diff --git a/yast2-apparmor-2.21.2.tar.bz2 b/yast2-apparmor-2.21.2.tar.bz2 deleted file mode 100644 index c44e092..0000000 --- a/yast2-apparmor-2.21.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f444a01b154aa8d071b2214f3669bb5a9c5c70b591dcf5a7b43a966268dc69bd -size 151613 diff --git a/yast2-apparmor-2.21.3.tar.bz2 b/yast2-apparmor-2.21.3.tar.bz2 new file mode 100644 index 0000000..1101496 --- /dev/null +++ b/yast2-apparmor-2.21.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:37b578fdbdf6d892737cbffa81e72fcad5d1406b8cc21b5ee34581b34e58d2b5 +size 151461 diff --git a/yast2-apparmor-cleanup-names b/yast2-apparmor-cleanup-names deleted file mode 100644 index b2d53a7..0000000 --- a/yast2-apparmor-cleanup-names +++ /dev/null @@ -1,1697 +0,0 @@ -From: Jeff Mahoney -Subject: yast2-apparmor: Fix up naming from SubDomain names - - This patch contains (more or less) the contents that result from the following - script: - -for file in $(grep -r sd . -l); do if [ "$(basename $file)" != "Makefile.in" ]; then sed -e 's/sd/aa/g' < $file > $file.new ; mv $file.new $file;fi; done - -for file in $(grep -r SD . -l); do if [ "$(basename $file)" != "Makefile.in" ]; then sed -e 's/SD/AA/g' < $file > $file.new ; mv $file.new $file;fi; done - -for file in $(grep -r subdomain . -l); do if [ "$(basename $file)" != "Makefile.in" ]; then sed -e 's/subdomain/apparmor/g' < $file > $file.new ; mv $file.new $file;fi; done - -for file in $(grep -r SubDomain . -l); do if [ "$(basename $file)" != "Makefile.in" ]; then sed -e 's/SubDomain/AppArmor/g' < $file > $file.new ; mv $file.new $file;fi; done - -for file in $(grep -r Subdomain . -l); do if [ "$(basename $file)" != "Makefile.in" ]; then sed -e 's/Subdomain/AppArmor/g' < $file > $file.new ; mv $file.new $file;fi; done - -The differences are in that %sd is a special perl-apparmor variable and -must be kept verbatim until the perl-apparmor package is fixed to alias -%sd to %aa. - -Signed-off-by: Jeff Mahoney --- - - configure.in | 2 - src/agents/Makefile.am | 6 - - src/agents/ag_aa_config | 20 ++-- - src/agents/ag_apparmor | 36 ++++---- - src/agents/ag_apparmor_profiles | 22 ++--- - src/agents/ag_complain | 12 +- - src/agents/ag_genprof | 12 +- - src/agents/ag_logparse | 24 ++--- - src/agents/ag_logprof | 4 - src/agents/ag_reports_ess | 6 - - src/agents/ag_reports_parse | 2 - src/agents/ag_reports_sched | 26 +++--- - src/apparmor/reports.conf | 2 - src/bin/reportgen.pl | 6 - - src/clients/AA_AddProfile.ycp | 12 +- - src/clients/AA_DeleteProfile.ycp | 14 +-- - src/clients/AA_EditProfile.ycp | 8 - - src/clients/AA_Report.ycp | 8 - - src/clients/GenProf.ycp | 8 - - src/clients/LogProf.ycp | 8 - - src/clients/Makefile.am | 12 +- - src/clients/apparmor-settings.ycp | 12 +- - src/clients/apparmor.ycp | 18 ++-- - src/clients/apparmor_no_impl.ycp | 2 - src/include/Makefile.am | 2 - src/include/apparmor/Makefile.am | 4 - src/include/apparmor/aa-config.ycp | 30 +++--- - src/include/apparmor/apparmor_profile_check.ycp | 2 - src/include/apparmor/capabilities.ycp | 2 - src/include/apparmor/config_complain.ycp | 2 - src/include/apparmor/helps.ycp | 6 - - src/include/apparmor/profile_dialogs.ycp | 14 +-- - src/include/apparmor/reporting_archived_dialogs.ycp | 22 ++--- - src/include/apparmor/reporting_dialogues.ycp | 86 ++++++++++---------- - src/include/apparmor/reporting_utils.ycp | 38 ++++---- - src/perl/Notify.pm | 2 - src/scrconf/Makefile.am | 6 - - src/scrconf/aaconf.scr | 10 +- - src/scrconf/apparmor.scr | 10 +- - src/scrconf/apparmor_profiles.scr | 6 - - 40 files changed, 262 insertions(+), 262 deletions(-) - ---- a/configure.in -+++ b/configure.in -@@ -158,7 +158,7 @@ src/apparmor/Makefile - src/bin/Makefile - src/clients/Makefile - src/desktop/Makefile --src/include/subdomain/Makefile -+src/include/apparmor/Makefile - src/include/Makefile - src/modules/Makefile - src/perl/Makefile ---- a/src/agents/Makefile.am -+++ b/src/agents/Makefile.am -@@ -7,9 +7,9 @@ agent_SCRIPTS = \ - ag_reports_ess \ - ag_reports_parse \ - ag_reports_sched \ -- ag_sd_config \ -- ag_subdomain \ -- ag_subdomain_profiles -+ ag_aa_config \ -+ ag_apparmor \ -+ ag_apparmor_profiles - - EXTRA_DIST = $(agent_SCRIPTS) - ---- a/src/agents/ag_aa_config -+++ b/src/agents/ag_aa_config -@@ -11,7 +11,7 @@ - # ------------------------------------------------------------------ - - ################################################################################ --# ag_sd_config -+# ag_aa_config - ################################################################################ - - use strict; -@@ -23,7 +23,7 @@ use Immunix::Reports; - - # Subroutines - ################################################################################ --sub setSubdomain { -+sub setAppArmor { - - my $action = shift; - my $errmsg = ""; -@@ -32,7 +32,7 @@ sub setSubdomain { - if (-e "/sbin/rcapparmor") { - open(RUN, "/sbin/rcapparmor start 2>&1 |"); - } else { -- open(RUN, "/sbin/rcsubdomain start 2>&1 |"); -+ open(RUN, "/sbin/rcapparmor start 2>&1 |"); - } - while () { - if (/FATAL:(.*)/) { -@@ -43,7 +43,7 @@ sub setSubdomain { - if (-f "/etc/init.d/boot.apparmor") { - system("/sbin/insserv boot.apparmor"); - } else { -- system("/sbin/insserv boot.subdomain"); -+ system("/sbin/insserv boot.apparmor"); - } - if (-f "/etc/init.d/aaeventd") { - system("/sbin/rcaaeventd start"); -@@ -53,7 +53,7 @@ sub setSubdomain { - if (-e "/sbin/rcapparmor") { - open(RUN, "/sbin/rcapparmor stop 2>&1 |"); - } else { -- open(RUN, "/sbin/rcsubdomain stop 2>&1 |"); -+ open(RUN, "/sbin/rcapparmor stop 2>&1 |"); - } - while () { - if (/FATAL:(.*)/) { -@@ -64,7 +64,7 @@ sub setSubdomain { - if (-f "/etc/init.d/boot.apparmor") { - system("/sbin/insserv -r boot.apparmor"); - } else { -- system("/sbin/insserv -r boot.subdomain"); -+ system("/sbin/insserv -r boot.apparmor"); - } - if (-f "/etc/init.d/aaeventd") { - system("/sbin/rcaaeventd stop"); -@@ -85,7 +85,7 @@ sub setLearningMode { - - my $action = shift; - my $rcscript = -f "/sbin/rcapparmor" ? "/sbin/rcapparmor" -- : "/sbin/rcsubdomain"; -+ : "/sbin/rcapparmor"; - - if ($action eq "enable") { - system("$rcscript", "stop"); -@@ -126,11 +126,11 @@ while ( ) { - - ($action) = (split(/:/, $argument))[1]; - -- if ( $argument =~ /subdomain/ ) { -- $result = setSubdomain($action); -+ if ( $argument =~ /apparmor/ ) { -+ $result = setAppArmor($action); - } elsif ( $argument =~ /learning/ ) { - setLearningMode($action); -- } elsif ( $argument eq 'sd-notify') { -+ } elsif ( $argument eq 'aa-notify') { - setNotify($action); - } - ---- a/src/agents/ag_apparmor -+++ b/src/agents/ag_apparmor -@@ -12,7 +12,7 @@ - - - ################################################################################ --# ag_subdomain -+# ag_apparmor - # - # Version 0.61 - ################################################################################ -@@ -21,39 +21,39 @@ use strict; - use ycp; - use Data::Dumper; - use Immunix::Notify; --use Immunix::SubDomain; -+use Immunix::AppArmor; - - - # Subroutines - ################################################################################ - --sub getSubdomainStatus { -+sub getAppArmorStatus { - -- my $sdStatus = "disabled"; -+ my $aaStatus = "disabled"; - - # Ok check that there are profiles loaded to - # determine status -- my $mountpoint = Immunix::SubDomain::check_for_subdomain(); -+ my $mountpoint = Immunix::AppArmor::check_for_apparmor(); - if ( $mountpoint ) { - open( PROFILES, "cat $mountpoint/profiles|" ); - while () { - # Ensure we have loaded profiles - # not just a loaded module - if ( /\// ) { -- $sdStatus = "enabled"; -+ $aaStatus = "enabled"; - last; - } - } - close PROFILES; - } -- return $sdStatus; -+ return $aaStatus; - } - - sub profileSyntaxCheck { - my $errlist = []; -- Immunix::SubDomain::checkIncludeSyntax($errlist); -- Immunix::SubDomain::checkProfileSyntax($errlist); -- my @errlist = Immunix::SubDomain::uniq(@$errlist); -+ Immunix::AppArmor::checkIncludeSyntax($errlist); -+ Immunix::AppArmor::checkProfileSyntax($errlist); -+ my @errlist = Immunix::AppArmor::uniq(@$errlist); - return \@errlist; - } - -@@ -67,19 +67,19 @@ while ( ) { - my $result = undef; - my $donereturn = 0; - if ( $command && $path && $argument ) { -- if ( $argument eq 'sd-all') { -+ if ( $argument eq 'aa-all') { - my %hResult = ''; # hashed result, duh -- $hResult{'sd-status'} = getSubdomainStatus(); -- $hResult{'sd-notify'} = Immunix::Notify::getNotifyStatus(); -+ $hResult{'aa-status'} = getAppArmorStatus(); -+ $hResult{'aa-notify'} = Immunix::Notify::getNotifyStatus(); - #ycp::ycpReturnHashAsMap( %hResult ); - ycp::Return( %hResult ); - $donereturn = 1; -- } elsif ( $argument eq 'sd-status') { -- $result = getSubdomainStatus(); -- } elsif ( $argument eq 'sd-notify') { -+ } elsif ( $argument eq 'aa-status') { -+ $result = getAppArmorStatus(); -+ } elsif ( $argument eq 'aa-notify') { - $result = Immunix::Notify::getNotifyStatus(); - } elsif ( $command eq "Read" and $argument eq 'custom-includes') { -- my $cfg = Immunix::SubDomain::read_config("logprof.conf"); -+ my $cfg = Immunix::AppArmor::read_config("logprof.conf"); - my @ret = split(' ', $cfg->{settings}{custom_includes}); - ycp::ycpReturn(\@ret); - $donereturn = 1; -@@ -87,7 +87,7 @@ while ( ) { - $result = profileSyntaxCheck(); - ycp::ycpReturn($result); - $donereturn = 1; -- } elsif ( $argument eq 'sd-notify-settings') { -+ } elsif ( $argument eq 'aa-notify-settings') { - $result = Immunix::Notify::getNotifySettings(); - ycp::Return($result); - $donereturn = 1; ---- a/src/agents/ag_apparmor_profiles -+++ b/src/agents/ag_apparmor_profiles -@@ -13,8 +13,8 @@ - - ##################################################################### - # --# ag_subdomain_profiles - Immunix SCR agent for the --# management of SubDomain profiles -+# ag_apparmor_profiles - Immunix SCR agent for the -+# management of AppArmor profiles - # - # - ##################################################################### -@@ -22,7 +22,7 @@ - use strict; - use ycp; - --use Immunix::SubDomain; -+use Immunix::AppArmor; - - ################ - # Subroutines -@@ -74,7 +74,7 @@ while ( ) { - if ( $command && $path && $argument ) { - if ( $command eq "Read" and $argument eq "all") { - $UI_Mode = "yast"; -- Immunix::SubDomain::readprofiles(); -+ Immunix::AppArmor::readprofiles(); - ycp::Return( \%sd ); - } elsif ( $command eq "Read" and $path eq ".new" ) { - my $pfname = getprofilefilename($argument); -@@ -88,15 +88,15 @@ while ( ) { - my $pfname = getprofilefilename($argument); - if ( -e $pfname ) { - $UI_Mode = "yast"; -- Immunix::SubDomain::readprofiles(); -+ Immunix::AppArmor::readprofiles(); - ycp::Return( $sd{$argument} ); - } else { - ycp::Return( "false" ); - } - } elsif ( $command eq "Read") { - $UI_Mode = "yast"; -- Immunix::SubDomain::readprofile("$profiledir/$argument", -- \&$Immunix::SubDomain::fatal_error, 1); -+ Immunix::AppArmor::readprofile("$profiledir/$argument", -+ \&$Immunix::AppArmor::fatal_error, 1); - ycp::Return( \%sd ); - } elsif ( $command eq "Write" and $path eq ".delete") { - if ( $argument ne "" ) { -@@ -109,7 +109,7 @@ while ( ) { - ycp::Return( "false" ); - } - } elsif ( $command eq "Write" and $path eq ".reload") { -- $result = system("/sbin/rcsubdomain reload > /dev/null 2>&1"); -+ $result = system("/sbin/rcapparmor reload > /dev/null 2>&1"); - ycp::Return( "true" ); - } elsif ( $command eq "Write") { - if ( (ref($argument) eq "HASH") ) { -@@ -121,7 +121,7 @@ while ( ) { - if ( (ref($ref) eq "HASH") ) { - %sd = %profiles; - $UI_Mode = "yast"; -- $result = Immunix::SubDomain::writeprofile($profilename); -+ $result = Immunix::AppArmor::writeprofile($profilename); - } else { - ycp::Return( "false" ); - } -@@ -129,11 +129,11 @@ while ( ) { - } - } elsif ( $command eq "Execute") { - if ( $path eq '.mode_to_string') { -- my $ret = Immunix::SubDomain::mode_to_str( $argument ); -+ my $ret = Immunix::AppArmor::mode_to_str( $argument ); - ycp::Return($ret); - } - elsif ($path eq '.string_to_mode') { -- my $ret = Immunix::SubDomain::str_to_mode( $argument ); -+ my $ret = Immunix::AppArmor::str_to_mode( $argument ); - ycp::Return($ret); - } - } else { ---- a/src/agents/ag_complain -+++ b/src/agents/ag_complain -@@ -16,7 +16,7 @@ - # - Toggles profiles between complain/enforce modes - # - # Requires: --# - /usr/lib/perl5/vendor_perl/Immunix/SubDomain.pm -+# - /usr/lib/perl5/vendor_perl/Immunix/AppArmor.pm - # - # Input (Optional): - # - param 'showall' == 1 to change modes for profiles without associated -@@ -33,7 +33,7 @@ - use strict; - use ycp; - --use Immunix::SubDomain; -+use Immunix::AppArmor; - - our $UI_Mode = "yast-agent"; - -@@ -261,9 +261,9 @@ sub setProfMode { - } else { - - if ($profMode eq 'complain') { -- Immunix::SubDomain::complain("$profName"); -+ Immunix::AppArmor::complain("$profName"); - } else { -- Immunix::SubDomain::enforce("$profName"); -+ Immunix::AppArmor::enforce("$profName"); - } - } - -@@ -285,9 +285,9 @@ sub setProfMode { - if ( badFileName($prof->{'path'}), $args->{'showall'} ) { - ycp::y2milestone("Bad profile: $prof->{'path'}. Skipping."); - } elsif ($profMode eq 'complain') { -- Immunix::SubDomain::complain("$prof->{'path'}"); -+ Immunix::AppArmor::complain("$prof->{'path'}"); - } else { -- Immunix::SubDomain::enforce("$prof->{'path'}"); -+ Immunix::AppArmor::enforce("$prof->{'path'}"); - } - } - ---- a/src/agents/ag_genprof -+++ b/src/agents/ag_genprof -@@ -26,7 +26,7 @@ textdomain("yast2-apparmor"); - # and strings from y2-apparmor are translated differently anyway - textdomain("apparmor-utils"); - --use Immunix::SubDomain; -+use Immunix::AppArmor; - setup_yast(); - - # !hack hack hack! -@@ -63,16 +63,16 @@ GetOptions( - - # tell 'em how to use it... - &usage && exit if $help; --my $sd_mountpoint = check_for_subdomain(); --unless($sd_mountpoint) { -- fatal_error( __("SubDomain does not appear to be started. Please enable SubDomain and try again.")); -+my $aa_mountpoint = check_for_apparmor(); -+unless($aa_mountpoint) { -+ fatal_error( __("AppArmor does not appear to be started. Please enable AppArmor and try again.")); - } - - # let's convert it to full path... - $profiledir = get_full_path($profiledir); - - unless(-d $profiledir) { -- fatal_error(sprintf(__("Can't find subdomain profiles in %s."), $profiledir)); -+ fatal_error(sprintf(__("Can't find apparmor profiles in %s."), $profiledir)); - } - - # what are we profiling? -@@ -240,7 +240,7 @@ for my $p (sort keys %helpers) { - } - } - --UI_Info(__("Reloaded SubDomain profiles in enforce mode.")); -+UI_Info(__("Reloaded AppArmor profiles in enforce mode.")); - UI_Info( sprintf(__('Finished generating profile for %s.'), $fqdbin)); - - shutdown_yast(); ---- a/src/agents/ag_logparse -+++ b/src/agents/ag_logparse -@@ -13,11 +13,11 @@ - ################################################################################ - # ag_logparse - # --# - Generates report of SubDomain events -+# - Generates report of AppArmor events - # - # Requires: --# - /usr/lib/immunix/SubDomain/perl/Immunix::Reports.pm --# - /usr/lib/immunix/SubDomain/perl/Events.pm -+# - /usr/lib/immunix/AppArmor/perl/Immunix::Reports.pm -+# - /usr/lib/immunix/AppArmor/perl/Events.pm - # - # Input (Optional): - # -Start Date|End Date (Month, Day, Year, Time) -@@ -27,7 +27,7 @@ - # -Severity Level - # -Denied Resources - # -Mode --# -SDMode -+# -AAMode - # - ################################################################################ - my $Version='1.03'; -@@ -279,15 +279,15 @@ while ( ) { - } - } - -- # Parse sdmode & mode labels -- if ( $args->{'sdmode'} ) { -- if ($args->{'sdmode'} eq "All") { -- $args->{'sdmode'} = "-"; # Translate from GUI -+ # Parse aamode & mode labels -+ if ( $args->{'aamode'} ) { -+ if ($args->{'aamode'} eq "All") { -+ $args->{'aamode'} = "-"; # Translate from GUI - } else { -- $args->{'sdmode'} =~ s/\&//g; -- $args->{'sdmode'} =~ s/\://g; -- $args->{'sdmode'} =~ s/\s//g; -- $args->{'sdmode'} =~ s/AccessType//g; -+ $args->{'aamode'} =~ s/\&//g; -+ $args->{'aamode'} =~ s/\://g; -+ $args->{'aamode'} =~ s/\s//g; -+ $args->{'aamode'} =~ s/AccessType//g; - } - } - ---- a/src/agents/ag_logprof -+++ b/src/agents/ag_logprof -@@ -16,7 +16,7 @@ use strict; - use Data::Dumper; - use Getopt::Long; - --use Immunix::SubDomain; -+use Immunix::AppArmor; - - sub usage { - UI_Info("usage: $0 [ -d /path/to/profiles ] [ -f /path/to/logfile ] [ -m \"mark in log to start processing after\""); -@@ -43,7 +43,7 @@ GetOptions( - $profiledir = get_full_path($profiledir); - - unless(-d $profiledir) { -- fatal_error "Can't find subdomain profiles in $profiledir."; -+ fatal_error "Can't find apparmor profiles in $profiledir."; - } - - # load all the include files ---- a/src/agents/ag_reports_ess -+++ b/src/agents/ag_reports_ess -@@ -13,11 +13,11 @@ - ################################################################################ - # ag_reports_ess - # --# - Generates Report of SubDomain Executive Security Summary -+# - Generates Report of AppArmor Executive Security Summary - # - # Requires: --# - /usr/lib/immunix/SubDomain/perl/Immunix/Events.pm --# - /usr/lib/immunix/SubDomain/perl/Immunix/Reports.pm -+# - /usr/lib/immunix/AppArmor/perl/Immunix/Events.pm -+# - /usr/lib/immunix/AppArmor/perl/Immunix/Reports.pm - # - # Input (Optional): - # ---- a/src/agents/ag_reports_parse -+++ b/src/agents/ag_reports_parse -@@ -95,7 +95,7 @@ sub getFileList { - my @dirList = (); - my $error = undef; - -- # Create list of subdomain activation prospects from Old logfiles -+ # Create list of apparmor activation prospects from Old logfiles - if ( opendir(LDIR, $logDir) ) { - - if ( $args->{'type'} eq "sirRep" || $args->{'type'} eq "archRep" ) { ---- a/src/agents/ag_reports_sched -+++ b/src/agents/ag_reports_sched -@@ -13,11 +13,11 @@ - ################################################################################ - # ag_reports_sched - # --# - Adds/Deletes/Edits Scheduled Subdomain Event Reports (cron) -+# - Adds/Deletes/Edits Scheduled AppArmor Event Reports (cron) - # - # Requires: --# - /usr/lib/immunix/SubDomain/perl/Immunix/Events.pm --# - /usr/lib/immunix/SubDomain/perl/Immunix/Reports.pm -+# - /usr/lib/immunix/AppArmor/perl/Immunix/Events.pm -+# - /usr/lib/immunix/AppArmor/perl/Immunix/Reports.pm - # - # Uses: - # -/etc/apparmor/reports.crontab -@@ -31,7 +31,7 @@ - # -PID - # -Severity Level - # -Denied Resources --# -SD Mode -+# -AA Mode - # -Mode - # - ################################################################################ -@@ -87,7 +87,7 @@ sub getFilters { - - my $filts = undef; - my $schedConf = '/etc/apparmor/reports.conf'; -- my $regExp = '(prog|profile|pid|resource|severity|sdmode|mode)'; -+ my $regExp = '(prog|profile|pid|resource|severity|aamode|mode)'; - - my $allConf = Immunix::Reports::getXmlReport($repName); - -@@ -193,7 +193,7 @@ sub addConf { - - # pre-process filters for GUI - UGLY - for ($args->{'prog'},$args->{'prof'},$args->{'pid'},$args->{'sev'}, -- $args->{'res'},$args->{'sdmode'},$args->{'mode'}) { -+ $args->{'res'},$args->{'aamode'},$args->{'mode'}) { - - $_ =~ s/\s+//g; - -@@ -229,7 +229,7 @@ sub addConf { - print NCF "\t\t$args->{'pid'}\n"; - print NCF "\t\t$args->{'sev'}\n"; - print NCF "\t\t$args->{'res'}\n"; -- print NCF "\t\t$args->{'sdmode'}\n"; -+ print NCF "\t\t$args->{'aamode'}\n"; - print NCF "\t\t$args->{'mode'}\n"; - print NCF "\t\t$expPath\n"; - print NCF "\t\t$expType\n"; -@@ -648,12 +648,12 @@ while ( ) { - } - } - -- # Parse sdmode & mode labels -- if ( $args->{'sdmode'} ) { -- $args->{'sdmode'} =~ s/\&//g; -- $args->{'sdmode'} =~ s/\://g; -- $args->{'sdmode'} =~ s/\s//g; -- $args->{'sdmode'} =~ s/AccessType//g; -+ # Parse aamode & mode labels -+ if ( $args->{'aamode'} ) { -+ $args->{'aamode'} =~ s/\&//g; -+ $args->{'aamode'} =~ s/\://g; -+ $args->{'aamode'} =~ s/\s//g; -+ $args->{'aamode'} =~ s/AccessType//g; - } - if ( $args->{'mode'} ) { - $args->{'mode'} =~ s/\&//g; ---- a/src/apparmor/reports.conf -+++ b/src/apparmor/reports.conf -@@ -22,7 +22,7 @@ - - - -- R -+ R - - - ---- a/src/bin/reportgen.pl -+++ b/src/bin/reportgen.pl -@@ -26,7 +26,7 @@ - # -PID 'pid' - # -Severity 'sevLevel' - # -Denied Resources 'resource' --# -SD Mode 'sdmode' -+# -AA Mode 'aamode' - # -Mode 'mode' - # - ################################################################################ -@@ -522,13 +522,13 @@ sub runSir { - for (@$db) { - print SIR "$_->{'host'},$_->{'time'},$_->{'prog'},$_->{'profile'},"; - print SIR "$_->{'pid'},$_->{'severity'},$_->{'mode_deny'},$_->{'mode_req'},"; -- print SIR "$_->{'resource'},$_->{'sdmode'},$_->{'op'},$_->{'attr'},"; -+ print SIR "$_->{'resource'},$_->{'aamode'},$_->{'op'},$_->{'attr'},"; - print SIR "$_->{'name_alt'},$_->{'parent'},$_->{'active_hat'},"; - print SIR "$_->{'net_family'},$_->{'net_proto'},$_->{'net_socktype'}\n"; - - # old aa-eventd - #print SIR "$_->{'host'},$_->{'date'},$_->{'prog'},$_->{'profile'},$_->{'pid'},"; -- #print SIR "$_->{'severity'},$_->{'mode'},$_->{'resource'},$_->{'sdmode'}\n"; -+ #print SIR "$_->{'severity'},$_->{'mode'},$_->{'resource'},$_->{'aamode'}\n"; - } - - close SIR; ---- a/src/clients/AA_AddProfile.ycp -+++ b/src/clients/AA_AddProfile.ycp -@@ -12,9 +12,9 @@ import "Wizard"; - import "Popup"; - import "Label"; - import "Sequencer"; --include "subdomain/apparmor_packages.ycp"; --include "subdomain/apparmor_profile_check.ycp"; --include "subdomain/profile_dialogs.ycp"; -+include "apparmor/apparmor_packages.ycp"; -+include "apparmor/apparmor_profile_check.ycp"; -+include "apparmor/profile_dialogs.ycp"; - textdomain "yast2-apparmor"; - - // Globalz -@@ -28,7 +28,7 @@ define boolean CreateNewProfile() { - return false; - } - Settings["CURRENT_PROFILE"] = selectfilename; -- boolean profile = (boolean) SCR::Read (.subdomain_profiles.new, selectfilename); -+ boolean profile = (boolean) SCR::Read (.apparmor_profiles.new, selectfilename); - if ( profile == false && Popup::YesNoHeadline( _("Profile for ") + selectfilename + _(" already exists."), _("Would you like to open this profile in editing mode?") ) ) { - return true; - } -@@ -71,7 +71,7 @@ define any MainSequence() ``{ - remove( Settings, "CURRENT_PROFILE"); - return (any) `abort; - } -- map new_profile = (map) SCR::Read (.subdomain_profiles, Settings["CURRENT_PROFILE"]:"" ); -+ map new_profile = (map) SCR::Read (.apparmor_profiles, Settings["CURRENT_PROFILE"]:"" ); - Settings["PROFILE_MAP"] = new_profile; - Wizard::CreateDialog(); - Wizard::SetTitleIcon("apparmor_add_profile"); -@@ -79,7 +79,7 @@ define any MainSequence() ``{ - Wizard::CloseDialog(); - if ( ret == `abort ) { - string profile_name = Settings["NEW_PROFILE"]:""; -- any result = SCR::Write(.subdomain_profiles.delete, profile_name); -+ any result = SCR::Write(.apparmor_profiles.delete, profile_name); - } - Settings = remove( Settings, "NEW_PROFILE"); - Settings = remove( Settings, "CURRENT_PROFILE"); ---- a/src/clients/AA_DeleteProfile.ycp -+++ b/src/clients/AA_DeleteProfile.ycp -@@ -12,9 +12,9 @@ import "Wizard"; - import "Label"; - import "Popup"; - import "Sequencer"; --include "subdomain/apparmor_packages.ycp"; --include "subdomain/apparmor_profile_check.ycp"; --include "subdomain/profile_dialogs.ycp"; -+include "apparmor/apparmor_packages.ycp"; -+include "apparmor/apparmor_profile_check.ycp"; -+include "apparmor/profile_dialogs.ycp"; - textdomain "yast2-apparmor"; - - // Globalz -@@ -25,8 +25,8 @@ define any DeleteProfileConfirmation() { - _("Are you sure you want to delete the profile ") + profilename + - _(" ?\nAfter this operation the AppArmor module will reload the profile set.") ) ) { - y2milestone("Deleted " + profilename ); -- boolean result = SCR::Write(.subdomain_profiles.delete, profilename); -- any result2 = SCR::Write(.subdomain_profiles.reload, "-"); -+ boolean result = SCR::Write(.apparmor_profiles.delete, profilename); -+ any result2 = SCR::Write(.apparmor_profiles.reload, "-"); - } - return `finish; - } -@@ -35,12 +35,12 @@ define any MainSequence() ``{ - - // - // Read the profiles from the SCR agent -- map profiles = (map) SCR::Read (.subdomain_profiles, "all"); -+ map profiles = (map) SCR::Read (.apparmor_profiles, "all"); - - map aliases = $[ - "chooseprofile" : ``(SelectProfileForm(profiles, _("Please make a - selection from the listed profiles and press Next to delete the profile."), -- _("Delete Profile - Choose profile to delete"), "subdomain/delete_profile")), -+ _("Delete Profile - Choose profile to delete"), "apparmor/delete_profile")), - "deleteprofile" : ``(DeleteProfileConfirmation()), - ]; - ---- a/src/clients/AA_EditProfile.ycp -+++ b/src/clients/AA_EditProfile.ycp -@@ -12,9 +12,9 @@ import "Wizard"; - import "Popup"; - import "Label"; - import "Sequencer"; --include "subdomain/apparmor_packages.ycp"; --include "subdomain/apparmor_profile_check.ycp"; --include "subdomain/profile_dialogs.ycp"; -+include "apparmor/apparmor_packages.ycp"; -+include "apparmor/apparmor_profile_check.ycp"; -+include "apparmor/profile_dialogs.ycp"; - textdomain "yast2-apparmor"; - - // Globalz -@@ -25,7 +25,7 @@ define any MainSequence() ``{ - - // - // Read the profiles from the SCR agent -- map profiles = (map) SCR::Read (.subdomain_profiles, "all"); -+ map profiles = (map) SCR::Read (.apparmor_profiles, "all"); - - map aliases = $[ - "showProfile" : ``(DisplayProfileForm(Settings["CURRENT_PROFILE"]:"", false)), ---- a/src/clients/AA_Report.ycp -+++ b/src/clients/AA_Report.ycp -@@ -13,10 +13,10 @@ import "Wizard"; - import "Popup"; - import "Label"; - import "Sequencer"; --include "subdomain/apparmor_packages.ycp"; --include "subdomain/apparmor_profile_check.ycp"; --include "subdomain/reporting_dialogues.ycp"; --include "subdomain/report_helptext.ycp"; -+include "apparmor/apparmor_packages.ycp"; -+include "apparmor/apparmor_profile_check.ycp"; -+include "apparmor/reporting_dialogues.ycp"; -+include "apparmor/report_helptext.ycp"; - textdomain "yast2-apparmor"; - - // Globalz ---- a/src/clients/GenProf.ycp -+++ b/src/clients/GenProf.ycp -@@ -12,10 +12,10 @@ - import "Wizard"; - import "Popup"; - import "Sequencer"; -- include "subdomain/apparmor_profile_check.ycp"; -- include "subdomain/apparmor_packages.ycp"; -- include "subdomain/apparmor_ycp_utils.ycp"; -- include "subdomain/helps.ycp"; -+ include "apparmor/apparmor_profile_check.ycp"; -+ include "apparmor/apparmor_packages.ycp"; -+ include "apparmor/apparmor_ycp_utils.ycp"; -+ include "apparmor/helps.ycp"; - textdomain "yast2-apparmor"; - - boolean done = false; ---- a/src/clients/LogProf.ycp -+++ b/src/clients/LogProf.ycp -@@ -12,10 +12,10 @@ - import "Wizard"; - import "Popup"; - import "Sequencer"; -- include "subdomain/apparmor_packages.ycp"; -- include "subdomain/apparmor_profile_check.ycp"; -- include "subdomain/apparmor_ycp_utils.ycp"; -- include "subdomain/helps.ycp"; -+ include "apparmor/apparmor_packages.ycp"; -+ include "apparmor/apparmor_profile_check.ycp"; -+ include "apparmor/apparmor_ycp_utils.ycp"; -+ include "apparmor/helps.ycp"; - textdomain "yast2-apparmor"; - - boolean done = false; ---- a/src/clients/Makefile.am -+++ b/src/clients/Makefile.am -@@ -2,12 +2,12 @@ client_DATA = \ - apparmor.ycp \ - GenProf.ycp \ - LogProf.ycp \ -- SD_AddProfile.ycp \ -- SD_DeleteProfile.ycp \ -- SD_EditProfile.ycp \ -- SD_Report.ycp \ -- subdomain_no_impl.ycp \ -- subdomain.ycp -+ AA_AddProfile.ycp \ -+ AA_DeleteProfile.ycp \ -+ AA_EditProfile.ycp \ -+ AA_Report.ycp \ -+ apparmor_no_impl.ycp \ -+ apparmor-settings.ycp - - EXTRA_DIST = \ - $(client_DATA) ---- a/src/clients/apparmor-settings.ycp -+++ b/src/clients/apparmor-settings.ycp -@@ -14,14 +14,14 @@ textdomain "yast2-apparmor"; - - /* The main () */ - y2milestone("----------------------------------------"); --y2milestone("Subdomain module started"); -+y2milestone("AppArmor module started"); - - import "Label"; - import "Popup"; - import "Wizard"; - --include "subdomain/apparmor_packages.ycp"; --include "subdomain/sd-config.ycp"; -+include "apparmor/apparmor_packages.ycp"; -+include "apparmor/aa-config.ycp"; - - // no command line support #269891 - if (size(WFM::Args()) > 0 ) -@@ -37,7 +37,7 @@ if (!installAppArmorPackages()) { - - list config_steps = - [ -- $[ "id": "subdomain", "label": _("Enable AppArmor Functions") ], -+ $[ "id": "apparmor", "label": _("Enable AppArmor Functions") ], - ]; - - list steps = flatten( [ config_steps ] ); -@@ -49,8 +49,8 @@ define symbol displayPage( integer no ) - - UI::WizardCommand(`SetCurrentStep( current_id ) ); - -- if ( current_id == "subdomain") { -- //button = displaySubdomainConfig(); -+ if ( current_id == "apparmor") { -+ //button = displayAppArmorConfig(); - button = displayAppArmorConfig(); - } - ---- a/src/clients/apparmor.ycp -+++ b/src/clients/apparmor.ycp -@@ -4,9 +4,9 @@ import "Wizard"; - import "Label"; - import "Popup"; - import "Sequencer"; --include "subdomain/apparmor_packages.ycp"; --include "subdomain/apparmor_profile_check.ycp"; --include "subdomain/profile_dialogs.ycp"; -+include "apparmor/apparmor_packages.ycp"; -+include "apparmor/apparmor_profile_check.ycp"; -+include "apparmor/profile_dialogs.ycp"; - - any startDialog(){ - /* AppArmor dialog caption */ -@@ -26,13 +26,13 @@ any startDialog(){ - /* Selection box label */ - `SelectionBox(`id(`modules), `opt(`notify), _("&Available AppArmor Modules:"), [ - /* Selection box items */ -- `item(`id("subdomain"), _("Settings"), true), -+ `item(`id("apparmor-settings"), _("Settings"), true), - `item(`id("GenProf"), _("Generate Profile")), - `item(`id("LogProf"), _("Update Profile")), -- `item(`id("SD_Report"), _("Reports")), -- `item(`id("SD_EditProfile"), _("Edit Profile")), -- `item(`id("SD_AddProfile"), _("Add Manually Profile")), -- `item(`id("SD_DeleteProfile"), _("Delete Profile")) -+ `item(`id("AA_Report"), _("Reports")), -+ `item(`id("AA_EditProfile"), _("Edit Profile")), -+ `item(`id("AA_AddProfile"), _("Add Manually Profile")), -+ `item(`id("AA_DeleteProfile"), _("Delete Profile")) - ]), - `VSpacing(3) - ), -@@ -74,7 +74,7 @@ any startDialog(){ - } - } - -- string launch = "subdomain"; -+ string launch = "apparmor"; - if(ret == `next) { - launch = (string) UI::QueryWidget(`id(`modules), `CurrentItem); - y2debug("launch=%1", launch); ---- a/src/clients/apparmor_no_impl.ycp -+++ b/src/clients/apparmor_no_impl.ycp -@@ -11,7 +11,7 @@ - import "Popup"; - import "Wizard"; - --//include "subdomain/prof-config.ycp"; -+//include "apparmor/prof-config.ycp"; - - /* BEGIN - This is just temporary filler */ - Popup::Message("This function is not implemented at this time"); ---- a/src/include/Makefile.am -+++ b/src/include/Makefile.am -@@ -1 +1 @@ --SUBDIRS = subdomain -+SUBDIRS = apparmor ---- a/src/include/apparmor/Makefile.am -+++ b/src/include/apparmor/Makefile.am -@@ -1,4 +1,4 @@ --yncludedir = @yncludedir@/subdomain -+yncludedir = @yncludedir@/apparmor - - ynclude_DATA = \ - apparmor_packages.ycp \ -@@ -12,7 +12,7 @@ ynclude_DATA = \ - reporting_archived_dialogs.ycp \ - reporting_dialogues.ycp \ - reporting_utils.ycp \ -- sd-config.ycp -+ aa-config.ycp - - EXTRA_DIST = \ - $(ynclude_DATA) ---- a/src/include/apparmor/aa-config.ycp -+++ b/src/include/apparmor/aa-config.ycp -@@ -8,9 +8,9 @@ - * - ------------------------------------------------------------------*/ - { --include "subdomain/config_complain.ycp"; --include "subdomain/helps.ycp"; --include "subdomain/apparmor_ycp_utils.ycp"; -+include "apparmor/config_complain.ycp"; -+include "apparmor/helps.ycp"; -+include "apparmor/apparmor_ycp_utils.ycp"; - textdomain "yast2-apparmor"; - - import "Label"; -@@ -18,15 +18,15 @@ import "Label"; - define boolean changeAppArmorState(boolean aaEnabled) { - - any error = nil; -- string sdAction = ""; -+ string aaAction = ""; - - if (aaEnabled == true) { -- sdAction = "subdomain:enable"; -+ aaAction = "apparmor:enable"; - } else { -- sdAction = "subdomain:disable"; -+ aaAction = "apparmor:disable"; - } - -- error = SCR::Execute(.sdconf, sdAction); -+ error = SCR::Execute(.aaconf, aaAction); - - if ( error != nil && is(error, string) ) { - -@@ -42,7 +42,7 @@ define boolean changeAppArmorState(boole - - define void displayNotifyForm() { - -- map settings = (map) SCR::Execute(.subdomain, "sd-notify-settings"); -+ map settings = (map) SCR::Execute(.apparmor, "aa-notify-settings"); - - map terse = settings["terse"]:$[]; - map summary = settings["summary"]:$[]; -@@ -183,7 +183,7 @@ define void displayNotifyForm() { - s_freq = UI::QueryWidget(`id(`summary_freq), `Value); - v_freq = UI::QueryWidget(`id(`verbose_freq), `Value); - -- set_notify["sd-set-notify"] = "yes"; -+ set_notify["aa-set-notify"] = "yes"; - terse["terse_freq"] = tostring(t_freq); - summary["summary_freq"] = tostring(s_freq); - verbose["verbose_freq"] = tostring(v_freq); -@@ -270,7 +270,7 @@ define void displayNotifyForm() { - answers["summary"] = summary; - answers["verbose"] = verbose; - -- string result = (string) SCR::Execute(.sdconf, answers); -+ string result = (string) SCR::Execute(.aaconf, answers); - - if (result != "success") { - Popup::Error( _("Configuration failed for the following operations: ") + result); -@@ -297,16 +297,16 @@ define symbol displayAppArmorConfig () { - // AppArmor Status - boolean aaEnabled = false; - boolean ntIsEnabled = false; -- string subdomain = (string) SCR::Execute(.subdomain, "sd-status"); -- string sdEnStr = _("AppArmor is disabled"); -+ string apparmor = (string) SCR::Execute(.apparmor, "aa-status"); -+ string aaEnStr = _("AppArmor is disabled"); - -- if (subdomain == "enabled") { -+ if (apparmor == "enabled") { - aaEnabled = true; -- sdEnStr = _("AppArmor is enabled"); -+ aaEnStr = _("AppArmor is enabled"); - } - - // Notification Status -- string evnotify = (string) SCR::Execute(.subdomain, "sd-notify"); -+ string evnotify = (string) SCR::Execute(.apparmor, "aa-notify"); - string evEnStr = _("Notification is disabled"); - if (evnotify == "enabled") { - ntIsEnabled = true; ---- a/src/include/apparmor/apparmor_profile_check.ycp -+++ b/src/include/apparmor/apparmor_profile_check.ycp -@@ -25,7 +25,7 @@ define boolean checkProfileSyntax () { - boolean syntax_ok = true; - - args["profile-syntax-check"] = "1"; -- list errors = (list ) SCR::Execute (.subdomain, "profile-syntax-check" ); -+ list errors = (list ) SCR::Execute (.apparmor, "profile-syntax-check" ); - foreach ( string error, errors, ``{ - syntax_ok = false; - errmsg = errmsg + "
  • " + error + "
    • "; ---- a/src/include/apparmor/capabilities.ycp -+++ b/src/include/apparmor/capabilities.ycp -@@ -210,7 +210,7 @@ _("
  • Allows setting read ahead and fl - _("
  • Allows tuning the ide driver
    • -
  • Allows access to the nvram device
    • -
  • Allows administration of apm_bios, serial and bttv (TV) device
    • --
  • Allows manufacturer commands in isdn CAPI support driver
    • ") + -+
  • Allows manufacturer commands in iaan CAPI support driver
    • ") + - - _("
  • Allows reading non-standardized portions of pci configuration space
    • -
  • Allows DDI debug ioctl on sbpcd driver
    • ---- a/src/include/apparmor/config_complain.ycp -+++ b/src/include/apparmor/config_complain.ycp -@@ -161,7 +161,7 @@ define symbol profileModeConfigForm() { - } else if ( id == `next ) { - integer ret = -1; - if ( modified ) -- ret = (integer) SCR::Execute (.target.bash, "/sbin/rcsubdomain reload > /dev/null 2>&1"); -+ ret = (integer) SCR::Execute (.target.bash, "/sbin/rcapparmor reload > /dev/null 2>&1"); - else { - y2milestone("No change to Apparmor profile modes - nothing to do."); - break; ---- a/src/include/apparmor/helps.ycp -+++ b/src/include/apparmor/helps.ycp -@@ -29,7 +29,7 @@ had 10 security events since Tue Oct 12 - _("

    Summary Notification: The Summary notification displays - the logged AppArmor security events, and lists the number of - individual occurrences, including the date of the last occurrence. --
    For example:
    SubDomain: PERMITTING access to capability -+
    For example:
    AppArmor: PERMITTING access to capability - 'setgid' (httpd2-prefork(6347) profile /usr/sbin/httpd2-prefork - active /usr/sbin/httpd2-prefork) 2 times, the latest at Sat Oct 9 16:05:54 2004. -

    ") + -@@ -43,7 +43,7 @@ and the type of file permission access t - - _("

    Verbose Notification also reports several messages that - the logprof tool uses to interpret profiles.
    For example:
    -- Oct 9 15:40:31 SubDomain: PERMITTING r access to -+ Oct 9 15:40:31 AppArmor: PERMITTING r access to - /etc/apache2/httpd.conf (httpd2-prefork(6068) profile - /usr/sbin/httpd2-prefork active /usr/sbin/httpd2-prefork)

    ") + - -@@ -146,7 +146,7 @@ in another executable and granting uncon - execution rights, it is possible to bypass the mandatory - constraints imposed on all confined processes. - For more information on what is constrained, see the --subdomain(7) man page.") + -+apparmor(7) man page.") + - "

    " + - - _("Discrete Profile execute mode
    ") + ---- a/src/include/apparmor/profile_dialogs.ycp -+++ b/src/include/apparmor/profile_dialogs.ycp -@@ -12,7 +12,7 @@ import "Wizard"; - import "Popup"; - import "Label"; - import "Map"; --include "subdomain/capabilities.ycp"; -+include "apparmor/capabilities.ycp"; - textdomain "yast2-apparmor"; - - // Globalz -@@ -625,7 +625,7 @@ define list generateTableContents( - indx = indx+1; }); - - foreach( string name, map val, (map) paths, { -- string mode = (string) SCR::Execute(.subdomain_profiles.mode_to_string, val["mode"]:0); -+ string mode = (string) SCR::Execute(.apparmor_profiles.mode_to_string, val["mode"]:0); - newlist = add( newlist, `item( `id(indx), name, mode)); - indx = indx+1; }); - -@@ -896,7 +896,7 @@ that is inherited by the child program o - string perms = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 2, ""); - map results = fileEntryPopup( rule, perms, pathname ); - integer newperms = 0; -- newperms = (integer) SCR::Execute(.subdomain_profiles.string_to_mode, results["PERM"]:""); -+ newperms = (integer) SCR::Execute(.apparmor_profiles.string_to_mode, results["PERM"]:""); - rule = results["FILE"]:""; - if ( rule != "" ) { - if ( rule != oldrule ) { -@@ -963,7 +963,7 @@ that is inherited by the child program o - continue; - } - addfname = newentry["FILE"]:""; -- addperms = (integer) SCR::Execute(.subdomain_profiles.string_to_mode, newentry["PERM"]:""); -+ addperms = (integer) SCR::Execute(.apparmor_profiles.string_to_mode, newentry["PERM"]:""); - // Make sure that the entry doesn't already exist - paths = add( paths, addfname, $["audit":0, "mode": addperms] ); - profile["allow","path"] = paths; -@@ -996,7 +996,7 @@ that is inherited by the child program o - return `showhat; - } - } else if ( id == `include ) { -- list customIncludes = (list ) SCR::Read(.subdomain, "custom-includes"); -+ list customIncludes = (list ) SCR::Read(.apparmor, "custom-includes"); - string newInclude = UI::AskForExistingFile( "/etc/apparmor.d/abstractions", "", _("Select File To Include")); - if ( newInclude == nil || (string)newInclude == "" ) { - continue; -@@ -1059,8 +1059,8 @@ that is inherited by the child program o - map argmap = $[ "PROFILE_HASH" : Settings["PROFILE_MAP"]:$[], - "PROFILE_NAME" : pathname - ]; -- any result = SCR::Write(.subdomain_profiles, argmap); -- any result2 = SCR::Write(.subdomain_profiles.reload, "-"); -+ any result = SCR::Write(.apparmor_profiles, argmap); -+ any result2 = SCR::Write(.apparmor_profiles.reload, "-"); - } - } else { - if ( ! haskey(hats, Settings["CURRENT_HAT"]:"") ) { ---- a/src/include/apparmor/reporting_archived_dialogs.ycp -+++ b/src/include/apparmor/reporting_archived_dialogs.ycp -@@ -13,8 +13,8 @@ - import "Wizard"; - import "Popup"; - import "Label"; --include "subdomain/report_helptext.ycp"; --include "subdomain/reporting_utils.ycp"; -+include "apparmor/report_helptext.ycp"; -+include "apparmor/reporting_utils.ycp"; - textdomain "yast2-apparmor"; - - // Global -@@ -106,7 +106,7 @@ define term filterArchForm() { - ), - `HBox( - `HWeight( 3, `TextEntry(`id(`res), _("Detail") )), -- `HWeight( 3, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))), -+ `HWeight( 3, `ReplacePoint(`id(`replace_aamode), `PushButton(`id(`aamode), _("Access Type: R") ))), - `HWeight( 3, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))), - `HSpacing( `opt(`hstretch), 5) - ), -@@ -137,7 +137,7 @@ define map setArchFilter() { - UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); - - string mode = "All"; -- string sdmode = "R"; -+ string aamode = "R"; - - map event = $[]; - any id = nil; -@@ -235,11 +235,11 @@ define map setArchFilter() { - string pid = (string) UI::QueryWidget(`id(`pid), `Value); - string sev = (string) UI::QueryWidget(`id(`sev), `Value); - string res = (string) UI::QueryWidget(`id(`res), `Value); -- string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); -+ string aamode = (string) UI::QueryWidget(`id(`aamode), `Label); - string mode = (string) UI::QueryWidget(`id(`mode), `Label); - string exppath = (string) UI::QueryWidget(`id(`expPath), `Value); - -- if (sdmode == "-") { sdmode = "All"; } -+ if (aamode == "-") { aamode = "All"; } - if (mode == "-") { mode = "All"; } - - if ( program_name != "" ) { Settings["prog"] = program_name; } -@@ -247,17 +247,17 @@ define map setArchFilter() { - if ( pid != "" ) { Settings["pid"] = pid; } - if ( sev != "" && sev != "All" ) { Settings["severity"] = sev; } - if ( res != "" ) { Settings["resource"] = res; } -- if ( sdmode != "" ) { Settings["sdmode"] = sdmode; } -+ if ( aamode != "" ) { Settings["aamode"] = aamode; } - if ( mode != "" ) { Settings["mode"] = mode; } - if ( exppath != "" ) { Settings["exportPath"] = exppath; } - - id = nil; - break; - -- } else if ( id == `sdmode ) { -- sdmode = popUpSdMode(); -- Settings["sdmode"] = sdmode; -- UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: ") + sdmode) ); -+ } else if ( id == `aamode ) { -+ aamode = popUpSdMode(); -+ Settings["aamode"] = aamode; -+ UI::ReplaceWidget(`id(`replace_aamode), `PushButton(`id(`aamode), _("Access Type: ") + aamode) ); - - } else if ( id == `mode ) { - mode = popUpMode(); ---- a/src/include/apparmor/reporting_dialogues.ycp -+++ b/src/include/apparmor/reporting_dialogues.ycp -@@ -12,9 +12,9 @@ - import "Wizard"; - import "Popup"; - import "Label"; --include "subdomain/reporting_utils.ycp"; --include "subdomain/report_helptext.ycp"; --include "subdomain/reporting_archived_dialogs.ycp"; -+include "apparmor/reporting_utils.ycp"; -+include "apparmor/report_helptext.ycp"; -+include "apparmor/reporting_archived_dialogs.ycp"; - textdomain "yast2-apparmor"; - - // Globalz -@@ -223,7 +223,7 @@ define term editFilterForm (map Settings - string prof = Settings["prof"]:""; - string pid = Settings["pid"]:""; - string res = Settings["res"]:""; -- string sdmode = Settings["sdmode"]:"R"; -+ string aamode = Settings["aamode"]:"R"; - string mode = Settings["mode"]:"All"; - string sev = Settings["sev"]:"All"; - -@@ -250,7 +250,7 @@ define term editFilterForm (map Settings - `VBox( - `Label( _("Access Type: ") ), - `Bottom( `HWeight( 4, -- `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode ))))) -+ `ReplacePoint(`id(`replace_aamode), `PushButton(`id(`aamode), modeToHumanString( aamode ))))) - ), - `VBox( - `Label( _("Mode: ") ), -@@ -293,14 +293,14 @@ term schedFilterForm = - - `VBox( - `Label( _("Access Type: ") ), -- `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), "R" )) -+ `ReplacePoint(`id(`replace_aamode), `PushButton(`id(`aamode), "R" )) - ), - `VBox( - `Label( _("Mode: ") ), - `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("All") )) - ), - -- //`HWeight( 4, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))), -+ //`HWeight( 4, `ReplacePoint(`id(`replace_aamode), `PushButton(`id(`aamode), _("Access Type: R") ))), - //`HWeight( 4, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))), - `HSpacing( `opt(`hstretch), 1) - ), -@@ -353,7 +353,7 @@ term filterForm = - - `VBox( - `Label( _("Access Type: ") ), -- `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), "R" )) -+ `ReplacePoint(`id(`replace_aamode), `PushButton(`id(`aamode), "R" )) - ), - `VBox( - `Label( _("Mode: ") ), -@@ -361,7 +361,7 @@ term filterForm = - ), - - -- //`HWeight( 3, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))), -+ //`HWeight( 3, `ReplacePoint(`id(`replace_aamode), `PushButton(`id(`aamode), _("Access Type: R") ))), - //`HWeight( 3, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))), - `HSpacing( `opt(`hstretch), 5) - ), -@@ -387,22 +387,22 @@ define term filterForm2(string name, map - any apid = preFilters["pid"]:nil; - any ares = preFilters["resource"]:nil; - any amode = preFilters["mode"]:"All"; -- any asdmode = preFilters["sdmode"]:"All"; -+ any aaamode = preFilters["aamode"]:"All"; - - string prog = ""; - string prof = ""; - string pid = ""; - string res = ""; - string mode = ""; -- string sdmode = ""; -+ string aamode = ""; - - if ( aprog != nil ) { prog = tostring(aprog); } - if ( aprof != nil ) { prof = tostring(aprof); } - if ( apid != nil ) { pid = tostring(apid); } - if ( ares != nil ) { res = tostring(ares); } - if ( amode != nil ) { mode = tostring(amode); } -- if ( asdmode != nil ) { sdmode = tostring(asdmode); } -- if (sdmode == "-") { sdmode = "All"; } -+ if ( aaamode != nil ) { aamode = tostring(aaamode); } -+ if (aamode == "-") { aamode = "All"; } - if (mode == "-") { mode = "All"; } - - term ff2 = -@@ -447,7 +447,7 @@ define term filterForm2(string name, map - `TextEntry(`id(`res), _("Detail"), res), - `VBox( - `Label( _("Access Type: ") ), -- `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode ))) -+ `ReplacePoint(`id(`replace_aamode), `PushButton(`id(`aamode), modeToHumanString( aamode ))) - ), - `VBox( - `Label( _("Mode: ") ), -@@ -492,7 +492,7 @@ define term turnReportPage (string name, - reportList = add( reportList, `item( `id(key), record["host"]:nil, - record["date"]:nil, record["prog"]:nil, record["profile"]:nil, - record["pid"]:nil, record["severity"]:nil, record["mode"]:nil, -- record["resource"]:nil, record["sdmode"]:nil )); -+ record["resource"]:nil, record["aamode"]:nil )); - key = key + 1; - }); - */ -@@ -902,7 +902,7 @@ define map filterConfigForm(str - } - - string mode = "All"; -- string sdmode = "R"; -+ string aamode = "R"; - - Settings = $[ ]; - map event = $[]; -@@ -931,13 +931,13 @@ define map filterConfigForm(str - Settings["break"] = "back"; - break; - -- } else if ( id == `sdmode ) { -+ } else if ( id == `aamode ) { - -- sdmode = popUpSdMode(); -+ aamode = popUpSdMode(); - -- if ( sdmode != "" ) { -- Settings["sdmode"] = sdmode; -- UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) ) ); -+ if ( aamode != "" ) { -+ Settings["aamode"] = aamode; -+ UI::ReplaceWidget(`id(`replace_aamode), `PushButton(`id(`aamode), modeToHumanString( aamode) ) ); - } - - } else if ( id == `mode ) { -@@ -984,7 +984,7 @@ define map filterConfigForm(str - string pid = (string) UI::QueryWidget(`id(`pid), `Value); - string sev = (string) UI::QueryWidget(`id(`sev), `Value); - string res = (string) UI::QueryWidget(`id(`res), `Value); -- string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); -+ string aamode = (string) UI::QueryWidget(`id(`aamode), `Label); - string mode = (string) UI::QueryWidget(`id(`mode), `Label); - string exppath = (string) UI::QueryWidget(`id(`expPath), `Value); - -@@ -998,7 +998,7 @@ define map filterConfigForm(str - if ( pid != "" ) { Settings["pid"] = pid; } - if ( sev != "" && sev != "All" ) { Settings["severity"] = sev; } - if ( res != "" ) { Settings["resource"] = res; } -- if ( sdmode != "" ) { Settings["sdmode"] = humanStringToMode( sdmode); } -+ if ( aamode != "" ) { Settings["aamode"] = humanStringToMode( aamode); } - if ( mode != "" ) { Settings["mode"] = humanStringToMode( mode ); } - - if ( bydate == true ) { -@@ -1729,7 +1729,7 @@ define void addSchedForm() { - ))); - - string mode = "All"; -- string sdmode = "R"; -+ string aamode = "R"; - integer timeout_millisec = 20 * 1000; - map event = $[]; - any addInput = nil; -@@ -1830,13 +1830,13 @@ define void addSchedForm() { - } - }} - -- } else if ( addInput == `sdmode ) { -+ } else if ( addInput == `aamode ) { - -- sdmode = popUpSdMode(); -+ aamode = popUpSdMode(); - -- if (sdmode != "") { -- Settings["sdmode"] = sdmode; -- UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) )); -+ if (aamode != "") { -+ Settings["aamode"] = aamode; -+ UI::ReplaceWidget(`id(`replace_aamode), `PushButton(`id(`aamode), modeToHumanString( aamode) )); - } - - } else if ( addInput == `mode ) { -@@ -1854,7 +1854,7 @@ define void addSchedForm() { - string prof = (string) UI::QueryWidget(`id(`prof), `Value); - string pid = (string) UI::QueryWidget(`id(`pid), `Value); - string res = (string) UI::QueryWidget(`id(`res), `Value); -- string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); -+ string aamode = (string) UI::QueryWidget(`id(`aamode), `Label); - string mode = (string) UI::QueryWidget(`id(`mode), `Label); - string sev = (string) UI::QueryWidget(`id(`sev), `Value); - string expType = (string) UI::QueryWidget(`id(`expType), `Value); -@@ -1876,7 +1876,7 @@ define void addSchedForm() { - Settings["pid"] = pid; - Settings["sev"] = sev; - Settings["res"] = res; -- Settings["sdmode"] = humanStringToMode( sdmode ); -+ Settings["aamode"] = humanStringToMode( aamode ); - Settings["mode"] = humanStringToMode( mode ); - - any error = (any) SCR::Write(.reports_sched, Settings); -@@ -2000,7 +2000,7 @@ define void editSchedForm() { - any apid = db2["pid"]:nil; - any ares = db2["res"]:nil; - any asev = db2["severity"]:nil; -- any asdmode = db2["sdmode"]:nil; -+ any aaamode = db2["aamode"]:nil; - any amode = db2["mode"]:nil; - any acsv = db2["csv"]:nil; - any ahtml = db2["html"]:nil; -@@ -2011,9 +2011,9 @@ define void editSchedForm() { - if ( apid != nil ) { Settings["pid"] = tostring(apid); } - if ( ares != nil ) { Settings["res"] = tostring(ares); } - if ( asev != nil ) { Settings["sev"] = tostring(asev); } -- if ( asdmode != nil ) { Settings["sdmode"] = tostring(asdmode); } -- if ( asdmode == nil || asdmode == "-" ) { -- Settings["sdmode"] = "All"; -+ if ( aaamode != nil ) { Settings["aamode"] = tostring(aaamode); } -+ if ( aaamode == nil || aaamode == "-" ) { -+ Settings["aamode"] = "All"; - } - if ( amode != nil ) { Settings["mode"] = tostring(amode); } - -@@ -2115,7 +2115,7 @@ define void editSchedForm() { - - /**************************************************/ - string mode = _("All"); -- string sdmode = _("R"); -+ string aamode = _("R"); - - integer timeout_millisec = 20 * 1000; - map event = $[]; -@@ -2176,13 +2176,13 @@ define void editSchedForm() { - UI::ChangeWidget(`id(`expPath), `Value, oldExpPath); - } - -- } else if ( editInput == `sdmode ) { -+ } else if ( editInput == `aamode ) { - -- sdmode = popUpSdMode(); -+ aamode = popUpSdMode(); - -- if ( sdmode != "" ) { -- Settings["sdmode"] = sdmode; -- UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) )); -+ if ( aamode != "" ) { -+ Settings["aamode"] = aamode; -+ UI::ReplaceWidget(`id(`replace_aamode), `PushButton(`id(`aamode), modeToHumanString( aamode) )); - } - - } else if ( editInput == `mode ) { -@@ -2237,7 +2237,7 @@ define void editSchedForm() { - string prof = (string) UI::QueryWidget(`id(`prof), `Value); - string pid = (string) UI::QueryWidget(`id(`pid), `Value); - string res = (string) UI::QueryWidget(`id(`res), `Value); -- string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); -+ string aamode = (string) UI::QueryWidget(`id(`aamode), `Label); - string mode = (string) UI::QueryWidget(`id(`mode), `Label); - string sev = (string) UI::QueryWidget(`id(`sev), `Value); - -@@ -2246,7 +2246,7 @@ define void editSchedForm() { - Settings["pid"] = pid; - Settings["sev"] = sev; - Settings["res"] = res; -- Settings["sdmode"] = humanStringToMode( sdmode ); -+ Settings["aamode"] = humanStringToMode( aamode ); - Settings["mode"] = humanStringToMode( mode ); - - } else { ---- a/src/include/apparmor/reporting_utils.ycp -+++ b/src/include/apparmor/reporting_utils.ycp -@@ -12,7 +12,7 @@ - import "Wizard"; - import "Popup"; - import "Label"; --include "subdomain/report_helptext.ycp"; -+include "apparmor/report_helptext.ycp"; - textdomain "yast2-apparmor"; - - define boolean checkEventDb() { -@@ -222,7 +222,7 @@ define string getSortId(string type, any - } else if ( sortId == 6 ) { - sortKey = "severity"; - } else if ( sortId == 7 ) { -- sortKey = "sdmode"; -+ sortKey = "aamode"; - } else if ( sortId == 8 ) { - sortKey = "mode"; - } -@@ -417,14 +417,14 @@ define string popUpMode() { - if ( UI::QueryWidget(`id(`clear), `Value) == true ) { - mode = "All"; - } else { -- list sdList = []; -- if ( UI::QueryWidget(`id(`read), `Value) == true ) { sdList = add(sdList, "r"); } -- if ( UI::QueryWidget(`id(`write), `Value) == true ) { sdList = add(sdList, "w"); } -- if ( UI::QueryWidget(`id(`link), `Value) == true ) { sdList = add(sdList, "l"); } -- if ( UI::QueryWidget(`id(`exec), `Value) == true ) { sdList = add(sdList, "x"); } -- if ( UI::QueryWidget(`id(`mmap), `Value) == true ) { sdList = add(sdList, "m"); } -+ list aaList = []; -+ if ( UI::QueryWidget(`id(`read), `Value) == true ) { aaList = add(aaList, "r"); } -+ if ( UI::QueryWidget(`id(`write), `Value) == true ) { aaList = add(aaList, "w"); } -+ if ( UI::QueryWidget(`id(`link), `Value) == true ) { aaList = add(aaList, "l"); } -+ if ( UI::QueryWidget(`id(`exec), `Value) == true ) { aaList = add(aaList, "x"); } -+ if ( UI::QueryWidget(`id(`mmap), `Value) == true ) { aaList = add(aaList, "m"); } - -- foreach ( string perm, sdList, { mode = mode + perm; }); -+ foreach ( string perm, aaList, { mode = mode + perm; }); - } - - break; -@@ -435,10 +435,10 @@ define string popUpMode() { - return mode; - } - --// Access Type - SD Mode -+// Access Type - AA Mode - define string popUpSdMode() { - -- string checkMode = (string) UI::QueryWidget(`id(`sdmode), `Label); -+ string checkMode = (string) UI::QueryWidget(`id(`aamode), `Label); - checkMode = filterchars(checkMode, "APRl"); - list splitMode = splitstring (checkMode, " "); - string mySdMode = splitMode[size(splitMode)-1]:"R"; -@@ -497,7 +497,7 @@ define string popUpSdMode() { - UI::ChangeWidget(`id(`audit), `Value, false); - } - -- string sdMode = ""; -+ string aaMode = ""; - map event = $[]; - any id = nil; - -@@ -512,7 +512,7 @@ define string popUpSdMode() { - UI::ChangeWidget(`id(`permit), `Value, false); - UI::ChangeWidget(`id(`reject), `Value, false); - UI::ChangeWidget(`id(`audit), `Value, false); -- sdMode = "All"; -+ aaMode = "All"; - } - - } else if ( id == `permit || id == `reject || id == `audit ) { -@@ -527,21 +527,21 @@ define string popUpSdMode() { - - } else if ( id == `cancel ) { - -- sdMode = mySdMode; -+ aaMode = mySdMode; - break; - - } else if ( id == `save ) { - - if ( UI::QueryWidget(`id(`clear), `Value) == true ) { -- sdMode = "All"; -+ aaMode = "All"; - } else { -- sdMode = ""; -+ aaMode = ""; - list mList = []; - if ( UI::QueryWidget(`id(`permit), `Value) == true ) { mList = add(mList, "P"); } - if ( UI::QueryWidget(`id(`reject), `Value) == true ) { mList = add(mList, "R"); } - if ( UI::QueryWidget(`id(`audit), `Value) == true ) { mList = add(mList, "A"); } - -- foreach ( string state, mList, { sdMode = sdMode + state; }); -+ foreach ( string state, mList, { aaMode = aaMode + state; }); - } - - break; -@@ -550,7 +550,7 @@ define string popUpSdMode() { - } - - UI::CloseDialog(); -- return sdMode; -+ return aaMode; - } - - /* For On Demand Reports -@@ -594,7 +594,7 @@ define list getReportList(string t - record["host"]:nil, record["date"]:nil, record["prog"]:nil, - record["profile"]:nil, record["pid"]:nil, record["severity"]:nil, - record["mode_req"]:nil, record["mode_deny"]:nil, -- record["resource"]:nil, record["sdmode"]:nil, record["op"]:nil, -+ record["resource"]:nil, record["aamode"]:nil, record["op"]:nil, - record["attr"]:nil, record["name_alt"]:nil, record["net_family"]:nil, - record["net_proto"]:nil, record["net_socktype"]:nil - )); ---- a/src/perl/Notify.pm -+++ b/src/perl/Notify.pm -@@ -14,7 +14,7 @@ package Immunix::Notify; - # /usr/lib/perl5/vendor_perl/Immunix/Notify.pm - # - # - Parses /etc/apparmor/notify.cfg for AppArmor notification --# - Used with sd-config.ycp for yast configuration -+# - Used with aa-config.ycp for yast configuration - # - ################################################################################ - ---- a/src/scrconf/Makefile.am -+++ b/src/scrconf/Makefile.am -@@ -7,9 +7,9 @@ scrconf_DATA = \ - reports_ess.scr \ - reports_parse.scr \ - reports_sched.scr \ -- sdconf.scr \ -- subdomain_profiles.scr \ -- subdomain.scr -+ aaconf.scr \ -+ apparmor_profiles.scr \ -+ apparmor.scr - - EXTRA_DIST = $(scrconf_DATA) - ---- a/src/scrconf/aaconf.scr -+++ b/src/scrconf/aaconf.scr -@@ -1,8 +1,8 @@ - /** - * File: -- * subdomain.scr -+ * apparmor.scr - * Summary: -- * SCR Agent for configuring subdomain -+ * SCR Agent for configuring apparmor - * Access: - * read/write - * Authors: -@@ -12,9 +12,9 @@ - * Example: - * Read(.cron,$[..]) - * -- * $Id: sdconf.scr 3715 2005-01-19 09:06:05Z sarnold $ -+ * $Id: aaconf.scr 3715 2005-01-19 09:06:05Z sarnold $ - * - */ --.sdconf -+.aaconf - --`ag_sd_config () -+`ag_aa_config () ---- a/src/scrconf/apparmor.scr -+++ b/src/scrconf/apparmor.scr -@@ -1,8 +1,8 @@ - /** - * File: -- * subdomain.scr -+ * apparmor.scr - * Summary: -- * SCR Agent for configuring subdomain -+ * SCR Agent for configuring apparmor - * Access: - * read/write - * Authors: -@@ -12,9 +12,9 @@ - * Example: - * Read(.cron,$[..]) - * -- * $Id: subdomain.scr 3715 2005-01-19 09:06:05Z sarnold $ -+ * $Id: apparmor.scr 3715 2005-01-19 09:06:05Z sarnold $ - * - */ --.subdomain -+.apparmor - --`ag_subdomain () -+`ag_apparmor () ---- a/src/scrconf/apparmor_profiles.scr -+++ b/src/scrconf/apparmor_profiles.scr -@@ -34,7 +34,7 @@ - * Read(.target.string, "/tmp/target.1") - * ("Some Test\n") - * -- * $Id: subdomain_profiles.scr 3715 2005-01-19 09:06:05Z sarnold $ -+ * $Id: apparmor_profiles.scr 3715 2005-01-19 09:06:05Z sarnold $ - * - *

    The target-agent is used for various actions on the target system.

    - * -@@ -48,6 +48,6 @@ - * - *

    For more information see the agent's own documentation.

