From: Jeff Mahoney Subject: yast2-apparmor: Rename old sd/SD/SubDomain filenames AppArmor hasn't been known as SubDomain for many years. This patch changes the files via the following script. It *only* renames the files and the build will fail without the next patch which fixes the contents up. mkdir -p src/include/apparmor mv src/include/subdomain/* src/include/apparmor for file in $(find [a-z]*); do newfile=$(echo $file| sed -e 's/sd/aa/g' -e 's/subdomain/apparmor/g' -e 's/SD/AA/g') if [ "$file" != "$newfile" ]; then echo "$file -> $newfile" mv $file $newfile fi done Signed-off-by: Jeff Mahoney --- src/agents/ag_aa_config | 148 + src/agents/ag_apparmor | 112 src/agents/ag_apparmor_profiles | 153 + src/agents/ag_sd_config | 148 - src/agents/ag_subdomain | 112 src/agents/ag_subdomain_profiles | 153 - src/clients/AA_AddProfile.ycp | 114 src/clients/AA_DeleteProfile.ycp | 91 src/clients/AA_EditProfile.ycp | 93 src/clients/AA_Report.ycp | 108 src/clients/SD_AddProfile.ycp | 114 src/clients/SD_DeleteProfile.ycp | 91 src/clients/SD_EditProfile.ycp | 93 src/clients/SD_Report.ycp | 108 src/clients/apparmor-settings.ycp | 72 src/clients/apparmor_no_impl.ycp | 20 src/clients/subdomain.ycp | 72 src/clients/subdomain_no_impl.ycp | 20 src/include/apparmor/Makefile.am | 19 src/include/apparmor/aa-config.ycp | 415 +++ src/include/apparmor/apparmor_packages.ycp | 30 src/include/apparmor/apparmor_profile_check.ycp | 52 src/include/apparmor/apparmor_ycp_utils.ycp | 679 +++++ src/include/apparmor/capabilities.ycp | 310 ++ src/include/apparmor/config_complain.ycp | 227 + src/include/apparmor/helps.ycp | 219 + src/include/apparmor/profile_dialogs.ycp | 1147 ++++++++ src/include/apparmor/report_helptext.ycp | 158 + src/include/apparmor/reporting_archived_dialogs.ycp | 307 ++ src/include/apparmor/reporting_dialogues.ycp | 2513 +++++++++++++++++++ src/include/apparmor/reporting_utils.ycp | 609 ++++ src/include/subdomain/Makefile.am | 19 src/include/subdomain/Makefile.in | 412 --- src/include/subdomain/apparmor_packages.ycp | 30 src/include/subdomain/apparmor_profile_check.ycp | 52 src/include/subdomain/apparmor_ycp_utils.ycp | 679 ----- src/include/subdomain/capabilities.ycp | 310 -- src/include/subdomain/config_complain.ycp | 227 - src/include/subdomain/helps.ycp | 219 - src/include/subdomain/profile_dialogs.ycp | 1147 -------- src/include/subdomain/report_helptext.ycp | 158 - src/include/subdomain/reporting_archived_dialogs.ycp | 307 -- src/include/subdomain/reporting_dialogues.ycp | 2513 ------------------- src/include/subdomain/reporting_utils.ycp | 609 ---- src/include/subdomain/sd-config.ycp | 415 --- src/scrconf/aaconf.scr | 20 src/scrconf/apparmor.scr | 20 src/scrconf/apparmor_profiles.scr | 53 src/scrconf/sdconf.scr | 20 src/scrconf/subdomain.scr | 20 src/scrconf/subdomain_profiles.scr | 53 51 files changed, 7689 insertions(+), 8101 deletions(-) --- /dev/null +++ b/src/agents/ag_aa_config @@ -0,0 +1,148 @@ +#!/usr/bin/perl + +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +################################################################################ +# ag_sd_config +################################################################################ + +use strict; +use ycp; +use Data::Dumper; + +use Immunix::Notify; +use Immunix::Reports; + +# Subroutines +################################################################################ +sub setSubdomain { + + my $action = shift; + my $errmsg = ""; + my $lines = 0; + if ($action eq "enable") { + if (-e "/sbin/rcapparmor") { + open(RUN, "/sbin/rcapparmor start 2>&1 |"); + } else { + open(RUN, "/sbin/rcsubdomain start 2>&1 |"); + } + while () { + if (/FATAL:(.*)/) { + $errmsg = $1; + } + } + close(RUN); + if (-f "/etc/init.d/boot.apparmor") { + system("/sbin/insserv boot.apparmor"); + } else { + system("/sbin/insserv boot.subdomain"); + } + if (-f "/etc/init.d/aaeventd") { + system("/sbin/rcaaeventd start"); + system("/sbin/insserv aaeventd"); + } + } else { + if (-e "/sbin/rcapparmor") { + open(RUN, "/sbin/rcapparmor stop 2>&1 |"); + } else { + open(RUN, "/sbin/rcsubdomain stop 2>&1 |"); + } + while () { + if (/FATAL:(.*)/) { + $errmsg = $1; + } + } + close(RUN); + if (-f "/etc/init.d/boot.apparmor") { + system("/sbin/insserv -r boot.apparmor"); + } else { + system("/sbin/insserv -r boot.subdomain"); + } + if (-f "/etc/init.d/aaeventd") { + system("/sbin/rcaaeventd stop"); + system("/sbin/insserv -r aaeventd"); + } + } + return $errmsg; +} + +sub setNotify { + + my $action = shift; + + return 0; +} + +sub setLearningMode { + + my $action = shift; + my $rcscript = -f "/sbin/rcapparmor" ? "/sbin/rcapparmor" + : "/sbin/rcsubdomain"; + + if ($action eq "enable") { + system("$rcscript", "stop"); + system("$rcscript", "complain"); + } else { + system("$rcscript". "stop"); + system("$rcscript", "start"); + } + + return 0; +} + +# Main +################################################################################ + + +while ( ) { + + my ($command, $path, $argument) = ycp::ParseCommand ($_); + + my $result = undef; + my $action = undef; + + if ( $command && $path && $argument ) { + + if (ref($argument) eq "HASH" && $argument->{"set_notify"}) { + my ($ntSettings, $result) = Immunix::Notify::sanitize($argument); + + if ($result ne "success") { + ycp::Return($result); + next; + } else { + $result = Immunix::Notify::setNotifySettings($ntSettings); + ycp::Return($result); + next; + } + } + + ($action) = (split(/:/, $argument))[1]; + + if ( $argument =~ /subdomain/ ) { + $result = setSubdomain($action); + } elsif ( $argument =~ /learning/ ) { + setLearningMode($action); + } elsif ( $argument eq 'sd-notify') { + setNotify($action); + } + + if ( $result ) { + ycp::Return( $result ); + } else { + ycp::Return("true"); + } + } +} + +exit 0; + + + --- /dev/null +++ b/src/agents/ag_apparmor @@ -0,0 +1,112 @@ +#!/usr/bin/perl + +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + +################################################################################ +# ag_subdomain +# +# Version 0.61 +################################################################################ + +use strict; +use ycp; +use Data::Dumper; +use Immunix::Notify; +use Immunix::SubDomain; + + +# Subroutines +################################################################################ + +sub getSubdomainStatus { + + my $sdStatus = "disabled"; + + # Ok check that there are profiles loaded to + # determine status + my $mountpoint = Immunix::SubDomain::check_for_subdomain(); + if ( $mountpoint ) { + open( PROFILES, "cat $mountpoint/profiles|" ); + while () { + # Ensure we have loaded profiles + # not just a loaded module + if ( /\// ) { + $sdStatus = "enabled"; + last; + } + } + close PROFILES; + } + return $sdStatus; +} + +sub profileSyntaxCheck { + my $errlist = []; + Immunix::SubDomain::checkIncludeSyntax($errlist); + Immunix::SubDomain::checkProfileSyntax($errlist); + my @errlist = Immunix::SubDomain::uniq(@$errlist); + return \@errlist; +} + + +# Main +################################################################################ + +while ( ) { + my ($command, $path, $argument) = ycp::ParseCommand($_); + + my $result = undef; + my $donereturn = 0; + if ( $command && $path && $argument ) { + if ( $argument eq 'sd-all') { + my %hResult = ''; # hashed result, duh + $hResult{'sd-status'} = getSubdomainStatus(); + $hResult{'sd-notify'} = Immunix::Notify::getNotifyStatus(); + #ycp::ycpReturnHashAsMap( %hResult ); + ycp::Return( %hResult ); + $donereturn = 1; + } elsif ( $argument eq 'sd-status') { + $result = getSubdomainStatus(); + } elsif ( $argument eq 'sd-notify') { + $result = Immunix::Notify::getNotifyStatus(); + } elsif ( $command eq "Read" and $argument eq 'custom-includes') { + my $cfg = Immunix::SubDomain::read_config("logprof.conf"); + my @ret = split(' ', $cfg->{settings}{custom_includes}); + ycp::ycpReturn(\@ret); + $donereturn = 1; + } elsif ( $command eq "Execute" and $argument eq 'profile-syntax-check') { + $result = profileSyntaxCheck(); + ycp::ycpReturn($result); + $donereturn = 1; + } elsif ( $argument eq 'sd-notify-settings') { + $result = Immunix::Notify::getNotifySettings(); + ycp::Return($result); + $donereturn = 1; + } + ycp::ycpReturnSkalarAsString( $result ) if ( ! $donereturn ); + } + else { + #ycpGetCommand and ycpGetArgType is obsolete, we have those + #from ycp::ParseCommand + if ($command eq "result") { + exit 0; + } else { + $result = "Unknown instruction $command or argument: $argument\n"; + ycp::ycpReturnSkalarAsString( $result ); + } + } + print "\n"; +} +exit 0; + + + --- /dev/null +++ b/src/agents/ag_apparmor_profiles @@ -0,0 +1,153 @@ +#!/usr/bin/perl + +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + +##################################################################### +# +# ag_subdomain_profiles - Immunix SCR agent for the +# management of SubDomain profiles +# +# +##################################################################### + +use strict; +use ycp; + +use Immunix::SubDomain; + +################ +# Subroutines +################ + +{ + +sub newprofile { + my $filename = shift; + system("/usr/sbin/autodep $filename > /dev/null 2>&1"); + system("/usr/sbin/enforce $filename > /dev/null 2>&1"); + return; +} + +# ############################################################################### +# +# YCP <-> SCR Commands: +# +# Command Path Argument Returns +# ------- ---- -------- -------- +# +# Read all hash containing all profiles +# +# Read .new pathtoprogram true/false (creates new profile) +# +# Write hash { true/false +# PROFILE_NAME => +# pathtoprogram, +# PROFILE_HASH => +# +# } +# +# Write .delete pathtoprogram true/fale (deletes profile) +# +# Write .reload - true (reloads profiles) +# +# +################################################################################ + + +while ( ) { + + my ($command, $path, $argument) = ycp::ParseCommand ($_); + $argument = "NONE" if ( ! $argument ); + ycp::y2debug ("DOM command: $command, path: $path, argument: $argument"); + + my $result = undef; + if ( $command && $path && $argument ) { + if ( $command eq "Read" and $argument eq "all") { + $UI_Mode = "yast"; + Immunix::SubDomain::readprofiles(); + ycp::Return( \%sd ); + } elsif ( $command eq "Read" and $path eq ".new" ) { + my $pfname = getprofilefilename($argument); + if ( -e $pfname ) { + ycp::Return("false"); + } else { + newprofile( $argument ); + ycp::Return( "true" ); + } + } elsif ( $command eq "Read" ) { + my $pfname = getprofilefilename($argument); + if ( -e $pfname ) { + $UI_Mode = "yast"; + Immunix::SubDomain::readprofiles(); + ycp::Return( $sd{$argument} ); + } else { + ycp::Return( "false" ); + } + } elsif ( $command eq "Read") { + $UI_Mode = "yast"; + Immunix::SubDomain::readprofile("$profiledir/$argument", + \&$Immunix::SubDomain::fatal_error, 1); + ycp::Return( \%sd ); + } elsif ( $command eq "Write" and $path eq ".delete") { + if ( $argument ne "" ) { + my $profilefile = getprofilefilename( $argument ); + if ( -e $profilefile ) { + unlink( $profilefile ); + } + ycp::Return( "true" ); + } else { + ycp::Return( "false" ); + } + } elsif ( $command eq "Write" and $path eq ".reload") { + $result = system("/sbin/rcsubdomain reload > /dev/null 2>&1"); + ycp::Return( "true" ); + } elsif ( $command eq "Write") { + if ( (ref($argument) eq "HASH") ) { + my $profilename = ""; + $profilename = $$argument{"PROFILE_NAME"}; + my $ref = $$argument{"PROFILE_HASH"}; + my %profiles = (); + $profiles{$profilename} = $ref; + if ( (ref($ref) eq "HASH") ) { + %sd = %profiles; + $UI_Mode = "yast"; + $result = Immunix::SubDomain::writeprofile($profilename); + } else { + ycp::Return( "false" ); + } + ycp::Return( "true" ); + } + } elsif ( $command eq "Execute") { + if ( $path eq '.mode_to_string') { + my $ret = Immunix::SubDomain::mode_to_str( $argument ); + ycp::Return($ret); + } + elsif ($path eq '.string_to_mode') { + my $ret = Immunix::SubDomain::str_to_mode( $argument ); + ycp::Return($ret); + } + } else { + #ycpGetCommand and ycpGetArgType is obsolete, we have those + #from ycp::ParseCommand + if ($command eq "result") { + exit 0; + } else { + $result = "Unknown instruction $command or argument: $argument\n"; + ycp::Return( $result ); + } + } +} +} +exit 0; +} + --- a/src/agents/ag_sd_config +++ /dev/null @@ -1,148 +0,0 @@ -#!/usr/bin/perl - -# ------------------------------------------------------------------ -# -# Copyright (C) 2002-2005 Novell/SUSE -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of version 2 of the GNU General Public -# License published by the Free Software Foundation. -# -# ------------------------------------------------------------------ - -################################################################################ -# ag_sd_config -################################################################################ - -use strict; -use ycp; -use Data::Dumper; - -use Immunix::Notify; -use Immunix::Reports; - -# Subroutines -################################################################################ -sub setSubdomain { - - my $action = shift; - my $errmsg = ""; - my $lines = 0; - if ($action eq "enable") { - if (-e "/sbin/rcapparmor") { - open(RUN, "/sbin/rcapparmor start 2>&1 |"); - } else { - open(RUN, "/sbin/rcsubdomain start 2>&1 |"); - } - while () { - if (/FATAL:(.*)/) { - $errmsg = $1; - } - } - close(RUN); - if (-f "/etc/init.d/boot.apparmor") { - system("/sbin/insserv boot.apparmor"); - } else { - system("/sbin/insserv boot.subdomain"); - } - if (-f "/etc/init.d/aaeventd") { - system("/sbin/rcaaeventd start"); - system("/sbin/insserv aaeventd"); - } - } else { - if (-e "/sbin/rcapparmor") { - open(RUN, "/sbin/rcapparmor stop 2>&1 |"); - } else { - open(RUN, "/sbin/rcsubdomain stop 2>&1 |"); - } - while () { - if (/FATAL:(.*)/) { - $errmsg = $1; - } - } - close(RUN); - if (-f "/etc/init.d/boot.apparmor") { - system("/sbin/insserv -r boot.apparmor"); - } else { - system("/sbin/insserv -r boot.subdomain"); - } - if (-f "/etc/init.d/aaeventd") { - system("/sbin/rcaaeventd stop"); - system("/sbin/insserv -r aaeventd"); - } - } - return $errmsg; -} - -sub setNotify { - - my $action = shift; - - return 0; -} - -sub setLearningMode { - - my $action = shift; - my $rcscript = -f "/sbin/rcapparmor" ? "/sbin/rcapparmor" - : "/sbin/rcsubdomain"; - - if ($action eq "enable") { - system("$rcscript", "stop"); - system("$rcscript", "complain"); - } else { - system("$rcscript". "stop"); - system("$rcscript", "start"); - } - - return 0; -} - -# Main -################################################################################ - - -while ( ) { - - my ($command, $path, $argument) = ycp::ParseCommand ($_); - - my $result = undef; - my $action = undef; - - if ( $command && $path && $argument ) { - - if (ref($argument) eq "HASH" && $argument->{"set_notify"}) { - my ($ntSettings, $result) = Immunix::Notify::sanitize($argument); - - if ($result ne "success") { - ycp::Return($result); - next; - } else { - $result = Immunix::Notify::setNotifySettings($ntSettings); - ycp::Return($result); - next; - } - } - - ($action) = (split(/:/, $argument))[1]; - - if ( $argument =~ /subdomain/ ) { - $result = setSubdomain($action); - } elsif ( $argument =~ /learning/ ) { - setLearningMode($action); - } elsif ( $argument eq 'sd-notify') { - setNotify($action); - } - - if ( $result ) { - ycp::Return( $result ); - } else { - ycp::Return("true"); - } - } -} - -exit 0; - - - --- a/src/agents/ag_subdomain +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/perl - -# ------------------------------------------------------------------ -# -# Copyright (C) 2002-2005 Novell/SUSE -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of version 2 of the GNU General Public -# License published by the Free Software Foundation. -# -# ------------------------------------------------------------------ - - -################################################################################ -# ag_subdomain -# -# Version 0.61 -################################################################################ - -use strict; -use ycp; -use Data::Dumper; -use Immunix::Notify; -use Immunix::SubDomain; - - -# Subroutines -################################################################################ - -sub getSubdomainStatus { - - my $sdStatus = "disabled"; - - # Ok check that there are profiles loaded to - # determine status - my $mountpoint = Immunix::SubDomain::check_for_subdomain(); - if ( $mountpoint ) { - open( PROFILES, "cat $mountpoint/profiles|" ); - while () { - # Ensure we have loaded profiles - # not just a loaded module - if ( /\// ) { - $sdStatus = "enabled"; - last; - } - } - close PROFILES; - } - return $sdStatus; -} - -sub profileSyntaxCheck { - my $errlist = []; - Immunix::SubDomain::checkIncludeSyntax($errlist); - Immunix::SubDomain::checkProfileSyntax($errlist); - my @errlist = Immunix::SubDomain::uniq(@$errlist); - return \@errlist; -} - - -# Main -################################################################################ - -while ( ) { - my ($command, $path, $argument) = ycp::ParseCommand($_); - - my $result = undef; - my $donereturn = 0; - if ( $command && $path && $argument ) { - if ( $argument eq 'sd-all') { - my %hResult = ''; # hashed result, duh - $hResult{'sd-status'} = getSubdomainStatus(); - $hResult{'sd-notify'} = Immunix::Notify::getNotifyStatus(); - #ycp::ycpReturnHashAsMap( %hResult ); - ycp::Return( %hResult ); - $donereturn = 1; - } elsif ( $argument eq 'sd-status') { - $result = getSubdomainStatus(); - } elsif ( $argument eq 'sd-notify') { - $result = Immunix::Notify::getNotifyStatus(); - } elsif ( $command eq "Read" and $argument eq 'custom-includes') { - my $cfg = Immunix::SubDomain::read_config("logprof.conf"); - my @ret = split(' ', $cfg->{settings}{custom_includes}); - ycp::ycpReturn(\@ret); - $donereturn = 1; - } elsif ( $command eq "Execute" and $argument eq 'profile-syntax-check') { - $result = profileSyntaxCheck(); - ycp::ycpReturn($result); - $donereturn = 1; - } elsif ( $argument eq 'sd-notify-settings') { - $result = Immunix::Notify::getNotifySettings(); - ycp::Return($result); - $donereturn = 1; - } - ycp::ycpReturnSkalarAsString( $result ) if ( ! $donereturn ); - } - else { - #ycpGetCommand and ycpGetArgType is obsolete, we have those - #from ycp::ParseCommand - if ($command eq "result") { - exit 0; - } else { - $result = "Unknown instruction $command or argument: $argument\n"; - ycp::ycpReturnSkalarAsString( $result ); - } - } - print "\n"; -} -exit 0; - - - --- a/src/agents/ag_subdomain_profiles +++ /dev/null @@ -1,153 +0,0 @@ -#!/usr/bin/perl - -# ------------------------------------------------------------------ -# -# Copyright (C) 2002-2005 Novell/SUSE -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of version 2 of the GNU General Public -# License published by the Free Software Foundation. -# -# ------------------------------------------------------------------ - - -##################################################################### -# -# ag_subdomain_profiles - Immunix SCR agent for the -# management of SubDomain profiles -# -# -##################################################################### - -use strict; -use ycp; - -use Immunix::SubDomain; - -################ -# Subroutines -################ - -{ - -sub newprofile { - my $filename = shift; - system("/usr/sbin/autodep $filename > /dev/null 2>&1"); - system("/usr/sbin/enforce $filename > /dev/null 2>&1"); - return; -} - -# ############################################################################### -# -# YCP <-> SCR Commands: -# -# Command Path Argument Returns -# ------- ---- -------- -------- -# -# Read all hash containing all profiles -# -# Read .new pathtoprogram true/false (creates new profile) -# -# Write hash { true/false -# PROFILE_NAME => -# pathtoprogram, -# PROFILE_HASH => -# -# } -# -# Write .delete pathtoprogram true/fale (deletes profile) -# -# Write .reload - true (reloads profiles) -# -# -################################################################################ - - -while ( ) { - - my ($command, $path, $argument) = ycp::ParseCommand ($_); - $argument = "NONE" if ( ! $argument ); - ycp::y2debug ("DOM command: $command, path: $path, argument: $argument"); - - my $result = undef; - if ( $command && $path && $argument ) { - if ( $command eq "Read" and $argument eq "all") { - $UI_Mode = "yast"; - Immunix::SubDomain::readprofiles(); - ycp::Return( \%sd ); - } elsif ( $command eq "Read" and $path eq ".new" ) { - my $pfname = getprofilefilename($argument); - if ( -e $pfname ) { - ycp::Return("false"); - } else { - newprofile( $argument ); - ycp::Return( "true" ); - } - } elsif ( $command eq "Read" ) { - my $pfname = getprofilefilename($argument); - if ( -e $pfname ) { - $UI_Mode = "yast"; - Immunix::SubDomain::readprofiles(); - ycp::Return( $sd{$argument} ); - } else { - ycp::Return( "false" ); - } - } elsif ( $command eq "Read") { - $UI_Mode = "yast"; - Immunix::SubDomain::readprofile("$profiledir/$argument", - \&$Immunix::SubDomain::fatal_error, 1); - ycp::Return( \%sd ); - } elsif ( $command eq "Write" and $path eq ".delete") { - if ( $argument ne "" ) { - my $profilefile = getprofilefilename( $argument ); - if ( -e $profilefile ) { - unlink( $profilefile ); - } - ycp::Return( "true" ); - } else { - ycp::Return( "false" ); - } - } elsif ( $command eq "Write" and $path eq ".reload") { - $result = system("/sbin/rcsubdomain reload > /dev/null 2>&1"); - ycp::Return( "true" ); - } elsif ( $command eq "Write") { - if ( (ref($argument) eq "HASH") ) { - my $profilename = ""; - $profilename = $$argument{"PROFILE_NAME"}; - my $ref = $$argument{"PROFILE_HASH"}; - my %profiles = (); - $profiles{$profilename} = $ref; - if ( (ref($ref) eq "HASH") ) { - %sd = %profiles; - $UI_Mode = "yast"; - $result = Immunix::SubDomain::writeprofile($profilename); - } else { - ycp::Return( "false" ); - } - ycp::Return( "true" ); - } - } elsif ( $command eq "Execute") { - if ( $path eq '.mode_to_string') { - my $ret = Immunix::SubDomain::mode_to_str( $argument ); - ycp::Return($ret); - } - elsif ($path eq '.string_to_mode') { - my $ret = Immunix::SubDomain::str_to_mode( $argument ); - ycp::Return($ret); - } - } else { - #ycpGetCommand and ycpGetArgType is obsolete, we have those - #from ycp::ParseCommand - if ($command eq "result") { - exit 0; - } else { - $result = "Unknown instruction $command or argument: $argument\n"; - ycp::Return( $result ); - } - } -} -} -exit 0; -} - --- /dev/null +++ b/src/clients/AA_AddProfile.ycp @@ -0,0 +1,114 @@ +/* ------------------------------------------------------------------ +* +* Copyright (C) 2002-2006 Novell/SUSE +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of version 2 of the GNU General Public +* License published by the Free Software Foundation. +* + ------------------------------------------------------------------*/ +{ +import "Wizard"; +import "Popup"; +import "Label"; +import "Sequencer"; +include "subdomain/apparmor_packages.ycp"; +include "subdomain/apparmor_profile_check.ycp"; +include "subdomain/profile_dialogs.ycp"; +textdomain "yast2-apparmor"; + +// Globalz + +define boolean CreateNewProfile() { + string selectfilename = ""; + while ( true ) { + selectfilename = UI::AskForExistingFile( "/", "", _("Select File To Generate A Profile for") ); + // Check for cancel in the file choose dialog + if ( selectfilename == nil ) { + return false; + } + Settings["CURRENT_PROFILE"] = selectfilename; + boolean profile = (boolean) SCR::Read (.subdomain_profiles.new, selectfilename); + if ( profile == false && Popup::YesNoHeadline( _("Profile for ") + selectfilename + _(" already exists."), _("Would you like to open this profile in editing mode?") ) ) { + return true; + } + Settings["NEW_PROFILE"] = selectfilename; + return true; + } +} + + + +// +// Setup and run the Wizard +// +define any MainSequence() ``{ + + map profiles = nil; + map aliases = $[ + "showprofile" : ``(DisplayProfileForm(Settings["CURRENT_PROFILE"]:"", false)), + "showHat" : ``(DisplayProfileForm(Settings["CURRENT_HAT"]:"", true)) + ]; + + map sequence = $[ + "ws_start" : "showprofile", + "showprofile" : $[ + `abort : `abort, + `next : `finish, + `showhat : "showHat", + `finish : `finish, + ], + "showHat" : $[ + `abort : `abort, + `next : "showprofile", + `finish : `next, + ] + ]; + + boolean created_new_profile = CreateNewProfile(); + if ( created_new_profile == false ) { + remove( Settings, "NEW_PROFILE"); + remove( Settings, "CURRENT_PROFILE"); + return (any) `abort; + } + map new_profile = (map) SCR::Read (.subdomain_profiles, Settings["CURRENT_PROFILE"]:"" ); + Settings["PROFILE_MAP"] = new_profile; + Wizard::CreateDialog(); + Wizard::SetTitleIcon("apparmor_add_profile"); + any ret = Sequencer::Run(aliases, sequence); + Wizard::CloseDialog(); + if ( ret == `abort ) { + string profile_name = Settings["NEW_PROFILE"]:""; + any result = SCR::Write(.subdomain_profiles.delete, profile_name); + } + Settings = remove( Settings, "NEW_PROFILE"); + Settings = remove( Settings, "CURRENT_PROFILE"); + return ret; +} + + + +// +// YEAH BABY RUN BABY RUN +// + +any ret = nil; + +// no command line support #269891 +if (size(WFM::Args()) > 0 ) +{ + import "CommandLine"; + CommandLine::Init($[], WFM::Args()); + return ret; +} + +if (!installAppArmorPackages()) { + return ret; +} +if (!checkProfileSyntax()) { + return ret; +} +ret = MainSequence(); +return ret; +} + --- /dev/null +++ b/src/clients/AA_DeleteProfile.ycp @@ -0,0 +1,91 @@ +/* ------------------------------------------------------------------ +* +* Copyright (C) 2002-2006 Novell/SUSE +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of version 2 of the GNU General Public +* License published by the Free Software Foundation. +* + ------------------------------------------------------------------*/ +{ +import "Wizard"; +import "Label"; +import "Popup"; +import "Sequencer"; +include "subdomain/apparmor_packages.ycp"; +include "subdomain/apparmor_profile_check.ycp"; +include "subdomain/profile_dialogs.ycp"; +textdomain "yast2-apparmor"; + +// Globalz + +define any DeleteProfileConfirmation() { + string profilename = Settings["CURRENT_PROFILE"]:""; + if (Popup::YesNoHeadline( _("Delete profile confirmation"), + _("Are you sure you want to delete the profile ") + profilename + + _(" ?\nAfter this operation the AppArmor module will reload the profile set.") ) ) { + y2milestone("Deleted " + profilename ); + boolean result = SCR::Write(.subdomain_profiles.delete, profilename); + any result2 = SCR::Write(.subdomain_profiles.reload, "-"); + } + return `finish; +} + +define any MainSequence() ``{ + +// +// Read the profiles from the SCR agent + map profiles = (map) SCR::Read (.subdomain_profiles, "all"); + + map aliases = $[ + "chooseprofile" : ``(SelectProfileForm(profiles, _("Please make a + selection from the listed profiles and press Next to delete the profile."), + _("Delete Profile - Choose profile to delete"), "subdomain/delete_profile")), + "deleteprofile" : ``(DeleteProfileConfirmation()), + ]; + + map sequence = $[ + "ws_start" : "chooseprofile", + "chooseprofile" : $[ + `abort : `abort, + `next : "deleteprofile", + `finish : `next, + ], + ]; + + Wizard::CreateDialog(); + Wizard::SetTitleIcon("apparmor_delete_profile"); + any ret = Sequencer::Run(aliases, sequence); + Wizard::CloseDialog(); + Settings = remove( Settings, "CURRENT_PROFILE"); + Settings = remove( Settings, "PROFILE_MAP"); + return ret; +} + + + +// +// YEAH BABY RUN BABY RUN +// +any ret = nil; + +// no command line support #269891 +if (size(WFM::Args()) > 0 ) +{ + import "CommandLine"; + CommandLine::Init($[], WFM::Args()); + return ret; +} + +if (!installAppArmorPackages()) { + return ret; +} + +if (!checkProfileSyntax()) { + return true; +} + +ret = MainSequence(); +return ret; +} + --- /dev/null +++ b/src/clients/AA_EditProfile.ycp @@ -0,0 +1,93 @@ +/* ------------------------------------------------------------------ +* +* Copyright (C) 2002-2006 Novell/SUSE +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of version 2 of the GNU General Public +* License published by the Free Software Foundation. +* + ------------------------------------------------------------------*/ +{ +import "Wizard"; +import "Popup"; +import "Label"; +import "Sequencer"; +include "subdomain/apparmor_packages.ycp"; +include "subdomain/apparmor_profile_check.ycp"; +include "subdomain/profile_dialogs.ycp"; +textdomain "yast2-apparmor"; + +// Globalz + + + +define any MainSequence() ``{ + +// +// Read the profiles from the SCR agent + map profiles = (map) SCR::Read (.subdomain_profiles, "all"); + + map aliases = $[ + "showProfile" : ``(DisplayProfileForm(Settings["CURRENT_PROFILE"]:"", false)), + "showHat" : ``(DisplayProfileForm(Settings["CURRENT_HAT"]:"", true)), + "chooseProfile" : ``(SelectProfileForm(profiles, _("Please make a selection from the listed profiles and press Next to edit the profile."), _("Edit Profile - Choose profile to edit"), "apparmor_edit_profile" )), + + ]; + + map sequence = $[ + "ws_start" : "chooseProfile", + "chooseProfile" : $[ + `abort : `abort, + `next : "showProfile", + `finish : `next, + ], + "showProfile" : $[ + `abort : `abort, + `next : `ws_finish, + `showhat : "showHat", + `finish : `next, + ], + "showHat" : $[ + `abort : `abort, + `next : "showProfile", + `finish : `next, + ], + ]; + + Wizard::CreateDialog(); + Wizard::SetTitleIcon("apparmor_edit_profile"); + any ret = Sequencer::Run(aliases, sequence); + Wizard::CloseDialog(); + Settings = remove( Settings, "CURRENT_PROFILE"); + Settings = remove( Settings, "PROFILE_MAP"); + return ret; +} + + + +// +// YEAH BABY RUN BABY RUN +// +any ret = nil; + +// no command line support #269891 +if (size(WFM::Args()) > 0 ) +{ + import "CommandLine"; + CommandLine::Init($[], WFM::Args()); + return ret; +} + +if (!installAppArmorPackages()) { + return ret; +} + +if (!checkProfileSyntax()) { + return ret; +} + + +ret = MainSequence(); +return ret; +} + --- /dev/null +++ b/src/clients/AA_Report.ycp @@ -0,0 +1,108 @@ +/* ------------------------------------------------------------------ +* +* Copyright (C) 2002-2006 Novell/SUSE +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of version 2 of the GNU General Public +* License published by the Free Software Foundation. +* + ------------------------------------------------------------------*/ +{ + +import "Wizard"; +import "Popup"; +import "Label"; +import "Sequencer"; +include "subdomain/apparmor_packages.ycp"; +include "subdomain/apparmor_profile_check.ycp"; +include "subdomain/reporting_dialogues.ycp"; +include "subdomain/report_helptext.ycp"; +textdomain "yast2-apparmor"; + +// Globalz + +define any mainSequence() ``{ + +// Read the profiles from the SCR agent + map aliases = $[ + "mainreport" : ``(mainReportForm()), + "configreport" : ``(reportConfigForm()), + "reportview" : ``(mainArchivedReportForm()), + "schedReport" : ``(displaySchedForm()), + "viewreport" : ``(displayArchForm()), + "runReport" : ``(displayRunForm()) + ]; + + map sequence = $[ + "ws_start" : "schedReport", + "mainreport" : $[ + `back : `back, + `abort : `abort, + `next : `finish, + `schedrep: "schedReport", + `finish : `ws_finish + ], + "schedReport": $[ + `back : `ws_start, + `abort : `abort, + `viewrep : "viewreport", + `runrep : "runReport", + `next : "runReport", + `finish : `ws_finish + ], + "viewreport" : $[ + `back : "mainreport", + `abort : `abort, + `next : "mainreport", + `finish : `ws_finish + ], + "runReport": $[ + `back : `back, + `abort : `abort, + `next : `finish, + `finish : `ws_finish + ], + "configreport" : $[ + `back : `back, + `abort : `abort, + `next : "reportview", + `finish : `ws_finish + ], + "reportview" : $[ + `back : `back, + `abort : `abort, + `next : `finish, + `finish : `ws_finish + ], + ]; + + Wizard::CreateDialog(); + Wizard::SetTitleIcon("apparmor_view_profile"); + any ret = Sequencer::Run(aliases, sequence); + Wizard::CloseDialog(); + return ret; +} + +any ret = nil; + +// no command line support #269891 +if (size(WFM::Args()) > 0 ) +{ + import "CommandLine"; + CommandLine::Init($[], WFM::Args()); + return ret; +} + +if (!installAppArmorPackages()) { + return ret; +} + +checkProfileSyntax(); + +ret = mainSequence(); +return ret; + + +} + + --- a/src/clients/SD_AddProfile.ycp +++ /dev/null @@ -1,114 +0,0 @@ -/* ------------------------------------------------------------------ -* -* Copyright (C) 2002-2006 Novell/SUSE -* -* This program is free software; you can redistribute it and/or -* modify it under the terms of version 2 of the GNU General Public -* License published by the Free Software Foundation. -* - ------------------------------------------------------------------*/ -{ -import "Wizard"; -import "Popup"; -import "Label"; -import "Sequencer"; -include "subdomain/apparmor_packages.ycp"; -include "subdomain/apparmor_profile_check.ycp"; -include "subdomain/profile_dialogs.ycp"; -textdomain "yast2-apparmor"; - -// Globalz - -define boolean CreateNewProfile() { - string selectfilename = ""; - while ( true ) { - selectfilename = UI::AskForExistingFile( "/", "", _("Select File To Generate A Profile for") ); - // Check for cancel in the file choose dialog - if ( selectfilename == nil ) { - return false; - } - Settings["CURRENT_PROFILE"] = selectfilename; - boolean profile = (boolean) SCR::Read (.subdomain_profiles.new, selectfilename); - if ( profile == false && Popup::YesNoHeadline( _("Profile for ") + selectfilename + _(" already exists."), _("Would you like to open this profile in editing mode?") ) ) { - return true; - } - Settings["NEW_PROFILE"] = selectfilename; - return true; - } -} - - - -// -// Setup and run the Wizard -// -define any MainSequence() ``{ - - map profiles = nil; - map aliases = $[ - "showprofile" : ``(DisplayProfileForm(Settings["CURRENT_PROFILE"]:"", false)), - "showHat" : ``(DisplayProfileForm(Settings["CURRENT_HAT"]:"", true)) - ]; - - map sequence = $[ - "ws_start" : "showprofile", - "showprofile" : $[ - `abort : `abort, - `next : `finish, - `showhat : "showHat", - `finish : `finish, - ], - "showHat" : $[ - `abort : `abort, - `next : "showprofile", - `finish : `next, - ] - ]; - - boolean created_new_profile = CreateNewProfile(); - if ( created_new_profile == false ) { - remove( Settings, "NEW_PROFILE"); - remove( Settings, "CURRENT_PROFILE"); - return (any) `abort; - } - map new_profile = (map) SCR::Read (.subdomain_profiles, Settings["CURRENT_PROFILE"]:"" ); - Settings["PROFILE_MAP"] = new_profile; - Wizard::CreateDialog(); - Wizard::SetTitleIcon("apparmor_add_profile"); - any ret = Sequencer::Run(aliases, sequence); - Wizard::CloseDialog(); - if ( ret == `abort ) { - string profile_name = Settings["NEW_PROFILE"]:""; - any result = SCR::Write(.subdomain_profiles.delete, profile_name); - } - Settings = remove( Settings, "NEW_PROFILE"); - Settings = remove( Settings, "CURRENT_PROFILE"); - return ret; -} - - - -// -// YEAH BABY RUN BABY RUN -// - -any ret = nil; - -// no command line support #269891 -if (size(WFM::Args()) > 0 ) -{ - import "CommandLine"; - CommandLine::Init($[], WFM::Args()); - return ret; -} - -if (!installAppArmorPackages()) { - return ret; -} -if (!checkProfileSyntax()) { - return ret; -} -ret = MainSequence(); -return ret; -} - --- a/src/clients/SD_DeleteProfile.ycp +++ /dev/null @@ -1,91 +0,0 @@ -/* ------------------------------------------------------------------ -* -* Copyright (C) 2002-2006 Novell/SUSE -* -* This program is free software; you can redistribute it and/or -* modify it under the terms of version 2 of the GNU General Public -* License published by the Free Software Foundation. -* - ------------------------------------------------------------------*/ -{ -import "Wizard"; -import "Label"; -import "Popup"; -import "Sequencer"; -include "subdomain/apparmor_packages.ycp"; -include "subdomain/apparmor_profile_check.ycp"; -include "subdomain/profile_dialogs.ycp"; -textdomain "yast2-apparmor"; - -// Globalz - -define any DeleteProfileConfirmation() { - string profilename = Settings["CURRENT_PROFILE"]:""; - if (Popup::YesNoHeadline( _("Delete profile confirmation"), - _("Are you sure you want to delete the profile ") + profilename + - _(" ?\nAfter this operation the AppArmor module will reload the profile set.") ) ) { - y2milestone("Deleted " + profilename ); - boolean result = SCR::Write(.subdomain_profiles.delete, profilename); - any result2 = SCR::Write(.subdomain_profiles.reload, "-"); - } - return `finish; -} - -define any MainSequence() ``{ - -// -// Read the profiles from the SCR agent - map profiles = (map) SCR::Read (.subdomain_profiles, "all"); - - map aliases = $[ - "chooseprofile" : ``(SelectProfileForm(profiles, _("Please make a - selection from the listed profiles and press Next to delete the profile."), - _("Delete Profile - Choose profile to delete"), "subdomain/delete_profile")), - "deleteprofile" : ``(DeleteProfileConfirmation()), - ]; - - map sequence = $[ - "ws_start" : "chooseprofile", - "chooseprofile" : $[ - `abort : `abort, - `next : "deleteprofile", - `finish : `next, - ], - ]; - - Wizard::CreateDialog(); - Wizard::SetTitleIcon("apparmor_delete_profile"); - any ret = Sequencer::Run(aliases, sequence); - Wizard::CloseDialog(); - Settings = remove( Settings, "CURRENT_PROFILE"); - Settings = remove( Settings, "PROFILE_MAP"); - return ret; -} - - - -// -// YEAH BABY RUN BABY RUN -// -any ret = nil; - -// no command line support #269891 -if (size(WFM::Args()) > 0 ) -{ - import "CommandLine"; - CommandLine::Init($[], WFM::Args()); - return ret; -} - -if (!installAppArmorPackages()) { - return ret; -} - -if (!checkProfileSyntax()) { - return true; -} - -ret = MainSequence(); -return ret; -} - --- a/src/clients/SD_EditProfile.ycp +++ /dev/null @@ -1,93 +0,0 @@ -/* ------------------------------------------------------------------ -* -* Copyright (C) 2002-2006 Novell/SUSE -* -* This program is free software; you can redistribute it and/or -* modify it under the terms of version 2 of the GNU General Public -* License published by the Free Software Foundation. -* - ------------------------------------------------------------------*/ -{ -import "Wizard"; -import "Popup"; -import "Label"; -import "Sequencer"; -include "subdomain/apparmor_packages.ycp"; -include "subdomain/apparmor_profile_check.ycp"; -include "subdomain/profile_dialogs.ycp"; -textdomain "yast2-apparmor"; - -// Globalz - - - -define any MainSequence() ``{ - -// -// Read the profiles from the SCR agent - map profiles = (map) SCR::Read (.subdomain_profiles, "all"); - - map aliases = $[ - "showProfile" : ``(DisplayProfileForm(Settings["CURRENT_PROFILE"]:"", false)), - "showHat" : ``(DisplayProfileForm(Settings["CURRENT_HAT"]:"", true)), - "chooseProfile" : ``(SelectProfileForm(profiles, _("Please make a selection from the listed profiles and press Next to edit the profile."), _("Edit Profile - Choose profile to edit"), "apparmor_edit_profile" )), - - ]; - - map sequence = $[ - "ws_start" : "chooseProfile", - "chooseProfile" : $[ - `abort : `abort, - `next : "showProfile", - `finish : `next, - ], - "showProfile" : $[ - `abort : `abort, - `next : `ws_finish, - `showhat : "showHat", - `finish : `next, - ], - "showHat" : $[ - `abort : `abort, - `next : "showProfile", - `finish : `next, - ], - ]; - - Wizard::CreateDialog(); - Wizard::SetTitleIcon("apparmor_edit_profile"); - any ret = Sequencer::Run(aliases, sequence); - Wizard::CloseDialog(); - Settings = remove( Settings, "CURRENT_PROFILE"); - Settings = remove( Settings, "PROFILE_MAP"); - return ret; -} - - - -// -// YEAH BABY RUN BABY RUN -// -any ret = nil; - -// no command line support #269891 -if (size(WFM::Args()) > 0 ) -{ - import "CommandLine"; - CommandLine::Init($[], WFM::Args()); - return ret; -} - -if (!installAppArmorPackages()) { - return ret; -} - -if (!checkProfileSyntax()) { - return ret; -} - - -ret = MainSequence(); -return ret; -} - --- a/src/clients/SD_Report.ycp +++ /dev/null @@ -1,108 +0,0 @@ -/* ------------------------------------------------------------------ -* -* Copyright (C) 2002-2006 Novell/SUSE -* -* This program is free software; you can redistribute it and/or -* modify it under the terms of version 2 of the GNU General Public -* License published by the Free Software Foundation. -* - ------------------------------------------------------------------*/ -{ - -import "Wizard"; -import "Popup"; -import "Label"; -import "Sequencer"; -include "subdomain/apparmor_packages.ycp"; -include "subdomain/apparmor_profile_check.ycp"; -include "subdomain/reporting_dialogues.ycp"; -include "subdomain/report_helptext.ycp"; -textdomain "yast2-apparmor"; - -// Globalz - -define any mainSequence() ``{ - -// Read the profiles from the SCR agent - map aliases = $[ - "mainreport" : ``(mainReportForm()), - "configreport" : ``(reportConfigForm()), - "reportview" : ``(mainArchivedReportForm()), - "schedReport" : ``(displaySchedForm()), - "viewreport" : ``(displayArchForm()), - "runReport" : ``(displayRunForm()) - ]; - - map sequence = $[ - "ws_start" : "schedReport", - "mainreport" : $[ - `back : `back, - `abort : `abort, - `next : `finish, - `schedrep: "schedReport", - `finish : `ws_finish - ], - "schedReport": $[ - `back : `ws_start, - `abort : `abort, - `viewrep : "viewreport", - `runrep : "runReport", - `next : "runReport", - `finish : `ws_finish - ], - "viewreport" : $[ - `back : "mainreport", - `abort : `abort, - `next : "mainreport", - `finish : `ws_finish - ], - "runReport": $[ - `back : `back, - `abort : `abort, - `next : `finish, - `finish : `ws_finish - ], - "configreport" : $[ - `back : `back, - `abort : `abort, - `next : "reportview", - `finish : `ws_finish - ], - "reportview" : $[ - `back : `back, - `abort : `abort, - `next : `finish, - `finish : `ws_finish - ], - ]; - - Wizard::CreateDialog(); - Wizard::SetTitleIcon("apparmor_view_profile"); - any ret = Sequencer::Run(aliases, sequence); - Wizard::CloseDialog(); - return ret; -} - -any ret = nil; - -// no command line support #269891 -if (size(WFM::Args()) > 0 ) -{ - import "CommandLine"; - CommandLine::Init($[], WFM::Args()); - return ret; -} - -if (!installAppArmorPackages()) { - return ret; -} - -checkProfileSyntax(); - -ret = mainSequence(); -return ret; - - -} - - --- /dev/null +++ b/src/clients/apparmor_no_impl.ycp @@ -0,0 +1,20 @@ +/* ------------------------------------------------------------------ +* +* Copyright (C) 2002-2005 Novell/SUSE +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of version 2 of the GNU General Public +* License published by the Free Software Foundation. +* + ------------------------------------------------------------------*/ +{ +import "Popup"; +import "Wizard"; + +//include "subdomain/prof-config.ycp"; + +/* BEGIN - This is just temporary filler */ + Popup::Message("This function is not implemented at this time"); + symbol button = (`ok); + return button; +} --- /dev/null +++ a/src/clients/apparmor-settings.ycp @@ -0,0 +1,72 @@ +/* ------------------------------------------------------------------ +* +* Copyright (C) 2002-2006 Novell/SUSE +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of version 2 of the GNU General Public +* License published by the Free Software Foundation. +* + ------------------------------------------------------------------*/ + +{ + +textdomain "yast2-apparmor"; + +/* The main () */ +y2milestone("----------------------------------------"); +y2milestone("Subdomain module started"); + +import "Label"; +import "Popup"; +import "Wizard"; + +include "subdomain/apparmor_packages.ycp"; +include "subdomain/sd-config.ycp"; + +// no command line support #269891 +if (size(WFM::Args()) > 0 ) +{ + import "CommandLine"; + CommandLine::Init($[], WFM::Args()); + return; +} + +if (!installAppArmorPackages()) { + return; +} + +list config_steps = +[ + $[ "id": "subdomain", "label": _("Enable AppArmor Functions") ], +]; + +list steps = flatten( [ config_steps ] ); + +define symbol displayPage( integer no ) ``{ + + string current_id = lookup( steps[ no ]:nil, "id", ""); + symbol button = nil; + + UI::WizardCommand(`SetCurrentStep( current_id ) ); + + if ( current_id == "subdomain") { + //button = displaySubdomainConfig(); + button = displayAppArmorConfig(); + } + + + + return button; + +} + +integer current_step = 0; +symbol button = displayPage( current_step ); + +/* Finish */ +y2milestone("AppArmor module finished"); +y2milestone("----------------------------------------"); + +/* EOF */ +} + --- a/src/clients/subdomain.ycp +++ /dev/null @@ -1,72 +0,0 @@ -/* ------------------------------------------------------------------ -* -* Copyright (C) 2002-2006 Novell/SUSE -* -* This program is free software; you can redistribute it and/or -* modify it under the terms of version 2 of the GNU General Public -* License published by the Free Software Foundation. -* - ------------------------------------------------------------------*/ - -{ - -textdomain "yast2-apparmor"; - -/* The main () */ -y2milestone("----------------------------------------"); -y2milestone("Subdomain module started"); - -import "Label"; -import "Popup"; -import "Wizard"; - -include "subdomain/apparmor_packages.ycp"; -include "subdomain/sd-config.ycp"; - -// no command line support #269891 -if (size(WFM::Args()) > 0 ) -{ - import "CommandLine"; - CommandLine::Init($[], WFM::Args()); - return; -} - -if (!installAppArmorPackages()) { - return; -} - -list config_steps = -[ - $[ "id": "subdomain", "label": _("Enable AppArmor Functions") ], -]; - -list steps = flatten( [ config_steps ] ); - -define symbol displayPage( integer no ) ``{ - - string current_id = lookup( steps[ no ]:nil, "id", ""); - symbol button = nil; - - UI::WizardCommand(`SetCurrentStep( current_id ) ); - - if ( current_id == "subdomain") { - //button = displaySubdomainConfig(); - button = displayAppArmorConfig(); - } - - - - return button; - -} - -integer current_step = 0; -symbol button = displayPage( current_step ); - -/* Finish */ -y2milestone("AppArmor module finished"); -y2milestone("----------------------------------------"); - -/* EOF */ -} - --- a/src/clients/subdomain_no_impl.ycp +++ /dev/null @@ -1,20 +0,0 @@ -/* ------------------------------------------------------------------ -* -* Copyright (C) 2002-2005 Novell/SUSE -* -* This program is free software; you can redistribute it and/or -* modify it under the terms of version 2 of the GNU General Public -* License published by the Free Software Foundation. -* - ------------------------------------------------------------------*/ -{ -import "Popup"; -import "Wizard"; - -//include "subdomain/prof-config.ycp"; - -/* BEGIN - This is just temporary filler */ - Popup::Message("This function is not implemented at this time"); - symbol button = (`ok); - return button; -} --- /dev/null +++ b/src/include/apparmor/Makefile.am @@ -0,0 +1,19 @@ +yncludedir = @yncludedir@/subdomain + +ynclude_DATA = \ + apparmor_packages.ycp \ + apparmor_profile_check.ycp \ + apparmor_ycp_utils.ycp \ + capabilities.ycp \ + config_complain.ycp \ + helps.ycp \ + profile_dialogs.ycp \ + report_helptext.ycp \ + reporting_archived_dialogs.ycp \ + reporting_dialogues.ycp \ + reporting_utils.ycp \ + sd-config.ycp + +EXTRA_DIST = \ + $(ynclude_DATA) + --- /dev/null +++ b/src/include/apparmor/aa-config.ycp @@ -0,0 +1,415 @@ +/* ------------------------------------------------------------------ +* +* Copyright (C) 2002-2005 Novell/SUSE +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of version 2 of the GNU General Public +* License published by the Free Software Foundation. +* + ------------------------------------------------------------------*/ +{ +include "subdomain/config_complain.ycp"; +include "subdomain/helps.ycp"; +include "subdomain/apparmor_ycp_utils.ycp"; +textdomain "yast2-apparmor"; + +import "Label"; + +define boolean changeAppArmorState(boolean aaEnabled) { + + any error = nil; + string sdAction = ""; + + if (aaEnabled == true) { + sdAction = "subdomain:enable"; + } else { + sdAction = "subdomain:disable"; + } + + error = SCR::Execute(.sdconf, sdAction); + + if ( error != nil && is(error, string) ) { + + string errorMsg = (string) error; + string popError = _("This operation generated the following error. Please check your installation and AppArmor profile settings."); + Popup::Message( popError+ "\n[" + errorMsg + "]"); + aaEnabled = ! aaEnabled; + + } + + return aaEnabled; +} + +define void displayNotifyForm() { + + map settings = (map) SCR::Execute(.subdomain, "sd-notify-settings"); + + map terse = settings["terse"]:$[]; + map summary = settings["summary"]:$[]; + map verbose = settings["verbose"]:$[]; + + any t_freq = terse["terse_freq"]:0; + any s_freq = summary["summary_freq"]:0; + any v_freq = verbose["verbose_freq"]:0; + + boolean t_unknown = true; + any a_t_poop = (any) terse["terse_unknown"]:"1"; + string t_poop = tostring(a_t_poop); + if(t_poop == "0") { + t_unknown = false; + } + + boolean s_unknown = true; + any a_s_poop = terse["summary_unknown"]:"1"; + string s_poop = tostring(a_s_poop); + if(s_poop == "0") { + s_unknown = false; + } + + boolean v_unknown = true; + any a_v_poop = verbose["verbose_unknown"]:"1"; + string v_poop = tostring(a_v_poop); + if(v_poop == "0") { + v_unknown = false; + } + + list terse_items = [ + `item(`id(0), _("Disabled"), t_freq==0?true:false), + `item(`id(60), _("1 minute"), t_freq==60?true:false), + `item(`id(300), _("5 minutes"), t_freq==300?true:false), + `item(`id(600), _("10 minutes"), t_freq==600?true:false), + `item(`id(900), _("15 minutes"), t_freq==900?true:false), + `item(`id(1800), _("30 minutes"), t_freq==1800?true:false), + `item(`id(3600), _("1 hour"), t_freq==3600?true:false), + `item(`id(86400), _("1 day"), t_freq==86400?true:false), + `item(`id(604800), _("1 week"), t_freq==604800?true:false) + ]; + + list summary_items = [ + `item(`id(0), _("Disabled"), s_freq==0?true:false), + `item(`id(60), _("1 minute"), s_freq==60?true:false), + `item(`id(300), _("5 minutes"), s_freq==300?true:false), + `item(`id(600), _("10 minutes"), s_freq==600?true:false), + `item(`id(900), _("15 minutes"), s_freq==900?true:false), + `item(`id(1800), _("30 minutes"), s_freq==1800?true:false), + `item(`id(3600), _("1 hour"), s_freq==3600?true:false), + `item(`id(86400), _("1 day"), s_freq==86400?true:false), + `item(`id(604800), _("1 week"), s_freq==604800?true:false) + ]; + + list verbose_items = [ + `item(`id(0), _("Disabled"), v_freq==0?true:false), + `item(`id(60), _("1 minute"), v_freq==60?true:false), + `item(`id(300), _("5 minutes"), v_freq==300?true:false), + `item(`id(600), _("10 minutes"), v_freq==600?true:false), + `item(`id(900), _("15 minutes"), v_freq==900?true:false), + `item(`id(1800), _("30 minutes"), v_freq==1800?true:false), + `item(`id(3600), _("1 hour"), v_freq==3600?true:false), + `item(`id(86400), _("1 day"), v_freq==86400?true:false), + `item(`id(604800), _("1 week"), v_freq==604800?true:false) + ]; + + + term event_config = `HVCenter(`VBox(`opt(`vstretch), + `Frame( _("Security Event Notification"), + `HBox(`HSpacing(1), + `VBox(`opt(`vstretch), + `VSpacing(1), + `Frame( _("Terse Notification"), + `VBox(`opt(`vstretch), + `HBox( + `ComboBox(`id(`terse_freq), _("Frequency"), terse_items), + `TextEntry(`id(`terse_email), _("Email Address"), terse["terse_email"]:""), + `IntField(`id(`terse_level), _("Severity"), 0,10, terse["terse_level"]:0) + ), + `HBox( + `CheckBox( `id(`terse_unknown), _("Include Unknown Severity Events"), t_unknown) + ) + ) + ), + `VSpacing(1), + `Frame( _("Summary Notification"), + `VBox(`opt(`vstretch), + `HBox( + `ComboBox(`id(`summary_freq), _("Frequency"), summary_items), + `TextEntry(`id(`summary_email), _("Email Address"), summary["summary_email"]:""), + `IntField(`id(`summary_level), _("Severity"), 0,10, summary["summary_level"]:0) + ), + `HBox( + `CheckBox( `id(`summary_unknown), _("Include Unknown Severity Events"), s_unknown) + ) + ) + ), + `VSpacing(1), + `Frame( _("Verbose Notification"), + `VBox(`opt(`vstretch), + `HBox( + `ComboBox(`id(`verbose_freq), _("Frequency"), verbose_items), + `TextEntry(`id(`verbose_email), _("Email Address"), verbose["verbose_email"]:""), + `IntField(`id(`verbose_level), _("Severity"), 0,10, verbose["verbose_level"]:0) + ), + `HBox( + `CheckBox( `id(`verbose_unknown), _("Include Unknown Severity Events"), v_unknown) + ) + ) + ), + `VSpacing(1) + ), + `HSpacing(1) + ) + ) + ) + ); + + Wizard::CreateDialog(); + Wizard::SetContentsButtons(_("Security Event Notification"), event_config, helps["EventNotifyHelpText"]:"", Label::BackButton(), Label::OKButton()); + Wizard::DisableBackButton(); + + any ntInput = nil; + string notifyLabelValue = ""; + + while( true ) { + ntInput = UI::UserInput(); + + if (ntInput == `next) { + + map answers = $[ ]; + map set_notify = $[ ]; + map summary = $[ ]; + map verbose = $[ ]; + map terse = $[ ]; + + t_freq = UI::QueryWidget(`id(`terse_freq), `Value); + s_freq = UI::QueryWidget(`id(`summary_freq), `Value); + v_freq = UI::QueryWidget(`id(`verbose_freq), `Value); + + set_notify["sd-set-notify"] = "yes"; + terse["terse_freq"] = tostring(t_freq); + summary["summary_freq"] = tostring(s_freq); + verbose["verbose_freq"] = tostring(v_freq); + + if (t_freq != 0) { + + string t_email = (string) UI::QueryWidget(`id(`terse_email), `Value); + + if ( t_email == nil || t_email == "" ) { + Popup::Error( _("An email address is required for each selected notification method.") ); + continue; + } else if ( ! checkEmailAddress( t_email ) ) { + continue; + } + + terse["enable_terse"] = "yes"; + terse["terse_email"] = (string) UI::QueryWidget(`id(`terse_email), `Value); + terse["terse_level"] = (string) tostring(UI::QueryWidget(`id(`terse_level), `Value)); + + boolean t_unknown = (boolean) UI::QueryWidget(`id(`terse_unknown), `Value); + + if (t_unknown == true) { + terse["terse_unknown"] = "1"; + } else { + terse["terse_unknown"] = "0"; + } + + } else { + terse["enable_terse"] = "no"; + } + + if (s_freq != 0) { + + string s_email = (string) UI::QueryWidget(`id(`summary_email), `Value); + if ( s_email == nil || s_email == "" ) { + Popup::Error( _("An email address is required for each selected notification method.") ); + continue; + } else if ( ! checkEmailAddress(s_email) ) { + continue; + } + + summary["enable_summary"] = "yes"; + summary["summary_email"] = (string) UI::QueryWidget(`id(`summary_email), `Value); + summary["summary_level"] = (string) tostring(UI::QueryWidget(`id(`summary_level), `Value)); + + boolean s_unknown = (boolean) UI::QueryWidget(`id(`summary_unknown), `Value); + + if (s_unknown == true) { + summary["summary_unknown"] = "1"; + } else { + summary["summary_unknown"] = "0"; + } + + } else { + summary["enable_summary"] = "no"; + } + + if (v_freq != 0) { + string v_email = (string) UI::QueryWidget(`id(`verbose_email), `Value); + if ( v_email == nil || v_email == "" ) { + Popup::Error( _("An email address is required for each selected notification method.") ); + continue; + } else if (! checkEmailAddress(v_email) ) { + continue; + } + + verbose["enable_verbose"] = "yes"; + verbose["verbose_email"] = (string) UI::QueryWidget(`id(`verbose_email), `Value); + verbose["verbose_level"] = (string) tostring(UI::QueryWidget(`id(`verbose_level), `Value)); + + boolean v_unknown = (boolean) UI::QueryWidget(`id(`verbose_unknown), `Value); + + if (v_unknown == true) { + verbose["verbose_unknown"] = "1"; + } else { + verbose["verbose_unknown"] = "0"; + } + } else { + verbose["enable_verbose"] = "no"; + } + + answers["set_notify"] = set_notify; + answers["terse"] = terse; + answers["summary"] = summary; + answers["verbose"] = verbose; + + string result = (string) SCR::Execute(.sdconf, answers); + + if (result != "success") { + Popup::Error( _("Configuration failed for the following operations: ") + result); + } + + if ( t_freq != 0 || s_freq != 0 || v_freq != 0 ) { + notifyLabelValue = _("Notification is enabled"); + } else { + notifyLabelValue = _("Notification is disabled"); + } + } + + Wizard::CloseDialog(); + if ( (ntInput == `ok) || (ntInput == `next) ) { + UI::ChangeWidget( `id(`notifyLabel), `Value, notifyLabelValue ); + } + break; + } + +} + +define symbol displayAppArmorConfig () { + + // AppArmor Status + boolean aaEnabled = false; + boolean ntIsEnabled = false; + string subdomain = (string) SCR::Execute(.subdomain, "sd-status"); + string sdEnStr = _("AppArmor is disabled"); + + if (subdomain == "enabled") { + aaEnabled = true; + sdEnStr = _("AppArmor is enabled"); + } + + // Notification Status + string evnotify = (string) SCR::Execute(.subdomain, "sd-notify"); + string evEnStr = _("Notification is disabled"); + if (evnotify == "enabled") { + ntIsEnabled = true; + evEnStr = _("Notification is enabled"); + } else if (evnotify == "notinstalled") { + evnotify = "disabled"; + } + + /* Network dialog caption */ + string caption = _("AppArmor Configuration"); + string help = _("

