mirror of
https://github.com/tnodir/fort
synced 2024-11-15 04:45:59 +00:00
UI: Options: Self Protection: Add "Only Administrator can open Driver" flag
This commit is contained in:
parent
efcecfdcfb
commit
3a6f34005e
@ -26,7 +26,7 @@ static void fort_driver_delete_device(PDRIVER_OBJECT driver)
|
|||||||
IoDeleteDevice(device_obj);
|
IoDeleteDevice(device_obj);
|
||||||
}
|
}
|
||||||
|
|
||||||
static NTSTATUS fort_driver_create_device(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
|
static NTSTATUS fort_driver_create_device(PDRIVER_OBJECT driver)
|
||||||
{
|
{
|
||||||
NTSTATUS status;
|
NTSTATUS status;
|
||||||
|
|
||||||
@ -95,7 +95,7 @@ static NTSTATUS fort_driver_load(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path
|
|||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = fort_driver_create_device(driver, reg_path);
|
status = fort_driver_create_device(driver);
|
||||||
if (!NT_SUCCESS(status))
|
if (!NT_SUCCESS(status))
|
||||||
return status;
|
return status;
|
||||||
|
|
||||||
|
5
src/ui/3rdparty/sqlite/dbvar.cpp
vendored
5
src/ui/3rdparty/sqlite/dbvar.cpp
vendored
@ -3,6 +3,11 @@
|
|||||||
#include "sqlitedb.h"
|
#include "sqlitedb.h"
|
||||||
#include "sqlitestmt.h"
|
#include "sqlitestmt.h"
|
||||||
|
|
||||||
|
QVariant DbVar::nullable(bool v)
|
||||||
|
{
|
||||||
|
return nullable(v, !v);
|
||||||
|
}
|
||||||
|
|
||||||
QVariant DbVar::nullable(int v)
|
QVariant DbVar::nullable(int v)
|
||||||
{
|
{
|
||||||
return nullable(v, v == 0);
|
return nullable(v, v == 0);
|
||||||
|
1
src/ui/3rdparty/sqlite/dbvar.h
vendored
1
src/ui/3rdparty/sqlite/dbvar.h
vendored
@ -12,6 +12,7 @@ public:
|
|||||||
{
|
{
|
||||||
return isNull ? QVariant() : QVariant(v);
|
return isNull ? QVariant() : QVariant(v);
|
||||||
}
|
}
|
||||||
|
static QVariant nullable(bool v);
|
||||||
static QVariant nullable(int v);
|
static QVariant nullable(int v);
|
||||||
static QVariant nullable(const QString &v);
|
static QVariant nullable(const QString &v);
|
||||||
static QVariant nullable(const QDateTime &v);
|
static QVariant nullable(const QDateTime &v);
|
||||||
|
@ -37,6 +37,11 @@ public:
|
|||||||
bool noServiceControl() const { return valueBool("protect/noServiceControl"); }
|
bool noServiceControl() const { return valueBool("protect/noServiceControl"); }
|
||||||
void setNoServiceControl(bool v) { setValue("protect/noServiceControl", v); }
|
void setNoServiceControl(bool v) { setValue("protect/noServiceControl", v); }
|
||||||
|
|
||||||
|
bool isDriverAdminSet() const { return contains("protect/isDriverAdmin"); }
|
||||||
|
|
||||||
|
bool isDriverAdmin() const { return valueBool("protect/isDriverAdmin"); }
|
||||||
|
void setIsDriverAdmin(bool v) { setValue("protect/isDriverAdmin", v); }
|
||||||
|
|
||||||
bool checkPasswordOnUninstallSet() const
|
bool checkPasswordOnUninstallSet() const
|
||||||
{
|
{
|
||||||
return contains("protect/checkPasswordOnUninstall");
|
return contains("protect/checkPasswordOnUninstall");
|
||||||
|
@ -67,6 +67,7 @@ void OptionsPage::onResetToDefault()
|
|||||||
|
|
||||||