    - */ --.subdomain_profiles -+.apparmor_profiles - --`ag_subdomain_profiles () -+`ag_apparmor_profiles () diff --git a/yast2-apparmor-rename-desktop b/yast2-apparmor-rename-desktop deleted file mode 100644 index 41dd8c5..0000000 --- a/yast2-apparmor-rename-desktop +++ /dev/null @@ -1,76 +0,0 @@ -From: Jeff Mahoney -Subject: yast2-apparmor: Rename yast2-apparmor.desktop to apparmor.desktop - - The yast2 code appears to look for apparmor.desktop, not - yast2-apparmor.desktop This patch renames the file to the right name. - -Signed-off-by: Jeff Mahoney ---- - src/desktop/Makefile.am | 2 +- - src/desktop/apparmor.desktop | 24 ++++++++++++++++++++++++ - src/desktop/yast2-apparmor.desktop | 24 ------------------------ - 3 files changed, 25 insertions(+), 25 deletions(-) - ---- a/src/desktop/Makefile.am -+++ b/src/desktop/Makefile.am -@@ -1,5 +1,5 @@ - desktop_DATA = \ -- yast2-apparmor.desktop -+ apparmor.desktop - - rncdir = $(schemadir)/autoyast/rnc - rnc_DATA = ---- /dev/null -+++ b/src/desktop/apparmor.desktop -@@ -0,0 +1,24 @@ -+[Desktop Entry] -+Type=Application -+Categories=Settings;System;Qt;X-SuSE-YaST;X-SuSE-YaST-AppArmor; -+ -+X-KDE-ModuleType=Library -+X-KDE-RootOnly=true -+X-KDE-HasReadOnlyMode=true -+X-KDE-Library=yast2 -+X-SuSE-YaST-Call=apparmor -+ -+X-SuSE-YaST-Group=Security -+X-SuSE-YaST-Argument= -+X-SuSE-YaST-RootOnly=true -+X-SuSE-YaST-AutoInst=none -+X-SuSE-YaST-Geometry= -+X-SuSE-YaST-SortKey= -+X-SuSE-YaST-AutoInstClonable=false -+ -+Icon=apparmor_view_profile -+Exec=/usr/bin/xdg-su -c '/sbin/yast2 apparmor' -+ -+Name=AppArmor Configuration -+GenericName=AppArmor Configuration -+StartupNotify=true ---- a/src/desktop/yast2-apparmor.desktop -+++ /dev/null -@@ -1,24 +0,0 @@ --[Desktop Entry] --Type=Application --Categories=Settings;System;Qt;X-SuSE-YaST;X-SuSE-YaST-AppArmor; -- --X-KDE-ModuleType=Library --X-KDE-RootOnly=true --X-KDE-HasReadOnlyMode=true --X-KDE-Library=yast2 --X-SuSE-YaST-Call=apparmor -- --X-SuSE-YaST-Group=Security --X-SuSE-YaST-Argument= --X-SuSE-YaST-RootOnly=true --X-SuSE-YaST-AutoInst=none --X-SuSE-YaST-Geometry= --X-SuSE-YaST-SortKey= --X-SuSE-YaST-AutoInstClonable=false -- --Icon=apparmor_view_profile --Exec=/usr/bin/xdg-su -c '/sbin/yast2 apparmor' -- --Name=AppArmor Configuration --GenericName=AppArmor Configuration --StartupNotify=true diff --git a/yast2-apparmor-rename-files b/yast2-apparmor-rename-files deleted file mode 100644 index 32ffe6f..0000000 --- a/yast2-apparmor-rename-files +++ /dev/null @@ -1,15603 +0,0 @@ -From: Jeff Mahoney -Subject: yast2-apparmor: Rename old sd/SD/SubDomain filenames - - AppArmor hasn't been known as SubDomain for many years. This patch - changes the files via the following script. It *only* renames the files - and the build will fail without the next patch which fixes the contents up. - -mkdir -p src/include/apparmor -mv src/include/subdomain/* src/include/apparmor - -for file in $(find [a-z]*); do - newfile=$(echo $file| sed -e 's/sd/aa/g' -e 's/subdomain/apparmor/g' -e 's/SD/AA/g') - if [ "$file" != "$newfile" ]; then - echo "$file -> $newfile" - mv $file $newfile - fi -done - -Signed-off-by: Jeff Mahoney ---- - - src/agents/ag_aa_config | 148 + - src/agents/ag_apparmor | 112 - src/agents/ag_apparmor_profiles | 153 + - src/agents/ag_sd_config | 148 - - src/agents/ag_subdomain | 112 - src/agents/ag_subdomain_profiles | 153 - - src/clients/AA_AddProfile.ycp | 114 - src/clients/AA_DeleteProfile.ycp | 91 - src/clients/AA_EditProfile.ycp | 93 - src/clients/AA_Report.ycp | 108 - src/clients/SD_AddProfile.ycp | 114 - src/clients/SD_DeleteProfile.ycp | 91 - src/clients/SD_EditProfile.ycp | 93 - src/clients/SD_Report.ycp | 108 - src/clients/apparmor-settings.ycp | 72 - src/clients/apparmor_no_impl.ycp | 20 - src/clients/subdomain.ycp | 72 - src/clients/subdomain_no_impl.ycp | 20 - src/include/apparmor/Makefile.am | 19 - src/include/apparmor/aa-config.ycp | 415 +++ - src/include/apparmor/apparmor_packages.ycp | 30 - src/include/apparmor/apparmor_profile_check.ycp | 52 - src/include/apparmor/apparmor_ycp_utils.ycp | 679 +++++ - src/include/apparmor/capabilities.ycp | 310 ++ - src/include/apparmor/config_complain.ycp | 227 + - src/include/apparmor/helps.ycp | 219 + - src/include/apparmor/profile_dialogs.ycp | 1147 ++++++++ - src/include/apparmor/report_helptext.ycp | 158 + - src/include/apparmor/reporting_archived_dialogs.ycp | 307 ++ - src/include/apparmor/reporting_dialogues.ycp | 2513 +++++++++++++++++++ - src/include/apparmor/reporting_utils.ycp | 609 ++++ - src/include/subdomain/Makefile.am | 19 - src/include/subdomain/Makefile.in | 412 --- - src/include/subdomain/apparmor_packages.ycp | 30 - src/include/subdomain/apparmor_profile_check.ycp | 52 - src/include/subdomain/apparmor_ycp_utils.ycp | 679 ----- - src/include/subdomain/capabilities.ycp | 310 -- - src/include/subdomain/config_complain.ycp | 227 - - src/include/subdomain/helps.ycp | 219 - - src/include/subdomain/profile_dialogs.ycp | 1147 -------- - src/include/subdomain/report_helptext.ycp | 158 - - src/include/subdomain/reporting_archived_dialogs.ycp | 307 -- - src/include/subdomain/reporting_dialogues.ycp | 2513 ------------------- - src/include/subdomain/reporting_utils.ycp | 609 ---- - src/include/subdomain/sd-config.ycp | 415 --- - src/scrconf/aaconf.scr | 20 - src/scrconf/apparmor.scr | 20 - src/scrconf/apparmor_profiles.scr | 53 - src/scrconf/sdconf.scr | 20 - src/scrconf/subdomain.scr | 20 - src/scrconf/subdomain_profiles.scr | 53 - 51 files changed, 7689 insertions(+), 8101 deletions(-) - - ---- /dev/null -+++ b/src/agents/ag_aa_config -@@ -0,0 +1,148 @@ -+#!/usr/bin/perl -+ -+# ------------------------------------------------------------------ -+# -+# Copyright (C) 2002-2005 Novell/SUSE -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of version 2 of the GNU General Public -+# License published by the Free Software Foundation. -+# -+# ------------------------------------------------------------------ -+ -+################################################################################ -+# ag_sd_config -+################################################################################ -+ -+use strict; -+use ycp; -+use Data::Dumper; -+ -+use Immunix::Notify; -+use Immunix::Reports; -+ -+# Subroutines -+################################################################################ -+sub setSubdomain { -+ -+ my $action = shift; -+ my $errmsg = ""; -+ my $lines = 0; -+ if ($action eq "enable") { -+ if (-e "/sbin/rcapparmor") { -+ open(RUN, "/sbin/rcapparmor start 2>&1 |"); -+ } else { -+ open(RUN, "/sbin/rcsubdomain start 2>&1 |"); -+ } -+ while () { -+ if (/FATAL:(.*)/) { -+ $errmsg = $1; -+ } -+ } -+ close(RUN); -+ if (-f "/etc/init.d/boot.apparmor") { -+ system("/sbin/insserv boot.apparmor"); -+ } else { -+ system("/sbin/insserv boot.subdomain"); -+ } -+ if (-f "/etc/init.d/aaeventd") { -+ system("/sbin/rcaaeventd start"); -+ system("/sbin/insserv aaeventd"); -+ } -+ } else { -+ if (-e "/sbin/rcapparmor") { -+ open(RUN, "/sbin/rcapparmor stop 2>&1 |"); -+ } else { -+ open(RUN, "/sbin/rcsubdomain stop 2>&1 |"); -+ } -+ while () { -+ if (/FATAL:(.*)/) { -+ $errmsg = $1; -+ } -+ } -+ close(RUN); -+ if (-f "/etc/init.d/boot.apparmor") { -+ system("/sbin/insserv -r boot.apparmor"); -+ } else { -+ system("/sbin/insserv -r boot.subdomain"); -+ } -+ if (-f "/etc/init.d/aaeventd") { -+ system("/sbin/rcaaeventd stop"); -+ system("/sbin/insserv -r aaeventd"); -+ } -+ } -+ return $errmsg; -+} -+ -+sub setNotify { -+ -+ my $action = shift; -+ -+ return 0; -+} -+ -+sub setLearningMode { -+ -+ my $action = shift; -+ my $rcscript = -f "/sbin/rcapparmor" ? "/sbin/rcapparmor" -+ : "/sbin/rcsubdomain"; -+ -+ if ($action eq "enable") { -+ system("$rcscript", "stop"); -+ system("$rcscript", "complain"); -+ } else { -+ system("$rcscript". "stop"); -+ system("$rcscript", "start"); -+ } -+ -+ return 0; -+} -+ -+# Main -+################################################################################ -+ -+ -+while ( ) { -+ -+ my ($command, $path, $argument) = ycp::ParseCommand ($_); -+ -+ my $result = undef; -+ my $action = undef; -+ -+ if ( $command && $path && $argument ) { -+ -+ if (ref($argument) eq "HASH" && $argument->{"set_notify"}) { -+ my ($ntSettings, $result) = Immunix::Notify::sanitize($argument); -+ -+ if ($result ne "success") { -+ ycp::Return($result); -+ next; -+ } else { -+ $result = Immunix::Notify::setNotifySettings($ntSettings); -+ ycp::Return($result); -+ next; -+ } -+ } -+ -+ ($action) = (split(/:/, $argument))[1]; -+ -+ if ( $argument =~ /subdomain/ ) { -+ $result = setSubdomain($action); -+ } elsif ( $argument =~ /learning/ ) { -+ setLearningMode($action); -+ } elsif ( $argument eq 'sd-notify') { -+ setNotify($action); -+ } -+ -+ if ( $result ) { -+ ycp::Return( $result ); -+ } else { -+ ycp::Return("true"); -+ } -+ } -+} -+ -+exit 0; -+ -+ -+ ---- /dev/null -+++ b/src/agents/ag_apparmor -@@ -0,0 +1,112 @@ -+#!/usr/bin/perl -+ -+# ------------------------------------------------------------------ -+# -+# Copyright (C) 2002-2005 Novell/SUSE -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of version 2 of the GNU General Public -+# License published by the Free Software Foundation. -+# -+# ------------------------------------------------------------------ -+ -+ -+################################################################################ -+# ag_subdomain -+# -+# Version 0.61 -+################################################################################ -+ -+use strict; -+use ycp; -+use Data::Dumper; -+use Immunix::Notify; -+use Immunix::SubDomain; -+ -+ -+# Subroutines -+################################################################################ -+ -+sub getSubdomainStatus { -+ -+ my $sdStatus = "disabled"; -+ -+ # Ok check that there are profiles loaded to -+ # determine status -+ my $mountpoint = Immunix::SubDomain::check_for_subdomain(); -+ if ( $mountpoint ) { -+ open( PROFILES, "cat $mountpoint/profiles|" ); -+ while () { -+ # Ensure we have loaded profiles -+ # not just a loaded module -+ if ( /\// ) { -+ $sdStatus = "enabled"; -+ last; -+ } -+ } -+ close PROFILES; -+ } -+ return $sdStatus; -+} -+ -+sub profileSyntaxCheck { -+ my $errlist = []; -+ Immunix::SubDomain::checkIncludeSyntax($errlist); -+ Immunix::SubDomain::checkProfileSyntax($errlist); -+ my @errlist = Immunix::SubDomain::uniq(@$errlist); -+ return \@errlist; -+} -+ -+ -+# Main -+################################################################################ -+ -+while ( ) { -+ my ($command, $path, $argument) = ycp::ParseCommand($_); -+ -+ my $result = undef; -+ my $donereturn = 0; -+ if ( $command && $path && $argument ) { -+ if ( $argument eq 'sd-all') { -+ my %hResult = ''; # hashed result, duh -+ $hResult{'sd-status'} = getSubdomainStatus(); -+ $hResult{'sd-notify'} = Immunix::Notify::getNotifyStatus(); -+ #ycp::ycpReturnHashAsMap( %hResult ); -+ ycp::Return( %hResult ); -+ $donereturn = 1; -+ } elsif ( $argument eq 'sd-status') { -+ $result = getSubdomainStatus(); -+ } elsif ( $argument eq 'sd-notify') { -+ $result = Immunix::Notify::getNotifyStatus(); -+ } elsif ( $command eq "Read" and $argument eq 'custom-includes') { -+ my $cfg = Immunix::SubDomain::read_config("logprof.conf"); -+ my @ret = split(' ', $cfg->{settings}{custom_includes}); -+ ycp::ycpReturn(\@ret); -+ $donereturn = 1; -+ } elsif ( $command eq "Execute" and $argument eq 'profile-syntax-check') { -+ $result = profileSyntaxCheck(); -+ ycp::ycpReturn($result); -+ $donereturn = 1; -+ } elsif ( $argument eq 'sd-notify-settings') { -+ $result = Immunix::Notify::getNotifySettings(); -+ ycp::Return($result); -+ $donereturn = 1; -+ } -+ ycp::ycpReturnSkalarAsString( $result ) if ( ! $donereturn ); -+ } -+ else { -+ #ycpGetCommand and ycpGetArgType is obsolete, we have those -+ #from ycp::ParseCommand -+ if ($command eq "result") { -+ exit 0; -+ } else { -+ $result = "Unknown instruction $command or argument: $argument\n"; -+ ycp::ycpReturnSkalarAsString( $result ); -+ } -+ } -+ print "\n"; -+} -+exit 0; -+ -+ -+ ---- /dev/null -+++ b/src/agents/ag_apparmor_profiles -@@ -0,0 +1,153 @@ -+#!/usr/bin/perl -+ -+# ------------------------------------------------------------------ -+# -+# Copyright (C) 2002-2005 Novell/SUSE -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of version 2 of the GNU General Public -+# License published by the Free Software Foundation. -+# -+# ------------------------------------------------------------------ -+ -+ -+##################################################################### -+# -+# ag_subdomain_profiles - Immunix SCR agent for the -+# management of SubDomain profiles -+# -+# -+##################################################################### -+ -+use strict; -+use ycp; -+ -+use Immunix::SubDomain; -+ -+################ -+# Subroutines -+################ -+ -+{ -+ -+sub newprofile { -+ my $filename = shift; -+ system("/usr/sbin/autodep $filename > /dev/null 2>&1"); -+ system("/usr/sbin/enforce $filename > /dev/null 2>&1"); -+ return; -+} -+ -+# ############################################################################### -+# -+# YCP <-> SCR Commands: -+# -+# Command Path Argument Returns -+# ------- ---- -------- -------- -+# -+# Read all hash containing all profiles -+# -+# Read .new pathtoprogram true/false (creates new profile) -+# -+# Write hash { true/false -+# PROFILE_NAME => -+# pathtoprogram, -+# PROFILE_HASH => -+# -+# } -+# -+# Write .delete pathtoprogram true/fale (deletes profile) -+# -+# Write .reload - true (reloads profiles) -+# -+# -+################################################################################ -+ -+ -+while ( ) { -+ -+ my ($command, $path, $argument) = ycp::ParseCommand ($_); -+ $argument = "NONE" if ( ! $argument ); -+ ycp::y2debug ("DOM command: $command, path: $path, argument: $argument"); -+ -+ my $result = undef; -+ if ( $command && $path && $argument ) { -+ if ( $command eq "Read" and $argument eq "all") { -+ $UI_Mode = "yast"; -+ Immunix::SubDomain::readprofiles(); -+ ycp::Return( \%sd ); -+ } elsif ( $command eq "Read" and $path eq ".new" ) { -+ my $pfname = getprofilefilename($argument); -+ if ( -e $pfname ) { -+ ycp::Return("false"); -+ } else { -+ newprofile( $argument ); -+ ycp::Return( "true" ); -+ } -+ } elsif ( $command eq "Read" ) { -+ my $pfname = getprofilefilename($argument); -+ if ( -e $pfname ) { -+ $UI_Mode = "yast"; -+ Immunix::SubDomain::readprofiles(); -+ ycp::Return( $sd{$argument} ); -+ } else { -+ ycp::Return( "false" ); -+ } -+ } elsif ( $command eq "Read") { -+ $UI_Mode = "yast"; -+ Immunix::SubDomain::readprofile("$profiledir/$argument", -+ \&$Immunix::SubDomain::fatal_error, 1); -+ ycp::Return( \%sd ); -+ } elsif ( $command eq "Write" and $path eq ".delete") { -+ if ( $argument ne "" ) { -+ my $profilefile = getprofilefilename( $argument ); -+ if ( -e $profilefile ) { -+ unlink( $profilefile ); -+ } -+ ycp::Return( "true" ); -+ } else { -+ ycp::Return( "false" ); -+ } -+ } elsif ( $command eq "Write" and $path eq ".reload") { -+ $result = system("/sbin/rcsubdomain reload > /dev/null 2>&1"); -+ ycp::Return( "true" ); -+ } elsif ( $command eq "Write") { -+ if ( (ref($argument) eq "HASH") ) { -+ my $profilename = ""; -+ $profilename = $$argument{"PROFILE_NAME"}; -+ my $ref = $$argument{"PROFILE_HASH"}; -+ my %profiles = (); -+ $profiles{$profilename} = $ref; -+ if ( (ref($ref) eq "HASH") ) { -+ %sd = %profiles; -+ $UI_Mode = "yast"; -+ $result = Immunix::SubDomain::writeprofile($profilename); -+ } else { -+ ycp::Return( "false" ); -+ } -+ ycp::Return( "true" ); -+ } -+ } elsif ( $command eq "Execute") { -+ if ( $path eq '.mode_to_string') { -+ my $ret = Immunix::SubDomain::mode_to_str( $argument ); -+ ycp::Return($ret); -+ } -+ elsif ($path eq '.string_to_mode') { -+ my $ret = Immunix::SubDomain::str_to_mode( $argument ); -+ ycp::Return($ret); -+ } -+ } else { -+ #ycpGetCommand and ycpGetArgType is obsolete, we have those -+ #from ycp::ParseCommand -+ if ($command eq "result") { -+ exit 0; -+ } else { -+ $result = "Unknown instruction $command or argument: $argument\n"; -+ ycp::Return( $result ); -+ } -+ } -+} -+} -+exit 0; -+} -+ ---- a/src/agents/ag_sd_config -+++ /dev/null -@@ -1,148 +0,0 @@ --#!/usr/bin/perl -- --# ------------------------------------------------------------------ --# --# Copyright (C) 2002-2005 Novell/SUSE --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of version 2 of the GNU General Public --# License published by the Free Software Foundation. --# --# ------------------------------------------------------------------ -- --################################################################################ --# ag_sd_config --################################################################################ -- --use strict; --use ycp; --use Data::Dumper; -- --use Immunix::Notify; --use Immunix::Reports; -- --# Subroutines --################################################################################ --sub setSubdomain { -- -- my $action = shift; -- my $errmsg = ""; -- my $lines = 0; -- if ($action eq "enable") { -- if (-e "/sbin/rcapparmor") { -- open(RUN, "/sbin/rcapparmor start 2>&1 |"); -- } else { -- open(RUN, "/sbin/rcsubdomain start 2>&1 |"); -- } -- while () { -- if (/FATAL:(.*)/) { -- $errmsg = $1; -- } -- } -- close(RUN); -- if (-f "/etc/init.d/boot.apparmor") { -- system("/sbin/insserv boot.apparmor"); -- } else { -- system("/sbin/insserv boot.subdomain"); -- } -- if (-f "/etc/init.d/aaeventd") { -- system("/sbin/rcaaeventd start"); -- system("/sbin/insserv aaeventd"); -- } -- } else { -- if (-e "/sbin/rcapparmor") { -- open(RUN, "/sbin/rcapparmor stop 2>&1 |"); -- } else { -- open(RUN, "/sbin/rcsubdomain stop 2>&1 |"); -- } -- while () { -- if (/FATAL:(.*)/) { -- $errmsg = $1; -- } -- } -- close(RUN); -- if (-f "/etc/init.d/boot.apparmor") { -- system("/sbin/insserv -r boot.apparmor"); -- } else { -- system("/sbin/insserv -r boot.subdomain"); -- } -- if (-f "/etc/init.d/aaeventd") { -- system("/sbin/rcaaeventd stop"); -- system("/sbin/insserv -r aaeventd"); -- } -- } -- return $errmsg; --} -- --sub setNotify { -- -- my $action = shift; -- -- return 0; --} -- --sub setLearningMode { -- -- my $action = shift; -- my $rcscript = -f "/sbin/rcapparmor" ? "/sbin/rcapparmor" -- : "/sbin/rcsubdomain"; -- -- if ($action eq "enable") { -- system("$rcscript", "stop"); -- system("$rcscript", "complain"); -- } else { -- system("$rcscript". "stop"); -- system("$rcscript", "start"); -- } -- -- return 0; --} -- --# Main --################################################################################ -- -- --while ( ) { -- -- my ($command, $path, $argument) = ycp::ParseCommand ($_); -- -- my $result = undef; -- my $action = undef; -- -- if ( $command && $path && $argument ) { -- -- if (ref($argument) eq "HASH" && $argument->{"set_notify"}) { -- my ($ntSettings, $result) = Immunix::Notify::sanitize($argument); -- -- if ($result ne "success") { -- ycp::Return($result); -- next; -- } else { -- $result = Immunix::Notify::setNotifySettings($ntSettings); -- ycp::Return($result); -- next; -- } -- } -- -- ($action) = (split(/:/, $argument))[1]; -- -- if ( $argument =~ /subdomain/ ) { -- $result = setSubdomain($action); -- } elsif ( $argument =~ /learning/ ) { -- setLearningMode($action); -- } elsif ( $argument eq 'sd-notify') { -- setNotify($action); -- } -- -- if ( $result ) { -- ycp::Return( $result ); -- } else { -- ycp::Return("true"); -- } -- } --} -- --exit 0; -- -- -- ---- a/src/agents/ag_subdomain -+++ /dev/null -@@ -1,112 +0,0 @@ --#!/usr/bin/perl -- --# ------------------------------------------------------------------ --# --# Copyright (C) 2002-2005 Novell/SUSE --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of version 2 of the GNU General Public --# License published by the Free Software Foundation. --# --# ------------------------------------------------------------------ -- -- --################################################################################ --# ag_subdomain --# --# Version 0.61 --################################################################################ -- --use strict; --use ycp; --use Data::Dumper; --use Immunix::Notify; --use Immunix::SubDomain; -- -- --# Subroutines --################################################################################ -- --sub getSubdomainStatus { -- -- my $sdStatus = "disabled"; -- -- # Ok check that there are profiles loaded to -- # determine status -- my $mountpoint = Immunix::SubDomain::check_for_subdomain(); -- if ( $mountpoint ) { -- open( PROFILES, "cat $mountpoint/profiles|" ); -- while () { -- # Ensure we have loaded profiles -- # not just a loaded module -- if ( /\// ) { -- $sdStatus = "enabled"; -- last; -- } -- } -- close PROFILES; -- } -- return $sdStatus; --} -- --sub profileSyntaxCheck { -- my $errlist = []; -- Immunix::SubDomain::checkIncludeSyntax($errlist); -- Immunix::SubDomain::checkProfileSyntax($errlist); -- my @errlist = Immunix::SubDomain::uniq(@$errlist); -- return \@errlist; --} -- -- --# Main --################################################################################ -- --while ( ) { -- my ($command, $path, $argument) = ycp::ParseCommand($_); -- -- my $result = undef; -- my $donereturn = 0; -- if ( $command && $path && $argument ) { -- if ( $argument eq 'sd-all') { -- my %hResult = ''; # hashed result, duh -- $hResult{'sd-status'} = getSubdomainStatus(); -- $hResult{'sd-notify'} = Immunix::Notify::getNotifyStatus(); -- #ycp::ycpReturnHashAsMap( %hResult ); -- ycp::Return( %hResult ); -- $donereturn = 1; -- } elsif ( $argument eq 'sd-status') { -- $result = getSubdomainStatus(); -- } elsif ( $argument eq 'sd-notify') { -- $result = Immunix::Notify::getNotifyStatus(); -- } elsif ( $command eq "Read" and $argument eq 'custom-includes') { -- my $cfg = Immunix::SubDomain::read_config("logprof.conf"); -- my @ret = split(' ', $cfg->{settings}{custom_includes}); -- ycp::ycpReturn(\@ret); -- $donereturn = 1; -- } elsif ( $command eq "Execute" and $argument eq 'profile-syntax-check') { -- $result = profileSyntaxCheck(); -- ycp::ycpReturn($result); -- $donereturn = 1; -- } elsif ( $argument eq 'sd-notify-settings') { -- $result = Immunix::Notify::getNotifySettings(); -- ycp::Return($result); -- $donereturn = 1; -- } -- ycp::ycpReturnSkalarAsString( $result ) if ( ! $donereturn ); -- } -- else { -- #ycpGetCommand and ycpGetArgType is obsolete, we have those -- #from ycp::ParseCommand -- if ($command eq "result") { -- exit 0; -- } else { -- $result = "Unknown instruction $command or argument: $argument\n"; -- ycp::ycpReturnSkalarAsString( $result ); -- } -- } -- print "\n"; --} --exit 0; -- -- -- ---- a/src/agents/ag_subdomain_profiles -+++ /dev/null -@@ -1,153 +0,0 @@ --#!/usr/bin/perl -- --# ------------------------------------------------------------------ --# --# Copyright (C) 2002-2005 Novell/SUSE --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of version 2 of the GNU General Public --# License published by the Free Software Foundation. --# --# ------------------------------------------------------------------ -- -- --##################################################################### --# --# ag_subdomain_profiles - Immunix SCR agent for the --# management of SubDomain profiles --# --# --##################################################################### -- --use strict; --use ycp; -- --use Immunix::SubDomain; -- --################ --# Subroutines --################ -- --{ -- --sub newprofile { -- my $filename = shift; -- system("/usr/sbin/autodep $filename > /dev/null 2>&1"); -- system("/usr/sbin/enforce $filename > /dev/null 2>&1"); -- return; --} -- --# ############################################################################### --# --# YCP <-> SCR Commands: --# --# Command Path Argument Returns --# ------- ---- -------- -------- --# --# Read all hash containing all profiles --# --# Read .new pathtoprogram true/false (creates new profile) --# --# Write hash { true/false --# PROFILE_NAME => --# pathtoprogram, --# PROFILE_HASH => --# --# } --# --# Write .delete pathtoprogram true/fale (deletes profile) --# --# Write .reload - true (reloads profiles) --# --# --################################################################################ -- -- --while ( ) { -- -- my ($command, $path, $argument) = ycp::ParseCommand ($_); -- $argument = "NONE" if ( ! $argument ); -- ycp::y2debug ("DOM command: $command, path: $path, argument: $argument"); -- -- my $result = undef; -- if ( $command && $path && $argument ) { -- if ( $command eq "Read" and $argument eq "all") { -- $UI_Mode = "yast"; -- Immunix::SubDomain::readprofiles(); -- ycp::Return( \%sd ); -- } elsif ( $command eq "Read" and $path eq ".new" ) { -- my $pfname = getprofilefilename($argument); -- if ( -e $pfname ) { -- ycp::Return("false"); -- } else { -- newprofile( $argument ); -- ycp::Return( "true" ); -- } -- } elsif ( $command eq "Read" ) { -- my $pfname = getprofilefilename($argument); -- if ( -e $pfname ) { -- $UI_Mode = "yast"; -- Immunix::SubDomain::readprofiles(); -- ycp::Return( $sd{$argument} ); -- } else { -- ycp::Return( "false" ); -- } -- } elsif ( $command eq "Read") { -- $UI_Mode = "yast"; -- Immunix::SubDomain::readprofile("$profiledir/$argument", -- \&$Immunix::SubDomain::fatal_error, 1); -- ycp::Return( \%sd ); -- } elsif ( $command eq "Write" and $path eq ".delete") { -- if ( $argument ne "" ) { -- my $profilefile = getprofilefilename( $argument ); -- if ( -e $profilefile ) { -- unlink( $profilefile ); -- } -- ycp::Return( "true" ); -- } else { -- ycp::Return( "false" ); -- } -- } elsif ( $command eq "Write" and $path eq ".reload") { -- $result = system("/sbin/rcsubdomain reload > /dev/null 2>&1"); -- ycp::Return( "true" ); -- } elsif ( $command eq "Write") { -- if ( (ref($argument) eq "HASH") ) { -- my $profilename = ""; -- $profilename = $$argument{"PROFILE_NAME"}; -- my $ref = $$argument{"PROFILE_HASH"}; -- my %profiles = (); -- $profiles{$profilename} = $ref; -- if ( (ref($ref) eq "HASH") ) { -- %sd = %profiles; -- $UI_Mode = "yast"; -- $result = Immunix::SubDomain::writeprofile($profilename); -- } else { -- ycp::Return( "false" ); -- } -- ycp::Return( "true" ); -- } -- } elsif ( $command eq "Execute") { -- if ( $path eq '.mode_to_string') { -- my $ret = Immunix::SubDomain::mode_to_str( $argument ); -- ycp::Return($ret); -- } -- elsif ($path eq '.string_to_mode') { -- my $ret = Immunix::SubDomain::str_to_mode( $argument ); -- ycp::Return($ret); -- } -- } else { -- #ycpGetCommand and ycpGetArgType is obsolete, we have those -- #from ycp::ParseCommand -- if ($command eq "result") { -- exit 0; -- } else { -- $result = "Unknown instruction $command or argument: $argument\n"; -- ycp::Return( $result ); -- } -- } --} --} --exit 0; --} -- ---- /dev/null -+++ b/src/clients/AA_AddProfile.ycp -@@ -0,0 +1,114 @@ -+/* ------------------------------------------------------------------ -+* -+* Copyright (C) 2002-2006 Novell/SUSE -+* -+* This program is free software; you can redistribute it and/or -+* modify it under the terms of version 2 of the GNU General Public -+* License published by the Free Software Foundation. -+* -+ ------------------------------------------------------------------*/ -+{ -+import "Wizard"; -+import "Popup"; -+import "Label"; -+import "Sequencer"; -+include "subdomain/apparmor_packages.ycp"; -+include "subdomain/apparmor_profile_check.ycp"; -+include "subdomain/profile_dialogs.ycp"; -+textdomain "yast2-apparmor"; -+ -+// Globalz -+ -+define boolean CreateNewProfile() { -+ string selectfilename = ""; -+ while ( true ) { -+ selectfilename = UI::AskForExistingFile( "/", "", _("Select File To Generate A Profile for") ); -+ // Check for cancel in the file choose dialog -+ if ( selectfilename == nil ) { -+ return false; -+ } -+ Settings["CURRENT_PROFILE"] = selectfilename; -+ boolean profile = (boolean) SCR::Read (.subdomain_profiles.new, selectfilename); -+ if ( profile == false && Popup::YesNoHeadline( _("Profile for ") + selectfilename + _(" already exists."), _("Would you like to open this profile in editing mode?") ) ) { -+ return true; -+ } -+ Settings["NEW_PROFILE"] = selectfilename; -+ return true; -+ } -+} -+ -+ -+ -+// -+// Setup and run the Wizard -+// -+define any MainSequence() ``{ -+ -+ map profiles = nil; -+ map aliases = $[ -+ "showprofile" : ``(DisplayProfileForm(Settings["CURRENT_PROFILE"]:"", false)), -+ "showHat" : ``(DisplayProfileForm(Settings["CURRENT_HAT"]:"", true)) -+ ]; -+ -+ map sequence = $[ -+ "ws_start" : "showprofile", -+ "showprofile" : $[ -+ `abort : `abort, -+ `next : `finish, -+ `showhat : "showHat", -+ `finish : `finish, -+ ], -+ "showHat" : $[ -+ `abort : `abort, -+ `next : "showprofile", -+ `finish : `next, -+ ] -+ ]; -+ -+ boolean created_new_profile = CreateNewProfile(); -+ if ( created_new_profile == false ) { -+ remove( Settings, "NEW_PROFILE"); -+ remove( Settings, "CURRENT_PROFILE"); -+ return (any) `abort; -+ } -+ map new_profile = (map) SCR::Read (.subdomain_profiles, Settings["CURRENT_PROFILE"]:"" ); -+ Settings["PROFILE_MAP"] = new_profile; -+ Wizard::CreateDialog(); -+ Wizard::SetTitleIcon("apparmor_add_profile"); -+ any ret = Sequencer::Run(aliases, sequence); -+ Wizard::CloseDialog(); -+ if ( ret == `abort ) { -+ string profile_name = Settings["NEW_PROFILE"]:""; -+ any result = SCR::Write(.subdomain_profiles.delete, profile_name); -+ } -+ Settings = remove( Settings, "NEW_PROFILE"); -+ Settings = remove( Settings, "CURRENT_PROFILE"); -+ return ret; -+} -+ -+ -+ -+// -+// YEAH BABY RUN BABY RUN -+// -+ -+any ret = nil; -+ -+// no command line support #269891 -+if (size(WFM::Args()) > 0 ) -+{ -+ import "CommandLine"; -+ CommandLine::Init($[], WFM::Args()); -+ return ret; -+} -+ -+if (!installAppArmorPackages()) { -+ return ret; -+} -+if (!checkProfileSyntax()) { -+ return ret; -+} -+ret = MainSequence(); -+return ret; -+} -+ ---- /dev/null -+++ b/src/clients/AA_DeleteProfile.ycp -@@ -0,0 +1,91 @@ -+/* ------------------------------------------------------------------ -+* -+* Copyright (C) 2002-2006 Novell/SUSE -+* -+* This program is free software; you can redistribute it and/or -+* modify it under the terms of version 2 of the GNU General Public -+* License published by the Free Software Foundation. -+* -+ ------------------------------------------------------------------*/ -+{ -+import "Wizard"; -+import "Label"; -+import "Popup"; -+import "Sequencer"; -+include "subdomain/apparmor_packages.ycp"; -+include "subdomain/apparmor_profile_check.ycp"; -+include "subdomain/profile_dialogs.ycp"; -+textdomain "yast2-apparmor"; -+ -+// Globalz -+ -+define any DeleteProfileConfirmation() { -+ string profilename = Settings["CURRENT_PROFILE"]:""; -+ if (Popup::YesNoHeadline( _("Delete profile confirmation"), -+ _("Are you sure you want to delete the profile ") + profilename + -+ _(" ?\nAfter this operation the AppArmor module will reload the profile set.") ) ) { -+ y2milestone("Deleted " + profilename ); -+ boolean result = SCR::Write(.subdomain_profiles.delete, profilename); -+ any result2 = SCR::Write(.subdomain_profiles.reload, "-"); -+ } -+ return `finish; -+} -+ -+define any MainSequence() ``{ -+ -+// -+// Read the profiles from the SCR agent -+ map profiles = (map) SCR::Read (.subdomain_profiles, "all"); -+ -+ map aliases = $[ -+ "chooseprofile" : ``(SelectProfileForm(profiles, _("Please make a -+ selection from the listed profiles and press Next to delete the profile."), -+ _("Delete Profile - Choose profile to delete"), "subdomain/delete_profile")), -+ "deleteprofile" : ``(DeleteProfileConfirmation()), -+ ]; -+ -+ map sequence = $[ -+ "ws_start" : "chooseprofile", -+ "chooseprofile" : $[ -+ `abort : `abort, -+ `next : "deleteprofile", -+ `finish : `next, -+ ], -+ ]; -+ -+ Wizard::CreateDialog(); -+ Wizard::SetTitleIcon("apparmor_delete_profile"); -+ any ret = Sequencer::Run(aliases, sequence); -+ Wizard::CloseDialog(); -+ Settings = remove( Settings, "CURRENT_PROFILE"); -+ Settings = remove( Settings, "PROFILE_MAP"); -+ return ret; -+} -+ -+ -+ -+// -+// YEAH BABY RUN BABY RUN -+// -+any ret = nil; -+ -+// no command line support #269891 -+if (size(WFM::Args()) > 0 ) -+{ -+ import "CommandLine"; -+ CommandLine::Init($[], WFM::Args()); -+ return ret; -+} -+ -+if (!installAppArmorPackages()) { -+ return ret; -+} -+ -+if (!checkProfileSyntax()) { -+ return true; -+} -+ -+ret = MainSequence(); -+return ret; -+} -+ ---- /dev/null -+++ b/src/clients/AA_EditProfile.ycp -@@ -0,0 +1,93 @@ -+/* ------------------------------------------------------------------ -+* -+* Copyright (C) 2002-2006 Novell/SUSE -+* -+* This program is free software; you can redistribute it and/or -+* modify it under the terms of version 2 of the GNU General Public -+* License published by the Free Software Foundation. -+* -+ ------------------------------------------------------------------*/ -+{ -+import "Wizard"; -+import "Popup"; -+import "Label"; -+import "Sequencer"; -+include "subdomain/apparmor_packages.ycp"; -+include "subdomain/apparmor_profile_check.ycp"; -+include "subdomain/profile_dialogs.ycp"; -+textdomain "yast2-apparmor"; -+ -+// Globalz -+ -+ -+ -+define any MainSequence() ``{ -+ -+// -+// Read the profiles from the SCR agent -+ map profiles = (map) SCR::Read (.subdomain_profiles, "all"); -+ -+ map aliases = $[ -+ "showProfile" : ``(DisplayProfileForm(Settings["CURRENT_PROFILE"]:"", false)), -+ "showHat" : ``(DisplayProfileForm(Settings["CURRENT_HAT"]:"", true)), -+ "chooseProfile" : ``(SelectProfileForm(profiles, _("Please make a selection from the listed profiles and press Next to edit the profile."), _("Edit Profile - Choose profile to edit"), "apparmor_edit_profile" )), -+ -+ ]; -+ -+ map sequence = $[ -+ "ws_start" : "chooseProfile", -+ "chooseProfile" : $[ -+ `abort : `abort, -+ `next : "showProfile", -+ `finish : `next, -+ ], -+ "showProfile" : $[ -+ `abort : `abort, -+ `next : `ws_finish, -+ `showhat : "showHat", -+ `finish : `next, -+ ], -+ "showHat" : $[ -+ `abort : `abort, -+ `next : "showProfile", -+ `finish : `next, -+ ], -+ ]; -+ -+ Wizard::CreateDialog(); -+ Wizard::SetTitleIcon("apparmor_edit_profile"); -+ any ret = Sequencer::Run(aliases, sequence); -+ Wizard::CloseDialog(); -+ Settings = remove( Settings, "CURRENT_PROFILE"); -+ Settings = remove( Settings, "PROFILE_MAP"); -+ return ret; -+} -+ -+ -+ -+// -+// YEAH BABY RUN BABY RUN -+// -+any ret = nil; -+ -+// no command line support #269891 -+if (size(WFM::Args()) > 0 ) -+{ -+ import "CommandLine"; -+ CommandLine::Init($[], WFM::Args()); -+ return ret; -+} -+ -+if (!installAppArmorPackages()) { -+ return ret; -+} -+ -+if (!checkProfileSyntax()) { -+ return ret; -+} -+ -+ -+ret = MainSequence(); -+return ret; -+} -+ ---- /dev/null -+++ b/src/clients/AA_Report.ycp -@@ -0,0 +1,108 @@ -+/* ------------------------------------------------------------------ -+* -+* Copyright (C) 2002-2006 Novell/SUSE -+* -+* This program is free software; you can redistribute it and/or -+* modify it under the terms of version 2 of the GNU General Public -+* License published by the Free Software Foundation. -+* -+ ------------------------------------------------------------------*/ -+{ -+ -+import "Wizard"; -+import "Popup"; -+import "Label"; -+import "Sequencer"; -+include "subdomain/apparmor_packages.ycp"; -+include "subdomain/apparmor_profile_check.ycp"; -+include "subdomain/reporting_dialogues.ycp"; -+include "subdomain/report_helptext.ycp"; -+textdomain "yast2-apparmor"; -+ -+// Globalz -+ -+define any mainSequence() ``{ -+ -+// Read the profiles from the SCR agent -+ map aliases = $[ -+ "mainreport" : ``(mainReportForm()), -+ "configreport" : ``(reportConfigForm()), -+ "reportview" : ``(mainArchivedReportForm()), -+ "schedReport" : ``(displaySchedForm()), -+ "viewreport" : ``(displayArchForm()), -+ "runReport" : ``(displayRunForm()) -+ ]; -+ -+ map sequence = $[ -+ "ws_start" : "schedReport", -+ "mainreport" : $[ -+ `back : `back, -+ `abort : `abort, -+ `next : `finish, -+ `schedrep: "schedReport", -+ `finish : `ws_finish -+ ], -+ "schedReport": $[ -+ `back : `ws_start, -+ `abort : `abort, -+ `viewrep : "viewreport", -+ `runrep : "runReport", -+ `next : "runReport", -+ `finish : `ws_finish -+ ], -+ "viewreport" : $[ -+ `back : "mainreport", -+ `abort : `abort, -+ `next : "mainreport", -+ `finish : `ws_finish -+ ], -+ "runReport": $[ -+ `back : `back, -+ `abort : `abort, -+ `next : `finish, -+ `finish : `ws_finish -+ ], -+ "configreport" : $[ -+ `back : `back, -+ `abort : `abort, -+ `next : "reportview", -+ `finish : `ws_finish -+ ], -+ "reportview" : $[ -+ `back : `back, -+ `abort : `abort, -+ `next : `finish, -+ `finish : `ws_finish -+ ], -+ ]; -+ -+ Wizard::CreateDialog(); -+ Wizard::SetTitleIcon("apparmor_view_profile"); -+ any ret = Sequencer::Run(aliases, sequence); -+ Wizard::CloseDialog(); -+ return ret; -+} -+ -+any ret = nil; -+ -+// no command line support #269891 -+if (size(WFM::Args()) > 0 ) -+{ -+ import "CommandLine"; -+ CommandLine::Init($[], WFM::Args()); -+ return ret; -+} -+ -+if (!installAppArmorPackages()) { -+ return ret; -+} -+ -+checkProfileSyntax(); -+ -+ret = mainSequence(); -+return ret; -+ -+ -+} -+ -+ ---- a/src/clients/SD_AddProfile.ycp -+++ /dev/null -@@ -1,114 +0,0 @@ --/* ------------------------------------------------------------------ --* --* Copyright (C) 2002-2006 Novell/SUSE --* --* This program is free software; you can redistribute it and/or --* modify it under the terms of version 2 of the GNU General Public --* License published by the Free Software Foundation. --* -- ------------------------------------------------------------------*/ --{ --import "Wizard"; --import "Popup"; --import "Label"; --import "Sequencer"; --include "subdomain/apparmor_packages.ycp"; --include "subdomain/apparmor_profile_check.ycp"; --include "subdomain/profile_dialogs.ycp"; --textdomain "yast2-apparmor"; -- --// Globalz -- --define boolean CreateNewProfile() { -- string selectfilename = ""; -- while ( true ) { -- selectfilename = UI::AskForExistingFile( "/", "", _("Select File To Generate A Profile for") ); -- // Check for cancel in the file choose dialog -- if ( selectfilename == nil ) { -- return false; -- } -- Settings["CURRENT_PROFILE"] = selectfilename; -- boolean profile = (boolean) SCR::Read (.subdomain_profiles.new, selectfilename); -- if ( profile == false && Popup::YesNoHeadline( _("Profile for ") + selectfilename + _(" already exists."), _("Would you like to open this profile in editing mode?") ) ) { -- return true; -- } -- Settings["NEW_PROFILE"] = selectfilename; -- return true; -- } --} -- -- -- --// --// Setup and run the Wizard --// --define any MainSequence() ``{ -- -- map profiles = nil; -- map aliases = $[ -- "showprofile" : ``(DisplayProfileForm(Settings["CURRENT_PROFILE"]:"", false)), -- "showHat" : ``(DisplayProfileForm(Settings["CURRENT_HAT"]:"", true)) -- ]; -- -- map sequence = $[ -- "ws_start" : "showprofile", -- "showprofile" : $[ -- `abort : `abort, -- `next : `finish, -- `showhat : "showHat", -- `finish : `finish, -- ], -- "showHat" : $[ -- `abort : `abort, -- `next : "showprofile", -- `finish : `next, -- ] -- ]; -- -- boolean created_new_profile = CreateNewProfile(); -- if ( created_new_profile == false ) { -- remove( Settings, "NEW_PROFILE"); -- remove( Settings, "CURRENT_PROFILE"); -- return (any) `abort; -- } -- map new_profile = (map) SCR::Read (.subdomain_profiles, Settings["CURRENT_PROFILE"]:"" ); -- Settings["PROFILE_MAP"] = new_profile; -- Wizard::CreateDialog(); -- Wizard::SetTitleIcon("apparmor_add_profile"); -- any ret = Sequencer::Run(aliases, sequence); -- Wizard::CloseDialog(); -- if ( ret == `abort ) { -- string profile_name = Settings["NEW_PROFILE"]:""; -- any result = SCR::Write(.subdomain_profiles.delete, profile_name); -- } -- Settings = remove( Settings, "NEW_PROFILE"); -- Settings = remove( Settings, "CURRENT_PROFILE"); -- return ret; --} -- -- -- --// --// YEAH BABY RUN BABY RUN --// -- --any ret = nil; -- --// no command line support #269891 --if (size(WFM::Args()) > 0 ) --{ -- import "CommandLine"; -- CommandLine::Init($[], WFM::Args()); -- return ret; --} -- --if (!installAppArmorPackages()) { -- return ret; --} --if (!checkProfileSyntax()) { -- return ret; --} --ret = MainSequence(); --return ret; --} -- ---- a/src/clients/SD_DeleteProfile.ycp -+++ /dev/null -@@ -1,91 +0,0 @@ --/* ------------------------------------------------------------------ --* --* Copyright (C) 2002-2006 Novell/SUSE --* --* This program is free software; you can redistribute it and/or --* modify it under the terms of version 2 of the GNU General Public --* License published by the Free Software Foundation. --* -- ------------------------------------------------------------------*/ --{ --import "Wizard"; --import "Label"; --import "Popup"; --import "Sequencer"; --include "subdomain/apparmor_packages.ycp"; --include "subdomain/apparmor_profile_check.ycp"; --include "subdomain/profile_dialogs.ycp"; --textdomain "yast2-apparmor"; -- --// Globalz -- --define any DeleteProfileConfirmation() { -- string profilename = Settings["CURRENT_PROFILE"]:""; -- if (Popup::YesNoHeadline( _("Delete profile confirmation"), -- _("Are you sure you want to delete the profile ") + profilename + -- _(" ?\nAfter this operation the AppArmor module will reload the profile set.") ) ) { -- y2milestone("Deleted " + profilename ); -- boolean result = SCR::Write(.subdomain_profiles.delete, profilename); -- any result2 = SCR::Write(.subdomain_profiles.reload, "-"); -- } -- return `finish; --} -- --define any MainSequence() ``{ -- --// --// Read the profiles from the SCR agent -- map profiles = (map) SCR::Read (.subdomain_profiles, "all"); -- -- map aliases = $[ -- "chooseprofile" : ``(SelectProfileForm(profiles, _("Please make a -- selection from the listed profiles and press Next to delete the profile."), -- _("Delete Profile - Choose profile to delete"), "subdomain/delete_profile")), -- "deleteprofile" : ``(DeleteProfileConfirmation()), -- ]; -- -- map sequence = $[ -- "ws_start" : "chooseprofile", -- "chooseprofile" : $[ -- `abort : `abort, -- `next : "deleteprofile", -- `finish : `next, -- ], -- ]; -- -- Wizard::CreateDialog(); -- Wizard::SetTitleIcon("apparmor_delete_profile"); -- any ret = Sequencer::Run(aliases, sequence); -- Wizard::CloseDialog(); -- Settings = remove( Settings, "CURRENT_PROFILE"); -- Settings = remove( Settings, "PROFILE_MAP"); -- return ret; --} -- -- -- --// --// YEAH BABY RUN BABY RUN --// --any ret = nil; -- --// no command line support #269891 --if (size(WFM::Args()) > 0 ) --{ -- import "CommandLine"; -- CommandLine::Init($[], WFM::Args()); -- return ret; --} -- --if (!installAppArmorPackages()) { -- return ret; --} -- --if (!checkProfileSyntax()) { -- return true; --} -- --ret = MainSequence(); --return ret; --} -- ---- a/src/clients/SD_EditProfile.ycp -+++ /dev/null -@@ -1,93 +0,0 @@ --/* ------------------------------------------------------------------ --* --* Copyright (C) 2002-2006 Novell/SUSE --* --* This program is free software; you can redistribute it and/or --* modify it under the terms of version 2 of the GNU General Public --* License published by the Free Software Foundation. --* -- ------------------------------------------------------------------*/ --{ --import "Wizard"; --import "Popup"; --import "Label"; --import "Sequencer"; --include "subdomain/apparmor_packages.ycp"; --include "subdomain/apparmor_profile_check.ycp"; --include "subdomain/profile_dialogs.ycp"; --textdomain "yast2-apparmor"; -- --// Globalz -- -- -- --define any MainSequence() ``{ -- --// --// Read the profiles from the SCR agent -- map profiles = (map) SCR::Read (.subdomain_profiles, "all"); -- -- map aliases = $[ -- "showProfile" : ``(DisplayProfileForm(Settings["CURRENT_PROFILE"]:"", false)), -- "showHat" : ``(DisplayProfileForm(Settings["CURRENT_HAT"]:"", true)), -- "chooseProfile" : ``(SelectProfileForm(profiles, _("Please make a selection from the listed profiles and press Next to edit the profile."), _("Edit Profile - Choose profile to edit"), "apparmor_edit_profile" )), -- -- ]; -- -- map sequence = $[ -- "ws_start" : "chooseProfile", -- "chooseProfile" : $[ -- `abort : `abort, -- `next : "showProfile", -- `finish : `next, -- ], -- "showProfile" : $[ -- `abort : `abort, -- `next : `ws_finish, -- `showhat : "showHat", -- `finish : `next, -- ], -- "showHat" : $[ -- `abort : `abort, -- `next : "showProfile", -- `finish : `next, -- ], -- ]; -- -- Wizard::CreateDialog(); -- Wizard::SetTitleIcon("apparmor_edit_profile"); -- any ret = Sequencer::Run(aliases, sequence); -- Wizard::CloseDialog(); -- Settings = remove( Settings, "CURRENT_PROFILE"); -- Settings = remove( Settings, "PROFILE_MAP"); -- return ret; --} -- -- -- --// --// YEAH BABY RUN BABY RUN --// --any ret = nil; -- --// no command line support #269891 --if (size(WFM::Args()) > 0 ) --{ -- import "CommandLine"; -- CommandLine::Init($[], WFM::Args()); -- return ret; --} -- --if (!installAppArmorPackages()) { -- return ret; --} -- --if (!checkProfileSyntax()) { -- return ret; --} -- -- --ret = MainSequence(); --return ret; --} -- ---- a/src/clients/SD_Report.ycp -+++ /dev/null -@@ -1,108 +0,0 @@ --/* ------------------------------------------------------------------ --* --* Copyright (C) 2002-2006 Novell/SUSE --* --* This program is free software; you can redistribute it and/or --* modify it under the terms of version 2 of the GNU General Public --* License published by the Free Software Foundation. --* -- ------------------------------------------------------------------*/ --{ -- --import "Wizard"; --import "Popup"; --import "Label"; --import "Sequencer"; --include "subdomain/apparmor_packages.ycp"; --include "subdomain/apparmor_profile_check.ycp"; --include "subdomain/reporting_dialogues.ycp"; --include "subdomain/report_helptext.ycp"; --textdomain "yast2-apparmor"; -- --// Globalz -- --define any mainSequence() ``{ -- --// Read the profiles from the SCR agent -- map aliases = $[ -- "mainreport" : ``(mainReportForm()), -- "configreport" : ``(reportConfigForm()), -- "reportview" : ``(mainArchivedReportForm()), -- "schedReport" : ``(displaySchedForm()), -- "viewreport" : ``(displayArchForm()), -- "runReport" : ``(displayRunForm()) -- ]; -- -- map sequence = $[ -- "ws_start" : "schedReport", -- "mainreport" : $[ -- `back : `back, -- `abort : `abort, -- `next : `finish, -- `schedrep: "schedReport", -- `finish : `ws_finish -- ], -- "schedReport": $[ -- `back : `ws_start, -- `abort : `abort, -- `viewrep : "viewreport", -- `runrep : "runReport", -- `next : "runReport", -- `finish : `ws_finish -- ], -- "viewreport" : $[ -- `back : "mainreport", -- `abort : `abort, -- `next : "mainreport", -- `finish : `ws_finish -- ], -- "runReport": $[ -- `back : `back, -- `abort : `abort, -- `next : `finish, -- `finish : `ws_finish -- ], -- "configreport" : $[ -- `back : `back, -- `abort : `abort, -- `next : "reportview", -- `finish : `ws_finish -- ], -- "reportview" : $[ -- `back : `back, -- `abort : `abort, -- `next : `finish, -- `finish : `ws_finish -- ], -- ]; -- -- Wizard::CreateDialog(); -- Wizard::SetTitleIcon("apparmor_view_profile"); -- any ret = Sequencer::Run(aliases, sequence); -- Wizard::CloseDialog(); -- return ret; --} -- --any ret = nil; -- --// no command line support #269891 --if (size(WFM::Args()) > 0 ) --{ -- import "CommandLine"; -- CommandLine::Init($[], WFM::Args()); -- return ret; --} -- --if (!installAppArmorPackages()) { -- return ret; --} -- --checkProfileSyntax(); -- --ret = mainSequence(); --return ret; -- -- --} -- -- ---- /dev/null -+++ b/src/clients/apparmor_no_impl.ycp -@@ -0,0 +1,20 @@ -+/* ------------------------------------------------------------------ -+* -+* Copyright (C) 2002-2005 Novell/SUSE -+* -+* This program is free software; you can redistribute it and/or -+* modify it under the terms of version 2 of the GNU General Public -+* License published by the Free Software Foundation. -+* -+ ------------------------------------------------------------------*/ -+{ -+import "Popup"; -+import "Wizard"; -+ -+//include "subdomain/prof-config.ycp"; -+ -+/* BEGIN - This is just temporary filler */ -+ Popup::Message("This function is not implemented at this time"); -+ symbol button = (`ok); -+ return button; -+} ---- /dev/null -+++ a/src/clients/apparmor-settings.ycp -@@ -0,0 +1,72 @@ -+/* ------------------------------------------------------------------ -+* -+* Copyright (C) 2002-2006 Novell/SUSE -+* -+* This program is free software; you can redistribute it and/or -+* modify it under the terms of version 2 of the GNU General Public -+* License published by the Free Software Foundation. -+* -+ ------------------------------------------------------------------*/ -+ -+{ -+ -+textdomain "yast2-apparmor"; -+ -+/* The main () */ -+y2milestone("----------------------------------------"); -+y2milestone("Subdomain module started"); -+ -+import "Label"; -+import "Popup"; -+import "Wizard"; -+ -+include "subdomain/apparmor_packages.ycp"; -+include "subdomain/sd-config.ycp"; -+ -+// no command line support #269891 -+if (size(WFM::Args()) > 0 ) -+{ -+ import "CommandLine"; -+ CommandLine::Init($[], WFM::Args()); -+ return; -+} -+ -+if (!installAppArmorPackages()) { -+ return; -+} -+ -+list config_steps = -+[ -+ $[ "id": "subdomain", "label": _("Enable AppArmor Functions") ], -+]; -+ -+list steps = flatten( [ config_steps ] ); -+ -+define symbol displayPage( integer no ) ``{ -+ -+ string current_id = lookup( steps[ no ]:nil, "id", ""); -+ symbol button = nil; -+ -+ UI::WizardCommand(`SetCurrentStep( current_id ) ); -+ -+ if ( current_id == "subdomain") { -+ //button = displaySubdomainConfig(); -+ button = displayAppArmorConfig(); -+ } -+ -+ -+ -+ return button; -+ -+} -+ -+integer current_step = 0; -+symbol button = displayPage( current_step ); -+ -+/* Finish */ -+y2milestone("AppArmor module finished"); -+y2milestone("----------------------------------------"); -+ -+/* EOF */ -+} -+ ---- a/src/clients/subdomain.ycp -+++ /dev/null -@@ -1,72 +0,0 @@ --/* ------------------------------------------------------------------ --* --* Copyright (C) 2002-2006 Novell/SUSE --* --* This program is free software; you can redistribute it and/or --* modify it under the terms of version 2 of the GNU General Public --* License published by the Free Software Foundation. --* -- ------------------------------------------------------------------*/ -- --{ -- --textdomain "yast2-apparmor"; -- --/* The main () */ --y2milestone("----------------------------------------"); --y2milestone("Subdomain module started"); -- --import "Label"; --import "Popup"; --import "Wizard"; -- --include "subdomain/apparmor_packages.ycp"; --include "subdomain/sd-config.ycp"; -- --// no command line support #269891 --if (size(WFM::Args()) > 0 ) --{ -- import "CommandLine"; -- CommandLine::Init($[], WFM::Args()); -- return; --} -- --if (!installAppArmorPackages()) { -- return; --} -- --list config_steps = --[ -- $[ "id": "subdomain", "label": _("Enable AppArmor Functions") ], --]; -- --list steps = flatten( [ config_steps ] ); -- --define symbol displayPage( integer no ) ``{ -- -- string current_id = lookup( steps[ no ]:nil, "id", ""); -- symbol button = nil; -- -- UI::WizardCommand(`SetCurrentStep( current_id ) ); -- -- if ( current_id == "subdomain") { -- //button = displaySubdomainConfig(); -- button = displayAppArmorConfig(); -- } -- -- -- -- return button; -- --} -- --integer current_step = 0; --symbol button = displayPage( current_step ); -- --/* Finish */ --y2milestone("AppArmor module finished"); --y2milestone("----------------------------------------"); -- --/* EOF */ --} -- ---- a/src/clients/subdomain_no_impl.ycp -+++ /dev/null -@@ -1,20 +0,0 @@ --/* ------------------------------------------------------------------ --* --* Copyright (C) 2002-2005 Novell/SUSE --* --* This program is free software; you can redistribute it and/or --* modify it under the terms of version 2 of the GNU General Public --* License published by the Free Software Foundation. --* -- ------------------------------------------------------------------*/ --{ --import "Popup"; --import "Wizard"; -- --//include "subdomain/prof-config.ycp"; -- --/* BEGIN - This is just temporary filler */ -- Popup::Message("This function is not implemented at this time"); -- symbol button = (`ok); -- return button; --} ---- /dev/null -+++ b/src/include/apparmor/Makefile.am -@@ -0,0 +1,19 @@ -+yncludedir = @yncludedir@/subdomain -+ -+ynclude_DATA = \ -+ apparmor_packages.ycp \ -+ apparmor_profile_check.ycp \ -+ apparmor_ycp_utils.ycp \ -+ capabilities.ycp \ -+ config_complain.ycp \ -+ helps.ycp \ -+ profile_dialogs.ycp \ -+ report_helptext.ycp \ -+ reporting_archived_dialogs.ycp \ -+ reporting_dialogues.ycp \ -+ reporting_utils.ycp \ -+ sd-config.ycp -+ -+EXTRA_DIST = \ -+ $(ynclude_DATA) -+ ---- /dev/null -+++ b/src/include/apparmor/aa-config.ycp -@@ -0,0 +1,415 @@ -+/* ------------------------------------------------------------------ -+* -+* Copyright (C) 2002-2005 Novell/SUSE -+* -+* This program is free software; you can redistribute it and/or -+* modify it under the terms of version 2 of the GNU General Public -+* License published by the Free Software Foundation. -+* -+ ------------------------------------------------------------------*/ -+{ -+include "subdomain/config_complain.ycp"; -+include "subdomain/helps.ycp"; -+include "subdomain/apparmor_ycp_utils.ycp"; -+textdomain "yast2-apparmor"; -+ -+import "Label"; -+ -+define boolean changeAppArmorState(boolean aaEnabled) { -+ -+ any error = nil; -+ string sdAction = ""; -+ -+ if (aaEnabled == true) { -+ sdAction = "subdomain:enable"; -+ } else { -+ sdAction = "subdomain:disable"; -+ } -+ -+ error = SCR::Execute(.sdconf, sdAction); -+ -+ if ( error != nil && is(error, string) ) { -+ -+ string errorMsg = (string) error; -+ string popError = _("This operation generated the following error. Please check your installation and AppArmor profile settings."); -+ Popup::Message( popError+ "\n[" + errorMsg + "]"); -+ aaEnabled = ! aaEnabled; -+ -+ } -+ -+ return aaEnabled; -+} -+ -+define void displayNotifyForm() { -+ -+ map settings = (map) SCR::Execute(.subdomain, "sd-notify-settings"); -+ -+ map terse = settings["terse"]:$[]; -+ map summary = settings["summary"]:$[]; -+ map verbose = settings["verbose"]:$[]; -+ -+ any t_freq = terse["terse_freq"]:0; -+ any s_freq = summary["summary_freq"]:0; -+ any v_freq = verbose["verbose_freq"]:0; -+ -+ boolean t_unknown = true; -+ any a_t_poop = (any) terse["terse_unknown"]:"1"; -+ string t_poop = tostring(a_t_poop); -+ if(t_poop == "0") { -+ t_unknown = false; -+ } -+ -+ boolean s_unknown = true; -+ any a_s_poop = terse["summary_unknown"]:"1"; -+ string s_poop = tostring(a_s_poop); -+ if(s_poop == "0") { -+ s_unknown = false; -+ } -+ -+ boolean v_unknown = true; -+ any a_v_poop = verbose["verbose_unknown"]:"1"; -+ string v_poop = tostring(a_v_poop); -+ if(v_poop == "0") { -+ v_unknown = false; -+ } -+ -+ list terse_items = [ -+ `item(`id(0), _("Disabled"), t_freq==0?true:false), -+ `item(`id(60), _("1 minute"), t_freq==60?true:false), -+ `item(`id(300), _("5 minutes"), t_freq==300?true:false), -+ `item(`id(600), _("10 minutes"), t_freq==600?true:false), -+ `item(`id(900), _("15 minutes"), t_freq==900?true:false), -+ `item(`id(1800), _("30 minutes"), t_freq==1800?true:false), -+ `item(`id(3600), _("1 hour"), t_freq==3600?true:false), -+ `item(`id(86400), _("1 day"), t_freq==86400?true:false), -+ `item(`id(604800), _("1 week"), t_freq==604800?true:false) -+ ]; -+ -+ list summary_items = [ -+ `item(`id(0), _("Disabled"), s_freq==0?true:false), -+ `item(`id(60), _("1 minute"), s_freq==60?true:false), -+ `item(`id(300), _("5 minutes"), s_freq==300?true:false), -+ `item(`id(600), _("10 minutes"), s_freq==600?true:false), -+ `item(`id(900), _("15 minutes"), s_freq==900?true:false), -+ `item(`id(1800), _("30 minutes"), s_freq==1800?true:false), -+ `item(`id(3600), _("1 hour"), s_freq==3600?true:false), -+ `item(`id(86400), _("1 day"), s_freq==86400?true:false), -+ `item(`id(604800), _("1 week"), s_freq==604800?true:false) -+ ]; -+ -+ list verbose_items = [ -+ `item(`id(0), _("Disabled"), v_freq==0?true:false), -+ `item(`id(60), _("1 minute"), v_freq==60?true:false), -+ `item(`id(300), _("5 minutes"), v_freq==300?true:false), -+ `item(`id(600), _("10 minutes"), v_freq==600?true:false), -+ `item(`id(900), _("15 minutes"), v_freq==900?true:false), -+ `item(`id(1800), _("30 minutes"), v_freq==1800?true:false), -+ `item(`id(3600), _("1 hour"), v_freq==3600?true:false), -+ `item(`id(86400), _("1 day"), v_freq==86400?true:false), -+ `item(`id(604800), _("1 week"), v_freq==604800?true:false) -+ ]; -+ -+ -+ term event_config = `HVCenter(`VBox(`opt(`vstretch), -+ `Frame( _("Security Event Notification"), -+ `HBox(`HSpacing(1), -+ `VBox(`opt(`vstretch), -+ `VSpacing(1), -+ `Frame( _("Terse Notification"), -+ `VBox(`opt(`vstretch), -+ `HBox( -+ `ComboBox(`id(`terse_freq), _("Frequency"), terse_items), -+ `TextEntry(`id(`terse_email), _("Email Address"), terse["terse_email"]:""), -+ `IntField(`id(`terse_level), _("Severity"), 0,10, terse["terse_level"]:0) -+ ), -+ `HBox( -+ `CheckBox( `id(`terse_unknown), _("Include Unknown Severity Events"), t_unknown) -+ ) -+ ) -+ ), -+ `VSpacing(1), -+ `Frame( _("Summary Notification"), -+ `VBox(`opt(`vstretch), -+ `HBox( -+ `ComboBox(`id(`summary_freq), _("Frequency"), summary_items), -+ `TextEntry(`id(`summary_email), _("Email Address"), summary["summary_email"]:""), -+ `IntField(`id(`summary_level), _("Severity"), 0,10, summary["summary_level"]:0) -+ ), -+ `HBox( -+ `CheckBox( `id(`summary_unknown), _("Include Unknown Severity Events"), s_unknown) -+ ) -+ ) -+ ), -+ `VSpacing(1), -+ `Frame( _("Verbose Notification"), -+ `VBox(`opt(`vstretch), -+ `HBox( -+ `ComboBox(`id(`verbose_freq), _("Frequency"), verbose_items), -+ `TextEntry(`id(`verbose_email), _("Email Address"), verbose["verbose_email"]:""), -+ `IntField(`id(`verbose_level), _("Severity"), 0,10, verbose["verbose_level"]:0) -+ ), -+ `HBox( -+ `CheckBox( `id(`verbose_unknown), _("Include Unknown Severity Events"), v_unknown) -+ ) -+ ) -+ ), -+ `VSpacing(1) -+ ), -+ `HSpacing(1) -+ ) -+ ) -+ ) -+ ); -+ -+ Wizard::CreateDialog(); -+ Wizard::SetContentsButtons(_("Security Event Notification"), event_config, helps["EventNotifyHelpText"]:"", Label::BackButton(), Label::OKButton()); -+ Wizard::DisableBackButton(); -+ -+ any ntInput = nil; -+ string notifyLabelValue = ""; -+ -+ while( true ) { -+ ntInput = UI::UserInput(); -+ -+ if (ntInput == `next) { -+ -+ map answers = $[ ]; -+ map set_notify = $[ ]; -+ map summary = $[ ]; -+ map verbose = $[ ]; -+ map terse = $[ ]; -+ -+ t_freq = UI::QueryWidget(`id(`terse_freq), `Value); -+ s_freq = UI::QueryWidget(`id(`summary_freq), `Value); -+ v_freq = UI::QueryWidget(`id(`verbose_freq), `Value); -+ -+ set_notify["sd-set-notify"] = "yes"; -+ terse["terse_freq"] = tostring(t_freq); -+ summary["summary_freq"] = tostring(s_freq); -+ verbose["verbose_freq"] = tostring(v_freq); -+ -+ if (t_freq != 0) { -+ -+ string t_email = (string) UI::QueryWidget(`id(`terse_email), `Value); -+ -+ if ( t_email == nil || t_email == "" ) { -+ Popup::Error( _("An email address is required for each selected notification method.") ); -+ continue; -+ } else if ( ! checkEmailAddress( t_email ) ) { -+ continue; -+ } -+ -+ terse["enable_terse"] = "yes"; -+ terse["terse_email"] = (string) UI::QueryWidget(`id(`terse_email), `Value); -+ terse["terse_level"] = (string) tostring(UI::QueryWidget(`id(`terse_level), `Value)); -+ -+ boolean t_unknown = (boolean) UI::QueryWidget(`id(`terse_unknown), `Value); -+ -+ if (t_unknown == true) { -+ terse["terse_unknown"] = "1"; -+ } else { -+ terse["terse_unknown"] = "0"; -+ } -+ -+ } else { -+ terse["enable_terse"] = "no"; -+ } -+ -+ if (s_freq != 0) { -+ -+ string s_email = (string) UI::QueryWidget(`id(`summary_email), `Value); -+ if ( s_email == nil || s_email == "" ) { -+ Popup::Error( _("An email address is required for each selected notification method.") ); -+ continue; -+ } else if ( ! checkEmailAddress(s_email) ) { -+ continue; -+ } -+ -+ summary["enable_summary"] = "yes"; -+ summary["summary_email"] = (string) UI::QueryWidget(`id(`summary_email), `Value); -+ summary["summary_level"] = (string) tostring(UI::QueryWidget(`id(`summary_level), `Value)); -+ -+ boolean s_unknown = (boolean) UI::QueryWidget(`id(`summary_unknown), `Value); -+ -+ if (s_unknown == true) { -+ summary["summary_unknown"] = "1"; -+ } else { -+ summary["summary_unknown"] = "0"; -+ } -+ -+ } else { -+ summary["enable_summary"] = "no"; -+ } -+ -+ if (v_freq != 0) { -+ string v_email = (string) UI::QueryWidget(`id(`verbose_email), `Value); -+ if ( v_email == nil || v_email == "" ) { -+ Popup::Error( _("An email address is required for each selected notification method.") ); -+ continue; -+ } else if (! checkEmailAddress(v_email) ) { -+ continue; -+ } -+ -+ verbose["enable_verbose"] = "yes"; -+ verbose["verbose_email"] = (string) UI::QueryWidget(`id(`verbose_email), `Value); -+ verbose["verbose_level"] = (string) tostring(UI::QueryWidget(`id(`verbose_level), `Value)); -+ -+ boolean v_unknown = (boolean) UI::QueryWidget(`id(`verbose_unknown), `Value); -+ -+ if (v_unknown == true) { -+ verbose["verbose_unknown"] = "1"; -+ } else { -+ verbose["verbose_unknown"] = "0"; -+ } -+ } else { -+ verbose["enable_verbose"] = "no"; -+ } -+ -+ answers["set_notify"] = set_notify; -+ answers["terse"] = terse; -+ answers["summary"] = summary; -+ answers["verbose"] = verbose; -+ -+ string result = (string) SCR::Execute(.sdconf, answers); -+ -+ if (result != "success") { -+ Popup::Error( _("Configuration failed for the following operations: ") + result); -+ } -+ -+ if ( t_freq != 0 || s_freq != 0 || v_freq != 0 ) { -+ notifyLabelValue = _("Notification is enabled"); -+ } else { -+ notifyLabelValue = _("Notification is disabled"); -+ } -+ } -+ -+ Wizard::CloseDialog(); -+ if ( (ntInput == `ok) || (ntInput == `next) ) { -+ UI::ChangeWidget( `id(`notifyLabel), `Value, notifyLabelValue ); -+ } -+ break; -+ } -+ -+} -+ -+define symbol displayAppArmorConfig () { -+ -+ // AppArmor Status -+ boolean aaEnabled = false; -+ boolean ntIsEnabled = false; -+ string subdomain = (string) SCR::Execute(.subdomain, "sd-status"); -+ string sdEnStr = _("AppArmor is disabled"); -+ -+ if (subdomain == "enabled") { -+ aaEnabled = true; -+ sdEnStr = _("AppArmor is enabled"); -+ } -+ -+ // Notification Status -+ string evnotify = (string) SCR::Execute(.subdomain, "sd-notify"); -+ string evEnStr = _("Notification is disabled"); -+ if (evnotify == "enabled") { -+ ntIsEnabled = true; -+ evEnStr = _("Notification is enabled"); -+ } else if (evnotify == "notinstalled") { -+ evnotify = "disabled"; -+ } -+ -+ /* Network dialog caption */ -+ string caption = _("AppArmor Configuration"); -+ string help = _("

    AppArmor Status
    This reports whether the AppArmor policy enforcement -+module is loaded and functioning.

    ") + -+ -+_("

    Security Event Notification
    Configure this tool if you want -+to be notified by email when access violations have occurred.

    ") + -+ -+_("

    Profile Modes
    Use this tool to change the way that AppArmor -+uses individual profiles.

    "); -+ -+ term contents = -+ `HVCenter( -+ `VBox( -+ `VSpacing(1), `HSpacing(2), -+ `HBox ( -+ `HSpacing( `opt(`hstretch), 2 ), -+ `VBox( -+ `Left(`CheckBox( `id(`aaState), `opt(`notify), _("&Enable AppArmor"), aaEnabled)), -+ `VSpacing(1), -+ -+ `Frame( `id(`aaEnableFrame), _("Configure AppArmor"), -+ `HBox ( -+ `HSpacing( `opt(`hstretch), 4 ), -+ `VBox( -+ `VSpacing(1), -+ `Frame ( _("Security Event Notification"), -+ `HBox( -+ `VSpacing(1), `HSpacing(1), -+ `HVCenter( `Label( `id(`notifyLabel), evEnStr )), -+ `PushButton( `id(`ntconf), _("C&onfigure")), -+ `VSpacing(1), `HSpacing(1) -+ ) -+ ), -+ `VSpacing(1), `HSpacing(20), -+ -+ `Frame ( _("Configure Profile Modes"), -+ `HBox( -+ `VSpacing(1), `HSpacing(1), -+ `Left(`HVCenter( `Label( `id(`modesLabel), " " + _("Set profile modes") ))), -+ `PushButton( `id(`modeconf), _("Co&nfigure") ), -+ `VSpacing(1), `HSpacing(1) -+ ) -+ ), -+ `VSpacing(1) -+ ), -+ `HSpacing( `opt(`hstretch), 4 ) -+ ))), -+ `HSpacing( `opt(`hstretch), 2 ) -+ )) -+ ); -+ -+ // May want to replace Wizard() with UI() -+ Wizard::CreateDialog(); -+ Wizard::SetTitleIcon("apparmor/control_panel"); -+ Wizard::SetContentsButtons(caption, contents, help, Label::BackButton(), _("&Done")); -+ Wizard::DisableBackButton(); -+ -+ UI::ChangeWidget(`id(`aaEnableFrame), `Enabled, aaEnabled); -+ -+ while( true ) { -+ -+ symbol ret = (symbol) UI::UserInput(); -+ -+ if ( ret == `abort || ret == `cancel || ret == `next) { -+ break; -+ } else if (ret == `aaState ) { -+ -+ // Set AppArmor state: enabled|disabled -+ boolean requestedAaState = (boolean) UI::QueryWidget(`id(`aaState), `Value); -+ -+ aaEnabled = changeAppArmorState(requestedAaState); -+ -+ // These will match if the update was successful -+ if ( aaEnabled == requestedAaState ) { -+ UI::ChangeWidget(`id(`aaEnableFrame), `Enabled, aaEnabled); -+ } -+ -+ } else if (ret == `ntconf ) { -+ displayNotifyForm(); -+ -+ } else if (ret == `modeconf ) { -+ -+ profileModeConfigForm(); -+ -+ //displayAppArmorConfig(); -+ -+ } else { -+ y2error("Unexpected return code: " + tostring(ret)); -+ } -+ } -+ -+ UI::CloseDialog(); -+ return nil; -+} -+ -+/* EOF */ -+} ---- /dev/null -+++ b/src/include/apparmor/apparmor_packages.ycp -@@ -0,0 +1,30 @@ -+/* -+ Copyright (C) 2006 Novell Inc. All Rights Reserved. -+ -+ This program is free software; you can redistribute it and/or -+ modify it under the terms of version 2 of the GNU General Public -+ License published by the Free Software Foundation. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program; if not, contact Novell, Inc. -+ -+ Written by Steve Beattie -+ */ -+ -+ /* This should probably be more intelligent and query the user once -+ * whether they want optional packages like apparmor-docs, libapparmor, -+ * apache2-mod-apparmor and * (eventually) pam-apparmor installed. */ -+ -+import "PackageSystem"; -+ -+list __needed_packages = -+ ["apparmor-parser", "apparmor-utils", "apparmor-profiles"]; -+ -+define boolean installAppArmorPackages () { -+ return PackageSystem::CheckAndInstallPackagesInteractive (__needed_packages); -+} ---- /dev/null -+++ b/src/include/apparmor/apparmor_profile_check.ycp -@@ -0,0 +1,52 @@ -+/* -+ Copyright (C) 2006 Novell Inc. All Rights Reserved. -+ -+ This program is free software; you can redistribute it and/or -+ modify it under the terms of version 2 of the GNU General Public -+ License published by the Free Software Foundation. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program; if not, contact Novell, Inc. -+ -+ */ -+ -+ -+import "Popup"; -+textdomain "yast2-apparmor"; -+ -+define boolean checkProfileSyntax () { -+ map args = $[]; -+ string errmsg = "
      "; -+ boolean syntax_ok = true; -+ -+ args["profile-syntax-check"] = "1"; -+ list errors = (list ) SCR::Execute (.subdomain, "profile-syntax-check" ); -+ foreach ( string error, errors, ``{ -+ syntax_ok = false; -+ errmsg = errmsg + "
    • " + error + "
      • "; -+ }); -+ errmsg = errmsg + "
    "; -+ if ( syntax_ok == false ) { -+ string headline = _("Errors found in AppArmor profiles"); -+ errmsg = _("

    These problems must be corrected before AppArmor can be \ -+started or the profile management tools can be used.