AppArmor Status
This reports whether the AppArmor policy enforcement +module is loaded and functioning.

") + + +_("

Security Event Notification
Configure this tool if you want +to be notified by email when access violations have occurred.

") + + +_("

Profile Modes
Use this tool to change the way that AppArmor +uses individual profiles.

"); + + term contents = + `HVCenter( + `VBox( + `VSpacing(1), `HSpacing(2), + `HBox ( + `HSpacing( `opt(`hstretch), 2 ), + `VBox( + `Left(`CheckBox( `id(`aaState), `opt(`notify), _("&Enable AppArmor"), aaEnabled)), + `VSpacing(1), + + `Frame( `id(`aaEnableFrame), _("Configure AppArmor"), + `HBox ( + `HSpacing( `opt(`hstretch), 4 ), + `VBox( + `VSpacing(1), + `Frame ( _("Security Event Notification"), + `HBox( + `VSpacing(1), `HSpacing(1), + `HVCenter( `Label( `id(`notifyLabel), evEnStr )), + `PushButton( `id(`ntconf), _("C&onfigure")), + `VSpacing(1), `HSpacing(1) + ) + ), + `VSpacing(1), `HSpacing(20), + + `Frame ( _("Configure Profile Modes"), + `HBox( + `VSpacing(1), `HSpacing(1), + `Left(`HVCenter( `Label( `id(`modesLabel), " " + _("Set profile modes") ))), + `PushButton( `id(`modeconf), _("Co&nfigure") ), + `VSpacing(1), `HSpacing(1) + ) + ), + `VSpacing(1) + ), + `HSpacing( `opt(`hstretch), 4 ) + ))), + `HSpacing( `opt(`hstretch), 2 ) + )) + ); + + // May want to replace Wizard() with UI() + Wizard::CreateDialog(); + Wizard::SetTitleIcon("apparmor/control_panel"); + Wizard::SetContentsButtons(caption, contents, help, Label::BackButton(), _("&Done")); + Wizard::DisableBackButton(); + + UI::ChangeWidget(`id(`aaEnableFrame), `Enabled, aaEnabled); + + while( true ) { + + symbol ret = (symbol) UI::UserInput(); + + if ( ret == `abort || ret == `cancel || ret == `next) { + break; + } else if (ret == `aaState ) { + + // Set AppArmor state: enabled|disabled + boolean requestedAaState = (boolean) UI::QueryWidget(`id(`aaState), `Value); + + aaEnabled = changeAppArmorState(requestedAaState); + + // These will match if the update was successful + if ( aaEnabled == requestedAaState ) { + UI::ChangeWidget(`id(`aaEnableFrame), `Enabled, aaEnabled); + } + + } else if (ret == `ntconf ) { + displayNotifyForm(); + + } else if (ret == `modeconf ) { + + profileModeConfigForm(); + + //displayAppArmorConfig(); + + } else { + y2error("Unexpected return code: " + tostring(ret)); + } + } + + UI::CloseDialog(); + return nil; +} + +/* EOF */ +} --- /dev/null +++ b/src/include/apparmor/apparmor_packages.ycp @@ -0,0 +1,30 @@ +/* + Copyright (C) 2006 Novell Inc. All Rights Reserved. + + This program is free software; you can redistribute it and/or + modify it under the terms of version 2 of the GNU General Public + License published by the Free Software Foundation. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, contact Novell, Inc. + + Written by Steve Beattie + */ + + /* This should probably be more intelligent and query the user once + * whether they want optional packages like apparmor-docs, libapparmor, + * apache2-mod-apparmor and * (eventually) pam-apparmor installed. */ + +import "PackageSystem"; + +list __needed_packages = + ["apparmor-parser", "apparmor-utils", "apparmor-profiles"]; + +define boolean installAppArmorPackages () { + return PackageSystem::CheckAndInstallPackagesInteractive (__needed_packages); +} --- /dev/null +++ b/src/include/apparmor/apparmor_profile_check.ycp @@ -0,0 +1,52 @@ +/* + Copyright (C) 2006 Novell Inc. All Rights Reserved. + + This program is free software; you can redistribute it and/or + modify it under the terms of version 2 of the GNU General Public + License published by the Free Software Foundation. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, contact Novell, Inc. + + */ + + +import "Popup"; +textdomain "yast2-apparmor"; + +define boolean checkProfileSyntax () { + map args = $[]; + string errmsg = "
    "; + boolean syntax_ok = true; + + args["profile-syntax-check"] = "1"; + list errors = (list ) SCR::Execute (.subdomain, "profile-syntax-check" ); + foreach ( string error, errors, ``{ + syntax_ok = false; + errmsg = errmsg + "
  • " + error + "
    • "; + }); + errmsg = errmsg + "
"; + if ( syntax_ok == false ) { + string headline = _("Errors found in AppArmor profiles"); + errmsg = _("

These problems must be corrected before AppArmor can be \ +started or the profile management tools can be used.