m_cbBootFilter->setChecked(false);
|
m_cbBootFilter->setChecked(false);
|
||||||
m_cbNoServiceControl->setChecked(false);
|
m_cbNoServiceControl->setChecked(false);
|
||||||
|
m_cbIsDriverAdmin->setChecked(false);
|
||||||
m_cbCheckPasswordOnUninstall->setChecked(false);
|
m_cbCheckPasswordOnUninstall->setChecked(false);
|
||||||
m_cbPassword->setChecked(false);
|
m_cbPassword->setChecked(false);
|
||||||
|
|
||||||
@ -168,6 +169,7 @@ void OptionsPage::onRetranslateUi()
|
|||||||
|
|
||||||
m_cbBootFilter->setText(tr("Block traffic when Fort Firewall is not running"));
|
m_cbBootFilter->setText(tr("Block traffic when Fort Firewall is not running"));
|
||||||
m_cbNoServiceControl->setText(tr("Disable Service controls"));
|
m_cbNoServiceControl->setText(tr("Disable Service controls"));
|
||||||
|
m_cbIsDriverAdmin->setText(tr("Only Administrator can open Driver"));
|
||||||
m_cbCheckPasswordOnUninstall->setText(tr("Check password on Uninstall"));
|
m_cbCheckPasswordOnUninstall->setText(tr("Check password on Uninstall"));
|
||||||
|
|
||||||
m_cbPassword->setText(tr("Password:"));
|
m_cbPassword->setText(tr("Password:"));
|
||||||
@ -418,13 +420,21 @@ void OptionsPage::setupProtectionBox()
|
|||||||
ctrl()->setIniEdited();
|
ctrl()->setIniEdited();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
m_cbIsDriverAdmin = ControlUtil::createCheckBox(ini()->isDriverAdmin(), [&](bool checked) {
|
||||||
|
ini()->setIsDriverAdmin(checked);
|
||||||
|
ctrl()->setIniEdited();
|
||||||
|
});
|
||||||
|
|
||||||
m_cbCheckPasswordOnUninstall =
|
m_cbCheckPasswordOnUninstall =
|
||||||
ControlUtil::createCheckBox(ini()->checkPasswordOnUninstall(), [&](bool checked) {
|
ControlUtil::createCheckBox(ini()->checkPasswordOnUninstall(), [&](bool checked) {
|
||||||
ini()->setCheckPasswordOnUninstall(checked);
|
ini()->setCheckPasswordOnUninstall(checked);
|
||||||
ctrl()->setIniEdited();
|
ctrl()->setIniEdited();
|
||||||
});
|
});
|
||||||
|
|
||||||
m_cbCheckPasswordOnUninstall->setEnabled(settings()->hasMasterAdmin());
|
if (!settings()->hasMasterAdmin()) {
|
||||||
|
m_cbIsDriverAdmin->setEnabled(false);
|
||||||
|
m_cbCheckPasswordOnUninstall->setEnabled(false);
|
||||||
|
}
|
||||||
|
|
||||||
// Password Row
|
// Password Row
|
||||||
auto passwordLayout = setupPasswordLayout();
|
auto passwordLayout = setupPasswordLayout();
|
||||||
@ -433,6 +443,7 @@ void OptionsPage::setupProtectionBox()
|
|||||||
auto layout = new QVBoxLayout();
|
auto layout = new QVBoxLayout();
|
||||||
layout->addWidget(m_cbBootFilter);
|
layout->addWidget(m_cbBootFilter);
|
||||||
layout->addWidget(m_cbNoServiceControl);
|
layout->addWidget(m_cbNoServiceControl);
|
||||||
|
layout->addWidget(m_cbIsDriverAdmin);
|
||||||
layout->addWidget(ControlUtil::createSeparator());
|
layout->addWidget(ControlUtil::createSeparator());
|
||||||
layout->addWidget(m_cbCheckPasswordOnUninstall);
|
layout->addWidget(m_cbCheckPasswordOnUninstall);
|
||||||
layout->addLayout(passwordLayout);
|
layout->addLayout(passwordLayout);
|
||||||
|
@ -77,6 +77,7 @@ private:
|
|||||||
|
|
||||||