    ") -+ + "

    " + errmsg + "

    " -+ + _("

    You can find a description of AppArmor profile syntax by \ -+running ") -+ + "man apparmor.d

    " -+ + _("

    Comprehensive documentation about AppArmor is available in \ -+the Administration guide. This is available in the \ -+directory: ") -+ + "

    " -+ + "/usr/share/doc/manual/suselinux-manual_LANGUAGE. " -+ + _("

    Please refer to this for more detailed information about \ -+AppArmor

    "); -+ Popup::LongText( headline, `RichText(errmsg), 55, 15); -+ } -+ return( syntax_ok ); -+} ---- /dev/null -+++ b/src/include/apparmor/apparmor_ycp_utils.ycp -@@ -0,0 +1,679 @@ -+ -+/* -+ Copyright (C) 2007 Novell Inc. All Rights Reserved. -+ -+ This program is free software; you can redistribute it and/or -+ modify it under the terms of version 2 of the GNU General Public -+ License published by the Free Software Foundation. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program; if not, contact Novell, Inc. -+ -+ */ -+ -+ -+import "Label"; -+import "Popup"; -+import "AppArmorDialogs"; -+textdomain "yast2-apparmor"; -+ -+ map CMDS = $[ ]; -+ CMDS["CMD_ALLOW"] = _("&Allow"); -+ CMDS["CMD_DENY"] = _("&Deny"); -+ CMDS["CMD_ABORT"] = _("Abo&rt"); -+ CMDS["CMD_FINISHED"] = Label::FinishButton(); -+ CMDS["CMD_AUDIT_NEW"] = _("Audi&t"); -+ CMDS["CMD_AUDIT_OFF"] = _("Audi&t off"); -+ CMDS["CMD_AUDIT_FULL"] = _("Audit &All"); -+ CMDS["CMD_OTHER"] = _("&Opts"); -+ CMDS["CMD_USER_ON"] = _("&Owner permissions on"); -+ CMDS["CMD_USER_OFF"] = _("&Owner permissions off"); -+ CMDS["CMD_ix"] = _("&Inherit"); -+ CMDS["CMD_px"] = _("&Profile"); -+ CMDS["CMD_px_safe"] = _("&Profile Clean Exec"); -+ CMDS["CMD_cx"] = _("&Child"); -+ CMDS["CMD_cx_safe"] = _("&Child Clean Exec"); -+ CMDS["CMD_nx"] = _("&Name"); -+ CMDS["CMD_nx_safe"] = _("&Named Clean Exec"); -+ CMDS["CMD_ux"] = _("&Unconfined"); -+ CMDS["CMD_ux_safe"] = _("&Unconfined Clean Exec"); -+ CMDS["CMD_pix"] = _("&Profile ix"); -+ CMDS["CMD_pix_safe"] = _("&Profile ix Clean Exec"); -+ CMDS["CMD_cix"] = _("&Child ix"); -+ CMDS["CMD_cix_safe"] = _("&Child ix Cx Clean Exec"); -+ CMDS["CMD_nix"] = _("&Name ix"); -+ CMDS["CMD_nix_safe"] = _("&Name ix"); -+ CMDS["CMD_EXEC_IX_ON"] = _("i&x fallback on"); -+ CMDS["CMD_EXEC_IX_OFF"] = _("i&x fallback off"); -+ CMDS["CMD_CONTINUE"] = _("&Continue Profiling"); -+ CMDS["CMD_INHERIT"] = _("&Inherit"); -+ CMDS["CMD_PROFILE"] = _("&Profile"); -+ CMDS["CMD_UNCONFINED"] = _("&Unconfined"); -+ CMDS["CMD_NEW"] = _("&Edit"); -+ CMDS["CMD_GLOB"] = _("&Glob"); -+ CMDS["CMD_GLOBEXT"] = _("Glob w/E&xt"); -+ CMDS["CMD_ADDHAT"] = _("&Add Requested Hat"); -+ CMDS["CMD_USEDEFAULT"] = _("&Use Default Hat"); -+ CMDS["CMD_SCAN"] = _("&Scan system log for AppArmor events"); -+ CMDS["CMD_VIEW_PROFILE"] = _("&View Profile"); -+ CMDS["CMD_USE_PROFILE"] = _("&Use Profile"); -+ CMDS["CMD_CREATE_PROFILE"] = _("&Create New Profile"); -+ CMDS["CMD_UPDATE_PROFILE"] = _("&Update Profile"); -+ CMDS["CMD_IGNORE_UPDATE"] = _("&Ignore Update"); -+ CMDS["CMD_SAVE_CHANGES"] = _("&Save Changes"); -+ CMDS["CMD_UPLOAD_CHANGES"] = _("&Upload Changes"); -+ CMDS["CMD_VIEW_CHANGES"] = _("&View Changes"); -+ CMDS["CMD_ENABLE_REPO"] = _("&Enable Repository"); -+ CMDS["CMD_DISABLE_REPO"] = _("&Disable Repository"); -+ CMDS["CMD_ASK_NEVER"] = _("&Never Ask Again"); -+ CMDS["CMD_ASK_LATER"] = _("Ask Me &Later"); -+ CMDS["CMD_YES"] = Label::YesButton(); -+ CMDS["CMD_NO"] = Label::NoButton(); -+ -+ -+define boolean validEmailAddress ( string emailAddr, boolean allowlocal ) { -+ -+ integer emailAddrLength = size(emailAddr); -+ boolean isSafe = false; -+ -+ if ( allowlocal && regexpmatch( emailAddr, "^\/var\/mail\/\\w+$" )) { -+ isSafe = true; -+ } else if ((regexpmatch( emailAddr, "\\w+(-\\w+?)@\\w+" ) || -+ regexpmatch( emailAddr, "/^(\\w+\.?)+\\w+\@(\\w+\.?)+\\w+$" ) || -+ regexpmatch( emailAddr, "\\w+@\\w+" ) || -+ !regexpmatch( emailAddr, "..+" )) && -+ emailAddrLength < 129 ) { -+ isSafe = true; -+ } -+ return isSafe; -+} -+ -+define boolean checkEmailAddress( string emailAddr ) { -+ -+ if ( ! validEmailAddress( emailAddr, false ) ) { -+ string err_email_format = _("Email address format invalid.\nEmail address must be less than 129 characters \n and of the format \"name@domain\". \n Please enter another address."); -+ Popup::Error( err_email_format ); -+ return false; -+ } -+ return true; -+} -+ -+ -+/** UI_RepositorySignInDialog -+ * Dialog to allow users to signin or register with an external AppArmor -+ * profile repository -+ * -+ * @param agent_data - data from the backend -+ * [ repo_url - string ] -+ * @return answers - map that contains: -+ * [ newuser => 1|0 - registering a new user? ] -+ * [ user => username ] -+ * [ pass => password ] -+ * [ email => email address - if newuser = 1 ] -+ * [ save_config => true/false - save this information on ] -+ * [ the system ] -+ * -+ **/ -+define map UI_RepositorySignInDialog( map agent_data ) { -+ string repo_url = (string) agent_data["repo_url"]:"MISSING_REPO_URL"; -+ term dialog = -+ `VBox( -+ `VSpacing(1), -+ `Top(`Label(_("AppArmor Profile Repository Setup") + "\n" + repo_url)), -+ `VBox( -+ `ReplacePoint(`id(`replace), `Empty()) -+ ), -+ `VSpacing(1) -+ ); -+ -+ term signin_box = -+ `VBox( -+ `HBox( -+ `HSpacing(1), -+ `Frame(`id(`signin_frame), _("Sign in to the repository"), -+ `HBox( -+ `HSpacing(0.5), -+ `VBox( -+ `TextEntry(`id(`username), _("Username")), -+ `Password(`id(`password), Label::Password()), -+ `VSpacing(1), -+ `HBox( -+ `CheckBox(`id(`save_conf), `opt(`notify), -+ _("S&ave configuration")), -+ `HSpacing( 0.5), -+ `Left(`PushButton(`id(`signin_submit), -+ _("&Sign in"))), -+ `Right(`PushButton(`id(`signin_cancel), -+ Label::CancelButton())), -+ `HSpacing( 0.5) -+ ) -+ ), -+ `HSpacing(0.5) -+ ) -+ ), -+ `HSpacing(1) -+ ), -+ `VSpacing(1), -+ `PushButton(`id(`newuser), _("&Register new user...")) -+ ); -+ -+ term registration_box = -+ `VBox( -+ `HBox( -+ `HSpacing(1), -+ `Frame(`id(`register_frame), _("Register New User"), -+ `HBox( -+ `HSpacing(0.5), -+ `VBox( -+ `TextEntry(`id(`register_username), -+ _("Enter Username")), -+ `TextEntry(`id(`register_email), -+ _("Enter Email Address")), -+ `Password(`id(`register_password), -+ _("Enter Password")), -+ `Password(`id(`register_password2), -+ _("Verify Password")), -+ `VSpacing(1), -+ `HBox( -+ `HSpacing( 0.2), -+ `CheckBox(`id(`save_conf_new), `opt(`notify), -+ _("S&ave configuration")), -+ `Left(`PushButton(`id(`register_submit), -+ _("&Register"))), -+ `Right(`PushButton(`id(`register_cancel), -+ Label::CancelButton())), -+ `HSpacing( 0.2) -+ ) -+ ), -+ `HSpacing( 0.5) -+ ) -+ ), -+ `HSpacing(1) -+ ), -+ `VSpacing(1), -+ `PushButton(`id(`signin), _("&Sign in as existing user...")) -+ ); -+ -+ UI::OpenDialog(`opt(`decorated), dialog); -+ UI::ReplaceWidget(`replace, signin_box); -+ map answers = $[ ]; -+ any input = nil; -+ repeat { -+ input = UI::UserInput(); -+ if(input == `newreg) { -+ boolean new_registration = -+ (boolean) UI::QueryWidget(`id(`newreg), `Value); -+ if ( new_registration == true ) { -+ UI::ChangeWidget(`id(`register_frame), `Enabled, true); -+ UI::ChangeWidget(`id(`signin_frame), `Enabled, false); -+ } else { -+ UI::ChangeWidget(`id(`register_frame), `Enabled, false); -+ UI::ChangeWidget(`id(`signin_frame), `Enabled, true); -+ } -+ } else if(input == `newuser) { -+ UI::ReplaceWidget(`replace, registration_box); -+ UI::ChangeWidget(`id(`register_email), `InputMaxLength, 129); -+ } else if(input == `signin) { -+ UI::ReplaceWidget(`replace, signin_box); -+ UI::ChangeWidget(`id(`register_email), `InputMaxLength, 129); -+ } else if(input == `signin_cancel || input == `register_cancel) { -+ answers["answer"] = "cancel"; -+ } else if ( input == `signin_submit ) { -+ string username = (string) UI::QueryWidget(`id(`username), `Value); -+ string password = (string) UI::QueryWidget(`id(`password), `Value); -+ string save_config = -+ (boolean) UI::QueryWidget(`id(`save_conf), `Value) ? "y": "n"; -+ -+ if ( username == "" ) { -+ Popup::Error(_("Username is required")); -+ } else if ( password == "" ) { -+ Popup::Error(_("Password is required")); -+ } else { -+ y2milestone("APPARMOR : REPO - signon: \n\tusername [" + -+ username + -+ "]\n\tpassword [" + -+ password + "]"); -+ answers["newuser"] = "n"; -+ answers["user"] = username; -+ answers["pass"] = password; -+ answers["save_config"] = save_config; -+ input = `done; -+ } -+ } else if ( input == `register_submit ) { -+ string username = -+ (string) UI::QueryWidget( `id(`register_username), `Value); -+ string password = -+ (string) UI::QueryWidget( `id(`register_password), `Value); -+ string password_verify = -+ (string) UI::QueryWidget( `id(`register_password2), `Value); -+ string email = (string) UI::QueryWidget( `id(`register_email), -+ `Value ); -+ string save_config = -+ (boolean) UI::QueryWidget( `id(`save_conf_new), `Value ) -+ ? "y": "n"; -+ -+ if ( username == "" ) { -+ Popup::Error( _("Username required for registration." )); -+ } else if ( email == "" ) { -+ Popup::Error( _("Email address required for registration." )); -+ } else if ( password == "" && password_verify == "" ) { -+ Popup::Error( _("Password is required for registration." )); -+ } else if ( password != password_verify ) { -+ Popup::Error( _("Passwords do not match. Please re-enter." )); -+ } else if ( ! checkEmailAddress( email ) ) { -+ any dummy = nil; -+ } else { -+ y2milestone( -+ "APPARMOR : REPO - new registration: \n\tusername [" + -+ username + "]\n\tpassword [" + password + -+ "]\n\temail [" + email + "]\n\tsave config [" + -+ save_config + "]" ); -+ answers["newuser"] = "y"; -+ answers["pass"] = password; -+ answers["user"] = username; -+ answers["email"] = email; -+ answers["save_config"] = save_config; -+ input = `done; -+ } -+ } else { -+ y2milestone("APPARMOR : REPO - signon - no valid input[" + -+ tostring(input) + "]"); -+ } -+ } until ((input == `done) || -+ (input == `register_cancel) || -+ (input == `signin_cancel)); -+ if ( input != `done ) { -+ answers["cancelled"] = "y"; -+ } -+ UI::CloseDialog(); -+ return( answers ); -+} -+ -+ -+/** UI_RepositoryViewProfile -+ * Dialog to allow users to view a profile from the repository -+ * and display it in a small scrollable dialog -+ * -+ * @param agent_data - map data from the backend -+ * [ user => string ] -+ * [ profile => string contiaining profile contents ] -+ * [ profile_type => string INACTIVE_LOCAL|REPOSITORY ] -+ * -+ * @return void -+ * -+ **/ -+ -+define void UI_RepositoryViewProfile( map agent_data ) { -+ -+ string user = agent_data["user"]:"MISSING USER"; -+ string profile = agent_data["profile"]:"MISSING PROFILE"; -+ string type = agent_data["profile_type"]:"MISSING PROFILE"; -+ -+ string headline = ""; -+ if ( type == "INACTIVE_LOCAL" ) { -+ headline = _("Local inactive profile"); -+ } else if ( type == "REPOSITORY" ) { -+ headline = _("Profile created by user ") + user; -+ } else { -+ headline = _("Local profile"); -+ } -+ -+ -+ Popup::LongText ( headline, `RichText(`opt(`plainText), profile), 50, 20 ); -+} -+ -+ -+/** UI_LongMessage -+ * Basic message dialog that will scroll long text -+ * @param agent_data - map - data from backend -+ * [ headline - string ] -+ * [ message - string ] -+ * -+ * @return void -+ **/ -+ -+define void UI_LongMessage( map agent_data ) { -+ -+ any user = agent_data["user"]:nil; -+ string headline = agent_data["headline"]:"MISSING HEADLINE"; -+ string message = agent_data["message"]:"MISSING MESSAGE"; -+ -+ Popup::LongText(headline,`RichText(`opt(`plainText), message), 60, 40); -+ -+} -+ -+ -+/** UI_ShortMessage -+ * Basic message dialog - no scrollbars -+ * @param agent_data - map - data from backend -+ * [ headline - string ] -+ * [ message - string ] -+ * -+ * @return void -+ **/ -+ -+define void UI_ShortMessage( map agent_data ) { -+ -+ any user = agent_data["user"]:nil; -+ string headline = agent_data["headline"]:"MISSING HEADLINE"; -+ string message = agent_data["message"]:"MISSING MESSAGE"; -+ -+ Popup::AnyMessage(headline, message); -+ -+} -+ -+/** UI_ChangeLog_Dialog -+ * Takes a list of profiles and collects one or multiple changelog entries -+ * and returns them -+ * -+ * @param agent_data - data from the backend -+ * [ profiles - list of profile names ] -+ * -+ * @return results - map -+ * [ STATUS - string - ok/cancel ] -+ * [ SINGLE_CHANGELOG - string - set with changelog if user ] -+ * [ selects a single changelog ] -+ * -+ * [ profile 1 name - string - changelog 1 ] -+ * [ profile 2 name - string - changelog 2 ] -+ * ... -+ * [ profile n name - string - changelog n ] -+ * -+ **/ -+define map UI_ChangeLog_Dialog ( map agent_data ) { -+ map results = $[]; -+ string main_label = _("Enter a changelog for the changes for "); -+ string main_label_single = _(" the selected profiles"); -+ string checkbox_label = _("Individual changelogs per profile"); -+ list profiles = agent_data["profiles"]:[]; -+ -+ term dialog = `VBox( -+ `TextEntry(`id(`stringfield), main_label + "\n" + main_label_single), -+ `CheckBox(`id(`individual_changelogs), `opt(`notify), checkbox_label), -+ `VSpacing(0.5), -+ `HBox( -+ `HWeight(1, `PushButton(`id(`okay), -+ `opt(`default, -+ `key_F10), -+ Label::OKButton())), -+ `HSpacing(2), -+ `HWeight(1, `PushButton(`id(`cancel), `opt(`key_F9), Label::CancelButton())) -+ ) -+ ); -+ results["STATUS"] = "ok"; -+ boolean single_changelog = true; -+ foreach( string profile_name, profiles, { -+ UI::OpenDialog(dialog); -+ if ( !single_changelog ) { -+ UI::ChangeWidget(`id(`stringfield), -+ `Label, -+ main_label + "\n" + -+ profile_name); -+ UI::ChangeWidget(`id(`individual_changelogs), `Value, true); -+ } -+ UI::SetFocus(`id(`stringfield)); -+ any input = nil; -+ repeat { -+ input = UI::UserInput(); -+ if ( input == `cancel ) { -+ results["STATUS"] = "cancel"; -+ UI::CloseDialog(); -+ break; -+ } else if ( input == `okay ) { -+ if (((boolean) UI::QueryWidget(`id(`individual_changelogs), -+ `Value)) == false ) { -+ results["SINGLE_CHANGELOG"] = -+ (string) UI::QueryWidget(`id(`stringfield), `Value); -+ UI::CloseDialog(); -+ } else { -+ results[profile_name] = -+ (string) UI::QueryWidget(`id(`stringfield), `Value); -+ UI::CloseDialog(); -+ } -+ } else if ( input == `individual_changelogs ){ -+ if (((boolean) UI::QueryWidget(`id(`individual_changelogs), -+ `Value)) == true ) { -+ UI::ChangeWidget(`id(`stringfield), -+ `Label, -+ main_label + "\n" -+ + profile_name); -+ single_changelog = false; -+ } else { -+ UI::ChangeWidget(`id(`stringfield), -+ `Label, -+ main_label + "\n" -+ + main_label_single); -+ } -+ } -+ } until ( input == `okay || `input == `cancel ); -+ if ( single_changelog || input == `cancel ) { -+ break; -+ } -+ }); -+ return( results ); -+} -+ -+/** UI_MultiProfileSelectionDialog -+ * Two pane dialog with a multi-selection box on the left -+ * and a long text on the right. Allows a list of profiles -+ * or profile changes to be viewed and selected for further -+ * processing - for example uploading to the repository -+ * -+ * @param agent_data - map - data from backend -+ * [ title - string - explanation of the forms use ] -+ * [ get_changelog - string true/false - prompt user to ] -+ * [ supply changelogs ] -+ * [ never_ask_again - string true/false - add widget to let ] -+ * [ user select to never prompt again to ] -+ * [ upload unselected profiles to the ] -+ * [ repository ] -+ * [ default_select - string true/false - default value for ] -+ * [ profile selection ] -+ * [ profiles - map ] -+ * -+ * @return results - map -+ * [ STATUS - string - ok/cancel ] -+ * [ PROFILES - list[string] - list of selected profiles ] -+ * [ NEVER_ASK_AGAIN - string - true/false - mark unselected ] -+ * [ profiles as local only and don't prompt ] -+ * [ to upload ] -+ * [ CHANGELOG - map[string,string] - changelog data from ] -+ * [ UI_ChangeLog_Dialog() ] -+ * -+ **/ -+ -+define map UI_MultiProfileSelectionDialog( map agent_data ) { -+ string headline = agent_data["title"]:"MISSING TITLE"; -+ string explanation = agent_data["explanation"]:"MISSING EXPLANATION"; -+ boolean default_select = agent_data["default_select"]:false; -+ boolean get_changelog = agent_data["get_changelog"]:true; -+ boolean disable_ask_upload = agent_data["disable_ask_upload"]:false; -+ map profiles = agent_data["profiles"]:$[]; -+ map results = $[]; -+ -+ list profile_list = []; -+ foreach ( string profile_name, string profile_contents, -+ (map) profiles, { -+ profile_list = add( profile_list, `item( `id(profile_name), -+ profile_name, default_select) ); -+ }); -+ -+ term first_profile = (term) profile_list[0]:nil; -+ string first_profile_name = first_profile[1]:"MISSING PROFILE NAME"; -+ string profile_rules = -+ (string) profiles[first_profile_name]:"MISSING CONTENTS"; -+ string disable_ask_upload_str = -+ _("&Don't ask again for unselected profiles"); -+ map ui_capabilities = UI::GetDisplayInfo(); -+ boolean in_ncurses = ui_capabilities["TextMode"]:true;; -+ term profile_contents_text = nil; -+ term explanation_text = nil; -+ -+ if ( in_ncurses ) { -+ profile_contents_text = -+ `RichText( `id(`contents),`opt(`plainText), profile_rules); -+ } else { -+ profile_contents_text = -+ `VBox( -+ `VSpacing(1.25), -+ `RichText( `id(`contents),`opt(`plainText), profile_rules) -+ ); -+ } -+ term control_widgets = nil; -+ if ( disable_ask_upload == true ) { -+ control_widgets = -+ `VBox( -+ `CheckBox(`id(`disable_ask_upload), `opt(`notify), -+ disable_ask_upload_str), -+ `VSpacing(0.5), -+ `HBox( -+ `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))), -+ `HWeight( 50, `HCenter(`PushButton(`id(`cancel), -+ Label::CancelButton()))) -+ ) -+ ); -+ } else { -+ if ( in_ncurses ) { -+ control_widgets = -+ `HBox( -+ `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))), -+ `HWeight( 50, `HCenter(`PushButton(`id(`cancel), -+ Label::CancelButton()))) -+ ); -+ } else { -+ control_widgets = -+ `VBox( -+ `VSpacing(0.5), -+ `HBox( -+ `HWeight( 50, `HCenter(`PushButton(`id(`save), -+ Label::OKButton()))), -+ `HWeight( 50, `HCenter(`PushButton(`id(`cancel), -+ Label::CancelButton()))) -+ ) -+ ); -+ } -+ } -+ -+ UI::OpenDialog( -+ `VBox( -+ `VSpacing(0.1), -+ `VWeight( 15, `Top(`Label(`id(`explanation), explanation))), -+ `VSpacing(0.2), -+ `VWeight( 70, -+ `HBox( -+ `VSpacing( 1 ), -+ `HSpacing( 0.5 ), -+ `Frame( `id(`select_profiles), headline, -+ `HBox( -+ `HWeight( 40, `MinSize( 30, 15, -+ `MultiSelectionBox( `id(`profiles), -+ `opt(`notify), -+ _("Profiles"), -+ profile_list) ) -+ ), -+ `HWeight( 60, profile_contents_text ) -+ ) -+ ), -+ `HSpacing( 0.5 ) -+ ) -+ ), -+ `VSpacing( 0.2 ), -+ `VWeight( 15, control_widgets ), -+ `VSpacing( 0.2 ) -+ ) -+ ); -+ UI::ChangeWidget( `id(`profiles), `CurrentValue, first_profile_name ); -+ -+ map event2 = $[]; -+ any id2 = nil; -+ repeat -+ { -+ event2 = UI::WaitForEvent (); -+ id2 = event2["ID"]:nil; -+ if ( id2 == `profiles ) { -+ any itemid = UI::QueryWidget( `id(`profiles), `CurrentItem ); -+ string stritem = tostring( itemid ); -+ string contents = profiles[stritem]:"MISSING CONTENTS"; -+ UI::ChangeWidget( `id(`contents), `Value, contents ); -+ } -+ } until ( id2 == `save || id2 == `cancel ); -+ -+ list selected_profiles = []; -+ if (id2 == `save) { -+ list selected_items = -+ (list) UI::QueryWidget( `id(`profiles), `SelectedItems ); -+ integer profile_index = 0; -+ foreach ( any p_name, selected_items, { -+ selected_profiles[profile_index] = tostring( p_name ); -+ profile_index = profile_index + 1; -+ }); -+ results["STATUS"] = "ok"; -+ if (get_changelog == true) { -+ map changelog_results = -+ UI_ChangeLog_Dialog( $["profiles":selected_profiles] ); -+ if ( changelog_results["STATUS"]:"cancel" == "cancel" ) { -+ results["STATUS"] = "cancel"; -+ } else { -+ results["CHANGELOG"] = changelog_results; -+ results["PROFILES"] = selected_profiles; -+ } -+ } else { -+ results["PROFILES"] = selected_profiles; -+ } -+ if ( disable_ask_upload == true && -+ ((boolean) UI::QueryWidget( `id(`disable_ask_upload), `Value )) -+ == true ) { -+ results["NEVER_ASK_AGAIN"] = "true"; -+ } -+ } else if ( id2 == `cancel ) { -+ results["STATUS"] = "cancel"; -+ } -+ UI::CloseDialog(); -+ return results; -+} -+ -+/** Form_BusyFeedbackDialog -+ * -+ * @param agent_data - map - data from backend -+ * [ title - string - explanation of the forms use ] -+ * -+ * @return results - map -+ * [ STATUS - string - ok/cancel ] -+ * -+ **/ -+ -+define term Form_BusyFeedbackDialog( string message ) { -+ //`MinSize( 10, 4, `Image(`opt(`animated), movie, "animation" ), -+ //`Image(`opt(`animated), movie, "animation" ), -+ string movie = -+ "/usr/share/YaST2/theme/current/animations/ticks-endless.gif"; -+ term busy_dialog = -+ `HBox( -+ //`MinSize( 10, 4, `Image(`opt(`animated), movie, "animation" ) ), -+ `Image(`opt(`animated), movie, "animation" ), -+ `Label( message ) -+ ); -+ return busy_dialog; -+} -+ -+define void UI_BusyFeedbackStart( map agent_data ) { -+ string message = agent_data["message"]:"MISSING MESSAGE"; -+ if ( AppArmorDialogs::busy_dialog != nil ) { -+ UI::CloseDialog(); -+ } -+ AppArmorDialogs::busy_dialog = Form_BusyFeedbackDialog( message ); -+ UI::OpenDialog( AppArmorDialogs::busy_dialog); -+ return; -+} -+ -+define void UI_BusyFeedbackStop( ) { -+ if ( AppArmorDialogs::busy_dialog != nil ) { -+ UI::CloseDialog(); -+ AppArmorDialogs::busy_dialog = nil; -+ } -+} ---- /dev/null -+++ b/src/include/apparmor/capabilities.ycp -@@ -0,0 +1,310 @@ -+/* ------------------------------------------------------------------ -+* -+* Copyright (C) 2002-2005 Novell/SUSE -+* -+* This program is free software; you can redistribute it and/or -+* modify it under the terms of version 2 of the GNU General Public -+* License published by the Free Software Foundation. -+* -+ ------------------------------------------------------------------*/ -+// -+// YCP map containing definitons for Capabiltiies -+// -+{ -+ -+textdomain "yast2-apparmor"; -+ -+map capdefs = $[ -+"chown" : -+ $[ -+ "name" : "CAP_CHOWN", -+ "info" : _("
    • In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, -+this overrides the restriction of changing file ownership -+and group ownership.
    "), -+ -+ ], -+"dac_override" : -+ $[ -+ "name" : "CAP_DAC_OVERRIDE", -+ "info" : _("
    • Override all DAC access, including ACL execute access if -+[_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
    "), -+ -+ ], -+"dac_read_search" : -+ $[ -+ "name" : "CAP_DAC_READ_SEARCH", -+ "info" : _("
    • Overrides all DAC restrictions regarding read and search -+on files and directories, including ACL restrictions if [_POSIX_ACL] is defined. -+Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
    "), -+ -+ ], -+"fowner" : -+ $[ -+ "name" : "CAP_FOWNER", -+ "info" : _("
    • Overrides all restrictions about allowed operations on files, -+where file owner ID must be equal to the user ID, except where CAP_FSETID is -+applicable. It doesn't override MAC and DAC restrictions.
    "), -+ -+ ], -+"fsetid" : -+ $[ -+ "name" : "CAP_FSETID", -+ "info" : _("
    • Overrides the following restrictions that the effective user -+ID shall match the file owner ID when setting the S_ISUID and S_ISGID bits on that -+file; that the effective group ID (or one of the supplementary group IDs) shall match -+the file owner ID when setting the S_ISGID bit on that file; that the S_ISUID and -+S_ISGID bits are cleared on successful return from chown(2) (not implemented).
    "), -+ -+ ], -+"kill" : -+ $[ -+ "name" : "CAP_KILL", -+ "info" : _("
    • Overrides the restriction that the real or effective user ID -+of a process sending a signal must match the real or effective user ID of the process -+receiving the signal.
    "), -+ -+ ], -+"setgid" : -+ $[ -+ "name" : "CAP_SETGID", -+ "info" : _("
    • Allows setgid(2) manipulation
    • Allows setgroups(2)
      • -+
    • Allows forged gids on socket credentials passing.
    "), -+ -+ ], -+"setuid" : -+ $[ -+ "name" : "CAP_SETUID", -+ "info" : _("
    • Allows setuid(2) manipulation (including fsuid)
      • -+
    • Allows forged pids on socket credentials passing.
    "), -+ -+ ], -+"setpcap" : -+ $[ -+ "name" : "CAP_SETPCAP", -+ "info" : _("
    • Transfer any capability in your permitted set to any pid, -+remove any capability in your permitted set from any pid
    "), -+ -+ ], -+"linux_immutable" : -+ $[ -+ "name" : "CAP_LINUX_IMMUTABLE", -+ "info" : _("
    • Allows modification of S_IMMUTABLE and S_APPEND file attributes
    "), -+ -+ ], -+"net_bind_service" : -+ $[ -+ "name" : "CAP_NET_BIND_SERVICE", -+ "info" : _("
    • Allows binding to TCP/UDP sockets below 1024
      • -+
    • Allows binding to ATM VCIs below 32
    "), -+ -+ ], -+"net_broadcast" : -+ $[ -+ "name" : "CAP_NET_BROADCAST", -+ "info" : _("
    • Allows broadcasting, listen to multicast
    "), -+ -+ ], -+"net_admin" : -+ $[ -+ "name" : "CAP_NET_ADMIN", -+ "info" : _("
    • Allows interface configuration
      • -+
    • Allows administration of IP firewall, masquerading and accounting
      • -+
    • Allows setting debug option on sockets
      • -+
    • Allows modification of routing tables
      • ") + -+ -+_("
    • Allows setting arbitrary process / process group ownership on sockets
      • -+
    • Allows binding to any address for transparent proxying
      • -+
    • Allows setting TOS (type of service)
      • -+
    • Allows setting promiscuous mode
      • -+
    • Allows clearing driver statistics
      • ") + -+ -+_("
    • Allows multicasting
      • -+
    • Allows read/write of device-specific registers
      • -+
    • Allows activation of ATM control sockets
      • -+
    "), -+ -+ ], -+"net_raw" : -+ $[ -+ "name" : "CAP_NET_RAW", -+ "info" : _("
    • Allows use of RAW sockets
      • -+
    • Allows use of PACKET sockets
    "), -+ -+ ], -+"ipc_lock" : -+ $[ -+ "name" : "CAP_IPC_LOCK", -+ "info" : _("
    • Allows locking of shared memory segments
      • -+
    • Allows mlock and mlockall (which doesn't really have anything to do with IPC)
    "), -+ -+ ], -+"ipc_owner" : -+ $[ -+ "name" : "CAP_IPC_OWNER", -+ "info" : _("
    • Override IPC ownership checks
    "), -+ -+ ], -+"sys_module" : -+ $[ -+ "name" : "CAP_SYS_MODULE", -+ "info" : _("
    • Insert and remove kernel modules - modify kernel without limit
      • -+
    • Modify cap_bset
    "), -+ -+ ], -+"sys_rawio" : -+ $[ -+ "name" : "CAP_SYS_RAWIO", -+ "info" : _("
    • Allows ioperm/iopl access
      • -+
    • Allows sending USB messages to any device via /proc/bus/usb
    "), -+ -+ ], -+"sys_chroot" : -+ $[ -+ "name" : "CAP_SYS_CHROOT", -+ "info" : _("
    • Allows use of chroot()
    "), -+ -+ ], -+"sys_ptrace" : -+ $[ -+ "name" : "CAP_SYS_PTRACE", -+ "info" : _("
    • Allows ptrace() of any process
    "), -+ -+ ], -+"sys_pacct" : -+ $[ -+ "name" : "CAP_SYS_PACCT", -+ "info" : _("
    • Allows configuration of process accounting
    "), -+ -+ ], -+"sys_admin" : -+ $[ -+ "name" : "CAP_SYS_ADMIN", -+ "info" : _("
    • Allows configuration of the secure attention key
      • -+
    • Allows administration of the random device
      • -+
    • Allows examination and configuration of disk quotas
      • -+
    • Allows configuring the kernel's syslog (printk behaviour)
      • ") + -+ -+_("
    • Allows setting the domain name
      • -+
    • Allows setting the hostname
      • -+
    • Allows calling bdflush()
      • -+
    • Allows mount() and umount(), setting up new smb connection
      • -+
    • Allows some autofs root ioctls
      • ") + -+ -+_("
    • Allows nfsservctl
      • -+
    • Allows VM86_REQUEST_IRQ
      • -+
    • Allows to read/write pci config on alpha
      • -+
    • Allows irix_prctl on mips (setstacksize)
      • -+
    • Allows flushing all cache on m68k (sys_cacheflush)
      • ") + -+ -+_("
    • Allows removing semaphores
      • -+
    • Used instead of CAP_CHOWN to \"chown\" IPC message queues, semaphores and shared memory
      • -+
    • Allows locking/unlocking of shared memory segment
      • -+
    • Allows turning swap on/off
      • -+
    • Allows forged pids on socket credentials passing
      • ") + -+ -+_("
    • Allows setting read ahead and flushing buffers on block devices
      • -+
    • Allows setting geometry in floppy driver
      • -+
    • Allows turning DMA on/off in xd driver
      • -+
    • Allows administration of md devices (mostly the above, but some extra ioctls)
      • ") + -+ -+_("
    • Allows tuning the ide driver
      • -+
    • Allows access to the nvram device
      • -+
    • Allows administration of apm_bios, serial and bttv (TV) device
      • -+
    • Allows manufacturer commands in isdn CAPI support driver
      • ") + -+ -+_("
    • Allows reading non-standardized portions of pci configuration space
      • -+
    • Allows DDI debug ioctl on sbpcd driver
      • -+
    • Allows setting up serial ports
      • -+
    • Allows sending raw qic-117 commands
      • ") + -+ -+_("
    • Allows enabling/disabling tagged queuing on SCSI controllers -+ and sending arbitrary SCSI commands
      • -+
    • Allows setting encryption key on loopback filesystem
    "), -+ -+ ], -+"sys_boot" : -+ $[ -+ "name" : "CAP_SYS_BOOT", -+ "info" : _("
    • Allows use of reboot()
    "), -+ -+ ], -+"sys_nice" : -+ $[ -+ "name" : "CAP_SYS_NICE", -+ "info" : _("
    • Allows raising priority and setting priority on other (different UID) processes
      • -+
    • Allows use of FIFO and round-robin (realtime) scheduling on own processes and setting -+the scheduling algorithm used by another process.
      • -+
    • Allows setting cpu affinity on other processes
    "), -+ ], -+"sys_resource" : -+ $[ -+ "name" : "CAP_SYS_RESOURCE", -+ "info" : _("
    • Override resource limits. Set resource limits.
      • -+
    • Override quota limits.
      • -+
    • Override reserved space on ext2 filesystem
      • -+
    • Modify data journaling mode on ext3 filesystem (uses journaling resources)
      • ") + -+ -+_("
    • NOTE: ext2 honors fsuid when checking for resource overrides, so you can override using fsuid too
      • -+
    • Override size restrictions on IPC message queues
      • -+
    • Allows more than 64hz interrupts from the real-time clock
      • -+
    • Override max number of consoles on console allocation
      • -+
    • Override max number of keymaps
    "), -+ ], -+"sys_time" : -+ $[ -+ "name" : "CAP_SYS_TIME", -+ "info" : _("
    • Allows manipulation of system clock
      • -+
    • Allows irix_stime on mips
      • -+
    • Allows setting the real-time clock
    "), -+ ], -+"sys_tty_config" : -+ $[ -+ "name" : "CAP_SYS_TTY_CONFIG", -+ "info" : _("
    • Allows configuration of tty devices
      • -+
    • Allows vhangup() of tty
    "), -+ ], -+"mknod" : -+ $[ -+ "name" : "CAP_MKNOD", -+ "info" : _("
    • Allows the privileged aspects of mknod()
    "), -+ ], -+"lease" : -+ $[ -+ "name" : "CAP_LEASE", -+ "info" : _("
    • Allows taking of leases on files
    "), -+ ], -+]; -+ -+ -+map linnametolp = $[ -+"CAP_CHOWN" : "chown", -+"CAP_DAC_OVERRIDE" : "dac_override", -+"CAP_DAC_READ_SEARCH" : "dac_read_search", -+"CAP_FOWNER" : "fowner", -+"CAP_FSETID" : "fsetid", -+"CAP_KILL" : "kill", -+"CAP_SETGID" : "setgid", -+"CAP_SETUID" : "setuid", -+"CAP_SETPCAP" : "setpcap", -+"CAP_LINUX_IMMUTABLE" : "linux_immutable", -+"CAP_NET_BIND_SERVICE" : "net_bind_service", -+"CAP_NET_BROADCAST" : "net_broadcast", -+"CAP_NET_ADMIN" : "net_admin", -+"CAP_NET_RAW" : "net_raw", -+"CAP_IPC_LOCK" : "ipc_lock", -+"CAP_IPC_OWNER" : "ipc_owner", -+"CAP_SYS_MODULE" : "sys_module", -+"CAP_SYS_RAWIO" : "sys_rawio", -+"CAP_SYS_CHROOT" : "sys_chroot", -+"CAP_SYS_PTRACE" : "sys_ptrace", -+"CAP_SYS_PACCT" : "sys_pacct", -+"CAP_SYS_ADMIN" : "sys_admin", -+"CAP_SYS_BOOT" : "sys_boot", -+"CAP_SYS_NICE" : "sys_nice", -+"CAP_SYS_RESOURCE" : "sys_resource", -+"CAP_SYS_TIME" : "sys_time", -+"CAP_SYS_TTY_CONFIG" : "sys_tty_config", -+"CAP_MKNOD" : "mknod", -+"CAP_LEASE" : "lease", -+]; -+} ---- /dev/null -+++ b/src/include/apparmor/config_complain.ycp -@@ -0,0 +1,227 @@ -+/* ------------------------------------------------------------------ -+* -+* Copyright (C) 2002-2005 Novell/SUSE -+* -+* This program is free software; you can redistribute it and/or -+* modify it under the terms of version 2 of the GNU General Public -+* License published by the Free Software Foundation. -+* -+ ------------------------------------------------------------------*/ -+ -+{ -+textdomain "yast2-apparmor"; -+ -+import "Label"; -+ -+string modeHelp = _("

    Profile Mode Configuration
    This tool allows -+you to set AppArmor profiles to either complain or enforce mode.

    ") + -+ -+_("

    Complain mode is a profile training state that logs application -+activity. All the violations of the AppArmor profile rules are logged -+(into /var/log/audit/audit.log file), but still permitted, so -+that application's behavior is not restricted.

    ") + -+ -+_("

    With the profile in enforce mode, application is protected by -+AppArmor. The profile rules are enforced and their violation is logged, -+but not permitted (e.g. an application cannot access files, unless it is -+permitted to do so by the profile).

    "); -+ -+boolean showAll = false; // Button for showing active or all profiles -+ -+define void updateComplain(any id, string profile, string mode, boolean showAll) { -+ -+ boolean error = false; -+ map profCmd = $[ ]; -+ -+ if (id == `allEnforce || id == `allComplain) { -+ profCmd["all"] = "1"; -+ } else if ( profile != "" ) { -+ profCmd["profile"] = profile; -+ } else { -+ Popup::Error( _("Couldn't recognize profile name: ") + profile ); -+ return; -+ } -+ -+ if ( id == `toggle && mode != "" ) { -+ // Reverse modes for toggling -+ if ( mode == "enforce" ) { -+ profCmd["mode"] = "complain"; -+ } else if (mode == "complain") { -+ profCmd["mode"] = "enforce"; -+ } else { -+ error = true; -+ Popup::Error( _("Couldn't recognize mode: ") + mode ); -+ } -+ } else if ( id != `toggle ) { -+ profCmd["mode"] = mode; -+ } -+ -+ if ( showAll == true ) { -+ profCmd["showall"] = "1"; -+ } else { -+ profCmd["showall"] = "0"; -+ } -+ -+ SCR::Write(.complain, profCmd); -+ -+ return; -+} -+ -+define list getRecordList(boolean showAll) { -+ -+ map Settings = $[ ]; -+ Settings["list"] = "1"; -+ -+ if ( showAll == true ) { -+ Settings["showall"] = "1"; -+ } else { -+ Settings["showall"] = "0"; -+ } -+ -+ list recList = []; -+ integer key = 1; -+ -+ // restarts ag_complain agent if necessary -+ list db = nil; -+ while ( db == nil ) { -+ db = (list ) SCR::Read (.complain, Settings); -+ } -+ -+ foreach ( map record, db, { -+ recList = add( recList, `item( `id(key), record["name"]:nil, record["mode"]:nil )); -+ key = key + 1; -+ }); -+ -+ return recList; -+} -+ -+define term getProfModeForm(list recList, boolean showAll ) { -+ -+ term allBtn = `PushButton(`id(`showAll), _("Show All Profiles") ); -+ string allText = _("Configure Mode for Active Profiles"); -+ -+ if ( showAll && showAll == true ) { -+ allBtn = `PushButton(`id(`showAct), _("Show Active Profiles") ); -+ allText = _("Configure Mode for All Profiles"); -+ } -+ -+ term modeForm = -+ -+ `Frame( `id(`changeMode), allText, -+ //`Frame( `id(`changeMode), _("Configure Profile Mode"), -+ `VBox( -+ `VSpacing(2), -+ `HBox( -+ `VSpacing(10), -+ `Table(`id(`table), `opt(`notify), `header(_("Profile Name"), _("Mode")), recList) -+ ), -+ `VSpacing(0.5), -+ `HBox( -+ allBtn, -+ `PushButton(`id(`toggle), _("Toggle Mode") ), -+ `PushButton(`id(`allEnforce), _("Set All to Enforce") ), -+ `PushButton(`id(`allComplain), _("Set All to Complain") ) -+ )) -+ ); -+ -+ return modeForm; -+} -+ -+define term updateModeConfigForm(boolean showAll) { -+ -+ list recList = getRecordList(showAll); -+ term newModeForm = getProfModeForm(recList, showAll); -+ -+ return newModeForm; -+} -+ -+// Profile Mode Configuration -- Sets Complain and Enforce Behavior -+define symbol profileModeConfigForm() { -+ -+ list recList = getRecordList(showAll); -+ term modeForm = getProfModeForm(recList, showAll); -+ Wizard::CreateDialog(); -+ Wizard::SetContentsButtons( _("Profile Mode Configuration"), modeForm, modeHelp, Label::BackButton(), _("&Done") ); -+ -+ map event = $[]; -+ any id = nil; -+ boolean modified = false; -+ -+ while( true ) { -+ -+ event = UI::WaitForEvent(); -+ -+ id = event["ID"]:nil; // We'll need this often - cache it -+ string profile = nil; -+ string mode = nil; -+ -+ if ( id == `abort || id == `cancel || id == `back ) { -+ break; -+ -+ } else if ( id == `next ) { -+ integer ret = -1; -+ if ( modified ) -+ ret = (integer) SCR::Execute (.target.bash, "/sbin/rcsubdomain reload > /dev/null 2>&1"); -+ else { -+ y2milestone("No change to Apparmor profile modes - nothing to do."); -+ break; -+ } -+ if ( ret == 0) -+ y2milestone("Apparmor profiles reloaded succesfully."); -+ else -+ y2error("Reloading Apparmor profiles failed with exit code %1", ret); -+ -+ break; -+ } else if ( id == `showAll ) { -+ -+ showAll = true; -+ Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") ); -+ continue; -+ -+ } else if ( id == `showAct ) { -+ -+ showAll = false; -+ Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") ); -+ continue; -+ -+ } else if ( id == `toggle) { -+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -+ profile = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); -+ mode = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 2, ""); -+ -+ updateComplain(id, profile, mode, showAll); -+ modified = true; -+ Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") ); -+ continue; -+ -+ } else if ( id == `allEnforce || id == `allComplain) { -+ -+ profile = ""; -+ -+ if ( id == `allEnforce ) { -+ mode = "enforce"; -+ } else { -+ mode = "complain"; -+ } -+ -+ updateComplain(id, profile, mode, showAll); -+ modified = true; -+ Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") ); -+ continue; -+ -+ } else if ( id == `table ) { -+ -+ Popup::Message( _("Please select an action to perform from the buttons below.") ); -+ -+ } else { -+ y2error("Unexpected return code: %1", id); -+ break; -+ } -+ } -+ -+ Wizard::CloseDialog(); // new -+ return (symbol) id; -+} -+ -+/* EOF */ -+} ---- /dev/null -+++ b/src/include/apparmor/helps.ycp -@@ -0,0 +1,219 @@ -+/* ------------------------------------------------------------------ -+* -+* Copyright (C) 2002-2005 Novell/SUSE -+* -+* This program is free software; you can redistribute it and/or -+* modify it under the terms of version 2 of the GNU General Public -+* License published by the Free Software Foundation. -+* -+ ------------------------------------------------------------------*/ -+ -+{ -+ -+textdomain "yast2-apparmor"; -+ -+/* START Help Section -+************************************************************/ -+map helps = $[ -+ "EventNotifyHelpText" : -+ _("

    The Security Event Notification screen enables you to setup email -+alerts for security events. In the following steps, specify how often -+alerts are sent, who receives the alert, and how severe the security -+event must be to send an alert.

    ") + -+ -+ _("

    Notification Types
    Terse Notification: -+Terse notification summarizes the total number of system events without -+providing details.
    For example:
    dhcp-101.up.wirex.com has -+had 10 security events since Tue Oct 12 11:10:00 2004

    ") + -+ -+ _("

    Summary Notification: The Summary notification displays -+the logged AppArmor security events, and lists the number of -+individual occurrences, including the date of the last occurrence. -+
    For example:
    SubDomain: PERMITTING access to capability -+'setgid' (httpd2-prefork(6347) profile /usr/sbin/httpd2-prefork -+active /usr/sbin/httpd2-prefork) 2 times, the latest at Sat Oct 9 16:05:54 2004. -+

    ") + -+ -+ _("

    Verbose Notification: The Verbose notification displays -+unmodified, logged AppArmor security events. It tells you every time -+an event occurs and writes a new line in the Verbose log. These -+security events include the date and time the event occurred, when -+the application profile permits access as well as rejects access, -+and the type of file permission access that is permitted or rejected.

    ") + -+ -+ _("

    Verbose Notification also reports several messages that -+the logprof tool uses to interpret profiles.
    For example:
    -+ Oct 9 15:40:31 SubDomain: PERMITTING r access to -+/etc/apache2/httpd.conf (httpd2-prefork(6068) profile -+/usr/sbin/httpd2-prefork active /usr/sbin/httpd2-prefork)

    ") + -+ -+ "
      " + _("
    1. For each notification type that you would like -+enabled, select the frequency of notification that you would -+like. For example, if you select 1 day from the -+pull-down list, you will be sent daily notifications of -+security events, if they occur.
      2. ") + -+ -+ _("
    2. Enter the email address of those who should receive -+the Terse, Summary, or Verbose notifications.If there is no local -+SMTP server configured to distribute e-mails from this host to the -+domain you entered, enter for example @localhost -+and enable to receive system mail, if it is not -+a root user.
      3. ") + -+ -+ _("
    3. Select the lowest severity level for which a notification -+should be sent. Security events will be logged and the notifications -+will be sent at the time indicated by the interval when events are -+equal or greater than the selected severity level. If the interval -+is 1 day, the notification will be sent daily, if security events -+occur.") + -+ -+ _("Severity Levels: These are numbered 1 through 10, -+10 being the most severe security incident. The severity.db -+file defines the severity level of potential security events. -+The severity levels are determined by the importance of -+different security events, such as certain resources accessed -+or services denied.
      4. ") + -+ -+ _("
    4. Select Include unknown security events if -+you would like to include events that are not rated with a severity number.
      5. ") + -+ "
    ", -+// ---------------------------- -+ "profileWizard" : -+ _("AppArmor Profiling Wizard
    ") + -+ _("This wizard presents entries generated by the AppArmor access control module. -+You can generate highly optimized and robust security profiles -+by using the suggestions made by AppArmor.") + -+ -+ _("AppArmor suggests that you allow or deny access to specific resources -+or define execute permission for entries. Questions -+that display were logged during the normal application -+execution test previously performed.
    ") + -+ -+ _("The following help text describes the detail of the security profile -+syntax used by AppArmor.

    At any stage, you may -+customize the profile entry by changing the suggested response. -+This overview will assist you in your options. Refer to the -+Novell AppArmor Administration Guide for step-by-step -+instructions.

    ") + -+ -+ _("Access Modes
    ") + -+ _("File permission access modes consists of combinations of the following six modes:") + -+ -+ "
      " + -+ _("
    • r - read
      • ") + -+ _("
    • w - write
      • ") + -+ _("
    • m - mmap PROT_EXEC
      • ") + -+ _("
    • px - discrete profile execute
      • ") + -+ _("
    • ux - unconfined execute
      • ") + -+ _("
    • ix - inherit execute
      • ") + -+ _("
    • l - link
      • ") + "
    " + -+ -+ _("Details for Access Modes") + -+ "

    " + -+ -+ _("Read mode
    ") + -+ _("Allows the program to have read access to the -+resource. Read access is required for shell scripts -+and other interpreted content, and determines if an -+executing process can core dump or be attached to with -+ptrace(2). (ptrace(2) is used by utilities such as -+strace(1), ltrace(1), and gdb(1).)") + -+ "

    " + -+ -+ _("Write mode
    ") + -+ _("Allows the program to have write access to the -+resource. Files must have this permission if they are -+to be unlinked (removed.)") + -+ "

    " + -+ -+ _("Mmap PROT_EXEC mode
    ") + -+ _("Allows the program to call mmap with PROT_EXEC on the -+resource.") + -+ "

    " + -+ -+ _("Unconfined execute mode
    ") + -+ _("Allows the program to execute the resource without any -+AppArmor profile being applied to the executed -+resource. Requires listing execute mode as well. -+Incompatible with Inherit and Discrete Profile execute -+entries.") + -+ "

    " + -+ -+ _("This mode is useful when a confined program needs to -+be able to perform a privileged operation, such as -+rebooting the machine. By placing the privileged section -+in another executable and granting unconfined -+execution rights, it is possible to bypass the mandatory -+constraints imposed on all confined processes. -+For more information on what is constrained, see the -+subdomain(7) man page.") + -+ "

    " + -+ -+ _("Discrete Profile execute mode
    ") + -+ _("This mode requires that a discrete security profile is -+defined for a resource executed at a AppArmor domain -+transition. If there is no profile defined then the -+access will be denied. Incompatible with Inherit and -+Unconstrained execute entries.") + -+ "

    " + -+ -+ _("Link mode
    ") + -+ _("Allows the program to be able to create and remove a -+link with this name (including symlinks). When a link -+is created, the file that is being linked to MUST have -+the same access permissions as the link being created -+(with the exception that the destination does not have -+to have link access.) Link access is required for -+unlinking a file.") + -+ "

    " + -+ -+ _("Globbing") + -+ "

    " + -+ _("File resources may be specified with a globbing syntax -+similar to that used by popular shells, such as csh(1), -+bash(1), zsh(1).") + -+ "
    " + -+ -+ "
      " + -+ _("
    • * can substitute for any number of characters, except '/'
    • ") + -+ _("
    • ** can substitute for any number of characters, including '/'
      • ") + -+ _("
    • ? can substitute for any single character except '/'
      • ") + -+ _("
    • [abc] will substitute for the single character a, b, or c
      • ") + -+ _("
    • [a-c] will substitute for the single character a, b, or c
      • ") + -+ _("
    • {ab,cd} will expand to one rule to match ab, one rule to match cd
      • ") + -+ "
    " + -+ -+ _("Clean Exec - for sanitized execution") + -+ "

    " + -+ _("The Clean Exec option for the discrete profile and unconstrained -+execute permissions provide added security by stripping the -+environment that is inherited by the child program of specific -+variables. You will be prompted to choose whether you want to sanitize the -+environment if you choose 'p' or 'u' during the profiling process. -+The variables are:") + -+ -+ "
      " + -+ "
    • GCONV_PATH
      • " + -+ "
    • GETCONF_DIR
      • " + -+ "
    • HOSTALIASES
      • " + -+ "
    • LD_AUDIT
      • " + -+ "
    • LD_DEBUG
      • " + -+ "
    • LD_DEBUG_OUTPUT
      • " + -+ "
    • LD_DYNAMIC_WEAK
      • " + -+ "
    • LD_LIBRARY_PATH
      • " + -+ "
    • LD_ORIGIN_PATH
      • " + -+ "
    • LD_PRELOAD
      • " + -+ "
    • LD_PROFILE
      • " + -+ "
    • LD_SHOW_AUXV
      • " + -+ "
    • LD_USE_LOAD_BIAS
      • " + -+ "
    • LOCALDOMAIN
      • " + -+ "
    • LOCPATH
      • " + -+ "
    • MALLOC_TRACE
      • " + -+ "
    • NLSPATH
      • " + -+ "
    • RESOLV_HOST_CONF
      • " + -+ "
    • RES_OPTION
      • " + -+ "
    • TMPDIR
      • " + -+ "
    • TZDIR
    ", -+ -+ ]; -+} ---- /dev/null -+++ b/src/include/apparmor/profile_dialogs.ycp -@@ -0,0 +1,1147 @@ -+/* ------------------------------------------------------------------ -+* -+* Copyright (C) 2002-2005 Novell/SUSE -+* -+* This program is free software; you can redistribute it and/or -+* modify it under the terms of version 2 of the GNU General Public -+* License published by the Free Software Foundation. -+* -+ ------------------------------------------------------------------*/ -+{ -+import "Wizard"; -+import "Popup"; -+import "Label"; -+import "Map"; -+include "subdomain/capabilities.ycp"; -+textdomain "yast2-apparmor"; -+ -+// Globalz -+integer timeout_millisec = 20 * 1000; -+map Settings = $[ -+ "CURRENT_PROFILE" : "" -+]; -+ -+ -+define map capabilityEntryPopup( map capmap, -+ string linuxcapname, -+ string profile ) { -+ map results = $[]; -+ string lpname = linnametolp[linuxcapname]:""; -+ map cdef = capdefs[lpname]:nil; -+ list caplist = []; -+ boolean capbool = false; -+ foreach( string clname, string clpname, (map) linnametolp, { -+ if ( capmap[clpname]:nil != nil) capbool = true; -+ caplist = add( caplist, `item( `id(clname), clname, capbool) ); -+ capbool = false; -+ }); -+ string info = (string) cdef["info"]:_("Capability Selection. -+
    Select desired capabilities for this profile. -+Select a Capability name to see information about the capability."); -+ string frametitle = " " + _("Capabilities enabled for the profile") + " " + profile + " "; -+ UI::OpenDialog( -+ `VBox( -+ `HSpacing( 75 ), -+ `VSpacing( `opt(`hstretch), 1 ), -+ `HBox( -+ `VSpacing( 20 ), -+ `HSpacing( 0.5 ), -+ `Frame( frametitle, -+ `HBox( -+ `HWeight( 30, -+ `MultiSelectionBox( `id(`caps), `opt(`notify), _("Capabilities"), caplist) -+ ), -+ `HWeight( 60, `RichText( `id(`captext), info) ) -+ ) -+ ), -+ `HSpacing( 0.05 ) -+ ), -+ `VSpacing( 0.5 ), -+ `HBox( -+ `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))), -+ `HWeight( 50, `HCenter(`PushButton(`id(`cancel), Label::CancelButton()))) -+ ), -+ `VSpacing( `opt(`hstretch), 0.5 ) -+ ) -+ ); -+ -+ if ( linuxcapname != "" ) { -+ UI::ChangeWidget( `id(`caps), `CurrentItem, linuxcapname ); -+ } -+ -+ map event2 = $[]; -+ any id2 = nil; -+ repeat -+ { -+ event2 = UI::WaitForEvent( timeout_millisec ); -+ id2 = event2["ID"]:nil; // We'll need this often - cache it -+ if ( id2 == `caps ) { -+ any itemid = UI::QueryWidget( `id(`caps), `CurrentItem ); -+ list selecteditems = (list) UI::QueryWidget( `id(`caps), `SelectedItems ); -+ string stritem = tostring( itemid ); -+ string capindex = linnametolp[stritem]:""; -+ map cdf = capdefs[capindex]:nil; -+ string cdfi = cdf["info"]:""; -+ UI::ChangeWidget( `id(`captext), `Value, cdfi ); -+ } -+ } until ( id2 == `save || id2 == `cancel ); -+ -+ map newcapmap = $[]; -+ if ( id2 == `save ) { -+ list selectedcaps = (list) UI::QueryWidget( `id(`caps), `SelectedItems ); -+ string s = ""; -+ foreach( any cpname, selectedcaps, { -+ s = linnametolp[tostring(cpname)]:""; -+ newcapmap = add( newcapmap, s, $["audit":0, "set":1]); -+ }); -+ } -+ UI::CloseDialog(); -+ if ( id2 == `cancel ) { -+ return capmap; -+ } -+ return newcapmap; -+} -+ -+ -+define string networkEntryPopup( string rule ) { -+ integer listnum = 0; -+ list netlist = splitstring( rule, " " ); -+ integer netrulesize = size( netlist ); -+ string family = ""; -+ string sockettype = ""; -+ if ( netrulesize == 1 ) { -+ family = "All"; -+ } else if ( netrulesize == 2 ) { -+ family = netlist[1]:""; -+ } else if ( netrulesize == 3 ) { -+ family = netlist[1]:""; -+ sockettype = netlist[2]:""; -+ } -+ -+ list famList = [ -+ `item( `id( `allfam ), _("All") ), -+ `item( `id( `inet ), "inet" ), -+ `item( `id( `inet6 ), "inet6" ), -+ `item( `id( `ax25 ), "ax25" ), -+ `item( `id( `ipx ), "ipx" ), -+ `item( `id( `appletalk ), "appletalk" ), -+ `item( `id( `netrom ), "netrom" ), -+ `item( `id( `bridge ), "bridge" ), -+ `item( `id( `atmpvc ), "atmpvc" ), -+ `item( `id( `x25 ), "x25" ), -+ `item( `id( `rose ), "rose" ), -+ `item( `id( `netbeui ), "netbeui" ), -+ `item( `id( `security ), "security" ), -+ `item( `id( `key ), "key" ), -+ `item( `id( `packet ), "packet" ), -+ `item( `id( `ash ), "ash" ), -+ `item( `id( `econet ), "econet" ), -+ `item( `id( `atmsvc ), "atmsvc" ), -+ `item( `id( `sna ), "sna" ), -+ `item( `id( `irda ), "irda" ), -+ `item( `id( `ppox ), "pppox" ), -+ `item( `id( `wanpipe ), "wanpipe" ), -+ `item( `id( `bluetooth ), "bluetooth" ), -+ ]; -+ -+ list typeList = [ -+ `item( `id( `alltype ), _("All") ), -+ `item( `id( `stream ), "stream" ), -+ `item( `id( `dgram ), "dgram" ), -+ `item( `id( `seqpacket ), "seqpacket" ), -+ `item( `id( `rdm ), "rdm" ), -+ `item( `id( `raw ), "raw" ), -+ `item( `id( `packet ), "packet" ), -+ `item( `id( `dccp ), "dccp" ), -+ ]; -+ -+ map results = $[]; -+ -+ UI::OpenDialog( -+ `VBox( -+ `VSpacing( 1 ), -+ `HBox( -+ `HCenter( `ComboBox( `id(`famItems), -+ `opt(`notify), -+ _("Network Family"), -+ famList -+ ) -+ ), -+ `HSpacing(`opt(`hstretch), 0.2), -+ `HCenter( `ComboBox( `id(`typeItems), -+ `opt(`notify), -+ _("Socket Type"), -+ typeList -+ ) -+ ) -+ ), -+ `VSpacing(1), -+ `HBox( -+ `HCenter(`PushButton(`id(`cancel), Label::CancelButton())), -+ `HCenter(`PushButton(`id(`save), Label::SaveButton())) -+ ), -+ `VSpacing(0.5) -+ ) -+ ); -+ -+ if ( rule == "" || family == "All" ) { -+ UI::ChangeWidget( `famItems, `Value, `allfam ); -+ UI::ChangeWidget( `typeItems, `Value, `alltype ); -+ UI::ChangeWidget( `typeItems, `Enabled, false ); -+ } else { -+ if ( family != "" ) { -+ UI::ChangeWidget( `famItems, `Value, symbolof(toterm(family)) ); -+ } -+ if ( sockettype != "" ) { -+ UI::ChangeWidget( `typeItems, `Value, symbolof(toterm(sockettype)) ); -+ } -+ } -+ map event2 = $[]; -+ any id2 = nil; // We'll need this often - cache it -+ repeat -+ { -+ event2 = UI::WaitForEvent( timeout_millisec ); -+ id2 = event2["ID"]:nil; // We'll need this often - cache it -+ if ( id2 == `famItems ) { -+ if ( UI::QueryWidget( `famItems, `Value ) == `allfam ) { -+ UI::ChangeWidget( `typeItems, `Value, `alltype ); -+ UI::ChangeWidget( `typeItems, `Enabled, false ); -+ } else { -+ UI::ChangeWidget( `typeItems, `Enabled, true ); -+ } -+ } -+ } until ( id2 == `save || id2 == `cancel ); -+ if ( id2 == `save ) { -+ rule = "network"; -+ symbol famselection = (symbol) UI::QueryWidget( `famItems, `Value ); -+ symbol typeselection = (symbol) UI::QueryWidget( `typeItems, `Value ); -+ if ( famselection != `allfam ) { -+ rule = rule + " " + substring( tostring(famselection), 1); -+ if ( typeselection != `alltype ) { -+ rule = rule + " " + substring( tostring(typeselection), 1); -+ } -+ } -+ } else { -+ rule = ""; -+ } -+ UI::CloseDialog(); -+ return rule; -+} -+ -+ -+// -+// Popup the Edit Profile Entry dialog -+// return a map containing PERM and FILE -+// for the updated permissions and filename -+// for the profile entry -+// -+ -+define map pathEntryPopup( string filename, string perms, string profile, string filetype ) { -+ map results = $[]; -+ UI::OpenDialog( -+ `VBox( -+ `VSpacing( `opt(`hstretch), 1 ), -+ `HSpacing( 45 ), -+ `HBox( -+ `VSpacing( 10 ), -+ `HSpacing( 0.75 ), -+ `Frame( _("Profile Entry For ") + profile, -+ `HBox( -+ `HWeight( 60, -+ `VBox( -+ `TextEntry(`id(`filename), _("Enter or modify Filename")), -+ `HCenter(`PushButton(`id(`browse), _("&Browse") )) -+ ) -+ ), -+ `HWeight( 40, -+ `MultiSelectionBox( `id(`perms), `opt(`notify), _("Permissions"), -+ [ `item( `id(`read), _("Read"), issubstring(perms, "r")), -+ `item( `id(`write), _("Write"), issubstring(perms, "w")), -+ `item( `id(`link), _("Link"), issubstring(perms, "l")), -+ `item( `id(`append), _("Append"), issubstring(perms, "a")), -+ `item( `id(`lock), _("Lock"), issubstring(perms, "k")), -+ `item( `id(`mmap), _("MMap PROT_EXEC"), issubstring(perms, "m")), -+ `item( `id(`execute), _("Execute"), issubstring(perms, "x")), -+ `item( `id(`inherit), _("Inherit"), issubstring(perms, "i")), -+ `item( `id(`profile), _("Profile"), issubstring(perms, "p")), -+ `item( `id(`clean_profile), _("Profile Clean Exec"), issubstring(perms, "P")), -+ `item( `id(`unconstrained), _("Unconstrained"), issubstring(perms, "u")), -+ `item( `id(`clean_unconstrained), _("Unconstrained Clean Exec"), issubstring(perms, "U")) -+ ] -+ ) -+ ) -+ ) -+ ), -+ `HSpacing( 0.75 ) -+ ), -+ `VSpacing( 0.5 ), -+ `HBox( -+ `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))), -+ `HWeight( 50, `HCenter(`PushButton(`id(`cancel), Label::CancelButton()))) -+ ), -+ `VSpacing( `opt(`hstretch), 0.5 ) -+ ) -+ ); -+ UI::ChangeWidget(`id(`filename), `Value, filename); -+ map event2 = $[]; -+ any id2 = nil; // We'll need this often - cache it -+ repeat -+ { -+ event2 = UI::WaitForEvent( timeout_millisec ); -+ id2 = event2["ID"]:nil; // We'll need this often - cache it -+ -+ // -+ // Something clicked in the 'perms list -+ // -+ if ( id2 == `perms ) { -+ any itemid = UI::QueryWidget( `id(`perms), `CurrentItem ); -+ list selecteditems = (list) UI::QueryWidget( `id(`perms), `SelectedItems ); -+ if ( itemid == `execute ) { -+ // -+ // If we turn off Execute bit then also -+ // turn off execute modifiers -+ // -+ if ( contains( selecteditems, `execute ) == false ) { -+ if ( contains( selecteditems, `inherit )) { -+ selecteditems = filter (any k, selecteditems, { return (k != `inherit); }); -+ UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); -+ } -+ if ( contains( selecteditems, `profile )) { -+ selecteditems = filter (any k, selecteditems, { return (k != `profile); }); -+ UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); -+ } -+ if ( contains( selecteditems, `unconstrained )) { -+ selecteditems = filter (any k, selecteditems, { return (k != `unconstrained); }); -+ UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); -+ } -+ if ( contains( selecteditems, `clean_unconstrained )) { -+ selecteditems = filter (any k, selecteditems, { return (k != `clean_unconstrained); }); -+ UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); -+ } -+ if ( contains( selecteditems, `clean_profile )) { -+ selecteditems = filter (any k, selecteditems, { return (k != `clean_profile); }); -+ UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); -+ } -+ } else if (!( contains( selecteditems, `inherit ) || -+ contains( selecteditems, `unconstrained ) || -+ contains( selecteditems, `clean_unconstrained ) || -+ contains( selecteditems, `clean_profile ) || -+ contains( selecteditems, `profile )) -+ ) { -+ //if you just select X alone then by default you get P -+ selecteditems = prepend( selecteditems, `profile); -+ UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); -+ } -+ } -+ -+ // -+ // Execute modifier is selected -+ // -- if Execute is NOT ON then turn Execute ON -+ // -- ensure that only one modifier is selected. -+ // -+ if (( contains( selecteditems, `inherit ) || -+ contains( selecteditems, `clean_unconstrained ) || -+ contains( selecteditems, `clean_profile ) || -+ contains( selecteditems, `unconstrained ) || -+ contains( selecteditems, `profile )) ) { -+ if ( contains( selecteditems, `execute ) == false ) { -+ selecteditems = prepend( selecteditems, `execute); -+ UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); -+ } else if ( itemid == `profile ) { -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `inherit); }); -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `clean_unconstrained); }); -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `clean_profile); }); -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `unconstrained); }); -+ UI::ChangeWidget( `id(`perms), -+ `SelectedItems, -+ selecteditems ); -+ } else if ( itemid == `inherit ) { -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `profile); }); -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `unconstrained); }); -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `clean_unconstrained); }); -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `clean_profile); }); -+ UI::ChangeWidget( `id(`perms), -+ `SelectedItems, -+ selecteditems ); -+ } else if ( itemid == `unconstrained ) { -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `profile); }); -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `inherit); }); -+ selecteditems = -+ filter (any k, -+ selecteditems, -+ { return (k != `clean_unconstrained); }); -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `clean_profile); }); -+ UI::ChangeWidget( `id(`perms), -+ `SelectedItems, -+ selecteditems ); -+ } else if ( itemid == `clean_unconstrained ) { -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `profile); }); -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `inherit); }); -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `unconstrained); }); -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `clean_profile); }); -+ UI::ChangeWidget( `id(`perms), -+ `SelectedItems, -+ selecteditems ); -+ } else if ( itemid == `clean_profile ) { -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `profile); }); -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `inherit); }); -+ selecteditems = -+ filter (any k, -+ selecteditems, -+ { return (k != `clean_unconstrained); }); -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `unconstrained); }); -+ UI::ChangeWidget( `id(`perms), -+ `SelectedItems, -+ selecteditems ); -+ } -+ } else if ( contains( selecteditems, `execute) ) { -+ selecteditems = filter (any k, -+ selecteditems, -+ { return (k != `execute); }); -+ UI::ChangeWidget( `id(`perms), -+ `SelectedItems, -+ selecteditems ); -+ } -+ } -+ // -+ // Popup a dialog to let a user browse for a file -+ // -+ if ( id2 == `browse ) { -+ string selectfilename = ""; -+ if ( filetype == "dir" ) { -+ selectfilename = UI::AskForExistingDirectory( "/", _("Select Directory")); -+ } else { -+ selectfilename = UI::AskForExistingFile( "/", "", _("Select File")); -+ } -+ if ( selectfilename != nil ) { -+ UI::ChangeWidget(`id(`filename), `Value, selectfilename); -+ } -+ } -+ } until ( id2 == `save || id2 == `cancel ); -+ -+ if ( id2 == `cancel ) { -+ UI::CloseDialog(); -+ return nil; -+ } -+ -+ // -+ // Update table values -+ // -+ if ( id2 == `save ) { -+ list selectedbits = (list) UI::QueryWidget( `id(`perms), `SelectedItems ); -+ string newperms = ""; -+ if ( contains( selectedbits, `write ) ) { -+ newperms = newperms + "w" ; -+ } -+ if ( contains(selectedbits, `mmap ) ) { -+ newperms = newperms + "m" ; -+ } -+ if ( contains(selectedbits, `read ) ) { -+ newperms = newperms + "r" ; -+ } -+ if ( contains(selectedbits, `link ) ) { -+ newperms = newperms + "l" ; -+ } -+ if ( contains(selectedbits, `lock ) ) { -+ newperms = newperms + "k" ; -+ } -+ if ( contains(selectedbits, `append ) ) { -+ newperms = newperms + "a" ; -+ } -+ if ( contains(selectedbits, `execute) ) { -+ if ( contains(selectedbits, `profile) ) { -+ newperms = newperms + "p" ; -+ } else if ( contains(selectedbits, `inherit) ) { -+ newperms = newperms + "i" ; -+ } else if ( contains(selectedbits, `unconstrained) ) { -+ newperms = newperms + "u" ; -+ } else if ( contains(selectedbits, `clean_unconstrained) ) { -+ newperms = newperms + "U" ; -+ } else if ( contains(selectedbits, `clean_profile) ) { -+ newperms = newperms + "P" ; -+ } -+ newperms = newperms + "x" ; -+ } -+ filename = tostring( UI::QueryWidget(`id(`filename), `Value) ); -+ UI::CloseDialog(); -+ if ( filename == "" || newperms == "" ) { -+ Popup::Error(_("Entry will not added. Entry name or permissions not defined.")); -+ results = nil; -+ } else { -+ results = $[ "PERM": newperms, "FILE": filename ]; -+ } -+ } -+ return results; -+} -+ -+define map fileEntryPopup( string filename, string perms, string profile ) { -+ return (map) pathEntryPopup( filename, perms, profile, "file" ); -+} -+ -+define map dirEntryPopup( string filename, string perms, string profile ) { -+ return (map) pathEntryPopup( filename, perms, profile, "dir" ); -+} -+ -+ -+define map deleteNetworkRule( map netRules, string rule ) { -+ map audit = netRules["audit"]:$[]; -+ map rules = netRules["rule"]:$[]; -+ list netlist = splitstring( rule, " " ); -+ integer netrulesize = size( netlist ); -+ string family = ""; -+ string sockettype = ""; -+ -+ if ( netrulesize == 1 ) { -+ audit = $[]; -+ rules = $[]; -+ } else if ( netrulesize == 2 ) { -+ family = netlist[1]:""; -+ audit = remove( audit, family ); -+ rules = remove( rules, family ); -+ } else if ( netrulesize == 3 ) { -+ family = netlist[1]:""; -+ sockettype = netlist[2]:""; -+ map a = audit[family]:$[]; -+ map r = rules[family]:$[]; -+ a = remove(a, sockettype); -+ r = remove(r, sockettype); -+ audit[family] = a; -+ rules[family] = r; -+ /*any fam = netRules[family]:nil; -+ if ( is( fam, map ) ) { -+ fam = remove( ((map) fam), sockettype ); -+ netRules[family] = fam; -+ } else { -+ y2warning("deleteNetworkRule: deleting non-existing rule: " + -+ rule); -+ }*/ -+ } -+ return $["audit" : audit, "rule" : rules]; -+} -+ -+define map addNetworkRule( map netRules, string rule ) { -+ map audit = netRules["audit"]:$[]; -+ map rules = netRules["rule"]:$[]; -+ list netlist = splitstring( rule, " " ); -+ integer netrulesize = size( netlist ); -+ string family = ""; -+ string sockettype = ""; -+ -+ if ( netrulesize == 1 ) { -+ return ( $["audit" : $["all":1], "rule" : $["all" :1] ] ); -+ } -+ else{ -+ if (haskey(audit, "all") && haskey(rules, "all")) { -+ audit = remove(audit, "all"); -+ rules = remove(rules, "all"); -+ } -+ -+ if ( netrulesize == 2 ) { -+ family = netlist[1]:""; -+ audit[family] = 0; -+ rules[family] = 1; -+ } else if ( netrulesize == 3 ) { -+ family = netlist[1]:""; -+ sockettype = netlist[2]:""; -+ audit[family] = add(audit[family]:$[], sockettype,0); -+ rules[family] = add(rules[family]:$[], sockettype,1); -+ } -+ /*any any_fam = netRules[family]:nil; -+ map fam = nil; -+ if ( is( any_fam, map ) ) { -+ fam = (map) any_fam; -+ } -+ if ( fam == nil ) { -+ fam = $[]; -+ } -+ fam[sockettype] = "1"; -+ netRules[family] = fam;*/ -+ } -+ return $[ "audit": audit, "rule": rules]; -+} -+ -+define map editNetworkRule( map netRules, string old, string new ) { -+ netRules = deleteNetworkRule( netRules, old ); -+ netRules = addNetworkRule( netRules, new ); -+ return( netRules ); -+} -+ -+// -+// generateTableContents - generate the list that is used in the table to display the profile -+// -+ -+define list generateTableContents( map paths, map network, map caps, map includes, map hats ) { -+ list newlist = []; -+ -+ integer indx = 0; -+ -+ foreach( string hatname, any hat, (map) hats, { -+ newlist = add( newlist, `item( `id(indx), "[+] ^"+ hatname, "")); -+ indx = indx+1; }); -+ -+ foreach( string incname, integer incval, (map) includes, { -+ newlist = add( newlist, `item( `id(indx), "#include " +incname, "")); -+ indx = indx+1; }); -+ -+ foreach( string capname, map capval, (map) caps, { -+ map capdef = capdefs[capname]:nil; -+ newlist = add( newlist, `item( `id(indx), capdef["name"]:"", "")); -+ indx = indx+1; }); -+ -+ foreach( string name, map val, (map) paths, { -+ string mode = (string) SCR::Execute(.subdomain_profiles.mode_to_string, val["mode"]:0); -+ newlist = add( newlist, `item( `id(indx), name, mode)); -+ indx = indx+1; }); -+ -+ map rules = network["rule"]:$[]; -+ foreach( string family, any any_fam, (map) rules, { -+ if ( is( any_fam, map ) ) { -+ foreach( string socktype, any any_type, (map) any_fam, { -+ newlist = add( newlist, -+ `item( `id(indx), -+ "network " + family + " " + socktype, -+ "" -+ ) -+ ); -+ indx = indx+1; -+ }); -+ } else { -+ // Check for all network -+ if ( family == "all" ) { -+ newlist = add( newlist, -+ `item( `id(indx), -+ "network", -+ "" -+ ) -+ ); -+ indx = indx+1; -+ } else { -+ newlist = add( newlist, -+ `item( `id(indx), -+ "network " + family, -+ "" -+ ) -+ ); -+ indx = indx+1; -+ } -+ } -+ }); -+ return newlist; -+} -+ -+ -+define map collectHats(map profile, string pathname ) { -+ map hats = $[]; -+ y2debug("collecting hats for " + pathname); -+ if( profile != nil){ -+ foreach( string resname, any resource, (map) profile, { -+ if ( resname != pathname ) { -+ map hat = tomap(resource); -+ if ( hat != nil ) { -+ y2debug("HAT " + resname); -+ hats = add(hats, resname, resource); -+ } -+ } -+ }); -+ } -+ return hats; -+} -+ -+ -+// -+// Prompts the user for a hatname -+// Side-Effect: sets Settings["CURRENT_HAT"] -+// returns true (hat entered) -+// false (user aborted) -+// -+define boolean newHatNamePopup(string parentProfile, map currentHats ) { -+ -+term intro = `VBox( -+ `Top( -+ `VBox( -+ `VSpacing(1), -+ `Left(`Label( _("Please enter the name of the Hat that you would like \nto add to the profile") + " " + parentProfile + ".")), -+ `VSpacing(0.5), -+ `Left( -+ `TextEntry( -+ `id(`hatname), -+ _("&Hat name to add"), -+ "" -+ ) -+ ), -+ `VSpacing(`opt(`vstretch), 0.25) -+ ) -+ ), -+ `HBox( -+ `HSpacing(`opt(`hstretch), 0.1), -+ `HCenter(`PushButton(`id(`create), _("&Create Hat"))), -+ `HCenter(`PushButton(`id(`abort), Label::AbortButton())), -+ `HSpacing(`opt(`hstretch), 0.1), -+ `VSpacing(1) -+ ) -+ ); -+ -+ UI::OpenDialog(intro); -+ UI::SetFocus(`id(`hatname)); -+ while (true) { -+ any input = Wizard::UserInput(); -+ if(input == `create) { -+ string hatname = (string) UI::QueryWidget(`id(`hatname), `Value); -+ // Check for no application entry in the dialog -+ if ( hatname == "" ) { -+ Popup::Error(_("You have not given a name for the hat you want to add.\nPlease -+enter a hat name to create a new hat, or press Abort to cancel this wizard.")); -+ } else if ( haskey( currentHats, hatname ) ) { -+ Popup::Error(_("The profile already contains the provided hat name. -+Please enter a different name to try again, or press Abort to cancel this wizard.")); -+ } else { -+ Settings["CURRENT_HAT"] = hatname; -+ UI::CloseDialog(); -+ return true; -+ } -+ } else { -+ UI::CloseDialog(); -+ return false; -+ } -+ } -+} -+ -+define symbol DisplayProfileForm(string pathname, boolean hat) { -+ map profile_map = (map) Settings["PROFILE_MAP"]:$[]; -+ map profile = (map) profile_map[pathname]:$[]; -+ map hats = $[]; -+ if ( !hat ) { -+ hats = collectHats( profile_map, pathname ); -+ } -+ map paths = (map) profile["allow","path"]:$[]; -+ map caps = (map) profile["allow","capability"]:$[]; -+ map includes = (map) profile["include"]:$[]; -+ map netdomain = (map) profile["allow", "netdomain"]:$[]; -+ list profilelist = generateTableContents( paths, -+ netdomain, -+ caps, -+ includes, -+ hats ); -+ -+ -+ // FIXME: format these texts better -+ -+ /* help text */ -+ string help1 = _("

    In this form you can view and modify the contents of an individual profile. -+For existing entries you can double click the permissions to access a modification dialog.

    "); -+ -+ /* help text */ -+ string help2 = _("

    Permission Definitions:
    r - read
    -+w -write
    l - link
    m - mmap PROT_EXEC
    k - file locking
    -+a - file append
    x - execute
    i - inherit
    p - discrete profile
    -+P - discrete profile
    (*clean exec)
    u - unconstrained
    -+U -unconstrained
    (*clean exec)

    "); -+ -+ /* help text */ -+ string help3 = _("

    Add Entry:
    Select the type of resource to add from the drop down list.

