v2.17.3

Author: bernerdad

backend/linux/helper/firewallcontroller.cpp

@@ -13,13 +13,6 @@
 
 FirewallController::FirewallController() : connected_(false), splitTunnelEnabled_(false), splitTunnelExclude_(true)
 {
-    // If firewall on boot is enabled, restore boot rules
-    if (Utils::isFileExists("/etc/windscribe/boot_rules.v4")) {
-        Utils::executeCommand("iptables-restore", {"-n", "/etc/windscribe/boot_rules.v4"});
-    }
-    if (Utils::isFileExists("/etc/windscribe/boot_rules.v6")) {
-        Utils::executeCommand("ip6tables-restore", {"-n", "/etc/windscribe/boot_rules.v6"});
-    }
 }
 
 FirewallController::~FirewallController()
@@ -31,9 +24,9 @@ bool FirewallController::enable(bool ipv6, const std::string &rules)
     int fd;
 
     if (ipv6) {
-        fd = open("/etc/windscribe/rules.v6", O_CREAT | O_WRONLY | O_TRUNC, S_IRWXU | S_IRGRP | S_IROTH);
+        fd = open("/var/run/windscribe/rules.v6", O_CREAT | O_WRONLY | O_TRUNC, S_IRWXU | S_IRGRP | S_IROTH);
     } else {
-        fd = open("/etc/windscribe/rules.v4", O_CREAT | O_WRONLY | O_TRUNC, S_IRWXU | S_IRGRP | S_IROTH);
+        fd = open("/var/run/windscribe/rules.v4", O_CREAT | O_WRONLY | O_TRUNC, S_IRWXU | S_IRGRP | S_IROTH);
     }
 
     if (fd < 0) {
@@ -49,9 +42,9 @@ bool FirewallController::enable(bool ipv6, const std::string &rules)
     }
 
     if (ipv6) {
-        Utils::executeCommand("ip6tables-restore", {"-n", "/etc/windscribe/rules.v6"});
+        Utils::executeCommand("ip6tables-restore", {"-n", "/var/run/windscribe/rules.v6"});
     } else {
-        Utils::executeCommand("iptables-restore", {"-n", "/etc/windscribe/rules.v4"});
+        Utils::executeCommand("iptables-restore", {"-n", "/var/run/windscribe/rules.v4"});
     }
 
     // reapply split tunneling rules if necessary
@@ -67,10 +60,10 @@ void FirewallController::getRules(bool ipv6, std::string *outRules)
     std::string filename;
 
     if (ipv6) {
-        filename = "/etc/windscribe/rules.v6";
+        filename = "/var/run/windscribe/rules.v6";
         Utils::executeCommand("ip6tables-save", {"-f", filename.c_str()});
     } else {
-        filename = "/etc/windscribe/rules.v4";
+        filename = "/var/run/windscribe/rules.v4";
         Utils::executeCommand("iptables-save", {"-f", filename.c_str()});
     }
 
@@ -87,8 +80,8 @@ bool FirewallController::enabled(const std::string &tag)
 
 void FirewallController::disable()
 {
-    Utils::executeCommand("rm", {"-f", "/etc/windscribe/rules.v4"});
-    Utils::executeCommand("rm", {"-f", "/etc/windscribe/rules.v6"});
+    Utils::executeCommand("rm", {"-f", "/var/run/windscribe/rules.v4"});
+    Utils::executeCommand("rm", {"-f", "/var/run/windscribe/rules.v6"});
 }
 
 void FirewallController::setSplitTunnelingEnabled(bool isConnected, bool isEnabled, bool isExclude, const std::string &defaultAdapter, const std::string &defaultAdapterIp)

