% trans "Configuration" %}</h3>
 
diff --git a/static/themes/default/css/plinth.css b/static/themes/default/css/plinth.css
index 4f3276af1..1bd7eaf34 100644
--- a/static/themes/default/css/plinth.css
+++ b/static/themes/default/css/plinth.css
@@ -261,7 +261,7 @@ a.menu_link_active {
 
 .card-title {
     font-weight: bold;
-    font-size: 1.75rem
+    font-size: 1.75rem;
 }
 
 .card-description {
@@ -278,10 +278,19 @@ a.menu_link_active {
 .card-icon span {
     width: 100px;
     height: 100px;
-    font-size: 80px
+    font-size: 80px;
 }
 
 /* Button table - Tables with a list of actions as buttons on top */
 .button-table > .button-row + .table {
     margin-top: 10px;
 }
+
+.bg-warning {
+    margin: 10px 0;
+    padding: 15px;
+}
+
+.bg-warning p:last-child {
+    margin: 0;
+}