") + + "

" + errmsg + "

" + + _("

You can find a description of AppArmor profile syntax by \ +running ") + + "man apparmor.d

" + + _("

Comprehensive documentation about AppArmor is available in \ +the Administration guide. This is available in the \ +directory: ") + + "

" + + "/usr/share/doc/manual/suselinux-manual_LANGUAGE. " + + _("

Please refer to this for more detailed information about \ +AppArmor

"); + Popup::LongText( headline, `RichText(errmsg), 55, 15); + } + return( syntax_ok ); +} --- /dev/null +++ b/src/include/apparmor/apparmor_ycp_utils.ycp @@ -0,0 +1,679 @@ + +/* + Copyright (C) 2007 Novell Inc. All Rights Reserved. + + This program is free software; you can redistribute it and/or + modify it under the terms of version 2 of the GNU General Public + License published by the Free Software Foundation. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, contact Novell, Inc. + + */ + + +import "Label"; +import "Popup"; +import "AppArmorDialogs"; +textdomain "yast2-apparmor"; + + map CMDS = $[ ]; + CMDS["CMD_ALLOW"] = _("&Allow"); + CMDS["CMD_DENY"] = _("&Deny"); + CMDS["CMD_ABORT"] = _("Abo&rt"); + CMDS["CMD_FINISHED"] = Label::FinishButton(); + CMDS["CMD_AUDIT_NEW"] = _("Audi&t"); + CMDS["CMD_AUDIT_OFF"] = _("Audi&t off"); + CMDS["CMD_AUDIT_FULL"] = _("Audit &All"); + CMDS["CMD_OTHER"] = _("&Opts"); + CMDS["CMD_USER_ON"] = _("&Owner permissions on"); + CMDS["CMD_USER_OFF"] = _("&Owner permissions off"); + CMDS["CMD_ix"] = _("&Inherit"); + CMDS["CMD_px"] = _("&Profile"); + CMDS["CMD_px_safe"] = _("&Profile Clean Exec"); + CMDS["CMD_cx"] = _("&Child"); + CMDS["CMD_cx_safe"] = _("&Child Clean Exec"); + CMDS["CMD_nx"] = _("&Name"); + CMDS["CMD_nx_safe"] = _("&Named Clean Exec"); + CMDS["CMD_ux"] = _("&Unconfined"); + CMDS["CMD_ux_safe"] = _("&Unconfined Clean Exec"); + CMDS["CMD_pix"] = _("&Profile ix"); + CMDS["CMD_pix_safe"] = _("&Profile ix Clean Exec"); + CMDS["CMD_cix"] = _("&Child ix"); + CMDS["CMD_cix_safe"] = _("&Child ix Cx Clean Exec"); + CMDS["CMD_nix"] = _("&Name ix"); + CMDS["CMD_nix_safe"] = _("&Name ix"); + CMDS["CMD_EXEC_IX_ON"] = _("i&x fallback on"); + CMDS["CMD_EXEC_IX_OFF"] = _("i&x fallback off"); + CMDS["CMD_CONTINUE"] = _("&Continue Profiling"); + CMDS["CMD_INHERIT"] = _("&Inherit"); + CMDS["CMD_PROFILE"] = _("&Profile"); + CMDS["CMD_UNCONFINED"] = _("&Unconfined"); + CMDS["CMD_NEW"] = _("&Edit"); + CMDS["CMD_GLOB"] = _("&Glob"); + CMDS["CMD_GLOBEXT"] = _("Glob w/E&xt"); + CMDS["CMD_ADDHAT"] = _("&Add Requested Hat"); + CMDS["CMD_USEDEFAULT"] = _("&Use Default Hat"); + CMDS["CMD_SCAN"] = _("&Scan system log for AppArmor events"); + CMDS["CMD_VIEW_PROFILE"] = _("&View Profile"); + CMDS["CMD_USE_PROFILE"] = _("&Use Profile"); + CMDS["CMD_CREATE_PROFILE"] = _("&Create New Profile"); + CMDS["CMD_UPDATE_PROFILE"] = _("&Update Profile"); + CMDS["CMD_IGNORE_UPDATE"] = _("&Ignore Update"); + CMDS["CMD_SAVE_CHANGES"] = _("&Save Changes"); + CMDS["CMD_UPLOAD_CHANGES"] = _("&Upload Changes"); + CMDS["CMD_VIEW_CHANGES"] = _("&View Changes"); + CMDS["CMD_ENABLE_REPO"] = _("&Enable Repository"); + CMDS["CMD_DISABLE_REPO"] = _("&Disable Repository"); + CMDS["CMD_ASK_NEVER"] = _("&Never Ask Again"); + CMDS["CMD_ASK_LATER"] = _("Ask Me &Later"); + CMDS["CMD_YES"] = Label::YesButton(); + CMDS["CMD_NO"] = Label::NoButton(); + + +define boolean validEmailAddress ( string emailAddr, boolean allowlocal ) { + + integer emailAddrLength = size(emailAddr); + boolean isSafe = false; + + if ( allowlocal && regexpmatch( emailAddr, "^\/var\/mail\/\\w+$" )) { + isSafe = true; + } else if ((regexpmatch( emailAddr, "\\w+(-\\w+?)@\\w+" ) || + regexpmatch( emailAddr, "/^(\\w+\.?)+\\w+\@(\\w+\.?)+\\w+$" ) || + regexpmatch( emailAddr, "\\w+@\\w+" ) || + !regexpmatch( emailAddr, "..+" )) && + emailAddrLength < 129 ) { + isSafe = true; + } + return isSafe; +} + +define boolean checkEmailAddress( string emailAddr ) { + + if ( ! validEmailAddress( emailAddr, false ) ) { + string err_email_format = _("Email address format invalid.\nEmail address must be less than 129 characters \n and of the format \"name@domain\". \n Please enter another address."); + Popup::Error( err_email_format ); + return false; + } + return true; +} + + +/** UI_RepositorySignInDialog + * Dialog to allow users to signin or register with an external AppArmor + * profile repository + * + * @param agent_data - data from the backend + * [ repo_url - string ] + * @return answers - map that contains: + * [ newuser => 1|0 - registering a new user? ] + * [ user => username ] + * [ pass => password ] + * [ email => email address - if newuser = 1 ] + * [ save_config => true/false - save this information on ] + * [ the system ] + * + **/ +define map UI_RepositorySignInDialog( map agent_data ) { + string repo_url = (string) agent_data["repo_url"]:"MISSING_REPO_URL"; + term dialog = + `VBox( + `VSpacing(1), + `Top(`Label(_("AppArmor Profile Repository Setup") + "\n" + repo_url)), + `VBox( + `ReplacePoint(`id(`replace), `Empty()) + ), + `VSpacing(1) + ); + + term signin_box = + `VBox( + `HBox( + `HSpacing(1), + `Frame(`id(`signin_frame), _("Sign in to the repository"), + `HBox( + `HSpacing(0.5), + `VBox( + `TextEntry(`id(`username), _("Username")), + `Password(`id(`password), Label::Password()), + `VSpacing(1), + `HBox( + `CheckBox(`id(`save_conf), `opt(`notify), + _("S&ave configuration")), + `HSpacing( 0.5), + `Left(`PushButton(`id(`signin_submit), + _("&Sign in"))), + `Right(`PushButton(`id(`signin_cancel), + Label::CancelButton())), + `HSpacing( 0.5) + ) + ), + `HSpacing(0.5) + ) + ), + `HSpacing(1) + ), + `VSpacing(1), + `PushButton(`id(`newuser), _("&Register new user...")) + ); + + term registration_box = + `VBox( + `HBox( + `HSpacing(1), + `Frame(`id(`register_frame), _("Register New User"), + `HBox( + `HSpacing(0.5), + `VBox( + `TextEntry(`id(`register_username), + _("Enter Username")), + `TextEntry(`id(`register_email), + _("Enter Email Address")), + `Password(`id(`register_password), + _("Enter Password")), + `Password(`id(`register_password2), + _("Verify Password")), + `VSpacing(1), + `HBox( + `HSpacing( 0.2), + `CheckBox(`id(`save_conf_new), `opt(`notify), + _("S&ave configuration")), + `Left(`PushButton(`id(`register_submit), + _("&Register"))), + `Right(`PushButton(`id(`register_cancel), + Label::CancelButton())), + `HSpacing( 0.2) + ) + ), + `HSpacing( 0.5) + ) + ), + `HSpacing(1) + ), + `VSpacing(1), + `PushButton(`id(`signin), _("&Sign in as existing user...")) + ); + + UI::OpenDialog(`opt(`decorated), dialog); + UI::ReplaceWidget(`replace, signin_box); + map answers = $[ ]; + any input = nil; + repeat { + input = UI::UserInput(); + if(input == `newreg) { + boolean new_registration = + (boolean) UI::QueryWidget(`id(`newreg), `Value); + if ( new_registration == true ) { + UI::ChangeWidget(`id(`register_frame), `Enabled, true); + UI::ChangeWidget(`id(`signin_frame), `Enabled, false); + } else { + UI::ChangeWidget(`id(`register_frame), `Enabled, false); + UI::ChangeWidget(`id(`signin_frame), `Enabled, true); + } + } else if(input == `newuser) { + UI::ReplaceWidget(`replace, registration_box); + UI::ChangeWidget(`id(`register_email), `InputMaxLength, 129); + } else if(input == `signin) { + UI::ReplaceWidget(`replace, signin_box); + UI::ChangeWidget(`id(`register_email), `InputMaxLength, 129); + } else if(input == `signin_cancel || input == `register_cancel) { + answers["answer"] = "cancel"; + } else if ( input == `signin_submit ) { + string username = (string) UI::QueryWidget(`id(`username), `Value); + string password = (string) UI::QueryWidget(`id(`password), `Value); + string save_config = + (boolean) UI::QueryWidget(`id(`save_conf), `Value) ? "y": "n"; + + if ( username == "" ) { + Popup::Error(_("Username is required")); + } else if ( password == "" ) { + Popup::Error(_("Password is required")); + } else { + y2milestone("APPARMOR : REPO - signon: \n\tusername [" + + username + + "]\n\tpassword [" + + password + "]"); + answers["newuser"] = "n"; + answers["user"] = username; + answers["pass"] = password; + answers["save_config"] = save_config; + input = `done; + } + } else if ( input == `register_submit ) { + string username = + (string) UI::QueryWidget( `id(`register_username), `Value); + string password = + (string) UI::QueryWidget( `id(`register_password), `Value); + string password_verify = + (string) UI::QueryWidget( `id(`register_password2), `Value); + string email = (string) UI::QueryWidget( `id(`register_email), + `Value ); + string save_config = + (boolean) UI::QueryWidget( `id(`save_conf_new), `Value ) + ? "y": "n"; + + if ( username == "" ) { + Popup::Error( _("Username required for registration." )); + } else if ( email == "" ) { + Popup::Error( _("Email address required for registration." )); + } else if ( password == "" && password_verify == "" ) { + Popup::Error( _("Password is required for registration." )); + } else if ( password != password_verify ) { + Popup::Error( _("Passwords do not match. Please re-enter." )); + } else if ( ! checkEmailAddress( email ) ) { + any dummy = nil; + } else { + y2milestone( + "APPARMOR : REPO - new registration: \n\tusername [" + + username + "]\n\tpassword [" + password + + "]\n\temail [" + email + "]\n\tsave config [" + + save_config + "]" ); + answers["newuser"] = "y"; + answers["pass"] = password; + answers["user"] = username; + answers["email"] = email; + answers["save_config"] = save_config; + input = `done; + } + } else { + y2milestone("APPARMOR : REPO - signon - no valid input[" + + tostring(input) + "]"); + } + } until ((input == `done) || + (input == `register_cancel) || + (input == `signin_cancel)); + if ( input != `done ) { + answers["cancelled"] = "y"; + } + UI::CloseDialog(); + return( answers ); +} + + +/** UI_RepositoryViewProfile + * Dialog to allow users to view a profile from the repository + * and display it in a small scrollable dialog + * + * @param agent_data - map data from the backend + * [ user => string ] + * [ profile => string contiaining profile contents ] + * [ profile_type => string INACTIVE_LOCAL|REPOSITORY ] + * + * @return void + * + **/ + +define void UI_RepositoryViewProfile( map agent_data ) { + + string user = agent_data["user"]:"MISSING USER"; + string profile = agent_data["profile"]:"MISSING PROFILE"; + string type = agent_data["profile_type"]:"MISSING PROFILE"; + + string headline = ""; + if ( type == "INACTIVE_LOCAL" ) { + headline = _("Local inactive profile"); + } else if ( type == "REPOSITORY" ) { + headline = _("Profile created by user ") + user; + } else { + headline = _("Local profile"); + } + + + Popup::LongText ( headline, `RichText(`opt(`plainText), profile), 50, 20 ); +} + + +/** UI_LongMessage + * Basic message dialog that will scroll long text + * @param agent_data - map - data from backend + * [ headline - string ] + * [ message - string ] + * + * @return void + **/ + +define void UI_LongMessage( map agent_data ) { + + any user = agent_data["user"]:nil; + string headline = agent_data["headline"]:"MISSING HEADLINE"; + string message = agent_data["message"]:"MISSING MESSAGE"; + + Popup::LongText(headline,`RichText(`opt(`plainText), message), 60, 40); + +} + + +/** UI_ShortMessage + * Basic message dialog - no scrollbars + * @param agent_data - map - data from backend + * [ headline - string ] + * [ message - string ] + * + * @return void + **/ + +define void UI_ShortMessage( map agent_data ) { + + any user = agent_data["user"]:nil; + string headline = agent_data["headline"]:"MISSING HEADLINE"; + string message = agent_data["message"]:"MISSING MESSAGE"; + + Popup::AnyMessage(headline, message); + +} + +/** UI_ChangeLog_Dialog + * Takes a list of profiles and collects one or multiple changelog entries + * and returns them + * + * @param agent_data - data from the backend + * [ profiles - list of profile names ] + * + * @return results - map + * [ STATUS - string - ok/cancel ] + * [ SINGLE_CHANGELOG - string - set with changelog if user ] + * [ selects a single changelog ] + * + * [ profile 1 name - string - changelog 1 ] + * [ profile 2 name - string - changelog 2 ] + * ... + * [ profile n name - string - changelog n ] + * + **/ +define map UI_ChangeLog_Dialog ( map agent_data ) { + map results = $[]; + string main_label = _("Enter a changelog for the changes for "); + string main_label_single = _(" the selected profiles"); + string checkbox_label = _("Individual changelogs per profile"); + list profiles = agent_data["profiles"]:[]; + + term dialog = `VBox( + `TextEntry(`id(`stringfield), main_label + "\n" + main_label_single), + `CheckBox(`id(`individual_changelogs), `opt(`notify), checkbox_label), + `VSpacing(0.5), + `HBox( + `HWeight(1, `PushButton(`id(`okay), + `opt(`default, + `key_F10), + Label::OKButton())), + `HSpacing(2), + `HWeight(1, `PushButton(`id(`cancel), `opt(`key_F9), Label::CancelButton())) + ) + ); + results["STATUS"] = "ok"; + boolean single_changelog = true; + foreach( string profile_name, profiles, { + UI::OpenDialog(dialog); + if ( !single_changelog ) { + UI::ChangeWidget(`id(`stringfield), + `Label, + main_label + "\n" + + profile_name); + UI::ChangeWidget(`id(`individual_changelogs), `Value, true); + } + UI::SetFocus(`id(`stringfield)); + any input = nil; + repeat { + input = UI::UserInput(); + if ( input == `cancel ) { + results["STATUS"] = "cancel"; + UI::CloseDialog(); + break; + } else if ( input == `okay ) { + if (((boolean) UI::QueryWidget(`id(`individual_changelogs), + `Value)) == false ) { + results["SINGLE_CHANGELOG"] = + (string) UI::QueryWidget(`id(`stringfield), `Value); + UI::CloseDialog(); + } else { + results[profile_name] = + (string) UI::QueryWidget(`id(`stringfield), `Value); + UI::CloseDialog(); + } + } else if ( input == `individual_changelogs ){ + if (((boolean) UI::QueryWidget(`id(`individual_changelogs), + `Value)) == true ) { + UI::ChangeWidget(`id(`stringfield), + `Label, + main_label + "\n" + + profile_name); + single_changelog = false; + } else { + UI::ChangeWidget(`id(`stringfield), + `Label, + main_label + "\n" + + main_label_single); + } + } + } until ( input == `okay || `input == `cancel ); + if ( single_changelog || input == `cancel ) { + break; + } + }); + return( results ); +} + +/** UI_MultiProfileSelectionDialog + * Two pane dialog with a multi-selection box on the left + * and a long text on the right. Allows a list of profiles + * or profile changes to be viewed and selected for further + * processing - for example uploading to the repository + * + * @param agent_data - map - data from backend + * [ title - string - explanation of the forms use ] + * [ get_changelog - string true/false - prompt user to ] + * [ supply changelogs ] + * [ never_ask_again - string true/false - add widget to let ] + * [ user select to never prompt again to ] + * [ upload unselected profiles to the ] + * [ repository ] + * [ default_select - string true/false - default value for ] + * [ profile selection ] + * [ profiles - map ] + * + * @return results - map + * [ STATUS - string - ok/cancel ] + * [ PROFILES - list[string] - list of selected profiles ] + * [ NEVER_ASK_AGAIN - string - true/false - mark unselected ] + * [ profiles as local only and don't prompt ] + * [ to upload ] + * [ CHANGELOG - map[string,string] - changelog data from ] + * [ UI_ChangeLog_Dialog() ] + * + **/ + +define map UI_MultiProfileSelectionDialog( map agent_data ) { + string headline = agent_data["title"]:"MISSING TITLE"; + string explanation = agent_data["explanation"]:"MISSING EXPLANATION"; + boolean default_select = agent_data["default_select"]:false; + boolean get_changelog = agent_data["get_changelog"]:true; + boolean disable_ask_upload = agent_data["disable_ask_upload"]:false; + map profiles = agent_data["profiles"]:$[]; + map results = $[]; + + list profile_list = []; + foreach ( string profile_name, string profile_contents, + (map) profiles, { + profile_list = add( profile_list, `item( `id(profile_name), + profile_name, default_select) ); + }); + + term first_profile = (term) profile_list[0]:nil; + string first_profile_name = first_profile[1]:"MISSING PROFILE NAME"; + string profile_rules = + (string) profiles[first_profile_name]:"MISSING CONTENTS"; + string disable_ask_upload_str = + _("&Don't ask again for unselected profiles"); + map ui_capabilities = UI::GetDisplayInfo(); + boolean in_ncurses = ui_capabilities["TextMode"]:true;; + term profile_contents_text = nil; + term explanation_text = nil; + + if ( in_ncurses ) { + profile_contents_text = + `RichText( `id(`contents),`opt(`plainText), profile_rules); + } else { + profile_contents_text = + `VBox( + `VSpacing(1.25), + `RichText( `id(`contents),`opt(`plainText), profile_rules) + ); + } + term control_widgets = nil; + if ( disable_ask_upload == true ) { + control_widgets = + `VBox( + `CheckBox(`id(`disable_ask_upload), `opt(`notify), + disable_ask_upload_str), + `VSpacing(0.5), + `HBox( + `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))), + `HWeight( 50, `HCenter(`PushButton(`id(`cancel), + Label::CancelButton()))) + ) + ); + } else { + if ( in_ncurses ) { + control_widgets = + `HBox( + `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))), + `HWeight( 50, `HCenter(`PushButton(`id(`cancel), + Label::CancelButton()))) + ); + } else { + control_widgets = + `VBox( + `VSpacing(0.5), + `HBox( + `HWeight( 50, `HCenter(`PushButton(`id(`save), + Label::OKButton()))), + `HWeight( 50, `HCenter(`PushButton(`id(`cancel), + Label::CancelButton()))) + ) + ); + } + } + + UI::OpenDialog( + `VBox( + `VSpacing(0.1), + `VWeight( 15, `Top(`Label(`id(`explanation), explanation))), + `VSpacing(0.2), + `VWeight( 70, + `HBox( + `VSpacing( 1 ), + `HSpacing( 0.5 ), + `Frame( `id(`select_profiles), headline, + `HBox( + `HWeight( 40, `MinSize( 30, 15, + `MultiSelectionBox( `id(`profiles), + `opt(`notify), + _("Profiles"), + profile_list) ) + ), + `HWeight( 60, profile_contents_text ) + ) + ), + `HSpacing( 0.5 ) + ) + ), + `VSpacing( 0.2 ), + `VWeight( 15, control_widgets ), + `VSpacing( 0.2 ) + ) + ); + UI::ChangeWidget( `id(`profiles), `CurrentValue, first_profile_name ); + + map event2 = $[]; + any id2 = nil; + repeat + { + event2 = UI::WaitForEvent (); + id2 = event2["ID"]:nil; + if ( id2 == `profiles ) { + any itemid = UI::QueryWidget( `id(`profiles), `CurrentItem ); + string stritem = tostring( itemid ); + string contents = profiles[stritem]:"MISSING CONTENTS"; + UI::ChangeWidget( `id(`contents), `Value, contents ); + } + } until ( id2 == `save || id2 == `cancel ); + + list selected_profiles = []; + if (id2 == `save) { + list selected_items = + (list) UI::QueryWidget( `id(`profiles), `SelectedItems ); + integer profile_index = 0; + foreach ( any p_name, selected_items, { + selected_profiles[profile_index] = tostring( p_name ); + profile_index = profile_index + 1; + }); + results["STATUS"] = "ok"; + if (get_changelog == true) { + map changelog_results = + UI_ChangeLog_Dialog( $["profiles":selected_profiles] ); + if ( changelog_results["STATUS"]:"cancel" == "cancel" ) { + results["STATUS"] = "cancel"; + } else { + results["CHANGELOG"] = changelog_results; + results["PROFILES"] = selected_profiles; + } + } else { + results["PROFILES"] = selected_profiles; + } + if ( disable_ask_upload == true && + ((boolean) UI::QueryWidget( `id(`disable_ask_upload), `Value )) + == true ) { + results["NEVER_ASK_AGAIN"] = "true"; + } + } else if ( id2 == `cancel ) { + results["STATUS"] = "cancel"; + } + UI::CloseDialog(); + return results; +} + +/** Form_BusyFeedbackDialog + * + * @param agent_data - map - data from backend + * [ title - string - explanation of the forms use ] + * + * @return results - map + * [ STATUS - string - ok/cancel ] + * + **/ + +define term Form_BusyFeedbackDialog( string message ) { + //`MinSize( 10, 4, `Image(`opt(`animated), movie, "animation" ), + //`Image(`opt(`animated), movie, "animation" ), + string movie = + "/usr/share/YaST2/theme/current/animations/ticks-endless.gif"; + term busy_dialog = + `HBox( + //`MinSize( 10, 4, `Image(`opt(`animated), movie, "animation" ) ), + `Image(`opt(`animated), movie, "animation" ), + `Label( message ) + ); + return busy_dialog; +} + +define void UI_BusyFeedbackStart( map agent_data ) { + string message = agent_data["message"]:"MISSING MESSAGE"; + if ( AppArmorDialogs::busy_dialog != nil ) { + UI::CloseDialog(); + } + AppArmorDialogs::busy_dialog = Form_BusyFeedbackDialog( message ); + UI::OpenDialog( AppArmorDialogs::busy_dialog); + return; +} + +define void UI_BusyFeedbackStop( ) { + if ( AppArmorDialogs::busy_dialog != nil ) { + UI::CloseDialog(); + AppArmorDialogs::busy_dialog = nil; + } +} --- /dev/null +++ b/src/include/apparmor/capabilities.ycp @@ -0,0 +1,310 @@ +/* ------------------------------------------------------------------ +* +* Copyright (C) 2002-2005 Novell/SUSE +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of version 2 of the GNU General Public +* License published by the Free Software Foundation. +* + ------------------------------------------------------------------*/ +// +// YCP map containing definitons for Capabiltiies +// +{ + +textdomain "yast2-apparmor"; + +map capdefs = $[ +"chown" : + $[ + "name" : "CAP_CHOWN", + "info" : _("
  • In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, +this overrides the restriction of changing file ownership +and group ownership.
"), + + ], +"dac_override" : + $[ + "name" : "CAP_DAC_OVERRIDE", + "info" : _("
  • Override all DAC access, including ACL execute access if +[_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
"), + + ], +"dac_read_search" : + $[ + "name" : "CAP_DAC_READ_SEARCH", + "info" : _("
  • Overrides all DAC restrictions regarding read and search +on files and directories, including ACL restrictions if [_POSIX_ACL] is defined. +Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
"), + + ], +"fowner" : + $[ + "name" : "CAP_FOWNER", + "info" : _("
  • Overrides all restrictions about allowed operations on files, +where file owner ID must be equal to the user ID, except where CAP_FSETID is +applicable. It doesn't override MAC and DAC restrictions.
"), + + ], +"fsetid" : + $[ + "name" : "CAP_FSETID", + "info" : _("
  • Overrides the following restrictions that the effective user +ID shall match the file owner ID when setting the S_ISUID and S_ISGID bits on that +file; that the effective group ID (or one of the supplementary group IDs) shall match +the file owner ID when setting the S_ISGID bit on that file; that the S_ISUID and +S_ISGID bits are cleared on successful return from chown(2) (not implemented).
"), + + ], +"kill" : + $[ + "name" : "CAP_KILL", + "info" : _("
  • Overrides the restriction that the real or effective user ID +of a process sending a signal must match the real or effective user ID of the process +receiving the signal.
"), + + ], +"setgid" : + $[ + "name" : "CAP_SETGID", + "info" : _("
  • Allows setgid(2) manipulation
  • Allows setgroups(2)
    • +
  • Allows forged gids on socket credentials passing.
"), + + ], +"setuid" : + $[ + "name" : "CAP_SETUID", + "info" : _("
  • Allows setuid(2) manipulation (including fsuid)
    • +
  • Allows forged pids on socket credentials passing.
"), + + ], +"setpcap" : + $[ + "name" : "CAP_SETPCAP", + "info" : _("
  • Transfer any capability in your permitted set to any pid, +remove any capability in your permitted set from any pid
"), + + ], +"linux_immutable" : + $[ + "name" : "CAP_LINUX_IMMUTABLE", + "info" : _("
  • Allows modification of S_IMMUTABLE and S_APPEND file attributes
"), + + ], +"net_bind_service" : + $[ + "name" : "CAP_NET_BIND_SERVICE", + "info" : _("
  • Allows binding to TCP/UDP sockets below 1024
    • +
  • Allows binding to ATM VCIs below 32
"), + + ], +"net_broadcast" : + $[ + "name" : "CAP_NET_BROADCAST", + "info" : _("
  • Allows broadcasting, listen to multicast
"), + + ], +"net_admin" : + $[ + "name" : "CAP_NET_ADMIN", + "info" : _("
  • Allows interface configuration
    • +
  • Allows administration of IP firewall, masquerading and accounting
    • +
  • Allows setting debug option on sockets
    • +
  • Allows modification of routing tables
    • ") + + +_("
  • Allows setting arbitrary process / process group ownership on sockets
    • +
  • Allows binding to any address for transparent proxying
    • +
  • Allows setting TOS (type of service)
    • +
  • Allows setting promiscuous mode
    • +
  • Allows clearing driver statistics
    • ") + + +_("
  • Allows multicasting
    • +
  • Allows read/write of device-specific registers
    • +
  • Allows activation of ATM control sockets
    • +
"), + + ], +"net_raw" : + $[ + "name" : "CAP_NET_RAW", + "info" : _("
  • Allows use of RAW sockets
    • +
  • Allows use of PACKET sockets
"), + + ], +"ipc_lock" : + $[ + "name" : "CAP_IPC_LOCK", + "info" : _("
  • Allows locking of shared memory segments
    • +
  • Allows mlock and mlockall (which doesn't really have anything to do with IPC)
"), + + ], +"ipc_owner" : + $[ + "name" : "CAP_IPC_OWNER", + "info" : _("
  • Override IPC ownership checks
"), + + ], +"sys_module" : + $[ + "name" : "CAP_SYS_MODULE", + "info" : _("
  • Insert and remove kernel modules - modify kernel without limit
    • +
  • Modify cap_bset
"), + + ], +"sys_rawio" : + $[ + "name" : "CAP_SYS_RAWIO", + "info" : _("
  • Allows ioperm/iopl access
    • +
  • Allows sending USB messages to any device via /proc/bus/usb
"), + + ], +"sys_chroot" : + $[ + "name" : "CAP_SYS_CHROOT", + "info" : _("
  • Allows use of chroot()
"), + + ], +"sys_ptrace" : + $[ + "name" : "CAP_SYS_PTRACE", + "info" : _("
  • Allows ptrace() of any process
"), + + ], +"sys_pacct" : + $[ + "name" : "CAP_SYS_PACCT", + "info" : _("
  • Allows configuration of process accounting
"), + + ], +"sys_admin" : + $[ + "name" : "CAP_SYS_ADMIN", + "info" : _("
  • Allows configuration of the secure attention key
    • +
  • Allows administration of the random device
    • +
  • Allows examination and configuration of disk quotas
    • +
  • Allows configuring the kernel's syslog (printk behaviour)
    • ") + + +_("
  • Allows setting the domain name
    • +
  • Allows setting the hostname
    • +
  • Allows calling bdflush()
    • +
  • Allows mount() and umount(), setting up new smb connection
    • +
  • Allows some autofs root ioctls
    • ") + + +_("
  • Allows nfsservctl
    • +
  • Allows VM86_REQUEST_IRQ
    • +
  • Allows to read/write pci config on alpha
    • +
  • Allows irix_prctl on mips (setstacksize)
    • +
  • Allows flushing all cache on m68k (sys_cacheflush)
    • ") + + +_("
  • Allows removing semaphores
    • +
  • Used instead of CAP_CHOWN to \"chown\" IPC message queues, semaphores and shared memory
    • +
  • Allows locking/unlocking of shared memory segment
    • +
  • Allows turning swap on/off
    • +
  • Allows forged pids on socket credentials passing
    • ") + + +_("
  • Allows setting read ahead and flushing buffers on block devices
    • +
  • Allows setting geometry in floppy driver
    • +
  • Allows turning DMA on/off in xd driver
    • +
  • Allows administration of md devices (mostly the above, but some extra ioctls)
    • ") + + +_("
  • Allows tuning the ide driver
    • +
  • Allows access to the nvram device
    • +
  • Allows administration of apm_bios, serial and bttv (TV) device
    • +
  • Allows manufacturer commands in isdn CAPI support driver
    • ") + + +_("
  • Allows reading non-standardized portions of pci configuration space
    • +
  • Allows DDI debug ioctl on sbpcd driver
    • +
  • Allows setting up serial ports
    • +
  • Allows sending raw qic-117 commands
    • ") + + +_("
  • Allows enabling/disabling tagged queuing on SCSI controllers + and sending arbitrary SCSI commands
    • +
  • Allows setting encryption key on loopback filesystem
"), + + ], +"sys_boot" : + $[ + "name" : "CAP_SYS_BOOT", + "info" : _("
  • Allows use of reboot()
"), + + ], +"sys_nice" : + $[ + "name" : "CAP_SYS_NICE", + "info" : _("
  • Allows raising priority and setting priority on other (different UID) processes
    • +
  • Allows use of FIFO and round-robin (realtime) scheduling on own processes and setting +the scheduling algorithm used by another process.
    • +
  • Allows setting cpu affinity on other processes
"), + ], +"sys_resource" : + $[ + "name" : "CAP_SYS_RESOURCE", + "info" : _("
  • Override resource limits. Set resource limits.
    • +
  • Override quota limits.
    • +
  • Override reserved space on ext2 filesystem
    • +
  • Modify data journaling mode on ext3 filesystem (uses journaling resources)
    • ") + + +_("
  • NOTE: ext2 honors fsuid when checking for resource overrides, so you can override using fsuid too
    • +
  • Override size restrictions on IPC message queues
    • +
  • Allows more than 64hz interrupts from the real-time clock
    • +
  • Override max number of consoles on console allocation
    • +
  • Override max number of keymaps
"), + ], +"sys_time" : + $[ + "name" : "CAP_SYS_TIME", + "info" : _("
  • Allows manipulation of system clock
    • +
  • Allows irix_stime on mips
    • +
  • Allows setting the real-time clock
"), + ], +"sys_tty_config" : + $[ + "name" : "CAP_SYS_TTY_CONFIG", + "info" : _("
  • Allows configuration of tty devices
    • +
  • Allows vhangup() of tty
"), + ], +"mknod" : + $[ + "name" : "CAP_MKNOD", + "info" : _("
  • Allows the privileged aspects of mknod()
"), + ], +"lease" : + $[ + "name" : "CAP_LEASE", + "info" : _("
  • Allows taking of leases on files
"), + ], +]; + + +map linnametolp = $[ +"CAP_CHOWN" : "chown", +"CAP_DAC_OVERRIDE" : "dac_override", +"CAP_DAC_READ_SEARCH" : "dac_read_search", +"CAP_FOWNER" : "fowner", +"CAP_FSETID" : "fsetid", +"CAP_KILL" : "kill", +"CAP_SETGID" : "setgid", +"CAP_SETUID" : "setuid", +"CAP_SETPCAP" : "setpcap", +"CAP_LINUX_IMMUTABLE" : "linux_immutable", +"CAP_NET_BIND_SERVICE" : "net_bind_service", +"CAP_NET_BROADCAST" : "net_broadcast", +"CAP_NET_ADMIN" : "net_admin", +"CAP_NET_RAW" : "net_raw", +"CAP_IPC_LOCK" : "ipc_lock", +"CAP_IPC_OWNER" : "ipc_owner", +"CAP_SYS_MODULE" : "sys_module", +"CAP_SYS_RAWIO" : "sys_rawio", +"CAP_SYS_CHROOT" : "sys_chroot", +"CAP_SYS_PTRACE" : "sys_ptrace", +"CAP_SYS_PACCT" : "sys_pacct", +"CAP_SYS_ADMIN" : "sys_admin", +"CAP_SYS_BOOT" : "sys_boot", +"CAP_SYS_NICE" : "sys_nice", +"CAP_SYS_RESOURCE" : "sys_resource", +"CAP_SYS_TIME" : "sys_time", +"CAP_SYS_TTY_CONFIG" : "sys_tty_config", +"CAP_MKNOD" : "mknod", +"CAP_LEASE" : "lease", +]; +} --- /dev/null +++ b/src/include/apparmor/config_complain.ycp @@ -0,0 +1,227 @@ +/* ------------------------------------------------------------------ +* +* Copyright (C) 2002-2005 Novell/SUSE +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of version 2 of the GNU General Public +* License published by the Free Software Foundation. +* + ------------------------------------------------------------------*/ + +{ +textdomain "yast2-apparmor"; + +import "Label"; + +string modeHelp = _("

Profile Mode Configuration
This tool allows +you to set AppArmor profiles to either complain or enforce mode.

") + + +_("

Complain mode is a profile training state that logs application +activity. All the violations of the AppArmor profile rules are logged +(into /var/log/audit/audit.log file), but still permitted, so +that application's behavior is not restricted.

") + + +_("

With the profile in enforce mode, application is protected by +AppArmor. The profile rules are enforced and their violation is logged, +but not permitted (e.g. an application cannot access files, unless it is +permitted to do so by the profile).

"); + +boolean showAll = false; // Button for showing active or all profiles + +define void updateComplain(any id, string profile, string mode, boolean showAll) { + + boolean error = false; + map profCmd = $[ ]; + + if (id == `allEnforce || id == `allComplain) { + profCmd["all"] = "1"; + } else if ( profile != "" ) { + profCmd["profile"] = profile; + } else { + Popup::Error( _("Couldn't recognize profile name: ") + profile ); + return; + } + + if ( id == `toggle && mode != "" ) { + // Reverse modes for toggling + if ( mode == "enforce" ) { + profCmd["mode"] = "complain"; + } else if (mode == "complain") { + profCmd["mode"] = "enforce"; + } else { + error = true; + Popup::Error( _("Couldn't recognize mode: ") + mode ); + } + } else if ( id != `toggle ) { + profCmd["mode"] = mode; + } + + if ( showAll == true ) { + profCmd["showall"] = "1"; + } else { + profCmd["showall"] = "0"; + } + + SCR::Write(.complain, profCmd); + + return; +} + +define list getRecordList(boolean showAll) { + + map Settings = $[ ]; + Settings["list"] = "1"; + + if ( showAll == true ) { + Settings["showall"] = "1"; + } else { + Settings["showall"] = "0"; + } + + list recList = []; + integer key = 1; + + // restarts ag_complain agent if necessary + list db = nil; + while ( db == nil ) { + db = (list ) SCR::Read (.complain, Settings); + } + + foreach ( map record, db, { + recList = add( recList, `item( `id(key), record["name"]:nil, record["mode"]:nil )); + key = key + 1; + }); + + return recList; +} + +define term getProfModeForm(list recList, boolean showAll ) { + + term allBtn = `PushButton(`id(`showAll), _("Show All Profiles") ); + string allText = _("Configure Mode for Active Profiles"); + + if ( showAll && showAll == true ) { + allBtn = `PushButton(`id(`showAct), _("Show Active Profiles") ); + allText = _("Configure Mode for All Profiles"); + } + + term modeForm = + + `Frame( `id(`changeMode), allText, + //`Frame( `id(`changeMode), _("Configure Profile Mode"), + `VBox( + `VSpacing(2), + `HBox( + `VSpacing(10), + `Table(`id(`table), `opt(`notify), `header(_("Profile Name"), _("Mode")), recList) + ), + `VSpacing(0.5), + `HBox( + allBtn, + `PushButton(`id(`toggle), _("Toggle Mode") ), + `PushButton(`id(`allEnforce), _("Set All to Enforce") ), + `PushButton(`id(`allComplain), _("Set All to Complain") ) + )) + ); + + return modeForm; +} + +define term updateModeConfigForm(boolean showAll) { + + list recList = getRecordList(showAll); + term newModeForm = getProfModeForm(recList, showAll); + + return newModeForm; +} + +// Profile Mode Configuration -- Sets Complain and Enforce Behavior +define symbol profileModeConfigForm() { + + list recList = getRecordList(showAll); + term modeForm = getProfModeForm(recList, showAll); + Wizard::CreateDialog(); + Wizard::SetContentsButtons( _("Profile Mode Configuration"), modeForm, modeHelp, Label::BackButton(), _("&Done") ); + + map event = $[]; + any id = nil; + boolean modified = false; + + while( true ) { + + event = UI::WaitForEvent(); + + id = event["ID"]:nil; // We'll need this often - cache it + string profile = nil; + string mode = nil; + + if ( id == `abort || id == `cancel || id == `back ) { + break; + + } else if ( id == `next ) { + integer ret = -1; + if ( modified ) + ret = (integer) SCR::Execute (.target.bash, "/sbin/rcsubdomain reload > /dev/null 2>&1"); + else { + y2milestone("No change to Apparmor profile modes - nothing to do."); + break; + } + if ( ret == 0) + y2milestone("Apparmor profiles reloaded succesfully."); + else + y2error("Reloading Apparmor profiles failed with exit code %1", ret); + + break; + } else if ( id == `showAll ) { + + showAll = true; + Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") ); + continue; + + } else if ( id == `showAct ) { + + showAll = false; + Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") ); + continue; + + } else if ( id == `toggle) { + integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); + profile = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); + mode = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 2, ""); + + updateComplain(id, profile, mode, showAll); + modified = true; + Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") ); + continue; + + } else if ( id == `allEnforce || id == `allComplain) { + + profile = ""; + + if ( id == `allEnforce ) { + mode = "enforce"; + } else { + mode = "complain"; + } + + updateComplain(id, profile, mode, showAll); + modified = true; + Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") ); + continue; + + } else if ( id == `table ) { + + Popup::Message( _("Please select an action to perform from the buttons below.") ); + + } else { + y2error("Unexpected return code: %1", id); + break; + } + } + + Wizard::CloseDialog(); // new + return (symbol) id; +} + +/* EOF */ +} --- /dev/null +++ b/src/include/apparmor/helps.ycp @@ -0,0 +1,219 @@ +/* ------------------------------------------------------------------ +* +* Copyright (C) 2002-2005 Novell/SUSE +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of version 2 of the GNU General Public +* License published by the Free Software Foundation. +* + ------------------------------------------------------------------*/ + +{ + +textdomain "yast2-apparmor"; + +/* START Help Section +************************************************************/ +map helps = $[ + "EventNotifyHelpText" : + _("

The Security Event Notification screen enables you to setup email +alerts for security events. In the following steps, specify how often +alerts are sent, who receives the alert, and how severe the security +event must be to send an alert.