backend/linux/helper/firewallonboot.cpp

@@ -8,6 +8,23 @@
 
 FirewallOnBootManager::FirewallOnBootManager(): comment_("Windscribe client rule")
 {
+    // Migrate old boot rules if necessary
+    if (Utils::isFileExists("/etc/windscribe/boot_rules.v4")) {
+        Utils::executeCommand("mv", {"/etc/windscribe/boot_rules.v4", "/var/tmp/windscribe/boot_rules.v4"});
+        Utils::executeCommand("rm", {"/etc/windscribe/rules.v4"});
+    }
+    if (Utils::isFileExists("/etc/windscribe/boot_rules.v6")) {
+        Utils::executeCommand("mv", {"/etc/windscribe/boot_rules.v6", "/var/tmp/windscribe/boot_rules.v6"});
+        Utils::executeCommand("rm", {"/etc/windscribe/rules.v6"});
+    }
+
+    // If firewall on boot is enabled, restore boot rules
+    if (Utils::isFileExists("/var/tmp/windscribe/boot_rules.v4")) {
+        Utils::executeCommand("iptables-restore", {"-n", "/var/tmp/windscribe/boot_rules.v4"});
+    }
+    if (Utils::isFileExists("/var/tmp/windscribe/boot_rules.v6")) {
+        Utils::executeCommand("ip6tables-restore", {"-n", "/var/tmp/windscribe/boot_rules.v6"});
+    }
 }
 
 FirewallOnBootManager::~FirewallOnBootManager()
@@ -78,7 +95,7 @@ bool FirewallOnBootManager::enable(bool allowLanTraffic) {
     rules << "COMMIT\n";
 
     // write rules
-    int fd = open("/etc/windscribe/boot_rules.v4", O_CREAT | O_WRONLY | O_TRUNC, S_IRWXU | S_IRGRP | S_IROTH);
+    int fd = open("/var/tmp/windscribe/boot_rules.v4", O_CREAT | O_WRONLY | O_TRUNC, S_IRWXU | S_IRGRP | S_IROTH);
     if (fd < 0) {
         spdlog::error("Could not open boot firewall rules for writing");
         return false;
@@ -103,7 +120,7 @@ bool FirewallOnBootManager::enable(bool allowLanTraffic) {
     rules << "COMMIT\n";
 
     // write rules
-    fd = open("/etc/windscribe/boot_rules.v6", O_CREAT | O_WRONLY | O_TRUNC, S_IRWXU | S_IRGRP | S_IROTH);
+    fd = open("/var/tmp/windscribe/boot_rules.v6", O_CREAT | O_WRONLY | O_TRUNC, S_IRWXU | S_IRGRP | S_IROTH);
     if (fd < 0) {
         spdlog::error("Could not open v6 boot firewall rules for writing");
         return false;
@@ -118,7 +135,7 @@ bool FirewallOnBootManager::enable(bool allowLanTraffic) {
 
 bool FirewallOnBootManager::disable()
 {
-    Utils::executeCommand("rm", {"-f", "/etc/windscribe/boot_rules.v4"});
-    Utils::executeCommand("rm", {"-f", "/etc/windscribe/boot_rules.v6"});
+    Utils::executeCommand("rm", {"-f", "/var/tmp/windscribe/boot_rules.v4"});
+    Utils::executeCommand("rm", {"-f", "/var/tmp/windscribe/boot_rules.v6"});
     return true;
 }

backend/linux/helper/ovpn.cpp

@@ -15,7 +15,7 @@ bool writeOVPNFile(const std::string &dnsScript, unsigned int port, const std::s
     std::string line;
     int bytes;
 
-    int fd = open("/etc/windscribe/config.ovpn", O_CREAT | O_WRONLY | O_TRUNC, S_IRWXU | S_IRGRP | S_IROTH);
+    int fd = open("/var/run/windscribe/config.ovpn", O_CREAT | O_WRONLY | O_TRUNC, S_IRWXU | S_IRGRP | S_IROTH);
     if (fd < 0) {
         spdlog::error("Could not open config for writing");
         return false;

backend/linux/helper/process_command.cpp

@@ -103,7 +103,7 @@ std::string executeOpenVPN(const std::string &pars)
         return serializeResult(false, cmdId);
     }
 
-    std::string fullCmd = Utils::getFullCommand(Utils::getExePath(), "windscribeopenvpn", "--config /etc/windscribe/config.ovpn");
+    std::string fullCmd = Utils::getFullCommand(Utils::getExePath(), "windscribeopenvpn", "--config /var/run/windscribe/config.ovpn");
     if (fullCmd.empty()) {
         // Something wrong with the command
         return serializeResult(false, cmdId);
@@ -116,7 +116,7 @@ std::string executeOpenVPN(const std::string &pars)
         return serializeResult(false, cmdId);
     } else {
 