    "); -+ -+ /* help text - part x1 */ -+ string help4 = _("

    • File
      Add a file entry to this profile
      • "); -+ /* help text - part x2 */ -+ string help5 = _("
    • Directory
      Add a directory entry to this profile
      • "); -+ /* help text - part x3 */ -+ string help6 = _("
    • Capability
      Add a capability entry to this profile
      • "); -+ /* help text - part x4 */ -+ string help7 = _("
    • Include
      Add an include entry to this profile. This option -+includes the profile entry contents of another file in this profile at load time.
      • "); -+ /* help text - part x5 */ -+ string help_net = _("
    • Network Entry
      Add a network rule entry to this profile. -+This option will allow you to specify network access privileges for the profile. -+You may specify a network address family and socket type.
      • "); -+ /* help text - part x6 */ -+ string helpHat = _("
    • Hat
      Add a sub-profile for this profile - called a Hat. -+This option is analogous to manually creating a new profile, which can selected -+during execution only in the context of being asked for by a changehat aware -+application. For more information on changehat please see man changehat on your -+system or the Novell AppArmor Administration Guide.
      • "); -+ /* help text - part x7 */ -+ string helpEdit = _("

    Edit Entry:
    Edit the selected entry.

    "); -+ -+ /* help text */ -+ string help8 = _("

    Delete Entry:
    Removes the selected entry from this profile.

    "); -+ -+ /* help text - part y1 */ -+ string help9 = _("

    *Clean Exec
    The Clean Exec option for the discrete profile -+and unconstrained execute permissions provide added security by stripping the environment -+that is inherited by the child program of specific variables. These variables are:"); -+ /* help text - part y2 */ -+ string help10 = "

    • GCONV_PATH
    • GETCONF_DIR
    • HOSTALIASES
    • LD_AUDIT
    • LD_DEBUG
    • LD_DEBUG_OUTPUT
    • LD_DYNAMIC_WEAK
    • LD_LIBRARY_PATH
    • LD_ORIGIN_PATH
    • LD_PRELOAD
    • LD_PROFILE
    • LD_SHOW_AUXV
    • LD_USE_LOAD_BIAS
    • LOCALDOMAIN
    • LOCPATH
    • MALLOC_TRACE
    • NLSPATH
    • RESOLV_HOST_CONF
    • RES_OPTION
    • TMPDIR
    • TZDIR

    "; -+ -+ -+ integer listnum = 0; -+ list itemList = [ `item( `id( `file ), _("&File") ), -+ `item( `id( `net ), _("Network &Rule") ), -+ `item( `id( `dir ), _("&Directory") ), -+ `item( `id( `cap ), _("&Capability") ), -+ `item( `id( `include ), _("&Include File") ), -+ ]; -+ -+ -+ string mainLabel = ""; -+ -+ if ( hat ) { -+ mainLabel = _("AppArmor profile ") + Settings["CURRENT_PROFILE"]:"" + "^" + pathname; -+ } else { -+ itemList = add(itemList,`item( `id( `hat ), _("&Hat") )); -+ mainLabel = _("AppArmor profile for ") + pathname ; -+ } -+ // Define the widget contents -+ // for the Wizard -+ term contents_main_profile_form = -+ `VBox( -+ `Label(mainLabel), -+ `HBox( -+ `VSpacing(10), -+ `Table(`id(`table), `opt(`notify, `immediate ), `header(_("File Name"), _("Permissions")), profilelist) -+ ), -+ `VSpacing(0.5), -+ `HBox( -+ `HSpacing(`opt(`hstretch), 0.1), -+ `HCenter( `MenuButton(`id(`addMenu), _("Add Entry"), itemList)), -+ `HCenter(`PushButton(`id(`edit), _("&Edit Entry"))), -+ `HCenter(`PushButton(`id(`delete), _("&Delete Entry"))), -+ `HSpacing(`opt(`hstretch), 0.1), -+ `VSpacing(1) -+ ), -+ `VSpacing(1) -+ ); -+ string help = ""; -+ string formtitle = ""; -+ if ( hat ) { -+ help = help1 + help2 + help3 + help4 + help5 + help6 + help7 + help_net + help8 + helpEdit + help9 + help10; -+ formtitle = _("AppArmor Hat Dialog"); -+ } else { -+ help = help1 + help2 + help3 + help4 + help5 + help6 + help7 + help_net + helpHat + helpEdit + help8 + help9 + help10; -+ formtitle = _("AppArmor Profile Dialog"); -+ } -+ Wizard::SetContentsButtons( formtitle, contents_main_profile_form, help, Label::BackButton(), _("&Done") ); -+ -+ -+ -+ map event = $[]; -+ any id = nil; -+ while( true ) -+ { -+ event = UI::WaitForEvent( timeout_millisec ); -+ id = event["ID"]:nil; // We'll need this often - cache it -+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -+ if ( (( id == `table ) && (event["EventReason"]:nil == "Activated" )) || -+ ( id == `edit) ) -+ { -+ // Widget activated in the table -+ string rule = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); -+ integer findcap = find( rule, "CAP_"); -+ integer findinc = find( rule, "#include"); -+ integer findhat = find( rule, "[+] ^"); -+ integer findnet = find( rule, "network"); -+ string oldrule = rule; -+ if ( findcap == 0 ) { -+ caps = capabilityEntryPopup( caps, rule, pathname ); -+ profile["allow", "capability"] = caps; -+ } else if ( findinc == 0 ) { -+ Popup::Error(_("Include entries can not be edited. Please select add or delete to manage Include entries.")); -+ continue; -+ } else if ( findhat == 0 ) { -+ string hatToEdit = substring( rule, 5); -+ Settings["CURRENT_HAT"] = hatToEdit; -+ return `showhat; -+ } else if ( findnet == 0 ) { -+ string newrule = networkEntryPopup( rule ); -+ if ( newrule != "" && newrule != rule ) { -+ netdomain = editNetworkRule( netdomain, rule, newrule ); -+ } -+ profile["allow","netdomain"] = netdomain; -+ } else { -+ string perms = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 2, ""); -+ map results = fileEntryPopup( rule, perms, pathname ); -+ integer newperms = 0; -+ newperms = (integer) SCR::Execute(.subdomain_profiles.string_to_mode, results["PERM"]:""); -+ rule = results["FILE"]:""; -+ if ( rule != "" ) { -+ if ( rule != oldrule ) { -+ paths = remove( paths, oldrule ); -+ } -+ paths = add(paths, rule, $[ "audit": 0, "mode": newperms]); -+ profile["allow","path"] = paths; -+ } -+ } -+ profile_map[pathname] = profile; -+ Settings["PROFILE_MAP"] = profile_map; -+ list profilelist = generateTableContents( paths, -+ netdomain, -+ caps, -+ includes, -+ hats ); -+ UI::ChangeWidget( `id(`table), `Items, profilelist ); -+ UI::ChangeWidget( `id(`table), `CurrentItem, itemselected ); -+ } else if ( id == `delete ) { -+ string rule = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); -+ integer findcap = find( rule, "CAP_"); -+ integer findinc = find( rule, "#include"); -+ integer findhat = find( rule, "[+] ^"); -+ integer findnet = find( rule, "network"); -+ -+ if ( findcap == 0 ) { -+ string capNameToDelete = linnametolp[rule]:""; -+ caps = remove( caps, capNameToDelete ); -+ profile["allow", "capability"] = caps; -+ } else if ( findinc == 0 ) { -+ string includeToRemove = substring( rule, 9); -+ includes = remove( includes, includeToRemove ); -+ profile["include"] = includes; -+ } else if ( findhat == 0 ) { -+ string hatToRemove = substring( rule, 5); -+ hats = remove( hats, hatToRemove); -+ profile_map = remove( profile_map, hatToRemove ); -+ } else if ( findnet == 0 ) { -+ netdomain = deleteNetworkRule( netdomain, rule ); -+ profile["allow","netdomain"] = netdomain; -+ } else { -+ paths = remove( paths, rule ); -+ profile["allow","path"] = paths; -+ } -+ profile_map[pathname] = profile; -+ Settings["PROFILE_MAP"] = profile_map; -+ list profilelist = generateTableContents( paths, -+ netdomain, -+ caps, -+ includes, -+ hats ); -+ UI::ChangeWidget( `id(`table), `Items, profilelist ); -+ UI::ChangeWidget( `id(`table), `CurrentItem, (itemselected == 0) ? 0 : itemselected -1 ); -+ } else if ( id == `file || id == `dir ) { -+ string addfname = ""; -+ integer addperms = 0; -+ map newentry = nil; -+ if ( id == `dir ) { -+ newentry = dirEntryPopup( "", "", pathname ); -+ } else { -+ newentry = fileEntryPopup( "", "", pathname ); -+ } -+ if ( newentry == nil ) { -+ continue; -+ } -+ addfname = newentry["FILE"]:""; -+ addperms = (integer) SCR::Execute(.subdomain_profiles.string_to_mode, newentry["PERM"]:""); -+ // Make sure that the entry doesn't already exist -+ paths = add( paths, addfname, $["audit":0, "mode": addperms] ); -+ profile["allow","path"] = paths; -+ profile_map[pathname] = profile; -+ Settings["PROFILE_MAP"] = profile_map; -+ list profilelist = generateTableContents( paths, -+ netdomain, -+ caps, -+ includes, -+ hats ); -+ UI::ChangeWidget( `id(`table), `Items, profilelist ); -+ UI::ChangeWidget( `id(`table), `CurrentItem, itemselected ); -+ } else if ( id == `cap ) { -+ caps = capabilityEntryPopup( caps, "", pathname ); -+ profile["allow","capability"] = caps; -+ profile_map[pathname] = profile; -+ Settings["PROFILE_MAP"] = profile_map; -+ list profilelist = generateTableContents( paths, -+ netdomain, -+ caps, -+ includes, -+ hats ); -+ UI::ChangeWidget( `id(`table), `Items, profilelist ); -+ } else if ( id == `hat ) { -+ if ( hat ) { -+ Popup::Error(_("Hats can not have embedded hats.")); -+ } -+ boolean hatCreated = newHatNamePopup( pathname, hats ); -+ if ( hatCreated == true ) { -+ return `showhat; -+ } -+ } else if ( id == `include ) { -+ list customIncludes = (list ) SCR::Read(.subdomain, "custom-includes"); -+ string newInclude = UI::AskForExistingFile( "/etc/apparmor.d/abstractions", "", _("Select File To Include")); -+ if ( newInclude == nil || (string)newInclude == "" ) { -+ continue; -+ } -+ list validIncludes = [ "/etc/apparmor.d/abstractions", "/etc/apparmor.d/program-chunks", "/etc/apparmor.d/tunables" ]; -+ foreach( string incPath, customIncludes, { -+ validIncludes = add( validIncludes, "/etc/apparmor.d/" + incPath); -+ }); -+ -+ integer result = 0; -+ boolean includePathOK = false; -+ foreach( string pathToCheck, (list) validIncludes, { -+ result = find (newInclude, pathToCheck); -+ if ( result != -1 ) { -+ includePathOK = true; -+ } -+ }); -+ -+ if ( ! includePathOK ) { -+ string pathListMsg = ""; -+ foreach( string pathItem, (list) validIncludes, { -+ pathListMsg = pathListMsg + "\n " + pathItem; -+ }); -+ Popup::Error(_("Invalid #include file. Include files must be located in one of these directories: \n") + pathListMsg ); -+ } else { -+ string includeName = substring(newInclude, 16 ); -+ includes = add( includes, includeName, 1 ); -+ profile["include"] = includes; -+ profile_map[pathname] = profile; -+ Settings["PROFILE_MAP"] = profile_map; -+ list profilelist = generateTableContents( paths, -+ netdomain, -+ caps, -+ includes, -+ hats ); -+ UI::ChangeWidget( `id(`table), `Items, profilelist ); -+ } -+ } else if ( id == `net ) { -+ string newrule = networkEntryPopup( "" ); -+ if ( newrule != "" ) { -+ netdomain = addNetworkRule( netdomain, newrule ); -+ profile["allow","netdomain"] = netdomain; -+ profile_map[pathname] = profile; -+ Settings["PROFILE_MAP"] = profile_map; -+ list profilelist = generateTableContents( paths, -+ netdomain, -+ caps, -+ includes, -+ hats ); -+ UI::ChangeWidget( `id(`table), `Items, profilelist ); -+ } -+ } else if ( id == `abort || id == `cancel ) { -+ break; -+ } else if ( id == `back ) { -+ break; -+ } else if ( id == `next ) { -+ if ( ! hat ) { -+ if (Popup::YesNoHeadline(_("Save changes to the Profile"), -+ _("Would you like to save the changes to this profile? \n(Note: after saving the changes the AppArmor profiles will be reloaded.)"))) { -+ map argmap = $[ "PROFILE_HASH" : Settings["PROFILE_MAP"]:$[], -+ "PROFILE_NAME" : pathname -+ ]; -+ any result = SCR::Write(.subdomain_profiles, argmap); -+ any result2 = SCR::Write(.subdomain_profiles.reload, "-"); -+ } -+ } else { -+ if ( ! haskey(hats, Settings["CURRENT_HAT"]:"") ) { -+ profile["allow","path"] = paths; -+ profile["allow","capability"] = caps; -+ profile["include"] = includes; -+ profile_map[pathname] = profile; -+ Settings["PROFILE_MAP"] = profile_map; -+ } -+ return `next; -+ } -+ break; -+ } else { -+ y2error("Unexpected return code: %1", id); -+ continue; -+ } -+ } -+ return (symbol) id; -+} -+ -+ -+ // -+ // Select a profile to edit and populate -+ // Settings["CURRENT_PROFILE"]: profile name -+ // Settings["PROFILE_MAP"]: map containing the profile -+ // -+define symbol SelectProfileForm( map profiles, string formhelp, string formtitle, string iconname ) { -+ list profilelisting = []; -+ integer indx = 0; -+ foreach( string p, any ignore, (map) profiles, { -+ profilelisting = add( profilelisting, `item( `id(p), p)); -+ indx = indx+1; -+ }); -+ -+ term contents_select_profile_form = -+ `VBox( -+ `VSpacing(2), -+ `SelectionBox( `id(`profilelist), `opt(`notify), _("Profile Name"), profilelisting ), -+ `VSpacing(3) -+ ); -+ -+ // -+ // Create the Dialog Window and parse user input -+ // -+ Wizard::CreateDialog(); -+ Wizard::SetContents( formtitle, contents_select_profile_form, formhelp, false, true ); -+ Wizard::SetTitleIcon(iconname); -+ -+ map event = $[]; -+ any id = nil; -+ string profilename = ""; -+ while( true ) -+ { -+ event = UI::WaitForEvent( timeout_millisec ); -+ id = event["ID"]:nil; // We'll need this often - cache it -+ if ( id == `next || id == `profilelist ) { -+ profilename = tostring( UI::QueryWidget(`id(`profilelist), `CurrentItem) ); -+ if ( profilename != nil && profilename != "" ) { -+ break; -+ } else { -+ Popup::Error(_("You must select a profile to edit")); -+ continue; -+ } -+ } // TODO ELSE POPUP NO ENTRY SELECTED ERROR -+ if(id == `abort || id == `cancel) { -+ break; -+ } else if(id == `back) { -+ break; -+ } else { -+ y2error("Unexpected return code: %1", id); -+ continue; -+ } -+ } -+ if ( id == `next || id == `profilelist) { -+ Settings["CURRENT_PROFILE"] = profilename; -+ Settings["PROFILE_MAP"] = profiles[profilename]:nil; -+ id = `next; -+ } -+ UI::CloseDialog(); -+ return (symbol) id; -+ } -+ -+} -+ ---- /dev/null -+++ b/src/include/apparmor/report_helptext.ycp -@@ -0,0 +1,158 @@ -+/* ------------------------------------------------------------------ -+* -+* Copyright (C) 2002-2005 Novell/SUSE -+* -+* This program is free software; you can redistribute it and/or -+* modify it under the terms of version 2 of the GNU General Public -+* License published by the Free Software Foundation. -+* -+ ------------------------------------------------------------------*/ -+ -+{ -+ -+textdomain "yast2-apparmor"; -+ -+string defs = _("Program Name Pattern:
    When you enter a program name or pattern -+that matches the name of the binary executable of the program of -+interest, the report will display security events that have -+occurred for a specific program.
    ") + -+ -+_("Profile Name Pattern: When you enter the name of the profile, -+the report will display the security events that are generated for -+the specified profile. You can use this to see what is being confined -+by a specific profile.
    ") + -+ -+_("PID Number: Process ID number is a number that uniquely identifies -+one specific process or running program (this number is valid only -+during the lifetime of that process).
    ") + -+ -+_("Severity Level: Select the lowest severity level for security -+events that you would like to be included in the report. The selected -+severity level, and above, will be included in the reports.
    ") + -+ -+_("Detail: A source to which the profile has denied access. -+This includes capabilities and files. You can use this field to -+report the resources are not allowed to be accessed by profiles.
    ") + -+ -+_("Mode: The Mode is the permission that the profile grants -+to the program or process to which it is applied. The options are: -+r (read) w (write) l (link) x (execute)
    ") + -+ -+_("Access Type: The access type describes what is actually happening -+with the security event. The options are: PERMITTING, REJECTING, -+or AUDITING.
    ") + -+ -+_("CSV or HTML: Enables you to export a CSV (comma separated -+values) or html file. The CSV file separates pieces of data in -+the log entries with commas using a standard data format for -+importing into table-oriented applications. You can enter a -+pathname for your exported report by typing in the full -+pathname in the field provided.

    "); -+ -+string setArchHelp = _("

    The Report Configuration dialog enables you to filter the archived -+report selected in the previous screen. To filter by Date Range:") + -+ -+_("

    1. Click Filter By Date Range. The fields become active.
      2. -+
    2. Enter the start and end dates that delineate the scope of the report.
      3. -+
    3. Enter other filtering parameters. See below for definitions of parameters.

    ") + -+ -+_("The following definitions help you to enter the filtering parameters in the -+Report Configuration Dialog:
    ") + defs; -+ -+ -+string types = _("Executive Security Summary: A combined report, -+consisting of one or more Security incident reports from -+one or more machines. This report provides a single view of -+security events on multiple machines.
    ") + -+ -+_("Applications Audit Report: An auditing tool that -+reports which application servers are running and whether -+the applications are confined by AppArmor. Application -+servers are applications that accept incoming network connections.
    ") + -+ -+_("Security Incident Report: A report that displays application -+security for a single host. It reports policy violations for locally -+confined applications during a specific time period. You can edit and -+customize this report, or add new versions.

    "); -+ -+string runHelp = _("

    The AppArmor On-Demand Report screen displays -+an instantly generated version of one of the following -+reports:
    ") + types; -+ -+ -+string filterCfHelp1 = setArchHelp; -+/* START Help Section -+************************************************************/ -+ -+string repGenHelpText = _("

    Generate Reports Help

    If there were, in fact, -+going to be any help for you (which, incidentally, there isn't going to be), -+then you would indeed find said help, here.

    Thank you for your time, -+and have a nice day.

    "); -+ -+ -+ -+string schedHelpText = -+_("

    The summary of scheduled reports page shows us when reports are scheduled to run. -+Reports can be set to run monthly, weekly, daily, or hourly. The default settings are -+daily at midnight. The reports can also be emailed, upon completion, to up to three -+email recipients.
    ") + -+ -+_("In the Set Schedule section, you can schedule the following three types of security reports:
    ") + types; -+ -+string archHelpText = _("

    The View Archive Reports form enables you to view -+previously generated reports, located in the /var/log/apparmor/reports-archived -+directory. The checkboxes at the top of the form enable you to narrow-down -+the category of reports shown in the list to the following: SIR Reports, AUD -+Reports, or ESS Reports. To see report details, select a report and click the -+View button.

    You can view reports from one or more systems if -+you move the reports to the /var/log/apparmor/reports-archived directory.

    "); -+ -+string mainHelp = schedHelpText; -+ -+ -+list helpList = [ schedHelpText ]; -+ -+term defaultHelp = `RichText ( schedHelpText ); -+term schedHelp = `RichText ( schedHelpText ); -+term repGenHelp = `RichText ( repGenHelpText ); -+term archHelp = `RichText ( archHelpText ); -+term otherHelp = `RichText ( archHelpText ); -+ -+string repConfHelp = _("repConfHelp"); -+ -+string sirHelp = _("

    Security Incident Report (SIR): A report that displays security -+events of interest to an administrator. The SIR reports policy violations -+for locally confined applications during the specified time period. The SIR -+reports policy exceptions and policy engine state changes. These two types -+of security events are defined as follows:") + -+ -+_("

    • Policy Exceptions: When an application requests a resource -+that's not defined within its profile, a security event is generated.
      • -+
    • Policy Engine State Changes: Enforces policy for applications and -+maintains its own state, including when engines start or stop, when a policy -+is reloaded, and when global security feature are enabled or disabled.
    -+Select the report from the archive, then View to see the report details.

    "); -+ -+ -+string audHelp = _("

    Applications Audit Report (AUD): An auditing tool -+that reports which application servers are running and whether they are confined -+by AppArmor. Application servers are applications that accept incoming network -+connections. This report provides the host machine's IP Address, the date the -+Applications Audit Report ran, the name and path of the unconfined program or -+application server, the suggested profile or a placeholder for a profile for an -+unconfined program, the process ID number, The state of the program (confined or -+unconfined), and the type of confinement that the profile is performing -+(enforce/complain).

    "); -+ -+string essHelp = _("

    Executive Security Summary (ESS): A combined report, -+consisting of one or more high-level reports from one or more machines. This -+report can provide a single view of security events on multiple machines if each -+machine's data is copied to the reports archive directory, which is -+/var/log/apparmor/reports-archived. This report provides the host -+machine's IP address, the start and end dates of the polled events, total number -+of rejects, total number of events, average of severity levels reported, and the -+highest severity level reported. One line of the ESS report represents a range -+of SIR reports.

    "); -+ -+} -+ ---- /dev/null -+++ b/src/include/apparmor/reporting_archived_dialogs.ycp -@@ -0,0 +1,307 @@ -+/* ------------------------------------------------------------------ -+* -+* Copyright (C) 2002-2005 Novell/SUSE -+* -+* This program is free software; you can redistribute it and/or -+* modify it under the terms of version 2 of the GNU General Public -+* License published by the Free Software Foundation. -+* -+ ------------------------------------------------------------------*/ -+ -+{ -+ -+import "Wizard"; -+import "Popup"; -+import "Label"; -+include "subdomain/report_helptext.ycp"; -+include "subdomain/reporting_utils.ycp"; -+textdomain "yast2-apparmor"; -+ -+// Global -+integer timeout_millisec = 20 * 1000; -+ -+//define term turnReportPage (integer curPage) { -+define term turnArchReportPage (integer curPage, integer lastPage) { -+ -+ map Settings = $[ ]; -+ list reportList = []; -+ -+ string currentPage = tostring( curPage ); -+ string slastPage = tostring( lastPage ); -+ Settings["page"] = currentPage; -+ Settings["turnArch"] = "1"; -+ Settings["turnPage"] = "1"; -+ -+ reportList = getReportList("sir",Settings); -+ -+ // poor i18n -+ string myLabel = _("Archived Security Incident Report - Page ") + currentPage + _(" of ") + slastPage; -+ -+ term odForm = -+ -+ `Frame( `id(`odframe), myLabel, -+ -+ `VBox( -+ `HBox( -+ `VSpacing(10), -+ makeSirTable(reportList), -+ `VSpacing(0.5) -+ ), -+ `HSpacing(`opt(`hstretch), 1.0), -+ `VSpacing(0.5), -+ `HBox( -+ `PushButton(`id(`first), _("F&irst") ), -+ `PushButton(`id(`prev), _("&Previous") ), -+ `PushButton(`id(`psort), _("&Sort") ), -+ `PushButton(`id(`fwd), _("&Forward") ), -+ `PushButton(`id(`last), _("&Last") ) -+ ), -+ `VSpacing(1) -+ )); -+ -+ return odForm; -+} -+ -+define term filterArchForm() { -+ -+ string expPath = "/var/log/apparmor/reports-exported"; -+ -+ term arForm = -+ -+ `Top(`VBox( -+ `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )), -+ `Frame( `id(`bydate_frame), _(" Select Date Range ") , -+ `VBox( -+ `Label( _("Enter Starting Date/Time") ), -+ `HBox( -+ `HSpacing( `opt(`hstretch), 1), -+ `IntField(`id(`startHours), _("Hours"), 0, 23, 0), -+ `IntField(`id(`startMins), _("Minutes"), 0, 59, 0), -+ `IntField(`id(`startDay), _("Day"), 1, 31, 1), -+ `IntField(`id(`startMonth), _("Month"), 1, 12, 1), -+ `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005) -+ ), -+ `VSpacing(1.0), -+ `Label( _("Enter Ending Date") ), -+ `HBox( -+ `HSpacing( `opt(`hstretch), 1), -+ `IntField(`id(`endHours), _("Hours"), 0, 23, 0), -+ `IntField(`id(`endMins), _("Minutes"), 0, 59, 0), -+ `IntField(`id(`endDay), _("Day"), 1, 31, 1), -+ `IntField(`id(`endMonth), _("Month"), 1, 12, 1), -+ `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005) -+ ), -+ `VSpacing(1.0) -+ )), -+ `VSpacing( 1.0 ), -+ `HBox( -+ `HWeight( 4, `TextEntry(`id(`prog), _("Program name") )), -+ `HWeight( 4, `TextEntry(`id(`prof), _("Profile name") )), -+ `HWeight( 3, `TextEntry(`id(`pid), _("PID number") )), -+ `HWeight( 2, -+ `ComboBox(`id(`sev), _("Severity"), [ -+ _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" -+ ]) ), -+ `HSpacing( `opt(`hstretch), 5) -+ ), -+ `HBox( -+ `HWeight( 3, `TextEntry(`id(`res), _("Detail") )), -+ `HWeight( 3, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))), -+ `HWeight( 3, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))), -+ `HSpacing( `opt(`hstretch), 5) -+ ), -+ `VSpacing( 0.5 ), -+ -+ `HBox( -+ `VSpacing(0.5), -+ `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [ -+ _("None"), _("csv"), _("html"), _("Both") -+ ]), -+ `TextEntry(`id(`expPath), _("Location to store log."), expPath ), -+ `Bottom( `VWeight( 1, `PushButton(`id(`accept), Label::AcceptButton()) )), -+ `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) -+ ) -+ )); -+ -+ return arForm; -+} -+ -+define map setArchFilter() { -+ -+ map Settings = $[]; -+ -+ term archForm = filterArchForm(); -+ Wizard::SetContentsButtons( _("Report Configuration Dialog"), archForm, -+ setArchHelp, Label::BackButton(), Label::NextButton() ); -+ -+ UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); -+ -+ string mode = "All"; -+ string sdmode = "R"; -+ -+ map event = $[]; -+ any id = nil; -+ -+ while ( true ) { -+ -+ event = UI::WaitForEvent( timeout_millisec ); -+ id = event["ID"]:nil; // We'll need this often - cache it -+ -+ if ( id == `bydate ) { -+ -+ UI::ChangeWidget(`id(`bydate_frame), `Enabled, true); -+ -+ } else if ( id == `next || id == `save ) { -+ -+ boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value); -+ -+ if ( bydate == true ) { -+ -+ integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value); -+ integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value); -+ integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value); -+ integer startHours = (integer) UI::QueryWidget(`id(`startHours), `Value); -+ integer startMins = (integer) UI::QueryWidget(`id(`startMins), `Value); -+ integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value); -+ integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value); -+ integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value); -+ integer endHours = (integer) UI::QueryWidget(`id(`endHours), `Value); -+ integer endMins = (integer) UI::QueryWidget(`id(`endMins), `Value); -+ -+ // start_day & start_month are mutually exclusive -+ if ( id == `startDay ) { -+ UI::ChangeWidget(`id(`startMonth), `Value, 0); -+ } else if ( id == `startMonth ) { -+ UI::ChangeWidget(`id(`startDay), `Value, 0); -+ } -+ -+ // start_day & start_month are mutually exclusive -+ if ( id == `endDay ) { -+ UI::ChangeWidget(`id(`endMonth), `Value, 0); -+ } else if ( id == `endMonth ) { -+ UI::ChangeWidget(`id(`endDay), `Value, 0); -+ } -+ -+ if ( CheckDate(startDay,startMonth,startYear) == false ) { -+ Popup::Error( _("Illegal start date entered. Please retry.") ); -+ continue; -+ } -+ -+ if ( CheckDate(endDay,endMonth,endYear) == false ) { -+ Popup::Error( _("Illegal end date entered. Please retry.") ); -+ continue; -+ } -+ //////////////////////////////////////////////////////////// -+ -+ string startday = tostring(startDay); -+ string startmonth = tostring(startMonth); -+ string startyear = tostring(startYear); -+ string starthours = tostring(startHours); -+ string startmins = tostring(startMins); -+ string endday = tostring(endDay); -+ string endmonth = tostring(endMonth); -+ string endyear = tostring(endYear); -+ string endhours = tostring(endHours); -+ string endmins = tostring(endMins); -+ -+ Settings["startday"] = startday; -+ Settings["startmonth"] = startmonth; -+ Settings["startyear"] = startyear; -+ Settings["endday"] = endday; -+ Settings["endmonth"] = endmonth; -+ Settings["endyear"] = endyear; -+ Settings["starttime"] = starthours + ":" + startmins; -+ Settings["endtime"] = endhours + ":" + endmins; -+ -+ } -+ -+ string expType = (string) UI::QueryWidget(`id(`exportType), `Value); -+ string expPath = (string) UI::QueryWidget(`id(`exportPath), `Value); -+ -+ if ( expType != "" && expType != "None" ) { -+ -+ if ( expType == "csv" ) { -+ Settings["exporttext"] = "true"; -+ } else if ( expType == "html" ) { -+ Settings["exporthtml"] = "true"; -+ } else if ( expType == "both" ) { -+ Settings["exporttext"] = "true"; -+ Settings["exporthtml"] = "true"; -+ } -+ } -+ -+ string program_name = (string) UI::QueryWidget(`id(`prog), `Value); -+ string profile = (string) UI::QueryWidget(`id(`prof), `Value); -+ string pid = (string) UI::QueryWidget(`id(`pid), `Value); -+ string sev = (string) UI::QueryWidget(`id(`sev), `Value); -+ string res = (string) UI::QueryWidget(`id(`res), `Value); -+ string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); -+ string mode = (string) UI::QueryWidget(`id(`mode), `Label); -+ string exppath = (string) UI::QueryWidget(`id(`expPath), `Value); -+ -+ if (sdmode == "-") { sdmode = "All"; } -+ if (mode == "-") { mode = "All"; } -+ -+ if ( program_name != "" ) { Settings["prog"] = program_name; } -+ if ( profile != "" ) { Settings["profile"] = profile; } -+ if ( pid != "" ) { Settings["pid"] = pid; } -+ if ( sev != "" && sev != "All" ) { Settings["severity"] = sev; } -+ if ( res != "" ) { Settings["resource"] = res; } -+ if ( sdmode != "" ) { Settings["sdmode"] = sdmode; } -+ if ( mode != "" ) { Settings["mode"] = mode; } -+ if ( exppath != "" ) { Settings["exportPath"] = exppath; } -+ -+ id = nil; -+ break; -+ -+ } else if ( id == `sdmode ) { -+ sdmode = popUpSdMode(); -+ Settings["sdmode"] = sdmode; -+ UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: ") + sdmode) ); -+ -+ } else if ( id == `mode ) { -+ mode = popUpMode(); -+ Settings["mode"] = mode; -+ UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: ") + mode) ); -+ -+ } else if ( id == `abort || id == `cancel || id == `done ) { -+ Settings["break"] = "abort"; -+ break; -+ } else if ( id == `close || id == `back) { -+ Settings["break"] = "back"; -+ break; -+ } -+ } -+ -+ return Settings; -+} -+ -+define term viewArchForm(string tab, string logFile, map Settings) { -+ -+ Settings["archRep"] = "1"; -+ Settings["logFile"] = logFile; -+ Settings["type"] = "archRep"; -+ -+ integer curPage = 1; -+ string currentPage = "1"; -+ Settings["currentPage"] = currentPage; -+ -+ integer isingle = Settings["single"]:1; -+ string single = "1"; -+ if ( isingle != nil ) { -+ single = tostring(isingle); -+ } -+ Settings["single"] = single; -+ -+ // mark - new -+ any junk = SCR::Read(.logparse,Settings); -+ -+ integer lastPage = getLastPage("sirRep",Settings,""); -+ term myPage = turnArchReportPage(curPage,lastPage); -+ -+ return myPage; -+} -+ -+ -+} -+ ---- /dev/null -+++ b/src/include/apparmor/reporting_dialogues.ycp -@@ -0,0 +1,2513 @@ -+/* ------------------------------------------------------------------ -+* -+* Copyright (C) 2002-2005 Novell/SUSE -+* -+* This program is free software; you can redistribute it and/or -+* modify it under the terms of version 2 of the GNU General Public -+* License published by the Free Software Foundation. -+* -+ ------------------------------------------------------------------*/ -+{ -+ -+import "Wizard"; -+import "Popup"; -+import "Label"; -+include "subdomain/reporting_utils.ycp"; -+include "subdomain/report_helptext.ycp"; -+include "subdomain/reporting_archived_dialogs.ycp"; -+textdomain "yast2-apparmor"; -+ -+// Globalz -+//integer timeout_millisec = 20 * 1000; -+map Settings = $[ ]; -+string defExpPath = "/var/log/apparmor/reports-exported"; -+string oldExpPath = "/var/log/apparmor/reports-exported"; -+string expPath = oldExpPath; -+ -+// This map is to pull the string to send back to the backend agent on save -+map md_map= $[ -+ `md_00: _("All"), -+ `md_01: "1", `md_02: "2", `md_03: "3", -+ `md_04: "4", `md_05: "5", `md_06: "6", -+ `md_07: "7", `md_08: "8", `md_09: "9", -+ `md_10: "10", `md_11: "11", `md_12: "12", -+ `md_13: "13", `md_14: "14", `md_15: "15", -+ `md_16: "16", `md_17: "17", `md_18: "18", -+ `md_19: "19", `md_20: "20", `md_21: "21", -+ `md_22: "22", `md_23: "23", `md_24: "24", -+ `md_25: "25", `md_26: "26", `md_27: "27", -+ `md_28: "28", `md_29: "29", `md_30: "30", -+ `md_31: "31" ]; -+ -+string modeToHumanString( string mode) { -+ return ( mode == "All") ? _("All") : mode; -+} -+ -+string humanStringToMode( string hs) { -+ return ( hs == _("All")) ? "All" : hs ; -+} -+ -+string typeToHumanString( string type ) { -+ string ret = ""; -+ -+ switch ( type ) -+ { -+ case "Security.Incident.Report": -+ ret = _("Security Incident Report"); -+ break; -+ case "Applications.Audit": -+ ret = _("Applications Audit Report"); -+ break; -+ case "Executive.Security.Summary": -+ ret = _("Executive Security Summary"); -+ break; -+ default: -+ ret = type; -+ break; -+ } -+ -+ return ret; -+} -+ -+string humanStringToType( string hs ) { -+ string ret = ""; -+ -+ if( hs == _("Security Incident Report")) -+ ret = "Security.Incident.Report"; -+ else if ( hs == _("Applications Audit Report")) -+ ret = "Applications.Audit"; -+ else if ( hs == _("Executive Security Summary")) -+ ret = "Executive.Security.Summary"; -+ else -+ ret = hs; -+ -+ return ret; -+} -+ -+// Grey out inappropriate paging buttons -+define void setPageButtons(integer curPage, integer lastPage) { -+ -+ if (lastPage <= 1 ) { -+ UI::ChangeWidget(`id(`first), `Enabled, false); -+ UI::ChangeWidget(`id(`last), `Enabled, false); -+ UI::ChangeWidget(`id(`prev), `Enabled, false); -+ UI::ChangeWidget(`id(`fwd), `Enabled, false); -+ UI::ChangeWidget(`id(`goto), `Enabled, false); -+ -+ } else if (curPage <= 1 ) { -+ UI::ChangeWidget(`id(`first), `Enabled, false); -+ UI::ChangeWidget(`id(`prev), `Enabled, false); -+ } else if ( curPage >= lastPage ) { -+ UI::ChangeWidget(`id(`last), `Enabled, false); -+ UI::ChangeWidget(`id(`fwd), `Enabled, false); -+ } else { -+ UI::SetFocus(`id(`goto)); -+ } -+ -+ return; -+} -+ -+// return input from edit scheduled forms as map of strings -+define map getSchedSettings( map Settings ) { -+ -+ string name = (string) UI::QueryWidget(`id(`name), `Value); -+ //integer iMonthdate = (integer) UI::QueryWidget(`id(`monthdate), `Value); -+ any md = (any) UI::QueryWidget(`id(`monthdate), `Value); -+ string monthdate = (string) md_map[md]:_("All"); -+ string weekday = (string) UI::QueryWidget(`id(`weekday), `Value); -+ any iHours = (any) UI::QueryWidget(`id(`hour), `Value); -+ any iMins = (any) UI::QueryWidget(`id(`mins), `Value); -+ string expType = (string) UI::QueryWidget(`id(`expType), `Value); -+ string email1 = (string) UI::QueryWidget(`id(`email1), `Value); -+ string email2 = (string) UI::QueryWidget(`id(`email2), `Value); -+ string email3 = (string) UI::QueryWidget(`id(`email3), `Value); -+ -+ //string monthdate = tostring( iMonthdate ); -+ string hour = tostring( iHours ); -+ string mins = tostring( iMins ); -+ -+ if ( weekday == _("All") ) { weekday = "-"; } -+ if ( monthdate == _("All") ) { monthdate = "-"; } -+ -+ // de-i18n -+ if ( weekday == _("Mon") ) { weekday = "Mon"; } -+ if ( weekday == _("Tue") ) { weekday = "Tue"; } -+ if ( weekday == _("Weds") ) { weekday = "Weds"; } -+ if ( weekday == _("Thu") ) { weekday = "Thu"; } -+ if ( weekday == _("Fri") ) { weekday = "Fri"; } -+ if ( weekday == _("Sat") ) { weekday = "Sat"; } -+ if ( weekday == _("Sun") ) { weekday = "Sun"; } -+ -+ Settings["getconf"] = ""; -+ Settings["setconf"] = "1"; -+ Settings["name"] = name; -+ Settings["monthdate"] = monthdate; -+ -+ Settings["weekday"] = weekday; -+ Settings["hour"] = hour; -+ Settings["mins"] = mins; -+ if ( expType == _("csv") || expType == _("Both") ) { -+ Settings["csv"] = "1"; -+ } else { -+ Settings["csv"] = "0"; -+ } -+ -+ if ( expType == _("html") || expType == _("Both") ) { -+ Settings["html"] = "1"; -+ } else { -+ Settings["html"] = "0"; -+ } -+ -+ Settings["email1"] = email1; -+ Settings["email2"] = email2; -+ Settings["email3"] = email3; -+ -+ return Settings; -+} -+ -+// Gets list of archived reports based on 'type' -+define list getArrayList(string type, string repPath) { -+ -+ map Settings = $[ ]; -+ string readSched = "1"; -+ Settings["readSched"] = readSched; -+ Settings["type"] = type; -+ -+ if ( repPath != "" ) { -+ Settings["repPath"] = repPath; -+ } -+ -+ list itemList = []; -+ -+ integer key = 1; -+ -+ if ( type == "sirRep" || type == "essRep" || type == "audRep" ) { -+ list db = (list ) SCR::Read (.reports_parse, Settings); -+ -+ foreach ( map record, db, { -+ any strName = record["name"]:nil; -+ any strTime = record["time"]:nil; -+ string name = tostring(strName); -+ string mytime = tostring(strTime); -+ itemList = add( itemList, `item( `id(key), record["name"]:nil, record["time"]:nil )); -+ key = key + 1; -+ }); -+ -+ } else if (type == "schedRep") { -+ -+ Settings["getcron"] = "1"; -+ -+ list db = (list ) SCR::Read (.reports_sched, Settings); -+ -+ foreach ( map record, db, { -+ itemList = add( itemList, `item( `id(key), record["name"]:nil, record["hour"]:nil, record["mins"]:nil, -+ record["wday"]:nil, record["mday"]:nil )); -+ key = key + 1; -+ }); -+ -+ } else { -+ -+ Popup::Error( _("Unrecognized form request.") ); -+ -+ } -+ -+ return itemList; -+} -+ -+ -+// Filter form for editing scheduled reports -+define term editFilterForm (map Settings) { -+ -+ /* debug */ -+ string prog = Settings["prog"]:""; -+ string prof = Settings["prof"]:""; -+ string pid = Settings["pid"]:""; -+ string res = Settings["res"]:""; -+ string sdmode = Settings["sdmode"]:"R"; -+ string mode = Settings["mode"]:"All"; -+ string sev = Settings["sev"]:"All"; -+ -+ term eForm = `VBox( -+ -+ `VSpacing( 0.5 ), -+ `HBox( -+ `HWeight( 5, `TextEntry(`id(`prog), _("Program name"), prog )), -+ `HWeight( 5, `TextEntry(`id(`prof), _("Profile name"), prof )), -+ `HSpacing( `opt(`hstretch), 1) -+ ), -+ `VSpacing( 0.5 ), -+ `HBox( -+ `HWeight( 5, `TextEntry(`id(`pid), _("PID number"), pid )), -+ `HWeight( 5, `TextEntry(`id(`res), _("Detail"), res )), -+ `HSpacing( `opt(`hstretch), 1) -+ ), -+ `VSpacing( 0.5 ), -+ `HBox( -+ `HWeight( 2, -+ `ComboBox(`id(`sev), _("Severity"), [ -+ _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" -+ ]) ), -+ `VBox( -+ `Label( _("Access Type: ") ), -+ `Bottom( `HWeight( 4, -+ `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode ))))) -+ ), -+ `VBox( -+ `Label( _("Mode: ") ), -+ `Bottom( `HWeight( 4, -+ `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode ))))) -+ ), -+ `HSpacing( `opt(`hstretch), 1) -+ ), -+ `VSpacing( 1 ), -+ `HBox( -+ `PushButton(`id(`cancel), Label::CancelButton() ), -+ `PushButton(`id(`save), Label::SaveButton() ) -+ ) -+ ); -+ -+ return eForm; -+} -+ -+term schedFilterForm = -+ -+ `VBox( -+ `VSpacing( 0.5 ), -+ `HBox( -+ `HWeight( 5, `TextEntry(`id(`prog), _("Program name") )), -+ `HWeight( 5, `TextEntry(`id(`prof), _("Profile name") )), -+ `HSpacing( `opt(`hstretch), 1) -+ ), -+ `VSpacing( 0.5 ), -+ `HBox( -+ `HWeight( 5, `TextEntry(`id(`pid), _("PID number") )), -+ `HWeight( 5, `TextEntry(`id(`res), _("Detail") ) ), -+ `HSpacing( `opt(`hstretch), 1) -+ ), -+ `VSpacing( 0.5 ), -+ `HBox( -+ `HWeight( 2, -+ `ComboBox(`id(`sev), _("Severity"), [ -+ _("All"), "U", "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" -+ ]) ), -+ -+ `VBox( -+ `Label( _("Access Type: ") ), -+ `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), "R" )) -+ ), -+ `VBox( -+ `Label( _("Mode: ") ), -+ `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("All") )) -+ ), -+ -+ //`HWeight( 4, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))), -+ //`HWeight( 4, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))), -+ `HSpacing( `opt(`hstretch), 1) -+ ), -+ `VSpacing( 1 ), -+ `HBox( -+ `PushButton(`id(`cancel), Label::CancelButton() ), -+ `PushButton(`id(`save), Label::SaveButton() ) -+ ) -+ ); -+ -+term filterForm = -+ -+ `VBox( -+ `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )), -+ `Frame( `id(`bydate_frame), _(" Select Date Range "), -+ `VBox( -+ `Label( _("Enter Starting Date/Time") ), -+ `HBox( -+ `HSpacing( `opt(`hstretch), 1), -+ `IntField(`id(`startHours), _("Hours"), 00, 23, 00), -+ `IntField(`id(`startMins), _("Minutes"), 00, 59, 00), -+ `IntField(`id(`startDay), _("Day"), 01, 31, 01), -+ `IntField(`id(`startMonth), _("Month"), 01, 12, 01), -+ `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005) -+ ), -+ `VSpacing(1.0), -+ `Label( _("Enter Ending Date") ), -+ `HBox( -+ `HSpacing( `opt(`hstretch), 1), -+ `IntField(`id(`endHours), _("Hours"), 0, 23, 0), -+ `IntField(`id(`endMins), _("Minutes"), 0, 59, 0), -+ `IntField(`id(`endDay), _("Day"), 1, 31, 1), -+ `IntField(`id(`endMonth), _("Month"), 1, 12, 1), -+ `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005) -+ ) -+ ), -+ `VSpacing(1.0), -+ `HBox( -+ `HWeight( 4, `TextEntry(`id(`prog), _("Program name")) ), -+ `HWeight( 4, `TextEntry(`id(`prof), _("Profile name")) ), -+ `HWeight( 3, `TextEntry(`id(`pid), _("PID number")) ), -+ `HWeight( 2, -+ `ComboBox(`id(`sev), _("Severity"), [ -+ _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" -+ ]) ), -+ `HSpacing( `opt(`hstretch), 5) -+ ), -+ `HBox( -+ `HWeight( 3, `TextEntry(`id(`res), _("Detail") ) ), -+ -+ `VBox( -+ `Label( _("Access Type: ") ), -+ `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), "R" )) -+ ), -+ `VBox( -+ `Label( _("Mode: ") ), -+ `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("All") )) -+ ), -+ -+ -+ //`HWeight( 3, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))), -+ //`HWeight( 3, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))), -+ `HSpacing( `opt(`hstretch), 5) -+ ), -+ `VSpacing( 0.5 ), -+ -+ `HBox( -+ `VSpacing(0.5), -+ // DWR MOD `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [ -+ `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [ -+ _("None"), _("csv"), _("html"), _("Both") -+ ]), -+ `TextEntry(`id(`expPath), _("Location to store log."), expPath ), -+ `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) -+ ) -+ -+ )); -+ -+// filter-defining form -+define term filterForm2(string name, map preFilters) { -+ -+ any aprog = preFilters["prog"]:nil; -+ any aprof = preFilters["profile"]:nil; -+ any apid = preFilters["pid"]:nil; -+ any ares = preFilters["resource"]:nil; -+ any amode = preFilters["mode"]:"All"; -+ any asdmode = preFilters["sdmode"]:"All"; -+ -+ string prog = ""; -+ string prof = ""; -+ string pid = ""; -+ string res = ""; -+ string mode = ""; -+ string sdmode = ""; -+ -+ if ( aprog != nil ) { prog = tostring(aprog); } -+ if ( aprof != nil ) { prof = tostring(aprof); } -+ if ( apid != nil ) { pid = tostring(apid); } -+ if ( ares != nil ) { res = tostring(ares); } -+ if ( amode != nil ) { mode = tostring(amode); } -+ if ( asdmode != nil ) { sdmode = tostring(asdmode); } -+ if (sdmode == "-") { sdmode = "All"; } -+ if (mode == "-") { mode = "All"; } -+ -+ term ff2 = -+ `Top(`VBox( -+ `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )), -+ `Frame( `id(`bydate_frame), _(" Select Date Range "), -+ `VBox( -+ `Label( _("Enter Starting Date/Time") ), -+ `HBox( -+ `HSpacing( `opt(`hstretch), 1), -+ `IntField(`id(`startHours), _("Hours"), 0, 23, 0), -+ `IntField(`id(`startMins), _("Minutes"), 0, 59, 0), -+ `IntField(`id(`startDay), _("Day"), 1, 31, 1), -+ `IntField(`id(`startMonth), _("Month"), 1, 12, 1), -+ `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005) -+ ), -+ `VSpacing(1.0), -+ `Label( _("Enter Ending Date") ), -+ `HBox( -+ `HSpacing( `opt(`hstretch), 1), -+ `IntField(`id(`endHours), _("Hours"), 0, 23, 0), -+ `IntField(`id(`endMins), _("Minutes"), 0, 59, 0), -+ `IntField(`id(`endDay), _("Day"), 1, 31, 1), -+ `IntField(`id(`endMonth), _("Month"), 1, 12, 1), -+ `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005) -+ ), -+ `VSpacing(1.0) -+ )), -+ `VSpacing( 1.0 ), -+ `HBox( -+ `HWeight( 4, `TextEntry(`id(`prog), _("Program name"), prog) ), -+ `HWeight( 4, `TextEntry(`id(`prof), _("Profile name"), prof) ), -+ `HWeight( 3, `TextEntry(`id(`pid), _("PID number"), pid) ), -+ `HWeight( 2, -+ `ComboBox(`id(`sev), _("Severity"), [ -+ _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" -+ ]) ), -+ `HSpacing( `opt(`hstretch), 5) -+ ), -+ `HBox( -+ `VSpacing(0.5), -+ `TextEntry(`id(`res), _("Detail"), res), -+ `VBox( -+ `Label( _("Access Type: ") ), -+ `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode ))) -+ ), -+ `VBox( -+ `Label( _("Mode: ") ), -+ `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode ))) -+ ) -+ ), -+ `VSpacing( 0.5 ), -+ -+ `HBox( -+ `VSpacing(0.5), -+ `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [ -+ _("None"), _("csv"), _("html"), _("Both") -+ ]), -+ `TextEntry(`id(`expPath), _("Location to store log."), expPath ), -+ `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) -+ ) -+ )); -+ -+ return ff2; -+ -+} -+ -+// Gets data for next or previous page of current report -+define term turnReportPage (string name, integer curPage, string slastPage, map Settings) { -+ -+ //map Settings = $[ ]; - 07-07 -+ list reportList = []; -+ -+ string currentPage = tostring( curPage ); -+ Settings["name"] = name; -+ Settings["page"] = currentPage; -+ Settings["turnPage"] = "1"; -+ -+ reportList = getReportList("sir", Settings); -+ -+ // New map is a list, not a hash -+ -+ /* Old aa-eventd -+ list db = (list ) SCR::Read (.logparse, Settings); -+ integer key = 1; -+ foreach ( map record, db, { -+ reportList = add( reportList, `item( `id(key), record["host"]:nil, -+ record["date"]:nil, record["prog"]:nil, record["profile"]:nil, -+ record["pid"]:nil, record["severity"]:nil, record["mode"]:nil, -+ record["resource"]:nil, record["sdmode"]:nil )); -+ key = key + 1; -+ }); -+ */ -+ -+ string myLabel = _("On Demand Event Report - Page ") + currentPage + _(" of ") + slastPage; -+ -+ term odForm = -+ -+ `Frame( `id(`odpage), myLabel, -+ -+ `VBox( -+ //`Label("AppArmor Event Report Data " + currentPage ), -+ //`Label(myLabel), -+ -+ `HBox( -+ `VSpacing(10), -+ // New aa-eventd -+ makeSirTable(reportList), -+ /* Old aa-eventd -+ `Table(`id(`table), `opt(`keepSorting, `immediate ), `header( _("Host"), _("Date"), _("Program"), -+ _("Profile"), _("PID"), _("Severity"), _("Mode"), _("Detail"), _("Access Type") ), reportList), -+ */ -+ -+ `VSpacing(0.5) -+ ), -+ `HSpacing(`opt(`hstretch), 1.0), -+ `VSpacing(0.5), -+ `HBox( -+ `PushButton(`id(`first), _("F&irst Page") ), -+ `PushButton(`id(`prev), _("&Previous") ), -+ `PushButton(`id(`psort), _("&Sort") ), -+ `PushButton(`id(`fwd), _("&Forward") ), -+ `PushButton(`id(`last), _("&Last Page") ), -+ `PushButton(`id(`goto), _("&Go to Page") ) -+ ), -+ `VSpacing(1) -+ )); -+ -+ return odForm; -+} -+ -+define symbol reportConfigForm() { -+ -+ term contents_report_config_form = -+ `VBox( -+ `VSpacing( 1 ), -+ `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )), -+ `Frame( `id(`bydate_frame), _(" Select Date Range ") , -+ `VBox( -+ `Label( _("Enter Starting Date/Time") ), -+ `HBox( -+ `HSpacing( `opt(`hstretch), 1), -+ `HWeight( 1, `TextEntry(`id(`start_time), _("Time") )), -+ `HSpacing( `opt(`hstretch), 1), -+ `HWeight( 1, `TextEntry(`id(`start_day), _("Day") )), -+ `HSpacing( `opt(`hstretch), 1), -+ `HWeight( 1, `TextEntry(`id(`start_month), _("Month") )), -+ `HSpacing( `opt(`hstretch), 1), -+ `HWeight( 1, `TextEntry(`id(`start_year), _("Year") )), -+ `HSpacing( `opt(`hstretch), 1) -+ ), -+ `VSpacing( 1.0 ), -+ `Label( _("Enter Ending Date") ), -+ `HBox( -+ `HSpacing( `opt(`hstretch), 1), -+ `HWeight( 1, `TextEntry(`id(`end_time), _("Time") )), -+ `HSpacing( `opt(`hstretch), 1), -+ `HWeight( 1, `TextEntry(`id(`end_day), _("Day") )), -+ `HSpacing( `opt(`hstretch), 1), -+ `HWeight( 1, `TextEntry(`id(`end_month), _("Month") )), -+ `HSpacing( `opt(`hstretch), 1), -+ `HWeight( 1, `TextEntry(`id(`end_year), _("Year") )), -+ `HSpacing( `opt(`hstretch), 1), -+ `VSpacing( `opt(`vstretch), 2) -+ ) -+ )), -+ `VSpacing( 0.5 ), -+ `Left(`CheckBox( `id(`byprog), `opt(`notify), _("Filter By Program Name") )), -+ `HBox(`id(`pbox), -+ `Left(`TextEntry(`id(`prog), _("Program name") )), -+ `HSpacing( `opt(`hstretch), 45) -+ ), -+ `VSpacing( 0.5 ), -+ `Left(`CheckBox( `id(`expLog), `opt(`notify), _("Export Report") )), -+ `HBox(`id(`ebox), -+ `Left(`TextEntry(`id(`exportName), _("Export File Location") )), -+ `Label( _("Select Export Format") ), -+ `Left(`CheckBox(`id(`exportText), _("CSV"), false)), -+ `Left(`CheckBox(`id(`exportHtml), _("HTML"), true)) -+ ) -+ ); -+ Wizard::SetContentsButtons( _("Report Configuration Dialog"), contents_report_config_form, repConfHelp, Label::BackButton(), Label::NextButton() ); -+ -+ Settings = $[ ]; -+ map event = $[]; -+ any id = nil; -+ UI::ChangeWidget(`id(`pbox), `Enabled, false); -+ UI::ChangeWidget(`id(`ebox), `Enabled, false); -+ UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); -+ UI::ChangeWidget(`id(`exportName), `Value, "/tmp/export.log"); -+ -+ while( true ) { -+ event = UI::WaitForEvent( timeout_millisec ); -+ id = event["ID"]:nil; // We'll need this often - cache it -+ -+ integer start_day = (integer) UI::QueryWidget(`id(`start_day), `Value); -+ integer start_month = (integer) UI::QueryWidget(`id(`start_month), `Value); -+ integer start_year = (integer) UI::QueryWidget(`id(`start_year), `Value); -+ integer end_day = (integer) UI::QueryWidget(`id(`end_day), `Value); -+ integer end_month = (integer) UI::QueryWidget(`id(`end_month), `Value); -+ integer end_year = (integer) UI::QueryWidget(`id(`end_year), `Value); -+ -+ if ( id == `byprog ) { -+ boolean val = (boolean) UI::QueryWidget(`id(`byprog), `Value); -+ if ( val == true ) { -+ UI::ChangeWidget(`id(`pbox), `Enabled, true); -+ UI::ChangeWidget(`id(`allevents), `Value, false); -+ } else { -+ UI::ChangeWidget(`id(`pbox), `Enabled, false); -+ } -+ } else if ( id == `bydate ) { -+ boolean val = (boolean) UI::QueryWidget(`id(`bydate), `Value); -+ if ( val == true ) { -+ UI::ChangeWidget(`id(`bydate_frame), `Enabled, true); -+ UI::ChangeWidget(`id(`allevents), `Value, false); -+ } else { -+ UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); -+ } -+ } else if ( id == `expLog ) { -+ boolean val = (boolean) UI::QueryWidget(`id(`expLog), `Value); -+ if ( val == true ) { -+ UI::ChangeWidget(`id(`ebox), `Enabled, true); -+ //UI::ChangeWidget(`id(`allevents), `Value, false); -+ } else { -+ UI::ChangeWidget(`id(`ebox), `Enabled, false); -+ } -+ } else if ( id == `next ) { -+ -+ // Setup the data structures. -+ boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value); -+ boolean byprog = (boolean) UI::QueryWidget(`id(`byprog), `Value); -+ boolean allevents = (boolean) UI::QueryWidget(`id(`allevents), `Value); -+ boolean expLog = (boolean) UI::QueryWidget(`id(`expLog), `Value); -+ -+ if ( expLog ) { -+ string exportName = (string) UI::QueryWidget(`id(`exportName), `Value); -+ any expText = (boolean) UI::QueryWidget(`id(`exportText), `Value); -+ any expHtml = (boolean) UI::QueryWidget(`id(`exportHtml), `Value); -+ string exportText = tostring( expText ); -+ string exportHtml = tostring( expHtml ); -+ Settings["exportname"] = exportName; -+ Settings["exporttext"] = exportText; -+ Settings["exporthtml"] = exportHtml; -+ } -+ -+ if ( byprog ) { -+ string program_name = (string) UI::QueryWidget(`id(`prog), `Value); -+ Settings["prog"] = program_name; -+ } -+ -+ if ( bydate ) { -+ -+ integer start_hour = (integer) UI::QueryWidget(`id(`startHour), `Value); -+ integer start_min = (integer) UI::QueryWidget(`id(`startMin), `Value); -+ integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value); -+ integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value); -+ integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value); -+ integer end_hour = (integer) UI::QueryWidget(`id(`endHour), `Value); -+ integer end_min = (integer) UI::QueryWidget(`id(`endMin), `Value); -+ integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value); -+ integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value); -+ integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value); -+ string start_time = tostring(start_hour) + ":" + tostring(start_min); -+ string end_time = tostring(end_hour) + ":" + tostring(end_min); -+ -+ if ( CheckDate(startDay,startMonth,startYear) == false ) { -+ Popup::Error( _("Illegal start date entered. Please retry.") ); -+ continue; -+ } -+ -+ if ( CheckDate(endDay,endMonth,endYear) == false ) { -+ Popup::Error( _("Illegal end date entered. Please retry.") ); -+ continue; -+ } -+ -+ Settings["startday"] = tostring(startDay); -+ Settings["startmonth"] = tostring(startMonth); -+ Settings["startyear"] = tostring(startYear); -+ Settings["endday"] = tostring(endDay); -+ Settings["endmonth"] = tostring(endMonth); -+ Settings["endyear"] = tostring(endYear); -+ Settings["starttime"] = start_time; -+ Settings["endtime"] = end_time; -+ } -+ -+ } else if ( id == `abort || id == `back || id == `done ) { -+ Popup::Message( _("Abort or Back") ); -+ break; -+ } -+ -+ //break; -+ } -+ return (symbol) id; -+} -+ -+// Main Report Form -+define symbol mainArchivedReportForm() { -+ -+ map reportdata = nil; -+ reportdata = (map) SCR::Read (.logparse, Settings ); -+ list reportlist = []; -+ -+ foreach( integer key, map repdata, (map) reportdata, { -+ reportlist = add( reportlist, `item( `id(key), repdata["date"]:nil, repdata["prof"]:nil, repdata["pid"]:nil, repdata["mesg"]:nil)); -+ }); -+ -+ string help1 = _("AppArmor Security Events