") + + + _("

Notification Types
Terse Notification: +Terse notification summarizes the total number of system events without +providing details.
For example:
dhcp-101.up.wirex.com has +had 10 security events since Tue Oct 12 11:10:00 2004

") + + + _("

Summary Notification: The Summary notification displays +the logged AppArmor security events, and lists the number of +individual occurrences, including the date of the last occurrence. +
For example:
SubDomain: PERMITTING access to capability +'setgid' (httpd2-prefork(6347) profile /usr/sbin/httpd2-prefork +active /usr/sbin/httpd2-prefork) 2 times, the latest at Sat Oct 9 16:05:54 2004. +

") + + + _("

Verbose Notification: The Verbose notification displays +unmodified, logged AppArmor security events. It tells you every time +an event occurs and writes a new line in the Verbose log. These +security events include the date and time the event occurred, when +the application profile permits access as well as rejects access, +and the type of file permission access that is permitted or rejected.

") + + + _("

Verbose Notification also reports several messages that +the logprof tool uses to interpret profiles.
For example:
+ Oct 9 15:40:31 SubDomain: PERMITTING r access to +/etc/apache2/httpd.conf (httpd2-prefork(6068) profile +/usr/sbin/httpd2-prefork active /usr/sbin/httpd2-prefork)

") + + + "
    " + _("
  1. For each notification type that you would like +enabled, select the frequency of notification that you would +like. For example, if you select 1 day from the +pull-down list, you will be sent daily notifications of +security events, if they occur.
    2. ") + + + _("
  2. Enter the email address of those who should receive +the Terse, Summary, or Verbose notifications.If there is no local +SMTP server configured to distribute e-mails from this host to the +domain you entered, enter for example @localhost +and enable to receive system mail, if it is not +a root user.
    3. ") + + + _("
  3. Select the lowest severity level for which a notification +should be sent. Security events will be logged and the notifications +will be sent at the time indicated by the interval when events are +equal or greater than the selected severity level. If the interval +is 1 day, the notification will be sent daily, if security events +occur.") + + + _("Severity Levels: These are numbered 1 through 10, +10 being the most severe security incident. The severity.db +file defines the severity level of potential security events. +The severity levels are determined by the importance of +different security events, such as certain resources accessed +or services denied.
    4. ") + + + _("
  4. Select Include unknown security events if +you would like to include events that are not rated with a severity number.
    5. ") + + "
", +// ---------------------------- + "profileWizard" : + _("AppArmor Profiling Wizard
") + + _("This wizard presents entries generated by the AppArmor access control module. +You can generate highly optimized and robust security profiles +by using the suggestions made by AppArmor.") + + + _("AppArmor suggests that you allow or deny access to specific resources +or define execute permission for entries. Questions +that display were logged during the normal application +execution test previously performed.
") + + + _("The following help text describes the detail of the security profile +syntax used by AppArmor.

At any stage, you may +customize the profile entry by changing the suggested response. +This overview will assist you in your options. Refer to the +Novell AppArmor Administration Guide for step-by-step +instructions.

") + + + _("Access Modes
") + + _("File permission access modes consists of combinations of the following six modes:") + + + "
    " + + _("
  • r - read
    • ") + + _("
  • w - write
    • ") + + _("
  • m - mmap PROT_EXEC
    • ") + + _("
  • px - discrete profile execute
    • ") + + _("
  • ux - unconfined execute
    • ") + + _("
  • ix - inherit execute
    • ") + + _("
  • l - link
    • ") + "
" + + + _("Details for Access Modes") + + "

" + + + _("Read mode
") + + _("Allows the program to have read access to the +resource. Read access is required for shell scripts +and other interpreted content, and determines if an +executing process can core dump or be attached to with +ptrace(2). (ptrace(2) is used by utilities such as +strace(1), ltrace(1), and gdb(1).)") + + "

" + + + _("Write mode
") + + _("Allows the program to have write access to the +resource. Files must have this permission if they are +to be unlinked (removed.)") + + "

" + + + _("Mmap PROT_EXEC mode
") + + _("Allows the program to call mmap with PROT_EXEC on the +resource.") + + "

" + + + _("Unconfined execute mode
") + + _("Allows the program to execute the resource without any +AppArmor profile being applied to the executed +resource. Requires listing execute mode as well. +Incompatible with Inherit and Discrete Profile execute +entries.") + + "

" + + + _("This mode is useful when a confined program needs to +be able to perform a privileged operation, such as +rebooting the machine. By placing the privileged section +in another executable and granting unconfined +execution rights, it is possible to bypass the mandatory +constraints imposed on all confined processes. +For more information on what is constrained, see the +subdomain(7) man page.") + + "

" + + + _("Discrete Profile execute mode
") + + _("This mode requires that a discrete security profile is +defined for a resource executed at a AppArmor domain +transition. If there is no profile defined then the +access will be denied. Incompatible with Inherit and +Unconstrained execute entries.") + + "

" + + + _("Link mode
") + + _("Allows the program to be able to create and remove a +link with this name (including symlinks). When a link +is created, the file that is being linked to MUST have +the same access permissions as the link being created +(with the exception that the destination does not have +to have link access.) Link access is required for +unlinking a file.") + + "

" + + + _("Globbing") + + "

" + + _("File resources may be specified with a globbing syntax +similar to that used by popular shells, such as csh(1), +bash(1), zsh(1).") + + "
" + + + "
    " + + _("
  • * can substitute for any number of characters, except '/'
  • ") + + _("
  • ** can substitute for any number of characters, including '/'
    • ") + + _("
  • ? can substitute for any single character except '/'
    • ") + + _("
  • [abc] will substitute for the single character a, b, or c
    • ") + + _("
  • [a-c] will substitute for the single character a, b, or c
    • ") + + _("
  • {ab,cd} will expand to one rule to match ab, one rule to match cd
    • ") + + "
" + + + _("Clean Exec - for sanitized execution") + + "

" + + _("The Clean Exec option for the discrete profile and unconstrained +execute permissions provide added security by stripping the +environment that is inherited by the child program of specific +variables. You will be prompted to choose whether you want to sanitize the +environment if you choose 'p' or 'u' during the profiling process. +The variables are:") + + + "
    " + + "
  • GCONV_PATH
    • " + + "
  • GETCONF_DIR
    • " + + "
  • HOSTALIASES
    • " + + "
  • LD_AUDIT
    • " + + "
  • LD_DEBUG
    • " + + "
  • LD_DEBUG_OUTPUT
    • " + + "
  • LD_DYNAMIC_WEAK
    • " + + "
  • LD_LIBRARY_PATH
    • " + + "
  • LD_ORIGIN_PATH
    • " + + "
  • LD_PRELOAD
    • " + + "
  • LD_PROFILE
    • " + + "
  • LD_SHOW_AUXV
    • " + + "
  • LD_USE_LOAD_BIAS
    • " + + "
  • LOCALDOMAIN
    • " + + "
  • LOCPATH
    • " + + "
  • MALLOC_TRACE
    • " + + "
  • NLSPATH
    • " + + "
  • RESOLV_HOST_CONF
    • " + + "
  • RES_OPTION
    • " + + "
  • TMPDIR
    • " + + "
  • TZDIR
", + + ]; +} --- /dev/null +++ b/src/include/apparmor/profile_dialogs.ycp @@ -0,0 +1,1147 @@ +/* ------------------------------------------------------------------ +* +* Copyright (C) 2002-2005 Novell/SUSE +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of version 2 of the GNU General Public +* License published by the Free Software Foundation. +* + ------------------------------------------------------------------*/ +{ +import "Wizard"; +import "Popup"; +import "Label"; +import "Map"; +include "subdomain/capabilities.ycp"; +textdomain "yast2-apparmor"; + +// Globalz +integer timeout_millisec = 20 * 1000; +map Settings = $[ + "CURRENT_PROFILE" : "" +]; + + +define map capabilityEntryPopup( map capmap, + string linuxcapname, + string profile ) { + map results = $[]; + string lpname = linnametolp[linuxcapname]:""; + map cdef = capdefs[lpname]:nil; + list caplist = []; + boolean capbool = false; + foreach( string clname, string clpname, (map) linnametolp, { + if ( capmap[clpname]:nil != nil) capbool = true; + caplist = add( caplist, `item( `id(clname), clname, capbool) ); + capbool = false; + }); + string info = (string) cdef["info"]:_("Capability Selection. +
Select desired capabilities for this profile. +Select a Capability name to see information about the capability."); + string frametitle = " " + _("Capabilities enabled for the profile") + " " + profile + " "; + UI::OpenDialog( + `VBox( + `HSpacing( 75 ), + `VSpacing( `opt(`hstretch), 1 ), + `HBox( + `VSpacing( 20 ), + `HSpacing( 0.5 ), + `Frame( frametitle, + `HBox( + `HWeight( 30, + `MultiSelectionBox( `id(`caps), `opt(`notify), _("Capabilities"), caplist) + ), + `HWeight( 60, `RichText( `id(`captext), info) ) + ) + ), + `HSpacing( 0.05 ) + ), + `VSpacing( 0.5 ), + `HBox( + `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))), + `HWeight( 50, `HCenter(`PushButton(`id(`cancel), Label::CancelButton()))) + ), + `VSpacing( `opt(`hstretch), 0.5 ) + ) + ); + + if ( linuxcapname != "" ) { + UI::ChangeWidget( `id(`caps), `CurrentItem, linuxcapname ); + } + + map event2 = $[]; + any id2 = nil; + repeat + { + event2 = UI::WaitForEvent( timeout_millisec ); + id2 = event2["ID"]:nil; // We'll need this often - cache it + if ( id2 == `caps ) { + any itemid = UI::QueryWidget( `id(`caps), `CurrentItem ); + list selecteditems = (list) UI::QueryWidget( `id(`caps), `SelectedItems ); + string stritem = tostring( itemid ); + string capindex = linnametolp[stritem]:""; + map cdf = capdefs[capindex]:nil; + string cdfi = cdf["info"]:""; + UI::ChangeWidget( `id(`captext), `Value, cdfi ); + } + } until ( id2 == `save || id2 == `cancel ); + + map newcapmap = $[]; + if ( id2 == `save ) { + list selectedcaps = (list) UI::QueryWidget( `id(`caps), `SelectedItems ); + string s = ""; + foreach( any cpname, selectedcaps, { + s = linnametolp[tostring(cpname)]:""; + newcapmap = add( newcapmap, s, $["audit":0, "set":1]); + }); + } + UI::CloseDialog(); + if ( id2 == `cancel ) { + return capmap; + } + return newcapmap; +} + + +define string networkEntryPopup( string rule ) { + integer listnum = 0; + list netlist = splitstring( rule, " " ); + integer netrulesize = size( netlist ); + string family = ""; + string sockettype = ""; + if ( netrulesize == 1 ) { + family = "All"; + } else if ( netrulesize == 2 ) { + family = netlist[1]:""; + } else if ( netrulesize == 3 ) { + family = netlist[1]:""; + sockettype = netlist[2]:""; + } + + list famList = [ + `item( `id( `allfam ), _("All") ), + `item( `id( `inet ), "inet" ), + `item( `id( `inet6 ), "inet6" ), + `item( `id( `ax25 ), "ax25" ), + `item( `id( `ipx ), "ipx" ), + `item( `id( `appletalk ), "appletalk" ), + `item( `id( `netrom ), "netrom" ), + `item( `id( `bridge ), "bridge" ), + `item( `id( `atmpvc ), "atmpvc" ), + `item( `id( `x25 ), "x25" ), + `item( `id( `rose ), "rose" ), + `item( `id( `netbeui ), "netbeui" ), + `item( `id( `security ), "security" ), + `item( `id( `key ), "key" ), + `item( `id( `packet ), "packet" ), + `item( `id( `ash ), "ash" ), + `item( `id( `econet ), "econet" ), + `item( `id( `atmsvc ), "atmsvc" ), + `item( `id( `sna ), "sna" ), + `item( `id( `irda ), "irda" ), + `item( `id( `ppox ), "pppox" ), + `item( `id( `wanpipe ), "wanpipe" ), + `item( `id( `bluetooth ), "bluetooth" ), + ]; + + list typeList = [ + `item( `id( `alltype ), _("All") ), + `item( `id( `stream ), "stream" ), + `item( `id( `dgram ), "dgram" ), + `item( `id( `seqpacket ), "seqpacket" ), + `item( `id( `rdm ), "rdm" ), + `item( `id( `raw ), "raw" ), + `item( `id( `packet ), "packet" ), + `item( `id( `dccp ), "dccp" ), + ]; + + map results = $[]; + + UI::OpenDialog( + `VBox( + `VSpacing( 1 ), + `HBox( + `HCenter( `ComboBox( `id(`famItems), + `opt(`notify), + _("Network Family"), + famList + ) + ), + `HSpacing(`opt(`hstretch), 0.2), + `HCenter( `ComboBox( `id(`typeItems), + `opt(`notify), + _("Socket Type"), + typeList + ) + ) + ), + `VSpacing(1), + `HBox( + `HCenter(`PushButton(`id(`cancel), Label::CancelButton())), + `HCenter(`PushButton(`id(`save), Label::SaveButton())) + ), + `VSpacing(0.5) + ) + ); + + if ( rule == "" || family == "All" ) { + UI::ChangeWidget( `famItems, `Value, `allfam ); + UI::ChangeWidget( `typeItems, `Value, `alltype ); + UI::ChangeWidget( `typeItems, `Enabled, false ); + } else { + if ( family != "" ) { + UI::ChangeWidget( `famItems, `Value, symbolof(toterm(family)) ); + } + if ( sockettype != "" ) { + UI::ChangeWidget( `typeItems, `Value, symbolof(toterm(sockettype)) ); + } + } + map event2 = $[]; + any id2 = nil; // We'll need this often - cache it + repeat + { + event2 = UI::WaitForEvent( timeout_millisec ); + id2 = event2["ID"]:nil; // We'll need this often - cache it + if ( id2 == `famItems ) { + if ( UI::QueryWidget( `famItems, `Value ) == `allfam ) { + UI::ChangeWidget( `typeItems, `Value, `alltype ); + UI::ChangeWidget( `typeItems, `Enabled, false ); + } else { + UI::ChangeWidget( `typeItems, `Enabled, true ); + } + } + } until ( id2 == `save || id2 == `cancel ); + if ( id2 == `save ) { + rule = "network"; + symbol famselection = (symbol) UI::QueryWidget( `famItems, `Value ); + symbol typeselection = (symbol) UI::QueryWidget( `typeItems, `Value ); + if ( famselection != `allfam ) { + rule = rule + " " + substring( tostring(famselection), 1); + if ( typeselection != `alltype ) { + rule = rule + " " + substring( tostring(typeselection), 1); + } + } + } else { + rule = ""; + } + UI::CloseDialog(); + return rule; +} + + +// +// Popup the Edit Profile Entry dialog +// return a map containing PERM and FILE +// for the updated permissions and filename +// for the profile entry +// + +define map pathEntryPopup( string filename, string perms, string profile, string filetype ) { + map results = $[]; + UI::OpenDialog( + `VBox( + `VSpacing( `opt(`hstretch), 1 ), + `HSpacing( 45 ), + `HBox( + `VSpacing( 10 ), + `HSpacing( 0.75 ), + `Frame( _("Profile Entry For ") + profile, + `HBox( + `HWeight( 60, + `VBox( + `TextEntry(`id(`filename), _("Enter or modify Filename")), + `HCenter(`PushButton(`id(`browse), _("&Browse") )) + ) + ), + `HWeight( 40, + `MultiSelectionBox( `id(`perms), `opt(`notify), _("Permissions"), + [ `item( `id(`read), _("Read"), issubstring(perms, "r")), + `item( `id(`write), _("Write"), issubstring(perms, "w")), + `item( `id(`link), _("Link"), issubstring(perms, "l")), + `item( `id(`append), _("Append"), issubstring(perms, "a")), + `item( `id(`lock), _("Lock"), issubstring(perms, "k")), + `item( `id(`mmap), _("MMap PROT_EXEC"), issubstring(perms, "m")), + `item( `id(`execute), _("Execute"), issubstring(perms, "x")), + `item( `id(`inherit), _("Inherit"), issubstring(perms, "i")), + `item( `id(`profile), _("Profile"), issubstring(perms, "p")), + `item( `id(`clean_profile), _("Profile Clean Exec"), issubstring(perms, "P")), + `item( `id(`unconstrained), _("Unconstrained"), issubstring(perms, "u")), + `item( `id(`clean_unconstrained), _("Unconstrained Clean Exec"), issubstring(perms, "U")) + ] + ) + ) + ) + ), + `HSpacing( 0.75 ) + ), + `VSpacing( 0.5 ), + `HBox( + `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))), + `HWeight( 50, `HCenter(`PushButton(`id(`cancel), Label::CancelButton()))) + ), + `VSpacing( `opt(`hstretch), 0.5 ) + ) + ); + UI::ChangeWidget(`id(`filename), `Value, filename); + map event2 = $[]; + any id2 = nil; // We'll need this often - cache it + repeat + { + event2 = UI::WaitForEvent( timeout_millisec ); + id2 = event2["ID"]:nil; // We'll need this often - cache it + + // + // Something clicked in the 'perms list + // + if ( id2 == `perms ) { + any itemid = UI::QueryWidget( `id(`perms), `CurrentItem ); + list selecteditems = (list) UI::QueryWidget( `id(`perms), `SelectedItems ); + if ( itemid == `execute ) { + // + // If we turn off Execute bit then also + // turn off execute modifiers + // + if ( contains( selecteditems, `execute ) == false ) { + if ( contains( selecteditems, `inherit )) { + selecteditems = filter (any k, selecteditems, { return (k != `inherit); }); + UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); + } + if ( contains( selecteditems, `profile )) { + selecteditems = filter (any k, selecteditems, { return (k != `profile); }); + UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); + } + if ( contains( selecteditems, `unconstrained )) { + selecteditems = filter (any k, selecteditems, { return (k != `unconstrained); }); + UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); + } + if ( contains( selecteditems, `clean_unconstrained )) { + selecteditems = filter (any k, selecteditems, { return (k != `clean_unconstrained); }); + UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); + } + if ( contains( selecteditems, `clean_profile )) { + selecteditems = filter (any k, selecteditems, { return (k != `clean_profile); }); + UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); + } + } else if (!( contains( selecteditems, `inherit ) || + contains( selecteditems, `unconstrained ) || + contains( selecteditems, `clean_unconstrained ) || + contains( selecteditems, `clean_profile ) || + contains( selecteditems, `profile )) + ) { + //if you just select X alone then by default you get P + selecteditems = prepend( selecteditems, `profile); + UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); + } + } + + // + // Execute modifier is selected + // -- if Execute is NOT ON then turn Execute ON + // -- ensure that only one modifier is selected. + // + if (( contains( selecteditems, `inherit ) || + contains( selecteditems, `clean_unconstrained ) || + contains( selecteditems, `clean_profile ) || + contains( selecteditems, `unconstrained ) || + contains( selecteditems, `profile )) ) { + if ( contains( selecteditems, `execute ) == false ) { + selecteditems = prepend( selecteditems, `execute); + UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); + } else if ( itemid == `profile ) { + selecteditems = filter (any k, + selecteditems, + { return (k != `inherit); }); + selecteditems = filter (any k, + selecteditems, + { return (k != `clean_unconstrained); }); + selecteditems = filter (any k, + selecteditems, + { return (k != `clean_profile); }); + selecteditems = filter (any k, + selecteditems, + { return (k != `unconstrained); }); + UI::ChangeWidget( `id(`perms), + `SelectedItems, + selecteditems ); + } else if ( itemid == `inherit ) { + selecteditems = filter (any k, + selecteditems, + { return (k != `profile); }); + selecteditems = filter (any k, + selecteditems, + { return (k != `unconstrained); }); + selecteditems = filter (any k, + selecteditems, + { return (k != `clean_unconstrained); }); + selecteditems = filter (any k, + selecteditems, + { return (k != `clean_profile); }); + UI::ChangeWidget( `id(`perms), + `SelectedItems, + selecteditems ); + } else if ( itemid == `unconstrained ) { + selecteditems = filter (any k, + selecteditems, + { return (k != `profile); }); + selecteditems = filter (any k, + selecteditems, + { return (k != `inherit); }); + selecteditems = + filter (any k, + selecteditems, + { return (k != `clean_unconstrained); }); + selecteditems = filter (any k, + selecteditems, + { return (k != `clean_profile); }); + UI::ChangeWidget( `id(`perms), + `SelectedItems, + selecteditems ); + } else if ( itemid == `clean_unconstrained ) { + selecteditems = filter (any k, + selecteditems, + { return (k != `profile); }); + selecteditems = filter (any k, + selecteditems, + { return (k != `inherit); }); + selecteditems = filter (any k, + selecteditems, + { return (k != `unconstrained); }); + selecteditems = filter (any k, + selecteditems, + { return (k != `clean_profile); }); + UI::ChangeWidget( `id(`perms), + `SelectedItems, + selecteditems ); + } else if ( itemid == `clean_profile ) { + selecteditems = filter (any k, + selecteditems, + { return (k != `profile); }); + selecteditems = filter (any k, + selecteditems, + { return (k != `inherit); }); + selecteditems = + filter (any k, + selecteditems, + { return (k != `clean_unconstrained); }); + selecteditems = filter (any k, + selecteditems, + { return (k != `unconstrained); }); + UI::ChangeWidget( `id(`perms), + `SelectedItems, + selecteditems ); + } + } else if ( contains( selecteditems, `execute) ) { + selecteditems = filter (any k, + selecteditems, + { return (k != `execute); }); + UI::ChangeWidget( `id(`perms), + `SelectedItems, + selecteditems ); + } + } + // + // Popup a dialog to let a user browse for a file + // + if ( id2 == `browse ) { + string selectfilename = ""; + if ( filetype == "dir" ) { + selectfilename = UI::AskForExistingDirectory( "/", _("Select Directory")); + } else { + selectfilename = UI::AskForExistingFile( "/", "", _("Select File")); + } + if ( selectfilename != nil ) { + UI::ChangeWidget(`id(`filename), `Value, selectfilename); + } + } + } until ( id2 == `save || id2 == `cancel ); + + if ( id2 == `cancel ) { + UI::CloseDialog(); + return nil; + } + + // + // Update table values + // + if ( id2 == `save ) { + list selectedbits = (list) UI::QueryWidget( `id(`perms), `SelectedItems ); + string newperms = ""; + if ( contains( selectedbits, `write ) ) { + newperms = newperms + "w" ; + } + if ( contains(selectedbits, `mmap ) ) { + newperms = newperms + "m" ; + } + if ( contains(selectedbits, `read ) ) { + newperms = newperms + "r" ; + } + if ( contains(selectedbits, `link ) ) { + newperms = newperms + "l" ; + } + if ( contains(selectedbits, `lock ) ) { + newperms = newperms + "k" ; + } + if ( contains(selectedbits, `append ) ) { + newperms = newperms + "a" ; + } + if ( contains(selectedbits, `execute) ) { + if ( contains(selectedbits, `profile) ) { + newperms = newperms + "p" ; + } else if ( contains(selectedbits, `inherit) ) { + newperms = newperms + "i" ; + } else if ( contains(selectedbits, `unconstrained) ) { + newperms = newperms + "u" ; + } else if ( contains(selectedbits, `clean_unconstrained) ) { + newperms = newperms + "U" ; + } else if ( contains(selectedbits, `clean_profile) ) { + newperms = newperms + "P" ; + } + newperms = newperms + "x" ; + } + filename = tostring( UI::QueryWidget(`id(`filename), `Value) ); + UI::CloseDialog(); + if ( filename == "" || newperms == "" ) { + Popup::Error(_("Entry will not added. Entry name or permissions not defined.")); + results = nil; + } else { + results = $[ "PERM": newperms, "FILE": filename ]; + } + } + return results; +} + +define map fileEntryPopup( string filename, string perms, string profile ) { + return (map) pathEntryPopup( filename, perms, profile, "file" ); +} + +define map dirEntryPopup( string filename, string perms, string profile ) { + return (map) pathEntryPopup( filename, perms, profile, "dir" ); +} + + +define map deleteNetworkRule( map netRules, string rule ) { + map audit = netRules["audit"]:$[]; + map rules = netRules["rule"]:$[]; + list netlist = splitstring( rule, " " ); + integer netrulesize = size( netlist ); + string family = ""; + string sockettype = ""; + + if ( netrulesize == 1 ) { + audit = $[]; + rules = $[]; + } else if ( netrulesize == 2 ) { + family = netlist[1]:""; + audit = remove( audit, family ); + rules = remove( rules, family ); + } else if ( netrulesize == 3 ) { + family = netlist[1]:""; + sockettype = netlist[2]:""; + map a = audit[family]:$[]; + map r = rules[family]:$[]; + a = remove(a, sockettype); + r = remove(r, sockettype); + audit[family] = a; + rules[family] = r; + /*any fam = netRules[family]:nil; + if ( is( fam, map ) ) { + fam = remove( ((map) fam), sockettype ); + netRules[family] = fam; + } else { + y2warning("deleteNetworkRule: deleting non-existing rule: " + + rule); + }*/ + } + return $["audit" : audit, "rule" : rules]; +} + +define map addNetworkRule( map netRules, string rule ) { + map audit = netRules["audit"]:$[]; + map rules = netRules["rule"]:$[]; + list netlist = splitstring( rule, " " ); + integer netrulesize = size( netlist ); + string family = ""; + string sockettype = ""; + + if ( netrulesize == 1 ) { + return ( $["audit" : $["all":1], "rule" : $["all" :1] ] ); + } + else{ + if (haskey(audit, "all") && haskey(rules, "all")) { + audit = remove(audit, "all"); + rules = remove(rules, "all"); + } + + if ( netrulesize == 2 ) { + family = netlist[1]:""; + audit[family] = 0; + rules[family] = 1; + } else if ( netrulesize == 3 ) { + family = netlist[1]:""; + sockettype = netlist[2]:""; + audit[family] = add(audit[family]:$[], sockettype,0); + rules[family] = add(rules[family]:$[], sockettype,1); + } + /*any any_fam = netRules[family]:nil; + map fam = nil; + if ( is( any_fam, map ) ) { + fam = (map) any_fam; + } + if ( fam == nil ) { + fam = $[]; + } + fam[sockettype] = "1"; + netRules[family] = fam;*/ + } + return $[ "audit": audit, "rule": rules]; +} + +define map editNetworkRule( map netRules, string old, string new ) { + netRules = deleteNetworkRule( netRules, old ); + netRules = addNetworkRule( netRules, new ); + return( netRules ); +} + +// +// generateTableContents - generate the list that is used in the table to display the profile +// + +define list generateTableContents( map paths, map network, map caps, map includes, map hats ) { + list newlist = []; + + integer indx = 0; + + foreach( string hatname, any hat, (map) hats, { + newlist = add( newlist, `item( `id(indx), "[+] ^"+ hatname, "")); + indx = indx+1; }); + + foreach( string incname, integer incval, (map) includes, { + newlist = add( newlist, `item( `id(indx), "#include " +incname, "")); + indx = indx+1; }); + + foreach( string capname, map capval, (map) caps, { + map capdef = capdefs[capname]:nil; + newlist = add( newlist, `item( `id(indx), capdef["name"]:"", "")); + indx = indx+1; }); + + foreach( string name, map val, (map) paths, { + string mode = (string) SCR::Execute(.subdomain_profiles.mode_to_string, val["mode"]:0); + newlist = add( newlist, `item( `id(indx), name, mode)); + indx = indx+1; }); + + map rules = network["rule"]:$[]; + foreach( string family, any any_fam, (map) rules, { + if ( is( any_fam, map ) ) { + foreach( string socktype, any any_type, (map) any_fam, { + newlist = add( newlist, + `item( `id(indx), + "network " + family + " " + socktype, + "" + ) + ); + indx = indx+1; + }); + } else { + // Check for all network + if ( family == "all" ) { + newlist = add( newlist, + `item( `id(indx), + "network", + "" + ) + ); + indx = indx+1; + } else { + newlist = add( newlist, + `item( `id(indx), + "network " + family, + "" + ) + ); + indx = indx+1; + } + } + }); + return newlist; +} + + +define map collectHats(map profile, string pathname ) { + map hats = $[]; + y2debug("collecting hats for " + pathname); + if( profile != nil){ + foreach( string resname, any resource, (map) profile, { + if ( resname != pathname ) { + map hat = tomap(resource); + if ( hat != nil ) { + y2debug("HAT " + resname); + hats = add(hats, resname, resource); + } + } + }); + } + return hats; +} + + +// +// Prompts the user for a hatname +// Side-Effect: sets Settings["CURRENT_HAT"] +// returns true (hat entered) +// false (user aborted) +// +define boolean newHatNamePopup(string parentProfile, map currentHats ) { + +term intro = `VBox( + `Top( + `VBox( + `VSpacing(1), + `Left(`Label( _("Please enter the name of the Hat that you would like \nto add to the profile") + " " + parentProfile + ".")), + `VSpacing(0.5), + `Left( + `TextEntry( + `id(`hatname), + _("&Hat name to add"), + "" + ) + ), + `VSpacing(`opt(`vstretch), 0.25) + ) + ), + `HBox( + `HSpacing(`opt(`hstretch), 0.1), + `HCenter(`PushButton(`id(`create), _("&Create Hat"))), + `HCenter(`PushButton(`id(`abort), Label::AbortButton())), + `HSpacing(`opt(`hstretch), 0.1), + `VSpacing(1) + ) + ); + + UI::OpenDialog(intro); + UI::SetFocus(`id(`hatname)); + while (true) { + any input = Wizard::UserInput(); + if(input == `create) { + string hatname = (string) UI::QueryWidget(`id(`hatname), `Value); + // Check for no application entry in the dialog + if ( hatname == "" ) { + Popup::Error(_("You have not given a name for the hat you want to add.\nPlease +enter a hat name to create a new hat, or press Abort to cancel this wizard.")); + } else if ( haskey( currentHats, hatname ) ) { + Popup::Error(_("The profile already contains the provided hat name. +Please enter a different name to try again, or press Abort to cancel this wizard.")); + } else { + Settings["CURRENT_HAT"] = hatname; + UI::CloseDialog(); + return true; + } + } else { + UI::CloseDialog(); + return false; + } + } +} + +define symbol DisplayProfileForm(string pathname, boolean hat) { + map profile_map = (map) Settings["PROFILE_MAP"]:$[]; + map profile = (map) profile_map[pathname]:$[]; + map hats = $[]; + if ( !hat ) { + hats = collectHats( profile_map, pathname ); + } + map paths = (map) profile["allow","path"]:$[]; + map caps = (map) profile["allow","capability"]:$[]; + map includes = (map) profile["include"]:$[]; + map netdomain = (map) profile["allow", "netdomain"]:$[]; + list profilelist = generateTableContents( paths, + netdomain, + caps, + includes, + hats ); + + + // FIXME: format these texts better + + /* help text */ + string help1 = _("

In this form you can view and modify the contents of an individual profile. +For existing entries you can double click the permissions to access a modification dialog.

"); + + /* help text */ + string help2 = _("

Permission Definitions:
r - read
+w -write
l - link
m - mmap PROT_EXEC
k - file locking
+a - file append
x - execute
i - inherit
p - discrete profile
+P - discrete profile
(*clean exec)
u - unconstrained
+U -unconstrained
(*clean exec)

"); + + /* help text */ + string help3 = _("

Add Entry:
Select the type of resource to add from the drop down list.

"); + + /* help text - part x1 */ + string help4 = _("

  • File
    Add a file entry to this profile
    • "); + /* help text - part x2 */ + string help5 = _("
  • Directory
    Add a directory entry to this profile
    • "); + /* help text - part x3 */ + string help6 = _("
  • Capability
    Add a capability entry to this profile
    • "); + /* help text - part x4 */ + string help7 = _("
  • Include
    Add an include entry to this profile. This option +includes the profile entry contents of another file in this profile at load time.
    • "); + /* help text - part x5 */ + string help_net = _("
  • Network Entry
    Add a network rule entry to this profile. +This option will allow you to specify network access privileges for the profile. +You may specify a network address family and socket type.
    • "); + /* help text - part x6 */ + string helpHat = _("
  • Hat
    Add a sub-profile for this profile - called a Hat. +This option is analogous to manually creating a new profile, which can selected +during execution only in the context of being asked for by a changehat aware +application. For more information on changehat please see man changehat on your +system or the Novell AppArmor Administration Guide.
    • "); + /* help text - part x7 */ + string helpEdit = _("

Edit Entry:
Edit the selected entry.

"); + + /* help text */ + string help8 = _("

Delete Entry:
Removes the selected entry from this profile.