QCheckBox *m_cbBootFilter = nullptr;
|
QCheckBox *m_cbBootFilter = nullptr;
|
||||||
QCheckBox *m_cbNoServiceControl = nullptr;
|
QCheckBox *m_cbNoServiceControl = nullptr;
|
||||||
|
QCheckBox *m_cbIsDriverAdmin = nullptr;
|
||||||
QCheckBox *m_cbCheckPasswordOnUninstall = nullptr;
|
QCheckBox *m_cbCheckPasswordOnUninstall = nullptr;
|
||||||
QCheckBox *m_cbPassword = nullptr;
|
QCheckBox *m_cbPassword = nullptr;
|
||||||
QLineEdit *m_editPassword = nullptr;
|
QLineEdit *m_editPassword = nullptr;
|
||||||
|
@ -482,6 +482,11 @@ void FortSettings::writeConfIniOptions(const IniOptions &ini)
|
|||||||
// Save changed keys
|
// Save changed keys
|
||||||
ini.save();
|
ini.save();
|
||||||
|
|
||||||
|
// Only Administrator can open Driver
|
||||||
|
if (ini.isDriverAdminSet()) {
|
||||||
|
StartupUtil::setRegistryIsDriverAdmin(ini.isDriverAdmin());
|
||||||
|
}
|
||||||
|
|
||||||
// Password
|
// Password
|
||||||
const bool isPasswordSet = (ini.hasPasswordSet() && ini.hasPassword() != hasPassword());
|
const bool isPasswordSet = (ini.hasPasswordSet() && ini.hasPassword() != hasPassword());
|
||||||
if (isPasswordSet || !ini.password().isEmpty()) {
|
if (isPasswordSet || !ini.password().isEmpty()) {
|
||||||
|
@ -115,6 +115,11 @@ bool RegKey::setValue(const QString &name, const QVariant &value, bool expand)
|
|||||||
(HKEY) handle(), (LPCWSTR) name.utf16(), 0, type, (const BYTE *) dataPtr, size);
|
(HKEY) handle(), (LPCWSTR) name.utf16(), 0, type, (const BYTE *) dataPtr, size);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool RegKey::setOrRemoveValue(const QString &name, const QVariant &value, bool expand)
|
||||||
|
{
|
||||||
|
return !value.isNull() ? setValue(name, value, expand) : removeValue(name);
|
||||||
|
}
|
||||||
|
|
||||||
QVariant RegKey::value(const QString &name, bool *expand) const
|
QVariant RegKey::value(const QString &name, bool *expand) const
|
||||||
{
|
{
|
||||||
char data[16 * 1024];
|
char data[16 * 1024];
|
||||||
|
@ -49,7 +49,8 @@ public:
|
|||||||
bool removeRecursively(const QString &subKey);
|
bool removeRecursively(const QString &subKey);
|
||||||
bool removeValue(const QString &name);
|
bool removeValue(const QString &name);
|
||||||
bool setValue(const QString &name, const QVariant &value, bool expand = false);
|
bool setValue(const QString &name, const QVariant &value, bool expand = false);
|
||||||
bool setDefaultValue(const QVariant &value) { return setValue(QString(), value); }
|
inline bool setDefaultValue(const QVariant &value) { return setValue(QString(), value); }
|
||||||
|
bool setOrRemoveValue(const QString &name, const QVariant &value, bool expand = false);
|
||||||
QVariant value(const QString &name, bool *expand = nullptr) const;
|
QVariant value(const QString &name, bool *expand = nullptr) const;
|
||||||
bool contains(const QString &name) const;
|
bool contains(const QString &name) const;
|
||||||
|
|
||||||
|
@ -7,6 +7,8 @@
|
|||||||
#define WIN32_LEAN_AND_MEAN
|
#define WIN32_LEAN_AND_MEAN
|
||||||
#include <qt_windows.h>
|
#include <qt_windows.h>
|
||||||
|
|
||||||
|