    -+ This table displays the events found that match your search criteria."); -+ -+ -+ // DBG y2milestone("in MainReportForm"); -+ term contents_main_prof_form = -+ `VBox( -+ `Label( _("AppArmor Event Report Data") ), -+ `HBox( -+ `VSpacing(10), -+ `Table(`id(`table), `opt(`notify, `immediate ), `header(_("Date"), -+ _("Profile"), _("PID"), _("AppArmor Message") ), reportlist), -+ `VSpacing(0.5) -+ ) -+ ); -+ Wizard::SetContentsButtons( _("AppArmor Security Event Report"), -+ contents_main_prof_form, help1, Label::BackButton(), _("&Done") ); -+ -+ -+ map event = $[]; -+ any id = nil; -+ while( true ) { -+ -+ event = UI::WaitForEvent( timeout_millisec ); -+ id = event["ID"]:nil; // We'll need this often - cache it -+ -+ if ( id == `table ) { -+ -+ if ( event["EventReason"]:nil == "Activated" ) { -+ // Widget activated in the table -+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -+ } -+ -+ } else if ( id == `abort || id == `cancel || id == `done ) { -+ break; -+ } else if ( id == `back || id == `next ) { -+ break; -+ } else { -+ y2error("Unexpected return code: %1", id); -+ continue; -+ } -+ } -+ return (symbol) id; -+} -+ -+// This is the first and base reporting form -+define symbol mainReportForm() { -+ -+ term mainForm = -+ -+ `VBox( -+ `Label( _("AppArmor Reporting") ), -+ `VSpacing(2), -+ `VBox( -+ `Left(`CheckBox( `id(`schedrep), `opt(`notify), _("Schedule Reports"), true )), -+ `Left(`CheckBox( `id(`viewrep), `opt(`notify), _("View Archived Reports") )), -+ `Left(`CheckBox( `id(`runrep), `opt(`notify), _("Run Reports") )) -+ ), -+ `VSpacing(0.5) -+ ); -+ -+ Wizard::SetContentsButtons( _("AppArmor Security Event Report"), mainForm, mainHelp, Label::BackButton(), Label::NextButton() ); -+ -+ map event = $[]; -+ any id = nil; -+ while( true ) { -+ -+ event = UI::WaitForEvent( timeout_millisec ); -+ id = event["ID"]:nil; // We'll need this often - cache it -+ -+ if ( id == `schedrep ) { -+ UI::ChangeWidget(`id(`viewrep), `Value, false); -+ UI::ChangeWidget(`id(`runrep), `Value, false); -+ } else if ( id == `viewrep ) { -+ UI::ChangeWidget(`id(`schedrep), `Value, false); -+ UI::ChangeWidget(`id(`runrep), `Value, false); -+ } else if ( id == `runrep ) { -+ UI::ChangeWidget(`id(`schedrep), `Value, false); -+ UI::ChangeWidget(`id(`viewrep), `Value, false); -+ } else if ( id == `abort || id == `cancel || id == `done ) { -+ break; -+ } else if ( id == `back ) { -+ break; -+ } else if ( id == `next ) { -+ -+ if ( UI::QueryWidget(`id(`schedrep), `Value) == true ) { -+ id = `schedrep; -+ } else if ( UI::QueryWidget(`id(`viewrep), `Value) == true ) { -+ id = `viewrep; -+ } else if ( UI::QueryWidget(`id(`runrep), `Value) == true ) { -+ id = `runrep; -+ } -+ -+ break; -+ -+ } else { -+ y2error("Unexpected return code: %1", id); -+ continue; -+ } -+ } -+ -+ return (symbol) id; -+} -+ -+// Form used to select the type of archived report to list -+define term viewForm(map archType, list itemList, string repPath) { -+ -+ boolean sirRep = archType["sirRep"]:false; -+ boolean audRep = archType["audRep"]:false; -+ boolean essRep = archType["essRep"]:false; -+ -+ if ( repPath == "" || repPath == nil ) { -+ repPath = "/var/log/apparmor/reports-archived/"; -+ } -+ -+ if ( audRep == false && essRep == false ) { -+ sirRep = true; -+ } -+ -+ term vForm = -+ `ReplacePoint(`id(`viewform), `VBox( -+ `Label( _("View Archived Reports") ), -+ `HSpacing(60), // make the table and thus the dialog wide enough -+ `VSpacing(1), -+ `HBox( -+ `Frame( `id(`radioSelect), _("Choose a Report Type"), -+ `RadioButtonGroup(`id(`chooseRep), `HBox( -+ `HStretch(), -+ `RadioButton(`id(`sirRep), `opt(`notify, `immediate), _("SIR"), sirRep), -+ `HSpacing(1), -+ `RadioButton(`id(`audRep), `opt(`notify, `immediate), _("App Aud"), audRep), -+ `HSpacing(1), -+ `RadioButton(`id(`essRep), `opt(`notify, `immediate), _("ESS"), essRep), -+ `HSpacing(1), -+ `HStretch() -+ ))) -+ ), -+ `VSpacing(1), -+ `Frame( `id(`repFrame), _("Location of Archived Reports"), -+ `HBox( -+ `Left(`Label(repPath)), -+ `HSpacing(1), -+ `Left(`PushButton(`id(`browse), _("&Browse"))), -+ `HStretch() -+ ) -+ ), -+ `VSpacing(0.5), -+ `VWeight( 10, `HBox( -+ `VSpacing(1), -+ `Table(`id(`table), `opt(`notify, `immediate), `header(_("Report"), -+ _("Date") ), itemList ) ) -+ ), -+ `VSpacing(1), -+ `HBox( -+ `VSpacing(1), -+ `PushButton(`id(`view), _("&View") ), -+ `PushButton(`id(`viewall), _("View &All") ) -+ ) -+ )); -+ -+ return vForm; -+} -+ -+define map filterConfigForm(string name) { -+ -+ // Cheating way to set filters -+ map opts = $[]; -+ opts["getSirFilters"] = "1"; -+ opts["name"] = name; -+ opts["gui"] = "1"; -+ map preFilters = $[]; -+ preFilters = (map) SCR::Read( .logparse, opts ); -+ -+ any asev = preFilters["severity"]:nil; -+ string sev = ""; -+ if ( asev != nil ) { sev = tostring(asev); } -+ if ( sev == "-" ) { sev = _("All"); } -+ -+ Wizard::SetContentsButtons( _("Report Configuration Dialog"), -+ filterForm2(name,preFilters), filterCfHelp1, Label::BackButton(), Label::NextButton() ); -+ -+ if ( sev != "" && sev != _("All") ) { -+ if ( sev != "U" ) { -+ integer isev = tointeger(sev); -+ if ( isev < 10 ) { -+ sev = "0" + sev; -+ } -+ } -+ -+ UI::ChangeWidget(`id(`sev), `Value, sev); -+ } -+ -+ string mode = "All"; -+ string sdmode = "R"; -+ -+ Settings = $[ ]; -+ map event = $[]; -+ any id = nil; -+ UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); -+ -+ while( true ) { -+ -+ event = UI::WaitForEvent( timeout_millisec ); -+ id = event["ID"]:nil; -+ -+ if ( id == `bydate ) { -+ -+ boolean val = (boolean) UI::QueryWidget(`id(`bydate), `Value); -+ if ( val == true ) { -+ UI::ChangeWidget(`id(`bydate_frame), `Enabled, true); -+ } else { -+ UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); -+ } -+ -+ } else if ( id == `abort || id == `done || id == `cancel) { -+ Settings["break"] = "abort"; -+ break; -+ -+ } else if ( id == `back ) { -+ Settings["break"] = "back"; -+ break; -+ -+ } else if ( id == `sdmode ) { -+ -+ sdmode = popUpSdMode(); -+ -+ if ( sdmode != "" ) { -+ Settings["sdmode"] = sdmode; -+ UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) ) ); -+ } -+ -+ } else if ( id == `mode ) { -+ -+ mode = popUpMode(); -+ -+ if ( mode != "" ) { -+ Settings["mode"] = mode; -+ UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode ))); -+ } -+ -+ } else if ( id == `browse ) { -+ -+ string selectFile = ""; -+ selectFile = UI::AskForExistingDirectory( "/", _("Select Directory")); -+ -+ if ( selectFile != nil ) { -+ UI::ChangeWidget(`id(`expPath), `Value, selectFile); -+ } -+ -+ Settings["expPath"] = expPath; -+ -+ } else if ( id == `save || id == `next) { -+ -+ // Setup the data structures. -+ boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value); -+ boolean expText = false; -+ boolean expHtml = false; -+ -+ if ( UI::QueryWidget(`id(`expLog), `Enabled) == true ) { -+ expText = (boolean) UI::QueryWidget(`id(`exportText), `Value); -+ expHtml = (boolean) UI::QueryWidget(`id(`exportHtml), `Value); -+ } -+ -+ if ( expText == true ) { -+ Settings["exporttext"] = "true"; -+ } -+ if ( expHtml == true ) { -+ Settings["exporthtml"] = "true"; -+ } -+ -+ string program_name = (string) UI::QueryWidget(`id(`prog), `Value); -+ string profile = (string) UI::QueryWidget(`id(`prof), `Value); -+ string pid = (string) UI::QueryWidget(`id(`pid), `Value); -+ string sev = (string) UI::QueryWidget(`id(`sev), `Value); -+ string res = (string) UI::QueryWidget(`id(`res), `Value); -+ string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); -+ string mode = (string) UI::QueryWidget(`id(`mode), `Label); -+ string exppath = (string) UI::QueryWidget(`id(`expPath), `Value); -+ -+ // de-i18n -+ if ( sev == _("All") ) { sev = "All"; } -+ if ( sev == _("U") ) { sev = "U"; } -+ -+ if (exppath != "" ) { Settings["exportPath"] = expPath; } -+ if ( program_name != "" ) { Settings["prog"] = program_name; } -+ if ( profile != "" ) { Settings["profile"] = profile; } -+ if ( pid != "" ) { Settings["pid"] = pid; } -+ if ( sev != "" && sev != "All" ) { Settings["severity"] = sev; } -+ if ( res != "" ) { Settings["resource"] = res; } -+ if ( sdmode != "" ) { Settings["sdmode"] = humanStringToMode( sdmode); } -+ if ( mode != "" ) { Settings["mode"] = humanStringToMode( mode ); } -+ -+ if ( bydate == true ) { -+ -+ integer start_hour = (integer) UI::QueryWidget(`id(`startHour), `Value); -+ integer start_min = (integer) UI::QueryWidget(`id(`startMin), `Value); -+ integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value); -+ integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value); -+ integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value); -+ integer end_hour = (integer) UI::QueryWidget(`id(`endHour), `Value); -+ integer end_min = (integer) UI::QueryWidget(`id(`endMin), `Value); -+ integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value); -+ integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value); -+ integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value); -+ -+ string start_time = tostring(start_hour) + ":" + tostring(start_min); -+ string end_time = tostring(end_hour) + ":" + tostring(end_min); -+ -+ if ( CheckDate(startDay,startMonth,startYear) == false ) { -+ Popup::Error( _("Illegal start date entered. Please retry.") ); -+ continue; -+ } -+ -+ if ( CheckDate(endDay,endMonth,endYear) == false ) { -+ Popup::Error( _("Illegal end date entered. Please retry.") ); -+ continue; -+ } -+ -+ string start_day = tostring(startDay); -+ string start_month = tostring(startMonth); -+ string start_year = tostring(startYear); -+ string end_day = tostring(endDay); -+ string end_month = tostring(endMonth); -+ string end_year = tostring(endYear); -+ -+ Settings["startday"] = tostring(start_day); -+ Settings["startmonth"] = tostring(start_month); -+ Settings["startyear"] = tostring(start_year); -+ Settings["endday"] = tostring(end_day); -+ Settings["endmonth"] = tostring(end_month); -+ Settings["endyear"] = tostring(end_year); -+ Settings["starttime"] = start_time; -+ Settings["endtime"] = end_time; -+ -+ } -+ -+ string expType = (string) UI::QueryWidget(`id(`expType), `Value); -+ string expPath = (string) UI::QueryWidget(`id(`expPath), `Value); -+ -+ if ( expType == _("csv") ) { -+ Settings["exporttext"] = "1"; -+ } else if ( expType == _("html") ) { -+ Settings["exporthtml"] = "1"; -+ } else if ( expType == _("Both") ) { -+ Settings["exporttext"] = "1"; -+ Settings["exporthtml"] = "1"; -+ } -+ -+ Settings["exportPath"] = expPath; -+ -+ break; -+ } -+ } -+ -+ return Settings; -+} -+ -+define term displayEmptyRep(string type) { -+ -+ string myLabel = ""; -+ string myInfo = ""; -+ -+ if ( type == "noDb" ) { -+ myLabel = _("Events DB Not Initialized."); -+ myInfo = _("The events database has not been populated. No records exist."); -+ } else if ( type == "noList" ) { -+ myLabel = _("Query Returned Empty List."); -+ myInfo = _("The events database has no records that match the search query."); -+ } -+ -+ term newPage = -+ -+ `Frame( `id(`newpage), myLabel, -+ -+ `VBox( -+ //`Label(myLabel), -+ `HBox( -+ `VSpacing(10), -+ `Label( myInfo ), -+ `VSpacing(0.5) -+ ), -+ `HSpacing(`opt(`hstretch), 1.0), -+ `VSpacing(1) -+ )); -+ -+ -+ return newPage; -+} -+ -+define term displayRep(string type, integer curPage, string slastPage, list reportList ) { -+ -+ string myLabel = ""; -+ string currentPage = tostring(curPage); -+ term myTable = nil; -+ -+ if (type == "onDemand" || type == "sir") { -+ // Very poor i18n here -+ myLabel = _("On Demand Event Report - Page ") + currentPage + _(" of ") + slastPage; -+ myTable = makeSirTable(reportList); -+ -+ } else if (type == "archRep") { -+ -+ myLabel = _("Archived Event Report - Page ") + currentPage + _(" of ") + slastPage; -+ myTable = makeSirTable(reportList); -+ -+ } else if (type == "aud" || type == "audRep" ) { -+ -+ myLabel = _("Applications Audit Report"); -+ myTable = `Table(`id(`table), `opt(`notify, `immediate ), -+ `header(_("Host"), _("Date"), _("Program"), -+ _("Profile"), _("PID"), _("State"), _("Type") ), reportList); -+ -+ } else if (type == "ess" || type == "essRep" ) { -+ if (reportList == nil) { -+ myLabel = _("Executive Security Summary"); -+ myTable = `Table(`id(`table), `opt(`notify), -+ `header(_("Query Results")), _("No event information exists.")); -+ -+ } else { -+ myLabel = _("Executive Security Summary"); -+ myTable = `Table(`id(`table), `opt(`notify, `immediate ), -+ `header(_("Host"), _("Start Date"),_("End Date"), _("Num Rejects"), -+ _("Num Events"), _("Ave. Sev"), _("High Sev") ), reportList); -+ } -+ } -+ -+ term newPage = -+ -+ `Frame( `id(`newpage), myLabel, -+ -+ `VBox( -+ `HBox( -+ `VSpacing(10), -+ myTable, -+ `VSpacing(0.5) -+ ), -+ `HSpacing(`opt(`hstretch), 1.0), -+ `VSpacing(0.5), -+ `HBox( -+ `PushButton(`id(`first), _("F&irst Page") ), -+ `PushButton(`id(`prev), _("&Previous") ), -+ `PushButton(`id(`psort), _("&Sort") ), -+ `PushButton(`id(`fwd), _("&Forward") ), -+ `PushButton(`id(`last), _("&Last Page") ), -+ `PushButton(`id(`goto), _("&Go to Page") ) -+ ), -+ `VSpacing(1) -+ )); -+ -+ return newPage; -+} -+ -+ -+// View Archived Reports -+define symbol displayArchForm() { -+ -+ map archType = $[ ]; -+ archType["sirRep"] = true; -+ archType["audRep"] = false; -+ archType["essRep"] = false; -+ -+ map Settings = $[ ]; -+ string readSched = "1"; -+ Settings["getcron"] = "0"; -+ Settings["readSched"] = "1"; -+ Settings["type"] = "sirRep"; -+ string type = Settings["type"]:nil; -+ -+ list itemList = []; -+ itemList = getArrayList(type,""); -+ -+ Wizard::SetContentsButtons( _("AppArmor Security Event Report"), -+ viewForm(archType, itemList, ""), archHelpText, Label::BackButton(), _("&Done") ); -+ -+ map event = $[]; -+ any archId = nil; -+ -+ string repPath = ""; -+ integer lastPage = 1; -+ integer curPage = 1; -+ -+ string formHelp = runHelp; -+ -+ -+ while( true ) { -+ -+ event = UI::WaitForEvent( ); -+ -+ archId = event["ID"]:nil; // We'll need this often - cache it -+ -+ if (archId == `back || archId == `abort || archId == `done) { -+ break; -+ } else if ( archId == `close || archId == `cancel || archId == `next) { -+ break; -+ -+ } else if ( archId == `repPath ) { -+ -+ repPath = (string) UI::QueryWidget(`id(`repPath), `Value); -+ Settings["repPath"] = repPath; -+ itemList = getArrayList(type,repPath); -+ Wizard::SetContentsButtons( _("AppArmor Security Event Report"), -+ viewForm(archType, itemList, repPath), archHelpText, Label::BackButton(), _("&Done") ); -+ -+ } else if ( archId == `browse ) { -+ -+ string selectFile = ""; -+ selectFile = UI::AskForExistingDirectory( "/", _("Select Directory")); -+ -+ if ( selectFile != nil ) { -+ UI::ChangeWidget(`id(`repPath), `Value, selectFile); -+ // set new reppath -+ repPath = selectFile; -+ Settings["repPath"] = repPath; -+ itemList = getArrayList(type,repPath); -+ Wizard::SetContentsButtons( _("AppArmor Security Event Report"), -+ viewForm(archType, itemList, repPath), archHelpText, Label::BackButton(), -+ _("&Done") ); -+ } -+ -+ -+ } else if ( archId == `sirRep ) { -+ formHelp = sirHelp; -+ archType["sirRep"] = true; -+ archType["audRep"] = false; -+ archType["essRep"] = false; -+ Settings["type"] = "sirRep"; -+ type = Settings["type"]:nil; -+ -+ itemList = getArrayList(type,repPath); -+ -+ Wizard::SetContentsButtons( _("View Archived SIR Report"), -+ viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done")); -+ -+ } else if ( archId == `audRep ) { -+ formHelp = audHelp; -+ archType["sirRep"] = false; -+ archType["audRep"] = true; -+ archType["essRep"] = false; -+ Settings["type"] = "audRep"; -+ type = Settings["type"]:nil; -+ -+ itemList= getArrayList(type,""); -+ Wizard::SetContentsButtons( _("View Archived AUD Report"), -+ viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done")); -+ -+ } else if ( archId == `essRep ) { -+ formHelp = essHelp; -+ archType["sirRep"] = false; -+ archType["audRep"] = false; -+ archType["essRep"] = true; -+ Settings["type"] = "essRep"; -+ type = Settings["type"]:nil; -+ -+ itemList= getArrayList(type,""); -+ Wizard::SetContentsButtons( _("View Archived ESS Report"), -+ viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done")); -+ -+ -+ } else if ( archId == `view || archId == `viewall || archId == `table) { -+ -+ if ( archId == `viewall ) { -+ Settings["single"] = "0"; -+ } else { -+ Settings["single"] = "1"; -+ } -+ -+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -+ string logFile = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); -+ string logPath = (string) UI::QueryWidget(`id(`repPath), `Value); -+ list splitPath = splitstring (logPath, "/"); -+ string checkPath = splitPath[size(splitPath)-1]:""; -+ -+ string longLogName = ""; -+ -+ -+ // Cat strings & check for trailing "/" in path -+ if ( logPath != "" ) { -+ if ( checkPath != "" ) { -+ longLogName = logPath + "/" + logFile; -+ } else { -+ longLogName = logPath + logFile; -+ } -+ } -+ -+ if ( type == "sirRep" ) { -+ -+ formHelp = sirHelp; -+ map sirSettings = nil; -+ sirSettings = setArchFilter(); -+ if ( archId == `viewall ) { sirSettings["single"] = 0; } -+ -+ // Force an exit if appropriate -+ any breakCheck = sirSettings["break"]:nil; -+ -+ if ( breakCheck == "abort" ) { -+ symbol myBreak = `abort; -+ return myBreak; -+ -+ } else if ( breakCheck == "back" ) { -+ symbol myBreak = `back; -+ return myBreak; -+ } -+ -+ if ( repPath != "" ) { -+ sirSettings["repPath"] = repPath; -+ } -+ -+ Wizard::SetContentsButtons( _("Security Incident Report"), -+ viewArchForm(type,logFile,sirSettings), sirHelp, Label::BackButton(), _("&Done")); -+ -+ lastPage = getLastPage(type,Settings,""); // check 'name' -+ setPageButtons(curPage,lastPage); -+ -+ } else if ( type == "audRep" ) { -+ -+ formHelp = audHelp; -+ list reportList = []; -+ integer key = 1; -+ Settings["page"] = "1"; -+ Settings["audArch"] = "1"; -+ Settings["turnPage"] = "1"; -+ Settings["file"] = logFile; -+ -+ list db = (list ) SCR::Read (.reports_confined, Settings); -+ -+ foreach ( map repdata, db, { -+ reportList = add( reportList, `item( `id(key), repdata["host"]:nil, -+ repdata["date"]:nil, repdata["prog"]:nil, repdata["prof"]:nil, -+ repdata["pid"]:nil, repdata["state"]:nil, repdata["type"]:nil )); -+ key = key + 1; -+ }); -+ -+ lastPage = getLastPage(type,Settings,""); -+ string slastPage = tostring(lastPage); -+ -+ Wizard::SetContentsButtons( _("Applications Audit Report"), -+ displayRep(type,curPage,slastPage,reportList), formHelp, Label::BackButton(), -+ _("&Done") ); -+ setPageButtons(curPage,lastPage); -+ -+ } else if ( type == "essRep" ) { -+ -+ formHelp = essHelp; -+ list reportList = []; -+ integer key = 1; -+ Settings["file"] = logFile; -+ Settings["essArch"] = "1"; -+ -+ list db = (list ) SCR::Read (.reports_ess, Settings); -+ -+ foreach ( map repdata, db, { -+ reportList = add( reportList, `item( `id(key), repdata["host"]:nil, -+ repdata["startdate"]:nil, repdata["enddate"]:nil, repdata["numRejects"]:nil, -+ repdata["numEvents"]:nil, repdata["sevMean"]:nil, repdata["sevHi"]:nil )); -+ key = key + 1; -+ }); -+ -+ lastPage = getLastPage(type,Settings,""); -+ string slastPage = tostring(lastPage); -+ -+ Wizard::SetContentsButtons( _("Executive Security Summary Report"), -+ displayRep(type,curPage,slastPage,reportList), formHelp, Label::BackButton(), -+ _("&Done") ); -+ setPageButtons(curPage,lastPage); -+ -+ } else { -+ Popup::Error( _("No recognized report type selected. Try again.") ); -+ continue; -+ } -+ -+ } else if ( archId == `goto ) { -+ -+ integer newPage = popUpGoto(lastPage); -+ -+ if ( newPage > 0 && newPage <= lastPage && newPage != curPage ) { -+ curPage = newPage; -+ -+ term fwdForm = turnArchReportPage(curPage,lastPage); -+ Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, runHelp, Label::BackButton(), _("&Done") ); -+ setPageButtons(curPage,lastPage); -+ } -+ -+ } else if ( archId == `psort ) { -+ -+ string sortKey = popUpSort(type); -+ -+ if ( sortKey != nil && sortKey != "" ) { -+ curPage = 1; -+ map sortCmd = $[]; -+ sortCmd["sortKey"] = sortKey; -+ sortCmd["sort"] = "1"; -+ any junk = SCR::Write(.logparse, sortCmd); -+ term fwdForm = turnArchReportPage(curPage,lastPage); -+ Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, runHelp, Label::BackButton(), _("&Done") ); -+ setPageButtons(curPage,lastPage); -+ } -+ -+ } else if ( archId == `fwd ) { -+ -+ curPage = curPage +1; -+ term fwdForm = turnArchReportPage(curPage,lastPage); -+ Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, formHelp, Label::BackButton(), _("&Done") ); -+ -+ setPageButtons(curPage,lastPage); -+ -+ -+ } else if ( archId == `prev ) { -+ -+ if ( curPage > 0 ) { curPage = curPage -1; } -+ term prevForm = turnArchReportPage(curPage,lastPage); -+ Wizard::SetContentsButtons( _("AppArmor Report"), prevForm, formHelp, Label::BackButton(), _("&Done") ); -+ -+ setPageButtons(curPage,lastPage); -+ -+ } else if ( archId == `first ) { -+ -+ curPage = 1; -+ term firstForm = turnArchReportPage(curPage,lastPage); -+ Wizard::SetContentsButtons( _("AppArmor Report"), firstForm, formHelp, Label::BackButton(), _("&Done") ); -+ setPageButtons(curPage,lastPage); -+ -+ } else if ( archId == `last ) { -+ -+ curPage = lastPage; -+ term lastForm = turnArchReportPage(curPage,lastPage); -+ Wizard::SetContentsButtons( _("AppArmor Report"), lastForm, formHelp, Label::BackButton(), _("&Done") ); -+ setPageButtons(curPage,lastPage); -+ -+ } else { -+ y2error("Unexpected return code: %1", archId); -+ continue; -+ } -+ //break; -+ } -+ -+ if (archId != `back && archId != `abort && archId != `done) { -+ archId = `back; -+ } -+ -+ return (symbol) archId; -+} -+ -+// The main form for On-Demand reports, executed from the wizard by selecting 'Run Now' -+define symbol displayRunForm() { -+ -+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -+ string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "")); -+ -+ string type = ""; -+ -+ if (name == "Security.Incident.Report") { -+ type = "sir"; -+ } else if (name == "Applications.Audit") { -+ type = "aud"; -+ } else if ( name == "Executive.Security.Summary") { -+ type = "ess"; -+ } else { -+ type = "sir"; // All added reports are SIRs -+ } -+ -+ if ( type != "aud" ) { -+ boolean dbActivated = checkEventDb(); -+ if ( dbActivated == false ) { -+ type = "noDb"; -+ } -+ } -+ -+ list reportList = []; -+ map Settings = $[ ]; -+ integer curPage = 1; -+ integer lastPage = 1; -+ string slastPage = "1"; -+ -+ string formHelp = runHelp; -+ map reportdata = nil; -+ -+ if (type == "sir") { -+ -+ Settings = filterConfigForm(name); -+ -+ // Force an exit if appropriate -+ any breakCheck = Settings["break"]:nil; -+ -+ if ( breakCheck == "abort" ) { -+ symbol myBreak = `abort; -+ return myBreak; -+ -+ } else if ( breakCheck == "back" ) { -+ symbol myBreak = `back; -+ return myBreak; -+ } -+ -+ formHelp = sirHelp; -+ Settings["type"] = "onDemand"; -+ Settings["turnPage"] = "0"; -+ -+ reportList = getReportList("sir",Settings); -+ integer listSize = size(reportList); -+ if ( listSize < 1 ) { -+ type = "noList"; -+ } -+ -+ } else if ( type == "aud" ) { -+ -+ formHelp = audHelp; -+ Settings["type"] = "onDemand"; -+ Settings["turnPage"] = "0"; -+ -+ list db = (list ) SCR::Read (.reports_confined, Settings); -+ -+ integer key = 1; -+ -+ foreach ( map repdata, db, { -+ reportList = add( reportList, `item( `id(key), repdata["host"]:nil, -+ repdata["date"]:nil, repdata["prog"]:nil, repdata["prof"]:nil, -+ repdata["pid"]:nil, repdata["state"]:nil, repdata["type"]:nil )); -+ key = key + 1; -+ }); -+ -+ } else if ( type == "ess" ) { -+ -+ formHelp = essHelp; -+ Settings["type"] = "onDemand"; -+ Settings["turnPage"] = "0"; -+ list db = (list ) SCR::Read (.reports_ess, Settings); -+ -+ if (db != nil) { -+ -+ integer key = 1; -+ -+ foreach ( map repdata, db, { -+ reportList = add( reportList, `item( `id(key), repdata["host"]:nil, -+ repdata["startdate"]:nil, repdata["enddate"]:nil, -+ repdata["numRejects"]:nil, repdata["numEvents"]:nil, repdata["sevMean"]:nil, -+ repdata["sevHi"]:nil )); -+ key = key + 1; -+ }); -+ } -+ -+ } -+ -+ if ( type == "noDb" ) { -+ Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayEmptyRep(type), -+ formHelp, Label::BackButton(), _("&Done") ); -+ } else if ( type == "noList" ) { -+ Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayEmptyRep(type), -+ formHelp, Label::BackButton(), _("&Done") ); -+ } else { -+ -+ lastPage = getLastPage(type,Settings,name); -+ slastPage = tostring(lastPage); -+ -+ Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), -+ displayRep(type,curPage,slastPage,reportList), formHelp, -+ Label::BackButton(), _("&Done") ); -+ setPageButtons(curPage,lastPage); -+ } -+ -+ map event = $[]; -+ any id = nil; -+ -+ while( true ) { -+ -+ // Grey out inappropriate paging buttons -+ if (curPage <= 1 ) { -+ UI::ChangeWidget(`id(`prev), `Enabled, false); -+ } else if ( curPage >= lastPage ) { -+ UI::ChangeWidget(`id(`fwd), `Enabled, false); -+ } -+ -+ event = UI::WaitForEvent( timeout_millisec ); -+ id = event["ID"]:nil; // We'll need this often - cache it -+ -+ // REDO -+ if ( id == `schedrep ) { -+ break; -+ } else if ( id == `abort || id == `cancel || id == `back || id == `done) { -+ break; -+ } else if ( id == `next ) { -+ -+ break; -+ -+ } else if ( id == `goto ) { -+ -+ integer newPage = popUpGoto(lastPage); -+ -+ if ( newPage > 0 && newPage <= lastPage && newPage != curPage ) { -+ curPage = newPage; -+ -+ term goForm = turnReportPage(name,curPage,slastPage,Settings); -+ Wizard::SetContentsButtons( _("AppArmor - Run Reports"), goForm, -+ formHelp, Label::BackButton(), _("&Done") ); -+ setPageButtons(curPage,lastPage); -+ } -+ -+ } else if ( id == `psort ) { -+ -+ string sortKey = popUpSort(type); -+ -+ if ( sortKey != nil && sortKey != "" ) { -+ -+ // branch added 08.01.2005 -+ curPage = 1; -+ Settings["type"] = "onDemand"; -+ Settings["turnPage"] = "0"; -+ Settings["sortKey"] = sortKey; -+ -+ reportList = getReportList(type,Settings); -+ -+ Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayRep(type,curPage, -+ slastPage,reportList), formHelp, Label::BackButton(), _("&Done") ); -+ setPageButtons(curPage,lastPage); -+ -+ } -+ -+ } else if ( id == `prev ) { -+ -+ if ( curPage > 0 ) { curPage = curPage -1; } -+ term prevForm = turnReportPage(name,curPage,slastPage,Settings); -+ Wizard::SetContentsButtons( _("AppArmor - Run Reports"), prevForm, -+ formHelp, Label::BackButton(), _("&Done") ); -+ setPageButtons(curPage,lastPage); -+ -+ } else if ( id == `fwd ) { -+ curPage = curPage + 1; -+ term fwdForm = turnReportPage(name,curPage,slastPage,Settings); -+ Wizard::SetContentsButtons( _("AppArmor - Run Reports"), fwdForm, -+ formHelp, Label::BackButton(), _("&Done") ); -+ setPageButtons(curPage,lastPage); -+ -+ } else if ( id == `first ) { -+ -+ curPage = 1; -+ slastPage = tostring(lastPage); -+ term firstForm = turnReportPage(name,curPage,slastPage,Settings); -+ Wizard::SetContentsButtons( _("AppArmor - Run Reports"), firstForm, formHelp, -+ Label::BackButton(), _("&Done") ); -+ setPageButtons(curPage,lastPage); -+ -+ } else if ( id == `last ) { -+ -+ curPage = lastPage; -+ slastPage = tostring(lastPage); -+ term lastForm = turnReportPage(name,curPage,slastPage,Settings); -+ Wizard::SetContentsButtons( _("AppArmor - Run Reports"), lastForm, formHelp, -+ Label::BackButton(), _("&Done") ); -+ setPageButtons(curPage,lastPage); -+ -+ } else { -+ y2error("Unexpected return code: %1", id); -+ continue; -+ } -+ -+ } -+ -+ type = ""; -+ return (symbol) id; -+} -+ -+define void addSchedForm() { -+ -+ map Settings = $[ ]; -+ string readSched = "1"; -+ Settings["getcron"] = "1"; -+ Settings["readSched"] = "1"; -+ Settings["type"] = "schedRep"; -+ -+ string expPath = "/var/log/apparmor/reports-exported"; -+ -+ UI::OpenDialog( -+ -+ `ReplacePoint( `id(`addSchedRep), `VBox( -+ `Label( _("Add Scheduled SIR") ), -+ `VSpacing(1), -+ `TextEntry(`id(`name), _("Report Name")), -+ `VSpacing(1), -+ `HBox( -+ `ComboBox(`id(`monthdate), `opt(`notify), _("Day of Month"), [ -+ `item(`id(`md_00), _("All")), -+ `item(`id(`md_01), "1"), `item(`id(`md_02), "2"), `item(`id(`md_03), "3"), -+ `item(`id(`md_04), "4"), `item(`id(`md_05), "5"), `item(`id(`md_06), "6"), -+ `item(`id(`md_07), "7"), `item(`id(`md_08), "8"), `item(`id(`md_09), "9"), -+ `item(`id(`md_10), "10"), `item(`id(`md_11), "9"), `item(`id(`md_12), "12"), -+ `item(`id(`md_13), "13"), `item(`id(`md_14), "14"), `item(`id(`md_15), "15"), -+ `item(`id(`md_16), "16"), `item(`id(`md_17), "17"), `item(`id(`md_18), "18"), -+ `item(`id(`md_19), "19"), `item(`id(`md_20), "20"), `item(`id(`md_21), "21"), -+ `item(`id(`md_22), "22"), `item(`id(`md_23), "23"), `item(`id(`md_24), "24"), -+ `item(`id(`md_25), "25"), `item(`id(`md_26), "26"), `item(`id(`md_27), "27"), -+ `item(`id(`md_28), "28"), `item(`id(`md_29), "29"), `item(`id(`md_30), "30"), -+ `item(`id(`md_31), "31") ]), -+ `ComboBox(`id(`weekday), `opt(`notify), _("Day of Week"), [ -+ _("All"), _("Sun"), _("Mon"), _("Tue"), _("Wed"), _("Thu"), _("Fri"), _("Sat") -+ ]), -+ `IntField(`id(`hour), _("Hour"), 00, 23, 00), -+ `IntField(`id(`mins), _("Minute"), 00, 59, 00) -+ ), -+ `VSpacing(1), -+ `HBox( -+ `VSpacing(1), -+ `TextEntry(`id(`email1), `opt(`notify), _("Email Target 1"), ""), -+ `TextEntry(`id(`email2), `opt(`notify), _("Email Target 2"), ""), -+ `TextEntry(`id(`email3), `opt(`notify), _("Email Target 3"), "") -+ ), -+ `VSpacing(1), -+ `HBox( -+ `VSpacing(0.5), -+ `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [ -+ _("None"), _("csv"), _("html"), _("Both") -+ ]), -+ `TextEntry(`id(`expPath), _("Location to store log."), expPath ), -+ `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) -+ ), -+ `VSpacing(1), -+ `HBox( -+ `PushButton(`id(`cancel), Label::CancelButton() ), -+ `PushButton(`id(`next), Label::NextButton() ) -+ ) -+ ))); -+ -+ string mode = "All"; -+ string sdmode = "R"; -+ integer timeout_millisec = 20 * 1000; -+ map event = $[]; -+ any addInput = nil; -+ -+ while( true ) { -+ -+ event = UI::WaitForEvent( timeout_millisec ); -+ addInput = event["ID"]:nil; // We'll need this often - cache it -+ -+ -+ if ( addInput == `monthdate && addInput != 0 ) { -+ UI::ChangeWidget(`id(`weekday), `Value, _("All") ); -+ } else if ( addInput == `weekday && addInput != _("All") ) { -+ UI::ChangeWidget(`id(`monthdate), `Value, _("All") ); -+ } -+ -+ if ( addInput == `next ) { -+ -+ // Check for valid path -+ expPath = (string) UI::QueryWidget(`id(`expPath), `Value); -+ map fileTest = $[]; -+ fileTest["checkFile"] = "1"; -+ fileTest["file"] = expPath; -+ -+ any pathExists = SCR::Read(.reports_parse, fileTest); -+ string spath = tostring(pathExists); -+ -+ if ( spath != "1" ) { -+ Popup::Error(_("The specified directory does not exist.")); -+ UI::ChangeWidget(`id(`expPath), `Value, oldExpPath); -+ } else { -+ -+ Settings["expPath"] = expPath; -+ UI::ChangeWidget(`id(`expPath), `Value, expPath); -+ -+ string name = (string) UI::QueryWidget(`id(`name), `Value); -+ string monthdate = (string) UI::QueryWidget(`id(`monthdate), `Value); -+ string weekday = (string) UI::QueryWidget(`id(`weekday), `Value); -+ any iHours = (any) UI::QueryWidget(`id(`hour), `Value); -+ any iMins = (any) UI::QueryWidget(`id(`mins), `Value); -+ string email1 = (string) UI::QueryWidget(`id(`email1), `Value); -+ string email2 = (string) UI::QueryWidget(`id(`email2), `Value); -+ string email3 = (string) UI::QueryWidget(`id(`email3), `Value); -+ -+ //string monthdate = tostring( iMonthdate ); -+ string hour = tostring( iHours ); -+ string mins = tostring( iMins ); -+ -+ string expType = (string) UI::QueryWidget(`id(`expType), `Value); -+ -+ if ( expType == _("csv") || expType == _("Both") ) { -+ Settings["csv"] = "1"; -+ } -+ -+ if ( expType == _("html") || expType == _("Both") ) { -+ Settings["html"] = "1"; -+ } -+ -+ if ( weekday == _("All") ) { weekday = "-"; } -+ if ( monthdate == _("All") ) { monthdate = "-"; } -+ -+ // de-i18n -+ if ( weekday == _("Mon") ) { weekday = "Mon"; } -+ if ( weekday == _("Tue") ) { weekday = "Tue"; } -+ if ( weekday == _("Weds") ) { weekday = "Weds"; } -+ if ( weekday == _("Thu") ) { weekday = "Thu"; } -+ if ( weekday == _("Fri") ) { weekday = "Fri"; } -+ if ( weekday == _("Sat") ) { weekday = "Sat"; } -+ if ( weekday == _("Sun") ) { weekday = "Sun"; } -+ -+ Settings["add"] = "1"; -+ Settings["name"] = name; -+ Settings["monthdate"] = monthdate; -+ Settings["weekday"] = weekday; -+ Settings["hour"] = hour; -+ Settings["mins"] = mins; -+ Settings["email1"] = email1; -+ Settings["email2"] = email2; -+ Settings["email3"] = email3; -+ -+ // Confirm reasonable input on report names -+ string checkName = filterchars(name, "`~!@#$%^&*()[{]};:'\",<>?/\|"); -+ integer nameLength = size(name); -+ -+ if ( regexpmatch(name, " ") == true ) { -+ Popup::Error( _("Only one contiguous space allowed in report names.")); -+ } else if ( checkName != "" ) { -+ Popup::Error( _("These characters are not allowed in report names: -+ \"`~!@#$%^&*()[{]};:'\",<>?/\|\"") ); -+ } else if ( nameLength > 128 ) { -+ Popup::Error( _("Only 128 characters are allowed in report names.")); -+ } else { -+ boolean uniqueName = findDupe(name); -+ if ( uniqueName == true ) { -+ UI::ReplaceWidget(`addSchedRep, schedFilterForm ); -+ } else { -+ Popup::Error( _("Each report name should be unique.") ); -+ } -+ }} -+ -+ } else if ( addInput == `sdmode ) { -+ -+ sdmode = popUpSdMode(); -+ -+ if (sdmode != "") { -+ Settings["sdmode"] = sdmode; -+ UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) )); -+ } -+ -+ } else if ( addInput == `mode ) { -+ -+ mode = popUpMode(); -+ -+ if (mode != "") { -+ Settings["mode"] = mode; -+ UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode )) ); -+ } -+ -+ } else if (addInput == `save ) { -+ -+ string prog = (string) UI::QueryWidget(`id(`prog), `Value); -+ string prof = (string) UI::QueryWidget(`id(`prof), `Value); -+ string pid = (string) UI::QueryWidget(`id(`pid), `Value); -+ string res = (string) UI::QueryWidget(`id(`res), `Value); -+ string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); -+ string mode = (string) UI::QueryWidget(`id(`mode), `Label); -+ string sev = (string) UI::QueryWidget(`id(`sev), `Value); -+ string expType = (string) UI::QueryWidget(`id(`expType), `Value); -+ -+ if ( expType == "csv" ) { -+ Settings["exporttext"] = "1"; -+ } else if ( expType == "html" ) { -+ Settings["exporthtml"] = "1"; -+ } else if ( expType == "both" ) { -+ Settings["exporttext"] = "1"; -+ Settings["exporthtml"] = "1"; -+ } -+ -+ if ( sev == _("All") ) { sev = "-"; } -+ -+ Settings["getcron"] = ""; -+ Settings["prog"] = prog; -+ Settings["prof"] = prof; -+ Settings["pid"] = pid; -+ Settings["sev"] = sev; -+ Settings["res"] = res; -+ Settings["sdmode"] = humanStringToMode( sdmode ); -+ Settings["mode"] = humanStringToMode( mode ); -+ -+ any error = (any) SCR::Write(.reports_sched, Settings); -+ -+ if (is(error, string)) { -+ string erStr = tostring(error); -+ Popup::Error("Error: " + erStr); -+ } -+ -+ addInput = `close; -+ break; -+ -+ } else if ( addInput == `accept ) { -+ -+ expPath = (string) UI::QueryWidget(`id(`expPath), `Value); -+ map fileTest = $[]; -+ fileTest["checkFile"] = "1"; -+ fileTest["file"] = expPath; -+ -+ any pathExists = SCR::Read(.reports_parse, fileTest); -+ string spath = tostring(pathExists); -+ -+ if ( spath == "1" ) { -+ Settings["expPath"] = expPath; -+ UI::ChangeWidget(`id(`expPath), `Value, expPath); -+ } else { -+ Popup::Error(_("The specified directory does not exist.")); -+ } -+ -+ } else if ( addInput == `browse ) { -+ -+ string selectFile = ""; -+ selectFile = UI::AskForExistingDirectory( "/", _("Select Directory")); -+ -+ if ( selectFile != nil ) { -+ UI::ChangeWidget(`id(`expPath), `Value, selectFile); -+ } -+ -+ Settings["expPath"] = expPath; -+ -+ } else if ( addInput == `cancel || addInput == `close ) { -+ -+ addInput = `close; -+ break; -+ } -+ } -+ -+ UI::CloseDialog(); -+ -+ return; -+} -+ -+define void editSchedForm() { -+ -+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -+ string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "")); -+ -+ map Settings = $[ ]; -+ string readSched = "1"; -+ Settings["name"] = name; -+ Settings["getcron"] = ""; -+ Settings["getrep"] = "1"; -+ Settings["readSched"] = "1"; -+ Settings["type"] = "schedRep"; -+ -+ list itemList = []; -+ integer key = 1; -+ -+ map db = nil; -+ db = (map) SCR::Read (.reports_sched, Settings ); -+ string sname = name; // Don't know why this was pulled from db instead of name above -+ any amday = db["mday"]:nil; -+ any wday = db["wday"]:nil; -+ any shour = db["hour"]:nil; -+ any smins = db["mins"]:nil; -+ -+ string oldRepName = sname; -+ string swday = "All"; -+ string monthdate = "All"; -+ -+ if (amday != nil) { monthdate = tostring(amday); } -+ if (wday != nil) { swday = tostring(wday); } -+ -+ integer ihour = 23; -+ integer imins = 59; -+ if (shour != nil) { ihour = tointeger(shour); } -+ if (smins != nil) { imins = tointeger(smins); } -+ -+ // Get reports.conf info -+ Settings["getrep"] = ""; -+ Settings["getconf"] = "1"; -+ map db2 = nil; -+ db2 = (map) SCR::Read (.reports_sched, Settings ); -+ -+ any aemail1 = db2["addr1"]:nil; -+ any aemail2 = db2["addr2"]:nil; -+ any aemail3 = db2["addr3"]:nil; -+ any tmpPath = db2["exportpath"]:nil; -+ -+ string email1 = ""; -+ string email2 = ""; -+ string email3 = ""; -+ -+ string expType = ""; -+ string expPath = "/var/log/apparmor/reports-exported"; -+ if ( tmpPath != nil ) { -+ oldExpPath = tostring(tmpPath); -+ expPath = oldExpPath; -+ } else { -+ oldExpPath = defExpPath; -+ expPath = oldExpPath; -+ } -+ -+ if (aemail1 != nil) { email1 = tostring(aemail1); } -+ if (aemail2 != nil) { email2 = tostring(aemail2); } -+ if (aemail3 != nil) { email3 = tostring(aemail3); } -+ -+ /* Get Filtering Info for Report */ -+ any aprog = db2["prog"]:nil; -+ any aprof = db2["prof"]:nil; -+ any apid = db2["pid"]:nil; -+ any ares = db2["res"]:nil; -+ any asev = db2["severity"]:nil; -+ any asdmode = db2["sdmode"]:nil; -+ any amode = db2["mode"]:nil; -+ any acsv = db2["csv"]:nil; -+ any ahtml = db2["html"]:nil; -+ -+ /* debug */ -+ if ( aprog != nil ) { Settings["prog"] = tostring(aprog); } -+ if ( aprof != nil ) { Settings["prof"] = tostring(aprof); } -+ if ( apid != nil ) { Settings["pid"] = tostring(apid); } -+ if ( ares != nil ) { Settings["res"] = tostring(ares); } -+ if ( asev != nil ) { Settings["sev"] = tostring(asev); } -+ if ( asdmode != nil ) { Settings["sdmode"] = tostring(asdmode); } -+ if ( asdmode == nil || asdmode == "-" ) { -+ Settings["sdmode"] = "All"; -+ } -+ if ( amode != nil ) { Settings["mode"] = tostring(amode); } -+ -+ if ( acsv != nil && ahtml != nil ) { -+ expType = "Both"; -+ Settings["csv"] = "1"; -+ Settings["html"] = "1"; -+ } else if ( acsv != nil && ahtml == nil ) { -+ expType = "csv"; -+ Settings["csv"] = "1"; -+ Settings["html"] = ""; -+ } else if ( acsv == nil && ahtml != nil ) { -+ expType = "html"; -+ Settings["csv"] = ""; -+ Settings["html"] = "1"; -+ } else if ( acsv == nil && ahtml == nil ) { -+ expType = "None"; -+ Settings["csv"] = ""; -+ Settings["html"] = ""; -+ } -+ -+ // Special handling for sev -+ string formatSev = ""; -+ if ( asev != nil ) { formatSev = tostring(asev); } -+ if ( formatSev != "" && formatSev != "U" && formatSev != "All" && formatSev != nil) { -+ formatSev = "0" + formatSev; -+ } -+ -+ term continueBtns = -+ -+ `HBox( -+ `PushButton(`id(`cancel), Label::CancelButton() ), -+ `PushButton(`id(`fwd), _("N&ext") ) -+ ); -+ -+ -+ // We need secondary filters for SIR reports only -+ if ( sname == "Executive.Security.Summary" || sname == "Applications.Audit" ) { -+ -+ continueBtns = -+ `HBox( -+ `PushButton(`id(`cancel), Label::CancelButton() ), -+ `PushButton(`id(`save), Label::SaveButton() ) -+ ); -+ -+ } -+ -+ string edLabel = _("Edit Report Schedule for ") + typeToHumanString(sname); -+ -+ UI::OpenDialog( -+ -+ `ReplacePoint( `id(`editSchedRep), -+ -+ `VBox( -+ `HBox( `Label(`id(`edname), edLabel) ), -+ `VSpacing(1), -+ `HBox( -+ `ComboBox(`id(`monthdate), `opt(`notify), _("Day of Month"), [ -+ `item(`id(`md_00), _("All")), -+ `item(`id(`md_01), "1"), `item(`id(`md_02), "2"), `item(`id(`md_03), "3"), -+ `item(`id(`md_04), "4"), `item(`id(`md_05), "5"), `item(`id(`md_06), "6"), -+ `item(`id(`md_07), "7"), `item(`id(`md_08), "8"), `item(`id(`md_09), "9"), -+ `item(`id(`md_10), "10"), `item(`id(`md_11), "11"), `item(`id(`md_12), "12"), -+ `item(`id(`md_13), "13"), `item(`id(`md_14), "14"), `item(`id(`md_15), "15"), -+ `item(`id(`md_16), "16"), `item(`id(`md_17), "17"), `item(`id(`md_18), "18"), -+ `item(`id(`md_19), "19"), `item(`id(`md_20), "20"), `item(`id(`md_21), "21"), -+ `item(`id(`md_22), "22"), `item(`id(`md_23), "23"), `item(`id(`md_24), "24"), -+ `item(`id(`md_25), "25"), `item(`id(`md_26), "26"), `item(`id(`md_27), "27"), -+ `item(`id(`md_28), "28"), `item(`id(`md_29), "29"), `item(`id(`md_30), "30"), -+ `item(`id(`md_31), "31") -+ ]), -+ `ComboBox(`id(`weekday), `opt(`notify), _("Day of Week"), [ -+ _("All"), _("Sun"), _("Mon"), _("Tue"), _("Wed"), _("Thu"), _("Fri"), _("Sat") -+ ]), -+ `IntField(`id(`hour), _("Hour"), 0, 23, ihour), -+ `IntField(`id(`mins), _("Minute"), 0, 59, imins) -+ ), -+ `VSpacing(1), -+ `HBox( -+ `VSpacing(1), -+ `TextEntry(`id(`email1), `opt(`notify), _("Email Target 1"), email1), -+ `TextEntry(`id(`email2), `opt(`notify), _("Email Target 2"), email2), -+ `TextEntry(`id(`email3), `opt(`notify), _("Email Target 3"), email3) -+ ), -+ `VSpacing(1), -+ `HBox( -+ `VSpacing(0.5), -+ -+ // DWR MOD `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [ -+ `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [ -+ _("None"), _("csv"), _("html"), _("Both") -+ ]), -+ `TextEntry(`id(`expPath), _("Location to store log."), expPath ), -+ `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) -+ ), -+ `VSpacing(1), -+ continueBtns -+ ))); -+ -+ /**************************************************/ -+ string mode = _("All"); -+ string sdmode = _("R"); -+ -+ integer timeout_millisec = 20 * 1000; -+ map event = $[]; -+ any editInput = nil; -+ //map Settings = $[ ]; -+ -+ //Cheap & easy way to give default value to ComboBox -+ if (swday != _("All") ) { -+ UI::ChangeWidget(`id(`weekday), `Value, swday); -+ } -+ -+ if ( monthdate != _("All") ) { -+ UI::ChangeWidget(`id(`monthdate), `Value, monthdate); -+ } -+ -+ if ( expType != _("None") ) { -+ UI::ChangeWidget(`id(`expType), `Value, expType); -+ } -+ -+ while( true ) { -+ -+ event = UI::WaitForEvent( timeout_millisec ); -+ editInput = event["ID"]:nil; // We'll need this often - cache it -+ -+ if ( editInput == `monthdate && editInput != 0 ) { -+ UI::ChangeWidget(`id(`weekday), `Value, _("All") ); -+ } else if ( editInput == `weekday && editInput != _("All") ) { -+ UI::ChangeWidget(`id(`monthdate), `Value, _("All") ); -+ } -+ -+ if ( editInput == `fwd ) { -+ -+ string email1 = (string) UI::QueryWidget(`id(`email1), `Value); -+ string email2 = (string) UI::QueryWidget(`id(`email2), `Value); -+ string email3 = (string) UI::QueryWidget(`id(`email3), `Value); -+ -+ string spath = "0"; -+ -+ expPath = (string) UI::QueryWidget(`id(`expPath), `Value); -+ map fileTest = $[]; -+ fileTest["checkFile"] = "1"; -+ fileTest["file"] = expPath; -+ -+ any pathExists = SCR::Read(.reports_parse, fileTest); -+ spath = tostring(pathExists); -+ Settings["expPath"] = expPath; -+ -+ if ( spath == "1" ) { -+ -+ Settings = getSchedSettings(Settings); -+ UI::ReplaceWidget(`editSchedRep, editFilterForm(Settings) ); -+ -+ // Special handling for ComboBoxes (sev) -+ if ( formatSev != "" ) { UI::ChangeWidget(`id(`sev), `Value, formatSev); } -+ -+ } else { -+ Popup::Error(_("The specified directory does not exist.")); -+ UI::ChangeWidget(`id(`expPath), `Value, oldExpPath); -+ } -+ -+ } else if ( editInput == `sdmode ) { -+ -+ sdmode = popUpSdMode(); -+ -+ if ( sdmode != "" ) { -+ Settings["sdmode"] = sdmode; -+ UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) )); -+ } -+ -+ } else if ( editInput == `mode ) { -+ -+ mode = popUpMode(); -+ if ( mode != "" ) { -+ Settings["mode"] = mode; -+ UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode ))); -+ } -+ -+ } else if ( editInput == `browse ) { -+ -+ string selectFile = ""; -+ selectFile = UI::AskForExistingDirectory( "/", _("Select Directory")); -+ -+ if ( selectFile != nil ) { -+ UI::ChangeWidget(`id(`expPath), `Value, selectFile); -+ } -+ -+ Settings["expPath"] = expPath; -+ -+ } else if ( editInput == `close || editInput == `cancel ) { -+ break; -+ } else if ( editInput == `save ) { -+ -+ string spath = "0"; -+ -+ if ( sname == "Executive.Security.Summary" || sname == "Applications.Audit" ) { -+ -+ expPath = (string) UI::QueryWidget(`id(`expPath), `Value); -+ map fileTest = $[]; -+ fileTest["checkFile"] = "1"; -+ fileTest["file"] = expPath; -+ -+ any pathExists = SCR::Read(.reports_parse, fileTest); -+ spath = tostring(pathExists); -+ Settings["expPath"] = expPath; -+ } else { -+ // SIR Reports already checked -+ spath = "1"; -+ } -+ -+ if ( spath != "1" ) { -+ Popup::Error(_("The specified directory does not exist.")); -+ UI::ChangeWidget(`id(`expPath), `Value, oldExpPath); -+ } else { -+ -+ -+ if ( sname != "Executive.Security.Summary" && sname != "Applications.Audit" ) { -+ -+ string prog = (string) UI::QueryWidget(`id(`prog), `Value); -+ string prof = (string) UI::QueryWidget(`id(`prof), `Value); -+ string pid = (string) UI::QueryWidget(`id(`pid), `Value); -+ string res = (string) UI::QueryWidget(`id(`res), `Value); -+ string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); -+ string mode = (string) UI::QueryWidget(`id(`mode), `Label); -+ string sev = (string) UI::QueryWidget(`id(`sev), `Value); -+ -+ Settings["prog"] = prog; -+ Settings["prof"] = prof; -+ Settings["pid"] = pid; -+ Settings["sev"] = sev; -+ Settings["res"] = res; -+ Settings["sdmode"] = humanStringToMode( sdmode ); -+ Settings["mode"] = humanStringToMode( mode ); -+ -+ } else { -+ -+ string email1 = (string) UI::QueryWidget(`id(`email1), `Value); -+ string email2 = (string) UI::QueryWidget(`id(`email2), `Value); -+ string email3 = (string) UI::QueryWidget(`id(`email3), `Value); -+ -+ Settings = getSchedSettings(Settings); -+ } -+ -+ Settings["name"] = sname; -+ Settings["getconf"] = ""; -+ Settings["setconf"] = "1"; -+ -+ string expType = (string) UI::QueryWidget(`id(`expType), `Value); -+ -+ if ( expType == "csv" ) { -+ Settings["exporttext"] = "1"; -+ } else if ( expType == "html" ) { -+ Settings["exporthtml"] = "1"; -+ } else if ( expType == "both" ) { -+ Settings["exporttext"] = "1"; -+ Settings["exporthtml"] = "1"; -+ } -+ -+ any error = (any) SCR::Write(.reports_sched, Settings); -+ -+ if (is(error, string)) { -+ string erStr = tostring(error); -+ Popup::Error( _("Error: ") + erStr); -+ } -+ -+ break; -+ }} -+ // END - Save Dialog (editInput == `save) -+ } -+ -+ UI::CloseDialog(); -+ -+ //return (symbol) editInput; -+ return; -+} -+ -+define void delSchedForm() { -+ -+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -+ string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "")); -+ -+ map Settings = $[ ]; -+ Settings["del"] = "1"; -+ Settings["name"] = name; -+ -+ UI::OpenDialog( -+ -+ `VBox( -+ `VSpacing(0.5), -+ `Label( _("Delete Confirmation") ), -+ `VSpacing(1), -+ `HBox( -+ `HSpacing( `opt(`hstretch), 0.75 ), -+ `Left(`HWeight( 0, `Label( _("Are you sure you want to delete: ") + name + _("?") ))) -+ ), -+ `VSpacing(1), -+ `HBox( -+ `PushButton(`id(`cancel), Label::CancelButton() ), -+ `PushButton(`id(`del), Label::DeleteButton() ) -+ ) -+ )); -+ -+ symbol delInput = `default; -+ -+ while ( delInput != `close ) { -+ -+ delInput = (symbol) UI::UserInput(); -+ -+ if ( delInput == `del ) { -+ SCR::Write(.reports_sched, Settings); -+ //any error = (any) SCR::Write(.reportsched, Settings); -+ break; -+ } else if (delInput == `close || delInput == `cancel) { -+ break; -+ } -+ } -+ -+ UI::CloseDialog(); -+ -+ return; -+ -+} -+ -+// Forces update of the table of available scheduled reports -+define void updateSched() { -+ -+ map Settings = $[ ]; -+ string readSched = "1"; -+ Settings["getcron"] = "1"; -+ Settings["readSched"] = "1"; -+ Settings["type"] = "schedRep"; -+ -+ list itemList = []; -+ integer key = 1; -+ -+ list db = (list ) SCR::Read (.reports_sched, Settings); -+ -+ foreach ( map record, db, { -+ itemList = add( itemList, `item( `id(key), typeToHumanString( record["name"]:"" ), record["mday"]:nil, record["wday"]:nil, -+ record["hour"]:nil, record["mins"]:nil )); -+ key = key + 1; -+ }); -+ -+ term schedForm = -+ -+ `VBox( -+ `Label( _("Schedule Reports") ), -+ `VSpacing(2), -+ `HBox( -+ `VSpacing(10), -+ `Table(`id(`table), `opt(`notify), `header(_("Report Name"), -+ _("Day of Month"), _("Day of Week"), _("Hour"), _("Mins")), itemList) -+ ), -+ `VSpacing(0.5), -+ `HBox( -+ `PushButton(`id(`viewrep), _("View Archive") ), -+ `PushButton(`id(`runrep), _("Run Now") ) -+ ), -+ `HBox( -+ `PushButton(`id(`add), Label::AddButton() ), -+ `PushButton(`id(`edit), Label::EditButton() ), -+ `PushButton(`id(`delete), Label::DeleteButton() ) -+ ) -+ ); -+ -+ Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm, -+ mainHelp, Label::BackButton(), Label::NextButton() ); -+ -+ return; -+} -+ -+define symbol displaySchedForm() { -+ -+// START - Move to separate Routine - START -+ -+ map Settings = $[ ]; -+ string readSched = "1"; -+ Settings["getcron"] = "1"; -+ Settings["readSched"] = "1"; -+ Settings["type"] = "schedRep"; -+ -+ list itemList = []; -+ integer key = 1; -+ -+ list db = (list ) SCR::Read (.reports_sched, Settings); -+ -+ foreach ( map record, db, { -+ itemList = add( itemList, `item( `id(key), typeToHumanString( record["name"]:""), record["mday"]:nil, record["wday"]:nil, -+ record["hour"]:nil, record["mins"]:nil )); -+ key = key + 1; -+ }); -+ -+ term schedForm = -+ -+ `Frame( `id(`dosched), _("Schedule Reports"), -+ `VBox( -+ `VSpacing(2), -+ `HBox( -+ `VSpacing(10), -+ `Table(`id(`table), `opt(`notify), `header(_("Report Name"), -+ _("Day of Month"), _("Day of Week"), _("Hour"), _("Mins")), -+ itemList) -+ ), -+ `VSpacing(0.5), -+ `HBox( -+ `PushButton(`id(`viewrep), _("View Archive") ), -+ `PushButton(`id(`runrep), _("Run Now") ) -+ ), -+ `HBox( -+ `PushButton(`id(`add), Label::AddButton() ), -+ `PushButton(`id(`edit), Label::EditButton() ), -+ `PushButton(`id(`delete), Label::DeleteButton() ) -+ )) -+ ); -+ -+ Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm, -+ mainHelp, Label::BackButton(), _("&Done") ); -+ -+ // Double-click tracking -+ integer newRecord = nil; -+ integer lastRecord = nil; -+ -+ map event = $[]; -+ any id = nil; -+ while( true ) { -+ -+ event = UI::WaitForEvent( timeout_millisec ); -+ -+ id = event["ID"]:nil; // We'll need this often - cache it -+ -+ if ( id == `schedrep ) { -+ -+ break; -+ -+ } else if ( id == `abort || id == `cancel || id == `done ) { -+ break; -+ } else if ( id == `back ) { -+ break; -+ } else if ( id == `runrep || id == `viewrep ) { -+ break; -+ } else if ( id == `next ) { -+ id = `done; -+ break; -+ } else if ( id == `add ) { -+ addSchedForm(); -+ Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm, mainHelp, Label::BackButton(), Label::NextButton() ); -+ updateSched(); -+ continue; -+ -+ } else if ( id == `edit ) { -+ editSchedForm(); -+ updateSched(); -+ continue; -+ -+ } else if ( id == `delete ) { -+ -+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -+ string repName = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "")); -+ -+ if ( repName == "Executive.Security.Summary" || repName == "Applications.Audit" || repName == "Security.Incident.Report" ) { -+ Popup::Error( _("Cannot delete a stock report.") ); -+ } else { -+ -+ delSchedForm(); -+ updateSched(); -+ } -+ -+ continue; -+ -+ } else if ( id == `table ) { -+ -+ newRecord = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -+ -+ if ( newRecord == lastRecord ) { -+ //editSchedForm(); -+ //updateSched(); -+ id = `runrep; -+ break; -+ newRecord = 0; -+ } -+ -+ lastRecord = newRecord; -+ -+ } else { -+ y2error("Unexpected return code: %1", id); -+ continue; -+ } -+ } -+ -+ return (symbol) id; -+} -+ -+ -+} -+ -+ ---- /dev/null -+++ b/src/include/apparmor/reporting_utils.ycp -@@ -0,0 +1,609 @@ -+/* ------------------------------------------------------------------ -+* -+* Copyright (C) 2002-2005 Novell/SUSE -+* -+* This program is free software; you can redistribute it and/or -+* modify it under the terms of version 2 of the GNU General Public -+* License published by the Free Software Foundation. -+* -+ ------------------------------------------------------------------*/ -+{ -+ -+import "Wizard"; -+import "Popup"; -+import "Label"; -+include "subdomain/report_helptext.ycp"; -+textdomain "yast2-apparmor"; -+ -+define boolean checkEventDb() { -+ -+ boolean dbActivated = false; -+ map args = $[]; -+ args["checkDb"] = "1"; -+ -+ any dbCheck = (any) SCR::Read( .reports_parse, args); -+ integer dbOn = tointeger(dbCheck); -+ -+ if ( dbOn == 1 ) { -+ dbActivated = true; -+ } -+ -+ return dbActivated; -+} -+ -+define boolean findDupe(string name) { -+ -+ boolean unique = false; -+ map args = $[ ]; -+ args["name"] = name; -+ args["getdupe"] = "1"; -+ any aDupe = (any) SCR::Read (.reports_sched, args ); -+ -+ if ( aDupe == "" || aDupe == nil ) { -+ unique = true; // bad, but try for a non-breaking failure -+ } else if ( aDupe == 1 ) { -+ unique = false; -+ } else { -+ unique = true; -+ } -+ -+ return unique; -+} -+ -+define string unI18n(string weekday) { -+ -+ if ( weekday == _("Mon") ) { weekday = "Mon"; } -+ if ( weekday == _("Tue") ) { weekday = "Tue"; } -+ if ( weekday == _("Wed") ) { weekday = "Wed"; } -+ if ( weekday == _("Thu") ) { weekday = "Thu"; } -+ if ( weekday == _("Fri") ) { weekday = "Fri"; } -+ if ( weekday == _("Sat") ) { weekday = "Sat"; } -+ if ( weekday == _("Sun") ) { weekday = "Sun"; } -+ -+ return weekday; -+} -+ -+/* Possible 'type's for getLastPage() && getLastSirPage() -+ - displayArchForm(): type = sirRep || audRep || essRep -+ - displayRunForm(): type = sir || aud || ess -+*/ -+ -+// Return last page number of post-filtered report -+define integer getLastPage(string type, map Settings, string name) { -+ -+ if ( type == "sir" || type == "sirRep" ) { -+ if ( name != nil && name != "" ) { -+ Settings["name"] = name; -+ } else { -+ y2error(_("No name provided for retrieving SIR report page count.")); -+ return 1; // return a page count of 1 -+ } -+ } -+ -+ Settings["type"] = type; -+ Settings["getLastPage"] = "1"; -+ map page = $[]; -+ page = (map) SCR::Read (.reports_parse, Settings); -+ integer lastPage = page["numPages"]:1; -+ -+ return lastPage; -+} -+ -+define boolean CheckDate( integer day, integer month, integer year ) ``{ -+ -+ list mdays = [ 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 ]; -+ boolean ret = true; -+ -+ if (year == nil || month == nil || day == nil) -+ return false; -+ -+ ret = ret && month>=1 && month<=12; -+ -+ if( year%4==0 && (year%100!=0 || year%400==0)) { -+ mdays[1] = 29; -+ } -+ -+ ret = ret && day>=1 && day<=mdays[month-1]:0; -+ ret = ret && year>=1970 && year<2032; -+ return( ret ); -+ -+} -+ -+// Make the table for displaying report data -+define term makeSirTable (list reportList) { -+ term myTable = -+ `Table(`id(`table), `opt(`keepSorting, `immediate ), `header(_("Host"), -+ _("Date"), _("Program"), _("Profile"), _("PID"), _("Severity"), -+ _("Mode Request"), _("Mode Deny"), _("Detail"), _("Event Type"), -+ _("Operation"), _("Attribute"), _("Additional Name"), _("Net Family"), -+ _("Net Protocol"), _("Net Socket Type")), reportList -+ ); -+ return myTable; -+} -+ -+define integer popUpGoto(integer lastPage) { -+ -+ UI::OpenDialog( -+ `VBox( -+ `HBox( -+ `TextEntry(`id(`gotoPage), _("Enter a Page to Move to."), "") -+ ), -+ `HBox( -+ `PushButton(`id(`abort), `opt(`notify), Label::AbortButton() ), -+ `PushButton(`id(`save), `opt(`notify), Label::SaveButton() ) -+ ) -+ ) -+ ); -+ -+ map event = $[]; -+ any id = nil; -+ integer igoto = nil; -+ -+ while( true ) { -+ -+ event = UI::WaitForEvent(); -+ id = event["ID"]:nil; -+ -+ if ( id == `abort || id == `close || id == `cancel ) { -+ -+ break; -+ -+ } else if ( id == `save ) { -+ -+ any agoto = UI::QueryWidget(`id(`gotoPage), `Value); -+ igoto = tointeger(agoto); -+ -+ if ( igoto == nil || igoto < 1 || igoto > lastPage ) { -+ -+ Popup::Message("You must enter a value between 1 and " + lastPage + "."); -+ -+ } else { -+ -+ break; -+ -+ } -+ } -+ } -+ -+ UI::CloseDialog(); -+ -+ return igoto; -+} -+ -+define string getSortId(string type, any sortId) { -+ -+ string sortKey = ""; -+ -+ -+ if ( type == "aud" || type == "audRep") { -+ -+ if ( sortId == 0 ) { -+ sortKey = "prog"; -+ } else if ( sortId == 1 ) { -+ sortKey = "profile"; -+ } else if ( sortId == 2 ) { -+ sortKey = "pid"; -+ } else if ( sortId == 3 ) { -+ sortKey = "state"; -+ } else if ( sortId == 4 ) { -+ sortKey = "type"; -+ } -+ -+ } else if (type == "ess" || type == "essRep" ) { -+ -+ if ( sortId == 0 ) { -+ sortKey = "host"; -+ } else if ( sortId == 1 ) { -+ //sortKey = "date"; -+ sortKey = "numRejects"; -+ } else if ( sortId == 2 ) { -+ sortKey = "numEvents"; -+ } else if ( sortId == 3 ) { -+ sortKey = "sevMean"; -+ } else if ( sortId == 4 ) { -+ sortKey = "sevHi"; -+ } -+ -+ } else { -+ -+ if ( sortId == 0 ) { -+ sortKey = "host"; -+ } else if ( sortId == 1 ) { -+ //sortKey = "date"; -+ sortKey = "time"; -+ } else if ( sortId == 2 ) { -+ sortKey = "prog"; -+ } else if ( sortId == 3 ) { -+ sortKey = "profile"; -+ } else if ( sortId == 4 ) { -+ sortKey = "pid"; -+ } else if ( sortId == 5 ) { -+ sortKey = "resource"; -+ } else if ( sortId == 6 ) { -+ sortKey = "severity"; -+ } else if ( sortId == 7 ) { -+ sortKey = "sdmode"; -+ } else if ( sortId == 8 ) { -+ sortKey = "mode"; -+ } -+ -+ } -+ -+ return sortKey; -+} -+ -+// Get the name of the filter (header column) to sort by -+define string popUpSort(string type) { -+ -+ term btnList = nil; -+ -+ if ( type == "aud" || type == "audRep") { -+ btnList = -+ `VBox( -+ `Left(`RadioButton(`id(0), _("Program") )), -+ `Left(`RadioButton(`id(1), _("Profile") )), -+ `Left(`RadioButton(`id(2), _("PID") )), -+ `Left(`RadioButton(`id(3), _("State") )), -+ `Left(`RadioButton(`id(4), _("Type") )) -+ ); -+ -+ } else if (type == "ess" || type == "essRep" ) { -+ btnList = -+ `VBox( -+ `Left(`RadioButton(`id(0), _("Host") )), -+ `Left(`RadioButton(`id(1), _("Num. Rejects") )), -+ `Left(`RadioButton(`id(2), _("Num. Events") )), -+ `Left(`RadioButton(`id(3), _("Ave. Sev") )), -+ `Left(`RadioButton(`id(4), _("High Sev") )) -+ ); -+ } else { -+ -+ btnList = -+ `VBox( -+ // Sorting by host is no longer meaningful (due to sql changes) -+ //`Left(`RadioButton(`id(0), _("Host") )), -+ `Left(`RadioButton(`id(1), _("Date") )), -+ `Left(`RadioButton(`id(2), _("Program") )), -+ `Left(`RadioButton(`id(3), _("Profile") )), -+ `Left(`RadioButton(`id(4), _("PID") )), -+ `Left(`RadioButton(`id(5), _("Detail") )), -+ `Left(`RadioButton(`id(6), _("Severity") )), -+ `Left(`RadioButton(`id(7), _("Access Type") )), -+ `Left(`RadioButton(`id(8), _("Mode") )) -+ ); -+ } -+ -+ UI::OpenDialog( -+ `VBox( -+ `HBox( -+ //`HSpacing( `opt(`vstretch), 0.5), -+ `RadioButtonGroup(`id(`sortKey), -+ btnList -+ ) -+ ), -+ `HBox( -+ `PushButton(`id(`abort), Label::AbortButton() ), -+ `PushButton(`id(`save), Label::SaveButton() ) -+ ) -+ ) -+ ); -+ -+ map event = $[]; -+ any id = nil; -+ string sortKey = nil; -+ -+ while( true ) { -+ -+ event = UI::WaitForEvent(); -+ id = event["ID"]:nil; // We'll need this often - cache it -+ -+ if ( id == `abort || id == `cancel || id == `close) { -+ -+ break; -+ -+ } else if (id == `save ) { -+ -+ any sortId = UI::QueryWidget(`id(`sortKey), `CurrentButton); -+ -+ /* sortKey needs to match the hash reference names in parseEventLog() -+ && sortRecords() in Immunix::Reports.pm */ -+ -+ sortKey = getSortId(type,sortId); -+ break; -+ -+ } -+ } -+ -+ UI::CloseDialog(); -+ -+ return sortKey; -+ -+} -+ -+// Mode -+define string popUpMode() { -+ -+ string checkMode = (string) UI::QueryWidget(`id(`mode), `Label); -+ list splitMode = splitstring (checkMode, " "); -+ string myMode = splitMode[size(splitMode)-1]:"All"; -+ -+ UI::OpenDialog( -+ `VBox( -+ `HBox( -+ `CheckBox(`id(`clear), `opt(`notify, `immediate ), _("All"), true), -+ `CheckBox(`id(`read), `opt(`notify, `immediate ), _("Read"), false), -+ `CheckBox(`id(`write), `opt(`notify, `immediate ), _("Write"), false), -+ `CheckBox(`id(`link), `opt(`notify, `immediate ), _("Link"), false), -+ `CheckBox(`id(`exec), `opt(`notify, `immediate ), _("Execute"), false), -+ `CheckBox(`id(`mmap), `opt(`notify, `immediate ), _("MMap"), false) -+ ), -+ `HBox( -+ `PushButton(`id(`cancel), Label::CancelButton() ), -+ `PushButton(`id(`save), Label::SaveButton() ) -+ ) -+ ) -+ ); -+ -+ integer isall = search( myMode, "All"); -+ if ( isall != nil && isall >= 0 ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ UI::ChangeWidget(`id(`read), `Value, true); -+ UI::ChangeWidget(`id(`write), `Value, true); -+ UI::ChangeWidget(`id(`link), `Value, true); -+ UI::ChangeWidget(`id(`exec), `Value, true); -+ UI::ChangeWidget(`id(`mmap), `Value, true); -+ } else { -+ if ( search( myMode, "r") != nil ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ UI::ChangeWidget(`id(`read), `Value, true); -+ } -+ if ( search( myMode, "w") != nil ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ UI::ChangeWidget(`id(`write), `Value, true); -+ } -+ if ( search( myMode, "l") != nil ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ UI::ChangeWidget(`id(`link), `Value, true); -+ } -+ if ( search( myMode, "x") != nil ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ UI::ChangeWidget(`id(`exec), `Value, true); -+ } -+ if ( search( myMode, "m") != nil ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ UI::ChangeWidget(`id(`mmap), `Value, true); -+ } -+ } -+ -+ string mode = ""; -+ map event = $[]; -+ any id = nil; -+ -+ while( true ) { -+ -+ event = UI::WaitForEvent(); -+ id = event["ID"]:nil; // We'll need this often - cache it -+ -+ if ( id == `clear) { -+ -+ if ( UI::QueryWidget(`id(`clear), `Value) == true ) { -+ UI::ChangeWidget(`id(`read), `Value, false); -+ UI::ChangeWidget(`id(`write), `Value, false); -+ UI::ChangeWidget(`id(`link), `Value, false); -+ UI::ChangeWidget(`id(`exec), `Value, false); -+ UI::ChangeWidget(`id(`mmap), `Value, false); -+ mode = "All"; -+ } -+ -+ } else if ( id == `read || id == `write || id == `link || id == `exec || id == `mmap ) { -+ -+ if ( UI::QueryWidget(`id(`read), `Value) == true ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ } else if ( UI::QueryWidget(`id(`write), `Value) == true ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ } else if ( UI::QueryWidget(`id(`link), `Value) == true ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ } else if ( UI::QueryWidget(`id(`exec), `Value) == true ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ } else if ( UI::QueryWidget(`id(`mmap), `Value) == true ) { -+ UI::ChangeWidget(`id(`link), `Value, false); -+ } -+ -+ } else if ( id == `abort || id == `cancel || id == `close) { -+ mode = myMode; -+ break; -+ } else if ( id == `save ) { -+ -+ if ( UI::QueryWidget(`id(`clear), `Value) == true ) { -+ mode = "All"; -+ } else { -+ list sdList = []; -+ if ( UI::QueryWidget(`id(`read), `Value) == true ) { sdList = add(sdList, "r"); } -+ if ( UI::QueryWidget(`id(`write), `Value) == true ) { sdList = add(sdList, "w"); } -+ if ( UI::QueryWidget(`id(`link), `Value) == true ) { sdList = add(sdList, "l"); } -+ if ( UI::QueryWidget(`id(`exec), `Value) == true ) { sdList = add(sdList, "x"); } -+ if ( UI::QueryWidget(`id(`mmap), `Value) == true ) { sdList = add(sdList, "m"); } -+ -+ foreach ( string perm, sdList, { mode = mode + perm; }); -+ } -+ -+ break; -+ } -+ } -+ -+ UI::CloseDialog(); -+ return mode; -+} -+ -+// Access Type - SD Mode -+define string popUpSdMode() { -+ -+ string checkMode = (string) UI::QueryWidget(`id(`sdmode), `Label); -+ checkMode = filterchars(checkMode, "APRl"); -+ list splitMode = splitstring (checkMode, " "); -+ string mySdMode = splitMode[size(splitMode)-1]:"R"; -+ -+ UI::OpenDialog( -+ `VBox( -+ `HBox( -+ `CheckBox(`id(`clear), `opt(`notify, `immediate ), _("All"), false), -+ `CheckBox(`id(`permit), `opt(`notify, `immediate ), _("Permit"), false), -+ `CheckBox(`id(`reject),`opt(`notify, `immediate ), _("Reject"), false), -+ `CheckBox(`id(`audit),`opt(`notify, `immediate ), _("Audit"), false) -+ ), -+ `HBox( -+ `PushButton(`id(`cancel), `opt(`notify), Label::CancelButton() ), -+ `PushButton(`id(`save), `opt(`notify), Label::SaveButton() ) -+ ) -+ ) -+ ); -+ -+ if ( mySdMode == "P") { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ UI::ChangeWidget(`id(`permit), `Value, true); -+ -+ } else if ( mySdMode == "R") { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ UI::ChangeWidget(`id(`reject), `Value, true); -+ -+ } else if ( mySdMode == "A") { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ UI::ChangeWidget(`id(`audit), `Value, true); -+ -+ } else if ( mySdMode == "PR" ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ UI::ChangeWidget(`id(`permit), `Value, true); -+ UI::ChangeWidget(`id(`reject), `Value, true); -+ -+ } else if (mySdMode == "PA" ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ UI::ChangeWidget(`id(`permit), `Value, true); -+ UI::ChangeWidget(`id(`audit), `Value, true); -+ -+ } else if (mySdMode == "PRA" ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ UI::ChangeWidget(`id(`permit), `Value, true); -+ UI::ChangeWidget(`id(`reject), `Value, true); -+ UI::ChangeWidget(`id(`audit), `Value, true); -+ -+ } else if (mySdMode == "RA" ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ UI::ChangeWidget(`id(`reject), `Value, true); -+ UI::ChangeWidget(`id(`audit), `Value, true); -+ } else if ( mySdMode == "All" ) { -+ UI::ChangeWidget(`id(`clear), `Value, true); -+ UI::ChangeWidget(`id(`permit), `Value, false); -+ UI::ChangeWidget(`id(`reject), `Value, false); -+ UI::ChangeWidget(`id(`audit), `Value, false); -+ } -+ -+ string sdMode = ""; -+ map event = $[]; -+ any id = nil; -+ -+ while( true ) { -+ -+ event = UI::WaitForEvent(); -+ id = event["ID"]:nil; -+ -+ if ( id == `clear) { -+ -+ if ( UI::QueryWidget(`id(`clear), `Value) == true ) { -+ UI::ChangeWidget(`id(`permit), `Value, false); -+ UI::ChangeWidget(`id(`reject), `Value, false); -+ UI::ChangeWidget(`id(`audit), `Value, false); -+ sdMode = "All"; -+ } -+ -+ } else if ( id == `permit || id == `reject || id == `audit ) { -+ -+ if ( UI::QueryWidget(`id(`permit), `Value) == true ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ } else if ( UI::QueryWidget(`id(`reject), `Value) == true ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ } else if ( UI::QueryWidget(`id(`audit), `Value) == true ) { -+ UI::ChangeWidget(`id(`clear), `Value, false); -+ } -+ -+ } else if ( id == `cancel ) { -+ -+ sdMode = mySdMode; -+ break; -+ -+ } else if ( id == `save ) { -+ -+ if ( UI::QueryWidget(`id(`clear), `Value) == true ) { -+ sdMode = "All"; -+ } else { -+ sdMode = ""; -+ list mList = []; -+ if ( UI::QueryWidget(`id(`permit), `Value) == true ) { mList = add(mList, "P"); } -+ if ( UI::QueryWidget(`id(`reject), `Value) == true ) { mList = add(mList, "R"); } -+ if ( UI::QueryWidget(`id(`audit), `Value) == true ) { mList = add(mList, "A"); } -+ -+ foreach ( string state, mList, { sdMode = sdMode + state; }); -+ } -+ -+ break; -+ } -+ -+ } -+ -+ UI::CloseDialog(); -+ return sdMode; -+} -+ -+/* For On Demand Reports -+ - Returns list of terms corresponding to the type of report -+***********************************************************************/ -+define list getReportList(string type, map Settings) { -+ -+ list reportList = []; -+ -+ if ( type == "aud" ) { -+ -+ list db = (list ) SCR::Read (.reports_confined, Settings); -+ integer key = 1; -+ -+ foreach ( map repdata, db, { -+ reportList = add( reportList, `item( `id(key), repdata["host"]:nil, repdata["date"]:nil, -+ repdata["prog"]:nil, repdata["prof"]:nil, repdata["pid"]:nil, repdata["state"]:nil, -+ repdata["type"]:nil )); -+ key = key + 1; -+ }); -+ -+ } else if ( type == "ess" ) { -+ -+ list db = (list ) SCR::Read (.reports_ess, Settings); -+ integer key = 1; -+ -+ foreach ( map repdata, db, { -+ reportList = add( reportList, `item( `id(key), repdata["host"]:nil, -+ repdata["startdate"]:nil, repdata["enddate"]:nil, repdata["numRejects"]:nil, -+ repdata["numEvents"]:nil, repdata["sevMean"]:nil, repdata["sevHi"]:nil )); -+ key = key + 1; -+ }); -+ -+ } else { -+ -+ list db = (list ) SCR::Read (.logparse, Settings); -+ integer key = 0; -+ -+ foreach ( map record, db, { -+ reportList = add( reportList, `item( `id(key), -+ record["host"]:nil, record["date"]:nil, record["prog"]:nil, -+ record["profile"]:nil, record["pid"]:nil, record["severity"]:nil, -+ record["mode_req"]:nil, record["mode_deny"]:nil, -+ record["resource"]:nil, record["sdmode"]:nil, record["op"]:nil, -+ record["attr"]:nil, record["name_alt"]:nil, record["net_family"]:nil, -+ record["net_proto"]:nil, record["net_socktype"]:nil -+ )); -+ key = key + 1; -+ }); -+ -+ } -+ -+ return reportList; -+} -+ -+} ---- a/src/include/subdomain/Makefile.am -+++ /dev/null -@@ -1,19 +0,0 @@ --yncludedir = @yncludedir@/subdomain -- --ynclude_DATA = \ -- apparmor_packages.ycp \ -- apparmor_profile_check.ycp \ -- apparmor_ycp_utils.ycp \ -- capabilities.ycp \ -- config_complain.ycp \ -- helps.ycp \ -- profile_dialogs.ycp \ -- report_helptext.ycp \ -- reporting_archived_dialogs.ycp \ -- reporting_dialogues.ycp \ -- reporting_utils.ycp \ -- sd-config.ycp -- --EXTRA_DIST = \ -- $(ynclude_DATA) -- ---- a/src/include/subdomain/apparmor_packages.ycp -+++ /dev/null -@@ -1,30 +0,0 @@ --/* -- Copyright (C) 2006 Novell Inc. All Rights Reserved. -- -- This program is free software; you can redistribute it and/or -- modify it under the terms of version 2 of the GNU General Public -- License published by the Free Software Foundation. -- -- This program is distributed in the hope that it will be useful, -- but WITHOUT ANY WARRANTY; without even the implied warranty of -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- GNU General Public License for more details. -- -- You should have received a copy of the GNU General Public License -- along with this program; if not, contact Novell, Inc. -- -- Written by Steve Beattie -- */ -- -- /* This should probably be more intelligent and query the user once -- * whether they want optional packages like apparmor-docs, libapparmor, -- * apache2-mod-apparmor and * (eventually) pam-apparmor installed. */ -- --import "PackageSystem"; -- --list __needed_packages = -- ["apparmor-parser", "apparmor-utils", "apparmor-profiles"]; -- --define boolean installAppArmorPackages () { -- return PackageSystem::CheckAndInstallPackagesInteractive (__needed_packages); --} ---- a/src/include/subdomain/apparmor_profile_check.ycp -+++ /dev/null -@@ -1,52 +0,0 @@ --/* -- Copyright (C) 2006 Novell Inc. All Rights Reserved. -- -- This program is free software; you can redistribute it and/or -- modify it under the terms of version 2 of the GNU General Public -- License published by the Free Software Foundation. -- -- This program is distributed in the hope that it will be useful, -- but WITHOUT ANY WARRANTY; without even the implied warranty of -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- GNU General Public License for more details. -- -- You should have received a copy of the GNU General Public License -- along with this program; if not, contact Novell, Inc. -- -- */ -- -- --import "Popup"; --textdomain "yast2-apparmor"; -- --define boolean checkProfileSyntax () { -- map args = $[]; -- string errmsg = "

      "; -- boolean syntax_ok = true; -- -- args["profile-syntax-check"] = "1"; -- list errors = (list ) SCR::Execute (.subdomain, "profile-syntax-check" ); -- foreach ( string error, errors, ``{ -- syntax_ok = false; -- errmsg = errmsg + "
    • " + error + "
      • "; -- }); -- errmsg = errmsg + "
    "; -- if ( syntax_ok == false ) { -- string headline = _("Errors found in AppArmor profiles"); -- errmsg = _("

    These problems must be corrected before AppArmor can be \ --started or the profile management tools can be used.