"); + + /* help text - part y1 */ + string help9 = _("

*Clean Exec
The Clean Exec option for the discrete profile +and unconstrained execute permissions provide added security by stripping the environment +that is inherited by the child program of specific variables. These variables are:"); + /* help text - part y2 */ + string help10 = "

  • GCONV_PATH
  • GETCONF_DIR
  • HOSTALIASES
  • LD_AUDIT
  • LD_DEBUG
  • LD_DEBUG_OUTPUT
  • LD_DYNAMIC_WEAK
  • LD_LIBRARY_PATH
  • LD_ORIGIN_PATH
  • LD_PRELOAD
  • LD_PROFILE
  • LD_SHOW_AUXV
  • LD_USE_LOAD_BIAS
  • LOCALDOMAIN
  • LOCPATH
  • MALLOC_TRACE
  • NLSPATH
  • RESOLV_HOST_CONF
  • RES_OPTION
  • TMPDIR
  • TZDIR

"; + + + integer listnum = 0; + list itemList = [ `item( `id( `file ), _("&File") ), + `item( `id( `net ), _("Network &Rule") ), + `item( `id( `dir ), _("&Directory") ), + `item( `id( `cap ), _("&Capability") ), + `item( `id( `include ), _("&Include File") ), + ]; + + + string mainLabel = ""; + + if ( hat ) { + mainLabel = _("AppArmor profile ") + Settings["CURRENT_PROFILE"]:"" + "^" + pathname; + } else { + itemList = add(itemList,`item( `id( `hat ), _("&Hat") )); + mainLabel = _("AppArmor profile for ") + pathname ; + } + // Define the widget contents + // for the Wizard + term contents_main_profile_form = + `VBox( + `Label(mainLabel), + `HBox( + `VSpacing(10), + `Table(`id(`table), `opt(`notify, `immediate ), `header(_("File Name"), _("Permissions")), profilelist) + ), + `VSpacing(0.5), + `HBox( + `HSpacing(`opt(`hstretch), 0.1), + `HCenter( `MenuButton(`id(`addMenu), _("Add Entry"), itemList)), + `HCenter(`PushButton(`id(`edit), _("&Edit Entry"))), + `HCenter(`PushButton(`id(`delete), _("&Delete Entry"))), + `HSpacing(`opt(`hstretch), 0.1), + `VSpacing(1) + ), + `VSpacing(1) + ); + string help = ""; + string formtitle = ""; + if ( hat ) { + help = help1 + help2 + help3 + help4 + help5 + help6 + help7 + help_net + help8 + helpEdit + help9 + help10; + formtitle = _("AppArmor Hat Dialog"); + } else { + help = help1 + help2 + help3 + help4 + help5 + help6 + help7 + help_net + helpHat + helpEdit + help8 + help9 + help10; + formtitle = _("AppArmor Profile Dialog"); + } + Wizard::SetContentsButtons( formtitle, contents_main_profile_form, help, Label::BackButton(), _("&Done") ); + + + + map event = $[]; + any id = nil; + while( true ) + { + event = UI::WaitForEvent( timeout_millisec ); + id = event["ID"]:nil; // We'll need this often - cache it + integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); + if ( (( id == `table ) && (event["EventReason"]:nil == "Activated" )) || + ( id == `edit) ) + { + // Widget activated in the table + string rule = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); + integer findcap = find( rule, "CAP_"); + integer findinc = find( rule, "#include"); + integer findhat = find( rule, "[+] ^"); + integer findnet = find( rule, "network"); + string oldrule = rule; + if ( findcap == 0 ) { + caps = capabilityEntryPopup( caps, rule, pathname ); + profile["allow", "capability"] = caps; + } else if ( findinc == 0 ) { + Popup::Error(_("Include entries can not be edited. Please select add or delete to manage Include entries.")); + continue; + } else if ( findhat == 0 ) { + string hatToEdit = substring( rule, 5); + Settings["CURRENT_HAT"] = hatToEdit; + return `showhat; + } else if ( findnet == 0 ) { + string newrule = networkEntryPopup( rule ); + if ( newrule != "" && newrule != rule ) { + netdomain = editNetworkRule( netdomain, rule, newrule ); + } + profile["allow","netdomain"] = netdomain; + } else { + string perms = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 2, ""); + map results = fileEntryPopup( rule, perms, pathname ); + integer newperms = 0; + newperms = (integer) SCR::Execute(.subdomain_profiles.string_to_mode, results["PERM"]:""); + rule = results["FILE"]:""; + if ( rule != "" ) { + if ( rule != oldrule ) { + paths = remove( paths, oldrule ); + } + paths = add(paths, rule, $[ "audit": 0, "mode": newperms]); + profile["allow","path"] = paths; + } + } + profile_map[pathname] = profile; + Settings["PROFILE_MAP"] = profile_map; + list profilelist = generateTableContents( paths, + netdomain, + caps, + includes, + hats ); + UI::ChangeWidget( `id(`table), `Items, profilelist ); + UI::ChangeWidget( `id(`table), `CurrentItem, itemselected ); + } else if ( id == `delete ) { + string rule = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); + integer findcap = find( rule, "CAP_"); + integer findinc = find( rule, "#include"); + integer findhat = find( rule, "[+] ^"); + integer findnet = find( rule, "network"); + + if ( findcap == 0 ) { + string capNameToDelete = linnametolp[rule]:""; + caps = remove( caps, capNameToDelete ); + profile["allow", "capability"] = caps; + } else if ( findinc == 0 ) { + string includeToRemove = substring( rule, 9); + includes = remove( includes, includeToRemove ); + profile["include"] = includes; + } else if ( findhat == 0 ) { + string hatToRemove = substring( rule, 5); + hats = remove( hats, hatToRemove); + profile_map = remove( profile_map, hatToRemove ); + } else if ( findnet == 0 ) { + netdomain = deleteNetworkRule( netdomain, rule ); + profile["allow","netdomain"] = netdomain; + } else { + paths = remove( paths, rule ); + profile["allow","path"] = paths; + } + profile_map[pathname] = profile; + Settings["PROFILE_MAP"] = profile_map; + list profilelist = generateTableContents( paths, + netdomain, + caps, + includes, + hats ); + UI::ChangeWidget( `id(`table), `Items, profilelist ); + UI::ChangeWidget( `id(`table), `CurrentItem, (itemselected == 0) ? 0 : itemselected -1 ); + } else if ( id == `file || id == `dir ) { + string addfname = ""; + integer addperms = 0; + map newentry = nil; + if ( id == `dir ) { + newentry = dirEntryPopup( "", "", pathname ); + } else { + newentry = fileEntryPopup( "", "", pathname ); + } + if ( newentry == nil ) { + continue; + } + addfname = newentry["FILE"]:""; + addperms = (integer) SCR::Execute(.subdomain_profiles.string_to_mode, newentry["PERM"]:""); + // Make sure that the entry doesn't already exist + paths = add( paths, addfname, $["audit":0, "mode": addperms] ); + profile["allow","path"] = paths; + profile_map[pathname] = profile; + Settings["PROFILE_MAP"] = profile_map; + list profilelist = generateTableContents( paths, + netdomain, + caps, + includes, + hats ); + UI::ChangeWidget( `id(`table), `Items, profilelist ); + UI::ChangeWidget( `id(`table), `CurrentItem, itemselected ); + } else if ( id == `cap ) { + caps = capabilityEntryPopup( caps, "", pathname ); + profile["allow","capability"] = caps; + profile_map[pathname] = profile; + Settings["PROFILE_MAP"] = profile_map; + list profilelist = generateTableContents( paths, + netdomain, + caps, + includes, + hats ); + UI::ChangeWidget( `id(`table), `Items, profilelist ); + } else if ( id == `hat ) { + if ( hat ) { + Popup::Error(_("Hats can not have embedded hats.")); + } + boolean hatCreated = newHatNamePopup( pathname, hats ); + if ( hatCreated == true ) { + return `showhat; + } + } else if ( id == `include ) { + list customIncludes = (list ) SCR::Read(.subdomain, "custom-includes"); + string newInclude = UI::AskForExistingFile( "/etc/apparmor.d/abstractions", "", _("Select File To Include")); + if ( newInclude == nil || (string)newInclude == "" ) { + continue; + } + list validIncludes = [ "/etc/apparmor.d/abstractions", "/etc/apparmor.d/program-chunks", "/etc/apparmor.d/tunables" ]; + foreach( string incPath, customIncludes, { + validIncludes = add( validIncludes, "/etc/apparmor.d/" + incPath); + }); + + integer result = 0; + boolean includePathOK = false; + foreach( string pathToCheck, (list) validIncludes, { + result = find (newInclude, pathToCheck); + if ( result != -1 ) { + includePathOK = true; + } + }); + + if ( ! includePathOK ) { + string pathListMsg = ""; + foreach( string pathItem, (list) validIncludes, { + pathListMsg = pathListMsg + "\n " + pathItem; + }); + Popup::Error(_("Invalid #include file. Include files must be located in one of these directories: \n") + pathListMsg ); + } else { + string includeName = substring(newInclude, 16 ); + includes = add( includes, includeName, 1 ); + profile["include"] = includes; + profile_map[pathname] = profile; + Settings["PROFILE_MAP"] = profile_map; + list profilelist = generateTableContents( paths, + netdomain, + caps, + includes, + hats ); + UI::ChangeWidget( `id(`table), `Items, profilelist ); + } + } else if ( id == `net ) { + string newrule = networkEntryPopup( "" ); + if ( newrule != "" ) { + netdomain = addNetworkRule( netdomain, newrule ); + profile["allow","netdomain"] = netdomain; + profile_map[pathname] = profile; + Settings["PROFILE_MAP"] = profile_map; + list profilelist = generateTableContents( paths, + netdomain, + caps, + includes, + hats ); + UI::ChangeWidget( `id(`table), `Items, profilelist ); + } + } else if ( id == `abort || id == `cancel ) { + break; + } else if ( id == `back ) { + break; + } else if ( id == `next ) { + if ( ! hat ) { + if (Popup::YesNoHeadline(_("Save changes to the Profile"), + _("Would you like to save the changes to this profile? \n(Note: after saving the changes the AppArmor profiles will be reloaded.)"))) { + map argmap = $[ "PROFILE_HASH" : Settings["PROFILE_MAP"]:$[], + "PROFILE_NAME" : pathname + ]; + any result = SCR::Write(.subdomain_profiles, argmap); + any result2 = SCR::Write(.subdomain_profiles.reload, "-"); + } + } else { + if ( ! haskey(hats, Settings["CURRENT_HAT"]:"") ) { + profile["allow","path"] = paths; + profile["allow","capability"] = caps; + profile["include"] = includes; + profile_map[pathname] = profile; + Settings["PROFILE_MAP"] = profile_map; + } + return `next; + } + break; + } else { + y2error("Unexpected return code: %1", id); + continue; + } + } + return (symbol) id; +} + + + // + // Select a profile to edit and populate + // Settings["CURRENT_PROFILE"]: profile name + // Settings["PROFILE_MAP"]: map containing the profile + // +define symbol SelectProfileForm( map profiles, string formhelp, string formtitle, string iconname ) { + list profilelisting = []; + integer indx = 0; + foreach( string p, any ignore, (map) profiles, { + profilelisting = add( profilelisting, `item( `id(p), p)); + indx = indx+1; + }); + + term contents_select_profile_form = + `VBox( + `VSpacing(2), + `SelectionBox( `id(`profilelist), `opt(`notify), _("Profile Name"), profilelisting ), + `VSpacing(3) + ); + + // + // Create the Dialog Window and parse user input + // + Wizard::CreateDialog(); + Wizard::SetContents( formtitle, contents_select_profile_form, formhelp, false, true ); + Wizard::SetTitleIcon(iconname); + + map event = $[]; + any id = nil; + string profilename = ""; + while( true ) + { + event = UI::WaitForEvent( timeout_millisec ); + id = event["ID"]:nil; // We'll need this often - cache it + if ( id == `next || id == `profilelist ) { + profilename = tostring( UI::QueryWidget(`id(`profilelist), `CurrentItem) ); + if ( profilename != nil && profilename != "" ) { + break; + } else { + Popup::Error(_("You must select a profile to edit")); + continue; + } + } // TODO ELSE POPUP NO ENTRY SELECTED ERROR + if(id == `abort || id == `cancel) { + break; + } else if(id == `back) { + break; + } else { + y2error("Unexpected return code: %1", id); + continue; + } + } + if ( id == `next || id == `profilelist) { + Settings["CURRENT_PROFILE"] = profilename; + Settings["PROFILE_MAP"] = profiles[profilename]:nil; + id = `next; + } + UI::CloseDialog(); + return (symbol) id; + } + +} + --- /dev/null +++ b/src/include/apparmor/report_helptext.ycp @@ -0,0 +1,158 @@ +/* ------------------------------------------------------------------ +* +* Copyright (C) 2002-2005 Novell/SUSE +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of version 2 of the GNU General Public +* License published by the Free Software Foundation. +* + ------------------------------------------------------------------*/ + +{ + +textdomain "yast2-apparmor"; + +string defs = _("Program Name Pattern:
When you enter a program name or pattern +that matches the name of the binary executable of the program of +interest, the report will display security events that have +occurred for a specific program.
") + + +_("Profile Name Pattern: When you enter the name of the profile, +the report will display the security events that are generated for +the specified profile. You can use this to see what is being confined +by a specific profile.
") + + +_("PID Number: Process ID number is a number that uniquely identifies +one specific process or running program (this number is valid only +during the lifetime of that process).
") + + +_("Severity Level: Select the lowest severity level for security +events that you would like to be included in the report. The selected +severity level, and above, will be included in the reports.
") + + +_("Detail: A source to which the profile has denied access. +This includes capabilities and files. You can use this field to +report the resources are not allowed to be accessed by profiles.
") + + +_("Mode: The Mode is the permission that the profile grants +to the program or process to which it is applied. The options are: +r (read) w (write) l (link) x (execute)
") + + +_("Access Type: The access type describes what is actually happening +with the security event. The options are: PERMITTING, REJECTING, +or AUDITING.
") + + +_("CSV or HTML: Enables you to export a CSV (comma separated +values) or html file. The CSV file separates pieces of data in +the log entries with commas using a standard data format for +importing into table-oriented applications. You can enter a +pathname for your exported report by typing in the full +pathname in the field provided.

"); + +string setArchHelp = _("

The Report Configuration dialog enables you to filter the archived +report selected in the previous screen. To filter by Date Range:") + + +_("

  1. Click Filter By Date Range. The fields become active.
    2. +
  2. Enter the start and end dates that delineate the scope of the report.
    3. +
  3. Enter other filtering parameters. See below for definitions of parameters.

") + + +_("The following definitions help you to enter the filtering parameters in the +Report Configuration Dialog:
") + defs; + + +string types = _("Executive Security Summary: A combined report, +consisting of one or more Security incident reports from +one or more machines. This report provides a single view of +security events on multiple machines.
") + + +_("Applications Audit Report: An auditing tool that +reports which application servers are running and whether +the applications are confined by AppArmor. Application +servers are applications that accept incoming network connections.
") + + +_("Security Incident Report: A report that displays application +security for a single host. It reports policy violations for locally +confined applications during a specific time period. You can edit and +customize this report, or add new versions.

"); + +string runHelp = _("

The AppArmor On-Demand Report screen displays +an instantly generated version of one of the following +reports:
") + types; + + +string filterCfHelp1 = setArchHelp; +/* START Help Section +************************************************************/ + +string repGenHelpText = _("

Generate Reports Help

If there were, in fact, +going to be any help for you (which, incidentally, there isn't going to be), +then you would indeed find said help, here.

Thank you for your time, +and have a nice day.

"); + + + +string schedHelpText = +_("

The summary of scheduled reports page shows us when reports are scheduled to run. +Reports can be set to run monthly, weekly, daily, or hourly. The default settings are +daily at midnight. The reports can also be emailed, upon completion, to up to three +email recipients.
") + + +_("In the Set Schedule section, you can schedule the following three types of security reports:
") + types; + +string archHelpText = _("

The View Archive Reports form enables you to view +previously generated reports, located in the /var/log/apparmor/reports-archived +directory. The checkboxes at the top of the form enable you to narrow-down +the category of reports shown in the list to the following: SIR Reports, AUD +Reports, or ESS Reports. To see report details, select a report and click the +View button.

You can view reports from one or more systems if +you move the reports to the /var/log/apparmor/reports-archived directory.

"); + +string mainHelp = schedHelpText; + + +list helpList = [ schedHelpText ]; + +term defaultHelp = `RichText ( schedHelpText ); +term schedHelp = `RichText ( schedHelpText ); +term repGenHelp = `RichText ( repGenHelpText ); +term archHelp = `RichText ( archHelpText ); +term otherHelp = `RichText ( archHelpText ); + +string repConfHelp = _("repConfHelp"); + +string sirHelp = _("

Security Incident Report (SIR): A report that displays security +events of interest to an administrator. The SIR reports policy violations +for locally confined applications during the specified time period. The SIR +reports policy exceptions and policy engine state changes. These two types +of security events are defined as follows:") + + +_("

  • Policy Exceptions: When an application requests a resource +that's not defined within its profile, a security event is generated.
    • +
  • Policy Engine State Changes: Enforces policy for applications and +maintains its own state, including when engines start or stop, when a policy +is reloaded, and when global security feature are enabled or disabled.
+Select the report from the archive, then View to see the report details.

"); + + +string audHelp = _("

Applications Audit Report (AUD): An auditing tool +that reports which application servers are running and whether they are confined +by AppArmor. Application servers are applications that accept incoming network +connections. This report provides the host machine's IP Address, the date the +Applications Audit Report ran, the name and path of the unconfined program or +application server, the suggested profile or a placeholder for a profile for an +unconfined program, the process ID number, The state of the program (confined or +unconfined), and the type of confinement that the profile is performing +(enforce/complain).

"); + +string essHelp = _("

Executive Security Summary (ESS): A combined report, +consisting of one or more high-level reports from one or more machines. This +report can provide a single view of security events on multiple machines if each +machine's data is copied to the reports archive directory, which is +/var/log/apparmor/reports-archived. This report provides the host +machine's IP address, the start and end dates of the polled events, total number +of rejects, total number of events, average of severity levels reported, and the +highest severity level reported. One line of the ESS report represents a range +of SIR reports.

"); + +} + --- /dev/null +++ b/src/include/apparmor/reporting_archived_dialogs.ycp @@ -0,0 +1,307 @@ +/* ------------------------------------------------------------------ +* +* Copyright (C) 2002-2005 Novell/SUSE +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of version 2 of the GNU General Public +* License published by the Free Software Foundation. +* + ------------------------------------------------------------------*/ + +{ + +import "Wizard"; +import "Popup"; +import "Label"; +include "subdomain/report_helptext.ycp"; +include "subdomain/reporting_utils.ycp"; +textdomain "yast2-apparmor"; + +// Global +integer timeout_millisec = 20 * 1000; + +//define term turnReportPage (integer curPage) { +define term turnArchReportPage (integer curPage, integer lastPage) { + + map Settings = $[ ]; + list reportList = []; + + string currentPage = tostring( curPage ); + string slastPage = tostring( lastPage ); + Settings["page"] = currentPage; + Settings["turnArch"] = "1"; + Settings["turnPage"] = "1"; + + reportList = getReportList("sir",Settings); + + // poor i18n + string myLabel = _("Archived Security Incident Report - Page ") + currentPage + _(" of ") + slastPage; + + term odForm = + + `Frame( `id(`odframe), myLabel, + + `VBox( + `HBox( + `VSpacing(10), + makeSirTable(reportList), + `VSpacing(0.5) + ), + `HSpacing(`opt(`hstretch), 1.0), + `VSpacing(0.5), + `HBox( + `PushButton(`id(`first), _("F&irst") ), + `PushButton(`id(`prev), _("&Previous") ), + `PushButton(`id(`psort), _("&Sort") ), + `PushButton(`id(`fwd), _("&Forward") ), + `PushButton(`id(`last), _("&Last") ) + ), + `VSpacing(1) + )); + + return odForm; +} + +define term filterArchForm() { + + string expPath = "/var/log/apparmor/reports-exported"; + + term arForm = + + `Top(`VBox( + `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )), + `Frame( `id(`bydate_frame), _(" Select Date Range ") , + `VBox( + `Label( _("Enter Starting Date/Time") ), + `HBox( + `HSpacing( `opt(`hstretch), 1), + `IntField(`id(`startHours), _("Hours"), 0, 23, 0), + `IntField(`id(`startMins), _("Minutes"), 0, 59, 0), + `IntField(`id(`startDay), _("Day"), 1, 31, 1), + `IntField(`id(`startMonth), _("Month"), 1, 12, 1), + `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005) + ), + `VSpacing(1.0), + `Label( _("Enter Ending Date") ), + `HBox( + `HSpacing( `opt(`hstretch), 1), + `IntField(`id(`endHours), _("Hours"), 0, 23, 0), + `IntField(`id(`endMins), _("Minutes"), 0, 59, 0), + `IntField(`id(`endDay), _("Day"), 1, 31, 1), + `IntField(`id(`endMonth), _("Month"), 1, 12, 1), + `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005) + ), + `VSpacing(1.0) + )), + `VSpacing( 1.0 ), + `HBox( + `HWeight( 4, `TextEntry(`id(`prog), _("Program name") )), + `HWeight( 4, `TextEntry(`id(`prof), _("Profile name") )), + `HWeight( 3, `TextEntry(`id(`pid), _("PID number") )), + `HWeight( 2, + `ComboBox(`id(`sev), _("Severity"), [ + _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" + ]) ), + `HSpacing( `opt(`hstretch), 5) + ), + `HBox( + `HWeight( 3, `TextEntry(`id(`res), _("Detail") )), + `HWeight( 3, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))), + `HWeight( 3, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))), + `HSpacing( `opt(`hstretch), 5) + ), + `VSpacing( 0.5 ), + + `HBox( + `VSpacing(0.5), + `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [ + _("None"), _("csv"), _("html"), _("Both") + ]), + `TextEntry(`id(`expPath), _("Location to store log."), expPath ), + `Bottom( `VWeight( 1, `PushButton(`id(`accept), Label::AcceptButton()) )), + `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) + ) + )); + + return arForm; +} + +define map setArchFilter() { + + map Settings = $[]; + + term archForm = filterArchForm(); + Wizard::SetContentsButtons( _("Report Configuration Dialog"), archForm, + setArchHelp, Label::BackButton(), Label::NextButton() ); + + UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); + + string mode = "All"; + string sdmode = "R"; + + map event = $[]; + any id = nil; + + while ( true ) { + + event = UI::WaitForEvent( timeout_millisec ); + id = event["ID"]:nil; // We'll need this often - cache it + + if ( id == `bydate ) { + + UI::ChangeWidget(`id(`bydate_frame), `Enabled, true); + + } else if ( id == `next || id == `save ) { + + boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value); + + if ( bydate == true ) { + + integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value); + integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value); + integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value); + integer startHours = (integer) UI::QueryWidget(`id(`startHours), `Value); + integer startMins = (integer) UI::QueryWidget(`id(`startMins), `Value); + integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value); + integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value); + integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value); + integer endHours = (integer) UI::QueryWidget(`id(`endHours), `Value); + integer endMins = (integer) UI::QueryWidget(`id(`endMins), `Value); + + // start_day & start_month are mutually exclusive + if ( id == `startDay ) { + UI::ChangeWidget(`id(`startMonth), `Value, 0); + } else if ( id == `startMonth ) { + UI::ChangeWidget(`id(`startDay), `Value, 0); + } + + // start_day & start_month are mutually exclusive + if ( id == `endDay ) { + UI::ChangeWidget(`id(`endMonth), `Value, 0); + } else if ( id == `endMonth ) { + UI::ChangeWidget(`id(`endDay), `Value, 0); + } + + if ( CheckDate(startDay,startMonth,startYear) == false ) { + Popup::Error( _("Illegal start date entered. Please retry.") ); + continue; + } + + if ( CheckDate(endDay,endMonth,endYear) == false ) { + Popup::Error( _("Illegal end date entered. Please retry.") ); + continue; + } + //////////////////////////////////////////////////////////// + + string startday = tostring(startDay); + string startmonth = tostring(startMonth); + string startyear = tostring(startYear); + string starthours = tostring(startHours); + string startmins = tostring(startMins); + string endday = tostring(endDay); + string endmonth = tostring(endMonth); + string endyear = tostring(endYear); + string endhours = tostring(endHours); + string endmins = tostring(endMins); + + Settings["startday"] = startday; + Settings["startmonth"] = startmonth; + Settings["startyear"] = startyear; + Settings["endday"] = endday; + Settings["endmonth"] = endmonth; + Settings["endyear"] = endyear; + Settings["starttime"] = starthours + ":" + startmins; + Settings["endtime"] = endhours + ":" + endmins; + + } + + string expType = (string) UI::QueryWidget(`id(`exportType), `Value); + string expPath = (string) UI::QueryWidget(`id(`exportPath), `Value); + + if ( expType != "" && expType != "None" ) { + + if ( expType == "csv" ) { + Settings["exporttext"] = "true"; + } else if ( expType == "html" ) { + Settings["exporthtml"] = "true"; + } else if ( expType == "both" ) { + Settings["exporttext"] = "true"; + Settings["exporthtml"] = "true"; + } + } + + string program_name = (string) UI::QueryWidget(`id(`prog), `Value); + string profile = (string) UI::QueryWidget(`id(`prof), `Value); + string pid = (string) UI::QueryWidget(`id(`pid), `Value); + string sev = (string) UI::QueryWidget(`id(`sev), `Value); + string res = (string) UI::QueryWidget(`id(`res), `Value); + string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); + string mode = (string) UI::QueryWidget(`id(`mode), `Label); + string exppath = (string) UI::QueryWidget(`id(`expPath), `Value); + + if (sdmode == "-") { sdmode = "All"; } + if (mode == "-") { mode = "All"; } + + if ( program_name != "" ) { Settings["prog"] = program_name; } + if ( profile != "" ) { Settings["profile"] = profile; } + if ( pid != "" ) { Settings["pid"] = pid; } + if ( sev != "" && sev != "All" ) { Settings["severity"] = sev; } + if ( res != "" ) { Settings["resource"] = res; } + if ( sdmode != "" ) { Settings["sdmode"] = sdmode; } + if ( mode != "" ) { Settings["mode"] = mode; } + if ( exppath != "" ) { Settings["exportPath"] = exppath; } + + id = nil; + break; + + } else if ( id == `sdmode ) { + sdmode = popUpSdMode(); + Settings["sdmode"] = sdmode; + UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: ") + sdmode) ); + + } else if ( id == `mode ) { + mode = popUpMode(); + Settings["mode"] = mode; + UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: ") + mode) ); + + } else if ( id == `abort || id == `cancel || id == `done ) { + Settings["break"] = "abort"; + break; + } else if ( id == `close || id == `back) { + Settings["break"] = "back"; + break; + } + } + + return Settings; +} + +define term viewArchForm(string tab, string logFile, map Settings) { + + Settings["archRep"] = "1"; + Settings["logFile"] = logFile; + Settings["type"] = "archRep"; + + integer curPage = 1; + string currentPage = "1"; + Settings["currentPage"] = currentPage; + + integer isingle = Settings["single"]:1; + string single = "1"; + if ( isingle != nil ) { + single = tostring(isingle); + } + Settings["single"] = single; + + // mark - new + any junk = SCR::Read(.logparse,Settings); + + integer lastPage = getLastPage("sirRep",Settings,""); + term myPage = turnArchReportPage(curPage,lastPage); + + return myPage; +} + + +} + --- /dev/null +++ b/src/include/apparmor/reporting_dialogues.ycp @@ -0,0 +1,2513 @@ +/* ------------------------------------------------------------------ +* +* Copyright (C) 2002-2005 Novell/SUSE +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of version 2 of the GNU General Public +* License published by the Free Software Foundation. +* + ------------------------------------------------------------------*/ +{ + +import "Wizard"; +import "Popup"; +import "Label"; +include "subdomain/reporting_utils.ycp"; +include "subdomain/report_helptext.ycp"; +include "subdomain/reporting_archived_dialogs.ycp"; +textdomain "yast2-apparmor"; + +// Globalz +//integer timeout_millisec = 20 * 1000; +map Settings = $[ ]; +string defExpPath = "/var/log/apparmor/reports-exported"; +string oldExpPath = "/var/log/apparmor/reports-exported"; +string expPath = oldExpPath; + +// This map is to pull the string to send back to the backend agent on save +map md_map= $[ + `md_00: _("All"), + `md_01: "1", `md_02: "2", `md_03: "3", + `md_04: "4", `md_05: "5", `md_06: "6", + `md_07: "7", `md_08: "8", `md_09: "9", + `md_10: "10", `md_11: "11", `md_12: "12", + `md_13: "13", `md_14: "14", `md_15: "15", + `md_16: "16", `md_17: "17", `md_18: "18", + `md_19: "19", `md_20: "20", `md_21: "21", + `md_22: "22", `md_23: "23", `md_24: "24", + `md_25: "25", `md_26: "26", `md_27: "27", + `md_28: "28", `md_29: "29", `md_30: "30", + `md_31: "31" ]; + +string modeToHumanString( string mode) { + return ( mode == "All") ? _("All") : mode; +} + +string humanStringToMode( string hs) { + return ( hs == _("All")) ? "All" : hs ; +} + +string typeToHumanString( string type ) { + string ret = ""; + + switch ( type ) + { + case "Security.Incident.Report": + ret = _("Security Incident Report"); + break; + case "Applications.Audit": + ret = _("Applications Audit Report"); + break; + case "Executive.Security.Summary": + ret = _("Executive Security Summary"); + break; + default: + ret = type; + break; + } + + return ret; +} + +string humanStringToType( string hs ) { + string ret = ""; + + if( hs == _("Security Incident Report")) + ret = "Security.Incident.Report"; + else if ( hs == _("Applications Audit Report")) + ret = "Applications.Audit"; + else if ( hs == _("Executive Security Summary")) + ret = "Executive.Security.Summary"; + else + ret = hs; + + return ret; +} + +// Grey out inappropriate paging buttons +define void setPageButtons(integer curPage, integer lastPage) { + + if (lastPage <= 1 ) { + UI::ChangeWidget(`id(`first), `Enabled, false); + UI::ChangeWidget(`id(`last), `Enabled, false); + UI::ChangeWidget(`id(`prev), `Enabled, false); + UI::ChangeWidget(`id(`fwd), `Enabled, false); + UI::ChangeWidget(`id(`goto), `Enabled, false); + + } else if (curPage <= 1 ) { + UI::ChangeWidget(`id(`first), `Enabled, false); + UI::ChangeWidget(`id(`prev), `Enabled, false); + } else if ( curPage >= lastPage ) { + UI::ChangeWidget(`id(`last), `Enabled, false); + UI::ChangeWidget(`id(`fwd), `Enabled, false); + } else { + UI::SetFocus(`id(`goto)); + } + + return; +} + +// return input from edit scheduled forms as map of strings +define map getSchedSettings( map Settings ) { + + string name = (string) UI::QueryWidget(`id(`name), `Value); + //integer iMonthdate = (integer) UI::QueryWidget(`id(`monthdate), `Value); + any md = (any) UI::QueryWidget(`id(`monthdate), `Value); + string monthdate = (string) md_map[md]:_("All"); + string weekday = (string) UI::QueryWidget(`id(`weekday), `Value); + any iHours = (any) UI::QueryWidget(`id(`hour), `Value); + any iMins = (any) UI::QueryWidget(`id(`mins), `Value); + string expType = (string) UI::QueryWidget(`id(`expType), `Value); + string email1 = (string) UI::QueryWidget(`id(`email1), `Value); + string email2 = (string) UI::QueryWidget(`id(`email2), `Value); + string email3 = (string) UI::QueryWidget(`id(`email3), `Value); + + //string monthdate = tostring( iMonthdate ); + string hour = tostring( iHours ); + string mins = tostring( iMins ); + + if ( weekday == _("All") ) { weekday = "-"; } + if ( monthdate == _("All") ) { monthdate = "-"; } + + // de-i18n + if ( weekday == _("Mon") ) { weekday = "Mon"; } + if ( weekday == _("Tue") ) { weekday = "Tue"; } + if ( weekday == _("Weds") ) { weekday = "Weds"; } + if ( weekday == _("Thu") ) { weekday = "Thu"; } + if ( weekday == _("Fri") ) { weekday = "Fri"; } + if ( weekday == _("Sat") ) { weekday = "Sat"; } + if ( weekday == _("Sun") ) { weekday = "Sun"; } + + Settings["getconf"] = ""; + Settings["setconf"] = "1"; + Settings["name"] = name; + Settings["monthdate"] = monthdate; + + Settings["weekday"] = weekday; + Settings["hour"] = hour; + Settings["mins"] = mins; + if ( expType == _("csv") || expType == _("Both") ) { + Settings["csv"] = "1"; + } else { + Settings["csv"] = "0"; + } + + if ( expType == _("html") || expType == _("Both") ) { + Settings["html"] = "1"; + } else { + Settings["html"] = "0"; + } + + Settings["email1"] = email1; + Settings["email2"] = email2; + Settings["email3"] = email3; + + return Settings; +} + +// Gets list of archived reports based on 'type' +define list getArrayList(string type, string repPath) { + + map Settings = $[ ]; + string readSched = "1"; + Settings["readSched"] = readSched; + Settings["type"] = type; + + if ( repPath != "" ) { + Settings["repPath"] = repPath; + } + + list itemList = []; + + integer key = 1; + + if ( type == "sirRep" || type == "essRep" || type == "audRep" ) { + list db = (list ) SCR::Read (.reports_parse, Settings); + + foreach ( map record, db, { + any strName = record["name"]:nil; + any strTime = record["time"]:nil; + string name = tostring(strName); + string mytime = tostring(strTime); + itemList = add( itemList, `item( `id(key), record["name"]:nil, record["time"]:nil )); + key = key + 1; + }); + + } else if (type == "schedRep") { + + Settings["getcron"] = "1"; + + list db = (list ) SCR::Read (.reports_sched, Settings); + + foreach ( map record, db, { + itemList = add( itemList, `item( `id(key), record["name"]:nil, record["hour"]:nil, record["mins"]:nil, + record["wday"]:nil, record["mday"]:nil )); + key = key + 1; + }); + + } else { + + Popup::Error( _("Unrecognized form request.") ); + + } + + return itemList; +} + + +// Filter form for editing scheduled reports +define term editFilterForm (map Settings) { + + /* debug */ + string prog = Settings["prog"]:""; + string prof = Settings["prof"]:""; + string pid = Settings["pid"]:""; + string res = Settings["res"]:""; + string sdmode = Settings["sdmode"]:"R"; + string mode = Settings["mode"]:"All"; + string sev = Settings["sev"]:"All"; + + term eForm = `VBox( + + `VSpacing( 0.5 ), + `HBox( + `HWeight( 5, `TextEntry(`id(`prog), _("Program name"), prog )), + `HWeight( 5, `TextEntry(`id(`prof), _("Profile name"), prof )), + `HSpacing( `opt(`hstretch), 1) + ), + `VSpacing( 0.5 ), + `HBox( + `HWeight( 5, `TextEntry(`id(`pid), _("PID number"), pid )), + `HWeight( 5, `TextEntry(`id(`res), _("Detail"), res )), + `HSpacing( `opt(`hstretch), 1) + ), + `VSpacing( 0.5 ), + `HBox( + `HWeight( 2, + `ComboBox(`id(`sev), _("Severity"), [ + _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" + ]) ), + `VBox( + `Label( _("Access Type: ") ), + `Bottom( `HWeight( 4, + `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode ))))) + ), + `VBox( + `Label( _("Mode: ") ), + `Bottom( `HWeight( 4, + `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode ))))) + ), + `HSpacing( `opt(`hstretch), 1) + ), + `VSpacing( 1 ), + `HBox( + `PushButton(`id(`cancel), Label::CancelButton() ), + `PushButton(`id(`save), Label::SaveButton() ) + ) + ); + + return eForm; +} + +term schedFilterForm = + + `VBox( + `VSpacing( 0.5 ), + `HBox( + `HWeight( 5, `TextEntry(`id(`prog), _("Program name") )), + `HWeight( 5, `TextEntry(`id(`prof), _("Profile name") )), + `HSpacing( `opt(`hstretch), 1) + ), + `VSpacing( 0.5 ), + `HBox( + `HWeight( 5, `TextEntry(`id(`pid), _("PID number") )), + `HWeight( 5, `TextEntry(`id(`res), _("Detail") ) ), + `HSpacing( `opt(`hstretch), 1) + ), + `VSpacing( 0.5 ), + `HBox( + `HWeight( 2, + `ComboBox(`id(`sev), _("Severity"), [ + _("All"), "U", "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" + ]) ), + + `VBox( + `Label( _("Access Type: ") ), + `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), "R" )) + ), + `VBox( + `Label( _("Mode: ") ), + `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("All") )) + ), + + //`HWeight( 4, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))), + //`HWeight( 4, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))), + `HSpacing( `opt(`hstretch), 1) + ), + `VSpacing( 1 ), + `HBox( + `PushButton(`id(`cancel), Label::CancelButton() ), + `PushButton(`id(`save), Label::SaveButton() ) + ) + ); + +term filterForm = + + `VBox( + `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )), + `Frame( `id(`bydate_frame), _(" Select Date Range "), + `VBox( + `Label( _("Enter Starting Date/Time") ), + `HBox( + `HSpacing( `opt(`hstretch), 1), + `IntField(`id(`startHours), _("Hours"), 00, 23, 00), + `IntField(`id(`startMins), _("Minutes"), 00, 59, 00), + `IntField(`id(`startDay), _("Day"), 01, 31, 01), + `IntField(`id(`startMonth), _("Month"), 01, 12, 01), + `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005) + ), + `VSpacing(1.0), + `Label( _("Enter Ending Date") ), + `HBox( + `HSpacing( `opt(`hstretch), 1), + `IntField(`id(`endHours), _("Hours"), 0, 23, 0), + `IntField(`id(`endMins), _("Minutes"), 0, 59, 0), + `IntField(`id(`endDay), _("Day"), 1, 31, 1), + `IntField(`id(`endMonth), _("Month"), 1, 12, 1), + `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005) + ) + ), + `VSpacing(1.0), + `HBox( + `HWeight( 4, `TextEntry(`id(`prog), _("Program name")) ), + `HWeight( 4, `TextEntry(`id(`prof), _("Profile name")) ), + `HWeight( 3, `TextEntry(`id(`pid), _("PID number")) ), + `HWeight( 2, + `ComboBox(`id(`sev), _("Severity"), [ + _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" + ]) ), + `HSpacing( `opt(`hstretch), 5) + ), + `HBox( + `HWeight( 3, `TextEntry(`id(`res), _("Detail") ) ), + + `VBox( + `Label( _("Access Type: ") ), + `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), "R" )) + ), + `VBox( + `Label( _("Mode: ") ), + `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("All") )) + ), + + + //`HWeight( 3, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))), + //`HWeight( 3, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))), + `HSpacing( `opt(`hstretch), 5) + ), + `VSpacing( 0.5 ), + + `HBox( + `VSpacing(0.5), + // DWR MOD `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [ + `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [ + _("None"), _("csv"), _("html"), _("Both") + ]), + `TextEntry(`id(`expPath), _("Location to store log."), expPath ), + `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) + ) + + )); + +// filter-defining form +define term filterForm2(string name, map preFilters) { + + any aprog = preFilters["prog"]:nil; + any aprof = preFilters["profile"]:nil; + any apid = preFilters["pid"]:nil; + any ares = preFilters["resource"]:nil; + any amode = preFilters["mode"]:"All"; + any asdmode = preFilters["sdmode"]:"All"; + + string prog = ""; + string prof = ""; + string pid = ""; + string res = ""; + string mode = ""; + string sdmode = ""; + + if ( aprog != nil ) { prog = tostring(aprog); } + if ( aprof != nil ) { prof = tostring(aprof); } + if ( apid != nil ) { pid = tostring(apid); } + if ( ares != nil ) { res = tostring(ares); } + if ( amode != nil ) { mode = tostring(amode); } + if ( asdmode != nil ) { sdmode = tostring(asdmode); } + if (sdmode == "-") { sdmode = "All"; } + if (mode == "-") { mode = "All"; } + + term ff2 = + `Top(`VBox( + `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )), + `Frame( `id(`bydate_frame), _(" Select Date Range "), + `VBox( + `Label( _("Enter Starting Date/Time") ), + `HBox( + `HSpacing( `opt(`hstretch), 1), + `IntField(`id(`startHours), _("Hours"), 0, 23, 0), + `IntField(`id(`startMins), _("Minutes"), 0, 59, 0), + `IntField(`id(`startDay), _("Day"), 1, 31, 1), + `IntField(`id(`startMonth), _("Month"), 1, 12, 1), + `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005) + ), + `VSpacing(1.0), + `Label( _("Enter Ending Date") ), + `HBox( + `HSpacing( `opt(`hstretch), 1), + `IntField(`id(`endHours), _("Hours"), 0, 23, 0), + `IntField(`id(`endMins), _("Minutes"), 0, 59, 0), + `IntField(`id(`endDay), _("Day"), 1, 31, 1), + `IntField(`id(`endMonth), _("Month"), 1, 12, 1), + `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005) + ), + `VSpacing(1.0) + )), + `VSpacing( 1.0 ), + `HBox( + `HWeight( 4, `TextEntry(`id(`prog), _("Program name"), prog) ), + `HWeight( 4, `TextEntry(`id(`prof), _("Profile name"), prof) ), + `HWeight( 3, `TextEntry(`id(`pid), _("PID number"), pid) ), + `HWeight( 2, + `ComboBox(`id(`sev), _("Severity"), [ + _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" + ]) ), + `HSpacing( `opt(`hstretch), 5) + ), + `HBox( + `VSpacing(0.5), + `TextEntry(`id(`res), _("Detail"), res), + `VBox( + `Label( _("Access Type: ") ), + `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode ))) + ), + `VBox( + `Label( _("Mode: ") ), + `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode ))) + ) + ), + `VSpacing( 0.5 ), + + `HBox( + `VSpacing(0.5), + `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [ + _("None"), _("csv"), _("html"), _("Both") + ]), + `TextEntry(`id(`expPath), _("Location to store log."), expPath ), + `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) + ) + )); + + return ff2; + +} + +// Gets data for next or previous page of current report +define term turnReportPage (string name, integer curPage, string slastPage, map Settings) { + + //map Settings = $[ ]; - 07-07 + list reportList = []; + + string currentPage = tostring( curPage ); + Settings["name"] = name; + Settings["page"] = currentPage; + Settings["turnPage"] = "1"; + + reportList = getReportList("sir", Settings); + + // New map is a list, not a hash + + /* Old aa-eventd + list db = (list ) SCR::Read (.logparse, Settings); + integer key = 1; + foreach ( map record, db, { + reportList = add( reportList, `item( `id(key), record["host"]:nil, + record["date"]:nil, record["prog"]:nil, record["profile"]:nil, + record["pid"]:nil, record["severity"]:nil, record["mode"]:nil, + record["resource"]:nil, record["sdmode"]:nil )); + key = key + 1; + }); + */ + + string myLabel = _("On Demand Event Report - Page ") + currentPage + _(" of ") + slastPage; + + term odForm = + + `Frame( `id(`odpage), myLabel, + + `VBox( + //`Label("AppArmor Event Report Data " + currentPage ), + //`Label(myLabel), + + `HBox( + `VSpacing(10), + // New aa-eventd + makeSirTable(reportList), + /* Old aa-eventd + `Table(`id(`table), `opt(`keepSorting, `immediate ), `header( _("Host"), _("Date"), _("Program"), + _("Profile"), _("PID"), _("Severity"), _("Mode"), _("Detail"), _("Access Type") ), reportList), + */ + + `VSpacing(0.5) + ), + `HSpacing(`opt(`hstretch), 1.0), + `VSpacing(0.5), + `HBox( + `PushButton(`id(`first), _("F&irst Page") ), + `PushButton(`id(`prev), _("&Previous") ), + `PushButton(`id(`psort), _("&Sort") ), + `PushButton(`id(`fwd), _("&Forward") ), + `PushButton(`id(`last), _("&Last Page") ), + `PushButton(`id(`goto), _("&Go to Page") ) + ), + `VSpacing(1) + )); + + return odForm; +} + +define symbol reportConfigForm() { + + term contents_report_config_form = + `VBox( + `VSpacing( 1 ), + `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )), + `Frame( `id(`bydate_frame), _(" Select Date Range ") , + `VBox( + `Label( _("Enter Starting Date/Time") ), + `HBox( + `HSpacing( `opt(`hstretch), 1), + `HWeight( 1, `TextEntry(`id(`start_time), _("Time") )), + `HSpacing( `opt(`hstretch), 1), + `HWeight( 1, `TextEntry(`id(`start_day), _("Day") )), + `HSpacing( `opt(`hstretch), 1), + `HWeight( 1, `TextEntry(`id(`start_month), _("Month") )), + `HSpacing( `opt(`hstretch), 1), + `HWeight( 1, `TextEntry(`id(`start_year), _("Year") )), + `HSpacing( `opt(`hstretch), 1) + ), + `VSpacing( 1.0 ), + `Label( _("Enter Ending Date") ), + `HBox( + `HSpacing( `opt(`hstretch), 1), + `HWeight( 1, `TextEntry(`id(`end_time), _("Time") )), + `HSpacing( `opt(`hstretch), 1), + `HWeight( 1, `TextEntry(`id(`end_day), _("Day") )), + `HSpacing( `opt(`hstretch), 1), + `HWeight( 1, `TextEntry(`id(`end_month), _("Month") )), + `HSpacing( `opt(`hstretch), 1), + `HWeight( 1, `TextEntry(`id(`end_year), _("Year") )), + `HSpacing( `opt(`hstretch), 1), + `VSpacing( `opt(`vstretch), 2) + ) + )), + `VSpacing( 0.5 ), + `Left(`CheckBox( `id(`byprog), `opt(`notify), _("Filter By Program Name") )), + `HBox(`id(`pbox), + `Left(`TextEntry(`id(`prog), _("Program name") )), + `HSpacing( `opt(`hstretch), 45) + ), + `VSpacing( 0.5 ), + `Left(`CheckBox( `id(`expLog), `opt(`notify), _("Export Report") )), + `HBox(`id(`ebox), + `Left(`TextEntry(`id(`exportName), _("Export File Location") )), + `Label( _("Select Export Format") ), + `Left(`CheckBox(`id(`exportText), _("CSV"), false)), + `Left(`CheckBox(`id(`exportHtml), _("HTML"), true)) + ) + ); + Wizard::SetContentsButtons( _("Report Configuration Dialog"), contents_report_config_form, repConfHelp, Label::BackButton(), Label::NextButton() ); + + Settings = $[ ]; + map event = $[]; + any id = nil; + UI::ChangeWidget(`id(`pbox), `Enabled, false); + UI::ChangeWidget(`id(`ebox), `Enabled, false); + UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); + UI::ChangeWidget(`id(`exportName), `Value, "/tmp/export.log"); + + while( true ) { + event = UI::WaitForEvent( timeout_millisec ); + id = event["ID"]:nil; // We'll need this often - cache it + + integer start_day = (integer) UI::QueryWidget(`id(`start_day), `Value); + integer start_month = (integer) UI::QueryWidget(`id(`start_month), `Value); + integer start_year = (integer) UI::QueryWidget(`id(`start_year), `Value); + integer end_day = (integer) UI::QueryWidget(`id(`end_day), `Value); + integer end_month = (integer) UI::QueryWidget(`id(`end_month), `Value); + integer end_year = (integer) UI::QueryWidget(`id(`end_year), `Value); + + if ( id == `byprog ) { + boolean val = (boolean) UI::QueryWidget(`id(`byprog), `Value); + if ( val == true ) { + UI::ChangeWidget(`id(`pbox), `Enabled, true); + UI::ChangeWidget(`id(`allevents), `Value, false); + } else { + UI::ChangeWidget(`id(`pbox), `Enabled, false); + } + } else if ( id == `bydate ) { + boolean val = (boolean) UI::QueryWidget(`id(`bydate), `Value); + if ( val == true ) { + UI::ChangeWidget(`id(`bydate_frame), `Enabled, true); + UI::ChangeWidget(`id(`allevents), `Value, false); + } else { + UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); + } + } else if ( id == `expLog ) { + boolean val = (boolean) UI::QueryWidget(`id(`expLog), `Value); + if ( val == true ) { + UI::ChangeWidget(`id(`ebox), `Enabled, true); + //UI::ChangeWidget(`id(`allevents), `Value, false); + } else { + UI::ChangeWidget(`id(`ebox), `Enabled, false); + } + } else if ( id == `next ) { + + // Setup the data structures. + boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value); + boolean byprog = (boolean) UI::QueryWidget(`id(`byprog), `Value); + boolean allevents = (boolean) UI::QueryWidget(`id(`allevents), `Value); + boolean expLog = (boolean) UI::QueryWidget(`id(`expLog), `Value); + + if ( expLog ) { + string exportName = (string) UI::QueryWidget(`id(`exportName), `Value); + any expText = (boolean) UI::QueryWidget(`id(`exportText), `Value); + any expHtml = (boolean) UI::QueryWidget(`id(`exportHtml), `Value); + string exportText = tostring( expText ); + string exportHtml = tostring( expHtml ); + Settings["exportname"] = exportName; + Settings["exporttext"] = exportText; + Settings["exporthtml"] = exportHtml; + } + + if ( byprog ) { + string program_name = (string) UI::QueryWidget(`id(`prog), `Value); + Settings["prog"] = program_name; + } + + if ( bydate ) { + + integer start_hour = (integer) UI::QueryWidget(`id(`startHour), `Value); + integer start_min = (integer) UI::QueryWidget(`id(`startMin), `Value); + integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value); + integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value); + integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value); + integer end_hour = (integer) UI::QueryWidget(`id(`endHour), `Value); + integer end_min = (integer) UI::QueryWidget(`id(`endMin), `Value); + integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value); + integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value); + integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value); + string start_time = tostring(start_hour) + ":" + tostring(start_min); + string end_time = tostring(end_hour) + ":" + tostring(end_min); + + if ( CheckDate(startDay,startMonth,startYear) == false ) { + Popup::Error( _("Illegal start date entered. Please retry.") ); + continue; + } + + if ( CheckDate(endDay,endMonth,endYear) == false ) { + Popup::Error( _("Illegal end date entered. Please retry.") ); + continue; + } + + Settings["startday"] = tostring(startDay); + Settings["startmonth"] = tostring(startMonth); + Settings["startyear"] = tostring(startYear); + Settings["endday"] = tostring(endDay); + Settings["endmonth"] = tostring(endMonth); + Settings["endyear"] = tostring(endYear); + Settings["starttime"] = start_time; + Settings["endtime"] = end_time; + } + + } else if ( id == `abort || id == `back || id == `done ) { + Popup::Message( _("Abort or Back") ); + break; + } + + //break; + } + return (symbol) id; +} + +// Main Report Form +define symbol mainArchivedReportForm() { + + map reportdata = nil; + reportdata = (map) SCR::Read (.logparse, Settings ); + list reportlist = []; + + foreach( integer key, map repdata, (map) reportdata, { + reportlist = add( reportlist, `item( `id(key), repdata["date"]:nil, repdata["prof"]:nil, repdata["pid"]:nil, repdata["mesg"]:nil)); + }); + + string help1 = _("AppArmor Security Events

