public int UpdateAppCtrlRule(Client client, AppCtrlRule rule)
{
lock (client.SyncAccess)
{
return(server.UpdateAppCtrlRule(client, rule));
}
}
public AuxiliarForm(AuxFormType formType, AppCtrlRule appRule)
{
this.appRule = appRule;
this.formType = formType;
Result = AuxFormResult.Canceled;
InitializeComponent();
CreateFields();
}
public int UpdateAppCtrlRule(Client client, AppCtrlRule rule)
{
soc.SendDWORD(client.Socket, (int)IceServerCommand.UpdateAppCtrlRule);
soc.SendDWORD(client.Socket, rule.RuleID);
soc.SendDWORD(client.Socket, (int)rule.ProcessPathMatcher);
soc.SendString(client.Socket, rule.ProcessPath);
soc.SendDWORD(client.Socket, rule.PID);
soc.SendDWORD(client.Socket, (int)rule.ParentPathMatcher);
soc.SendString(client.Socket, rule.ParentPath);
soc.SendDWORD(client.Socket, rule.ParentPID);
soc.SendDWORD(client.Socket, (int)rule.Verdict);
IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket);
if (cmdResult != IceServerCommandResult.Success)
{
throw new Exception("Failed to Update AppCtrl Rule " + rule.RuleID + " for client " + client.Name);
}
return(1);
}
private void btnUpdate_Click(object sender, EventArgs e)
{
ListView lv = tabControl.SelectedIndex == 0 ? listAppRules : listFSRules;
int selectedIndex = tabControl.SelectedIndex;
Client client = clients[listClients.SelectedIndices[0]];
AuxiliarForm auxForm;
AppCtrlRule appRule = new AppCtrlRule();
FSRule fsRule = new FSRule();
if (selectedIndex == 0)
{
appRule = client.AppCtrlRules[listAppRules.SelectedIndices[0]];
auxForm = new AuxiliarForm(selectedIndex == 0 ? AuxFormType.UpdateAppCtrl : AuxFormType.UpdateFSScan, appRule);
}
else
{
fsRule = client.FSRules[listFSRules.SelectedIndices[0]];
auxForm = new AuxiliarForm(selectedIndex == 0 ? AuxFormType.UpdateAppCtrl : AuxFormType.UpdateFSScan, fsRule);
}
auxForm.Text = selectedIndex == 0 ? "Update Application Control Rule" : "Update File System Scan Rule";
auxForm.ShowDialog();
if (auxForm.Result != AuxFormResult.Completed)
{
return;
}
string[] values = auxForm.Values;
if (selectedIndex == 0)
{
UpdateAppCtrlRule(values, appRule.RuleID);
}
else
{
UpdateFSScanRule(values, fsRule.RuleID);
}
}
/****************************************************************/
/* Public function */
/****************************************************************/
public AppCtrlRule[] GetAppCtrlRules(Client client)
{
soc.SendDWORD(client.Socket, (int)IceServerCommand.GetAppCtrlRules);
IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket);
if (cmdResult != IceServerCommandResult.Success)
{
throw new Exception("Failed to get AppCtrl Rules for client " + client.Name);
}
int len = soc.RecvDWORD(client.Socket);
if (len == 0)
{
return(new AppCtrlRule[0]);
}
AppCtrlRule[] appRules = new AppCtrlRule[len];
for (int i = 0; i < len; i++)
{
appRules[i] = new AppCtrlRule();
appRules[i].RuleID = soc.RecvDWORD(client.Socket);
appRules[i].ProcessPathMatcher = (IceStringMatcher)soc.RecvDWORD(client.Socket);
appRules[i].ProcessPath = soc.RecvString(client.Socket);
appRules[i].PID = soc.RecvDWORD(client.Socket);
appRules[i].ParentPathMatcher = (IceStringMatcher)soc.RecvDWORD(client.Socket);
appRules[i].ParentPath = soc.RecvString(client.Socket);
appRules[i].ParentPID = soc.RecvDWORD(client.Socket);
appRules[i].Verdict = (IceScanVerdict)soc.RecvDWORD(client.Socket);
appRules[i].AddTime = soc.RecvDWORD(client.Socket);
}
client.AppCtrlRules = appRules;
return(appRules);
}
public int AddAppCtrlRule(Client client, AppCtrlRule rule)
{
soc.SendDWORD(client.Socket, (int)IceServerCommand.AddAppCtrlRule);
soc.SendDWORD(client.Socket, (int)rule.ProcessPathMatcher);
soc.SendString(client.Socket, rule.ProcessPath);
soc.SendDWORD(client.Socket, rule.PID);
soc.SendDWORD(client.Socket, (int)rule.ParentPathMatcher);
soc.SendString(client.Socket, rule.ParentPath);
soc.SendDWORD(client.Socket, rule.ParentPID);
soc.SendDWORD(client.Socket, (int)rule.Verdict);
IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket);
if (cmdResult != IceServerCommandResult.Success)
{
throw new Exception("Failed to Add AppCtrl Rule for client " + client.Name);
}
int ruleId = soc.RecvDWORD(client.Socket);
log.Info("AppCtrl rule was added: " + ruleId);
return(ruleId);
}
private void UpdateAppCtrlRule(string[] values, int ruleID)
{
try
{
Client client = clients[listClients.SelectedIndices[0]];
AppCtrlRule rule = new AppCtrlRule();
rule.RuleID = ruleID;
rule.ProcessPathMatcher = values[0].Equals("Equal") ? IceStringMatcher.Equal : IceStringMatcher.Wildmat;
rule.ProcessPath = values[1];
rule.PID = int.Parse(values[2]);
rule.ParentPathMatcher = values[3].Equals("Equal") ? IceStringMatcher.Equal : IceStringMatcher.Wildmat;
rule.ParentPath = values[4];
rule.ParentPID = int.Parse(values[5]);
rule.Verdict = values[6].Equals("Allow") ? IceScanVerdict.Allow : IceScanVerdict.Deny;
BackgroundWorker bw = new BackgroundWorker();
bw.DoWork += new DoWorkEventHandler((object sender2, DoWorkEventArgs e2) =>
{
e2.Result = ctrl.UpdateAppCtrlRule(client, rule);
});
bw.RunWorkerCompleted += new RunWorkerCompletedEventHandler((object sender2, RunWorkerCompletedEventArgs e2) =>
{
if (e2.Error != null)
{
MessageBox.Show(e2.Error.Message, "Error");
return;
}
BackgroundWorker bw2 = new BackgroundWorker();
bw2.DoWork += new DoWorkEventHandler((object sender3, DoWorkEventArgs e3) =>
{
e3.Result = ctrl.GetAppCtrlRules(client);
});
bw2.RunWorkerCompleted += new RunWorkerCompletedEventHandler((object sender3, RunWorkerCompletedEventArgs e3) =>
{
if (e3.Error != null)
{
MessageBox.Show(e3.Error.Message, "Error");
return;
}
SetAppCtrlRulesList(e3.Result as AppCtrlRule[]);
});
bw2.RunWorkerAsync();
//int ruleId = (int)e2.Result;
MessageBox.Show(string.Format("AppCtrl rule with id {0} was updated with success.", ruleID), "Success");
});
bw.RunWorkerAsync();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "Error");
}
}