    ") -- + "

    " + errmsg + "

    " -- + _("

    You can find a description of AppArmor profile syntax by \ --running ") -- + "man apparmor.d

    " -- + _("

    Comprehensive documentation about AppArmor is available in \ --the Administration guide. This is available in the \ --directory: ") -- + "

    " -- + "/usr/share/doc/manual/suselinux-manual_LANGUAGE. " -- + _("

    Please refer to this for more detailed information about \ --AppArmor

    "); -- Popup::LongText( headline, `RichText(errmsg), 55, 15); -- } -- return( syntax_ok ); --} ---- a/src/include/subdomain/apparmor_ycp_utils.ycp -+++ /dev/null -@@ -1,679 +0,0 @@ -- --/* -- Copyright (C) 2007 Novell Inc. All Rights Reserved. -- -- This program is free software; you can redistribute it and/or -- modify it under the terms of version 2 of the GNU General Public -- License published by the Free Software Foundation. -- -- This program is distributed in the hope that it will be useful, -- but WITHOUT ANY WARRANTY; without even the implied warranty of -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- GNU General Public License for more details. -- -- You should have received a copy of the GNU General Public License -- along with this program; if not, contact Novell, Inc. -- -- */ -- -- --import "Label"; --import "Popup"; --import "AppArmorDialogs"; --textdomain "yast2-apparmor"; -- -- map CMDS = $[ ]; -- CMDS["CMD_ALLOW"] = _("&Allow"); -- CMDS["CMD_DENY"] = _("&Deny"); -- CMDS["CMD_ABORT"] = _("Abo&rt"); -- CMDS["CMD_FINISHED"] = Label::FinishButton(); -- CMDS["CMD_AUDIT_NEW"] = _("Audi&t"); -- CMDS["CMD_AUDIT_OFF"] = _("Audi&t off"); -- CMDS["CMD_AUDIT_FULL"] = _("Audit &All"); -- CMDS["CMD_OTHER"] = _("&Opts"); -- CMDS["CMD_USER_ON"] = _("&Owner permissions on"); -- CMDS["CMD_USER_OFF"] = _("&Owner permissions off"); -- CMDS["CMD_ix"] = _("&Inherit"); -- CMDS["CMD_px"] = _("&Profile"); -- CMDS["CMD_px_safe"] = _("&Profile Clean Exec"); -- CMDS["CMD_cx"] = _("&Child"); -- CMDS["CMD_cx_safe"] = _("&Child Clean Exec"); -- CMDS["CMD_nx"] = _("&Name"); -- CMDS["CMD_nx_safe"] = _("&Named Clean Exec"); -- CMDS["CMD_ux"] = _("&Unconfined"); -- CMDS["CMD_ux_safe"] = _("&Unconfined Clean Exec"); -- CMDS["CMD_pix"] = _("&Profile ix"); -- CMDS["CMD_pix_safe"] = _("&Profile ix Clean Exec"); -- CMDS["CMD_cix"] = _("&Child ix"); -- CMDS["CMD_cix_safe"] = _("&Child ix Cx Clean Exec"); -- CMDS["CMD_nix"] = _("&Name ix"); -- CMDS["CMD_nix_safe"] = _("&Name ix"); -- CMDS["CMD_EXEC_IX_ON"] = _("i&x fallback on"); -- CMDS["CMD_EXEC_IX_OFF"] = _("i&x fallback off"); -- CMDS["CMD_CONTINUE"] = _("&Continue Profiling"); -- CMDS["CMD_INHERIT"] = _("&Inherit"); -- CMDS["CMD_PROFILE"] = _("&Profile"); -- CMDS["CMD_UNCONFINED"] = _("&Unconfined"); -- CMDS["CMD_NEW"] = _("&Edit"); -- CMDS["CMD_GLOB"] = _("&Glob"); -- CMDS["CMD_GLOBEXT"] = _("Glob w/E&xt"); -- CMDS["CMD_ADDHAT"] = _("&Add Requested Hat"); -- CMDS["CMD_USEDEFAULT"] = _("&Use Default Hat"); -- CMDS["CMD_SCAN"] = _("&Scan system log for AppArmor events"); -- CMDS["CMD_VIEW_PROFILE"] = _("&View Profile"); -- CMDS["CMD_USE_PROFILE"] = _("&Use Profile"); -- CMDS["CMD_CREATE_PROFILE"] = _("&Create New Profile"); -- CMDS["CMD_UPDATE_PROFILE"] = _("&Update Profile"); -- CMDS["CMD_IGNORE_UPDATE"] = _("&Ignore Update"); -- CMDS["CMD_SAVE_CHANGES"] = _("&Save Changes"); -- CMDS["CMD_UPLOAD_CHANGES"] = _("&Upload Changes"); -- CMDS["CMD_VIEW_CHANGES"] = _("&View Changes"); -- CMDS["CMD_ENABLE_REPO"] = _("&Enable Repository"); -- CMDS["CMD_DISABLE_REPO"] = _("&Disable Repository"); -- CMDS["CMD_ASK_NEVER"] = _("&Never Ask Again"); -- CMDS["CMD_ASK_LATER"] = _("Ask Me &Later"); -- CMDS["CMD_YES"] = Label::YesButton(); -- CMDS["CMD_NO"] = Label::NoButton(); -- -- --define boolean validEmailAddress ( string emailAddr, boolean allowlocal ) { -- -- integer emailAddrLength = size(emailAddr); -- boolean isSafe = false; -- -- if ( allowlocal && regexpmatch( emailAddr, "^\/var\/mail\/\\w+$" )) { -- isSafe = true; -- } else if ((regexpmatch( emailAddr, "\\w+(-\\w+?)@\\w+" ) || -- regexpmatch( emailAddr, "/^(\\w+\.?)+\\w+\@(\\w+\.?)+\\w+$" ) || -- regexpmatch( emailAddr, "\\w+@\\w+" ) || -- !regexpmatch( emailAddr, "..+" )) && -- emailAddrLength < 129 ) { -- isSafe = true; -- } -- return isSafe; --} -- --define boolean checkEmailAddress( string emailAddr ) { -- -- if ( ! validEmailAddress( emailAddr, false ) ) { -- string err_email_format = _("Email address format invalid.\nEmail address must be less than 129 characters \n and of the format \"name@domain\". \n Please enter another address."); -- Popup::Error( err_email_format ); -- return false; -- } -- return true; --} -- -- --/** UI_RepositorySignInDialog -- * Dialog to allow users to signin or register with an external AppArmor -- * profile repository -- * -- * @param agent_data - data from the backend -- * [ repo_url - string ] -- * @return answers - map that contains: -- * [ newuser => 1|0 - registering a new user? ] -- * [ user => username ] -- * [ pass => password ] -- * [ email => email address - if newuser = 1 ] -- * [ save_config => true/false - save this information on ] -- * [ the system ] -- * -- **/ --define map UI_RepositorySignInDialog( map agent_data ) { -- string repo_url = (string) agent_data["repo_url"]:"MISSING_REPO_URL"; -- term dialog = -- `VBox( -- `VSpacing(1), -- `Top(`Label(_("AppArmor Profile Repository Setup") + "\n" + repo_url)), -- `VBox( -- `ReplacePoint(`id(`replace), `Empty()) -- ), -- `VSpacing(1) -- ); -- -- term signin_box = -- `VBox( -- `HBox( -- `HSpacing(1), -- `Frame(`id(`signin_frame), _("Sign in to the repository"), -- `HBox( -- `HSpacing(0.5), -- `VBox( -- `TextEntry(`id(`username), _("Username")), -- `Password(`id(`password), Label::Password()), -- `VSpacing(1), -- `HBox( -- `CheckBox(`id(`save_conf), `opt(`notify), -- _("S&ave configuration")), -- `HSpacing( 0.5), -- `Left(`PushButton(`id(`signin_submit), -- _("&Sign in"))), -- `Right(`PushButton(`id(`signin_cancel), -- Label::CancelButton())), -- `HSpacing( 0.5) -- ) -- ), -- `HSpacing(0.5) -- ) -- ), -- `HSpacing(1) -- ), -- `VSpacing(1), -- `PushButton(`id(`newuser), _("&Register new user...")) -- ); -- -- term registration_box = -- `VBox( -- `HBox( -- `HSpacing(1), -- `Frame(`id(`register_frame), _("Register New User"), -- `HBox( -- `HSpacing(0.5), -- `VBox( -- `TextEntry(`id(`register_username), -- _("Enter Username")), -- `TextEntry(`id(`register_email), -- _("Enter Email Address")), -- `Password(`id(`register_password), -- _("Enter Password")), -- `Password(`id(`register_password2), -- _("Verify Password")), -- `VSpacing(1), -- `HBox( -- `HSpacing( 0.2), -- `CheckBox(`id(`save_conf_new), `opt(`notify), -- _("S&ave configuration")), -- `Left(`PushButton(`id(`register_submit), -- _("&Register"))), -- `Right(`PushButton(`id(`register_cancel), -- Label::CancelButton())), -- `HSpacing( 0.2) -- ) -- ), -- `HSpacing( 0.5) -- ) -- ), -- `HSpacing(1) -- ), -- `VSpacing(1), -- `PushButton(`id(`signin), _("&Sign in as existing user...")) -- ); -- -- UI::OpenDialog(`opt(`decorated), dialog); -- UI::ReplaceWidget(`replace, signin_box); -- map answers = $[ ]; -- any input = nil; -- repeat { -- input = UI::UserInput(); -- if(input == `newreg) { -- boolean new_registration = -- (boolean) UI::QueryWidget(`id(`newreg), `Value); -- if ( new_registration == true ) { -- UI::ChangeWidget(`id(`register_frame), `Enabled, true); -- UI::ChangeWidget(`id(`signin_frame), `Enabled, false); -- } else { -- UI::ChangeWidget(`id(`register_frame), `Enabled, false); -- UI::ChangeWidget(`id(`signin_frame), `Enabled, true); -- } -- } else if(input == `newuser) { -- UI::ReplaceWidget(`replace, registration_box); -- UI::ChangeWidget(`id(`register_email), `InputMaxLength, 129); -- } else if(input == `signin) { -- UI::ReplaceWidget(`replace, signin_box); -- UI::ChangeWidget(`id(`register_email), `InputMaxLength, 129); -- } else if(input == `signin_cancel || input == `register_cancel) { -- answers["answer"] = "cancel"; -- } else if ( input == `signin_submit ) { -- string username = (string) UI::QueryWidget(`id(`username), `Value); -- string password = (string) UI::QueryWidget(`id(`password), `Value); -- string save_config = -- (boolean) UI::QueryWidget(`id(`save_conf), `Value) ? "y": "n"; -- -- if ( username == "" ) { -- Popup::Error(_("Username is required")); -- } else if ( password == "" ) { -- Popup::Error(_("Password is required")); -- } else { -- y2milestone("APPARMOR : REPO - signon: \n\tusername [" + -- username + -- "]\n\tpassword [" + -- password + "]"); -- answers["newuser"] = "n"; -- answers["user"] = username; -- answers["pass"] = password; -- answers["save_config"] = save_config; -- input = `done; -- } -- } else if ( input == `register_submit ) { -- string username = -- (string) UI::QueryWidget( `id(`register_username), `Value); -- string password = -- (string) UI::QueryWidget( `id(`register_password), `Value); -- string password_verify = -- (string) UI::QueryWidget( `id(`register_password2), `Value); -- string email = (string) UI::QueryWidget( `id(`register_email), -- `Value ); -- string save_config = -- (boolean) UI::QueryWidget( `id(`save_conf_new), `Value ) -- ? "y": "n"; -- -- if ( username == "" ) { -- Popup::Error( _("Username required for registration." )); -- } else if ( email == "" ) { -- Popup::Error( _("Email address required for registration." )); -- } else if ( password == "" && password_verify == "" ) { -- Popup::Error( _("Password is required for registration." )); -- } else if ( password != password_verify ) { -- Popup::Error( _("Passwords do not match. Please re-enter." )); -- } else if ( ! checkEmailAddress( email ) ) { -- any dummy = nil; -- } else { -- y2milestone( -- "APPARMOR : REPO - new registration: \n\tusername [" + -- username + "]\n\tpassword [" + password + -- "]\n\temail [" + email + "]\n\tsave config [" + -- save_config + "]" ); -- answers["newuser"] = "y"; -- answers["pass"] = password; -- answers["user"] = username; -- answers["email"] = email; -- answers["save_config"] = save_config; -- input = `done; -- } -- } else { -- y2milestone("APPARMOR : REPO - signon - no valid input[" + -- tostring(input) + "]"); -- } -- } until ((input == `done) || -- (input == `register_cancel) || -- (input == `signin_cancel)); -- if ( input != `done ) { -- answers["cancelled"] = "y"; -- } -- UI::CloseDialog(); -- return( answers ); --} -- -- --/** UI_RepositoryViewProfile -- * Dialog to allow users to view a profile from the repository -- * and display it in a small scrollable dialog -- * -- * @param agent_data - map data from the backend -- * [ user => string ] -- * [ profile => string contiaining profile contents ] -- * [ profile_type => string INACTIVE_LOCAL|REPOSITORY ] -- * -- * @return void -- * -- **/ -- --define void UI_RepositoryViewProfile( map agent_data ) { -- -- string user = agent_data["user"]:"MISSING USER"; -- string profile = agent_data["profile"]:"MISSING PROFILE"; -- string type = agent_data["profile_type"]:"MISSING PROFILE"; -- -- string headline = ""; -- if ( type == "INACTIVE_LOCAL" ) { -- headline = _("Local inactive profile"); -- } else if ( type == "REPOSITORY" ) { -- headline = _("Profile created by user ") + user; -- } else { -- headline = _("Local profile"); -- } -- -- -- Popup::LongText ( headline, `RichText(`opt(`plainText), profile), 50, 20 ); --} -- -- --/** UI_LongMessage -- * Basic message dialog that will scroll long text -- * @param agent_data - map - data from backend -- * [ headline - string ] -- * [ message - string ] -- * -- * @return void -- **/ -- --define void UI_LongMessage( map agent_data ) { -- -- any user = agent_data["user"]:nil; -- string headline = agent_data["headline"]:"MISSING HEADLINE"; -- string message = agent_data["message"]:"MISSING MESSAGE"; -- -- Popup::LongText(headline,`RichText(`opt(`plainText), message), 60, 40); -- --} -- -- --/** UI_ShortMessage -- * Basic message dialog - no scrollbars -- * @param agent_data - map - data from backend -- * [ headline - string ] -- * [ message - string ] -- * -- * @return void -- **/ -- --define void UI_ShortMessage( map agent_data ) { -- -- any user = agent_data["user"]:nil; -- string headline = agent_data["headline"]:"MISSING HEADLINE"; -- string message = agent_data["message"]:"MISSING MESSAGE"; -- -- Popup::AnyMessage(headline, message); -- --} -- --/** UI_ChangeLog_Dialog -- * Takes a list of profiles and collects one or multiple changelog entries -- * and returns them -- * -- * @param agent_data - data from the backend -- * [ profiles - list of profile names ] -- * -- * @return results - map -- * [ STATUS - string - ok/cancel ] -- * [ SINGLE_CHANGELOG - string - set with changelog if user ] -- * [ selects a single changelog ] -- * -- * [ profile 1 name - string - changelog 1 ] -- * [ profile 2 name - string - changelog 2 ] -- * ... -- * [ profile n name - string - changelog n ] -- * -- **/ --define map UI_ChangeLog_Dialog ( map agent_data ) { -- map results = $[]; -- string main_label = _("Enter a changelog for the changes for "); -- string main_label_single = _(" the selected profiles"); -- string checkbox_label = _("Individual changelogs per profile"); -- list profiles = agent_data["profiles"]:[]; -- -- term dialog = `VBox( -- `TextEntry(`id(`stringfield), main_label + "\n" + main_label_single), -- `CheckBox(`id(`individual_changelogs), `opt(`notify), checkbox_label), -- `VSpacing(0.5), -- `HBox( -- `HWeight(1, `PushButton(`id(`okay), -- `opt(`default, -- `key_F10), -- Label::OKButton())), -- `HSpacing(2), -- `HWeight(1, `PushButton(`id(`cancel), `opt(`key_F9), Label::CancelButton())) -- ) -- ); -- results["STATUS"] = "ok"; -- boolean single_changelog = true; -- foreach( string profile_name, profiles, { -- UI::OpenDialog(dialog); -- if ( !single_changelog ) { -- UI::ChangeWidget(`id(`stringfield), -- `Label, -- main_label + "\n" + -- profile_name); -- UI::ChangeWidget(`id(`individual_changelogs), `Value, true); -- } -- UI::SetFocus(`id(`stringfield)); -- any input = nil; -- repeat { -- input = UI::UserInput(); -- if ( input == `cancel ) { -- results["STATUS"] = "cancel"; -- UI::CloseDialog(); -- break; -- } else if ( input == `okay ) { -- if (((boolean) UI::QueryWidget(`id(`individual_changelogs), -- `Value)) == false ) { -- results["SINGLE_CHANGELOG"] = -- (string) UI::QueryWidget(`id(`stringfield), `Value); -- UI::CloseDialog(); -- } else { -- results[profile_name] = -- (string) UI::QueryWidget(`id(`stringfield), `Value); -- UI::CloseDialog(); -- } -- } else if ( input == `individual_changelogs ){ -- if (((boolean) UI::QueryWidget(`id(`individual_changelogs), -- `Value)) == true ) { -- UI::ChangeWidget(`id(`stringfield), -- `Label, -- main_label + "\n" -- + profile_name); -- single_changelog = false; -- } else { -- UI::ChangeWidget(`id(`stringfield), -- `Label, -- main_label + "\n" -- + main_label_single); -- } -- } -- } until ( input == `okay || `input == `cancel ); -- if ( single_changelog || input == `cancel ) { -- break; -- } -- }); -- return( results ); --} -- --/** UI_MultiProfileSelectionDialog -- * Two pane dialog with a multi-selection box on the left -- * and a long text on the right. Allows a list of profiles -- * or profile changes to be viewed and selected for further -- * processing - for example uploading to the repository -- * -- * @param agent_data - map - data from backend -- * [ title - string - explanation of the forms use ] -- * [ get_changelog - string true/false - prompt user to ] -- * [ supply changelogs ] -- * [ never_ask_again - string true/false - add widget to let ] -- * [ user select to never prompt again to ] -- * [ upload unselected profiles to the ] -- * [ repository ] -- * [ default_select - string true/false - default value for ] -- * [ profile selection ] -- * [ profiles - map ] -- * -- * @return results - map -- * [ STATUS - string - ok/cancel ] -- * [ PROFILES - list[string] - list of selected profiles ] -- * [ NEVER_ASK_AGAIN - string - true/false - mark unselected ] -- * [ profiles as local only and don't prompt ] -- * [ to upload ] -- * [ CHANGELOG - map[string,string] - changelog data from ] -- * [ UI_ChangeLog_Dialog() ] -- * -- **/ -- --define map UI_MultiProfileSelectionDialog( map agent_data ) { -- string headline = agent_data["title"]:"MISSING TITLE"; -- string explanation = agent_data["explanation"]:"MISSING EXPLANATION"; -- boolean default_select = agent_data["default_select"]:false; -- boolean get_changelog = agent_data["get_changelog"]:true; -- boolean disable_ask_upload = agent_data["disable_ask_upload"]:false; -- map profiles = agent_data["profiles"]:$[]; -- map results = $[]; -- -- list profile_list = []; -- foreach ( string profile_name, string profile_contents, -- (map) profiles, { -- profile_list = add( profile_list, `item( `id(profile_name), -- profile_name, default_select) ); -- }); -- -- term first_profile = (term) profile_list[0]:nil; -- string first_profile_name = first_profile[1]:"MISSING PROFILE NAME"; -- string profile_rules = -- (string) profiles[first_profile_name]:"MISSING CONTENTS"; -- string disable_ask_upload_str = -- _("&Don't ask again for unselected profiles"); -- map ui_capabilities = UI::GetDisplayInfo(); -- boolean in_ncurses = ui_capabilities["TextMode"]:true;; -- term profile_contents_text = nil; -- term explanation_text = nil; -- -- if ( in_ncurses ) { -- profile_contents_text = -- `RichText( `id(`contents),`opt(`plainText), profile_rules); -- } else { -- profile_contents_text = -- `VBox( -- `VSpacing(1.25), -- `RichText( `id(`contents),`opt(`plainText), profile_rules) -- ); -- } -- term control_widgets = nil; -- if ( disable_ask_upload == true ) { -- control_widgets = -- `VBox( -- `CheckBox(`id(`disable_ask_upload), `opt(`notify), -- disable_ask_upload_str), -- `VSpacing(0.5), -- `HBox( -- `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))), -- `HWeight( 50, `HCenter(`PushButton(`id(`cancel), -- Label::CancelButton()))) -- ) -- ); -- } else { -- if ( in_ncurses ) { -- control_widgets = -- `HBox( -- `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))), -- `HWeight( 50, `HCenter(`PushButton(`id(`cancel), -- Label::CancelButton()))) -- ); -- } else { -- control_widgets = -- `VBox( -- `VSpacing(0.5), -- `HBox( -- `HWeight( 50, `HCenter(`PushButton(`id(`save), -- Label::OKButton()))), -- `HWeight( 50, `HCenter(`PushButton(`id(`cancel), -- Label::CancelButton()))) -- ) -- ); -- } -- } -- -- UI::OpenDialog( -- `VBox( -- `VSpacing(0.1), -- `VWeight( 15, `Top(`Label(`id(`explanation), explanation))), -- `VSpacing(0.2), -- `VWeight( 70, -- `HBox( -- `VSpacing( 1 ), -- `HSpacing( 0.5 ), -- `Frame( `id(`select_profiles), headline, -- `HBox( -- `HWeight( 40, `MinSize( 30, 15, -- `MultiSelectionBox( `id(`profiles), -- `opt(`notify), -- _("Profiles"), -- profile_list) ) -- ), -- `HWeight( 60, profile_contents_text ) -- ) -- ), -- `HSpacing( 0.5 ) -- ) -- ), -- `VSpacing( 0.2 ), -- `VWeight( 15, control_widgets ), -- `VSpacing( 0.2 ) -- ) -- ); -- UI::ChangeWidget( `id(`profiles), `CurrentValue, first_profile_name ); -- -- map event2 = $[]; -- any id2 = nil; -- repeat -- { -- event2 = UI::WaitForEvent (); -- id2 = event2["ID"]:nil; -- if ( id2 == `profiles ) { -- any itemid = UI::QueryWidget( `id(`profiles), `CurrentItem ); -- string stritem = tostring( itemid ); -- string contents = profiles[stritem]:"MISSING CONTENTS"; -- UI::ChangeWidget( `id(`contents), `Value, contents ); -- } -- } until ( id2 == `save || id2 == `cancel ); -- -- list selected_profiles = []; -- if (id2 == `save) { -- list selected_items = -- (list) UI::QueryWidget( `id(`profiles), `SelectedItems ); -- integer profile_index = 0; -- foreach ( any p_name, selected_items, { -- selected_profiles[profile_index] = tostring( p_name ); -- profile_index = profile_index + 1; -- }); -- results["STATUS"] = "ok"; -- if (get_changelog == true) { -- map changelog_results = -- UI_ChangeLog_Dialog( $["profiles":selected_profiles] ); -- if ( changelog_results["STATUS"]:"cancel" == "cancel" ) { -- results["STATUS"] = "cancel"; -- } else { -- results["CHANGELOG"] = changelog_results; -- results["PROFILES"] = selected_profiles; -- } -- } else { -- results["PROFILES"] = selected_profiles; -- } -- if ( disable_ask_upload == true && -- ((boolean) UI::QueryWidget( `id(`disable_ask_upload), `Value )) -- == true ) { -- results["NEVER_ASK_AGAIN"] = "true"; -- } -- } else if ( id2 == `cancel ) { -- results["STATUS"] = "cancel"; -- } -- UI::CloseDialog(); -- return results; --} -- --/** Form_BusyFeedbackDialog -- * -- * @param agent_data - map - data from backend -- * [ title - string - explanation of the forms use ] -- * -- * @return results - map -- * [ STATUS - string - ok/cancel ] -- * -- **/ -- --define term Form_BusyFeedbackDialog( string message ) { -- //`MinSize( 10, 4, `Image(`opt(`animated), movie, "animation" ), -- //`Image(`opt(`animated), movie, "animation" ), -- string movie = -- "/usr/share/YaST2/theme/current/animations/ticks-endless.gif"; -- term busy_dialog = -- `HBox( -- //`MinSize( 10, 4, `Image(`opt(`animated), movie, "animation" ) ), -- `Image(`opt(`animated), movie, "animation" ), -- `Label( message ) -- ); -- return busy_dialog; --} -- --define void UI_BusyFeedbackStart( map agent_data ) { -- string message = agent_data["message"]:"MISSING MESSAGE"; -- if ( AppArmorDialogs::busy_dialog != nil ) { -- UI::CloseDialog(); -- } -- AppArmorDialogs::busy_dialog = Form_BusyFeedbackDialog( message ); -- UI::OpenDialog( AppArmorDialogs::busy_dialog); -- return; --} -- --define void UI_BusyFeedbackStop( ) { -- if ( AppArmorDialogs::busy_dialog != nil ) { -- UI::CloseDialog(); -- AppArmorDialogs::busy_dialog = nil; -- } --} ---- a/src/include/subdomain/capabilities.ycp -+++ /dev/null -@@ -1,310 +0,0 @@ --/* ------------------------------------------------------------------ --* --* Copyright (C) 2002-2005 Novell/SUSE --* --* This program is free software; you can redistribute it and/or --* modify it under the terms of version 2 of the GNU General Public --* License published by the Free Software Foundation. --* -- ------------------------------------------------------------------*/ --// --// YCP map containing definitons for Capabiltiies --// --{ -- --textdomain "yast2-apparmor"; -- --map capdefs = $[ --"chown" : -- $[ -- "name" : "CAP_CHOWN", -- "info" : _("
    • In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, --this overrides the restriction of changing file ownership --and group ownership.
    "), -- -- ], --"dac_override" : -- $[ -- "name" : "CAP_DAC_OVERRIDE", -- "info" : _("
    • Override all DAC access, including ACL execute access if --[_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
    "), -- -- ], --"dac_read_search" : -- $[ -- "name" : "CAP_DAC_READ_SEARCH", -- "info" : _("
    • Overrides all DAC restrictions regarding read and search --on files and directories, including ACL restrictions if [_POSIX_ACL] is defined. --Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
    "), -- -- ], --"fowner" : -- $[ -- "name" : "CAP_FOWNER", -- "info" : _("
    • Overrides all restrictions about allowed operations on files, --where file owner ID must be equal to the user ID, except where CAP_FSETID is --applicable. It doesn't override MAC and DAC restrictions.
    "), -- -- ], --"fsetid" : -- $[ -- "name" : "CAP_FSETID", -- "info" : _("
    • Overrides the following restrictions that the effective user --ID shall match the file owner ID when setting the S_ISUID and S_ISGID bits on that --file; that the effective group ID (or one of the supplementary group IDs) shall match --the file owner ID when setting the S_ISGID bit on that file; that the S_ISUID and --S_ISGID bits are cleared on successful return from chown(2) (not implemented).
    "), -- -- ], --"kill" : -- $[ -- "name" : "CAP_KILL", -- "info" : _("
    • Overrides the restriction that the real or effective user ID --of a process sending a signal must match the real or effective user ID of the process --receiving the signal.
    "), -- -- ], --"setgid" : -- $[ -- "name" : "CAP_SETGID", -- "info" : _("
    • Allows setgid(2) manipulation
    • Allows setgroups(2)
      • --
    • Allows forged gids on socket credentials passing.
    "), -- -- ], --"setuid" : -- $[ -- "name" : "CAP_SETUID", -- "info" : _("
    • Allows setuid(2) manipulation (including fsuid)
      • --
    • Allows forged pids on socket credentials passing.
    "), -- -- ], --"setpcap" : -- $[ -- "name" : "CAP_SETPCAP", -- "info" : _("
    • Transfer any capability in your permitted set to any pid, --remove any capability in your permitted set from any pid
    "), -- -- ], --"linux_immutable" : -- $[ -- "name" : "CAP_LINUX_IMMUTABLE", -- "info" : _("
    • Allows modification of S_IMMUTABLE and S_APPEND file attributes
    "), -- -- ], --"net_bind_service" : -- $[ -- "name" : "CAP_NET_BIND_SERVICE", -- "info" : _("
    • Allows binding to TCP/UDP sockets below 1024
      • --
    • Allows binding to ATM VCIs below 32
    "), -- -- ], --"net_broadcast" : -- $[ -- "name" : "CAP_NET_BROADCAST", -- "info" : _("
    • Allows broadcasting, listen to multicast
    "), -- -- ], --"net_admin" : -- $[ -- "name" : "CAP_NET_ADMIN", -- "info" : _("
    • Allows interface configuration
      • --
    • Allows administration of IP firewall, masquerading and accounting
      • --
    • Allows setting debug option on sockets
      • --
    • Allows modification of routing tables
      • ") + -- --_("
    • Allows setting arbitrary process / process group ownership on sockets
      • --
    • Allows binding to any address for transparent proxying
      • --
    • Allows setting TOS (type of service)
      • --
    • Allows setting promiscuous mode
      • --
    • Allows clearing driver statistics
      • ") + -- --_("
    • Allows multicasting
      • --
    • Allows read/write of device-specific registers
      • --
    • Allows activation of ATM control sockets
      • --
    "), -- -- ], --"net_raw" : -- $[ -- "name" : "CAP_NET_RAW", -- "info" : _("
    • Allows use of RAW sockets
      • --
    • Allows use of PACKET sockets
    "), -- -- ], --"ipc_lock" : -- $[ -- "name" : "CAP_IPC_LOCK", -- "info" : _("
    • Allows locking of shared memory segments
      • --
    • Allows mlock and mlockall (which doesn't really have anything to do with IPC)
    "), -- -- ], --"ipc_owner" : -- $[ -- "name" : "CAP_IPC_OWNER", -- "info" : _("
    • Override IPC ownership checks
    "), -- -- ], --"sys_module" : -- $[ -- "name" : "CAP_SYS_MODULE", -- "info" : _("
    • Insert and remove kernel modules - modify kernel without limit
      • --
    • Modify cap_bset
    "), -- -- ], --"sys_rawio" : -- $[ -- "name" : "CAP_SYS_RAWIO", -- "info" : _("
    • Allows ioperm/iopl access
      • --
    • Allows sending USB messages to any device via /proc/bus/usb
    "), -- -- ], --"sys_chroot" : -- $[ -- "name" : "CAP_SYS_CHROOT", -- "info" : _("
    • Allows use of chroot()
    "), -- -- ], --"sys_ptrace" : -- $[ -- "name" : "CAP_SYS_PTRACE", -- "info" : _("
    • Allows ptrace() of any process
    "), -- -- ], --"sys_pacct" : -- $[ -- "name" : "CAP_SYS_PACCT", -- "info" : _("
    • Allows configuration of process accounting
    "), -- -- ], --"sys_admin" : -- $[ -- "name" : "CAP_SYS_ADMIN", -- "info" : _("
    • Allows configuration of the secure attention key
      • --
    • Allows administration of the random device
      • --
    • Allows examination and configuration of disk quotas
      • --
    • Allows configuring the kernel's syslog (printk behaviour)
      • ") + -- --_("
    • Allows setting the domain name
      • --
    • Allows setting the hostname
      • --
    • Allows calling bdflush()
      • --
    • Allows mount() and umount(), setting up new smb connection
      • --
    • Allows some autofs root ioctls
      • ") + -- --_("
    • Allows nfsservctl
      • --
    • Allows VM86_REQUEST_IRQ
      • --
    • Allows to read/write pci config on alpha
      • --
    • Allows irix_prctl on mips (setstacksize)
      • --
    • Allows flushing all cache on m68k (sys_cacheflush)
      • ") + -- --_("
    • Allows removing semaphores
      • --
    • Used instead of CAP_CHOWN to \"chown\" IPC message queues, semaphores and shared memory
      • --
    • Allows locking/unlocking of shared memory segment
      • --
    • Allows turning swap on/off
      • --
    • Allows forged pids on socket credentials passing
      • ") + -- --_("
    • Allows setting read ahead and flushing buffers on block devices
      • --
    • Allows setting geometry in floppy driver
      • --
    • Allows turning DMA on/off in xd driver
      • --
    • Allows administration of md devices (mostly the above, but some extra ioctls)
      • ") + -- --_("
    • Allows tuning the ide driver
      • --
    • Allows access to the nvram device
      • --
    • Allows administration of apm_bios, serial and bttv (TV) device
      • --
    • Allows manufacturer commands in isdn CAPI support driver
      • ") + -- --_("
    • Allows reading non-standardized portions of pci configuration space
      • --
    • Allows DDI debug ioctl on sbpcd driver
      • --
    • Allows setting up serial ports
      • --
    • Allows sending raw qic-117 commands
      • ") + -- --_("
    • Allows enabling/disabling tagged queuing on SCSI controllers -- and sending arbitrary SCSI commands
      • --
    • Allows setting encryption key on loopback filesystem
    "), -- -- ], --"sys_boot" : -- $[ -- "name" : "CAP_SYS_BOOT", -- "info" : _("
    • Allows use of reboot()
    "), -- -- ], --"sys_nice" : -- $[ -- "name" : "CAP_SYS_NICE", -- "info" : _("
    • Allows raising priority and setting priority on other (different UID) processes
      • --
    • Allows use of FIFO and round-robin (realtime) scheduling on own processes and setting --the scheduling algorithm used by another process.
      • --
    • Allows setting cpu affinity on other processes
    "), -- ], --"sys_resource" : -- $[ -- "name" : "CAP_SYS_RESOURCE", -- "info" : _("
    • Override resource limits. Set resource limits.
      • --
    • Override quota limits.
      • --
    • Override reserved space on ext2 filesystem
      • --
    • Modify data journaling mode on ext3 filesystem (uses journaling resources)
      • ") + -- --_("
    • NOTE: ext2 honors fsuid when checking for resource overrides, so you can override using fsuid too
      • --
    • Override size restrictions on IPC message queues
      • --
    • Allows more than 64hz interrupts from the real-time clock
      • --
    • Override max number of consoles on console allocation
      • --
    • Override max number of keymaps
    "), -- ], --"sys_time" : -- $[ -- "name" : "CAP_SYS_TIME", -- "info" : _("
    • Allows manipulation of system clock
      • --
    • Allows irix_stime on mips
      • --
    • Allows setting the real-time clock
    "), -- ], --"sys_tty_config" : -- $[ -- "name" : "CAP_SYS_TTY_CONFIG", -- "info" : _("
    • Allows configuration of tty devices
      • --
    • Allows vhangup() of tty
    "), -- ], --"mknod" : -- $[ -- "name" : "CAP_MKNOD", -- "info" : _("
    • Allows the privileged aspects of mknod()
    "), -- ], --"lease" : -- $[ -- "name" : "CAP_LEASE", -- "info" : _("
    • Allows taking of leases on files
    "), -- ], --]; -- -- --map linnametolp = $[ --"CAP_CHOWN" : "chown", --"CAP_DAC_OVERRIDE" : "dac_override", --"CAP_DAC_READ_SEARCH" : "dac_read_search", --"CAP_FOWNER" : "fowner", --"CAP_FSETID" : "fsetid", --"CAP_KILL" : "kill", --"CAP_SETGID" : "setgid", --"CAP_SETUID" : "setuid", --"CAP_SETPCAP" : "setpcap", --"CAP_LINUX_IMMUTABLE" : "linux_immutable", --"CAP_NET_BIND_SERVICE" : "net_bind_service", --"CAP_NET_BROADCAST" : "net_broadcast", --"CAP_NET_ADMIN" : "net_admin", --"CAP_NET_RAW" : "net_raw", --"CAP_IPC_LOCK" : "ipc_lock", --"CAP_IPC_OWNER" : "ipc_owner", --"CAP_SYS_MODULE" : "sys_module", --"CAP_SYS_RAWIO" : "sys_rawio", --"CAP_SYS_CHROOT" : "sys_chroot", --"CAP_SYS_PTRACE" : "sys_ptrace", --"CAP_SYS_PACCT" : "sys_pacct", --"CAP_SYS_ADMIN" : "sys_admin", --"CAP_SYS_BOOT" : "sys_boot", --"CAP_SYS_NICE" : "sys_nice", --"CAP_SYS_RESOURCE" : "sys_resource", --"CAP_SYS_TIME" : "sys_time", --"CAP_SYS_TTY_CONFIG" : "sys_tty_config", --"CAP_MKNOD" : "mknod", --"CAP_LEASE" : "lease", --]; --} ---- a/src/include/subdomain/config_complain.ycp -+++ /dev/null -@@ -1,227 +0,0 @@ --/* ------------------------------------------------------------------ --* --* Copyright (C) 2002-2005 Novell/SUSE --* --* This program is free software; you can redistribute it and/or --* modify it under the terms of version 2 of the GNU General Public --* License published by the Free Software Foundation. --* -- ------------------------------------------------------------------*/ -- --{ --textdomain "yast2-apparmor"; -- --import "Label"; -- --string modeHelp = _("

    Profile Mode Configuration
    This tool allows --you to set AppArmor profiles to either complain or enforce mode.

    ") + -- --_("

    Complain mode is a profile training state that logs application --activity. All the violations of the AppArmor profile rules are logged --(into /var/log/audit/audit.log file), but still permitted, so --that application's behavior is not restricted.

    ") + -- --_("

    With the profile in enforce mode, application is protected by --AppArmor. The profile rules are enforced and their violation is logged, --but not permitted (e.g. an application cannot access files, unless it is --permitted to do so by the profile).

    "); -- --boolean showAll = false; // Button for showing active or all profiles -- --define void updateComplain(any id, string profile, string mode, boolean showAll) { -- -- boolean error = false; -- map profCmd = $[ ]; -- -- if (id == `allEnforce || id == `allComplain) { -- profCmd["all"] = "1"; -- } else if ( profile != "" ) { -- profCmd["profile"] = profile; -- } else { -- Popup::Error( _("Couldn't recognize profile name: ") + profile ); -- return; -- } -- -- if ( id == `toggle && mode != "" ) { -- // Reverse modes for toggling -- if ( mode == "enforce" ) { -- profCmd["mode"] = "complain"; -- } else if (mode == "complain") { -- profCmd["mode"] = "enforce"; -- } else { -- error = true; -- Popup::Error( _("Couldn't recognize mode: ") + mode ); -- } -- } else if ( id != `toggle ) { -- profCmd["mode"] = mode; -- } -- -- if ( showAll == true ) { -- profCmd["showall"] = "1"; -- } else { -- profCmd["showall"] = "0"; -- } -- -- SCR::Write(.complain, profCmd); -- -- return; --} -- --define list getRecordList(boolean showAll) { -- -- map Settings = $[ ]; -- Settings["list"] = "1"; -- -- if ( showAll == true ) { -- Settings["showall"] = "1"; -- } else { -- Settings["showall"] = "0"; -- } -- -- list recList = []; -- integer key = 1; -- -- // restarts ag_complain agent if necessary -- list db = nil; -- while ( db == nil ) { -- db = (list ) SCR::Read (.complain, Settings); -- } -- -- foreach ( map record, db, { -- recList = add( recList, `item( `id(key), record["name"]:nil, record["mode"]:nil )); -- key = key + 1; -- }); -- -- return recList; --} -- --define term getProfModeForm(list recList, boolean showAll ) { -- -- term allBtn = `PushButton(`id(`showAll), _("Show All Profiles") ); -- string allText = _("Configure Mode for Active Profiles"); -- -- if ( showAll && showAll == true ) { -- allBtn = `PushButton(`id(`showAct), _("Show Active Profiles") ); -- allText = _("Configure Mode for All Profiles"); -- } -- -- term modeForm = -- -- `Frame( `id(`changeMode), allText, -- //`Frame( `id(`changeMode), _("Configure Profile Mode"), -- `VBox( -- `VSpacing(2), -- `HBox( -- `VSpacing(10), -- `Table(`id(`table), `opt(`notify), `header(_("Profile Name"), _("Mode")), recList) -- ), -- `VSpacing(0.5), -- `HBox( -- allBtn, -- `PushButton(`id(`toggle), _("Toggle Mode") ), -- `PushButton(`id(`allEnforce), _("Set All to Enforce") ), -- `PushButton(`id(`allComplain), _("Set All to Complain") ) -- )) -- ); -- -- return modeForm; --} -- --define term updateModeConfigForm(boolean showAll) { -- -- list recList = getRecordList(showAll); -- term newModeForm = getProfModeForm(recList, showAll); -- -- return newModeForm; --} -- --// Profile Mode Configuration -- Sets Complain and Enforce Behavior --define symbol profileModeConfigForm() { -- -- list recList = getRecordList(showAll); -- term modeForm = getProfModeForm(recList, showAll); -- Wizard::CreateDialog(); -- Wizard::SetContentsButtons( _("Profile Mode Configuration"), modeForm, modeHelp, Label::BackButton(), _("&Done") ); -- -- map event = $[]; -- any id = nil; -- boolean modified = false; -- -- while( true ) { -- -- event = UI::WaitForEvent(); -- -- id = event["ID"]:nil; // We'll need this often - cache it -- string profile = nil; -- string mode = nil; -- -- if ( id == `abort || id == `cancel || id == `back ) { -- break; -- -- } else if ( id == `next ) { -- integer ret = -1; -- if ( modified ) -- ret = (integer) SCR::Execute (.target.bash, "/sbin/rcsubdomain reload > /dev/null 2>&1"); -- else { -- y2milestone("No change to Apparmor profile modes - nothing to do."); -- break; -- } -- if ( ret == 0) -- y2milestone("Apparmor profiles reloaded succesfully."); -- else -- y2error("Reloading Apparmor profiles failed with exit code %1", ret); -- -- break; -- } else if ( id == `showAll ) { -- -- showAll = true; -- Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") ); -- continue; -- -- } else if ( id == `showAct ) { -- -- showAll = false; -- Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") ); -- continue; -- -- } else if ( id == `toggle) { -- integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -- profile = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); -- mode = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 2, ""); -- -- updateComplain(id, profile, mode, showAll); -- modified = true; -- Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") ); -- continue; -- -- } else if ( id == `allEnforce || id == `allComplain) { -- -- profile = ""; -- -- if ( id == `allEnforce ) { -- mode = "enforce"; -- } else { -- mode = "complain"; -- } -- -- updateComplain(id, profile, mode, showAll); -- modified = true; -- Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") ); -- continue; -- -- } else if ( id == `table ) { -- -- Popup::Message( _("Please select an action to perform from the buttons below.") ); -- -- } else { -- y2error("Unexpected return code: %1", id); -- break; -- } -- } -- -- Wizard::CloseDialog(); // new -- return (symbol) id; --} -- --/* EOF */ --} ---- a/src/include/subdomain/helps.ycp -+++ /dev/null -@@ -1,219 +0,0 @@ --/* ------------------------------------------------------------------ --* --* Copyright (C) 2002-2005 Novell/SUSE --* --* This program is free software; you can redistribute it and/or --* modify it under the terms of version 2 of the GNU General Public --* License published by the Free Software Foundation. --* -- ------------------------------------------------------------------*/ -- --{ -- --textdomain "yast2-apparmor"; -- --/* START Help Section --************************************************************/ --map helps = $[ -- "EventNotifyHelpText" : -- _("

    The Security Event Notification screen enables you to setup email --alerts for security events. In the following steps, specify how often --alerts are sent, who receives the alert, and how severe the security --event must be to send an alert.

    ") + -- -- _("

    Notification Types
    Terse Notification: --Terse notification summarizes the total number of system events without --providing details.
    For example:
    dhcp-101.up.wirex.com has --had 10 security events since Tue Oct 12 11:10:00 2004

    ") + -- -- _("

    Summary Notification: The Summary notification displays --the logged AppArmor security events, and lists the number of --individual occurrences, including the date of the last occurrence. --
    For example:
    SubDomain: PERMITTING access to capability --'setgid' (httpd2-prefork(6347) profile /usr/sbin/httpd2-prefork --active /usr/sbin/httpd2-prefork) 2 times, the latest at Sat Oct 9 16:05:54 2004. --

    ") + -- -- _("

    Verbose Notification: The Verbose notification displays --unmodified, logged AppArmor security events. It tells you every time --an event occurs and writes a new line in the Verbose log. These --security events include the date and time the event occurred, when --the application profile permits access as well as rejects access, --and the type of file permission access that is permitted or rejected.

    ") + -- -- _("

    Verbose Notification also reports several messages that --the logprof tool uses to interpret profiles.
    For example:
    -- Oct 9 15:40:31 SubDomain: PERMITTING r access to --/etc/apache2/httpd.conf (httpd2-prefork(6068) profile --/usr/sbin/httpd2-prefork active /usr/sbin/httpd2-prefork)

    ") + -- -- "
      " + _("
    1. For each notification type that you would like --enabled, select the frequency of notification that you would --like. For example, if you select 1 day from the --pull-down list, you will be sent daily notifications of --security events, if they occur.
      2. ") + -- -- _("
    2. Enter the email address of those who should receive --the Terse, Summary, or Verbose notifications.If there is no local --SMTP server configured to distribute e-mails from this host to the --domain you entered, enter for example @localhost --and enable to receive system mail, if it is not --a root user.
      3. ") + -- -- _("
    3. Select the lowest severity level for which a notification --should be sent. Security events will be logged and the notifications --will be sent at the time indicated by the interval when events are --equal or greater than the selected severity level. If the interval --is 1 day, the notification will be sent daily, if security events --occur.") + -- -- _("Severity Levels: These are numbered 1 through 10, --10 being the most severe security incident. The severity.db --file defines the severity level of potential security events. --The severity levels are determined by the importance of --different security events, such as certain resources accessed --or services denied.
      4. ") + -- -- _("
    4. Select Include unknown security events if --you would like to include events that are not rated with a severity number.
      5. ") + -- "
    ", --// ---------------------------- -- "profileWizard" : -- _("AppArmor Profiling Wizard
    ") + -- _("This wizard presents entries generated by the AppArmor access control module. --You can generate highly optimized and robust security profiles --by using the suggestions made by AppArmor.") + -- -- _("AppArmor suggests that you allow or deny access to specific resources --or define execute permission for entries. Questions --that display were logged during the normal application --execution test previously performed.
    ") + -- -- _("The following help text describes the detail of the security profile --syntax used by AppArmor.

    At any stage, you may --customize the profile entry by changing the suggested response. --This overview will assist you in your options. Refer to the --Novell AppArmor Administration Guide for step-by-step --instructions.

    ") + -- -- _("Access Modes
    ") + -- _("File permission access modes consists of combinations of the following six modes:") + -- -- "
      " + -- _("
    • r - read
      • ") + -- _("
    • w - write
      • ") + -- _("
    • m - mmap PROT_EXEC
      • ") + -- _("
    • px - discrete profile execute
      • ") + -- _("
    • ux - unconfined execute
      • ") + -- _("
    • ix - inherit execute
      • ") + -- _("
    • l - link
      • ") + "
    " + -- -- _("Details for Access Modes") + -- "

    " + -- -- _("Read mode
    ") + -- _("Allows the program to have read access to the --resource. Read access is required for shell scripts --and other interpreted content, and determines if an --executing process can core dump or be attached to with --ptrace(2). (ptrace(2) is used by utilities such as --strace(1), ltrace(1), and gdb(1).)") + -- "

    " + -- -- _("Write mode
    ") + -- _("Allows the program to have write access to the --resource. Files must have this permission if they are --to be unlinked (removed.)") + -- "

    " + -- -- _("Mmap PROT_EXEC mode
    ") + -- _("Allows the program to call mmap with PROT_EXEC on the --resource.") + -- "

    " + -- -- _("Unconfined execute mode
    ") + -- _("Allows the program to execute the resource without any --AppArmor profile being applied to the executed --resource. Requires listing execute mode as well. --Incompatible with Inherit and Discrete Profile execute --entries.") + -- "

    " + -- -- _("This mode is useful when a confined program needs to --be able to perform a privileged operation, such as --rebooting the machine. By placing the privileged section --in another executable and granting unconfined --execution rights, it is possible to bypass the mandatory --constraints imposed on all confined processes. --For more information on what is constrained, see the --subdomain(7) man page.") + -- "

    " + -- -- _("Discrete Profile execute mode
    ") + -- _("This mode requires that a discrete security profile is --defined for a resource executed at a AppArmor domain --transition. If there is no profile defined then the --access will be denied. Incompatible with Inherit and --Unconstrained execute entries.") + -- "

    " + -- -- _("Link mode
    ") + -- _("Allows the program to be able to create and remove a --link with this name (including symlinks). When a link --is created, the file that is being linked to MUST have --the same access permissions as the link being created --(with the exception that the destination does not have --to have link access.) Link access is required for --unlinking a file.") + -- "

    " + -- -- _("Globbing") + -- "

    " + -- _("File resources may be specified with a globbing syntax --similar to that used by popular shells, such as csh(1), --bash(1), zsh(1).") + -- "
    " + -- -- "
      " + -- _("
    • * can substitute for any number of characters, except '/'
    • ") + -- _("
    • ** can substitute for any number of characters, including '/'
      • ") + -- _("
    • ? can substitute for any single character except '/'
      • ") + -- _("
    • [abc] will substitute for the single character a, b, or c
      • ") + -- _("
    • [a-c] will substitute for the single character a, b, or c
      • ") + -- _("
    • {ab,cd} will expand to one rule to match ab, one rule to match cd
      • ") + -- "
    " + -- -- _("Clean Exec - for sanitized execution") + -- "

    " + -- _("The Clean Exec option for the discrete profile and unconstrained --execute permissions provide added security by stripping the --environment that is inherited by the child program of specific --variables. You will be prompted to choose whether you want to sanitize the --environment if you choose 'p' or 'u' during the profiling process. --The variables are:") + -- -- "
      " + -- "
    • GCONV_PATH
      • " + -- "
    • GETCONF_DIR
      • " + -- "
    • HOSTALIASES
      • " + -- "
    • LD_AUDIT
      • " + -- "
    • LD_DEBUG
      • " + -- "
    • LD_DEBUG_OUTPUT
      • " + -- "
    • LD_DYNAMIC_WEAK
      • " + -- "
    • LD_LIBRARY_PATH
      • " + -- "
    • LD_ORIGIN_PATH
      • " + -- "
    • LD_PRELOAD
      • " + -- "
    • LD_PROFILE
      • " + -- "
    • LD_SHOW_AUXV
      • " + -- "
    • LD_USE_LOAD_BIAS
      • " + -- "
    • LOCALDOMAIN
      • " + -- "
    • LOCPATH
      • " + -- "
    • MALLOC_TRACE
      • " + -- "
    • NLSPATH
      • " + -- "
    • RESOLV_HOST_CONF
      • " + -- "
    • RES_OPTION
      • " + -- "
    • TMPDIR
      • " + -- "
    • TZDIR
    ", -- -- ]; --} ---- a/src/include/subdomain/profile_dialogs.ycp -+++ /dev/null -@@ -1,1147 +0,0 @@ --/* ------------------------------------------------------------------ --* --* Copyright (C) 2002-2005 Novell/SUSE --* --* This program is free software; you can redistribute it and/or --* modify it under the terms of version 2 of the GNU General Public --* License published by the Free Software Foundation. --* -- ------------------------------------------------------------------*/ --{ --import "Wizard"; --import "Popup"; --import "Label"; --import "Map"; --include "subdomain/capabilities.ycp"; --textdomain "yast2-apparmor"; -- --// Globalz --integer timeout_millisec = 20 * 1000; --map Settings = $[ -- "CURRENT_PROFILE" : "" --]; -- -- --define map capabilityEntryPopup( map capmap, -- string linuxcapname, -- string profile ) { -- map results = $[]; -- string lpname = linnametolp[linuxcapname]:""; -- map cdef = capdefs[lpname]:nil; -- list caplist = []; -- boolean capbool = false; -- foreach( string clname, string clpname, (map) linnametolp, { -- if ( capmap[clpname]:nil != nil) capbool = true; -- caplist = add( caplist, `item( `id(clname), clname, capbool) ); -- capbool = false; -- }); -- string info = (string) cdef["info"]:_("Capability Selection. --
    Select desired capabilities for this profile. --Select a Capability name to see information about the capability."); -- string frametitle = " " + _("Capabilities enabled for the profile") + " " + profile + " "; -- UI::OpenDialog( -- `VBox( -- `HSpacing( 75 ), -- `VSpacing( `opt(`hstretch), 1 ), -- `HBox( -- `VSpacing( 20 ), -- `HSpacing( 0.5 ), -- `Frame( frametitle, -- `HBox( -- `HWeight( 30, -- `MultiSelectionBox( `id(`caps), `opt(`notify), _("Capabilities"), caplist) -- ), -- `HWeight( 60, `RichText( `id(`captext), info) ) -- ) -- ), -- `HSpacing( 0.05 ) -- ), -- `VSpacing( 0.5 ), -- `HBox( -- `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))), -- `HWeight( 50, `HCenter(`PushButton(`id(`cancel), Label::CancelButton()))) -- ), -- `VSpacing( `opt(`hstretch), 0.5 ) -- ) -- ); -- -- if ( linuxcapname != "" ) { -- UI::ChangeWidget( `id(`caps), `CurrentItem, linuxcapname ); -- } -- -- map event2 = $[]; -- any id2 = nil; -- repeat -- { -- event2 = UI::WaitForEvent( timeout_millisec ); -- id2 = event2["ID"]:nil; // We'll need this often - cache it -- if ( id2 == `caps ) { -- any itemid = UI::QueryWidget( `id(`caps), `CurrentItem ); -- list selecteditems = (list) UI::QueryWidget( `id(`caps), `SelectedItems ); -- string stritem = tostring( itemid ); -- string capindex = linnametolp[stritem]:""; -- map cdf = capdefs[capindex]:nil; -- string cdfi = cdf["info"]:""; -- UI::ChangeWidget( `id(`captext), `Value, cdfi ); -- } -- } until ( id2 == `save || id2 == `cancel ); -- -- map newcapmap = $[]; -- if ( id2 == `save ) { -- list selectedcaps = (list) UI::QueryWidget( `id(`caps), `SelectedItems ); -- string s = ""; -- foreach( any cpname, selectedcaps, { -- s = linnametolp[tostring(cpname)]:""; -- newcapmap = add( newcapmap, s, $["audit":0, "set":1]); -- }); -- } -- UI::CloseDialog(); -- if ( id2 == `cancel ) { -- return capmap; -- } -- return newcapmap; --} -- -- --define string networkEntryPopup( string rule ) { -- integer listnum = 0; -- list netlist = splitstring( rule, " " ); -- integer netrulesize = size( netlist ); -- string family = ""; -- string sockettype = ""; -- if ( netrulesize == 1 ) { -- family = "All"; -- } else if ( netrulesize == 2 ) { -- family = netlist[1]:""; -- } else if ( netrulesize == 3 ) { -- family = netlist[1]:""; -- sockettype = netlist[2]:""; -- } -- -- list famList = [ -- `item( `id( `allfam ), _("All") ), -- `item( `id( `inet ), "inet" ), -- `item( `id( `inet6 ), "inet6" ), -- `item( `id( `ax25 ), "ax25" ), -- `item( `id( `ipx ), "ipx" ), -- `item( `id( `appletalk ), "appletalk" ), -- `item( `id( `netrom ), "netrom" ), -- `item( `id( `bridge ), "bridge" ), -- `item( `id( `atmpvc ), "atmpvc" ), -- `item( `id( `x25 ), "x25" ), -- `item( `id( `rose ), "rose" ), -- `item( `id( `netbeui ), "netbeui" ), -- `item( `id( `security ), "security" ), -- `item( `id( `key ), "key" ), -- `item( `id( `packet ), "packet" ), -- `item( `id( `ash ), "ash" ), -- `item( `id( `econet ), "econet" ), -- `item( `id( `atmsvc ), "atmsvc" ), -- `item( `id( `sna ), "sna" ), -- `item( `id( `irda ), "irda" ), -- `item( `id( `ppox ), "pppox" ), -- `item( `id( `wanpipe ), "wanpipe" ), -- `item( `id( `bluetooth ), "bluetooth" ), -- ]; -- -- list typeList = [ -- `item( `id( `alltype ), _("All") ), -- `item( `id( `stream ), "stream" ), -- `item( `id( `dgram ), "dgram" ), -- `item( `id( `seqpacket ), "seqpacket" ), -- `item( `id( `rdm ), "rdm" ), -- `item( `id( `raw ), "raw" ), -- `item( `id( `packet ), "packet" ), -- `item( `id( `dccp ), "dccp" ), -- ]; -- -- map results = $[]; -- -- UI::OpenDialog( -- `VBox( -- `VSpacing( 1 ), -- `HBox( -- `HCenter( `ComboBox( `id(`famItems), -- `opt(`notify), -- _("Network Family"), -- famList -- ) -- ), -- `HSpacing(`opt(`hstretch), 0.2), -- `HCenter( `ComboBox( `id(`typeItems), -- `opt(`notify), -- _("Socket Type"), -- typeList -- ) -- ) -- ), -- `VSpacing(1), -- `HBox( -- `HCenter(`PushButton(`id(`cancel), Label::CancelButton())), -- `HCenter(`PushButton(`id(`save), Label::SaveButton())) -- ), -- `VSpacing(0.5) -- ) -- ); -- -- if ( rule == "" || family == "All" ) { -- UI::ChangeWidget( `famItems, `Value, `allfam ); -- UI::ChangeWidget( `typeItems, `Value, `alltype ); -- UI::ChangeWidget( `typeItems, `Enabled, false ); -- } else { -- if ( family != "" ) { -- UI::ChangeWidget( `famItems, `Value, symbolof(toterm(family)) ); -- } -- if ( sockettype != "" ) { -- UI::ChangeWidget( `typeItems, `Value, symbolof(toterm(sockettype)) ); -- } -- } -- map event2 = $[]; -- any id2 = nil; // We'll need this often - cache it -- repeat -- { -- event2 = UI::WaitForEvent( timeout_millisec ); -- id2 = event2["ID"]:nil; // We'll need this often - cache it -- if ( id2 == `famItems ) { -- if ( UI::QueryWidget( `famItems, `Value ) == `allfam ) { -- UI::ChangeWidget( `typeItems, `Value, `alltype ); -- UI::ChangeWidget( `typeItems, `Enabled, false ); -- } else { -- UI::ChangeWidget( `typeItems, `Enabled, true ); -- } -- } -- } until ( id2 == `save || id2 == `cancel ); -- if ( id2 == `save ) { -- rule = "network"; -- symbol famselection = (symbol) UI::QueryWidget( `famItems, `Value ); -- symbol typeselection = (symbol) UI::QueryWidget( `typeItems, `Value ); -- if ( famselection != `allfam ) { -- rule = rule + " " + substring( tostring(famselection), 1); -- if ( typeselection != `alltype ) { -- rule = rule + " " + substring( tostring(typeselection), 1); -- } -- } -- } else { -- rule = ""; -- } -- UI::CloseDialog(); -- return rule; --} -- -- --// --// Popup the Edit Profile Entry dialog --// return a map containing PERM and FILE --// for the updated permissions and filename --// for the profile entry --// -- --define map pathEntryPopup( string filename, string perms, string profile, string filetype ) { -- map results = $[]; -- UI::OpenDialog( -- `VBox( -- `VSpacing( `opt(`hstretch), 1 ), -- `HSpacing( 45 ), -- `HBox( -- `VSpacing( 10 ), -- `HSpacing( 0.75 ), -- `Frame( _("Profile Entry For ") + profile, -- `HBox( -- `HWeight( 60, -- `VBox( -- `TextEntry(`id(`filename), _("Enter or modify Filename")), -- `HCenter(`PushButton(`id(`browse), _("&Browse") )) -- ) -- ), -- `HWeight( 40, -- `MultiSelectionBox( `id(`perms), `opt(`notify), _("Permissions"), -- [ `item( `id(`read), _("Read"), issubstring(perms, "r")), -- `item( `id(`write), _("Write"), issubstring(perms, "w")), -- `item( `id(`link), _("Link"), issubstring(perms, "l")), -- `item( `id(`append), _("Append"), issubstring(perms, "a")), -- `item( `id(`lock), _("Lock"), issubstring(perms, "k")), -- `item( `id(`mmap), _("MMap PROT_EXEC"), issubstring(perms, "m")), -- `item( `id(`execute), _("Execute"), issubstring(perms, "x")), -- `item( `id(`inherit), _("Inherit"), issubstring(perms, "i")), -- `item( `id(`profile), _("Profile"), issubstring(perms, "p")), -- `item( `id(`clean_profile), _("Profile Clean Exec"), issubstring(perms, "P")), -- `item( `id(`unconstrained), _("Unconstrained"), issubstring(perms, "u")), -- `item( `id(`clean_unconstrained), _("Unconstrained Clean Exec"), issubstring(perms, "U")) -- ] -- ) -- ) -- ) -- ), -- `HSpacing( 0.75 ) -- ), -- `VSpacing( 0.5 ), -- `HBox( -- `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))), -- `HWeight( 50, `HCenter(`PushButton(`id(`cancel), Label::CancelButton()))) -- ), -- `VSpacing( `opt(`hstretch), 0.5 ) -- ) -- ); -- UI::ChangeWidget(`id(`filename), `Value, filename); -- map event2 = $[]; -- any id2 = nil; // We'll need this often - cache it -- repeat -- { -- event2 = UI::WaitForEvent( timeout_millisec ); -- id2 = event2["ID"]:nil; // We'll need this often - cache it -- -- // -- // Something clicked in the 'perms list -- // -- if ( id2 == `perms ) { -- any itemid = UI::QueryWidget( `id(`perms), `CurrentItem ); -- list selecteditems = (list) UI::QueryWidget( `id(`perms), `SelectedItems ); -- if ( itemid == `execute ) { -- // -- // If we turn off Execute bit then also -- // turn off execute modifiers -- // -- if ( contains( selecteditems, `execute ) == false ) { -- if ( contains( selecteditems, `inherit )) { -- selecteditems = filter (any k, selecteditems, { return (k != `inherit); }); -- UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); -- } -- if ( contains( selecteditems, `profile )) { -- selecteditems = filter (any k, selecteditems, { return (k != `profile); }); -- UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); -- } -- if ( contains( selecteditems, `unconstrained )) { -- selecteditems = filter (any k, selecteditems, { return (k != `unconstrained); }); -- UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); -- } -- if ( contains( selecteditems, `clean_unconstrained )) { -- selecteditems = filter (any k, selecteditems, { return (k != `clean_unconstrained); }); -- UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); -- } -- if ( contains( selecteditems, `clean_profile )) { -- selecteditems = filter (any k, selecteditems, { return (k != `clean_profile); }); -- UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); -- } -- } else if (!( contains( selecteditems, `inherit ) || -- contains( selecteditems, `unconstrained ) || -- contains( selecteditems, `clean_unconstrained ) || -- contains( selecteditems, `clean_profile ) || -- contains( selecteditems, `profile )) -- ) { -- //if you just select X alone then by default you get P -- selecteditems = prepend( selecteditems, `profile); -- UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); -- } -- } -- -- // -- // Execute modifier is selected -- // -- if Execute is NOT ON then turn Execute ON -- // -- ensure that only one modifier is selected. -- // -- if (( contains( selecteditems, `inherit ) || -- contains( selecteditems, `clean_unconstrained ) || -- contains( selecteditems, `clean_profile ) || -- contains( selecteditems, `unconstrained ) || -- contains( selecteditems, `profile )) ) { -- if ( contains( selecteditems, `execute ) == false ) { -- selecteditems = prepend( selecteditems, `execute); -- UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); -- } else if ( itemid == `profile ) { -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `inherit); }); -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `clean_unconstrained); }); -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `clean_profile); }); -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `unconstrained); }); -- UI::ChangeWidget( `id(`perms), -- `SelectedItems, -- selecteditems ); -- } else if ( itemid == `inherit ) { -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `profile); }); -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `unconstrained); }); -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `clean_unconstrained); }); -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `clean_profile); }); -- UI::ChangeWidget( `id(`perms), -- `SelectedItems, -- selecteditems ); -- } else if ( itemid == `unconstrained ) { -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `profile); }); -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `inherit); }); -- selecteditems = -- filter (any k, -- selecteditems, -- { return (k != `clean_unconstrained); }); -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `clean_profile); }); -- UI::ChangeWidget( `id(`perms), -- `SelectedItems, -- selecteditems ); -- } else if ( itemid == `clean_unconstrained ) { -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `profile); }); -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `inherit); }); -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `unconstrained); }); -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `clean_profile); }); -- UI::ChangeWidget( `id(`perms), -- `SelectedItems, -- selecteditems ); -- } else if ( itemid == `clean_profile ) { -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `profile); }); -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `inherit); }); -- selecteditems = -- filter (any k, -- selecteditems, -- { return (k != `clean_unconstrained); }); -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `unconstrained); }); -- UI::ChangeWidget( `id(`perms), -- `SelectedItems, -- selecteditems ); -- } -- } else if ( contains( selecteditems, `execute) ) { -- selecteditems = filter (any k, -- selecteditems, -- { return (k != `execute); }); -- UI::ChangeWidget( `id(`perms), -- `SelectedItems, -- selecteditems ); -- } -- } -- // -- // Popup a dialog to let a user browse for a file -- // -- if ( id2 == `browse ) { -- string selectfilename = ""; -- if ( filetype == "dir" ) { -- selectfilename = UI::AskForExistingDirectory( "/", _("Select Directory")); -- } else { -- selectfilename = UI::AskForExistingFile( "/", "", _("Select File")); -- } -- if ( selectfilename != nil ) { -- UI::ChangeWidget(`id(`filename), `Value, selectfilename); -- } -- } -- } until ( id2 == `save || id2 == `cancel ); -- -- if ( id2 == `cancel ) { -- UI::CloseDialog(); -- return nil; -- } -- -- // -- // Update table values -- // -- if ( id2 == `save ) { -- list selectedbits = (list) UI::QueryWidget( `id(`perms), `SelectedItems ); -- string newperms = ""; -- if ( contains( selectedbits, `write ) ) { -- newperms = newperms + "w" ; -- } -- if ( contains(selectedbits, `mmap ) ) { -- newperms = newperms + "m" ; -- } -- if ( contains(selectedbits, `read ) ) { -- newperms = newperms + "r" ; -- } -- if ( contains(selectedbits, `link ) ) { -- newperms = newperms + "l" ; -- } -- if ( contains(selectedbits, `lock ) ) { -- newperms = newperms + "k" ; -- } -- if ( contains(selectedbits, `append ) ) { -- newperms = newperms + "a" ; -- } -- if ( contains(selectedbits, `execute) ) { -- if ( contains(selectedbits, `profile) ) { -- newperms = newperms + "p" ; -- } else if ( contains(selectedbits, `inherit) ) { -- newperms = newperms + "i" ; -- } else if ( contains(selectedbits, `unconstrained) ) { -- newperms = newperms + "u" ; -- } else if ( contains(selectedbits, `clean_unconstrained) ) { -- newperms = newperms + "U" ; -- } else if ( contains(selectedbits, `clean_profile) ) { -- newperms = newperms + "P" ; -- } -- newperms = newperms + "x" ; -- } -- filename = tostring( UI::QueryWidget(`id(`filename), `Value) ); -- UI::CloseDialog(); -- if ( filename == "" || newperms == "" ) { -- Popup::Error(_("Entry will not added. Entry name or permissions not defined.")); -- results = nil; -- } else { -- results = $[ "PERM": newperms, "FILE": filename ]; -- } -- } -- return results; --} -- --define map fileEntryPopup( string filename, string perms, string profile ) { -- return (map) pathEntryPopup( filename, perms, profile, "file" ); --} -- --define map dirEntryPopup( string filename, string perms, string profile ) { -- return (map) pathEntryPopup( filename, perms, profile, "dir" ); --} -- -- --define map deleteNetworkRule( map netRules, string rule ) { -- map audit = netRules["audit"]:$[]; -- map rules = netRules["rule"]:$[]; -- list netlist = splitstring( rule, " " ); -- integer netrulesize = size( netlist ); -- string family = ""; -- string sockettype = ""; -- -- if ( netrulesize == 1 ) { -- audit = $[]; -- rules = $[]; -- } else if ( netrulesize == 2 ) { -- family = netlist[1]:""; -- audit = remove( audit, family ); -- rules = remove( rules, family ); -- } else if ( netrulesize == 3 ) { -- family = netlist[1]:""; -- sockettype = netlist[2]:""; -- map a = audit[family]:$[]; -- map r = rules[family]:$[]; -- a = remove(a, sockettype); -- r = remove(r, sockettype); -- audit[family] = a; -- rules[family] = r; -- /*any fam = netRules[family]:nil; -- if ( is( fam, map ) ) { -- fam = remove( ((map) fam), sockettype ); -- netRules[family] = fam; -- } else { -- y2warning("deleteNetworkRule: deleting non-existing rule: " + -- rule); -- }*/ -- } -- return $["audit" : audit, "rule" : rules]; --} -- --define map addNetworkRule( map netRules, string rule ) { -- map audit = netRules["audit"]:$[]; -- map rules = netRules["rule"]:$[]; -- list netlist = splitstring( rule, " " ); -- integer netrulesize = size( netlist ); -- string family = ""; -- string sockettype = ""; -- -- if ( netrulesize == 1 ) { -- return ( $["audit" : $["all":1], "rule" : $["all" :1] ] ); -- } -- else{ -- if (haskey(audit, "all") && haskey(rules, "all")) { -- audit = remove(audit, "all"); -- rules = remove(rules, "all"); -- } -- -- if ( netrulesize == 2 ) { -- family = netlist[1]:""; -- audit[family] = 0; -- rules[family] = 1; -- } else if ( netrulesize == 3 ) { -- family = netlist[1]:""; -- sockettype = netlist[2]:""; -- audit[family] = add(audit[family]:$[], sockettype,0); -- rules[family] = add(rules[family]:$[], sockettype,1); -- } -- /*any any_fam = netRules[family]:nil; -- map fam = nil; -- if ( is( any_fam, map ) ) { -- fam = (map) any_fam; -- } -- if ( fam == nil ) { -- fam = $[]; -- } -- fam[sockettype] = "1"; -- netRules[family] = fam;*/ -- } -- return $[ "audit": audit, "rule": rules]; --} -- --define map editNetworkRule( map netRules, string old, string new ) { -- netRules = deleteNetworkRule( netRules, old ); -- netRules = addNetworkRule( netRules, new ); -- return( netRules ); --} -- --// --// generateTableContents - generate the list that is used in the table to display the profile --// -- --define list generateTableContents( map paths, map network, map caps, map includes, map hats ) { -- list newlist = []; -- -- integer indx = 0; -- -- foreach( string hatname, any hat, (map) hats, { -- newlist = add( newlist, `item( `id(indx), "[+] ^"+ hatname, "")); -- indx = indx+1; }); -- -- foreach( string incname, integer incval, (map) includes, { -- newlist = add( newlist, `item( `id(indx), "#include " +incname, "")); -- indx = indx+1; }); -- -- foreach( string capname, map capval, (map) caps, { -- map capdef = capdefs[capname]:nil; -- newlist = add( newlist, `item( `id(indx), capdef["name"]:"", "")); -- indx = indx+1; }); -- -- foreach( string name, map val, (map) paths, { -- string mode = (string) SCR::Execute(.subdomain_profiles.mode_to_string, val["mode"]:0); -- newlist = add( newlist, `item( `id(indx), name, mode)); -- indx = indx+1; }); -- -- map rules = network["rule"]:$[]; -- foreach( string family, any any_fam, (map) rules, { -- if ( is( any_fam, map ) ) { -- foreach( string socktype, any any_type, (map) any_fam, { -- newlist = add( newlist, -- `item( `id(indx), -- "network " + family + " " + socktype, -- "" -- ) -- ); -- indx = indx+1; -- }); -- } else { -- // Check for all network -- if ( family == "all" ) { -- newlist = add( newlist, -- `item( `id(indx), -- "network", -- "" -- ) -- ); -- indx = indx+1; -- } else { -- newlist = add( newlist, -- `item( `id(indx), -- "network " + family, -- "" -- ) -- ); -- indx = indx+1; -- } -- } -- }); -- return newlist; --} -- -- --define map collectHats(map profile, string pathname ) { -- map hats = $[]; -- y2debug("collecting hats for " + pathname); -- if( profile != nil){ -- foreach( string resname, any resource, (map) profile, { -- if ( resname != pathname ) { -- map hat = tomap(resource); -- if ( hat != nil ) { -- y2debug("HAT " + resname); -- hats = add(hats, resname, resource); -- } -- } -- }); -- } -- return hats; --} -- -- --// --// Prompts the user for a hatname --// Side-Effect: sets Settings["CURRENT_HAT"] --// returns true (hat entered) --// false (user aborted) --// --define boolean newHatNamePopup(string parentProfile, map currentHats ) { -- --term intro = `VBox( -- `Top( -- `VBox( -- `VSpacing(1), -- `Left(`Label( _("Please enter the name of the Hat that you would like \nto add to the profile") + " " + parentProfile + ".")), -- `VSpacing(0.5), -- `Left( -- `TextEntry( -- `id(`hatname), -- _("&Hat name to add"), -- "" -- ) -- ), -- `VSpacing(`opt(`vstretch), 0.25) -- ) -- ), -- `HBox( -- `HSpacing(`opt(`hstretch), 0.1), -- `HCenter(`PushButton(`id(`create), _("&Create Hat"))), -- `HCenter(`PushButton(`id(`abort), Label::AbortButton())), -- `HSpacing(`opt(`hstretch), 0.1), -- `VSpacing(1) -- ) -- ); -- -- UI::OpenDialog(intro); -- UI::SetFocus(`id(`hatname)); -- while (true) { -- any input = Wizard::UserInput(); -- if(input == `create) { -- string hatname = (string) UI::QueryWidget(`id(`hatname), `Value); -- // Check for no application entry in the dialog -- if ( hatname == "" ) { -- Popup::Error(_("You have not given a name for the hat you want to add.\nPlease --enter a hat name to create a new hat, or press Abort to cancel this wizard.")); -- } else if ( haskey( currentHats, hatname ) ) { -- Popup::Error(_("The profile already contains the provided hat name. --Please enter a different name to try again, or press Abort to cancel this wizard.")); -- } else { -- Settings["CURRENT_HAT"] = hatname; -- UI::CloseDialog(); -- return true; -- } -- } else { -- UI::CloseDialog(); -- return false; -- } -- } --} -- --define symbol DisplayProfileForm(string pathname, boolean hat) { -- map profile_map = (map) Settings["PROFILE_MAP"]:$[]; -- map profile = (map) profile_map[pathname]:$[]; -- map hats = $[]; -- if ( !hat ) { -- hats = collectHats( profile_map, pathname ); -- } -- map paths = (map) profile["allow","path"]:$[]; -- map caps = (map) profile["allow","capability"]:$[]; -- map includes = (map) profile["include"]:$[]; -- map netdomain = (map) profile["allow", "netdomain"]:$[]; -- list profilelist = generateTableContents( paths, -- netdomain, -- caps, -- includes, -- hats ); -- -- -- // FIXME: format these texts better -- -- /* help text */ -- string help1 = _("

    In this form you can view and modify the contents of an individual profile. --For existing entries you can double click the permissions to access a modification dialog.

    "); -- -- /* help text */ -- string help2 = _("

    Permission Definitions:
    r - read
    --w -write
    l - link
    m - mmap PROT_EXEC
    k - file locking
    --a - file append
    x - execute
    i - inherit
    p - discrete profile
    --P - discrete profile
    (*clean exec)
    u - unconstrained
    --U -unconstrained
    (*clean exec)

    "); -- -- /* help text */ -- string help3 = _("

    Add Entry:
    Select the type of resource to add from the drop down list.

    "); -- -- /* help text - part x1 */ -- string help4 = _("

    • File
      Add a file entry to this profile
      • "); -- /* help text - part x2 */ -- string help5 = _("
    • Directory
      Add a directory entry to this profile
      • "); -- /* help text - part x3 */ -- string help6 = _("
    • Capability
      Add a capability entry to this profile
      • "); -- /* help text - part x4 */ -- string help7 = _("
    • Include
      Add an include entry to this profile. This option --includes the profile entry contents of another file in this profile at load time.
      • "); -- /* help text - part x5 */ -- string help_net = _("
    • Network Entry
      Add a network rule entry to this profile. --This option will allow you to specify network access privileges for the profile. --You may specify a network address family and socket type.
      • "); -- /* help text - part x6 */ -- string helpHat = _("
    • Hat
      Add a sub-profile for this profile - called a Hat. --This option is analogous to manually creating a new profile, which can selected --during execution only in the context of being asked for by a changehat aware --application. For more information on changehat please see man changehat on your --system or the Novell AppArmor Administration Guide.
      • "); -- /* help text - part x7 */ -- string helpEdit = _("

    Edit Entry:
    Edit the selected entry.

    "); -- -- /* help text */ -- string help8 = _("

    Delete Entry:
    Removes the selected entry from this profile.