+ This table displays the events found that match your search criteria."); + + + // DBG y2milestone("in MainReportForm"); + term contents_main_prof_form = + `VBox( + `Label( _("AppArmor Event Report Data") ), + `HBox( + `VSpacing(10), + `Table(`id(`table), `opt(`notify, `immediate ), `header(_("Date"), + _("Profile"), _("PID"), _("AppArmor Message") ), reportlist), + `VSpacing(0.5) + ) + ); + Wizard::SetContentsButtons( _("AppArmor Security Event Report"), + contents_main_prof_form, help1, Label::BackButton(), _("&Done") ); + + + map event = $[]; + any id = nil; + while( true ) { + + event = UI::WaitForEvent( timeout_millisec ); + id = event["ID"]:nil; // We'll need this often - cache it + + if ( id == `table ) { + + if ( event["EventReason"]:nil == "Activated" ) { + // Widget activated in the table + integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); + } + + } else if ( id == `abort || id == `cancel || id == `done ) { + break; + } else if ( id == `back || id == `next ) { + break; + } else { + y2error("Unexpected return code: %1", id); + continue; + } + } + return (symbol) id; +} + +// This is the first and base reporting form +define symbol mainReportForm() { + + term mainForm = + + `VBox( + `Label( _("AppArmor Reporting") ), + `VSpacing(2), + `VBox( + `Left(`CheckBox( `id(`schedrep), `opt(`notify), _("Schedule Reports"), true )), + `Left(`CheckBox( `id(`viewrep), `opt(`notify), _("View Archived Reports") )), + `Left(`CheckBox( `id(`runrep), `opt(`notify), _("Run Reports") )) + ), + `VSpacing(0.5) + ); + + Wizard::SetContentsButtons( _("AppArmor Security Event Report"), mainForm, mainHelp, Label::BackButton(), Label::NextButton() ); + + map event = $[]; + any id = nil; + while( true ) { + + event = UI::WaitForEvent( timeout_millisec ); + id = event["ID"]:nil; // We'll need this often - cache it + + if ( id == `schedrep ) { + UI::ChangeWidget(`id(`viewrep), `Value, false); + UI::ChangeWidget(`id(`runrep), `Value, false); + } else if ( id == `viewrep ) { + UI::ChangeWidget(`id(`schedrep), `Value, false); + UI::ChangeWidget(`id(`runrep), `Value, false); + } else if ( id == `runrep ) { + UI::ChangeWidget(`id(`schedrep), `Value, false); + UI::ChangeWidget(`id(`viewrep), `Value, false); + } else if ( id == `abort || id == `cancel || id == `done ) { + break; + } else if ( id == `back ) { + break; + } else if ( id == `next ) { + + if ( UI::QueryWidget(`id(`schedrep), `Value) == true ) { + id = `schedrep; + } else if ( UI::QueryWidget(`id(`viewrep), `Value) == true ) { + id = `viewrep; + } else if ( UI::QueryWidget(`id(`runrep), `Value) == true ) { + id = `runrep; + } + + break; + + } else { + y2error("Unexpected return code: %1", id); + continue; + } + } + + return (symbol) id; +} + +// Form used to select the type of archived report to list +define term viewForm(map archType, list itemList, string repPath) { + + boolean sirRep = archType["sirRep"]:false; + boolean audRep = archType["audRep"]:false; + boolean essRep = archType["essRep"]:false; + + if ( repPath == "" || repPath == nil ) { + repPath = "/var/log/apparmor/reports-archived/"; + } + + if ( audRep == false && essRep == false ) { + sirRep = true; + } + + term vForm = + `ReplacePoint(`id(`viewform), `VBox( + `Label( _("View Archived Reports") ), + `HSpacing(60), // make the table and thus the dialog wide enough + `VSpacing(1), + `HBox( + `Frame( `id(`radioSelect), _("Choose a Report Type"), + `RadioButtonGroup(`id(`chooseRep), `HBox( + `HStretch(), + `RadioButton(`id(`sirRep), `opt(`notify, `immediate), _("SIR"), sirRep), + `HSpacing(1), + `RadioButton(`id(`audRep), `opt(`notify, `immediate), _("App Aud"), audRep), + `HSpacing(1), + `RadioButton(`id(`essRep), `opt(`notify, `immediate), _("ESS"), essRep), + `HSpacing(1), + `HStretch() + ))) + ), + `VSpacing(1), + `Frame( `id(`repFrame), _("Location of Archived Reports"), + `HBox( + `Left(`Label(repPath)), + `HSpacing(1), + `Left(`PushButton(`id(`browse), _("&Browse"))), + `HStretch() + ) + ), + `VSpacing(0.5), + `VWeight( 10, `HBox( + `VSpacing(1), + `Table(`id(`table), `opt(`notify, `immediate), `header(_("Report"), + _("Date") ), itemList ) ) + ), + `VSpacing(1), + `HBox( + `VSpacing(1), + `PushButton(`id(`view), _("&View") ), + `PushButton(`id(`viewall), _("View &All") ) + ) + )); + + return vForm; +} + +define map filterConfigForm(string name) { + + // Cheating way to set filters + map opts = $[]; + opts["getSirFilters"] = "1"; + opts["name"] = name; + opts["gui"] = "1"; + map preFilters = $[]; + preFilters = (map) SCR::Read( .logparse, opts ); + + any asev = preFilters["severity"]:nil; + string sev = ""; + if ( asev != nil ) { sev = tostring(asev); } + if ( sev == "-" ) { sev = _("All"); } + + Wizard::SetContentsButtons( _("Report Configuration Dialog"), + filterForm2(name,preFilters), filterCfHelp1, Label::BackButton(), Label::NextButton() ); + + if ( sev != "" && sev != _("All") ) { + if ( sev != "U" ) { + integer isev = tointeger(sev); + if ( isev < 10 ) { + sev = "0" + sev; + } + } + + UI::ChangeWidget(`id(`sev), `Value, sev); + } + + string mode = "All"; + string sdmode = "R"; + + Settings = $[ ]; + map event = $[]; + any id = nil; + UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); + + while( true ) { + + event = UI::WaitForEvent( timeout_millisec ); + id = event["ID"]:nil; + + if ( id == `bydate ) { + + boolean val = (boolean) UI::QueryWidget(`id(`bydate), `Value); + if ( val == true ) { + UI::ChangeWidget(`id(`bydate_frame), `Enabled, true); + } else { + UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); + } + + } else if ( id == `abort || id == `done || id == `cancel) { + Settings["break"] = "abort"; + break; + + } else if ( id == `back ) { + Settings["break"] = "back"; + break; + + } else if ( id == `sdmode ) { + + sdmode = popUpSdMode(); + + if ( sdmode != "" ) { + Settings["sdmode"] = sdmode; + UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) ) ); + } + + } else if ( id == `mode ) { + + mode = popUpMode(); + + if ( mode != "" ) { + Settings["mode"] = mode; + UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode ))); + } + + } else if ( id == `browse ) { + + string selectFile = ""; + selectFile = UI::AskForExistingDirectory( "/", _("Select Directory")); + + if ( selectFile != nil ) { + UI::ChangeWidget(`id(`expPath), `Value, selectFile); + } + + Settings["expPath"] = expPath; + + } else if ( id == `save || id == `next) { + + // Setup the data structures. + boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value); + boolean expText = false; + boolean expHtml = false; + + if ( UI::QueryWidget(`id(`expLog), `Enabled) == true ) { + expText = (boolean) UI::QueryWidget(`id(`exportText), `Value); + expHtml = (boolean) UI::QueryWidget(`id(`exportHtml), `Value); + } + + if ( expText == true ) { + Settings["exporttext"] = "true"; + } + if ( expHtml == true ) { + Settings["exporthtml"] = "true"; + } + + string program_name = (string) UI::QueryWidget(`id(`prog), `Value); + string profile = (string) UI::QueryWidget(`id(`prof), `Value); + string pid = (string) UI::QueryWidget(`id(`pid), `Value); + string sev = (string) UI::QueryWidget(`id(`sev), `Value); + string res = (string) UI::QueryWidget(`id(`res), `Value); + string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); + string mode = (string) UI::QueryWidget(`id(`mode), `Label); + string exppath = (string) UI::QueryWidget(`id(`expPath), `Value); + + // de-i18n + if ( sev == _("All") ) { sev = "All"; } + if ( sev == _("U") ) { sev = "U"; } + + if (exppath != "" ) { Settings["exportPath"] = expPath; } + if ( program_name != "" ) { Settings["prog"] = program_name; } + if ( profile != "" ) { Settings["profile"] = profile; } + if ( pid != "" ) { Settings["pid"] = pid; } + if ( sev != "" && sev != "All" ) { Settings["severity"] = sev; } + if ( res != "" ) { Settings["resource"] = res; } + if ( sdmode != "" ) { Settings["sdmode"] = humanStringToMode( sdmode); } + if ( mode != "" ) { Settings["mode"] = humanStringToMode( mode ); } + + if ( bydate == true ) { + + integer start_hour = (integer) UI::QueryWidget(`id(`startHour), `Value); + integer start_min = (integer) UI::QueryWidget(`id(`startMin), `Value); + integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value); + integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value); + integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value); + integer end_hour = (integer) UI::QueryWidget(`id(`endHour), `Value); + integer end_min = (integer) UI::QueryWidget(`id(`endMin), `Value); + integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value); + integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value); + integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value); + + string start_time = tostring(start_hour) + ":" + tostring(start_min); + string end_time = tostring(end_hour) + ":" + tostring(end_min); + + if ( CheckDate(startDay,startMonth,startYear) == false ) { + Popup::Error( _("Illegal start date entered. Please retry.") ); + continue; + } + + if ( CheckDate(endDay,endMonth,endYear) == false ) { + Popup::Error( _("Illegal end date entered. Please retry.") ); + continue; + } + + string start_day = tostring(startDay); + string start_month = tostring(startMonth); + string start_year = tostring(startYear); + string end_day = tostring(endDay); + string end_month = tostring(endMonth); + string end_year = tostring(endYear); + + Settings["startday"] = tostring(start_day); + Settings["startmonth"] = tostring(start_month); + Settings["startyear"] = tostring(start_year); + Settings["endday"] = tostring(end_day); + Settings["endmonth"] = tostring(end_month); + Settings["endyear"] = tostring(end_year); + Settings["starttime"] = start_time; + Settings["endtime"] = end_time; + + } + + string expType = (string) UI::QueryWidget(`id(`expType), `Value); + string expPath = (string) UI::QueryWidget(`id(`expPath), `Value); + + if ( expType == _("csv") ) { + Settings["exporttext"] = "1"; + } else if ( expType == _("html") ) { + Settings["exporthtml"] = "1"; + } else if ( expType == _("Both") ) { + Settings["exporttext"] = "1"; + Settings["exporthtml"] = "1"; + } + + Settings["exportPath"] = expPath; + + break; + } + } + + return Settings; +} + +define term displayEmptyRep(string type) { + + string myLabel = ""; + string myInfo = ""; + + if ( type == "noDb" ) { + myLabel = _("Events DB Not Initialized."); + myInfo = _("The events database has not been populated. No records exist."); + } else if ( type == "noList" ) { + myLabel = _("Query Returned Empty List."); + myInfo = _("The events database has no records that match the search query."); + } + + term newPage = + + `Frame( `id(`newpage), myLabel, + + `VBox( + //`Label(myLabel), + `HBox( + `VSpacing(10), + `Label( myInfo ), + `VSpacing(0.5) + ), + `HSpacing(`opt(`hstretch), 1.0), + `VSpacing(1) + )); + + + return newPage; +} + +define term displayRep(string type, integer curPage, string slastPage, list reportList ) { + + string myLabel = ""; + string currentPage = tostring(curPage); + term myTable = nil; + + if (type == "onDemand" || type == "sir") { + // Very poor i18n here + myLabel = _("On Demand Event Report - Page ") + currentPage + _(" of ") + slastPage; + myTable = makeSirTable(reportList); + + } else if (type == "archRep") { + + myLabel = _("Archived Event Report - Page ") + currentPage + _(" of ") + slastPage; + myTable = makeSirTable(reportList); + + } else if (type == "aud" || type == "audRep" ) { + + myLabel = _("Applications Audit Report"); + myTable = `Table(`id(`table), `opt(`notify, `immediate ), + `header(_("Host"), _("Date"), _("Program"), + _("Profile"), _("PID"), _("State"), _("Type") ), reportList); + + } else if (type == "ess" || type == "essRep" ) { + if (reportList == nil) { + myLabel = _("Executive Security Summary"); + myTable = `Table(`id(`table), `opt(`notify), + `header(_("Query Results")), _("No event information exists.")); + + } else { + myLabel = _("Executive Security Summary"); + myTable = `Table(`id(`table), `opt(`notify, `immediate ), + `header(_("Host"), _("Start Date"),_("End Date"), _("Num Rejects"), + _("Num Events"), _("Ave. Sev"), _("High Sev") ), reportList); + } + } + + term newPage = + + `Frame( `id(`newpage), myLabel, + + `VBox( + `HBox( + `VSpacing(10), + myTable, + `VSpacing(0.5) + ), + `HSpacing(`opt(`hstretch), 1.0), + `VSpacing(0.5), + `HBox( + `PushButton(`id(`first), _("F&irst Page") ), + `PushButton(`id(`prev), _("&Previous") ), + `PushButton(`id(`psort), _("&Sort") ), + `PushButton(`id(`fwd), _("&Forward") ), + `PushButton(`id(`last), _("&Last Page") ), + `PushButton(`id(`goto), _("&Go to Page") ) + ), + `VSpacing(1) + )); + + return newPage; +} + + +// View Archived Reports +define symbol displayArchForm() { + + map archType = $[ ]; + archType["sirRep"] = true; + archType["audRep"] = false; + archType["essRep"] = false; + + map Settings = $[ ]; + string readSched = "1"; + Settings["getcron"] = "0"; + Settings["readSched"] = "1"; + Settings["type"] = "sirRep"; + string type = Settings["type"]:nil; + + list itemList = []; + itemList = getArrayList(type,""); + + Wizard::SetContentsButtons( _("AppArmor Security Event Report"), + viewForm(archType, itemList, ""), archHelpText, Label::BackButton(), _("&Done") ); + + map event = $[]; + any archId = nil; + + string repPath = ""; + integer lastPage = 1; + integer curPage = 1; + + string formHelp = runHelp; + + + while( true ) { + + event = UI::WaitForEvent( ); + + archId = event["ID"]:nil; // We'll need this often - cache it + + if (archId == `back || archId == `abort || archId == `done) { + break; + } else if ( archId == `close || archId == `cancel || archId == `next) { + break; + + } else if ( archId == `repPath ) { + + repPath = (string) UI::QueryWidget(`id(`repPath), `Value); + Settings["repPath"] = repPath; + itemList = getArrayList(type,repPath); + Wizard::SetContentsButtons( _("AppArmor Security Event Report"), + viewForm(archType, itemList, repPath), archHelpText, Label::BackButton(), _("&Done") ); + + } else if ( archId == `browse ) { + + string selectFile = ""; + selectFile = UI::AskForExistingDirectory( "/", _("Select Directory")); + + if ( selectFile != nil ) { + UI::ChangeWidget(`id(`repPath), `Value, selectFile); + // set new reppath + repPath = selectFile; + Settings["repPath"] = repPath; + itemList = getArrayList(type,repPath); + Wizard::SetContentsButtons( _("AppArmor Security Event Report"), + viewForm(archType, itemList, repPath), archHelpText, Label::BackButton(), + _("&Done") ); + } + + + } else if ( archId == `sirRep ) { + formHelp = sirHelp; + archType["sirRep"] = true; + archType["audRep"] = false; + archType["essRep"] = false; + Settings["type"] = "sirRep"; + type = Settings["type"]:nil; + + itemList = getArrayList(type,repPath); + + Wizard::SetContentsButtons( _("View Archived SIR Report"), + viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done")); + + } else if ( archId == `audRep ) { + formHelp = audHelp; + archType["sirRep"] = false; + archType["audRep"] = true; + archType["essRep"] = false; + Settings["type"] = "audRep"; + type = Settings["type"]:nil; + + itemList= getArrayList(type,""); + Wizard::SetContentsButtons( _("View Archived AUD Report"), + viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done")); + + } else if ( archId == `essRep ) { + formHelp = essHelp; + archType["sirRep"] = false; + archType["audRep"] = false; + archType["essRep"] = true; + Settings["type"] = "essRep"; + type = Settings["type"]:nil; + + itemList= getArrayList(type,""); + Wizard::SetContentsButtons( _("View Archived ESS Report"), + viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done")); + + + } else if ( archId == `view || archId == `viewall || archId == `table) { + + if ( archId == `viewall ) { + Settings["single"] = "0"; + } else { + Settings["single"] = "1"; + } + + integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); + string logFile = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); + string logPath = (string) UI::QueryWidget(`id(`repPath), `Value); + list splitPath = splitstring (logPath, "/"); + string checkPath = splitPath[size(splitPath)-1]:""; + + string longLogName = ""; + + + // Cat strings & check for trailing "/" in path + if ( logPath != "" ) { + if ( checkPath != "" ) { + longLogName = logPath + "/" + logFile; + } else { + longLogName = logPath + logFile; + } + } + + if ( type == "sirRep" ) { + + formHelp = sirHelp; + map sirSettings = nil; + sirSettings = setArchFilter(); + if ( archId == `viewall ) { sirSettings["single"] = 0; } + + // Force an exit if appropriate + any breakCheck = sirSettings["break"]:nil; + + if ( breakCheck == "abort" ) { + symbol myBreak = `abort; + return myBreak; + + } else if ( breakCheck == "back" ) { + symbol myBreak = `back; + return myBreak; + } + + if ( repPath != "" ) { + sirSettings["repPath"] = repPath; + } + + Wizard::SetContentsButtons( _("Security Incident Report"), + viewArchForm(type,logFile,sirSettings), sirHelp, Label::BackButton(), _("&Done")); + + lastPage = getLastPage(type,Settings,""); // check 'name' + setPageButtons(curPage,lastPage); + + } else if ( type == "audRep" ) { + + formHelp = audHelp; + list reportList = []; + integer key = 1; + Settings["page"] = "1"; + Settings["audArch"] = "1"; + Settings["turnPage"] = "1"; + Settings["file"] = logFile; + + list db = (list ) SCR::Read (.reports_confined, Settings); + + foreach ( map repdata, db, { + reportList = add( reportList, `item( `id(key), repdata["host"]:nil, + repdata["date"]:nil, repdata["prog"]:nil, repdata["prof"]:nil, + repdata["pid"]:nil, repdata["state"]:nil, repdata["type"]:nil )); + key = key + 1; + }); + + lastPage = getLastPage(type,Settings,""); + string slastPage = tostring(lastPage); + + Wizard::SetContentsButtons( _("Applications Audit Report"), + displayRep(type,curPage,slastPage,reportList), formHelp, Label::BackButton(), + _("&Done") ); + setPageButtons(curPage,lastPage); + + } else if ( type == "essRep" ) { + + formHelp = essHelp; + list reportList = []; + integer key = 1; + Settings["file"] = logFile; + Settings["essArch"] = "1"; + + list db = (list ) SCR::Read (.reports_ess, Settings); + + foreach ( map repdata, db, { + reportList = add( reportList, `item( `id(key), repdata["host"]:nil, + repdata["startdate"]:nil, repdata["enddate"]:nil, repdata["numRejects"]:nil, + repdata["numEvents"]:nil, repdata["sevMean"]:nil, repdata["sevHi"]:nil )); + key = key + 1; + }); + + lastPage = getLastPage(type,Settings,""); + string slastPage = tostring(lastPage); + + Wizard::SetContentsButtons( _("Executive Security Summary Report"), + displayRep(type,curPage,slastPage,reportList), formHelp, Label::BackButton(), + _("&Done") ); + setPageButtons(curPage,lastPage); + + } else { + Popup::Error( _("No recognized report type selected. Try again.") ); + continue; + } + + } else if ( archId == `goto ) { + + integer newPage = popUpGoto(lastPage); + + if ( newPage > 0 && newPage <= lastPage && newPage != curPage ) { + curPage = newPage; + + term fwdForm = turnArchReportPage(curPage,lastPage); + Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, runHelp, Label::BackButton(), _("&Done") ); + setPageButtons(curPage,lastPage); + } + + } else if ( archId == `psort ) { + + string sortKey = popUpSort(type); + + if ( sortKey != nil && sortKey != "" ) { + curPage = 1; + map sortCmd = $[]; + sortCmd["sortKey"] = sortKey; + sortCmd["sort"] = "1"; + any junk = SCR::Write(.logparse, sortCmd); + term fwdForm = turnArchReportPage(curPage,lastPage); + Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, runHelp, Label::BackButton(), _("&Done") ); + setPageButtons(curPage,lastPage); + } + + } else if ( archId == `fwd ) { + + curPage = curPage +1; + term fwdForm = turnArchReportPage(curPage,lastPage); + Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, formHelp, Label::BackButton(), _("&Done") ); + + setPageButtons(curPage,lastPage); + + + } else if ( archId == `prev ) { + + if ( curPage > 0 ) { curPage = curPage -1; } + term prevForm = turnArchReportPage(curPage,lastPage); + Wizard::SetContentsButtons( _("AppArmor Report"), prevForm, formHelp, Label::BackButton(), _("&Done") ); + + setPageButtons(curPage,lastPage); + + } else if ( archId == `first ) { + + curPage = 1; + term firstForm = turnArchReportPage(curPage,lastPage); + Wizard::SetContentsButtons( _("AppArmor Report"), firstForm, formHelp, Label::BackButton(), _("&Done") ); + setPageButtons(curPage,lastPage); + + } else if ( archId == `last ) { + + curPage = lastPage; + term lastForm = turnArchReportPage(curPage,lastPage); + Wizard::SetContentsButtons( _("AppArmor Report"), lastForm, formHelp, Label::BackButton(), _("&Done") ); + setPageButtons(curPage,lastPage); + + } else { + y2error("Unexpected return code: %1", archId); + continue; + } + //break; + } + + if (archId != `back && archId != `abort && archId != `done) { + archId = `back; + } + + return (symbol) archId; +} + +// The main form for On-Demand reports, executed from the wizard by selecting 'Run Now' +define symbol displayRunForm() { + + integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); + string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "")); + + string type = ""; + + if (name == "Security.Incident.Report") { + type = "sir"; + } else if (name == "Applications.Audit") { + type = "aud"; + } else if ( name == "Executive.Security.Summary") { + type = "ess"; + } else { + type = "sir"; // All added reports are SIRs + } + + if ( type != "aud" ) { + boolean dbActivated = checkEventDb(); + if ( dbActivated == false ) { + type = "noDb"; + } + } + + list reportList = []; + map Settings = $[ ]; + integer curPage = 1; + integer lastPage = 1; + string slastPage = "1"; + + string formHelp = runHelp; + map reportdata = nil; + + if (type == "sir") { + + Settings = filterConfigForm(name); + + // Force an exit if appropriate + any breakCheck = Settings["break"]:nil; + + if ( breakCheck == "abort" ) { + symbol myBreak = `abort; + return myBreak; + + } else if ( breakCheck == "back" ) { + symbol myBreak = `back; + return myBreak; + } + + formHelp = sirHelp; + Settings["type"] = "onDemand"; + Settings["turnPage"] = "0"; + + reportList = getReportList("sir",Settings); + integer listSize = size(reportList); + if ( listSize < 1 ) { + type = "noList"; + } + + } else if ( type == "aud" ) { + + formHelp = audHelp; + Settings["type"] = "onDemand"; + Settings["turnPage"] = "0"; + + list db = (list ) SCR::Read (.reports_confined, Settings); + + integer key = 1; + + foreach ( map repdata, db, { + reportList = add( reportList, `item( `id(key), repdata["host"]:nil, + repdata["date"]:nil, repdata["prog"]:nil, repdata["prof"]:nil, + repdata["pid"]:nil, repdata["state"]:nil, repdata["type"]:nil )); + key = key + 1; + }); + + } else if ( type == "ess" ) { + + formHelp = essHelp; + Settings["type"] = "onDemand"; + Settings["turnPage"] = "0"; + list db = (list ) SCR::Read (.reports_ess, Settings); + + if (db != nil) { + + integer key = 1; + + foreach ( map repdata, db, { + reportList = add( reportList, `item( `id(key), repdata["host"]:nil, + repdata["startdate"]:nil, repdata["enddate"]:nil, + repdata["numRejects"]:nil, repdata["numEvents"]:nil, repdata["sevMean"]:nil, + repdata["sevHi"]:nil )); + key = key + 1; + }); + } + + } + + if ( type == "noDb" ) { + Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayEmptyRep(type), + formHelp, Label::BackButton(), _("&Done") ); + } else if ( type == "noList" ) { + Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayEmptyRep(type), + formHelp, Label::BackButton(), _("&Done") ); + } else { + + lastPage = getLastPage(type,Settings,name); + slastPage = tostring(lastPage); + + Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), + displayRep(type,curPage,slastPage,reportList), formHelp, + Label::BackButton(), _("&Done") ); + setPageButtons(curPage,lastPage); + } + + map event = $[]; + any id = nil; + + while( true ) { + + // Grey out inappropriate paging buttons + if (curPage <= 1 ) { + UI::ChangeWidget(`id(`prev), `Enabled, false); + } else if ( curPage >= lastPage ) { + UI::ChangeWidget(`id(`fwd), `Enabled, false); + } + + event = UI::WaitForEvent( timeout_millisec ); + id = event["ID"]:nil; // We'll need this often - cache it + + // REDO + if ( id == `schedrep ) { + break; + } else if ( id == `abort || id == `cancel || id == `back || id == `done) { + break; + } else if ( id == `next ) { + + break; + + } else if ( id == `goto ) { + + integer newPage = popUpGoto(lastPage); + + if ( newPage > 0 && newPage <= lastPage && newPage != curPage ) { + curPage = newPage; + + term goForm = turnReportPage(name,curPage,slastPage,Settings); + Wizard::SetContentsButtons( _("AppArmor - Run Reports"), goForm, + formHelp, Label::BackButton(), _("&Done") ); + setPageButtons(curPage,lastPage); + } + + } else if ( id == `psort ) { + + string sortKey = popUpSort(type); + + if ( sortKey != nil && sortKey != "" ) { + + // branch added 08.01.2005 + curPage = 1; + Settings["type"] = "onDemand"; + Settings["turnPage"] = "0"; + Settings["sortKey"] = sortKey; + + reportList = getReportList(type,Settings); + + Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayRep(type,curPage, + slastPage,reportList), formHelp, Label::BackButton(), _("&Done") ); + setPageButtons(curPage,lastPage); + + } + + } else if ( id == `prev ) { + + if ( curPage > 0 ) { curPage = curPage -1; } + term prevForm = turnReportPage(name,curPage,slastPage,Settings); + Wizard::SetContentsButtons( _("AppArmor - Run Reports"), prevForm, + formHelp, Label::BackButton(), _("&Done") ); + setPageButtons(curPage,lastPage); + + } else if ( id == `fwd ) { + curPage = curPage + 1; + term fwdForm = turnReportPage(name,curPage,slastPage,Settings); + Wizard::SetContentsButtons( _("AppArmor - Run Reports"), fwdForm, + formHelp, Label::BackButton(), _("&Done") ); + setPageButtons(curPage,lastPage); + + } else if ( id == `first ) { + + curPage = 1; + slastPage = tostring(lastPage); + term firstForm = turnReportPage(name,curPage,slastPage,Settings); + Wizard::SetContentsButtons( _("AppArmor - Run Reports"), firstForm, formHelp, + Label::BackButton(), _("&Done") ); + setPageButtons(curPage,lastPage); + + } else if ( id == `last ) { + + curPage = lastPage; + slastPage = tostring(lastPage); + term lastForm = turnReportPage(name,curPage,slastPage,Settings); + Wizard::SetContentsButtons( _("AppArmor - Run Reports"), lastForm, formHelp, + Label::BackButton(), _("&Done") ); + setPageButtons(curPage,lastPage); + + } else { + y2error("Unexpected return code: %1", id); + continue; + } + + } + + type = ""; + return (symbol) id; +} + +define void addSchedForm() { + + map Settings = $[ ]; + string readSched = "1"; + Settings["getcron"] = "1"; + Settings["readSched"] = "1"; + Settings["type"] = "schedRep"; + + string expPath = "/var/log/apparmor/reports-exported"; + + UI::OpenDialog( + + `ReplacePoint( `id(`addSchedRep), `VBox( + `Label( _("Add Scheduled SIR") ), + `VSpacing(1), + `TextEntry(`id(`name), _("Report Name")), + `VSpacing(1), + `HBox( + `ComboBox(`id(`monthdate), `opt(`notify), _("Day of Month"), [ + `item(`id(`md_00), _("All")), + `item(`id(`md_01), "1"), `item(`id(`md_02), "2"), `item(`id(`md_03), "3"), + `item(`id(`md_04), "4"), `item(`id(`md_05), "5"), `item(`id(`md_06), "6"), + `item(`id(`md_07), "7"), `item(`id(`md_08), "8"), `item(`id(`md_09), "9"), + `item(`id(`md_10), "10"), `item(`id(`md_11), "9"), `item(`id(`md_12), "12"), + `item(`id(`md_13), "13"), `item(`id(`md_14), "14"), `item(`id(`md_15), "15"), + `item(`id(`md_16), "16"), `item(`id(`md_17), "17"), `item(`id(`md_18), "18"), + `item(`id(`md_19), "19"), `item(`id(`md_20), "20"), `item(`id(`md_21), "21"), + `item(`id(`md_22), "22"), `item(`id(`md_23), "23"), `item(`id(`md_24), "24"), + `item(`id(`md_25), "25"), `item(`id(`md_26), "26"), `item(`id(`md_27), "27"), + `item(`id(`md_28), "28"), `item(`id(`md_29), "29"), `item(`id(`md_30), "30"), + `item(`id(`md_31), "31") ]), + `ComboBox(`id(`weekday), `opt(`notify), _("Day of Week"), [ + _("All"), _("Sun"), _("Mon"), _("Tue"), _("Wed"), _("Thu"), _("Fri"), _("Sat") + ]), + `IntField(`id(`hour), _("Hour"), 00, 23, 00), + `IntField(`id(`mins), _("Minute"), 00, 59, 00) + ), + `VSpacing(1), + `HBox( + `VSpacing(1), + `TextEntry(`id(`email1), `opt(`notify), _("Email Target 1"), ""), + `TextEntry(`id(`email2), `opt(`notify), _("Email Target 2"), ""), + `TextEntry(`id(`email3), `opt(`notify), _("Email Target 3"), "") + ), + `VSpacing(1), + `HBox( + `VSpacing(0.5), + `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [ + _("None"), _("csv"), _("html"), _("Both") + ]), + `TextEntry(`id(`expPath), _("Location to store log."), expPath ), + `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) + ), + `VSpacing(1), + `HBox( + `PushButton(`id(`cancel), Label::CancelButton() ), + `PushButton(`id(`next), Label::NextButton() ) + ) + ))); + + string mode = "All"; + string sdmode = "R"; + integer timeout_millisec = 20 * 1000; + map event = $[]; + any addInput = nil; + + while( true ) { + + event = UI::WaitForEvent( timeout_millisec ); + addInput = event["ID"]:nil; // We'll need this often - cache it + + + if ( addInput == `monthdate && addInput != 0 ) { + UI::ChangeWidget(`id(`weekday), `Value, _("All") ); + } else if ( addInput == `weekday && addInput != _("All") ) { + UI::ChangeWidget(`id(`monthdate), `Value, _("All") ); + } + + if ( addInput == `next ) { + + // Check for valid path + expPath = (string) UI::QueryWidget(`id(`expPath), `Value); + map fileTest = $[]; + fileTest["checkFile"] = "1"; + fileTest["file"] = expPath; + + any pathExists = SCR::Read(.reports_parse, fileTest); + string spath = tostring(pathExists); + + if ( spath != "1" ) { + Popup::Error(_("The specified directory does not exist.")); + UI::ChangeWidget(`id(`expPath), `Value, oldExpPath); + } else { + + Settings["expPath"] = expPath; + UI::ChangeWidget(`id(`expPath), `Value, expPath); + + string name = (string) UI::QueryWidget(`id(`name), `Value); + string monthdate = (string) UI::QueryWidget(`id(`monthdate), `Value); + string weekday = (string) UI::QueryWidget(`id(`weekday), `Value); + any iHours = (any) UI::QueryWidget(`id(`hour), `Value); + any iMins = (any) UI::QueryWidget(`id(`mins), `Value); + string email1 = (string) UI::QueryWidget(`id(`email1), `Value); + string email2 = (string) UI::QueryWidget(`id(`email2), `Value); + string email3 = (string) UI::QueryWidget(`id(`email3), `Value); + + //string monthdate = tostring( iMonthdate ); + string hour = tostring( iHours ); + string mins = tostring( iMins ); + + string expType = (string) UI::QueryWidget(`id(`expType), `Value); + + if ( expType == _("csv") || expType == _("Both") ) { + Settings["csv"] = "1"; + } + + if ( expType == _("html") || expType == _("Both") ) { + Settings["html"] = "1"; + } + + if ( weekday == _("All") ) { weekday = "-"; } + if ( monthdate == _("All") ) { monthdate = "-"; } + + // de-i18n + if ( weekday == _("Mon") ) { weekday = "Mon"; } + if ( weekday == _("Tue") ) { weekday = "Tue"; } + if ( weekday == _("Weds") ) { weekday = "Weds"; } + if ( weekday == _("Thu") ) { weekday = "Thu"; } + if ( weekday == _("Fri") ) { weekday = "Fri"; } + if ( weekday == _("Sat") ) { weekday = "Sat"; } + if ( weekday == _("Sun") ) { weekday = "Sun"; } + + Settings["add"] = "1"; + Settings["name"] = name; + Settings["monthdate"] = monthdate; + Settings["weekday"] = weekday; + Settings["hour"] = hour; + Settings["mins"] = mins; + Settings["email1"] = email1; + Settings["email2"] = email2; + Settings["email3"] = email3; + + // Confirm reasonable input on report names + string checkName = filterchars(name, "`~!@#$%^&*()[{]};:'\",<>?/\|"); + integer nameLength = size(name); + + if ( regexpmatch(name, " ") == true ) { + Popup::Error( _("Only one contiguous space allowed in report names.")); + } else if ( checkName != "" ) { + Popup::Error( _("These characters are not allowed in report names: + \"`~!@#$%^&*()[{]};:'\",<>?