#include <sqlite/dbvar.h>
|
||||||
|
|
||||||
#include <fort_version_l.h>
|
#include <fort_version_l.h>
|
||||||
|
|
||||||
#include <util/fileutil.h>
|
#include <util/fileutil.h>
|
||||||
@ -116,6 +118,13 @@ bool uninstallService(const wchar_t *serviceName)
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
RegKey registryAppKey(quint32 flags = RegKey::DefaultReadOnly)
|
||||||
|
{
|
||||||
|
const RegKey regSw(RegKey::HKLM, R"(SOFTWARE)", flags);
|
||||||
|
|
||||||
|
return RegKey(regSw, APP_NAME, flags);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
const wchar_t *StartupUtil::serviceName()
|
const wchar_t *StartupUtil::serviceName()
|
||||||
@ -258,27 +267,30 @@ void StartupUtil::clearGlobalExplorerIntegrated()
|
|||||||
|
|
||||||
QString StartupUtil::registryPasswordHash()
|
QString StartupUtil::registryPasswordHash()
|
||||||
{
|
{
|
||||||
const RegKey regApp(RegKey::HKLM, R"(SOFTWARE)");
|
const RegKey regApp = registryAppKey();
|
||||||
|
|
||||||
const RegKey reg(regApp, APP_NAME);
|
return regApp.value("passwordHash").toString();
|
||||||
|
|
||||||
return reg.value("passwordHash").toString();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void StartupUtil::setRegistryPasswordHash(const QString &passwordHash)
|
void StartupUtil::setRegistryPasswordHash(const QString &passwordHash)
|
||||||
{
|
{
|
||||||
const bool isAdding = !passwordHash.isEmpty();
|
RegKey regApp = registryAppKey(RegKey::DefaultCreate);
|
||||||
|
|
||||||
const RegKey regApp(RegKey::HKLM, R"(SOFTWARE)",
|
regApp.setOrRemoveValue("passwordHash", DbVar::nullable(passwordHash));
|
||||||
isAdding ? RegKey::DefaultCreate : RegKey::DefaultReadWrite);
|
|
||||||
|
|
||||||
RegKey reg(regApp, APP_NAME, RegKey::DefaultCreate);
|
|
||||||
|
|
||||||
if (isAdding) {
|
|
||||||
reg.setValue("passwordHash", passwordHash);
|
|
||||||
} else {
|
|
||||||
reg.removeValue("passwordHash");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool StartupUtil::registryIsDriverAdmin()
|
||||||
|
{
|
||||||
|
const RegKey regApp = registryAppKey();
|
||||||
|
|
||||||
|
return regApp.value("isDriverAdmin").toBool();
|
||||||
|
}
|
||||||
|
|
||||||
|
void StartupUtil::setRegistryIsDriverAdmin(bool isDriverAdmin)
|
||||||
|
{
|
||||||
|
RegKey regApp = registryAppKey(RegKey::DefaultCreate);
|
||||||
|
|
||||||
|
regApp.setOrRemoveValue("isDriverAdmin", DbVar::nullable(isDriverAdmin));
|
||||||
}
|
}
|
||||||
|
|
||||||
void StartupUtil::setPortable(bool portable)
|
void StartupUtil::setPortable(bool portable)
|
||||||
|
@ -31,6 +31,9 @@ public:
|
|||||||
static QString registryPasswordHash();
|
static QString registryPasswordHash();
|
||||||
static void setRegistryPasswordHash(const QString &passwordHash);
|
static void setRegistryPasswordHash(const QString &passwordHash);
|
||||||
|
|
||||||
|
static bool registryIsDriverAdmin();
|
||||||
|
static void setRegistryIsDriverAdmin(bool isDriverAdmin);
|
||||||
|
|
||||||
static void setPortable(bool portable);
|
static void setPortable(bool portable);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user