    "); -- -- /* help text - part y1 */ -- string help9 = _("

    *Clean Exec
    The Clean Exec option for the discrete profile --and unconstrained execute permissions provide added security by stripping the environment --that is inherited by the child program of specific variables. These variables are:"); -- /* help text - part y2 */ -- string help10 = "

    • GCONV_PATH
    • GETCONF_DIR
    • HOSTALIASES
    • LD_AUDIT
    • LD_DEBUG
    • LD_DEBUG_OUTPUT
    • LD_DYNAMIC_WEAK
    • LD_LIBRARY_PATH
    • LD_ORIGIN_PATH
    • LD_PRELOAD
    • LD_PROFILE
    • LD_SHOW_AUXV
    • LD_USE_LOAD_BIAS
    • LOCALDOMAIN
    • LOCPATH
    • MALLOC_TRACE
    • NLSPATH
    • RESOLV_HOST_CONF
    • RES_OPTION
    • TMPDIR
    • TZDIR

    "; -- -- -- integer listnum = 0; -- list itemList = [ `item( `id( `file ), _("&File") ), -- `item( `id( `net ), _("Network &Rule") ), -- `item( `id( `dir ), _("&Directory") ), -- `item( `id( `cap ), _("&Capability") ), -- `item( `id( `include ), _("&Include File") ), -- ]; -- -- -- string mainLabel = ""; -- -- if ( hat ) { -- mainLabel = _("AppArmor profile ") + Settings["CURRENT_PROFILE"]:"" + "^" + pathname; -- } else { -- itemList = add(itemList,`item( `id( `hat ), _("&Hat") )); -- mainLabel = _("AppArmor profile for ") + pathname ; -- } -- // Define the widget contents -- // for the Wizard -- term contents_main_profile_form = -- `VBox( -- `Label(mainLabel), -- `HBox( -- `VSpacing(10), -- `Table(`id(`table), `opt(`notify, `immediate ), `header(_("File Name"), _("Permissions")), profilelist) -- ), -- `VSpacing(0.5), -- `HBox( -- `HSpacing(`opt(`hstretch), 0.1), -- `HCenter( `MenuButton(`id(`addMenu), _("Add Entry"), itemList)), -- `HCenter(`PushButton(`id(`edit), _("&Edit Entry"))), -- `HCenter(`PushButton(`id(`delete), _("&Delete Entry"))), -- `HSpacing(`opt(`hstretch), 0.1), -- `VSpacing(1) -- ), -- `VSpacing(1) -- ); -- string help = ""; -- string formtitle = ""; -- if ( hat ) { -- help = help1 + help2 + help3 + help4 + help5 + help6 + help7 + help_net + help8 + helpEdit + help9 + help10; -- formtitle = _("AppArmor Hat Dialog"); -- } else { -- help = help1 + help2 + help3 + help4 + help5 + help6 + help7 + help_net + helpHat + helpEdit + help8 + help9 + help10; -- formtitle = _("AppArmor Profile Dialog"); -- } -- Wizard::SetContentsButtons( formtitle, contents_main_profile_form, help, Label::BackButton(), _("&Done") ); -- -- -- -- map event = $[]; -- any id = nil; -- while( true ) -- { -- event = UI::WaitForEvent( timeout_millisec ); -- id = event["ID"]:nil; // We'll need this often - cache it -- integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -- if ( (( id == `table ) && (event["EventReason"]:nil == "Activated" )) || -- ( id == `edit) ) -- { -- // Widget activated in the table -- string rule = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); -- integer findcap = find( rule, "CAP_"); -- integer findinc = find( rule, "#include"); -- integer findhat = find( rule, "[+] ^"); -- integer findnet = find( rule, "network"); -- string oldrule = rule; -- if ( findcap == 0 ) { -- caps = capabilityEntryPopup( caps, rule, pathname ); -- profile["allow", "capability"] = caps; -- } else if ( findinc == 0 ) { -- Popup::Error(_("Include entries can not be edited. Please select add or delete to manage Include entries.")); -- continue; -- } else if ( findhat == 0 ) { -- string hatToEdit = substring( rule, 5); -- Settings["CURRENT_HAT"] = hatToEdit; -- return `showhat; -- } else if ( findnet == 0 ) { -- string newrule = networkEntryPopup( rule ); -- if ( newrule != "" && newrule != rule ) { -- netdomain = editNetworkRule( netdomain, rule, newrule ); -- } -- profile["allow","netdomain"] = netdomain; -- } else { -- string perms = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 2, ""); -- map results = fileEntryPopup( rule, perms, pathname ); -- integer newperms = 0; -- newperms = (integer) SCR::Execute(.subdomain_profiles.string_to_mode, results["PERM"]:""); -- rule = results["FILE"]:""; -- if ( rule != "" ) { -- if ( rule != oldrule ) { -- paths = remove( paths, oldrule ); -- } -- paths = add(paths, rule, $[ "audit": 0, "mode": newperms]); -- profile["allow","path"] = paths; -- } -- } -- profile_map[pathname] = profile; -- Settings["PROFILE_MAP"] = profile_map; -- list profilelist = generateTableContents( paths, -- netdomain, -- caps, -- includes, -- hats ); -- UI::ChangeWidget( `id(`table), `Items, profilelist ); -- UI::ChangeWidget( `id(`table), `CurrentItem, itemselected ); -- } else if ( id == `delete ) { -- string rule = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); -- integer findcap = find( rule, "CAP_"); -- integer findinc = find( rule, "#include"); -- integer findhat = find( rule, "[+] ^"); -- integer findnet = find( rule, "network"); -- -- if ( findcap == 0 ) { -- string capNameToDelete = linnametolp[rule]:""; -- caps = remove( caps, capNameToDelete ); -- profile["allow", "capability"] = caps; -- } else if ( findinc == 0 ) { -- string includeToRemove = substring( rule, 9); -- includes = remove( includes, includeToRemove ); -- profile["include"] = includes; -- } else if ( findhat == 0 ) { -- string hatToRemove = substring( rule, 5); -- hats = remove( hats, hatToRemove); -- profile_map = remove( profile_map, hatToRemove ); -- } else if ( findnet == 0 ) { -- netdomain = deleteNetworkRule( netdomain, rule ); -- profile["allow","netdomain"] = netdomain; -- } else { -- paths = remove( paths, rule ); -- profile["allow","path"] = paths; -- } -- profile_map[pathname] = profile; -- Settings["PROFILE_MAP"] = profile_map; -- list profilelist = generateTableContents( paths, -- netdomain, -- caps, -- includes, -- hats ); -- UI::ChangeWidget( `id(`table), `Items, profilelist ); -- UI::ChangeWidget( `id(`table), `CurrentItem, (itemselected == 0) ? 0 : itemselected -1 ); -- } else if ( id == `file || id == `dir ) { -- string addfname = ""; -- integer addperms = 0; -- map newentry = nil; -- if ( id == `dir ) { -- newentry = dirEntryPopup( "", "", pathname ); -- } else { -- newentry = fileEntryPopup( "", "", pathname ); -- } -- if ( newentry == nil ) { -- continue; -- } -- addfname = newentry["FILE"]:""; -- addperms = (integer) SCR::Execute(.subdomain_profiles.string_to_mode, newentry["PERM"]:""); -- // Make sure that the entry doesn't already exist -- paths = add( paths, addfname, $["audit":0, "mode": addperms] ); -- profile["allow","path"] = paths; -- profile_map[pathname] = profile; -- Settings["PROFILE_MAP"] = profile_map; -- list profilelist = generateTableContents( paths, -- netdomain, -- caps, -- includes, -- hats ); -- UI::ChangeWidget( `id(`table), `Items, profilelist ); -- UI::ChangeWidget( `id(`table), `CurrentItem, itemselected ); -- } else if ( id == `cap ) { -- caps = capabilityEntryPopup( caps, "", pathname ); -- profile["allow","capability"] = caps; -- profile_map[pathname] = profile; -- Settings["PROFILE_MAP"] = profile_map; -- list profilelist = generateTableContents( paths, -- netdomain, -- caps, -- includes, -- hats ); -- UI::ChangeWidget( `id(`table), `Items, profilelist ); -- } else if ( id == `hat ) { -- if ( hat ) { -- Popup::Error(_("Hats can not have embedded hats.")); -- } -- boolean hatCreated = newHatNamePopup( pathname, hats ); -- if ( hatCreated == true ) { -- return `showhat; -- } -- } else if ( id == `include ) { -- list customIncludes = (list ) SCR::Read(.subdomain, "custom-includes"); -- string newInclude = UI::AskForExistingFile( "/etc/apparmor.d/abstractions", "", _("Select File To Include")); -- if ( newInclude == nil || (string)newInclude == "" ) { -- continue; -- } -- list validIncludes = [ "/etc/apparmor.d/abstractions", "/etc/apparmor.d/program-chunks", "/etc/apparmor.d/tunables" ]; -- foreach( string incPath, customIncludes, { -- validIncludes = add( validIncludes, "/etc/apparmor.d/" + incPath); -- }); -- -- integer result = 0; -- boolean includePathOK = false; -- foreach( string pathToCheck, (list) validIncludes, { -- result = find (newInclude, pathToCheck); -- if ( result != -1 ) { -- includePathOK = true; -- } -- }); -- -- if ( ! includePathOK ) { -- string pathListMsg = ""; -- foreach( string pathItem, (list) validIncludes, { -- pathListMsg = pathListMsg + "\n " + pathItem; -- }); -- Popup::Error(_("Invalid #include file. Include files must be located in one of these directories: \n") + pathListMsg ); -- } else { -- string includeName = substring(newInclude, 16 ); -- includes = add( includes, includeName, 1 ); -- profile["include"] = includes; -- profile_map[pathname] = profile; -- Settings["PROFILE_MAP"] = profile_map; -- list profilelist = generateTableContents( paths, -- netdomain, -- caps, -- includes, -- hats ); -- UI::ChangeWidget( `id(`table), `Items, profilelist ); -- } -- } else if ( id == `net ) { -- string newrule = networkEntryPopup( "" ); -- if ( newrule != "" ) { -- netdomain = addNetworkRule( netdomain, newrule ); -- profile["allow","netdomain"] = netdomain; -- profile_map[pathname] = profile; -- Settings["PROFILE_MAP"] = profile_map; -- list profilelist = generateTableContents( paths, -- netdomain, -- caps, -- includes, -- hats ); -- UI::ChangeWidget( `id(`table), `Items, profilelist ); -- } -- } else if ( id == `abort || id == `cancel ) { -- break; -- } else if ( id == `back ) { -- break; -- } else if ( id == `next ) { -- if ( ! hat ) { -- if (Popup::YesNoHeadline(_("Save changes to the Profile"), -- _("Would you like to save the changes to this profile? \n(Note: after saving the changes the AppArmor profiles will be reloaded.)"))) { -- map argmap = $[ "PROFILE_HASH" : Settings["PROFILE_MAP"]:$[], -- "PROFILE_NAME" : pathname -- ]; -- any result = SCR::Write(.subdomain_profiles, argmap); -- any result2 = SCR::Write(.subdomain_profiles.reload, "-"); -- } -- } else { -- if ( ! haskey(hats, Settings["CURRENT_HAT"]:"") ) { -- profile["allow","path"] = paths; -- profile["allow","capability"] = caps; -- profile["include"] = includes; -- profile_map[pathname] = profile; -- Settings["PROFILE_MAP"] = profile_map; -- } -- return `next; -- } -- break; -- } else { -- y2error("Unexpected return code: %1", id); -- continue; -- } -- } -- return (symbol) id; --} -- -- -- // -- // Select a profile to edit and populate -- // Settings["CURRENT_PROFILE"]: profile name -- // Settings["PROFILE_MAP"]: map containing the profile -- // --define symbol SelectProfileForm( map profiles, string formhelp, string formtitle, string iconname ) { -- list profilelisting = []; -- integer indx = 0; -- foreach( string p, any ignore, (map) profiles, { -- profilelisting = add( profilelisting, `item( `id(p), p)); -- indx = indx+1; -- }); -- -- term contents_select_profile_form = -- `VBox( -- `VSpacing(2), -- `SelectionBox( `id(`profilelist), `opt(`notify), _("Profile Name"), profilelisting ), -- `VSpacing(3) -- ); -- -- // -- // Create the Dialog Window and parse user input -- // -- Wizard::CreateDialog(); -- Wizard::SetContents( formtitle, contents_select_profile_form, formhelp, false, true ); -- Wizard::SetTitleIcon(iconname); -- -- map event = $[]; -- any id = nil; -- string profilename = ""; -- while( true ) -- { -- event = UI::WaitForEvent( timeout_millisec ); -- id = event["ID"]:nil; // We'll need this often - cache it -- if ( id == `next || id == `profilelist ) { -- profilename = tostring( UI::QueryWidget(`id(`profilelist), `CurrentItem) ); -- if ( profilename != nil && profilename != "" ) { -- break; -- } else { -- Popup::Error(_("You must select a profile to edit")); -- continue; -- } -- } // TODO ELSE POPUP NO ENTRY SELECTED ERROR -- if(id == `abort || id == `cancel) { -- break; -- } else if(id == `back) { -- break; -- } else { -- y2error("Unexpected return code: %1", id); -- continue; -- } -- } -- if ( id == `next || id == `profilelist) { -- Settings["CURRENT_PROFILE"] = profilename; -- Settings["PROFILE_MAP"] = profiles[profilename]:nil; -- id = `next; -- } -- UI::CloseDialog(); -- return (symbol) id; -- } -- --} -- ---- a/src/include/subdomain/report_helptext.ycp -+++ /dev/null -@@ -1,158 +0,0 @@ --/* ------------------------------------------------------------------ --* --* Copyright (C) 2002-2005 Novell/SUSE --* --* This program is free software; you can redistribute it and/or --* modify it under the terms of version 2 of the GNU General Public --* License published by the Free Software Foundation. --* -- ------------------------------------------------------------------*/ -- --{ -- --textdomain "yast2-apparmor"; -- --string defs = _("Program Name Pattern:
    When you enter a program name or pattern --that matches the name of the binary executable of the program of --interest, the report will display security events that have --occurred for a specific program.
    ") + -- --_("Profile Name Pattern: When you enter the name of the profile, --the report will display the security events that are generated for --the specified profile. You can use this to see what is being confined --by a specific profile.
    ") + -- --_("PID Number: Process ID number is a number that uniquely identifies --one specific process or running program (this number is valid only --during the lifetime of that process).
    ") + -- --_("Severity Level: Select the lowest severity level for security --events that you would like to be included in the report. The selected --severity level, and above, will be included in the reports.
    ") + -- --_("Detail: A source to which the profile has denied access. --This includes capabilities and files. You can use this field to --report the resources are not allowed to be accessed by profiles.
    ") + -- --_("Mode: The Mode is the permission that the profile grants --to the program or process to which it is applied. The options are: --r (read) w (write) l (link) x (execute)
    ") + -- --_("Access Type: The access type describes what is actually happening --with the security event. The options are: PERMITTING, REJECTING, --or AUDITING.
    ") + -- --_("CSV or HTML: Enables you to export a CSV (comma separated --values) or html file. The CSV file separates pieces of data in --the log entries with commas using a standard data format for --importing into table-oriented applications. You can enter a --pathname for your exported report by typing in the full --pathname in the field provided.

    "); -- --string setArchHelp = _("

    The Report Configuration dialog enables you to filter the archived --report selected in the previous screen. To filter by Date Range:") + -- --_("

    1. Click Filter By Date Range. The fields become active.
      2. --
    2. Enter the start and end dates that delineate the scope of the report.
      3. --
    3. Enter other filtering parameters. See below for definitions of parameters.

    ") + -- --_("The following definitions help you to enter the filtering parameters in the --Report Configuration Dialog:
    ") + defs; -- -- --string types = _("Executive Security Summary: A combined report, --consisting of one or more Security incident reports from --one or more machines. This report provides a single view of --security events on multiple machines.
    ") + -- --_("Applications Audit Report: An auditing tool that --reports which application servers are running and whether --the applications are confined by AppArmor. Application --servers are applications that accept incoming network connections.
    ") + -- --_("Security Incident Report: A report that displays application --security for a single host. It reports policy violations for locally --confined applications during a specific time period. You can edit and --customize this report, or add new versions.

    "); -- --string runHelp = _("

    The AppArmor On-Demand Report screen displays --an instantly generated version of one of the following --reports:
    ") + types; -- -- --string filterCfHelp1 = setArchHelp; --/* START Help Section --************************************************************/ -- --string repGenHelpText = _("

    Generate Reports Help

    If there were, in fact, --going to be any help for you (which, incidentally, there isn't going to be), --then you would indeed find said help, here.

    Thank you for your time, --and have a nice day.

    "); -- -- -- --string schedHelpText = --_("

    The summary of scheduled reports page shows us when reports are scheduled to run. --Reports can be set to run monthly, weekly, daily, or hourly. The default settings are --daily at midnight. The reports can also be emailed, upon completion, to up to three --email recipients.
    ") + -- --_("In the Set Schedule section, you can schedule the following three types of security reports:
    ") + types; -- --string archHelpText = _("

    The View Archive Reports form enables you to view --previously generated reports, located in the /var/log/apparmor/reports-archived --directory. The checkboxes at the top of the form enable you to narrow-down --the category of reports shown in the list to the following: SIR Reports, AUD --Reports, or ESS Reports. To see report details, select a report and click the --View button.

    You can view reports from one or more systems if --you move the reports to the /var/log/apparmor/reports-archived directory.

    "); -- --string mainHelp = schedHelpText; -- -- --list helpList = [ schedHelpText ]; -- --term defaultHelp = `RichText ( schedHelpText ); --term schedHelp = `RichText ( schedHelpText ); --term repGenHelp = `RichText ( repGenHelpText ); --term archHelp = `RichText ( archHelpText ); --term otherHelp = `RichText ( archHelpText ); -- --string repConfHelp = _("repConfHelp"); -- --string sirHelp = _("

    Security Incident Report (SIR): A report that displays security --events of interest to an administrator. The SIR reports policy violations --for locally confined applications during the specified time period. The SIR --reports policy exceptions and policy engine state changes. These two types --of security events are defined as follows:") + -- --_("

    • Policy Exceptions: When an application requests a resource --that's not defined within its profile, a security event is generated.
      • --
    • Policy Engine State Changes: Enforces policy for applications and --maintains its own state, including when engines start or stop, when a policy --is reloaded, and when global security feature are enabled or disabled.
    --Select the report from the archive, then View to see the report details.

    "); -- -- --string audHelp = _("

    Applications Audit Report (AUD): An auditing tool --that reports which application servers are running and whether they are confined --by AppArmor. Application servers are applications that accept incoming network --connections. This report provides the host machine's IP Address, the date the --Applications Audit Report ran, the name and path of the unconfined program or --application server, the suggested profile or a placeholder for a profile for an --unconfined program, the process ID number, The state of the program (confined or --unconfined), and the type of confinement that the profile is performing --(enforce/complain).

    "); -- --string essHelp = _("

    Executive Security Summary (ESS): A combined report, --consisting of one or more high-level reports from one or more machines. This --report can provide a single view of security events on multiple machines if each --machine's data is copied to the reports archive directory, which is --/var/log/apparmor/reports-archived. This report provides the host --machine's IP address, the start and end dates of the polled events, total number --of rejects, total number of events, average of severity levels reported, and the --highest severity level reported. One line of the ESS report represents a range --of SIR reports.

    "); -- --} -- ---- a/src/include/subdomain/reporting_archived_dialogs.ycp -+++ /dev/null -@@ -1,307 +0,0 @@ --/* ------------------------------------------------------------------ --* --* Copyright (C) 2002-2005 Novell/SUSE --* --* This program is free software; you can redistribute it and/or --* modify it under the terms of version 2 of the GNU General Public --* License published by the Free Software Foundation. --* -- ------------------------------------------------------------------*/ -- --{ -- --import "Wizard"; --import "Popup"; --import "Label"; --include "subdomain/report_helptext.ycp"; --include "subdomain/reporting_utils.ycp"; --textdomain "yast2-apparmor"; -- --// Global --integer timeout_millisec = 20 * 1000; -- --//define term turnReportPage (integer curPage) { --define term turnArchReportPage (integer curPage, integer lastPage) { -- -- map Settings = $[ ]; -- list reportList = []; -- -- string currentPage = tostring( curPage ); -- string slastPage = tostring( lastPage ); -- Settings["page"] = currentPage; -- Settings["turnArch"] = "1"; -- Settings["turnPage"] = "1"; -- -- reportList = getReportList("sir",Settings); -- -- // poor i18n -- string myLabel = _("Archived Security Incident Report - Page ") + currentPage + _(" of ") + slastPage; -- -- term odForm = -- -- `Frame( `id(`odframe), myLabel, -- -- `VBox( -- `HBox( -- `VSpacing(10), -- makeSirTable(reportList), -- `VSpacing(0.5) -- ), -- `HSpacing(`opt(`hstretch), 1.0), -- `VSpacing(0.5), -- `HBox( -- `PushButton(`id(`first), _("F&irst") ), -- `PushButton(`id(`prev), _("&Previous") ), -- `PushButton(`id(`psort), _("&Sort") ), -- `PushButton(`id(`fwd), _("&Forward") ), -- `PushButton(`id(`last), _("&Last") ) -- ), -- `VSpacing(1) -- )); -- -- return odForm; --} -- --define term filterArchForm() { -- -- string expPath = "/var/log/apparmor/reports-exported"; -- -- term arForm = -- -- `Top(`VBox( -- `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )), -- `Frame( `id(`bydate_frame), _(" Select Date Range ") , -- `VBox( -- `Label( _("Enter Starting Date/Time") ), -- `HBox( -- `HSpacing( `opt(`hstretch), 1), -- `IntField(`id(`startHours), _("Hours"), 0, 23, 0), -- `IntField(`id(`startMins), _("Minutes"), 0, 59, 0), -- `IntField(`id(`startDay), _("Day"), 1, 31, 1), -- `IntField(`id(`startMonth), _("Month"), 1, 12, 1), -- `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005) -- ), -- `VSpacing(1.0), -- `Label( _("Enter Ending Date") ), -- `HBox( -- `HSpacing( `opt(`hstretch), 1), -- `IntField(`id(`endHours), _("Hours"), 0, 23, 0), -- `IntField(`id(`endMins), _("Minutes"), 0, 59, 0), -- `IntField(`id(`endDay), _("Day"), 1, 31, 1), -- `IntField(`id(`endMonth), _("Month"), 1, 12, 1), -- `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005) -- ), -- `VSpacing(1.0) -- )), -- `VSpacing( 1.0 ), -- `HBox( -- `HWeight( 4, `TextEntry(`id(`prog), _("Program name") )), -- `HWeight( 4, `TextEntry(`id(`prof), _("Profile name") )), -- `HWeight( 3, `TextEntry(`id(`pid), _("PID number") )), -- `HWeight( 2, -- `ComboBox(`id(`sev), _("Severity"), [ -- _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" -- ]) ), -- `HSpacing( `opt(`hstretch), 5) -- ), -- `HBox( -- `HWeight( 3, `TextEntry(`id(`res), _("Detail") )), -- `HWeight( 3, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))), -- `HWeight( 3, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))), -- `HSpacing( `opt(`hstretch), 5) -- ), -- `VSpacing( 0.5 ), -- -- `HBox( -- `VSpacing(0.5), -- `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [ -- _("None"), _("csv"), _("html"), _("Both") -- ]), -- `TextEntry(`id(`expPath), _("Location to store log."), expPath ), -- `Bottom( `VWeight( 1, `PushButton(`id(`accept), Label::AcceptButton()) )), -- `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) -- ) -- )); -- -- return arForm; --} -- --define map setArchFilter() { -- -- map Settings = $[]; -- -- term archForm = filterArchForm(); -- Wizard::SetContentsButtons( _("Report Configuration Dialog"), archForm, -- setArchHelp, Label::BackButton(), Label::NextButton() ); -- -- UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); -- -- string mode = "All"; -- string sdmode = "R"; -- -- map event = $[]; -- any id = nil; -- -- while ( true ) { -- -- event = UI::WaitForEvent( timeout_millisec ); -- id = event["ID"]:nil; // We'll need this often - cache it -- -- if ( id == `bydate ) { -- -- UI::ChangeWidget(`id(`bydate_frame), `Enabled, true); -- -- } else if ( id == `next || id == `save ) { -- -- boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value); -- -- if ( bydate == true ) { -- -- integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value); -- integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value); -- integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value); -- integer startHours = (integer) UI::QueryWidget(`id(`startHours), `Value); -- integer startMins = (integer) UI::QueryWidget(`id(`startMins), `Value); -- integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value); -- integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value); -- integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value); -- integer endHours = (integer) UI::QueryWidget(`id(`endHours), `Value); -- integer endMins = (integer) UI::QueryWidget(`id(`endMins), `Value); -- -- // start_day & start_month are mutually exclusive -- if ( id == `startDay ) { -- UI::ChangeWidget(`id(`startMonth), `Value, 0); -- } else if ( id == `startMonth ) { -- UI::ChangeWidget(`id(`startDay), `Value, 0); -- } -- -- // start_day & start_month are mutually exclusive -- if ( id == `endDay ) { -- UI::ChangeWidget(`id(`endMonth), `Value, 0); -- } else if ( id == `endMonth ) { -- UI::ChangeWidget(`id(`endDay), `Value, 0); -- } -- -- if ( CheckDate(startDay,startMonth,startYear) == false ) { -- Popup::Error( _("Illegal start date entered. Please retry.") ); -- continue; -- } -- -- if ( CheckDate(endDay,endMonth,endYear) == false ) { -- Popup::Error( _("Illegal end date entered. Please retry.") ); -- continue; -- } -- //////////////////////////////////////////////////////////// -- -- string startday = tostring(startDay); -- string startmonth = tostring(startMonth); -- string startyear = tostring(startYear); -- string starthours = tostring(startHours); -- string startmins = tostring(startMins); -- string endday = tostring(endDay); -- string endmonth = tostring(endMonth); -- string endyear = tostring(endYear); -- string endhours = tostring(endHours); -- string endmins = tostring(endMins); -- -- Settings["startday"] = startday; -- Settings["startmonth"] = startmonth; -- Settings["startyear"] = startyear; -- Settings["endday"] = endday; -- Settings["endmonth"] = endmonth; -- Settings["endyear"] = endyear; -- Settings["starttime"] = starthours + ":" + startmins; -- Settings["endtime"] = endhours + ":" + endmins; -- -- } -- -- string expType = (string) UI::QueryWidget(`id(`exportType), `Value); -- string expPath = (string) UI::QueryWidget(`id(`exportPath), `Value); -- -- if ( expType != "" && expType != "None" ) { -- -- if ( expType == "csv" ) { -- Settings["exporttext"] = "true"; -- } else if ( expType == "html" ) { -- Settings["exporthtml"] = "true"; -- } else if ( expType == "both" ) { -- Settings["exporttext"] = "true"; -- Settings["exporthtml"] = "true"; -- } -- } -- -- string program_name = (string) UI::QueryWidget(`id(`prog), `Value); -- string profile = (string) UI::QueryWidget(`id(`prof), `Value); -- string pid = (string) UI::QueryWidget(`id(`pid), `Value); -- string sev = (string) UI::QueryWidget(`id(`sev), `Value); -- string res = (string) UI::QueryWidget(`id(`res), `Value); -- string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); -- string mode = (string) UI::QueryWidget(`id(`mode), `Label); -- string exppath = (string) UI::QueryWidget(`id(`expPath), `Value); -- -- if (sdmode == "-") { sdmode = "All"; } -- if (mode == "-") { mode = "All"; } -- -- if ( program_name != "" ) { Settings["prog"] = program_name; } -- if ( profile != "" ) { Settings["profile"] = profile; } -- if ( pid != "" ) { Settings["pid"] = pid; } -- if ( sev != "" && sev != "All" ) { Settings["severity"] = sev; } -- if ( res != "" ) { Settings["resource"] = res; } -- if ( sdmode != "" ) { Settings["sdmode"] = sdmode; } -- if ( mode != "" ) { Settings["mode"] = mode; } -- if ( exppath != "" ) { Settings["exportPath"] = exppath; } -- -- id = nil; -- break; -- -- } else if ( id == `sdmode ) { -- sdmode = popUpSdMode(); -- Settings["sdmode"] = sdmode; -- UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: ") + sdmode) ); -- -- } else if ( id == `mode ) { -- mode = popUpMode(); -- Settings["mode"] = mode; -- UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: ") + mode) ); -- -- } else if ( id == `abort || id == `cancel || id == `done ) { -- Settings["break"] = "abort"; -- break; -- } else if ( id == `close || id == `back) { -- Settings["break"] = "back"; -- break; -- } -- } -- -- return Settings; --} -- --define term viewArchForm(string tab, string logFile, map Settings) { -- -- Settings["archRep"] = "1"; -- Settings["logFile"] = logFile; -- Settings["type"] = "archRep"; -- -- integer curPage = 1; -- string currentPage = "1"; -- Settings["currentPage"] = currentPage; -- -- integer isingle = Settings["single"]:1; -- string single = "1"; -- if ( isingle != nil ) { -- single = tostring(isingle); -- } -- Settings["single"] = single; -- -- // mark - new -- any junk = SCR::Read(.logparse,Settings); -- -- integer lastPage = getLastPage("sirRep",Settings,""); -- term myPage = turnArchReportPage(curPage,lastPage); -- -- return myPage; --} -- -- --} -- ---- a/src/include/subdomain/reporting_dialogues.ycp -+++ /dev/null -@@ -1,2513 +0,0 @@ --/* ------------------------------------------------------------------ --* --* Copyright (C) 2002-2005 Novell/SUSE --* --* This program is free software; you can redistribute it and/or --* modify it under the terms of version 2 of the GNU General Public --* License published by the Free Software Foundation. --* -- ------------------------------------------------------------------*/ --{ -- --import "Wizard"; --import "Popup"; --import "Label"; --include "subdomain/reporting_utils.ycp"; --include "subdomain/report_helptext.ycp"; --include "subdomain/reporting_archived_dialogs.ycp"; --textdomain "yast2-apparmor"; -- --// Globalz --//integer timeout_millisec = 20 * 1000; --map Settings = $[ ]; --string defExpPath = "/var/log/apparmor/reports-exported"; --string oldExpPath = "/var/log/apparmor/reports-exported"; --string expPath = oldExpPath; -- --// This map is to pull the string to send back to the backend agent on save --map md_map= $[ -- `md_00: _("All"), -- `md_01: "1", `md_02: "2", `md_03: "3", -- `md_04: "4", `md_05: "5", `md_06: "6", -- `md_07: "7", `md_08: "8", `md_09: "9", -- `md_10: "10", `md_11: "11", `md_12: "12", -- `md_13: "13", `md_14: "14", `md_15: "15", -- `md_16: "16", `md_17: "17", `md_18: "18", -- `md_19: "19", `md_20: "20", `md_21: "21", -- `md_22: "22", `md_23: "23", `md_24: "24", -- `md_25: "25", `md_26: "26", `md_27: "27", -- `md_28: "28", `md_29: "29", `md_30: "30", -- `md_31: "31" ]; -- --string modeToHumanString( string mode) { -- return ( mode == "All") ? _("All") : mode; --} -- --string humanStringToMode( string hs) { -- return ( hs == _("All")) ? "All" : hs ; --} -- --string typeToHumanString( string type ) { -- string ret = ""; -- -- switch ( type ) -- { -- case "Security.Incident.Report": -- ret = _("Security Incident Report"); -- break; -- case "Applications.Audit": -- ret = _("Applications Audit Report"); -- break; -- case "Executive.Security.Summary": -- ret = _("Executive Security Summary"); -- break; -- default: -- ret = type; -- break; -- } -- -- return ret; --} -- --string humanStringToType( string hs ) { -- string ret = ""; -- -- if( hs == _("Security Incident Report")) -- ret = "Security.Incident.Report"; -- else if ( hs == _("Applications Audit Report")) -- ret = "Applications.Audit"; -- else if ( hs == _("Executive Security Summary")) -- ret = "Executive.Security.Summary"; -- else -- ret = hs; -- -- return ret; --} -- --// Grey out inappropriate paging buttons --define void setPageButtons(integer curPage, integer lastPage) { -- -- if (lastPage <= 1 ) { -- UI::ChangeWidget(`id(`first), `Enabled, false); -- UI::ChangeWidget(`id(`last), `Enabled, false); -- UI::ChangeWidget(`id(`prev), `Enabled, false); -- UI::ChangeWidget(`id(`fwd), `Enabled, false); -- UI::ChangeWidget(`id(`goto), `Enabled, false); -- -- } else if (curPage <= 1 ) { -- UI::ChangeWidget(`id(`first), `Enabled, false); -- UI::ChangeWidget(`id(`prev), `Enabled, false); -- } else if ( curPage >= lastPage ) { -- UI::ChangeWidget(`id(`last), `Enabled, false); -- UI::ChangeWidget(`id(`fwd), `Enabled, false); -- } else { -- UI::SetFocus(`id(`goto)); -- } -- -- return; --} -- --// return input from edit scheduled forms as map of strings --define map getSchedSettings( map Settings ) { -- -- string name = (string) UI::QueryWidget(`id(`name), `Value); -- //integer iMonthdate = (integer) UI::QueryWidget(`id(`monthdate), `Value); -- any md = (any) UI::QueryWidget(`id(`monthdate), `Value); -- string monthdate = (string) md_map[md]:_("All"); -- string weekday = (string) UI::QueryWidget(`id(`weekday), `Value); -- any iHours = (any) UI::QueryWidget(`id(`hour), `Value); -- any iMins = (any) UI::QueryWidget(`id(`mins), `Value); -- string expType = (string) UI::QueryWidget(`id(`expType), `Value); -- string email1 = (string) UI::QueryWidget(`id(`email1), `Value); -- string email2 = (string) UI::QueryWidget(`id(`email2), `Value); -- string email3 = (string) UI::QueryWidget(`id(`email3), `Value); -- -- //string monthdate = tostring( iMonthdate ); -- string hour = tostring( iHours ); -- string mins = tostring( iMins ); -- -- if ( weekday == _("All") ) { weekday = "-"; } -- if ( monthdate == _("All") ) { monthdate = "-"; } -- -- // de-i18n -- if ( weekday == _("Mon") ) { weekday = "Mon"; } -- if ( weekday == _("Tue") ) { weekday = "Tue"; } -- if ( weekday == _("Weds") ) { weekday = "Weds"; } -- if ( weekday == _("Thu") ) { weekday = "Thu"; } -- if ( weekday == _("Fri") ) { weekday = "Fri"; } -- if ( weekday == _("Sat") ) { weekday = "Sat"; } -- if ( weekday == _("Sun") ) { weekday = "Sun"; } -- -- Settings["getconf"] = ""; -- Settings["setconf"] = "1"; -- Settings["name"] = name; -- Settings["monthdate"] = monthdate; -- -- Settings["weekday"] = weekday; -- Settings["hour"] = hour; -- Settings["mins"] = mins; -- if ( expType == _("csv") || expType == _("Both") ) { -- Settings["csv"] = "1"; -- } else { -- Settings["csv"] = "0"; -- } -- -- if ( expType == _("html") || expType == _("Both") ) { -- Settings["html"] = "1"; -- } else { -- Settings["html"] = "0"; -- } -- -- Settings["email1"] = email1; -- Settings["email2"] = email2; -- Settings["email3"] = email3; -- -- return Settings; --} -- --// Gets list of archived reports based on 'type' --define list getArrayList(string type, string repPath) { -- -- map Settings = $[ ]; -- string readSched = "1"; -- Settings["readSched"] = readSched; -- Settings["type"] = type; -- -- if ( repPath != "" ) { -- Settings["repPath"] = repPath; -- } -- -- list itemList = []; -- -- integer key = 1; -- -- if ( type == "sirRep" || type == "essRep" || type == "audRep" ) { -- list db = (list ) SCR::Read (.reports_parse, Settings); -- -- foreach ( map record, db, { -- any strName = record["name"]:nil; -- any strTime = record["time"]:nil; -- string name = tostring(strName); -- string mytime = tostring(strTime); -- itemList = add( itemList, `item( `id(key), record["name"]:nil, record["time"]:nil )); -- key = key + 1; -- }); -- -- } else if (type == "schedRep") { -- -- Settings["getcron"] = "1"; -- -- list db = (list ) SCR::Read (.reports_sched, Settings); -- -- foreach ( map record, db, { -- itemList = add( itemList, `item( `id(key), record["name"]:nil, record["hour"]:nil, record["mins"]:nil, -- record["wday"]:nil, record["mday"]:nil )); -- key = key + 1; -- }); -- -- } else { -- -- Popup::Error( _("Unrecognized form request.") ); -- -- } -- -- return itemList; --} -- -- --// Filter form for editing scheduled reports --define term editFilterForm (map Settings) { -- -- /* debug */ -- string prog = Settings["prog"]:""; -- string prof = Settings["prof"]:""; -- string pid = Settings["pid"]:""; -- string res = Settings["res"]:""; -- string sdmode = Settings["sdmode"]:"R"; -- string mode = Settings["mode"]:"All"; -- string sev = Settings["sev"]:"All"; -- -- term eForm = `VBox( -- -- `VSpacing( 0.5 ), -- `HBox( -- `HWeight( 5, `TextEntry(`id(`prog), _("Program name"), prog )), -- `HWeight( 5, `TextEntry(`id(`prof), _("Profile name"), prof )), -- `HSpacing( `opt(`hstretch), 1) -- ), -- `VSpacing( 0.5 ), -- `HBox( -- `HWeight( 5, `TextEntry(`id(`pid), _("PID number"), pid )), -- `HWeight( 5, `TextEntry(`id(`res), _("Detail"), res )), -- `HSpacing( `opt(`hstretch), 1) -- ), -- `VSpacing( 0.5 ), -- `HBox( -- `HWeight( 2, -- `ComboBox(`id(`sev), _("Severity"), [ -- _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" -- ]) ), -- `VBox( -- `Label( _("Access Type: ") ), -- `Bottom( `HWeight( 4, -- `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode ))))) -- ), -- `VBox( -- `Label( _("Mode: ") ), -- `Bottom( `HWeight( 4, -- `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode ))))) -- ), -- `HSpacing( `opt(`hstretch), 1) -- ), -- `VSpacing( 1 ), -- `HBox( -- `PushButton(`id(`cancel), Label::CancelButton() ), -- `PushButton(`id(`save), Label::SaveButton() ) -- ) -- ); -- -- return eForm; --} -- --term schedFilterForm = -- -- `VBox( -- `VSpacing( 0.5 ), -- `HBox( -- `HWeight( 5, `TextEntry(`id(`prog), _("Program name") )), -- `HWeight( 5, `TextEntry(`id(`prof), _("Profile name") )), -- `HSpacing( `opt(`hstretch), 1) -- ), -- `VSpacing( 0.5 ), -- `HBox( -- `HWeight( 5, `TextEntry(`id(`pid), _("PID number") )), -- `HWeight( 5, `TextEntry(`id(`res), _("Detail") ) ), -- `HSpacing( `opt(`hstretch), 1) -- ), -- `VSpacing( 0.5 ), -- `HBox( -- `HWeight( 2, -- `ComboBox(`id(`sev), _("Severity"), [ -- _("All"), "U", "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" -- ]) ), -- -- `VBox( -- `Label( _("Access Type: ") ), -- `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), "R" )) -- ), -- `VBox( -- `Label( _("Mode: ") ), -- `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("All") )) -- ), -- -- //`HWeight( 4, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))), -- //`HWeight( 4, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))), -- `HSpacing( `opt(`hstretch), 1) -- ), -- `VSpacing( 1 ), -- `HBox( -- `PushButton(`id(`cancel), Label::CancelButton() ), -- `PushButton(`id(`save), Label::SaveButton() ) -- ) -- ); -- --term filterForm = -- -- `VBox( -- `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )), -- `Frame( `id(`bydate_frame), _(" Select Date Range "), -- `VBox( -- `Label( _("Enter Starting Date/Time") ), -- `HBox( -- `HSpacing( `opt(`hstretch), 1), -- `IntField(`id(`startHours), _("Hours"), 00, 23, 00), -- `IntField(`id(`startMins), _("Minutes"), 00, 59, 00), -- `IntField(`id(`startDay), _("Day"), 01, 31, 01), -- `IntField(`id(`startMonth), _("Month"), 01, 12, 01), -- `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005) -- ), -- `VSpacing(1.0), -- `Label( _("Enter Ending Date") ), -- `HBox( -- `HSpacing( `opt(`hstretch), 1), -- `IntField(`id(`endHours), _("Hours"), 0, 23, 0), -- `IntField(`id(`endMins), _("Minutes"), 0, 59, 0), -- `IntField(`id(`endDay), _("Day"), 1, 31, 1), -- `IntField(`id(`endMonth), _("Month"), 1, 12, 1), -- `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005) -- ) -- ), -- `VSpacing(1.0), -- `HBox( -- `HWeight( 4, `TextEntry(`id(`prog), _("Program name")) ), -- `HWeight( 4, `TextEntry(`id(`prof), _("Profile name")) ), -- `HWeight( 3, `TextEntry(`id(`pid), _("PID number")) ), -- `HWeight( 2, -- `ComboBox(`id(`sev), _("Severity"), [ -- _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" -- ]) ), -- `HSpacing( `opt(`hstretch), 5) -- ), -- `HBox( -- `HWeight( 3, `TextEntry(`id(`res), _("Detail") ) ), -- -- `VBox( -- `Label( _("Access Type: ") ), -- `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), "R" )) -- ), -- `VBox( -- `Label( _("Mode: ") ), -- `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("All") )) -- ), -- -- -- //`HWeight( 3, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))), -- //`HWeight( 3, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))), -- `HSpacing( `opt(`hstretch), 5) -- ), -- `VSpacing( 0.5 ), -- -- `HBox( -- `VSpacing(0.5), -- // DWR MOD `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [ -- `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [ -- _("None"), _("csv"), _("html"), _("Both") -- ]), -- `TextEntry(`id(`expPath), _("Location to store log."), expPath ), -- `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) -- ) -- -- )); -- --// filter-defining form --define term filterForm2(string name, map preFilters) { -- -- any aprog = preFilters["prog"]:nil; -- any aprof = preFilters["profile"]:nil; -- any apid = preFilters["pid"]:nil; -- any ares = preFilters["resource"]:nil; -- any amode = preFilters["mode"]:"All"; -- any asdmode = preFilters["sdmode"]:"All"; -- -- string prog = ""; -- string prof = ""; -- string pid = ""; -- string res = ""; -- string mode = ""; -- string sdmode = ""; -- -- if ( aprog != nil ) { prog = tostring(aprog); } -- if ( aprof != nil ) { prof = tostring(aprof); } -- if ( apid != nil ) { pid = tostring(apid); } -- if ( ares != nil ) { res = tostring(ares); } -- if ( amode != nil ) { mode = tostring(amode); } -- if ( asdmode != nil ) { sdmode = tostring(asdmode); } -- if (sdmode == "-") { sdmode = "All"; } -- if (mode == "-") { mode = "All"; } -- -- term ff2 = -- `Top(`VBox( -- `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )), -- `Frame( `id(`bydate_frame), _(" Select Date Range "), -- `VBox( -- `Label( _("Enter Starting Date/Time") ), -- `HBox( -- `HSpacing( `opt(`hstretch), 1), -- `IntField(`id(`startHours), _("Hours"), 0, 23, 0), -- `IntField(`id(`startMins), _("Minutes"), 0, 59, 0), -- `IntField(`id(`startDay), _("Day"), 1, 31, 1), -- `IntField(`id(`startMonth), _("Month"), 1, 12, 1), -- `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005) -- ), -- `VSpacing(1.0), -- `Label( _("Enter Ending Date") ), -- `HBox( -- `HSpacing( `opt(`hstretch), 1), -- `IntField(`id(`endHours), _("Hours"), 0, 23, 0), -- `IntField(`id(`endMins), _("Minutes"), 0, 59, 0), -- `IntField(`id(`endDay), _("Day"), 1, 31, 1), -- `IntField(`id(`endMonth), _("Month"), 1, 12, 1), -- `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005) -- ), -- `VSpacing(1.0) -- )), -- `VSpacing( 1.0 ), -- `HBox( -- `HWeight( 4, `TextEntry(`id(`prog), _("Program name"), prog) ), -- `HWeight( 4, `TextEntry(`id(`prof), _("Profile name"), prof) ), -- `HWeight( 3, `TextEntry(`id(`pid), _("PID number"), pid) ), -- `HWeight( 2, -- `ComboBox(`id(`sev), _("Severity"), [ -- _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" -- ]) ), -- `HSpacing( `opt(`hstretch), 5) -- ), -- `HBox( -- `VSpacing(0.5), -- `TextEntry(`id(`res), _("Detail"), res), -- `VBox( -- `Label( _("Access Type: ") ), -- `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode ))) -- ), -- `VBox( -- `Label( _("Mode: ") ), -- `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode ))) -- ) -- ), -- `VSpacing( 0.5 ), -- -- `HBox( -- `VSpacing(0.5), -- `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [ -- _("None"), _("csv"), _("html"), _("Both") -- ]), -- `TextEntry(`id(`expPath), _("Location to store log."), expPath ), -- `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) -- ) -- )); -- -- return ff2; -- --} -- --// Gets data for next or previous page of current report --define term turnReportPage (string name, integer curPage, string slastPage, map Settings) { -- -- //map Settings = $[ ]; - 07-07 -- list reportList = []; -- -- string currentPage = tostring( curPage ); -- Settings["name"] = name; -- Settings["page"] = currentPage; -- Settings["turnPage"] = "1"; -- -- reportList = getReportList("sir", Settings); -- -- // New map is a list, not a hash -- -- /* Old aa-eventd -- list db = (list ) SCR::Read (.logparse, Settings); -- integer key = 1; -- foreach ( map record, db, { -- reportList = add( reportList, `item( `id(key), record["host"]:nil, -- record["date"]:nil, record["prog"]:nil, record["profile"]:nil, -- record["pid"]:nil, record["severity"]:nil, record["mode"]:nil, -- record["resource"]:nil, record["sdmode"]:nil )); -- key = key + 1; -- }); -- */ -- -- string myLabel = _("On Demand Event Report - Page ") + currentPage + _(" of ") + slastPage; -- -- term odForm = -- -- `Frame( `id(`odpage), myLabel, -- -- `VBox( -- //`Label("AppArmor Event Report Data " + currentPage ), -- //`Label(myLabel), -- -- `HBox( -- `VSpacing(10), -- // New aa-eventd -- makeSirTable(reportList), -- /* Old aa-eventd -- `Table(`id(`table), `opt(`keepSorting, `immediate ), `header( _("Host"), _("Date"), _("Program"), -- _("Profile"), _("PID"), _("Severity"), _("Mode"), _("Detail"), _("Access Type") ), reportList), -- */ -- -- `VSpacing(0.5) -- ), -- `HSpacing(`opt(`hstretch), 1.0), -- `VSpacing(0.5), -- `HBox( -- `PushButton(`id(`first), _("F&irst Page") ), -- `PushButton(`id(`prev), _("&Previous") ), -- `PushButton(`id(`psort), _("&Sort") ), -- `PushButton(`id(`fwd), _("&Forward") ), -- `PushButton(`id(`last), _("&Last Page") ), -- `PushButton(`id(`goto), _("&Go to Page") ) -- ), -- `VSpacing(1) -- )); -- -- return odForm; --} -- --define symbol reportConfigForm() { -- -- term contents_report_config_form = -- `VBox( -- `VSpacing( 1 ), -- `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )), -- `Frame( `id(`bydate_frame), _(" Select Date Range ") , -- `VBox( -- `Label( _("Enter Starting Date/Time") ), -- `HBox( -- `HSpacing( `opt(`hstretch), 1), -- `HWeight( 1, `TextEntry(`id(`start_time), _("Time") )), -- `HSpacing( `opt(`hstretch), 1), -- `HWeight( 1, `TextEntry(`id(`start_day), _("Day") )), -- `HSpacing( `opt(`hstretch), 1), -- `HWeight( 1, `TextEntry(`id(`start_month), _("Month") )), -- `HSpacing( `opt(`hstretch), 1), -- `HWeight( 1, `TextEntry(`id(`start_year), _("Year") )), -- `HSpacing( `opt(`hstretch), 1) -- ), -- `VSpacing( 1.0 ), -- `Label( _("Enter Ending Date") ), -- `HBox( -- `HSpacing( `opt(`hstretch), 1), -- `HWeight( 1, `TextEntry(`id(`end_time), _("Time") )), -- `HSpacing( `opt(`hstretch), 1), -- `HWeight( 1, `TextEntry(`id(`end_day), _("Day") )), -- `HSpacing( `opt(`hstretch), 1), -- `HWeight( 1, `TextEntry(`id(`end_month), _("Month") )), -- `HSpacing( `opt(`hstretch), 1), -- `HWeight( 1, `TextEntry(`id(`end_year), _("Year") )), -- `HSpacing( `opt(`hstretch), 1), -- `VSpacing( `opt(`vstretch), 2) -- ) -- )), -- `VSpacing( 0.5 ), -- `Left(`CheckBox( `id(`byprog), `opt(`notify), _("Filter By Program Name") )), -- `HBox(`id(`pbox), -- `Left(`TextEntry(`id(`prog), _("Program name") )), -- `HSpacing( `opt(`hstretch), 45) -- ), -- `VSpacing( 0.5 ), -- `Left(`CheckBox( `id(`expLog), `opt(`notify), _("Export Report") )), -- `HBox(`id(`ebox), -- `Left(`TextEntry(`id(`exportName), _("Export File Location") )), -- `Label( _("Select Export Format") ), -- `Left(`CheckBox(`id(`exportText), _("CSV"), false)), -- `Left(`CheckBox(`id(`exportHtml), _("HTML"), true)) -- ) -- ); -- Wizard::SetContentsButtons( _("Report Configuration Dialog"), contents_report_config_form, repConfHelp, Label::BackButton(), Label::NextButton() ); -- -- Settings = $[ ]; -- map event = $[]; -- any id = nil; -- UI::ChangeWidget(`id(`pbox), `Enabled, false); -- UI::ChangeWidget(`id(`ebox), `Enabled, false); -- UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); -- UI::ChangeWidget(`id(`exportName), `Value, "/tmp/export.log"); -- -- while( true ) { -- event = UI::WaitForEvent( timeout_millisec ); -- id = event["ID"]:nil; // We'll need this often - cache it -- -- integer start_day = (integer) UI::QueryWidget(`id(`start_day), `Value); -- integer start_month = (integer) UI::QueryWidget(`id(`start_month), `Value); -- integer start_year = (integer) UI::QueryWidget(`id(`start_year), `Value); -- integer end_day = (integer) UI::QueryWidget(`id(`end_day), `Value); -- integer end_month = (integer) UI::QueryWidget(`id(`end_month), `Value); -- integer end_year = (integer) UI::QueryWidget(`id(`end_year), `Value); -- -- if ( id == `byprog ) { -- boolean val = (boolean) UI::QueryWidget(`id(`byprog), `Value); -- if ( val == true ) { -- UI::ChangeWidget(`id(`pbox), `Enabled, true); -- UI::ChangeWidget(`id(`allevents), `Value, false); -- } else { -- UI::ChangeWidget(`id(`pbox), `Enabled, false); -- } -- } else if ( id == `bydate ) { -- boolean val = (boolean) UI::QueryWidget(`id(`bydate), `Value); -- if ( val == true ) { -- UI::ChangeWidget(`id(`bydate_frame), `Enabled, true); -- UI::ChangeWidget(`id(`allevents), `Value, false); -- } else { -- UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); -- } -- } else if ( id == `expLog ) { -- boolean val = (boolean) UI::QueryWidget(`id(`expLog), `Value); -- if ( val == true ) { -- UI::ChangeWidget(`id(`ebox), `Enabled, true); -- //UI::ChangeWidget(`id(`allevents), `Value, false); -- } else { -- UI::ChangeWidget(`id(`ebox), `Enabled, false); -- } -- } else if ( id == `next ) { -- -- // Setup the data structures. -- boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value); -- boolean byprog = (boolean) UI::QueryWidget(`id(`byprog), `Value); -- boolean allevents = (boolean) UI::QueryWidget(`id(`allevents), `Value); -- boolean expLog = (boolean) UI::QueryWidget(`id(`expLog), `Value); -- -- if ( expLog ) { -- string exportName = (string) UI::QueryWidget(`id(`exportName), `Value); -- any expText = (boolean) UI::QueryWidget(`id(`exportText), `Value); -- any expHtml = (boolean) UI::QueryWidget(`id(`exportHtml), `Value); -- string exportText = tostring( expText ); -- string exportHtml = tostring( expHtml ); -- Settings["exportname"] = exportName; -- Settings["exporttext"] = exportText; -- Settings["exporthtml"] = exportHtml; -- } -- -- if ( byprog ) { -- string program_name = (string) UI::QueryWidget(`id(`prog), `Value); -- Settings["prog"] = program_name; -- } -- -- if ( bydate ) { -- -- integer start_hour = (integer) UI::QueryWidget(`id(`startHour), `Value); -- integer start_min = (integer) UI::QueryWidget(`id(`startMin), `Value); -- integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value); -- integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value); -- integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value); -- integer end_hour = (integer) UI::QueryWidget(`id(`endHour), `Value); -- integer end_min = (integer) UI::QueryWidget(`id(`endMin), `Value); -- integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value); -- integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value); -- integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value); -- string start_time = tostring(start_hour) + ":" + tostring(start_min); -- string end_time = tostring(end_hour) + ":" + tostring(end_min); -- -- if ( CheckDate(startDay,startMonth,startYear) == false ) { -- Popup::Error( _("Illegal start date entered. Please retry.") ); -- continue; -- } -- -- if ( CheckDate(endDay,endMonth,endYear) == false ) { -- Popup::Error( _("Illegal end date entered. Please retry.") ); -- continue; -- } -- -- Settings["startday"] = tostring(startDay); -- Settings["startmonth"] = tostring(startMonth); -- Settings["startyear"] = tostring(startYear); -- Settings["endday"] = tostring(endDay); -- Settings["endmonth"] = tostring(endMonth); -- Settings["endyear"] = tostring(endYear); -- Settings["starttime"] = start_time; -- Settings["endtime"] = end_time; -- } -- -- } else if ( id == `abort || id == `back || id == `done ) { -- Popup::Message( _("Abort or Back") ); -- break; -- } -- -- //break; -- } -- return (symbol) id; --} -- --// Main Report Form --define symbol mainArchivedReportForm() { -- -- map reportdata = nil; -- reportdata = (map) SCR::Read (.logparse, Settings ); -- list reportlist = []; -- -- foreach( integer key, map repdata, (map) reportdata, { -- reportlist = add( reportlist, `item( `id(key), repdata["date"]:nil, repdata["prof"]:nil, repdata["pid"]:nil, repdata["mesg"]:nil)); -- }); -- -- string help1 = _("AppArmor Security Events