/\|\"") ); + } else if ( nameLength > 128 ) { + Popup::Error( _("Only 128 characters are allowed in report names.")); + } else { + boolean uniqueName = findDupe(name); + if ( uniqueName == true ) { + UI::ReplaceWidget(`addSchedRep, schedFilterForm ); + } else { + Popup::Error( _("Each report name should be unique.") ); + } + }} + + } else if ( addInput == `sdmode ) { + + sdmode = popUpSdMode(); + + if (sdmode != "") { + Settings["sdmode"] = sdmode; + UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) )); + } + + } else if ( addInput == `mode ) { + + mode = popUpMode(); + + if (mode != "") { + Settings["mode"] = mode; + UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode )) ); + } + + } else if (addInput == `save ) { + + string prog = (string) UI::QueryWidget(`id(`prog), `Value); + string prof = (string) UI::QueryWidget(`id(`prof), `Value); + string pid = (string) UI::QueryWidget(`id(`pid), `Value); + string res = (string) UI::QueryWidget(`id(`res), `Value); + string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); + string mode = (string) UI::QueryWidget(`id(`mode), `Label); + string sev = (string) UI::QueryWidget(`id(`sev), `Value); + string expType = (string) UI::QueryWidget(`id(`expType), `Value); + + if ( expType == "csv" ) { + Settings["exporttext"] = "1"; + } else if ( expType == "html" ) { + Settings["exporthtml"] = "1"; + } else if ( expType == "both" ) { + Settings["exporttext"] = "1"; + Settings["exporthtml"] = "1"; + } + + if ( sev == _("All") ) { sev = "-"; } + + Settings["getcron"] = ""; + Settings["prog"] = prog; + Settings["prof"] = prof; + Settings["pid"] = pid; + Settings["sev"] = sev; + Settings["res"] = res; + Settings["sdmode"] = humanStringToMode( sdmode ); + Settings["mode"] = humanStringToMode( mode ); + + any error = (any) SCR::Write(.reports_sched, Settings); + + if (is(error, string)) { + string erStr = tostring(error); + Popup::Error("Error: " + erStr); + } + + addInput = `close; + break; + + } else if ( addInput == `accept ) { + + expPath = (string) UI::QueryWidget(`id(`expPath), `Value); + map fileTest = $[]; + fileTest["checkFile"] = "1"; + fileTest["file"] = expPath; + + any pathExists = SCR::Read(.reports_parse, fileTest); + string spath = tostring(pathExists); + + if ( spath == "1" ) { + Settings["expPath"] = expPath; + UI::ChangeWidget(`id(`expPath), `Value, expPath); + } else { + Popup::Error(_("The specified directory does not exist.")); + } + + } else if ( addInput == `browse ) { + + string selectFile = ""; + selectFile = UI::AskForExistingDirectory( "/", _("Select Directory")); + + if ( selectFile != nil ) { + UI::ChangeWidget(`id(`expPath), `Value, selectFile); + } + + Settings["expPath"] = expPath; + + } else if ( addInput == `cancel || addInput == `close ) { + + addInput = `close; + break; + } + } + + UI::CloseDialog(); + + return; +} + +define void editSchedForm() { + + integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); + string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "")); + + map Settings = $[ ]; + string readSched = "1"; + Settings["name"] = name; + Settings["getcron"] = ""; + Settings["getrep"] = "1"; + Settings["readSched"] = "1"; + Settings["type"] = "schedRep"; + + list itemList = []; + integer key = 1; + + map db = nil; + db = (map) SCR::Read (.reports_sched, Settings ); + string sname = name; // Don't know why this was pulled from db instead of name above + any amday = db["mday"]:nil; + any wday = db["wday"]:nil; + any shour = db["hour"]:nil; + any smins = db["mins"]:nil; + + string oldRepName = sname; + string swday = "All"; + string monthdate = "All"; + + if (amday != nil) { monthdate = tostring(amday); } + if (wday != nil) { swday = tostring(wday); } + + integer ihour = 23; + integer imins = 59; + if (shour != nil) { ihour = tointeger(shour); } + if (smins != nil) { imins = tointeger(smins); } + + // Get reports.conf info + Settings["getrep"] = ""; + Settings["getconf"] = "1"; + map db2 = nil; + db2 = (map) SCR::Read (.reports_sched, Settings ); + + any aemail1 = db2["addr1"]:nil; + any aemail2 = db2["addr2"]:nil; + any aemail3 = db2["addr3"]:nil; + any tmpPath = db2["exportpath"]:nil; + + string email1 = ""; + string email2 = ""; + string email3 = ""; + + string expType = ""; + string expPath = "/var/log/apparmor/reports-exported"; + if ( tmpPath != nil ) { + oldExpPath = tostring(tmpPath); + expPath = oldExpPath; + } else { + oldExpPath = defExpPath; + expPath = oldExpPath; + } + + if (aemail1 != nil) { email1 = tostring(aemail1); } + if (aemail2 != nil) { email2 = tostring(aemail2); } + if (aemail3 != nil) { email3 = tostring(aemail3); } + + /* Get Filtering Info for Report */ + any aprog = db2["prog"]:nil; + any aprof = db2["prof"]:nil; + any apid = db2["pid"]:nil; + any ares = db2["res"]:nil; + any asev = db2["severity"]:nil; + any asdmode = db2["sdmode"]:nil; + any amode = db2["mode"]:nil; + any acsv = db2["csv"]:nil; + any ahtml = db2["html"]:nil; + + /* debug */ + if ( aprog != nil ) { Settings["prog"] = tostring(aprog); } + if ( aprof != nil ) { Settings["prof"] = tostring(aprof); } + if ( apid != nil ) { Settings["pid"] = tostring(apid); } + if ( ares != nil ) { Settings["res"] = tostring(ares); } + if ( asev != nil ) { Settings["sev"] = tostring(asev); } + if ( asdmode != nil ) { Settings["sdmode"] = tostring(asdmode); } + if ( asdmode == nil || asdmode == "-" ) { + Settings["sdmode"] = "All"; + } + if ( amode != nil ) { Settings["mode"] = tostring(amode); } + + if ( acsv != nil && ahtml != nil ) { + expType = "Both"; + Settings["csv"] = "1"; + Settings["html"] = "1"; + } else if ( acsv != nil && ahtml == nil ) { + expType = "csv"; + Settings["csv"] = "1"; + Settings["html"] = ""; + } else if ( acsv == nil && ahtml != nil ) { + expType = "html"; + Settings["csv"] = ""; + Settings["html"] = "1"; + } else if ( acsv == nil && ahtml == nil ) { + expType = "None"; + Settings["csv"] = ""; + Settings["html"] = ""; + } + + // Special handling for sev + string formatSev = ""; + if ( asev != nil ) { formatSev = tostring(asev); } + if ( formatSev != "" && formatSev != "U" && formatSev != "All" && formatSev != nil) { + formatSev = "0" + formatSev; + } + + term continueBtns = + + `HBox( + `PushButton(`id(`cancel), Label::CancelButton() ), + `PushButton(`id(`fwd), _("N&ext") ) + ); + + + // We need secondary filters for SIR reports only + if ( sname == "Executive.Security.Summary" || sname == "Applications.Audit" ) { + + continueBtns = + `HBox( + `PushButton(`id(`cancel), Label::CancelButton() ), + `PushButton(`id(`save), Label::SaveButton() ) + ); + + } + + string edLabel = _("Edit Report Schedule for ") + typeToHumanString(sname); + + UI::OpenDialog( + + `ReplacePoint( `id(`editSchedRep), + + `VBox( + `HBox( `Label(`id(`edname), edLabel) ), + `VSpacing(1), + `HBox( + `ComboBox(`id(`monthdate), `opt(`notify), _("Day of Month"), [ + `item(`id(`md_00), _("All")), + `item(`id(`md_01), "1"), `item(`id(`md_02), "2"), `item(`id(`md_03), "3"), + `item(`id(`md_04), "4"), `item(`id(`md_05), "5"), `item(`id(`md_06), "6"), + `item(`id(`md_07), "7"), `item(`id(`md_08), "8"), `item(`id(`md_09), "9"), + `item(`id(`md_10), "10"), `item(`id(`md_11), "11"), `item(`id(`md_12), "12"), + `item(`id(`md_13), "13"), `item(`id(`md_14), "14"), `item(`id(`md_15), "15"), + `item(`id(`md_16), "16"), `item(`id(`md_17), "17"), `item(`id(`md_18), "18"), + `item(`id(`md_19), "19"), `item(`id(`md_20), "20"), `item(`id(`md_21), "21"), + `item(`id(`md_22), "22"), `item(`id(`md_23), "23"), `item(`id(`md_24), "24"), + `item(`id(`md_25), "25"), `item(`id(`md_26), "26"), `item(`id(`md_27), "27"), + `item(`id(`md_28), "28"), `item(`id(`md_29), "29"), `item(`id(`md_30), "30"), + `item(`id(`md_31), "31") + ]), + `ComboBox(`id(`weekday), `opt(`notify), _("Day of Week"), [ + _("All"), _("Sun"), _("Mon"), _("Tue"), _("Wed"), _("Thu"), _("Fri"), _("Sat") + ]), + `IntField(`id(`hour), _("Hour"), 0, 23, ihour), + `IntField(`id(`mins), _("Minute"), 0, 59, imins) + ), + `VSpacing(1), + `HBox( + `VSpacing(1), + `TextEntry(`id(`email1), `opt(`notify), _("Email Target 1"), email1), + `TextEntry(`id(`email2), `opt(`notify), _("Email Target 2"), email2), + `TextEntry(`id(`email3), `opt(`notify), _("Email Target 3"), email3) + ), + `VSpacing(1), + `HBox( + `VSpacing(0.5), + + // DWR MOD `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [ + `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [ + _("None"), _("csv"), _("html"), _("Both") + ]), + `TextEntry(`id(`expPath), _("Location to store log."), expPath ), + `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) + ), + `VSpacing(1), + continueBtns + ))); + + /**************************************************/ + string mode = _("All"); + string sdmode = _("R"); + + integer timeout_millisec = 20 * 1000; + map event = $[]; + any editInput = nil; + //map Settings = $[ ]; + + //Cheap & easy way to give default value to ComboBox + if (swday != _("All") ) { + UI::ChangeWidget(`id(`weekday), `Value, swday); + } + + if ( monthdate != _("All") ) { + UI::ChangeWidget(`id(`monthdate), `Value, monthdate); + } + + if ( expType != _("None") ) { + UI::ChangeWidget(`id(`expType), `Value, expType); + } + + while( true ) { + + event = UI::WaitForEvent( timeout_millisec ); + editInput = event["ID"]:nil; // We'll need this often - cache it + + if ( editInput == `monthdate && editInput != 0 ) { + UI::ChangeWidget(`id(`weekday), `Value, _("All") ); + } else if ( editInput == `weekday && editInput != _("All") ) { + UI::ChangeWidget(`id(`monthdate), `Value, _("All") ); + } + + if ( editInput == `fwd ) { + + string email1 = (string) UI::QueryWidget(`id(`email1), `Value); + string email2 = (string) UI::QueryWidget(`id(`email2), `Value); + string email3 = (string) UI::QueryWidget(`id(`email3), `Value); + + string spath = "0"; + + expPath = (string) UI::QueryWidget(`id(`expPath), `Value); + map fileTest = $[]; + fileTest["checkFile"] = "1"; + fileTest["file"] = expPath; + + any pathExists = SCR::Read(.reports_parse, fileTest); + spath = tostring(pathExists); + Settings["expPath"] = expPath; + + if ( spath == "1" ) { + + Settings = getSchedSettings(Settings); + UI::ReplaceWidget(`editSchedRep, editFilterForm(Settings) ); + + // Special handling for ComboBoxes (sev) + if ( formatSev != "" ) { UI::ChangeWidget(`id(`sev), `Value, formatSev); } + + } else { + Popup::Error(_("The specified directory does not exist.")); + UI::ChangeWidget(`id(`expPath), `Value, oldExpPath); + } + + } else if ( editInput == `sdmode ) { + + sdmode = popUpSdMode(); + + if ( sdmode != "" ) { + Settings["sdmode"] = sdmode; + UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) )); + } + + } else if ( editInput == `mode ) { + + mode = popUpMode(); + if ( mode != "" ) { + Settings["mode"] = mode; + UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode ))); + } + + } else if ( editInput == `browse ) { + + string selectFile = ""; + selectFile = UI::AskForExistingDirectory( "/", _("Select Directory")); + + if ( selectFile != nil ) { + UI::ChangeWidget(`id(`expPath), `Value, selectFile); + } + + Settings["expPath"] = expPath; + + } else if ( editInput == `close || editInput == `cancel ) { + break; + } else if ( editInput == `save ) { + + string spath = "0"; + + if ( sname == "Executive.Security.Summary" || sname == "Applications.Audit" ) { + + expPath = (string) UI::QueryWidget(`id(`expPath), `Value); + map fileTest = $[]; + fileTest["checkFile"] = "1"; + fileTest["file"] = expPath; + + any pathExists = SCR::Read(.reports_parse, fileTest); + spath = tostring(pathExists); + Settings["expPath"] = expPath; + } else { + // SIR Reports already checked + spath = "1"; + } + + if ( spath != "1" ) { + Popup::Error(_("The specified directory does not exist.")); + UI::ChangeWidget(`id(`expPath), `Value, oldExpPath); + } else { + + + if ( sname != "Executive.Security.Summary" && sname != "Applications.Audit" ) { + + string prog = (string) UI::QueryWidget(`id(`prog), `Value); + string prof = (string) UI::QueryWidget(`id(`prof), `Value); + string pid = (string) UI::QueryWidget(`id(`pid), `Value); + string res = (string) UI::QueryWidget(`id(`res), `Value); + string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); + string mode = (string) UI::QueryWidget(`id(`mode), `Label); + string sev = (string) UI::QueryWidget(`id(`sev), `Value); + + Settings["prog"] = prog; + Settings["prof"] = prof; + Settings["pid"] = pid; + Settings["sev"] = sev; + Settings["res"] = res; + Settings["sdmode"] = humanStringToMode( sdmode ); + Settings["mode"] = humanStringToMode( mode ); + + } else { + + string email1 = (string) UI::QueryWidget(`id(`email1), `Value); + string email2 = (string) UI::QueryWidget(`id(`email2), `Value); + string email3 = (string) UI::QueryWidget(`id(`email3), `Value); + + Settings = getSchedSettings(Settings); + } + + Settings["name"] = sname; + Settings["getconf"] = ""; + Settings["setconf"] = "1"; + + string expType = (string) UI::QueryWidget(`id(`expType), `Value); + + if ( expType == "csv" ) { + Settings["exporttext"] = "1"; + } else if ( expType == "html" ) { + Settings["exporthtml"] = "1"; + } else if ( expType == "both" ) { + Settings["exporttext"] = "1"; + Settings["exporthtml"] = "1"; + } + + any error = (any) SCR::Write(.reports_sched, Settings); + + if (is(error, string)) { + string erStr = tostring(error); + Popup::Error( _("Error: ") + erStr); + } + + break; + }} + // END - Save Dialog (editInput == `save) + } + + UI::CloseDialog(); + + //return (symbol) editInput; + return; +} + +define void delSchedForm() { + + integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); + string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "")); + + map Settings = $[ ]; + Settings["del"] = "1"; + Settings["name"] = name; + + UI::OpenDialog( + + `VBox( + `VSpacing(0.5), + `Label( _("Delete Confirmation") ), + `VSpacing(1), + `HBox( + `HSpacing( `opt(`hstretch), 0.75 ), + `Left(`HWeight( 0, `Label( _("Are you sure you want to delete: ") + name + _("?") ))) + ), + `VSpacing(1), + `HBox( + `PushButton(`id(`cancel), Label::CancelButton() ), + `PushButton(`id(`del), Label::DeleteButton() ) + ) + )); + + symbol delInput = `default; + + while ( delInput != `close ) { + + delInput = (symbol) UI::UserInput(); + + if ( delInput == `del ) { + SCR::Write(.reports_sched, Settings); + //any error = (any) SCR::Write(.reportsched, Settings); + break; + } else if (delInput == `close || delInput == `cancel) { + break; + } + } + + UI::CloseDialog(); + + return; + +} + +// Forces update of the table of available scheduled reports +define void updateSched() { + + map Settings = $[ ]; + string readSched = "1"; + Settings["getcron"] = "1"; + Settings["readSched"] = "1"; + Settings["type"] = "schedRep"; + + list itemList = []; + integer key = 1; + + list db = (list ) SCR::Read (.reports_sched, Settings); + + foreach ( map record, db, { + itemList = add( itemList, `item( `id(key), typeToHumanString( record["name"]:"" ), record["mday"]:nil, record["wday"]:nil, + record["hour"]:nil, record["mins"]:nil )); + key = key + 1; + }); + + term schedForm = + + `VBox( + `Label( _("Schedule Reports") ), + `VSpacing(2), + `HBox( + `VSpacing(10), + `Table(`id(`table), `opt(`notify), `header(_("Report Name"), + _("Day of Month"), _("Day of Week"), _("Hour"), _("Mins")), itemList) + ), + `VSpacing(0.5), + `HBox( + `PushButton(`id(`viewrep), _("View Archive") ), + `PushButton(`id(`runrep), _("Run Now") ) + ), + `HBox( + `PushButton(`id(`add), Label::AddButton() ), + `PushButton(`id(`edit), Label::EditButton() ), + `PushButton(`id(`delete), Label::DeleteButton() ) + ) + ); + + Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm, + mainHelp, Label::BackButton(), Label::NextButton() ); + + return; +} + +define symbol displaySchedForm() { + +// START - Move to separate Routine - START + + map Settings = $[ ]; + string readSched = "1"; + Settings["getcron"] = "1"; + Settings["readSched"] = "1"; + Settings["type"] = "schedRep"; + + list itemList = []; + integer key = 1; + + list db = (list ) SCR::Read (.reports_sched, Settings); + + foreach ( map record, db, { + itemList = add( itemList, `item( `id(key), typeToHumanString( record["name"]:""), record["mday"]:nil, record["wday"]:nil, + record["hour"]:nil, record["mins"]:nil )); + key = key + 1; + }); + + term schedForm = + + `Frame( `id(`dosched), _("Schedule Reports"), + `VBox( + `VSpacing(2), + `HBox( + `VSpacing(10), + `Table(`id(`table), `opt(`notify), `header(_("Report Name"), + _("Day of Month"), _("Day of Week"), _("Hour"), _("Mins")), + itemList) + ), + `VSpacing(0.5), + `HBox( + `PushButton(`id(`viewrep), _("View Archive") ), + `PushButton(`id(`runrep), _("Run Now") ) + ), + `HBox( + `PushButton(`id(`add), Label::AddButton() ), + `PushButton(`id(`edit), Label::EditButton() ), + `PushButton(`id(`delete), Label::DeleteButton() ) + )) + ); + + Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm, + mainHelp, Label::BackButton(), _("&Done") ); + + // Double-click tracking + integer newRecord = nil; + integer lastRecord = nil; + + map event = $[]; + any id = nil; + while( true ) { + + event = UI::WaitForEvent( timeout_millisec ); + + id = event["ID"]:nil; // We'll need this often - cache it + + if ( id == `schedrep ) { + + break; + + } else if ( id == `abort || id == `cancel || id == `done ) { + break; + } else if ( id == `back ) { + break; + } else if ( id == `runrep || id == `viewrep ) { + break; + } else if ( id == `next ) { + id = `done; + break; + } else if ( id == `add ) { + addSchedForm(); + Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm, mainHelp, Label::BackButton(), Label::NextButton() ); + updateSched(); + continue; + + } else if ( id == `edit ) { + editSchedForm(); + updateSched(); + continue; + + } else if ( id == `delete ) { + + integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); + string repName = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "")); + + if ( repName == "Executive.Security.Summary" || repName == "Applications.Audit" || repName == "Security.Incident.Report" ) { + Popup::Error( _("Cannot delete a stock report.") ); + } else { + + delSchedForm(); + updateSched(); + } + + continue; + + } else if ( id == `table ) { + + newRecord = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); + + if ( newRecord == lastRecord ) { + //editSchedForm(); + //updateSched(); + id = `runrep; + break; + newRecord = 0; + } + + lastRecord = newRecord; + + } else { + y2error("Unexpected return code: %1", id); + continue; + } + } + + return (symbol) id; +} + + +} + + --- /dev/null +++ b/src/include/apparmor/reporting_utils.ycp @@ -0,0 +1,609 @@ +/* ------------------------------------------------------------------ +* +* Copyright (C) 2002-2005 Novell/SUSE +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of version 2 of the GNU General Public +* License published by the Free Software Foundation. +* + ------------------------------------------------------------------*/ +{ + +import "Wizard"; +import "Popup"; +import "Label"; +include "subdomain/report_helptext.ycp"; +textdomain "yast2-apparmor"; + +define boolean checkEventDb() { + + boolean dbActivated = false; + map args = $[]; + args["checkDb"] = "1"; + + any dbCheck = (any) SCR::Read( .reports_parse, args); + integer dbOn = tointeger(dbCheck); + + if ( dbOn == 1 ) { + dbActivated = true; + } + + return dbActivated; +} + +define boolean findDupe(string name) { + + boolean unique = false; + map args = $[ ]; + args["name"] = name; + args["getdupe"] = "1"; + any aDupe = (any) SCR::Read (.reports_sched, args ); + + if ( aDupe == "" || aDupe == nil ) { + unique = true; // bad, but try for a non-breaking failure + } else if ( aDupe == 1 ) { + unique = false; + } else { + unique = true; + } + + return unique; +} + +define string unI18n(string weekday) { + + if ( weekday == _("Mon") ) { weekday = "Mon"; } + if ( weekday == _("Tue") ) { weekday = "Tue"; } + if ( weekday == _("Wed") ) { weekday = "Wed"; } + if ( weekday == _("Thu") ) { weekday = "Thu"; } + if ( weekday == _("Fri") ) { weekday = "Fri"; } + if ( weekday == _("Sat") ) { weekday = "Sat"; } + if ( weekday == _("Sun") ) { weekday = "Sun"; } + + return weekday; +} + +/* Possible 'type's for getLastPage() && getLastSirPage() + - displayArchForm(): type = sirRep || audRep || essRep + - displayRunForm(): type = sir || aud || ess +*/ + +// Return last page number of post-filtered report +define integer getLastPage(string type, map Settings, string name) { + + if ( type == "sir" || type == "sirRep" ) { + if ( name != nil && name != "" ) { + Settings["name"] = name; + } else { + y2error(_("No name provided for retrieving SIR report page count.")); + return 1; // return a page count of 1 + } + } + + Settings["type"] = type; + Settings["getLastPage"] = "1"; + map page = $[]; + page = (map) SCR::Read (.reports_parse, Settings); + integer lastPage = page["numPages"]:1; + + return lastPage; +} + +define boolean CheckDate( integer day, integer month, integer year ) ``{ + + list mdays = [ 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 ]; + boolean ret = true; + + if (year == nil || month == nil || day == nil) + return false; + + ret = ret && month>=1 && month<=12; + + if( year%4==0 && (year%100!=0 || year%400==0)) { + mdays[1] = 29; + } + + ret = ret && day>=1 && day<=mdays[month-1]:0; + ret = ret && year>=1970 && year<2032; + return( ret ); + +} + +// Make the table for displaying report data +define term makeSirTable (list reportList) { + term myTable = + `Table(`id(`table), `opt(`keepSorting, `immediate ), `header(_("Host"), + _("Date"), _("Program"), _("Profile"), _("PID"), _("Severity"), + _("Mode Request"), _("Mode Deny"), _("Detail"), _("Event Type"), + _("Operation"), _("Attribute"), _("Additional Name"), _("Net Family"), + _("Net Protocol"), _("Net Socket Type")), reportList + ); + return myTable; +} + +define integer popUpGoto(integer lastPage) { + + UI::OpenDialog( + `VBox( + `HBox( + `TextEntry(`id(`gotoPage), _("Enter a Page to Move to."), "") + ), + `HBox( + `PushButton(`id(`abort), `opt(`notify), Label::AbortButton() ), + `PushButton(`id(`save), `opt(`notify), Label::SaveButton() ) + ) + ) + ); + + map event = $[]; + any id = nil; + integer igoto = nil; + + while( true ) { + + event = UI::WaitForEvent(); + id = event["ID"]:nil; + + if ( id == `abort || id == `close || id == `cancel ) { + + break; + + } else if ( id == `save ) { + + any agoto = UI::QueryWidget(`id(`gotoPage), `Value); + igoto = tointeger(agoto); + + if ( igoto == nil || igoto < 1 || igoto > lastPage ) { + + Popup::Message("You must enter a value between 1 and " + lastPage + "."); + + } else { + + break; + + } + } + } + + UI::CloseDialog(); + + return igoto; +} + +define string getSortId(string type, any sortId) { + + string sortKey = ""; + + + if ( type == "aud" || type == "audRep") { + + if ( sortId == 0 ) { + sortKey = "prog"; + } else if ( sortId == 1 ) { + sortKey = "profile"; + } else if ( sortId == 2 ) { + sortKey = "pid"; + } else if ( sortId == 3 ) { + sortKey = "state"; + } else if ( sortId == 4 ) { + sortKey = "type"; + } + + } else if (type == "ess" || type == "essRep" ) { + + if ( sortId == 0 ) { + sortKey = "host"; + } else if ( sortId == 1 ) { + //sortKey = "date"; + sortKey = "numRejects"; + } else if ( sortId == 2 ) { + sortKey = "numEvents"; + } else if ( sortId == 3 ) { + sortKey = "sevMean"; + } else if ( sortId == 4 ) { + sortKey = "sevHi"; + } + + } else { + + if ( sortId == 0 ) { + sortKey = "host"; + } else if ( sortId == 1 ) { + //sortKey = "date"; + sortKey = "time"; + } else if ( sortId == 2 ) { + sortKey = "prog"; + } else if ( sortId == 3 ) { + sortKey = "profile"; + } else if ( sortId == 4 ) { + sortKey = "pid"; + } else if ( sortId == 5 ) { + sortKey = "resource"; + } else if ( sortId == 6 ) { + sortKey = "severity"; + } else if ( sortId == 7 ) { + sortKey = "sdmode"; + } else if ( sortId == 8 ) { + sortKey = "mode"; + } + + } + + return sortKey; +} + +// Get the name of the filter (header column) to sort by +define string popUpSort(string type) { + + term btnList = nil; + + if ( type == "aud" || type == "audRep") { + btnList = + `VBox( + `Left(`RadioButton(`id(0), _("Program") )), + `Left(`RadioButton(`id(1), _("Profile") )), + `Left(`RadioButton(`id(2), _("PID") )), + `Left(`RadioButton(`id(3), _("State") )), + `Left(`RadioButton(`id(4), _("Type") )) + ); + + } else if (type == "ess" || type == "essRep" ) { + btnList = + `VBox( + `Left(`RadioButton(`id(0), _("Host") )), + `Left(`RadioButton(`id(1), _("Num. Rejects") )), + `Left(`RadioButton(`id(2), _("Num. Events") )), + `Left(`RadioButton(`id(3), _("Ave. Sev") )), + `Left(`RadioButton(`id(4), _("High Sev") )) + ); + } else { + + btnList = + `VBox( + // Sorting by host is no longer meaningful (due to sql changes) + //`Left(`RadioButton(`id(0), _("Host") )), + `Left(`RadioButton(`id(1), _("Date") )), + `Left(`RadioButton(`id(2), _("Program") )), + `Left(`RadioButton(`id(3), _("Profile") )), + `Left(`RadioButton(`id(4), _("PID") )), + `Left(`RadioButton(`id(5), _("Detail") )), + `Left(`RadioButton(`id(6), _("Severity") )), + `Left(`RadioButton(`id(7), _("Access Type") )), + `Left(`RadioButton(`id(8), _("Mode") )) + ); + } + + UI::OpenDialog( + `VBox( + `HBox( + //`HSpacing( `opt(`vstretch), 0.5), + `RadioButtonGroup(`id(`sortKey), + btnList + ) + ), + `HBox( + `PushButton(`id(`abort), Label::AbortButton() ), + `PushButton(`id(`save), Label::SaveButton() ) + ) + ) + ); + + map event = $[]; + any id = nil; + string sortKey = nil; + + while( true ) { + + event = UI::WaitForEvent(); + id = event["ID"]:nil; // We'll need this often - cache it + + if ( id == `abort || id == `cancel || id == `close) { + + break; + + } else if (id == `save ) { + + any sortId = UI::QueryWidget(`id(`sortKey), `CurrentButton); + + /* sortKey needs to match the hash reference names in parseEventLog() + && sortRecords() in Immunix::Reports.pm */ + + sortKey = getSortId(type,sortId); + break; + + } + } + + UI::CloseDialog(); + + return sortKey; + +} + +// Mode +define string popUpMode() { + + string checkMode = (string) UI::QueryWidget(`id(`mode), `Label); + list splitMode = splitstring (checkMode, " "); + string myMode = splitMode[size(splitMode)-1]:"All"; + + UI::OpenDialog( + `VBox( + `HBox( + `CheckBox(`id(`clear), `opt(`notify, `immediate ), _("All"), true), + `CheckBox(`id(`read), `opt(`notify, `immediate ), _("Read"), false), + `CheckBox(`id(`write), `opt(`notify, `immediate ), _("Write"), false), + `CheckBox(`id(`link), `opt(`notify, `immediate ), _("Link"), false), + `CheckBox(`id(`exec), `opt(`notify, `immediate ), _("Execute"), false), + `CheckBox(`id(`mmap), `opt(`notify, `immediate ), _("MMap"), false) + ), + `HBox( + `PushButton(`id(`cancel), Label::CancelButton() ), + `PushButton(`id(`save), Label::SaveButton() ) + ) + ) + ); + + integer isall = search( myMode, "All"); + if ( isall != nil && isall >= 0 ) { + UI::ChangeWidget(`id(`clear), `Value, false); + UI::ChangeWidget(`id(`read), `Value, true); + UI::ChangeWidget(`id(`write), `Value, true); + UI::ChangeWidget(`id(`link), `Value, true); + UI::ChangeWidget(`id(`exec), `Value, true); + UI::ChangeWidget(`id(`mmap), `Value, true); + } else { + if ( search( myMode, "r") != nil ) { + UI::ChangeWidget(`id(`clear), `Value, false); + UI::ChangeWidget(`id(`read), `Value, true); + } + if ( search( myMode, "w") != nil ) { + UI::ChangeWidget(`id(`clear), `Value, false); + UI::ChangeWidget(`id(`write), `Value, true); + } + if ( search( myMode, "l") != nil ) { + UI::ChangeWidget(`id(`clear), `Value, false); + UI::ChangeWidget(`id(`link), `Value, true); + } + if ( search( myMode, "x") != nil ) { + UI::ChangeWidget(`id(`clear), `Value, false); + UI::ChangeWidget(`id(`exec), `Value, true); + } + if ( search( myMode, "m") != nil ) { + UI::ChangeWidget(`id(`clear), `Value, false); + UI::ChangeWidget(`id(`mmap), `Value, true); + } + } + + string mode = ""; + map event = $[]; + any id = nil; + + while( true ) { + + event = UI::WaitForEvent(); + id = event["ID"]:nil; // We'll need this often - cache it + + if ( id == `clear) { + + if ( UI::QueryWidget(`id(`clear), `Value) == true ) { + UI::ChangeWidget(`id(`read), `Value, false); + UI::ChangeWidget(`id(`write), `Value, false); + UI::ChangeWidget(`id(`link), `Value, false); + UI::ChangeWidget(`id(`exec), `Value, false); + UI::ChangeWidget(`id(`mmap), `Value, false); + mode = "All"; + } + + } else if ( id == `read || id == `write || id == `link || id == `exec || id == `mmap ) { + + if ( UI::QueryWidget(`id(`read), `Value) == true ) { + UI::ChangeWidget(`id(`clear), `Value, false); + } else if ( UI::QueryWidget(`id(`write), `Value) == true ) { + UI::ChangeWidget(`id(`clear), `Value, false); + } else if ( UI::QueryWidget(`id(`link), `Value) == true ) { + UI::ChangeWidget(`id(`clear), `Value, false); + } else if ( UI::QueryWidget(`id(`exec), `Value) == true ) { + UI::ChangeWidget(`id(`clear), `Value, false); + } else if ( UI::QueryWidget(`id(`mmap), `Value) == true ) { + UI::ChangeWidget(`id(`link), `Value, false); + } + + } else if ( id == `abort || id == `cancel || id == `close) { + mode = myMode; + break; + } else if ( id == `save ) { + + if ( UI::QueryWidget(`id(`clear), `Value) == true ) { + mode = "All"; + } else { + list sdList = []; + if ( UI::QueryWidget(`id(`read), `Value) == true ) { sdList = add(sdList, "r"); } + if ( UI::QueryWidget(`id(`write), `Value) == true ) { sdList = add(sdList, "w"); } + if ( UI::QueryWidget(`id(`link), `Value) == true ) { sdList = add(sdList, "l"); } + if ( UI::QueryWidget(`id(`exec), `Value) == true ) { sdList = add(sdList, "x"); } + if ( UI::QueryWidget(`id(`mmap), `Value) == true ) { sdList = add(sdList, "m"); } + + foreach ( string perm, sdList, { mode = mode + perm; }); + } + + break; + } + } + + UI::CloseDialog(); + return mode; +} + +// Access Type - SD Mode +define string popUpSdMode() { + + string checkMode = (string) UI::QueryWidget(`id(`sdmode), `Label); + checkMode = filterchars(checkMode, "APRl"); + list splitMode = splitstring (checkMode, " "); + string mySdMode = splitMode[size(splitMode)-1]:"R"; + + UI::OpenDialog( + `VBox( + `HBox( + `CheckBox(`id(`clear), `opt(`notify, `immediate ), _("All"), false), + `CheckBox(`id(`permit), `opt(`notify, `immediate ), _("Permit"), false), + `CheckBox(`id(`reject),`opt(`notify, `immediate ), _("Reject"), false), + `CheckBox(`id(`audit),`opt(`notify, `immediate ), _("Audit"), false) + ), + `HBox( + `PushButton(`id(`cancel), `opt(`notify), Label::CancelButton() ), + `PushButton(`id(`save), `opt(`notify), Label::SaveButton() ) + ) + ) + ); + + if ( mySdMode == "P") { + UI::ChangeWidget(`id(`clear), `Value, false); + UI::ChangeWidget(`id(`permit), `Value, true); + + } else if ( mySdMode == "R") { + UI::ChangeWidget(`id(`clear), `Value, false); + UI::ChangeWidget(`id(`reject), `Value, true); + + } else if ( mySdMode == "A") { + UI::ChangeWidget(`id(`clear), `Value, false); + UI::ChangeWidget(`id(`audit), `Value, true); + + } else if ( mySdMode == "PR" ) { + UI::ChangeWidget(`id(`clear), `Value, false); + UI::ChangeWidget(`id(`permit), `Value, true); + UI::ChangeWidget(`id(`reject), `Value, true); + + } else if (mySdMode == "PA" ) { + UI::ChangeWidget(`id(`clear), `Value, false); + UI::ChangeWidget(`id(`permit), `Value, true); + UI::ChangeWidget(`id(`audit), `Value, true); + + } else if (mySdMode == "PRA" ) { + UI::ChangeWidget(`id(`clear), `Value, false); + UI::ChangeWidget(`id(`permit), `Value, true); + UI::ChangeWidget(`id(`reject), `Value, true); + UI::ChangeWidget(`id(`audit), `Value, true); + + } else if (mySdMode == "RA" ) { + UI::ChangeWidget(`id(`clear), `Value, false); + UI::ChangeWidget(`id(`reject), `Value, true); + UI::ChangeWidget(`id(`audit), `Value, true); + } else if ( mySdMode == "All" ) { + UI::ChangeWidget(`id(`clear), `Value, true); + UI::ChangeWidget(`id(`permit), `Value, false); + UI::ChangeWidget(`id(`reject), `Value, false); + UI::ChangeWidget(`id(`audit), `Value, false); + } + + string sdMode = ""; + map event = $[]; + any id = nil; + + while( true ) { + + event = UI::WaitForEvent(); + id = event["ID"]:nil; + + if ( id == `clear) { + + if ( UI::QueryWidget(`id(`clear), `Value) == true ) { + UI::ChangeWidget(`id(`permit), `Value, false); + UI::ChangeWidget(`id(`reject), `Value, false); + UI::ChangeWidget(`id(`audit), `Value, false); + sdMode = "All"; + } + + } else if ( id == `permit || id == `reject || id == `audit ) { + + if ( UI::QueryWidget(`id(`permit), `Value) == true ) { + UI::ChangeWidget(`id(`clear), `Value, false); + } else if ( UI::QueryWidget(`id(`reject), `Value) == true ) { + UI::ChangeWidget(`id(`clear), `Value, false); + } else if ( UI::QueryWidget(`id(`audit), `Value) == true ) { + UI::ChangeWidget(`id(`clear), `Value, false); + } + + } else if ( id == `cancel ) { + + sdMode = mySdMode; + break; + + } else if ( id == `save ) { + + if ( UI::QueryWidget(`id(`clear), `Value) == true ) { + sdMode = "All"; + } else { + sdMode = ""; + list mList = []; + if ( UI::QueryWidget(`id(`permit), `Value) == true ) { mList = add(mList, "P"); } + if ( UI::QueryWidget(`id(`reject), `Value) == true ) { mList = add(mList, "R"); } + if ( UI::QueryWidget(`id(`audit), `Value) == true ) { mList = add(mList, "A"); } + + foreach ( string state, mList, { sdMode = sdMode + state; }); + } + + break; + } + + } + + UI::CloseDialog(); + return sdMode; +} + +/* For On Demand Reports + - Returns list of terms corresponding to the type of report +***********************************************************************/ +define list getReportList(string type, map Settings) { + + list reportList = []; + + if ( type == "aud" ) { + + list db = (list ) SCR::Read (.reports_confined, Settings); + integer key = 1; + + foreach ( map repdata, db, { + reportList = add( reportList, `item( `id(key), repdata["host"]:nil, repdata["date"]:nil, + repdata["prog"]:nil, repdata["prof"]:nil, repdata["pid"]:nil, repdata["state"]:nil, + repdata["type"]:nil )); + key = key + 1; + }); + + } else if ( type == "ess" ) { + + list db = (list ) SCR::Read (.reports_ess, Settings); + integer key = 1; + + foreach ( map repdata, db, { + reportList = add( reportList, `item( `id(key), repdata["host"]:nil, + repdata["startdate"]:nil, repdata["enddate"]:nil, repdata["numRejects"]:nil, + repdata["numEvents"]:nil, repdata["sevMean"]:nil, repdata["sevHi"]:nil )); + key = key + 1; + }); + + } else { + + list db = (list ) SCR::Read (.logparse, Settings); + integer key = 0; + + foreach ( map record, db, { + reportList = add( reportList, `item( `id(key), + record["host"]:nil, record["date"]:nil, record["prog"]:nil, + record["profile"]:nil, record["pid"]:nil, record["severity"]:nil, + record["mode_req"]:nil, record["mode_deny"]:nil, + record["resource"]:nil, record["sdmode"]:nil, record["op"]:nil, + record["attr"]:nil, record["name_alt"]:nil, record["net_family"]:nil, + record["net_proto"]:nil, record["net_socktype"]:nil + )); + key = key + 1; + }); + + } + + return reportList; +} + +} --- a/src/include/subdomain/Makefile.am +++ /dev/null @@ -1,19 +0,0 @@ -yncludedir = @yncludedir@/subdomain - -ynclude_DATA = \ - apparmor_packages.ycp \ - apparmor_profile_check.ycp \ - apparmor_ycp_utils.ycp \ - capabilities.ycp \ - config_complain.ycp \ - helps.ycp \ - profile_dialogs.ycp \ - report_helptext.ycp \ - reporting_archived_dialogs.ycp \ - reporting_dialogues.ycp \ - reporting_utils.ycp \ - sd-config.ycp - -EXTRA_DIST = \ - $(ynclude_DATA) - --- a/src/include/subdomain/apparmor_packages.ycp +++ /dev/null @@ -1,30 +0,0 @@ -/* - Copyright (C) 2006 Novell Inc. All Rights Reserved. - - This program is free software; you can redistribute it and/or - modify it under the terms of version 2 of the GNU General Public - License published by the Free Software Foundation. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, contact Novell, Inc. - - Written by Steve Beattie - */ - - /* This should probably be more intelligent and query the user once - * whether they want optional packages like apparmor-docs, libapparmor, - * apache2-mod-apparmor and * (eventually) pam-apparmor installed. */ - -import "PackageSystem"; - -list __needed_packages = - ["apparmor-parser", "apparmor-utils", "apparmor-profiles"]; - -define boolean installAppArmorPackages () { - return PackageSystem::CheckAndInstallPackagesInteractive (__needed_packages); -} --- a/src/include/subdomain/apparmor_profile_check.ycp +++ /dev/null @@ -1,52 +0,0 @@ -/* - Copyright (C) 2006 Novell Inc. All Rights Reserved. - - This program is free software; you can redistribute it and/or - modify it under the terms of version 2 of the GNU General Public - License published by the Free Software Foundation. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, contact Novell, Inc. - - */ - - -import "Popup"; -textdomain "yast2-apparmor"; - -define boolean checkProfileSyntax () { - map args = $[]; - string errmsg = "