-        cmdId = ExecuteCmd::instance().execute(fullCmd, "/etc/windscribe");
+        cmdId = ExecuteCmd::instance().execute(fullCmd, "/opt/windscribe");
         return serializeResult(true, cmdId);
     }
 }
@@ -463,7 +463,7 @@ std::string setDnsLeakProtectEnabled(const std::string &pars)
     spdlog::debug("Set DNS leak protect: {}", enabled ? "enabled" : "disabled");
     // We only handle the down case; the 'up' trigger for this script happens in the DNS manager script
     if (!enabled) {
-        Utils::executeCommand("/etc/windscribe/dns-leak-protect", {"down"});
+        Utils::executeCommand("/opt/windscribe/scripts/dns-leak-protect", {"down"});
     }
     return std::string();
 }

backend/linux/helper/server.cpp

@@ -15,7 +15,7 @@
 #include <unistd.h>
 #include <spdlog/spdlog.h>
 
-#include "firewallcontroller.h"
+#include "firewallonboot.h"
 #include "ipc/helper_security.h"
 #include "process_command.h"
 #include "utils.h"
@@ -171,10 +171,11 @@ void Server::run()
 
 #ifdef NDEBUG   // release build
     Utils::createWindscribeUserAndGroup();
-    auto res = system("mkdir -p /var/run/windscribe && chown :windscribe /var/run/windscribe && chmod 775 /var/run/windscribe"); // res is necessary to avoid no-discard warning.
+    auto res = system("mkdir -p /var/run/windscribe && chown :windscribe /var/run/windscribe && chmod 775 /var/run/windscribe && mkdir -p /var/tmp/windscribe"); // res is necessary to avoid no-discard warning.
 #else           // debug build
-    auto res = system("mkdir -p /var/run/windscribe && chmod 777 /var/run/windscribe");
+    auto res = system("mkdir -p /var/run/windscribe && chmod 777 /var/run/windscribe && mkdir -p /var/tmp/windscribe");
 #endif
+    spdlog::info("/var/run/windscribe and /var/tmp/windscribe created");
     UNUSED(res);
 
     ::unlink(SOCK_PATH);
@@ -198,8 +199,9 @@ void Server::run()
     }
 #endif
 
-    // Cause the FirewallController to be constructed here, so that on-boot rules are processed, even if the Windscribe app/service does not start.
-    FirewallController::instance();
+    // Cause the FireallOnBootManager to be constructed here, so that on-boot rules are processed,
+    // even if the Windscribe app/service does not start.
+    FirewallOnBootManager::instance();
 
     startAccept();
 

backend/linux/helper/split_tunneling/cgroups.cpp

@@ -19,7 +19,7 @@ bool CGroups::enable(const ConnectStatus &connectStatus, bool isAllowLanTraffic,
 
     std::string out;
 
-    int ret = Utils::executeCommand("/etc/windscribe/cgroups-up",
+    int ret = Utils::executeCommand("/opt/windscribe/scripts/cgroups-up",
                                     { mark_.c_str(),
                                       connectStatus.defaultAdapter.gatewayIp,
                                       connectStatus.defaultAdapter.adapterName,
@@ -42,7 +42,7 @@ void CGroups::disable()
 {
     spdlog::debug("cgroups disable");
 