    -- This table displays the events found that match your search criteria."); -- -- -- // DBG y2milestone("in MainReportForm"); -- term contents_main_prof_form = -- `VBox( -- `Label( _("AppArmor Event Report Data") ), -- `HBox( -- `VSpacing(10), -- `Table(`id(`table), `opt(`notify, `immediate ), `header(_("Date"), -- _("Profile"), _("PID"), _("AppArmor Message") ), reportlist), -- `VSpacing(0.5) -- ) -- ); -- Wizard::SetContentsButtons( _("AppArmor Security Event Report"), -- contents_main_prof_form, help1, Label::BackButton(), _("&Done") ); -- -- -- map event = $[]; -- any id = nil; -- while( true ) { -- -- event = UI::WaitForEvent( timeout_millisec ); -- id = event["ID"]:nil; // We'll need this often - cache it -- -- if ( id == `table ) { -- -- if ( event["EventReason"]:nil == "Activated" ) { -- // Widget activated in the table -- integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -- } -- -- } else if ( id == `abort || id == `cancel || id == `done ) { -- break; -- } else if ( id == `back || id == `next ) { -- break; -- } else { -- y2error("Unexpected return code: %1", id); -- continue; -- } -- } -- return (symbol) id; --} -- --// This is the first and base reporting form --define symbol mainReportForm() { -- -- term mainForm = -- -- `VBox( -- `Label( _("AppArmor Reporting") ), -- `VSpacing(2), -- `VBox( -- `Left(`CheckBox( `id(`schedrep), `opt(`notify), _("Schedule Reports"), true )), -- `Left(`CheckBox( `id(`viewrep), `opt(`notify), _("View Archived Reports") )), -- `Left(`CheckBox( `id(`runrep), `opt(`notify), _("Run Reports") )) -- ), -- `VSpacing(0.5) -- ); -- -- Wizard::SetContentsButtons( _("AppArmor Security Event Report"), mainForm, mainHelp, Label::BackButton(), Label::NextButton() ); -- -- map event = $[]; -- any id = nil; -- while( true ) { -- -- event = UI::WaitForEvent( timeout_millisec ); -- id = event["ID"]:nil; // We'll need this often - cache it -- -- if ( id == `schedrep ) { -- UI::ChangeWidget(`id(`viewrep), `Value, false); -- UI::ChangeWidget(`id(`runrep), `Value, false); -- } else if ( id == `viewrep ) { -- UI::ChangeWidget(`id(`schedrep), `Value, false); -- UI::ChangeWidget(`id(`runrep), `Value, false); -- } else if ( id == `runrep ) { -- UI::ChangeWidget(`id(`schedrep), `Value, false); -- UI::ChangeWidget(`id(`viewrep), `Value, false); -- } else if ( id == `abort || id == `cancel || id == `done ) { -- break; -- } else if ( id == `back ) { -- break; -- } else if ( id == `next ) { -- -- if ( UI::QueryWidget(`id(`schedrep), `Value) == true ) { -- id = `schedrep; -- } else if ( UI::QueryWidget(`id(`viewrep), `Value) == true ) { -- id = `viewrep; -- } else if ( UI::QueryWidget(`id(`runrep), `Value) == true ) { -- id = `runrep; -- } -- -- break; -- -- } else { -- y2error("Unexpected return code: %1", id); -- continue; -- } -- } -- -- return (symbol) id; --} -- --// Form used to select the type of archived report to list --define term viewForm(map archType, list itemList, string repPath) { -- -- boolean sirRep = archType["sirRep"]:false; -- boolean audRep = archType["audRep"]:false; -- boolean essRep = archType["essRep"]:false; -- -- if ( repPath == "" || repPath == nil ) { -- repPath = "/var/log/apparmor/reports-archived/"; -- } -- -- if ( audRep == false && essRep == false ) { -- sirRep = true; -- } -- -- term vForm = -- `ReplacePoint(`id(`viewform), `VBox( -- `Label( _("View Archived Reports") ), -- `HSpacing(60), // make the table and thus the dialog wide enough -- `VSpacing(1), -- `HBox( -- `Frame( `id(`radioSelect), _("Choose a Report Type"), -- `RadioButtonGroup(`id(`chooseRep), `HBox( -- `HStretch(), -- `RadioButton(`id(`sirRep), `opt(`notify, `immediate), _("SIR"), sirRep), -- `HSpacing(1), -- `RadioButton(`id(`audRep), `opt(`notify, `immediate), _("App Aud"), audRep), -- `HSpacing(1), -- `RadioButton(`id(`essRep), `opt(`notify, `immediate), _("ESS"), essRep), -- `HSpacing(1), -- `HStretch() -- ))) -- ), -- `VSpacing(1), -- `Frame( `id(`repFrame), _("Location of Archived Reports"), -- `HBox( -- `Left(`Label(repPath)), -- `HSpacing(1), -- `Left(`PushButton(`id(`browse), _("&Browse"))), -- `HStretch() -- ) -- ), -- `VSpacing(0.5), -- `VWeight( 10, `HBox( -- `VSpacing(1), -- `Table(`id(`table), `opt(`notify, `immediate), `header(_("Report"), -- _("Date") ), itemList ) ) -- ), -- `VSpacing(1), -- `HBox( -- `VSpacing(1), -- `PushButton(`id(`view), _("&View") ), -- `PushButton(`id(`viewall), _("View &All") ) -- ) -- )); -- -- return vForm; --} -- --define map filterConfigForm(string name) { -- -- // Cheating way to set filters -- map opts = $[]; -- opts["getSirFilters"] = "1"; -- opts["name"] = name; -- opts["gui"] = "1"; -- map preFilters = $[]; -- preFilters = (map) SCR::Read( .logparse, opts ); -- -- any asev = preFilters["severity"]:nil; -- string sev = ""; -- if ( asev != nil ) { sev = tostring(asev); } -- if ( sev == "-" ) { sev = _("All"); } -- -- Wizard::SetContentsButtons( _("Report Configuration Dialog"), -- filterForm2(name,preFilters), filterCfHelp1, Label::BackButton(), Label::NextButton() ); -- -- if ( sev != "" && sev != _("All") ) { -- if ( sev != "U" ) { -- integer isev = tointeger(sev); -- if ( isev < 10 ) { -- sev = "0" + sev; -- } -- } -- -- UI::ChangeWidget(`id(`sev), `Value, sev); -- } -- -- string mode = "All"; -- string sdmode = "R"; -- -- Settings = $[ ]; -- map event = $[]; -- any id = nil; -- UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); -- -- while( true ) { -- -- event = UI::WaitForEvent( timeout_millisec ); -- id = event["ID"]:nil; -- -- if ( id == `bydate ) { -- -- boolean val = (boolean) UI::QueryWidget(`id(`bydate), `Value); -- if ( val == true ) { -- UI::ChangeWidget(`id(`bydate_frame), `Enabled, true); -- } else { -- UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); -- } -- -- } else if ( id == `abort || id == `done || id == `cancel) { -- Settings["break"] = "abort"; -- break; -- -- } else if ( id == `back ) { -- Settings["break"] = "back"; -- break; -- -- } else if ( id == `sdmode ) { -- -- sdmode = popUpSdMode(); -- -- if ( sdmode != "" ) { -- Settings["sdmode"] = sdmode; -- UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) ) ); -- } -- -- } else if ( id == `mode ) { -- -- mode = popUpMode(); -- -- if ( mode != "" ) { -- Settings["mode"] = mode; -- UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode ))); -- } -- -- } else if ( id == `browse ) { -- -- string selectFile = ""; -- selectFile = UI::AskForExistingDirectory( "/", _("Select Directory")); -- -- if ( selectFile != nil ) { -- UI::ChangeWidget(`id(`expPath), `Value, selectFile); -- } -- -- Settings["expPath"] = expPath; -- -- } else if ( id == `save || id == `next) { -- -- // Setup the data structures. -- boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value); -- boolean expText = false; -- boolean expHtml = false; -- -- if ( UI::QueryWidget(`id(`expLog), `Enabled) == true ) { -- expText = (boolean) UI::QueryWidget(`id(`exportText), `Value); -- expHtml = (boolean) UI::QueryWidget(`id(`exportHtml), `Value); -- } -- -- if ( expText == true ) { -- Settings["exporttext"] = "true"; -- } -- if ( expHtml == true ) { -- Settings["exporthtml"] = "true"; -- } -- -- string program_name = (string) UI::QueryWidget(`id(`prog), `Value); -- string profile = (string) UI::QueryWidget(`id(`prof), `Value); -- string pid = (string) UI::QueryWidget(`id(`pid), `Value); -- string sev = (string) UI::QueryWidget(`id(`sev), `Value); -- string res = (string) UI::QueryWidget(`id(`res), `Value); -- string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); -- string mode = (string) UI::QueryWidget(`id(`mode), `Label); -- string exppath = (string) UI::QueryWidget(`id(`expPath), `Value); -- -- // de-i18n -- if ( sev == _("All") ) { sev = "All"; } -- if ( sev == _("U") ) { sev = "U"; } -- -- if (exppath != "" ) { Settings["exportPath"] = expPath; } -- if ( program_name != "" ) { Settings["prog"] = program_name; } -- if ( profile != "" ) { Settings["profile"] = profile; } -- if ( pid != "" ) { Settings["pid"] = pid; } -- if ( sev != "" && sev != "All" ) { Settings["severity"] = sev; } -- if ( res != "" ) { Settings["resource"] = res; } -- if ( sdmode != "" ) { Settings["sdmode"] = humanStringToMode( sdmode); } -- if ( mode != "" ) { Settings["mode"] = humanStringToMode( mode ); } -- -- if ( bydate == true ) { -- -- integer start_hour = (integer) UI::QueryWidget(`id(`startHour), `Value); -- integer start_min = (integer) UI::QueryWidget(`id(`startMin), `Value); -- integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value); -- integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value); -- integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value); -- integer end_hour = (integer) UI::QueryWidget(`id(`endHour), `Value); -- integer end_min = (integer) UI::QueryWidget(`id(`endMin), `Value); -- integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value); -- integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value); -- integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value); -- -- string start_time = tostring(start_hour) + ":" + tostring(start_min); -- string end_time = tostring(end_hour) + ":" + tostring(end_min); -- -- if ( CheckDate(startDay,startMonth,startYear) == false ) { -- Popup::Error( _("Illegal start date entered. Please retry.") ); -- continue; -- } -- -- if ( CheckDate(endDay,endMonth,endYear) == false ) { -- Popup::Error( _("Illegal end date entered. Please retry.") ); -- continue; -- } -- -- string start_day = tostring(startDay); -- string start_month = tostring(startMonth); -- string start_year = tostring(startYear); -- string end_day = tostring(endDay); -- string end_month = tostring(endMonth); -- string end_year = tostring(endYear); -- -- Settings["startday"] = tostring(start_day); -- Settings["startmonth"] = tostring(start_month); -- Settings["startyear"] = tostring(start_year); -- Settings["endday"] = tostring(end_day); -- Settings["endmonth"] = tostring(end_month); -- Settings["endyear"] = tostring(end_year); -- Settings["starttime"] = start_time; -- Settings["endtime"] = end_time; -- -- } -- -- string expType = (string) UI::QueryWidget(`id(`expType), `Value); -- string expPath = (string) UI::QueryWidget(`id(`expPath), `Value); -- -- if ( expType == _("csv") ) { -- Settings["exporttext"] = "1"; -- } else if ( expType == _("html") ) { -- Settings["exporthtml"] = "1"; -- } else if ( expType == _("Both") ) { -- Settings["exporttext"] = "1"; -- Settings["exporthtml"] = "1"; -- } -- -- Settings["exportPath"] = expPath; -- -- break; -- } -- } -- -- return Settings; --} -- --define term displayEmptyRep(string type) { -- -- string myLabel = ""; -- string myInfo = ""; -- -- if ( type == "noDb" ) { -- myLabel = _("Events DB Not Initialized."); -- myInfo = _("The events database has not been populated. No records exist."); -- } else if ( type == "noList" ) { -- myLabel = _("Query Returned Empty List."); -- myInfo = _("The events database has no records that match the search query."); -- } -- -- term newPage = -- -- `Frame( `id(`newpage), myLabel, -- -- `VBox( -- //`Label(myLabel), -- `HBox( -- `VSpacing(10), -- `Label( myInfo ), -- `VSpacing(0.5) -- ), -- `HSpacing(`opt(`hstretch), 1.0), -- `VSpacing(1) -- )); -- -- -- return newPage; --} -- --define term displayRep(string type, integer curPage, string slastPage, list reportList ) { -- -- string myLabel = ""; -- string currentPage = tostring(curPage); -- term myTable = nil; -- -- if (type == "onDemand" || type == "sir") { -- // Very poor i18n here -- myLabel = _("On Demand Event Report - Page ") + currentPage + _(" of ") + slastPage; -- myTable = makeSirTable(reportList); -- -- } else if (type == "archRep") { -- -- myLabel = _("Archived Event Report - Page ") + currentPage + _(" of ") + slastPage; -- myTable = makeSirTable(reportList); -- -- } else if (type == "aud" || type == "audRep" ) { -- -- myLabel = _("Applications Audit Report"); -- myTable = `Table(`id(`table), `opt(`notify, `immediate ), -- `header(_("Host"), _("Date"), _("Program"), -- _("Profile"), _("PID"), _("State"), _("Type") ), reportList); -- -- } else if (type == "ess" || type == "essRep" ) { -- if (reportList == nil) { -- myLabel = _("Executive Security Summary"); -- myTable = `Table(`id(`table), `opt(`notify), -- `header(_("Query Results")), _("No event information exists.")); -- -- } else { -- myLabel = _("Executive Security Summary"); -- myTable = `Table(`id(`table), `opt(`notify, `immediate ), -- `header(_("Host"), _("Start Date"),_("End Date"), _("Num Rejects"), -- _("Num Events"), _("Ave. Sev"), _("High Sev") ), reportList); -- } -- } -- -- term newPage = -- -- `Frame( `id(`newpage), myLabel, -- -- `VBox( -- `HBox( -- `VSpacing(10), -- myTable, -- `VSpacing(0.5) -- ), -- `HSpacing(`opt(`hstretch), 1.0), -- `VSpacing(0.5), -- `HBox( -- `PushButton(`id(`first), _("F&irst Page") ), -- `PushButton(`id(`prev), _("&Previous") ), -- `PushButton(`id(`psort), _("&Sort") ), -- `PushButton(`id(`fwd), _("&Forward") ), -- `PushButton(`id(`last), _("&Last Page") ), -- `PushButton(`id(`goto), _("&Go to Page") ) -- ), -- `VSpacing(1) -- )); -- -- return newPage; --} -- -- --// View Archived Reports --define symbol displayArchForm() { -- -- map archType = $[ ]; -- archType["sirRep"] = true; -- archType["audRep"] = false; -- archType["essRep"] = false; -- -- map Settings = $[ ]; -- string readSched = "1"; -- Settings["getcron"] = "0"; -- Settings["readSched"] = "1"; -- Settings["type"] = "sirRep"; -- string type = Settings["type"]:nil; -- -- list itemList = []; -- itemList = getArrayList(type,""); -- -- Wizard::SetContentsButtons( _("AppArmor Security Event Report"), -- viewForm(archType, itemList, ""), archHelpText, Label::BackButton(), _("&Done") ); -- -- map event = $[]; -- any archId = nil; -- -- string repPath = ""; -- integer lastPage = 1; -- integer curPage = 1; -- -- string formHelp = runHelp; -- -- -- while( true ) { -- -- event = UI::WaitForEvent( ); -- -- archId = event["ID"]:nil; // We'll need this often - cache it -- -- if (archId == `back || archId == `abort || archId == `done) { -- break; -- } else if ( archId == `close || archId == `cancel || archId == `next) { -- break; -- -- } else if ( archId == `repPath ) { -- -- repPath = (string) UI::QueryWidget(`id(`repPath), `Value); -- Settings["repPath"] = repPath; -- itemList = getArrayList(type,repPath); -- Wizard::SetContentsButtons( _("AppArmor Security Event Report"), -- viewForm(archType, itemList, repPath), archHelpText, Label::BackButton(), _("&Done") ); -- -- } else if ( archId == `browse ) { -- -- string selectFile = ""; -- selectFile = UI::AskForExistingDirectory( "/", _("Select Directory")); -- -- if ( selectFile != nil ) { -- UI::ChangeWidget(`id(`repPath), `Value, selectFile); -- // set new reppath -- repPath = selectFile; -- Settings["repPath"] = repPath; -- itemList = getArrayList(type,repPath); -- Wizard::SetContentsButtons( _("AppArmor Security Event Report"), -- viewForm(archType, itemList, repPath), archHelpText, Label::BackButton(), -- _("&Done") ); -- } -- -- -- } else if ( archId == `sirRep ) { -- formHelp = sirHelp; -- archType["sirRep"] = true; -- archType["audRep"] = false; -- archType["essRep"] = false; -- Settings["type"] = "sirRep"; -- type = Settings["type"]:nil; -- -- itemList = getArrayList(type,repPath); -- -- Wizard::SetContentsButtons( _("View Archived SIR Report"), -- viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done")); -- -- } else if ( archId == `audRep ) { -- formHelp = audHelp; -- archType["sirRep"] = false; -- archType["audRep"] = true; -- archType["essRep"] = false; -- Settings["type"] = "audRep"; -- type = Settings["type"]:nil; -- -- itemList= getArrayList(type,""); -- Wizard::SetContentsButtons( _("View Archived AUD Report"), -- viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done")); -- -- } else if ( archId == `essRep ) { -- formHelp = essHelp; -- archType["sirRep"] = false; -- archType["audRep"] = false; -- archType["essRep"] = true; -- Settings["type"] = "essRep"; -- type = Settings["type"]:nil; -- -- itemList= getArrayList(type,""); -- Wizard::SetContentsButtons( _("View Archived ESS Report"), -- viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done")); -- -- -- } else if ( archId == `view || archId == `viewall || archId == `table) { -- -- if ( archId == `viewall ) { -- Settings["single"] = "0"; -- } else { -- Settings["single"] = "1"; -- } -- -- integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -- string logFile = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); -- string logPath = (string) UI::QueryWidget(`id(`repPath), `Value); -- list splitPath = splitstring (logPath, "/"); -- string checkPath = splitPath[size(splitPath)-1]:""; -- -- string longLogName = ""; -- -- -- // Cat strings & check for trailing "/" in path -- if ( logPath != "" ) { -- if ( checkPath != "" ) { -- longLogName = logPath + "/" + logFile; -- } else { -- longLogName = logPath + logFile; -- } -- } -- -- if ( type == "sirRep" ) { -- -- formHelp = sirHelp; -- map sirSettings = nil; -- sirSettings = setArchFilter(); -- if ( archId == `viewall ) { sirSettings["single"] = 0; } -- -- // Force an exit if appropriate -- any breakCheck = sirSettings["break"]:nil; -- -- if ( breakCheck == "abort" ) { -- symbol myBreak = `abort; -- return myBreak; -- -- } else if ( breakCheck == "back" ) { -- symbol myBreak = `back; -- return myBreak; -- } -- -- if ( repPath != "" ) { -- sirSettings["repPath"] = repPath; -- } -- -- Wizard::SetContentsButtons( _("Security Incident Report"), -- viewArchForm(type,logFile,sirSettings), sirHelp, Label::BackButton(), _("&Done")); -- -- lastPage = getLastPage(type,Settings,""); // check 'name' -- setPageButtons(curPage,lastPage); -- -- } else if ( type == "audRep" ) { -- -- formHelp = audHelp; -- list reportList = []; -- integer key = 1; -- Settings["page"] = "1"; -- Settings["audArch"] = "1"; -- Settings["turnPage"] = "1"; -- Settings["file"] = logFile; -- -- list db = (list ) SCR::Read (.reports_confined, Settings); -- -- foreach ( map repdata, db, { -- reportList = add( reportList, `item( `id(key), repdata["host"]:nil, -- repdata["date"]:nil, repdata["prog"]:nil, repdata["prof"]:nil, -- repdata["pid"]:nil, repdata["state"]:nil, repdata["type"]:nil )); -- key = key + 1; -- }); -- -- lastPage = getLastPage(type,Settings,""); -- string slastPage = tostring(lastPage); -- -- Wizard::SetContentsButtons( _("Applications Audit Report"), -- displayRep(type,curPage,slastPage,reportList), formHelp, Label::BackButton(), -- _("&Done") ); -- setPageButtons(curPage,lastPage); -- -- } else if ( type == "essRep" ) { -- -- formHelp = essHelp; -- list reportList = []; -- integer key = 1; -- Settings["file"] = logFile; -- Settings["essArch"] = "1"; -- -- list db = (list ) SCR::Read (.reports_ess, Settings); -- -- foreach ( map repdata, db, { -- reportList = add( reportList, `item( `id(key), repdata["host"]:nil, -- repdata["startdate"]:nil, repdata["enddate"]:nil, repdata["numRejects"]:nil, -- repdata["numEvents"]:nil, repdata["sevMean"]:nil, repdata["sevHi"]:nil )); -- key = key + 1; -- }); -- -- lastPage = getLastPage(type,Settings,""); -- string slastPage = tostring(lastPage); -- -- Wizard::SetContentsButtons( _("Executive Security Summary Report"), -- displayRep(type,curPage,slastPage,reportList), formHelp, Label::BackButton(), -- _("&Done") ); -- setPageButtons(curPage,lastPage); -- -- } else { -- Popup::Error( _("No recognized report type selected. Try again.") ); -- continue; -- } -- -- } else if ( archId == `goto ) { -- -- integer newPage = popUpGoto(lastPage); -- -- if ( newPage > 0 && newPage <= lastPage && newPage != curPage ) { -- curPage = newPage; -- -- term fwdForm = turnArchReportPage(curPage,lastPage); -- Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, runHelp, Label::BackButton(), _("&Done") ); -- setPageButtons(curPage,lastPage); -- } -- -- } else if ( archId == `psort ) { -- -- string sortKey = popUpSort(type); -- -- if ( sortKey != nil && sortKey != "" ) { -- curPage = 1; -- map sortCmd = $[]; -- sortCmd["sortKey"] = sortKey; -- sortCmd["sort"] = "1"; -- any junk = SCR::Write(.logparse, sortCmd); -- term fwdForm = turnArchReportPage(curPage,lastPage); -- Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, runHelp, Label::BackButton(), _("&Done") ); -- setPageButtons(curPage,lastPage); -- } -- -- } else if ( archId == `fwd ) { -- -- curPage = curPage +1; -- term fwdForm = turnArchReportPage(curPage,lastPage); -- Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, formHelp, Label::BackButton(), _("&Done") ); -- -- setPageButtons(curPage,lastPage); -- -- -- } else if ( archId == `prev ) { -- -- if ( curPage > 0 ) { curPage = curPage -1; } -- term prevForm = turnArchReportPage(curPage,lastPage); -- Wizard::SetContentsButtons( _("AppArmor Report"), prevForm, formHelp, Label::BackButton(), _("&Done") ); -- -- setPageButtons(curPage,lastPage); -- -- } else if ( archId == `first ) { -- -- curPage = 1; -- term firstForm = turnArchReportPage(curPage,lastPage); -- Wizard::SetContentsButtons( _("AppArmor Report"), firstForm, formHelp, Label::BackButton(), _("&Done") ); -- setPageButtons(curPage,lastPage); -- -- } else if ( archId == `last ) { -- -- curPage = lastPage; -- term lastForm = turnArchReportPage(curPage,lastPage); -- Wizard::SetContentsButtons( _("AppArmor Report"), lastForm, formHelp, Label::BackButton(), _("&Done") ); -- setPageButtons(curPage,lastPage); -- -- } else { -- y2error("Unexpected return code: %1", archId); -- continue; -- } -- //break; -- } -- -- if (archId != `back && archId != `abort && archId != `done) { -- archId = `back; -- } -- -- return (symbol) archId; --} -- --// The main form for On-Demand reports, executed from the wizard by selecting 'Run Now' --define symbol displayRunForm() { -- -- integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -- string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "")); -- -- string type = ""; -- -- if (name == "Security.Incident.Report") { -- type = "sir"; -- } else if (name == "Applications.Audit") { -- type = "aud"; -- } else if ( name == "Executive.Security.Summary") { -- type = "ess"; -- } else { -- type = "sir"; // All added reports are SIRs -- } -- -- if ( type != "aud" ) { -- boolean dbActivated = checkEventDb(); -- if ( dbActivated == false ) { -- type = "noDb"; -- } -- } -- -- list reportList = []; -- map Settings = $[ ]; -- integer curPage = 1; -- integer lastPage = 1; -- string slastPage = "1"; -- -- string formHelp = runHelp; -- map reportdata = nil; -- -- if (type == "sir") { -- -- Settings = filterConfigForm(name); -- -- // Force an exit if appropriate -- any breakCheck = Settings["break"]:nil; -- -- if ( breakCheck == "abort" ) { -- symbol myBreak = `abort; -- return myBreak; -- -- } else if ( breakCheck == "back" ) { -- symbol myBreak = `back; -- return myBreak; -- } -- -- formHelp = sirHelp; -- Settings["type"] = "onDemand"; -- Settings["turnPage"] = "0"; -- -- reportList = getReportList("sir",Settings); -- integer listSize = size(reportList); -- if ( listSize < 1 ) { -- type = "noList"; -- } -- -- } else if ( type == "aud" ) { -- -- formHelp = audHelp; -- Settings["type"] = "onDemand"; -- Settings["turnPage"] = "0"; -- -- list db = (list ) SCR::Read (.reports_confined, Settings); -- -- integer key = 1; -- -- foreach ( map repdata, db, { -- reportList = add( reportList, `item( `id(key), repdata["host"]:nil, -- repdata["date"]:nil, repdata["prog"]:nil, repdata["prof"]:nil, -- repdata["pid"]:nil, repdata["state"]:nil, repdata["type"]:nil )); -- key = key + 1; -- }); -- -- } else if ( type == "ess" ) { -- -- formHelp = essHelp; -- Settings["type"] = "onDemand"; -- Settings["turnPage"] = "0"; -- list db = (list ) SCR::Read (.reports_ess, Settings); -- -- if (db != nil) { -- -- integer key = 1; -- -- foreach ( map repdata, db, { -- reportList = add( reportList, `item( `id(key), repdata["host"]:nil, -- repdata["startdate"]:nil, repdata["enddate"]:nil, -- repdata["numRejects"]:nil, repdata["numEvents"]:nil, repdata["sevMean"]:nil, -- repdata["sevHi"]:nil )); -- key = key + 1; -- }); -- } -- -- } -- -- if ( type == "noDb" ) { -- Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayEmptyRep(type), -- formHelp, Label::BackButton(), _("&Done") ); -- } else if ( type == "noList" ) { -- Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayEmptyRep(type), -- formHelp, Label::BackButton(), _("&Done") ); -- } else { -- -- lastPage = getLastPage(type,Settings,name); -- slastPage = tostring(lastPage); -- -- Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), -- displayRep(type,curPage,slastPage,reportList), formHelp, -- Label::BackButton(), _("&Done") ); -- setPageButtons(curPage,lastPage); -- } -- -- map event = $[]; -- any id = nil; -- -- while( true ) { -- -- // Grey out inappropriate paging buttons -- if (curPage <= 1 ) { -- UI::ChangeWidget(`id(`prev), `Enabled, false); -- } else if ( curPage >= lastPage ) { -- UI::ChangeWidget(`id(`fwd), `Enabled, false); -- } -- -- event = UI::WaitForEvent( timeout_millisec ); -- id = event["ID"]:nil; // We'll need this often - cache it -- -- // REDO -- if ( id == `schedrep ) { -- break; -- } else if ( id == `abort || id == `cancel || id == `back || id == `done) { -- break; -- } else if ( id == `next ) { -- -- break; -- -- } else if ( id == `goto ) { -- -- integer newPage = popUpGoto(lastPage); -- -- if ( newPage > 0 && newPage <= lastPage && newPage != curPage ) { -- curPage = newPage; -- -- term goForm = turnReportPage(name,curPage,slastPage,Settings); -- Wizard::SetContentsButtons( _("AppArmor - Run Reports"), goForm, -- formHelp, Label::BackButton(), _("&Done") ); -- setPageButtons(curPage,lastPage); -- } -- -- } else if ( id == `psort ) { -- -- string sortKey = popUpSort(type); -- -- if ( sortKey != nil && sortKey != "" ) { -- -- // branch added 08.01.2005 -- curPage = 1; -- Settings["type"] = "onDemand"; -- Settings["turnPage"] = "0"; -- Settings["sortKey"] = sortKey; -- -- reportList = getReportList(type,Settings); -- -- Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayRep(type,curPage, -- slastPage,reportList), formHelp, Label::BackButton(), _("&Done") ); -- setPageButtons(curPage,lastPage); -- -- } -- -- } else if ( id == `prev ) { -- -- if ( curPage > 0 ) { curPage = curPage -1; } -- term prevForm = turnReportPage(name,curPage,slastPage,Settings); -- Wizard::SetContentsButtons( _("AppArmor - Run Reports"), prevForm, -- formHelp, Label::BackButton(), _("&Done") ); -- setPageButtons(curPage,lastPage); -- -- } else if ( id == `fwd ) { -- curPage = curPage + 1; -- term fwdForm = turnReportPage(name,curPage,slastPage,Settings); -- Wizard::SetContentsButtons( _("AppArmor - Run Reports"), fwdForm, -- formHelp, Label::BackButton(), _("&Done") ); -- setPageButtons(curPage,lastPage); -- -- } else if ( id == `first ) { -- -- curPage = 1; -- slastPage = tostring(lastPage); -- term firstForm = turnReportPage(name,curPage,slastPage,Settings); -- Wizard::SetContentsButtons( _("AppArmor - Run Reports"), firstForm, formHelp, -- Label::BackButton(), _("&Done") ); -- setPageButtons(curPage,lastPage); -- -- } else if ( id == `last ) { -- -- curPage = lastPage; -- slastPage = tostring(lastPage); -- term lastForm = turnReportPage(name,curPage,slastPage,Settings); -- Wizard::SetContentsButtons( _("AppArmor - Run Reports"), lastForm, formHelp, -- Label::BackButton(), _("&Done") ); -- setPageButtons(curPage,lastPage); -- -- } else { -- y2error("Unexpected return code: %1", id); -- continue; -- } -- -- } -- -- type = ""; -- return (symbol) id; --} -- --define void addSchedForm() { -- -- map Settings = $[ ]; -- string readSched = "1"; -- Settings["getcron"] = "1"; -- Settings["readSched"] = "1"; -- Settings["type"] = "schedRep"; -- -- string expPath = "/var/log/apparmor/reports-exported"; -- -- UI::OpenDialog( -- -- `ReplacePoint( `id(`addSchedRep), `VBox( -- `Label( _("Add Scheduled SIR") ), -- `VSpacing(1), -- `TextEntry(`id(`name), _("Report Name")), -- `VSpacing(1), -- `HBox( -- `ComboBox(`id(`monthdate), `opt(`notify), _("Day of Month"), [ -- `item(`id(`md_00), _("All")), -- `item(`id(`md_01), "1"), `item(`id(`md_02), "2"), `item(`id(`md_03), "3"), -- `item(`id(`md_04), "4"), `item(`id(`md_05), "5"), `item(`id(`md_06), "6"), -- `item(`id(`md_07), "7"), `item(`id(`md_08), "8"), `item(`id(`md_09), "9"), -- `item(`id(`md_10), "10"), `item(`id(`md_11), "9"), `item(`id(`md_12), "12"), -- `item(`id(`md_13), "13"), `item(`id(`md_14), "14"), `item(`id(`md_15), "15"), -- `item(`id(`md_16), "16"), `item(`id(`md_17), "17"), `item(`id(`md_18), "18"), -- `item(`id(`md_19), "19"), `item(`id(`md_20), "20"), `item(`id(`md_21), "21"), -- `item(`id(`md_22), "22"), `item(`id(`md_23), "23"), `item(`id(`md_24), "24"), -- `item(`id(`md_25), "25"), `item(`id(`md_26), "26"), `item(`id(`md_27), "27"), -- `item(`id(`md_28), "28"), `item(`id(`md_29), "29"), `item(`id(`md_30), "30"), -- `item(`id(`md_31), "31") ]), -- `ComboBox(`id(`weekday), `opt(`notify), _("Day of Week"), [ -- _("All"), _("Sun"), _("Mon"), _("Tue"), _("Wed"), _("Thu"), _("Fri"), _("Sat") -- ]), -- `IntField(`id(`hour), _("Hour"), 00, 23, 00), -- `IntField(`id(`mins), _("Minute"), 00, 59, 00) -- ), -- `VSpacing(1), -- `HBox( -- `VSpacing(1), -- `TextEntry(`id(`email1), `opt(`notify), _("Email Target 1"), ""), -- `TextEntry(`id(`email2), `opt(`notify), _("Email Target 2"), ""), -- `TextEntry(`id(`email3), `opt(`notify), _("Email Target 3"), "") -- ), -- `VSpacing(1), -- `HBox( -- `VSpacing(0.5), -- `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [ -- _("None"), _("csv"), _("html"), _("Both") -- ]), -- `TextEntry(`id(`expPath), _("Location to store log."), expPath ), -- `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) -- ), -- `VSpacing(1), -- `HBox( -- `PushButton(`id(`cancel), Label::CancelButton() ), -- `PushButton(`id(`next), Label::NextButton() ) -- ) -- ))); -- -- string mode = "All"; -- string sdmode = "R"; -- integer timeout_millisec = 20 * 1000; -- map event = $[]; -- any addInput = nil; -- -- while( true ) { -- -- event = UI::WaitForEvent( timeout_millisec ); -- addInput = event["ID"]:nil; // We'll need this often - cache it -- -- -- if ( addInput == `monthdate && addInput != 0 ) { -- UI::ChangeWidget(`id(`weekday), `Value, _("All") ); -- } else if ( addInput == `weekday && addInput != _("All") ) { -- UI::ChangeWidget(`id(`monthdate), `Value, _("All") ); -- } -- -- if ( addInput == `next ) { -- -- // Check for valid path -- expPath = (string) UI::QueryWidget(`id(`expPath), `Value); -- map fileTest = $[]; -- fileTest["checkFile"] = "1"; -- fileTest["file"] = expPath; -- -- any pathExists = SCR::Read(.reports_parse, fileTest); -- string spath = tostring(pathExists); -- -- if ( spath != "1" ) { -- Popup::Error(_("The specified directory does not exist.")); -- UI::ChangeWidget(`id(`expPath), `Value, oldExpPath); -- } else { -- -- Settings["expPath"] = expPath; -- UI::ChangeWidget(`id(`expPath), `Value, expPath); -- -- string name = (string) UI::QueryWidget(`id(`name), `Value); -- string monthdate = (string) UI::QueryWidget(`id(`monthdate), `Value); -- string weekday = (string) UI::QueryWidget(`id(`weekday), `Value); -- any iHours = (any) UI::QueryWidget(`id(`hour), `Value); -- any iMins = (any) UI::QueryWidget(`id(`mins), `Value); -- string email1 = (string) UI::QueryWidget(`id(`email1), `Value); -- string email2 = (string) UI::QueryWidget(`id(`email2), `Value); -- string email3 = (string) UI::QueryWidget(`id(`email3), `Value); -- -- //string monthdate = tostring( iMonthdate ); -- string hour = tostring( iHours ); -- string mins = tostring( iMins ); -- -- string expType = (string) UI::QueryWidget(`id(`expType), `Value); -- -- if ( expType == _("csv") || expType == _("Both") ) { -- Settings["csv"] = "1"; -- } -- -- if ( expType == _("html") || expType == _("Both") ) { -- Settings["html"] = "1"; -- } -- -- if ( weekday == _("All") ) { weekday = "-"; } -- if ( monthdate == _("All") ) { monthdate = "-"; } -- -- // de-i18n -- if ( weekday == _("Mon") ) { weekday = "Mon"; } -- if ( weekday == _("Tue") ) { weekday = "Tue"; } -- if ( weekday == _("Weds") ) { weekday = "Weds"; } -- if ( weekday == _("Thu") ) { weekday = "Thu"; } -- if ( weekday == _("Fri") ) { weekday = "Fri"; } -- if ( weekday == _("Sat") ) { weekday = "Sat"; } -- if ( weekday == _("Sun") ) { weekday = "Sun"; } -- -- Settings["add"] = "1"; -- Settings["name"] = name; -- Settings["monthdate"] = monthdate; -- Settings["weekday"] = weekday; -- Settings["hour"] = hour; -- Settings["mins"] = mins; -- Settings["email1"] = email1; -- Settings["email2"] = email2; -- Settings["email3"] = email3; -- -- // Confirm reasonable input on report names -- string checkName = filterchars(name, "`~!@#$%^&*()[{]};:'\",<>?/\|"); -- integer nameLength = size(name); -- -- if ( regexpmatch(name, " ") == true ) { -- Popup::Error( _("Only one contiguous space allowed in report names.")); -- } else if ( checkName != "" ) { -- Popup::Error( _("These characters are not allowed in report names: -- \"`~!@#$%^&*()[{]};:'\",<>?/\|\"") ); -- } else if ( nameLength > 128 ) { -- Popup::Error( _("Only 128 characters are allowed in report names.")); -- } else { -- boolean uniqueName = findDupe(name); -- if ( uniqueName == true ) { -- UI::ReplaceWidget(`addSchedRep, schedFilterForm ); -- } else { -- Popup::Error( _("Each report name should be unique.") ); -- } -- }} -- -- } else if ( addInput == `sdmode ) { -- -- sdmode = popUpSdMode(); -- -- if (sdmode != "") { -- Settings["sdmode"] = sdmode; -- UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) )); -- } -- -- } else if ( addInput == `mode ) { -- -- mode = popUpMode(); -- -- if (mode != "") { -- Settings["mode"] = mode; -- UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode )) ); -- } -- -- } else if (addInput == `save ) { -- -- string prog = (string) UI::QueryWidget(`id(`prog), `Value); -- string prof = (string) UI::QueryWidget(`id(`prof), `Value); -- string pid = (string) UI::QueryWidget(`id(`pid), `Value); -- string res = (string) UI::QueryWidget(`id(`res), `Value); -- string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); -- string mode = (string) UI::QueryWidget(`id(`mode), `Label); -- string sev = (string) UI::QueryWidget(`id(`sev), `Value); -- string expType = (string) UI::QueryWidget(`id(`expType), `Value); -- -- if ( expType == "csv" ) { -- Settings["exporttext"] = "1"; -- } else if ( expType == "html" ) { -- Settings["exporthtml"] = "1"; -- } else if ( expType == "both" ) { -- Settings["exporttext"] = "1"; -- Settings["exporthtml"] = "1"; -- } -- -- if ( sev == _("All") ) { sev = "-"; } -- -- Settings["getcron"] = ""; -- Settings["prog"] = prog; -- Settings["prof"] = prof; -- Settings["pid"] = pid; -- Settings["sev"] = sev; -- Settings["res"] = res; -- Settings["sdmode"] = humanStringToMode( sdmode ); -- Settings["mode"] = humanStringToMode( mode ); -- -- any error = (any) SCR::Write(.reports_sched, Settings); -- -- if (is(error, string)) { -- string erStr = tostring(error); -- Popup::Error("Error: " + erStr); -- } -- -- addInput = `close; -- break; -- -- } else if ( addInput == `accept ) { -- -- expPath = (string) UI::QueryWidget(`id(`expPath), `Value); -- map fileTest = $[]; -- fileTest["checkFile"] = "1"; -- fileTest["file"] = expPath; -- -- any pathExists = SCR::Read(.reports_parse, fileTest); -- string spath = tostring(pathExists); -- -- if ( spath == "1" ) { -- Settings["expPath"] = expPath; -- UI::ChangeWidget(`id(`expPath), `Value, expPath); -- } else { -- Popup::Error(_("The specified directory does not exist.")); -- } -- -- } else if ( addInput == `browse ) { -- -- string selectFile = ""; -- selectFile = UI::AskForExistingDirectory( "/", _("Select Directory")); -- -- if ( selectFile != nil ) { -- UI::ChangeWidget(`id(`expPath), `Value, selectFile); -- } -- -- Settings["expPath"] = expPath; -- -- } else if ( addInput == `cancel || addInput == `close ) { -- -- addInput = `close; -- break; -- } -- } -- -- UI::CloseDialog(); -- -- return; --} -- --define void editSchedForm() { -- -- integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -- string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "")); -- -- map Settings = $[ ]; -- string readSched = "1"; -- Settings["name"] = name; -- Settings["getcron"] = ""; -- Settings["getrep"] = "1"; -- Settings["readSched"] = "1"; -- Settings["type"] = "schedRep"; -- -- list itemList = []; -- integer key = 1; -- -- map db = nil; -- db = (map) SCR::Read (.reports_sched, Settings ); -- string sname = name; // Don't know why this was pulled from db instead of name above -- any amday = db["mday"]:nil; -- any wday = db["wday"]:nil; -- any shour = db["hour"]:nil; -- any smins = db["mins"]:nil; -- -- string oldRepName = sname; -- string swday = "All"; -- string monthdate = "All"; -- -- if (amday != nil) { monthdate = tostring(amday); } -- if (wday != nil) { swday = tostring(wday); } -- -- integer ihour = 23; -- integer imins = 59; -- if (shour != nil) { ihour = tointeger(shour); } -- if (smins != nil) { imins = tointeger(smins); } -- -- // Get reports.conf info -- Settings["getrep"] = ""; -- Settings["getconf"] = "1"; -- map db2 = nil; -- db2 = (map) SCR::Read (.reports_sched, Settings ); -- -- any aemail1 = db2["addr1"]:nil; -- any aemail2 = db2["addr2"]:nil; -- any aemail3 = db2["addr3"]:nil; -- any tmpPath = db2["exportpath"]:nil; -- -- string email1 = ""; -- string email2 = ""; -- string email3 = ""; -- -- string expType = ""; -- string expPath = "/var/log/apparmor/reports-exported"; -- if ( tmpPath != nil ) { -- oldExpPath = tostring(tmpPath); -- expPath = oldExpPath; -- } else { -- oldExpPath = defExpPath; -- expPath = oldExpPath; -- } -- -- if (aemail1 != nil) { email1 = tostring(aemail1); } -- if (aemail2 != nil) { email2 = tostring(aemail2); } -- if (aemail3 != nil) { email3 = tostring(aemail3); } -- -- /* Get Filtering Info for Report */ -- any aprog = db2["prog"]:nil; -- any aprof = db2["prof"]:nil; -- any apid = db2["pid"]:nil; -- any ares = db2["res"]:nil; -- any asev = db2["severity"]:nil; -- any asdmode = db2["sdmode"]:nil; -- any amode = db2["mode"]:nil; -- any acsv = db2["csv"]:nil; -- any ahtml = db2["html"]:nil; -- -- /* debug */ -- if ( aprog != nil ) { Settings["prog"] = tostring(aprog); } -- if ( aprof != nil ) { Settings["prof"] = tostring(aprof); } -- if ( apid != nil ) { Settings["pid"] = tostring(apid); } -- if ( ares != nil ) { Settings["res"] = tostring(ares); } -- if ( asev != nil ) { Settings["sev"] = tostring(asev); } -- if ( asdmode != nil ) { Settings["sdmode"] = tostring(asdmode); } -- if ( asdmode == nil || asdmode == "-" ) { -- Settings["sdmode"] = "All"; -- } -- if ( amode != nil ) { Settings["mode"] = tostring(amode); } -- -- if ( acsv != nil && ahtml != nil ) { -- expType = "Both"; -- Settings["csv"] = "1"; -- Settings["html"] = "1"; -- } else if ( acsv != nil && ahtml == nil ) { -- expType = "csv"; -- Settings["csv"] = "1"; -- Settings["html"] = ""; -- } else if ( acsv == nil && ahtml != nil ) { -- expType = "html"; -- Settings["csv"] = ""; -- Settings["html"] = "1"; -- } else if ( acsv == nil && ahtml == nil ) { -- expType = "None"; -- Settings["csv"] = ""; -- Settings["html"] = ""; -- } -- -- // Special handling for sev -- string formatSev = ""; -- if ( asev != nil ) { formatSev = tostring(asev); } -- if ( formatSev != "" && formatSev != "U" && formatSev != "All" && formatSev != nil) { -- formatSev = "0" + formatSev; -- } -- -- term continueBtns = -- -- `HBox( -- `PushButton(`id(`cancel), Label::CancelButton() ), -- `PushButton(`id(`fwd), _("N&ext") ) -- ); -- -- -- // We need secondary filters for SIR reports only -- if ( sname == "Executive.Security.Summary" || sname == "Applications.Audit" ) { -- -- continueBtns = -- `HBox( -- `PushButton(`id(`cancel), Label::CancelButton() ), -- `PushButton(`id(`save), Label::SaveButton() ) -- ); -- -- } -- -- string edLabel = _("Edit Report Schedule for ") + typeToHumanString(sname); -- -- UI::OpenDialog( -- -- `ReplacePoint( `id(`editSchedRep), -- -- `VBox( -- `HBox( `Label(`id(`edname), edLabel) ), -- `VSpacing(1), -- `HBox( -- `ComboBox(`id(`monthdate), `opt(`notify), _("Day of Month"), [ -- `item(`id(`md_00), _("All")), -- `item(`id(`md_01), "1"), `item(`id(`md_02), "2"), `item(`id(`md_03), "3"), -- `item(`id(`md_04), "4"), `item(`id(`md_05), "5"), `item(`id(`md_06), "6"), -- `item(`id(`md_07), "7"), `item(`id(`md_08), "8"), `item(`id(`md_09), "9"), -- `item(`id(`md_10), "10"), `item(`id(`md_11), "11"), `item(`id(`md_12), "12"), -- `item(`id(`md_13), "13"), `item(`id(`md_14), "14"), `item(`id(`md_15), "15"), -- `item(`id(`md_16), "16"), `item(`id(`md_17), "17"), `item(`id(`md_18), "18"), -- `item(`id(`md_19), "19"), `item(`id(`md_20), "20"), `item(`id(`md_21), "21"), -- `item(`id(`md_22), "22"), `item(`id(`md_23), "23"), `item(`id(`md_24), "24"), -- `item(`id(`md_25), "25"), `item(`id(`md_26), "26"), `item(`id(`md_27), "27"), -- `item(`id(`md_28), "28"), `item(`id(`md_29), "29"), `item(`id(`md_30), "30"), -- `item(`id(`md_31), "31") -- ]), -- `ComboBox(`id(`weekday), `opt(`notify), _("Day of Week"), [ -- _("All"), _("Sun"), _("Mon"), _("Tue"), _("Wed"), _("Thu"), _("Fri"), _("Sat") -- ]), -- `IntField(`id(`hour), _("Hour"), 0, 23, ihour), -- `IntField(`id(`mins), _("Minute"), 0, 59, imins) -- ), -- `VSpacing(1), -- `HBox( -- `VSpacing(1), -- `TextEntry(`id(`email1), `opt(`notify), _("Email Target 1"), email1), -- `TextEntry(`id(`email2), `opt(`notify), _("Email Target 2"), email2), -- `TextEntry(`id(`email3), `opt(`notify), _("Email Target 3"), email3) -- ), -- `VSpacing(1), -- `HBox( -- `VSpacing(0.5), -- -- // DWR MOD `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [ -- `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [ -- _("None"), _("csv"), _("html"), _("Both") -- ]), -- `TextEntry(`id(`expPath), _("Location to store log."), expPath ), -- `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) -- ), -- `VSpacing(1), -- continueBtns -- ))); -- -- /**************************************************/ -- string mode = _("All"); -- string sdmode = _("R"); -- -- integer timeout_millisec = 20 * 1000; -- map event = $[]; -- any editInput = nil; -- //map Settings = $[ ]; -- -- //Cheap & easy way to give default value to ComboBox -- if (swday != _("All") ) { -- UI::ChangeWidget(`id(`weekday), `Value, swday); -- } -- -- if ( monthdate != _("All") ) { -- UI::ChangeWidget(`id(`monthdate), `Value, monthdate); -- } -- -- if ( expType != _("None") ) { -- UI::ChangeWidget(`id(`expType), `Value, expType); -- } -- -- while( true ) { -- -- event = UI::WaitForEvent( timeout_millisec ); -- editInput = event["ID"]:nil; // We'll need this often - cache it -- -- if ( editInput == `monthdate && editInput != 0 ) { -- UI::ChangeWidget(`id(`weekday), `Value, _("All") ); -- } else if ( editInput == `weekday && editInput != _("All") ) { -- UI::ChangeWidget(`id(`monthdate), `Value, _("All") ); -- } -- -- if ( editInput == `fwd ) { -- -- string email1 = (string) UI::QueryWidget(`id(`email1), `Value); -- string email2 = (string) UI::QueryWidget(`id(`email2), `Value); -- string email3 = (string) UI::QueryWidget(`id(`email3), `Value); -- -- string spath = "0"; -- -- expPath = (string) UI::QueryWidget(`id(`expPath), `Value); -- map fileTest = $[]; -- fileTest["checkFile"] = "1"; -- fileTest["file"] = expPath; -- -- any pathExists = SCR::Read(.reports_parse, fileTest); -- spath = tostring(pathExists); -- Settings["expPath"] = expPath; -- -- if ( spath == "1" ) { -- -- Settings = getSchedSettings(Settings); -- UI::ReplaceWidget(`editSchedRep, editFilterForm(Settings) ); -- -- // Special handling for ComboBoxes (sev) -- if ( formatSev != "" ) { UI::ChangeWidget(`id(`sev), `Value, formatSev); } -- -- } else { -- Popup::Error(_("The specified directory does not exist.")); -- UI::ChangeWidget(`id(`expPath), `Value, oldExpPath); -- } -- -- } else if ( editInput == `sdmode ) { -- -- sdmode = popUpSdMode(); -- -- if ( sdmode != "" ) { -- Settings["sdmode"] = sdmode; -- UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) )); -- } -- -- } else if ( editInput == `mode ) { -- -- mode = popUpMode(); -- if ( mode != "" ) { -- Settings["mode"] = mode; -- UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode ))); -- } -- -- } else if ( editInput == `browse ) { -- -- string selectFile = ""; -- selectFile = UI::AskForExistingDirectory( "/", _("Select Directory")); -- -- if ( selectFile != nil ) { -- UI::ChangeWidget(`id(`expPath), `Value, selectFile); -- } -- -- Settings["expPath"] = expPath; -- -- } else if ( editInput == `close || editInput == `cancel ) { -- break; -- } else if ( editInput == `save ) { -- -- string spath = "0"; -- -- if ( sname == "Executive.Security.Summary" || sname == "Applications.Audit" ) { -- -- expPath = (string) UI::QueryWidget(`id(`expPath), `Value); -- map fileTest = $[]; -- fileTest["checkFile"] = "1"; -- fileTest["file"] = expPath; -- -- any pathExists = SCR::Read(.reports_parse, fileTest); -- spath = tostring(pathExists); -- Settings["expPath"] = expPath; -- } else { -- // SIR Reports already checked -- spath = "1"; -- } -- -- if ( spath != "1" ) { -- Popup::Error(_("The specified directory does not exist.")); -- UI::ChangeWidget(`id(`expPath), `Value, oldExpPath); -- } else { -- -- -- if ( sname != "Executive.Security.Summary" && sname != "Applications.Audit" ) { -- -- string prog = (string) UI::QueryWidget(`id(`prog), `Value); -- string prof = (string) UI::QueryWidget(`id(`prof), `Value); -- string pid = (string) UI::QueryWidget(`id(`pid), `Value); -- string res = (string) UI::QueryWidget(`id(`res), `Value); -- string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); -- string mode = (string) UI::QueryWidget(`id(`mode), `Label); -- string sev = (string) UI::QueryWidget(`id(`sev), `Value); -- -- Settings["prog"] = prog; -- Settings["prof"] = prof; -- Settings["pid"] = pid; -- Settings["sev"] = sev; -- Settings["res"] = res; -- Settings["sdmode"] = humanStringToMode( sdmode ); -- Settings["mode"] = humanStringToMode( mode ); -- -- } else { -- -- string email1 = (string) UI::QueryWidget(`id(`email1), `Value); -- string email2 = (string) UI::QueryWidget(`id(`email2), `Value); -- string email3 = (string) UI::QueryWidget(`id(`email3), `Value); -- -- Settings = getSchedSettings(Settings); -- } -- -- Settings["name"] = sname; -- Settings["getconf"] = ""; -- Settings["setconf"] = "1"; -- -- string expType = (string) UI::QueryWidget(`id(`expType), `Value); -- -- if ( expType == "csv" ) { -- Settings["exporttext"] = "1"; -- } else if ( expType == "html" ) { -- Settings["exporthtml"] = "1"; -- } else if ( expType == "both" ) { -- Settings["exporttext"] = "1"; -- Settings["exporthtml"] = "1"; -- } -- -- any error = (any) SCR::Write(.reports_sched, Settings); -- -- if (is(error, string)) { -- string erStr = tostring(error); -- Popup::Error( _("Error: ") + erStr); -- } -- -- break; -- }} -- // END - Save Dialog (editInput == `save) -- } -- -- UI::CloseDialog(); -- -- //return (symbol) editInput; -- return; --} -- --define void delSchedForm() { -- -- integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -- string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "")); -- -- map Settings = $[ ]; -- Settings["del"] = "1"; -- Settings["name"] = name; -- -- UI::OpenDialog( -- -- `VBox( -- `VSpacing(0.5), -- `Label( _("Delete Confirmation") ), -- `VSpacing(1), -- `HBox( -- `HSpacing( `opt(`hstretch), 0.75 ), -- `Left(`HWeight( 0, `Label( _("Are you sure you want to delete: ") + name + _("?") ))) -- ), -- `VSpacing(1), -- `HBox( -- `PushButton(`id(`cancel), Label::CancelButton() ), -- `PushButton(`id(`del), Label::DeleteButton() ) -- ) -- )); -- -- symbol delInput = `default; -- -- while ( delInput != `close ) { -- -- delInput = (symbol) UI::UserInput(); -- -- if ( delInput == `del ) { -- SCR::Write(.reports_sched, Settings); -- //any error = (any) SCR::Write(.reportsched, Settings); -- break; -- } else if (delInput == `close || delInput == `cancel) { -- break; -- } -- } -- -- UI::CloseDialog(); -- -- return; -- --} -- --// Forces update of the table of available scheduled reports --define void updateSched() { -- -- map Settings = $[ ]; -- string readSched = "1"; -- Settings["getcron"] = "1"; -- Settings["readSched"] = "1"; -- Settings["type"] = "schedRep"; -- -- list itemList = []; -- integer key = 1; -- -- list db = (list ) SCR::Read (.reports_sched, Settings); -- -- foreach ( map record, db, { -- itemList = add( itemList, `item( `id(key), typeToHumanString( record["name"]:"" ), record["mday"]:nil, record["wday"]:nil, -- record["hour"]:nil, record["mins"]:nil )); -- key = key + 1; -- }); -- -- term schedForm = -- -- `VBox( -- `Label( _("Schedule Reports") ), -- `VSpacing(2), -- `HBox( -- `VSpacing(10), -- `Table(`id(`table), `opt(`notify), `header(_("Report Name"), -- _("Day of Month"), _("Day of Week"), _("Hour"), _("Mins")), itemList) -- ), -- `VSpacing(0.5), -- `HBox( -- `PushButton(`id(`viewrep), _("View Archive") ), -- `PushButton(`id(`runrep), _("Run Now") ) -- ), -- `HBox( -- `PushButton(`id(`add), Label::AddButton() ), -- `PushButton(`id(`edit), Label::EditButton() ), -- `PushButton(`id(`delete), Label::DeleteButton() ) -- ) -- ); -- -- Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm, -- mainHelp, Label::BackButton(), Label::NextButton() ); -- -- return; --} -- --define symbol displaySchedForm() { -- --// START - Move to separate Routine - START -- -- map Settings = $[ ]; -- string readSched = "1"; -- Settings["getcron"] = "1"; -- Settings["readSched"] = "1"; -- Settings["type"] = "schedRep"; -- -- list itemList = []; -- integer key = 1; -- -- list db = (list ) SCR::Read (.reports_sched, Settings); -- -- foreach ( map record, db, { -- itemList = add( itemList, `item( `id(key), typeToHumanString( record["name"]:""), record["mday"]:nil, record["wday"]:nil, -- record["hour"]:nil, record["mins"]:nil )); -- key = key + 1; -- }); -- -- term schedForm = -- -- `Frame( `id(`dosched), _("Schedule Reports"), -- `VBox( -- `VSpacing(2), -- `HBox( -- `VSpacing(10), -- `Table(`id(`table), `opt(`notify), `header(_("Report Name"), -- _("Day of Month"), _("Day of Week"), _("Hour"), _("Mins")), -- itemList) -- ), -- `VSpacing(0.5), -- `HBox( -- `PushButton(`id(`viewrep), _("View Archive") ), -- `PushButton(`id(`runrep), _("Run Now") ) -- ), -- `HBox( -- `PushButton(`id(`add), Label::AddButton() ), -- `PushButton(`id(`edit), Label::EditButton() ), -- `PushButton(`id(`delete), Label::DeleteButton() ) -- )) -- ); -- -- Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm, -- mainHelp, Label::BackButton(), _("&Done") ); -- -- // Double-click tracking -- integer newRecord = nil; -- integer lastRecord = nil; -- -- map event = $[]; -- any id = nil; -- while( true ) { -- -- event = UI::WaitForEvent( timeout_millisec ); -- -- id = event["ID"]:nil; // We'll need this often - cache it -- -- if ( id == `schedrep ) { -- -- break; -- -- } else if ( id == `abort || id == `cancel || id == `done ) { -- break; -- } else if ( id == `back ) { -- break; -- } else if ( id == `runrep || id == `viewrep ) { -- break; -- } else if ( id == `next ) { -- id = `done; -- break; -- } else if ( id == `add ) { -- addSchedForm(); -- Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm, mainHelp, Label::BackButton(), Label::NextButton() ); -- updateSched(); -- continue; -- -- } else if ( id == `edit ) { -- editSchedForm(); -- updateSched(); -- continue; -- -- } else if ( id == `delete ) { -- -- integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -- string repName = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "")); -- -- if ( repName == "Executive.Security.Summary" || repName == "Applications.Audit" || repName == "Security.Incident.Report" ) { -- Popup::Error( _("Cannot delete a stock report.") ); -- } else { -- -- delSchedForm(); -- updateSched(); -- } -- -- continue; -- -- } else if ( id == `table ) { -- -- newRecord = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); -- -- if ( newRecord == lastRecord ) { -- //editSchedForm(); -- //updateSched(); -- id = `runrep; -- break; -- newRecord = 0; -- } -- -- lastRecord = newRecord; -- -- } else { -- y2error("Unexpected return code: %1", id); -- continue; -- } -- } -- -- return (symbol) id; --} -- -- --} -- -- ---- a/src/include/subdomain/reporting_utils.ycp -+++ /dev/null -@@ -1,609 +0,0 @@ --/* ------------------------------------------------------------------ --* --* Copyright (C) 2002-2005 Novell/SUSE --* --* This program is free software; you can redistribute it and/or --* modify it under the terms of version 2 of the GNU General Public --* License published by the Free Software Foundation. --* -- ------------------------------------------------------------------*/ --{ -- --import "Wizard"; --import "Popup"; --import "Label"; --include "subdomain/report_helptext.ycp"; --textdomain "yast2-apparmor"; -- --define boolean checkEventDb() { -- -- boolean dbActivated = false; -- map args = $[]; -- args["checkDb"] = "1"; -- -- any dbCheck = (any) SCR::Read( .reports_parse, args); -- integer dbOn = tointeger(dbCheck); -- -- if ( dbOn == 1 ) { -- dbActivated = true; -- } -- -- return dbActivated; --} -- --define boolean findDupe(string name) { -- -- boolean unique = false; -- map args = $[ ]; -- args["name"] = name; -- args["getdupe"] = "1"; -- any aDupe = (any) SCR::Read (.reports_sched, args ); -- -- if ( aDupe == "" || aDupe == nil ) { -- unique = true; // bad, but try for a non-breaking failure -- } else if ( aDupe == 1 ) { -- unique = false; -- } else { -- unique = true; -- } -- -- return unique; --} -- --define string unI18n(string weekday) { -- -- if ( weekday == _("Mon") ) { weekday = "Mon"; } -- if ( weekday == _("Tue") ) { weekday = "Tue"; } -- if ( weekday == _("Wed") ) { weekday = "Wed"; } -- if ( weekday == _("Thu") ) { weekday = "Thu"; } -- if ( weekday == _("Fri") ) { weekday = "Fri"; } -- if ( weekday == _("Sat") ) { weekday = "Sat"; } -- if ( weekday == _("Sun") ) { weekday = "Sun"; } -- -- return weekday; --} -- --/* Possible 'type's for getLastPage() && getLastSirPage() -- - displayArchForm(): type = sirRep || audRep || essRep -- - displayRunForm(): type = sir || aud || ess --*/ -- --// Return last page number of post-filtered report --define integer getLastPage(string type, map Settings, string name) { -- -- if ( type == "sir" || type == "sirRep" ) { -- if ( name != nil && name != "" ) { -- Settings["name"] = name; -- } else { -- y2error(_("No name provided for retrieving SIR report page count.")); -- return 1; // return a page count of 1 -- } -- } -- -- Settings["type"] = type; -- Settings["getLastPage"] = "1"; -- map page = $[]; -- page = (map) SCR::Read (.reports_parse, Settings); -- integer lastPage = page["numPages"]:1; -- -- return lastPage; --} -- --define boolean CheckDate( integer day, integer month, integer year ) ``{ -- -- list mdays = [ 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 ]; -- boolean ret = true; -- -- if (year == nil || month == nil || day == nil) -- return false; -- -- ret = ret && month>=1 && month<=12; -- -- if( year%4==0 && (year%100!=0 || year%400==0)) { -- mdays[1] = 29; -- } -- -- ret = ret && day>=1 && day<=mdays[month-1]:0; -- ret = ret && year>=1970 && year<2032; -- return( ret ); -- --} -- --// Make the table for displaying report data --define term makeSirTable (list reportList) { -- term myTable = -- `Table(`id(`table), `opt(`keepSorting, `immediate ), `header(_("Host"), -- _("Date"), _("Program"), _("Profile"), _("PID"), _("Severity"), -- _("Mode Request"), _("Mode Deny"), _("Detail"), _("Event Type"), -- _("Operation"), _("Attribute"), _("Additional Name"), _("Net Family"), -- _("Net Protocol"), _("Net Socket Type")), reportList -- ); -- return myTable; --} -- --define integer popUpGoto(integer lastPage) { -- -- UI::OpenDialog( -- `VBox( -- `HBox( -- `TextEntry(`id(`gotoPage), _("Enter a Page to Move to."), "") -- ), -- `HBox( -- `PushButton(`id(`abort), `opt(`notify), Label::AbortButton() ), -- `PushButton(`id(`save), `opt(`notify), Label::SaveButton() ) -- ) -- ) -- ); -- -- map event = $[]; -- any id = nil; -- integer igoto = nil; -- -- while( true ) { -- -- event = UI::WaitForEvent(); -- id = event["ID"]:nil; -- -- if ( id == `abort || id == `close || id == `cancel ) { -- -- break; -- -- } else if ( id == `save ) { -- -- any agoto = UI::QueryWidget(`id(`gotoPage), `Value); -- igoto = tointeger(agoto); -- -- if ( igoto == nil || igoto < 1 || igoto > lastPage ) { -- -- Popup::Message("You must enter a value between 1 and " + lastPage + "."); -- -- } else { -- -- break; -- -- } -- } -- } -- -- UI::CloseDialog(); -- -- return igoto; --} -- --define string getSortId(string type, any sortId) { -- -- string sortKey = ""; -- -- -- if ( type == "aud" || type == "audRep") { -- -- if ( sortId == 0 ) { -- sortKey = "prog"; -- } else if ( sortId == 1 ) { -- sortKey = "profile"; -- } else if ( sortId == 2 ) { -- sortKey = "pid"; -- } else if ( sortId == 3 ) { -- sortKey = "state"; -- } else if ( sortId == 4 ) { -- sortKey = "type"; -- } -- -- } else if (type == "ess" || type == "essRep" ) { -- -- if ( sortId == 0 ) { -- sortKey = "host"; -- } else if ( sortId == 1 ) { -- //sortKey = "date"; -- sortKey = "numRejects"; -- } else if ( sortId == 2 ) { -- sortKey = "numEvents"; -- } else if ( sortId == 3 ) { -- sortKey = "sevMean"; -- } else if ( sortId == 4 ) { -- sortKey = "sevHi"; -- } -- -- } else { -- -- if ( sortId == 0 ) { -- sortKey = "host"; -- } else if ( sortId == 1 ) { -- //sortKey = "date"; -- sortKey = "time"; -- } else if ( sortId == 2 ) { -- sortKey = "prog"; -- } else if ( sortId == 3 ) { -- sortKey = "profile"; -- } else if ( sortId == 4 ) { -- sortKey = "pid"; -- } else if ( sortId == 5 ) { -- sortKey = "resource"; -- } else if ( sortId == 6 ) { -- sortKey = "severity"; -- } else if ( sortId == 7 ) { -- sortKey = "sdmode"; -- } else if ( sortId == 8 ) { -- sortKey = "mode"; -- } -- -- } -- -- return sortKey; --} -- --// Get the name of the filter (header column) to sort by --define string popUpSort(string type) { -- -- term btnList = nil; -- -- if ( type == "aud" || type == "audRep") { -- btnList = -- `VBox( -- `Left(`RadioButton(`id(0), _("Program") )), -- `Left(`RadioButton(`id(1), _("Profile") )), -- `Left(`RadioButton(`id(2), _("PID") )), -- `Left(`RadioButton(`id(3), _("State") )), -- `Left(`RadioButton(`id(4), _("Type") )) -- ); -- -- } else if (type == "ess" || type == "essRep" ) { -- btnList = -- `VBox( -- `Left(`RadioButton(`id(0), _("Host") )), -- `Left(`RadioButton(`id(1), _("Num. Rejects") )), -- `Left(`RadioButton(`id(2), _("Num. Events") )), -- `Left(`RadioButton(`id(3), _("Ave. Sev") )), -- `Left(`RadioButton(`id(4), _("High Sev") )) -- ); -- } else { -- -- btnList = -- `VBox( -- // Sorting by host is no longer meaningful (due to sql changes) -- //`Left(`RadioButton(`id(0), _("Host") )), -- `Left(`RadioButton(`id(1), _("Date") )), -- `Left(`RadioButton(`id(2), _("Program") )), -- `Left(`RadioButton(`id(3), _("Profile") )), -- `Left(`RadioButton(`id(4), _("PID") )), -- `Left(`RadioButton(`id(5), _("Detail") )), -- `Left(`RadioButton(`id(6), _("Severity") )), -- `Left(`RadioButton(`id(7), _("Access Type") )), -- `Left(`RadioButton(`id(8), _("Mode") )) -- ); -- } -- -- UI::OpenDialog( -- `VBox( -- `HBox( -- //`HSpacing( `opt(`vstretch), 0.5), -- `RadioButtonGroup(`id(`sortKey), -- btnList -- ) -- ), -- `HBox( -- `PushButton(`id(`abort), Label::AbortButton() ), -- `PushButton(`id(`save), Label::SaveButton() ) -- ) -- ) -- ); -- -- map event = $[]; -- any id = nil; -- string sortKey = nil; -- -- while( true ) { -- -- event = UI::WaitForEvent(); -- id = event["ID"]:nil; // We'll need this often - cache it -- -- if ( id == `abort || id == `cancel || id == `close) { -- -- break; -- -- } else if (id == `save ) { -- -- any sortId = UI::QueryWidget(`id(`sortKey), `CurrentButton); -- -- /* sortKey needs to match the hash reference names in parseEventLog() -- && sortRecords() in Immunix::Reports.pm */ -- -- sortKey = getSortId(type,sortId); -- break; -- -- } -- } -- -- UI::CloseDialog(); -- -- return sortKey; -- --} -- --// Mode --define string popUpMode() { -- -- string checkMode = (string) UI::QueryWidget(`id(`mode), `Label); -- list splitMode = splitstring (checkMode, " "); -- string myMode = splitMode[size(splitMode)-1]:"All"; -- -- UI::OpenDialog( -- `VBox( -- `HBox( -- `CheckBox(`id(`clear), `opt(`notify, `immediate ), _("All"), true), -- `CheckBox(`id(`read), `opt(`notify, `immediate ), _("Read"), false), -- `CheckBox(`id(`write), `opt(`notify, `immediate ), _("Write"), false), -- `CheckBox(`id(`link), `opt(`notify, `immediate ), _("Link"), false), -- `CheckBox(`id(`exec), `opt(`notify, `immediate ), _("Execute"), false), -- `CheckBox(`id(`mmap), `opt(`notify, `immediate ), _("MMap"), false) -- ), -- `HBox( -- `PushButton(`id(`cancel), Label::CancelButton() ), -- `PushButton(`id(`save), Label::SaveButton() ) -- ) -- ) -- ); -- -- integer isall = search( myMode, "All"); -- if ( isall != nil && isall >= 0 ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- UI::ChangeWidget(`id(`read), `Value, true); -- UI::ChangeWidget(`id(`write), `Value, true); -- UI::ChangeWidget(`id(`link), `Value, true); -- UI::ChangeWidget(`id(`exec), `Value, true); -- UI::ChangeWidget(`id(`mmap), `Value, true); -- } else { -- if ( search( myMode, "r") != nil ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- UI::ChangeWidget(`id(`read), `Value, true); -- } -- if ( search( myMode, "w") != nil ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- UI::ChangeWidget(`id(`write), `Value, true); -- } -- if ( search( myMode, "l") != nil ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- UI::ChangeWidget(`id(`link), `Value, true); -- } -- if ( search( myMode, "x") != nil ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- UI::ChangeWidget(`id(`exec), `Value, true); -- } -- if ( search( myMode, "m") != nil ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- UI::ChangeWidget(`id(`mmap), `Value, true); -- } -- } -- -- string mode = ""; -- map event = $[]; -- any id = nil; -- -- while( true ) { -- -- event = UI::WaitForEvent(); -- id = event["ID"]:nil; // We'll need this often - cache it -- -- if ( id == `clear) { -- -- if ( UI::QueryWidget(`id(`clear), `Value) == true ) { -- UI::ChangeWidget(`id(`read), `Value, false); -- UI::ChangeWidget(`id(`write), `Value, false); -- UI::ChangeWidget(`id(`link), `Value, false); -- UI::ChangeWidget(`id(`exec), `Value, false); -- UI::ChangeWidget(`id(`mmap), `Value, false); -- mode = "All"; -- } -- -- } else if ( id == `read || id == `write || id == `link || id == `exec || id == `mmap ) { -- -- if ( UI::QueryWidget(`id(`read), `Value) == true ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- } else if ( UI::QueryWidget(`id(`write), `Value) == true ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- } else if ( UI::QueryWidget(`id(`link), `Value) == true ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- } else if ( UI::QueryWidget(`id(`exec), `Value) == true ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- } else if ( UI::QueryWidget(`id(`mmap), `Value) == true ) { -- UI::ChangeWidget(`id(`link), `Value, false); -- } -- -- } else if ( id == `abort || id == `cancel || id == `close) { -- mode = myMode; -- break; -- } else if ( id == `save ) { -- -- if ( UI::QueryWidget(`id(`clear), `Value) == true ) { -- mode = "All"; -- } else { -- list sdList = []; -- if ( UI::QueryWidget(`id(`read), `Value) == true ) { sdList = add(sdList, "r"); } -- if ( UI::QueryWidget(`id(`write), `Value) == true ) { sdList = add(sdList, "w"); } -- if ( UI::QueryWidget(`id(`link), `Value) == true ) { sdList = add(sdList, "l"); } -- if ( UI::QueryWidget(`id(`exec), `Value) == true ) { sdList = add(sdList, "x"); } -- if ( UI::QueryWidget(`id(`mmap), `Value) == true ) { sdList = add(sdList, "m"); } -- -- foreach ( string perm, sdList, { mode = mode + perm; }); -- } -- -- break; -- } -- } -- -- UI::CloseDialog(); -- return mode; --} -- --// Access Type - SD Mode --define string popUpSdMode() { -- -- string checkMode = (string) UI::QueryWidget(`id(`sdmode), `Label); -- checkMode = filterchars(checkMode, "APRl"); -- list splitMode = splitstring (checkMode, " "); -- string mySdMode = splitMode[size(splitMode)-1]:"R"; -- -- UI::OpenDialog( -- `VBox( -- `HBox( -- `CheckBox(`id(`clear), `opt(`notify, `immediate ), _("All"), false), -- `CheckBox(`id(`permit), `opt(`notify, `immediate ), _("Permit"), false), -- `CheckBox(`id(`reject),`opt(`notify, `immediate ), _("Reject"), false), -- `CheckBox(`id(`audit),`opt(`notify, `immediate ), _("Audit"), false) -- ), -- `HBox( -- `PushButton(`id(`cancel), `opt(`notify), Label::CancelButton() ), -- `PushButton(`id(`save), `opt(`notify), Label::SaveButton() ) -- ) -- ) -- ); -- -- if ( mySdMode == "P") { -- UI::ChangeWidget(`id(`clear), `Value, false); -- UI::ChangeWidget(`id(`permit), `Value, true); -- -- } else if ( mySdMode == "R") { -- UI::ChangeWidget(`id(`clear), `Value, false); -- UI::ChangeWidget(`id(`reject), `Value, true); -- -- } else if ( mySdMode == "A") { -- UI::ChangeWidget(`id(`clear), `Value, false); -- UI::ChangeWidget(`id(`audit), `Value, true); -- -- } else if ( mySdMode == "PR" ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- UI::ChangeWidget(`id(`permit), `Value, true); -- UI::ChangeWidget(`id(`reject), `Value, true); -- -- } else if (mySdMode == "PA" ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- UI::ChangeWidget(`id(`permit), `Value, true); -- UI::ChangeWidget(`id(`audit), `Value, true); -- -- } else if (mySdMode == "PRA" ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- UI::ChangeWidget(`id(`permit), `Value, true); -- UI::ChangeWidget(`id(`reject), `Value, true); -- UI::ChangeWidget(`id(`audit), `Value, true); -- -- } else if (mySdMode == "RA" ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- UI::ChangeWidget(`id(`reject), `Value, true); -- UI::ChangeWidget(`id(`audit), `Value, true); -- } else if ( mySdMode == "All" ) { -- UI::ChangeWidget(`id(`clear), `Value, true); -- UI::ChangeWidget(`id(`permit), `Value, false); -- UI::ChangeWidget(`id(`reject), `Value, false); -- UI::ChangeWidget(`id(`audit), `Value, false); -- } -- -- string sdMode = ""; -- map event = $[]; -- any id = nil; -- -- while( true ) { -- -- event = UI::WaitForEvent(); -- id = event["ID"]:nil; -- -- if ( id == `clear) { -- -- if ( UI::QueryWidget(`id(`clear), `Value) == true ) { -- UI::ChangeWidget(`id(`permit), `Value, false); -- UI::ChangeWidget(`id(`reject), `Value, false); -- UI::ChangeWidget(`id(`audit), `Value, false); -- sdMode = "All"; -- } -- -- } else if ( id == `permit || id == `reject || id == `audit ) { -- -- if ( UI::QueryWidget(`id(`permit), `Value) == true ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- } else if ( UI::QueryWidget(`id(`reject), `Value) == true ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- } else if ( UI::QueryWidget(`id(`audit), `Value) == true ) { -- UI::ChangeWidget(`id(`clear), `Value, false); -- } -- -- } else if ( id == `cancel ) { -- -- sdMode = mySdMode; -- break; -- -- } else if ( id == `save ) { -- -- if ( UI::QueryWidget(`id(`clear), `Value) == true ) { -- sdMode = "All"; -- } else { -- sdMode = ""; -- list mList = []; -- if ( UI::QueryWidget(`id(`permit), `Value) == true ) { mList = add(mList, "P"); } -- if ( UI::QueryWidget(`id(`reject), `Value) == true ) { mList = add(mList, "R"); } -- if ( UI::QueryWidget(`id(`audit), `Value) == true ) { mList = add(mList, "A"); } -- -- foreach ( string state, mList, { sdMode = sdMode + state; }); -- } -- -- break; -- } -- -- } -- -- UI::CloseDialog(); -- return sdMode; --} -- --/* For On Demand Reports -- - Returns list of terms corresponding to the type of report --***********************************************************************/ --define list getReportList(string type, map Settings) { -- -- list reportList = []; -- -- if ( type == "aud" ) { -- -- list db = (list ) SCR::Read (.reports_confined, Settings); -- integer key = 1; -- -- foreach ( map repdata, db, { -- reportList = add( reportList, `item( `id(key), repdata["host"]:nil, repdata["date"]:nil, -- repdata["prog"]:nil, repdata["prof"]:nil, repdata["pid"]:nil, repdata["state"]:nil, -- repdata["type"]:nil )); -- key = key + 1; -- }); -- -- } else if ( type == "ess" ) { -- -- list db = (list ) SCR::Read (.reports_ess, Settings); -- integer key = 1; -- -- foreach ( map repdata, db, { -- reportList = add( reportList, `item( `id(key), repdata["host"]:nil, -- repdata["startdate"]:nil, repdata["enddate"]:nil, repdata["numRejects"]:nil, -- repdata["numEvents"]:nil, repdata["sevMean"]:nil, repdata["sevHi"]:nil )); -- key = key + 1; -- }); -- -- } else { -- -- list db = (list ) SCR::Read (.logparse, Settings); -- integer key = 0; -- -- foreach ( map record, db, { -- reportList = add( reportList, `item( `id(key), -- record["host"]:nil, record["date"]:nil, record["prog"]:nil, -- record["profile"]:nil, record["pid"]:nil, record["severity"]:nil, -- record["mode_req"]:nil, record["mode_deny"]:nil, -- record["resource"]:nil, record["sdmode"]:nil, record["op"]:nil, -- record["attr"]:nil, record["name_alt"]:nil, record["net_family"]:nil, -- record["net_proto"]:nil, record["net_socktype"]:nil -- )); -- key = key + 1; -- }); -- -- } -- -- return reportList; --} -- --} ---- a/src/include/subdomain/sd-config.ycp -+++ /dev/null -@@ -1,415 +0,0 @@ --/* ------------------------------------------------------------------ --* --* Copyright (C) 2002-2005 Novell/SUSE --* --* This program is free software; you can redistribute it and/or --* modify it under the terms of version 2 of the GNU General Public --* License published by the Free Software Foundation. --* -- ------------------------------------------------------------------*/ --{ --include "subdomain/config_complain.ycp"; --include "subdomain/helps.ycp"; --include "subdomain/apparmor_ycp_utils.ycp"; --textdomain "yast2-apparmor"; -- --import "Label"; -- --define boolean changeAppArmorState(boolean aaEnabled) { -- -- any error = nil; -- string sdAction = ""; -- -- if (aaEnabled == true) { -- sdAction = "subdomain:enable"; -- } else { -- sdAction = "subdomain:disable"; -- } -- -- error = SCR::Execute(.sdconf, sdAction); -- -- if ( error != nil && is(error, string) ) { -- -- string errorMsg = (string) error; -- string popError = _("This operation generated the following error. Please check your installation and AppArmor profile settings."); -- Popup::Message( popError+ "\n[" + errorMsg + "]"); -- aaEnabled = ! aaEnabled; -- -- } -- -- return aaEnabled; --} -- --define void displayNotifyForm() { -- -- map settings = (map) SCR::Execute(.subdomain, "sd-notify-settings"); -- -- map terse = settings["terse"]:$[]; -- map summary = settings["summary"]:$[]; -- map verbose = settings["verbose"]:$[]; -- -- any t_freq = terse["terse_freq"]:0; -- any s_freq = summary["summary_freq"]:0; -- any v_freq = verbose["verbose_freq"]:0; -- -- boolean t_unknown = true; -- any a_t_poop = (any) terse["terse_unknown"]:"1"; -- string t_poop = tostring(a_t_poop); -- if(t_poop == "0") { -- t_unknown = false; -- } -- -- boolean s_unknown = true; -- any a_s_poop = terse["summary_unknown"]:"1"; -- string s_poop = tostring(a_s_poop); -- if(s_poop == "0") { -- s_unknown = false; -- } -- -- boolean v_unknown = true; -- any a_v_poop = verbose["verbose_unknown"]:"1"; -- string v_poop = tostring(a_v_poop); -- if(v_poop == "0") { -- v_unknown = false; -- } -- -- list terse_items = [ -- `item(`id(0), _("Disabled"), t_freq==0?true:false), -- `item(`id(60), _("1 minute"), t_freq==60?true:false), -- `item(`id(300), _("5 minutes"), t_freq==300?true:false), -- `item(`id(600), _("10 minutes"), t_freq==600?true:false), -- `item(`id(900), _("15 minutes"), t_freq==900?true:false), -- `item(`id(1800), _("30 minutes"), t_freq==1800?true:false), -- `item(`id(3600), _("1 hour"), t_freq==3600?true:false), -- `item(`id(86400), _("1 day"), t_freq==86400?true:false), -- `item(`id(604800), _("1 week"), t_freq==604800?true:false) -- ]; -- -- list summary_items = [ -- `item(`id(0), _("Disabled"), s_freq==0?true:false), -- `item(`id(60), _("1 minute"), s_freq==60?true:false), -- `item(`id(300), _("5 minutes"), s_freq==300?true:false), -- `item(`id(600), _("10 minutes"), s_freq==600?true:false), -- `item(`id(900), _("15 minutes"), s_freq==900?true:false), -- `item(`id(1800), _("30 minutes"), s_freq==1800?true:false), -- `item(`id(3600), _("1 hour"), s_freq==3600?true:false), -- `item(`id(86400), _("1 day"), s_freq==86400?true:false), -- `item(`id(604800), _("1 week"), s_freq==604800?true:false) -- ]; -- -- list verbose_items = [ -- `item(`id(0), _("Disabled"), v_freq==0?true:false), -- `item(`id(60), _("1 minute"), v_freq==60?true:false), -- `item(`id(300), _("5 minutes"), v_freq==300?true:false), -- `item(`id(600), _("10 minutes"), v_freq==600?true:false), -- `item(`id(900), _("15 minutes"), v_freq==900?true:false), -- `item(`id(1800), _("30 minutes"), v_freq==1800?true:false), -- `item(`id(3600), _("1 hour"), v_freq==3600?true:false), -- `item(`id(86400), _("1 day"), v_freq==86400?true:false), -- `item(`id(604800), _("1 week"), v_freq==604800?true:false) -- ]; -- -- -- term event_config = `HVCenter(`VBox(`opt(`vstretch), -- `Frame( _("Security Event Notification"), -- `HBox(`HSpacing(1), -- `VBox(`opt(`vstretch), -- `VSpacing(1), -- `Frame( _("Terse Notification"), -- `VBox(`opt(`vstretch), -- `HBox( -- `ComboBox(`id(`terse_freq), _("Frequency"), terse_items), -- `TextEntry(`id(`terse_email), _("Email Address"), terse["terse_email"]:""), -- `IntField(`id(`terse_level), _("Severity"), 0,10, terse["terse_level"]:0) -- ), -- `HBox( -- `CheckBox( `id(`terse_unknown), _("Include Unknown Severity Events"), t_unknown) -- ) -- ) -- ), -- `VSpacing(1), -- `Frame( _("Summary Notification"), -- `VBox(`opt(`vstretch), -- `HBox( -- `ComboBox(`id(`summary_freq), _("Frequency"), summary_items), -- `TextEntry(`id(`summary_email), _("Email Address"), summary["summary_email"]:""), -- `IntField(`id(`summary_level), _("Severity"), 0,10, summary["summary_level"]:0) -- ), -- `HBox( -- `CheckBox( `id(`summary_unknown), _("Include Unknown Severity Events"), s_unknown) -- ) -- ) -- ), -- `VSpacing(1), -- `Frame( _("Verbose Notification"), -- `VBox(`opt(`vstretch), -- `HBox( -- `ComboBox(`id(`verbose_freq), _("Frequency"), verbose_items), -- `TextEntry(`id(`verbose_email), _("Email Address"), verbose["verbose_email"]:""), -- `IntField(`id(`verbose_level), _("Severity"), 0,10, verbose["verbose_level"]:0) -- ), -- `HBox( -- `CheckBox( `id(`verbose_unknown), _("Include Unknown Severity Events"), v_unknown) -- ) -- ) -- ), -- `VSpacing(1) -- ), -- `HSpacing(1) -- ) -- ) -- ) -- ); -- -- Wizard::CreateDialog(); -- Wizard::SetContentsButtons(_("Security Event Notification"), event_config, helps["EventNotifyHelpText"]:"", Label::BackButton(), Label::OKButton()); -- Wizard::DisableBackButton(); -- -- any ntInput = nil; -- string notifyLabelValue = ""; -- -- while( true ) { -- ntInput = UI::UserInput(); -- -- if (ntInput == `next) { -- -- map answers = $[ ]; -- map set_notify = $[ ]; -- map summary = $[ ]; -- map verbose = $[ ]; -- map terse = $[ ]; -- -- t_freq = UI::QueryWidget(`id(`terse_freq), `Value); -- s_freq = UI::QueryWidget(`id(`summary_freq), `Value); -- v_freq = UI::QueryWidget(`id(`verbose_freq), `Value); -- -- set_notify["sd-set-notify"] = "yes"; -- terse["terse_freq"] = tostring(t_freq); -- summary["summary_freq"] = tostring(s_freq); -- verbose["verbose_freq"] = tostring(v_freq); -- -- if (t_freq != 0) { -- -- string t_email = (string) UI::QueryWidget(`id(`terse_email), `Value); -- -- if ( t_email == nil || t_email == "" ) { -- Popup::Error( _("An email address is required for each selected notification method.") ); -- continue; -- } else if ( ! checkEmailAddress( t_email ) ) { -- continue; -- } -- -- terse["enable_terse"] = "yes"; -- terse["terse_email"] = (string) UI::QueryWidget(`id(`terse_email), `Value); -- terse["terse_level"] = (string) tostring(UI::QueryWidget(`id(`terse_level), `Value)); -- -- boolean t_unknown = (boolean) UI::QueryWidget(`id(`terse_unknown), `Value); -- -- if (t_unknown == true) { -- terse["terse_unknown"] = "1"; -- } else { -- terse["terse_unknown"] = "0"; -- } -- -- } else { -- terse["enable_terse"] = "no"; -- } -- -- if (s_freq != 0) { -- -- string s_email = (string) UI::QueryWidget(`id(`summary_email), `Value); -- if ( s_email == nil || s_email == "" ) { -- Popup::Error( _("An email address is required for each selected notification method.") ); -- continue; -- } else if ( ! checkEmailAddress(s_email) ) { -- continue; -- } -- -- summary["enable_summary"] = "yes"; -- summary["summary_email"] = (string) UI::QueryWidget(`id(`summary_email), `Value); -- summary["summary_level"] = (string) tostring(UI::QueryWidget(`id(`summary_level), `Value)); -- -- boolean s_unknown = (boolean) UI::QueryWidget(`id(`summary_unknown), `Value); -- -- if (s_unknown == true) { -- summary["summary_unknown"] = "1"; -- } else { -- summary["summary_unknown"] = "0"; -- } -- -- } else { -- summary["enable_summary"] = "no"; -- } -- -- if (v_freq != 0) { -- string v_email = (string) UI::QueryWidget(`id(`verbose_email), `Value); -- if ( v_email == nil || v_email == "" ) { -- Popup::Error( _("An email address is required for each selected notification method.") ); -- continue; -- } else if (! checkEmailAddress(v_email) ) { -- continue; -- } -- -- verbose["enable_verbose"] = "yes"; -- verbose["verbose_email"] = (string) UI::QueryWidget(`id(`verbose_email), `Value); -- verbose["verbose_level"] = (string) tostring(UI::QueryWidget(`id(`verbose_level), `Value)); -- -- boolean v_unknown = (boolean) UI::QueryWidget(`id(`verbose_unknown), `Value); -- -- if (v_unknown == true) { -- verbose["verbose_unknown"] = "1"; -- } else { -- verbose["verbose_unknown"] = "0"; -- } -- } else { -- verbose["enable_verbose"] = "no"; -- } -- -- answers["set_notify"] = set_notify; -- answers["terse"] = terse; -- answers["summary"] = summary; -- answers["verbose"] = verbose; -- -- string result = (string) SCR::Execute(.sdconf, answers); -- -- if (result != "success") { -- Popup::Error( _("Configuration failed for the following operations: ") + result); -- } -- -- if ( t_freq != 0 || s_freq != 0 || v_freq != 0 ) { -- notifyLabelValue = _("Notification is enabled"); -- } else { -- notifyLabelValue = _("Notification is disabled"); -- } -- } -- -- Wizard::CloseDialog(); -- if ( (ntInput == `ok) || (ntInput == `next) ) { -- UI::ChangeWidget( `id(`notifyLabel), `Value, notifyLabelValue ); -- } -- break; -- } -- --} -- --define symbol displayAppArmorConfig () { -- -- // AppArmor Status -- boolean aaEnabled = false; -- boolean ntIsEnabled = false; -- string subdomain = (string) SCR::Execute(.subdomain, "sd-status"); -- string sdEnStr = _("AppArmor is disabled"); -- -- if (subdomain == "enabled") { -- aaEnabled = true; -- sdEnStr = _("AppArmor is enabled"); -- } -- -- // Notification Status -- string evnotify = (string) SCR::Execute(.subdomain, "sd-notify"); -- string evEnStr = _("Notification is disabled"); -- if (evnotify == "enabled") { -- ntIsEnabled = true; -- evEnStr = _("Notification is enabled"); -- } else if (evnotify == "notinstalled") { -- evnotify = "disabled"; -- } -- -- /* Network dialog caption */ -- string caption = _("AppArmor Configuration"); -- string help = _("

    AppArmor Status
    This reports whether the AppArmor policy enforcement --module is loaded and functioning.

    ") + -- --_("

    Security Event Notification
    Configure this tool if you want --to be notified by email when access violations have occurred.

    ") + -- --_("

    Profile Modes
    Use this tool to change the way that AppArmor --uses individual profiles.

    "); -- -- term contents = -- `HVCenter( -- `VBox( -- `VSpacing(1), `HSpacing(2), -- `HBox ( -- `HSpacing( `opt(`hstretch), 2 ), -- `VBox( -- `Left(`CheckBox( `id(`aaState), `opt(`notify), _("&Enable AppArmor"), aaEnabled)), -- `VSpacing(1), -- -- `Frame( `id(`aaEnableFrame), _("Configure AppArmor"), -- `HBox ( -- `HSpacing( `opt(`hstretch), 4 ), -- `VBox( -- `VSpacing(1), -- `Frame ( _("Security Event Notification"), -- `HBox( -- `VSpacing(1), `HSpacing(1), -- `HVCenter( `Label( `id(`notifyLabel), evEnStr )), -- `PushButton( `id(`ntconf), _("C&onfigure")), -- `VSpacing(1), `HSpacing(1) -- ) -- ), -- `VSpacing(1), `HSpacing(20), -- -- `Frame ( _("Configure Profile Modes"), -- `HBox( -- `VSpacing(1), `HSpacing(1), -- `Left(`HVCenter( `Label( `id(`modesLabel), " " + _("Set profile modes") ))), -- `PushButton( `id(`modeconf), _("Co&nfigure") ), -- `VSpacing(1), `HSpacing(1) -- ) -- ), -- `VSpacing(1) -- ), -- `HSpacing( `opt(`hstretch), 4 ) -- ))), -- `HSpacing( `opt(`hstretch), 2 ) -- )) -- ); -- -- // May want to replace Wizard() with UI() -- Wizard::CreateDialog(); -- Wizard::SetTitleIcon("apparmor/control_panel"); -- Wizard::SetContentsButtons(caption, contents, help, Label::BackButton(), _("&Done")); -- Wizard::DisableBackButton(); -- -- UI::ChangeWidget(`id(`aaEnableFrame), `Enabled, aaEnabled); -- -- while( true ) { -- -- symbol ret = (symbol) UI::UserInput(); -- -- if ( ret == `abort || ret == `cancel || ret == `next) { -- break; -- } else if (ret == `aaState ) { -- -- // Set AppArmor state: enabled|disabled -- boolean requestedAaState = (boolean) UI::QueryWidget(`id(`aaState), `Value); -- -- aaEnabled = changeAppArmorState(requestedAaState); -- -- // These will match if the update was successful -- if ( aaEnabled == requestedAaState ) { -- UI::ChangeWidget(`id(`aaEnableFrame), `Enabled, aaEnabled); -- } -- -- } else if (ret == `ntconf ) { -- displayNotifyForm(); -- -- } else if (ret == `modeconf ) { -- -- profileModeConfigForm(); -- -- //displayAppArmorConfig(); -- -- } else { -- y2error("Unexpected return code: " + tostring(ret)); -- } -- } -- -- UI::CloseDialog(); -- return nil; --} -- --/* EOF */ --} ---- /dev/null -+++ b/src/scrconf/aaconf.scr -@@ -0,0 +1,20 @@ -+/** -+ * File: -+ * subdomain.scr -+ * Summary: -+ * SCR Agent for configuring subdomain -+ * Access: -+ * read/write -+ * Authors: -+ * David Drewelow -+ * See: -+ * libscr -+ * Example: -+ * Read(.cron,$[..]) -+ * -+ * $Id: sdconf.scr 3715 2005-01-19 09:06:05Z sarnold $ -+ * -+ */ -+.sdconf -+ -+`ag_sd_config () ---- /dev/null -+++ b/src/scrconf/apparmor.scr -@@ -0,0 +1,20 @@ -+/** -+ * File: -+ * subdomain.scr -+ * Summary: -+ * SCR Agent for configuring subdomain -+ * Access: -+ * read/write -+ * Authors: -+ * David Drewelow -+ * See: -+ * libscr -+ * Example: -+ * Read(.cron,$[..]) -+ * -+ * $Id: subdomain.scr 3715 2005-01-19 09:06:05Z sarnold $ -+ * -+ */ -+.subdomain -+ -+`ag_subdomain () ---- /dev/null -+++ b/src/scrconf/apparmor_profiles.scr -@@ -0,0 +1,53 @@ -+/** -+ * File: -+ * target.scr -+ * Summary: -+ * SCR Agent for interfacing with (shell) commands of the target system -+ * and reading/writing files. -+ * Access: -+ * read/write/execute -+ * Authors: -+ * Unknown -+ * See: -+ * libscr -+ * man bash -+ * source/y2a_system/doc/systemagent.txt -+ * Example: -+ * Execute (.target.bash, "uname -a") -+ * (0) -+ ** -+ * Execute (.target.bash_output, "uname -a") -+ * ( -+ * $[ -+ * "exit":0, -+ * "stderr":"", -+ * "stdout":"Linux steiner 2.2.18 #1 Fri Jan 19 22:10:35 GMT 2001 i686 unknown\n" -+ * ] -+ * ) -+ ** -+ * Read(.target.dir, "/") -+ * (["usr", "tmp", "floppy", "var", "root", "opt", "home", "etc", ...]) -+ ** -+ * Write(.target.string, "/tmp/target.1", "Some Test\n") -+ * (true) -+ ** -+ * Read(.target.string, "/tmp/target.1") -+ * ("Some Test\n") -+ * -+ * $Id: subdomain_profiles.scr 3715 2005-01-19 09:06:05Z sarnold $ -+ * -+ *

    The target-agent is used for various actions on the target system.

    -+ * -+ *

    The Execute Interface can be used to execute some predefined commands -+ * like mount, umount, mkdir, remove, modprobe ... or arbitrary commands -+ * using the bash, bash_output or bash_background.

    -+ * -+ *

    The Read and Write interface can be used to access the target -+ * filesystem, most prominent reading or writing whole files using the -+ * "string" subpath.

    -+ * -+ *

    For more information see the agent's own documentation.

    -+ */ -+.subdomain_profiles -+ -+`ag_subdomain_profiles () ---- a/src/scrconf/sdconf.scr -+++ /dev/null -@@ -1,20 +0,0 @@ --/** -- * File: -- * subdomain.scr -- * Summary: -- * SCR Agent for configuring subdomain -- * Access: -- * read/write -- * Authors: -- * David Drewelow -- * See: -- * libscr -- * Example: -- * Read(.cron,$[..]) -- * -- * $Id: sdconf.scr 3715 2005-01-19 09:06:05Z sarnold $ -- * -- */ --.sdconf -- --`ag_sd_config () ---- a/src/scrconf/subdomain.scr -+++ /dev/null -@@ -1,20 +0,0 @@ --/** -- * File: -- * subdomain.scr -- * Summary: -- * SCR Agent for configuring subdomain -- * Access: -- * read/write -- * Authors: -- * David Drewelow -- * See: -- * libscr -- * Example: -- * Read(.cron,$[..]) -- * -- * $Id: subdomain.scr 3715 2005-01-19 09:06:05Z sarnold $ -- * -- */ --.subdomain -- --`ag_subdomain () ---- a/src/scrconf/subdomain_profiles.scr -+++ /dev/null -@@ -1,53 +0,0 @@ --/** -- * File: -- * target.scr -- * Summary: -- * SCR Agent for interfacing with (shell) commands of the target system -- * and reading/writing files. -- * Access: -- * read/write/execute -- * Authors: -- * Unknown -- * See: -- * libscr -- * man bash -- * source/y2a_system/doc/systemagent.txt -- * Example: -- * Execute (.target.bash, "uname -a") -- * (0) -- ** -- * Execute (.target.bash_output, "uname -a") -- * ( -- * $[ -- * "exit":0, -- * "stderr":"", -- * "stdout":"Linux steiner 2.2.18 #1 Fri Jan 19 22:10:35 GMT 2001 i686 unknown\n" -- * ] -- * ) -- ** -- * Read(.target.dir, "/") -- * (["usr", "tmp", "floppy", "var", "root", "opt", "home", "etc", ...]) -- ** -- * Write(.target.string, "/tmp/target.1", "Some Test\n") -- * (true) -- ** -- * Read(.target.string, "/tmp/target.1") -- * ("Some Test\n") -- * -- * $Id: subdomain_profiles.scr 3715 2005-01-19 09:06:05Z sarnold $ -- * -- *

    The target-agent is used for various actions on the target system.

    -- * -- *

    The Execute Interface can be used to execute some predefined commands -- * like mount, umount, mkdir, remove, modprobe ... or arbitrary commands -- * using the bash, bash_output or bash_background.

    -- * -- *

    The Read and Write interface can be used to access the target -- * filesystem, most prominent reading or writing whole files using the -- * "string" subpath.

    -- * -- *

    For more information see the agent's own documentation.

    -- */ --.subdomain_profiles -- --`ag_subdomain_profiles () diff --git a/yast2-apparmor.changes b/yast2-apparmor.changes index 617fa26..f430a1c 100644 --- a/yast2-apparmor.changes +++ b/yast2-apparmor.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Aug 5 12:21:26 CEST 2011 - tgoettlicher@suse.de + +- fixed .desktop file (bnc #681249) + ------------------------------------------------------------------- Tue Aug 2 23:26:27 CEST 2011 - jeffm@suse.de diff --git a/yast2-apparmor.spec b/yast2-apparmor.spec index cc7ad62..2791bf4 100644 --- a/yast2-apparmor.spec +++ b/yast2-apparmor.spec @@ -1,46 +1,29 @@ # -# spec file for package yast2-apparmor +# spec file for package yast2-apparmor (Version 2.21.3) # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. -# -# All modifications and additions to the file contributed by third parties -# remain the property of their copyright owners, unless otherwise agreed -# upon. The license for this file, and modifications and additions to the -# file, is the same license as for the pristine package itself (unless the -# license for the pristine package is not an Open Source License, in which -# case the license is the MIT License). An "Open Source License" is a -# license that conforms to the Open Source Definition (Version 1.9) -# published by the Open Source Initiative. - -# Please submit bugfixes or comments via http://bugs.opensuse.org/ -# - # norootforbuild +Name: yast2-apparmor +Version: 2.21.3 +Release: 0 -Name: yast2-apparmor -Version: 2.21.5 -Release: 1 -BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source0: yast2-apparmor-2.21.2.tar.bz2 -Patch1: yast2-apparmor-rename-files -Patch2: yast2-apparmor-cleanup-names -Patch3: yast2-apparmor-rename-desktop +BuildRoot: %{_tmppath}/%{name}-%{version}-build +Source0: yast2-apparmor-2.21.3.tar.bz2 -Prefix: /usr +prefix: /usr -Group: Productivity/Security -License: GPL v2 or later +Group: Productivity/Security +License: GPL v2 or later -Summary: YaST2 - Plugins for AppArmor Profile Management -Requires: yast2 perl-TimeDate -BuildArch: noarch -Obsoletes: yast2-subdomain -Provides: yast2-subdomain -BuildRequires: update-desktop-files +Summary: YaST2 - Plugins for AppArmor Profile Management +Requires: yast2 perl-TimeDate +BuildArch: noarch +Obsoletes: yast2-subdomain +Provides: yast2-subdomain +BuildRequires: update-desktop-files -BuildRequires: yast2 yast2-devtools +BuildRequires: yast2 yast2-devtools %if 0%{?suse_version} >= 1140 # openSUSE-11.4 or newer @@ -56,10 +39,7 @@ This package is part of a suite of tools that used to be named SubDomain. %prep -%setup -n yast2-apparmor-2.21.2 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 +%setup -n yast2-apparmor-2.21.3 %build %{prefix}/bin/y2tool y2autoconf @@ -83,6 +63,7 @@ for f in `find $RPM_BUILD_ROOT/%{prefix}/share/applications/YaST2/ -name "*.desk %suse_update_desktop_file -d ycc_${d%.desktop} ${d%.desktop} done + %clean rm -rf "$RPM_BUILD_ROOT" @@ -113,4 +94,3 @@ REPDIR3='/var/log/apparmor/reports-exported' [ -e $REPDIR ] || mkdir -p $REPDIR [ -e $REPDIR2 ] || mkdir -p $REPDIR2 [ -e $REPDIR3 ] || mkdir -p $REPDIR3 -%changelog