-    Utils::executeCommand("/etc/windscribe/cgroups-down");
+    Utils::executeCommand("/opt/windscribe/scripts/cgroups-down");
 }
 
 void CGroups::addApp(pid_t pid)

backend/linux/helper/utils.cpp

@@ -134,11 +134,11 @@ std::string getDnsScript(CmdDnsManager mgr)
 {
     switch(mgr) {
     case kSystemdResolved:
-        return "/etc/windscribe/update-systemd-resolved";
+        return "/opt/windscribe/scripts/update-systemd-resolved";
     case kResolvConf:
-        return "/etc/windscribe/update-resolv-conf";
+        return "/opt/windscribe/scripts/update-resolv-conf";
     case kNetworkManager:
-        return "/etc/windscribe/update-network-manager";
+        return "/opt/windscribe/scripts/update-network-manager";
     default:
         return "";
     }

client/CMakeLists.txt

@@ -185,9 +185,8 @@ endif()
 
 target_link_libraries(Windscribe PRIVATE ${CLIENT_LIBS} engine common wsnet::wsnet spdlog::spdlog Qt6::Network ${OS_SPECIFIC_LIBRARIES})
 
-# Wayland support on Linux
 if (UNIX AND (NOT APPLE))
-    qt_import_plugins(Windscribe INCLUDE Qt6::QWaylandIntegrationPlugin)
+    qt_import_plugins(Windscribe INCLUDE Qt6::QWaylandIntegrationPlugin Qt6::QXcbIntegrationPlugin)
 endif()
 
 target_include_directories(Windscribe PRIVATE

client/common/api_responses/portmap.cpp

@@ -11,8 +11,16 @@ namespace api_responses {
 
 PortMap::PortMap(const std::string &json) : d(new PortMapData)
 {
+    if (json.empty()) {
+        return;
+    }
+
     QJsonParseError errCode;
     auto doc = QJsonDocument::fromJson(QByteArray(json.c_str()), &errCode);
+    if (errCode.error != QJsonParseError::ParseError::NoError) {
+        return;
+    }
+
     auto jsonObject = doc.object();
     auto jsonData =  jsonObject["data"].toObject();
     auto jsonArray = jsonData["portmap"].toArray();
@@ -42,6 +50,10 @@ PortMap::PortMap(const std::string &json) : d(new PortMapData)
         d->items_ << portItem;
     }
     removeUnsupportedProtocols(types::Protocol::supportedProtocols());
+
+    if (d->items_.count() > 0) {
+        isValid_ = true;
+    }
 }
 
 int PortMap::getPortItemCount() const
@@ -130,6 +142,11 @@ void PortMap::removeUnsupportedProtocols(const QList<types::Protocol> &supported
     }), d->items_.end());
 }
 
+bool PortMap::isValid() const
+{
+    return isValid_;
+}
+
 QDataStream& operator <<(QDataStream& stream, const PortItem& p)
 {
     stream << p.versionForSerialization_;
@@ -153,7 +170,7 @@ QDataStream& operator >>(QDataStream& stream, PortItem& p)
 QDataStream& operator <<(QDataStream& stream, const PortMap& p)
 {
     stream << p.versionForSerialization_;
-    stream << p.d->items_;
+    stream << p.d->items_ << p.isValid_;
     return stream;
 }
 
@@ -167,6 +184,9 @@ QDataStream& operator >>(QDataStream& stream, PortMap& p)
         return stream;
     }
     stream >> p.d->items_;
+    if (version >= 2) {
+        stream >> p.isValid_;
+    }
     return stream;
 }
 

client/common/api_responses/portmap.h

@@ -41,7 +41,7 @@ class PortMap
 public:
     PortMap() : d(new PortMapData) {}
     explicit PortMap(const std::string &json);
-    PortMap(const PortMap &other) : d (other.d) {}
+    PortMap(const PortMap &other) : d (other.d), isValid_(other.isValid()) {}
 
     int getPortItemCount() const;
     const PortItem *getPortItemByIndex(int ind) const;
@@ -54,6 +54,8 @@ class PortMap
 
     void removeUnsupportedProtocols(const QList<types::Protocol> &supportedProtocols);
 
+    bool isValid() const;
+
     PortMap& operator=(const PortMap&) = default;
 
     friend QDataStream& operator <<(QDataStream& stream, const PortMap& p);
@@ -62,7 +64,9 @@ class PortMap
 
 private:
     QSharedDataPointer<PortMapData> d;
-    static constexpr quint32 versionForSerialization_ = 1;
+    bool isValid_ = false;
+
+    static constexpr quint32 versionForSerialization_ = 2;
 };
 
 } //namespace api_responses