    "; - boolean syntax_ok = true; - - args["profile-syntax-check"] = "1"; - list errors = (list ) SCR::Execute (.subdomain, "profile-syntax-check" ); - foreach ( string error, errors, ``{ - syntax_ok = false; - errmsg = errmsg + "
  • " + error + "
    • "; - }); - errmsg = errmsg + "
"; - if ( syntax_ok == false ) { - string headline = _("Errors found in AppArmor profiles"); - errmsg = _("

These problems must be corrected before AppArmor can be \ -started or the profile management tools can be used.

") - + "

" + errmsg + "

" - + _("

You can find a description of AppArmor profile syntax by \ -running ") - + "man apparmor.d

" - + _("

Comprehensive documentation about AppArmor is available in \ -the Administration guide. This is available in the \ -directory: ") - + "

" - + "/usr/share/doc/manual/suselinux-manual_LANGUAGE. " - + _("

Please refer to this for more detailed information about \ -AppArmor

"); - Popup::LongText( headline, `RichText(errmsg), 55, 15); - } - return( syntax_ok ); -} --- a/src/include/subdomain/apparmor_ycp_utils.ycp +++ /dev/null @@ -1,679 +0,0 @@ - -/* - Copyright (C) 2007 Novell Inc. All Rights Reserved. - - This program is free software; you can redistribute it and/or - modify it under the terms of version 2 of the GNU General Public - License published by the Free Software Foundation. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, contact Novell, Inc. - - */ - - -import "Label"; -import "Popup"; -import "AppArmorDialogs"; -textdomain "yast2-apparmor"; - - map CMDS = $[ ]; - CMDS["CMD_ALLOW"] = _("&Allow"); - CMDS["CMD_DENY"] = _("&Deny"); - CMDS["CMD_ABORT"] = _("Abo&rt"); - CMDS["CMD_FINISHED"] = Label::FinishButton(); - CMDS["CMD_AUDIT_NEW"] = _("Audi&t"); - CMDS["CMD_AUDIT_OFF"] = _("Audi&t off"); - CMDS["CMD_AUDIT_FULL"] = _("Audit &All"); - CMDS["CMD_OTHER"] = _("&Opts"); - CMDS["CMD_USER_ON"] = _("&Owner permissions on"); - CMDS["CMD_USER_OFF"] = _("&Owner permissions off"); - CMDS["CMD_ix"] = _("&Inherit"); - CMDS["CMD_px"] = _("&Profile"); - CMDS["CMD_px_safe"] = _("&Profile Clean Exec"); - CMDS["CMD_cx"] = _("&Child"); - CMDS["CMD_cx_safe"] = _("&Child Clean Exec"); - CMDS["CMD_nx"] = _("&Name"); - CMDS["CMD_nx_safe"] = _("&Named Clean Exec"); - CMDS["CMD_ux"] = _("&Unconfined"); - CMDS["CMD_ux_safe"] = _("&Unconfined Clean Exec"); - CMDS["CMD_pix"] = _("&Profile ix"); - CMDS["CMD_pix_safe"] = _("&Profile ix Clean Exec"); - CMDS["CMD_cix"] = _("&Child ix"); - CMDS["CMD_cix_safe"] = _("&Child ix Cx Clean Exec"); - CMDS["CMD_nix"] = _("&Name ix"); - CMDS["CMD_nix_safe"] = _("&Name ix"); - CMDS["CMD_EXEC_IX_ON"] = _("i&x fallback on"); - CMDS["CMD_EXEC_IX_OFF"] = _("i&x fallback off"); - CMDS["CMD_CONTINUE"] = _("&Continue Profiling"); - CMDS["CMD_INHERIT"] = _("&Inherit"); - CMDS["CMD_PROFILE"] = _("&Profile"); - CMDS["CMD_UNCONFINED"] = _("&Unconfined"); - CMDS["CMD_NEW"] = _("&Edit"); - CMDS["CMD_GLOB"] = _("&Glob"); - CMDS["CMD_GLOBEXT"] = _("Glob w/E&xt"); - CMDS["CMD_ADDHAT"] = _("&Add Requested Hat"); - CMDS["CMD_USEDEFAULT"] = _("&Use Default Hat"); - CMDS["CMD_SCAN"] = _("&Scan system log for AppArmor events"); - CMDS["CMD_VIEW_PROFILE"] = _("&View Profile"); - CMDS["CMD_USE_PROFILE"] = _("&Use Profile"); - CMDS["CMD_CREATE_PROFILE"] = _("&Create New Profile"); - CMDS["CMD_UPDATE_PROFILE"] = _("&Update Profile"); - CMDS["CMD_IGNORE_UPDATE"] = _("&Ignore Update"); - CMDS["CMD_SAVE_CHANGES"] = _("&Save Changes"); - CMDS["CMD_UPLOAD_CHANGES"] = _("&Upload Changes"); - CMDS["CMD_VIEW_CHANGES"] = _("&View Changes"); - CMDS["CMD_ENABLE_REPO"] = _("&Enable Repository"); - CMDS["CMD_DISABLE_REPO"] = _("&Disable Repository"); - CMDS["CMD_ASK_NEVER"] = _("&Never Ask Again"); - CMDS["CMD_ASK_LATER"] = _("Ask Me &Later"); - CMDS["CMD_YES"] = Label::YesButton(); - CMDS["CMD_NO"] = Label::NoButton(); - - -define boolean validEmailAddress ( string emailAddr, boolean allowlocal ) { - - integer emailAddrLength = size(emailAddr); - boolean isSafe = false; - - if ( allowlocal && regexpmatch( emailAddr, "^\/var\/mail\/\\w+$" )) { - isSafe = true; - } else if ((regexpmatch( emailAddr, "\\w+(-\\w+?)@\\w+" ) || - regexpmatch( emailAddr, "/^(\\w+\.?)+\\w+\@(\\w+\.?)+\\w+$" ) || - regexpmatch( emailAddr, "\\w+@\\w+" ) || - !regexpmatch( emailAddr, "..+" )) && - emailAddrLength < 129 ) { - isSafe = true; - } - return isSafe; -} - -define boolean checkEmailAddress( string emailAddr ) { - - if ( ! validEmailAddress( emailAddr, false ) ) { - string err_email_format = _("Email address format invalid.\nEmail address must be less than 129 characters \n and of the format \"name@domain\". \n Please enter another address."); - Popup::Error( err_email_format ); - return false; - } - return true; -} - - -/** UI_RepositorySignInDialog - * Dialog to allow users to signin or register with an external AppArmor - * profile repository - * - * @param agent_data - data from the backend - * [ repo_url - string ] - * @return answers - map that contains: - * [ newuser => 1|0 - registering a new user? ] - * [ user => username ] - * [ pass => password ] - * [ email => email address - if newuser = 1 ] - * [ save_config => true/false - save this information on ] - * [ the system ] - * - **/ -define map UI_RepositorySignInDialog( map agent_data ) { - string repo_url = (string) agent_data["repo_url"]:"MISSING_REPO_URL"; - term dialog = - `VBox( - `VSpacing(1), - `Top(`Label(_("AppArmor Profile Repository Setup") + "\n" + repo_url)), - `VBox( - `ReplacePoint(`id(`replace), `Empty()) - ), - `VSpacing(1) - ); - - term signin_box = - `VBox( - `HBox( - `HSpacing(1), - `Frame(`id(`signin_frame), _("Sign in to the repository"), - `HBox( - `HSpacing(0.5), - `VBox( - `TextEntry(`id(`username), _("Username")), - `Password(`id(`password), Label::Password()), - `VSpacing(1), - `HBox( - `CheckBox(`id(`save_conf), `opt(`notify), - _("S&ave configuration")), - `HSpacing( 0.5), - `Left(`PushButton(`id(`signin_submit), - _("&Sign in"))), - `Right(`PushButton(`id(`signin_cancel), - Label::CancelButton())), - `HSpacing( 0.5) - ) - ), - `HSpacing(0.5) - ) - ), - `HSpacing(1) - ), - `VSpacing(1), - `PushButton(`id(`newuser), _("&Register new user...")) - ); - - term registration_box = - `VBox( - `HBox( - `HSpacing(1), - `Frame(`id(`register_frame), _("Register New User"), - `HBox( - `HSpacing(0.5), - `VBox( - `TextEntry(`id(`register_username), - _("Enter Username")), - `TextEntry(`id(`register_email), - _("Enter Email Address")), - `Password(`id(`register_password), - _("Enter Password")), - `Password(`id(`register_password2), - _("Verify Password")), - `VSpacing(1), - `HBox( - `HSpacing( 0.2), - `CheckBox(`id(`save_conf_new), `opt(`notify), - _("S&ave configuration")), - `Left(`PushButton(`id(`register_submit), - _("&Register"))), - `Right(`PushButton(`id(`register_cancel), - Label::CancelButton())), - `HSpacing( 0.2) - ) - ), - `HSpacing( 0.5) - ) - ), - `HSpacing(1) - ), - `VSpacing(1), - `PushButton(`id(`signin), _("&Sign in as existing user...")) - ); - - UI::OpenDialog(`opt(`decorated), dialog); - UI::ReplaceWidget(`replace, signin_box); - map answers = $[ ]; - any input = nil; - repeat { - input = UI::UserInput(); - if(input == `newreg) { - boolean new_registration = - (boolean) UI::QueryWidget(`id(`newreg), `Value); - if ( new_registration == true ) { - UI::ChangeWidget(`id(`register_frame), `Enabled, true); - UI::ChangeWidget(`id(`signin_frame), `Enabled, false); - } else { - UI::ChangeWidget(`id(`register_frame), `Enabled, false); - UI::ChangeWidget(`id(`signin_frame), `Enabled, true); - } - } else if(input == `newuser) { - UI::ReplaceWidget(`replace, registration_box); - UI::ChangeWidget(`id(`register_email), `InputMaxLength, 129); - } else if(input == `signin) { - UI::ReplaceWidget(`replace, signin_box); - UI::ChangeWidget(`id(`register_email), `InputMaxLength, 129); - } else if(input == `signin_cancel || input == `register_cancel) { - answers["answer"] = "cancel"; - } else if ( input == `signin_submit ) { - string username = (string) UI::QueryWidget(`id(`username), `Value); - string password = (string) UI::QueryWidget(`id(`password), `Value); - string save_config = - (boolean) UI::QueryWidget(`id(`save_conf), `Value) ? "y": "n"; - - if ( username == "" ) { - Popup::Error(_("Username is required")); - } else if ( password == "" ) { - Popup::Error(_("Password is required")); - } else { - y2milestone("APPARMOR : REPO - signon: \n\tusername [" + - username + - "]\n\tpassword [" + - password + "]"); - answers["newuser"] = "n"; - answers["user"] = username; - answers["pass"] = password; - answers["save_config"] = save_config; - input = `done; - } - } else if ( input == `register_submit ) { - string username = - (string) UI::QueryWidget( `id(`register_username), `Value); - string password = - (string) UI::QueryWidget( `id(`register_password), `Value); - string password_verify = - (string) UI::QueryWidget( `id(`register_password2), `Value); - string email = (string) UI::QueryWidget( `id(`register_email), - `Value ); - string save_config = - (boolean) UI::QueryWidget( `id(`save_conf_new), `Value ) - ? "y": "n"; - - if ( username == "" ) { - Popup::Error( _("Username required for registration." )); - } else if ( email == "" ) { - Popup::Error( _("Email address required for registration." )); - } else if ( password == "" && password_verify == "" ) { - Popup::Error( _("Password is required for registration." )); - } else if ( password != password_verify ) { - Popup::Error( _("Passwords do not match. Please re-enter." )); - } else if ( ! checkEmailAddress( email ) ) { - any dummy = nil; - } else { - y2milestone( - "APPARMOR : REPO - new registration: \n\tusername [" + - username + "]\n\tpassword [" + password + - "]\n\temail [" + email + "]\n\tsave config [" + - save_config + "]" ); - answers["newuser"] = "y"; - answers["pass"] = password; - answers["user"] = username; - answers["email"] = email; - answers["save_config"] = save_config; - input = `done; - } - } else { - y2milestone("APPARMOR : REPO - signon - no valid input[" + - tostring(input) + "]"); - } - } until ((input == `done) || - (input == `register_cancel) || - (input == `signin_cancel)); - if ( input != `done ) { - answers["cancelled"] = "y"; - } - UI::CloseDialog(); - return( answers ); -} - - -/** UI_RepositoryViewProfile - * Dialog to allow users to view a profile from the repository - * and display it in a small scrollable dialog - * - * @param agent_data - map data from the backend - * [ user => string ] - * [ profile => string contiaining profile contents ] - * [ profile_type => string INACTIVE_LOCAL|REPOSITORY ] - * - * @return void - * - **/ - -define void UI_RepositoryViewProfile( map agent_data ) { - - string user = agent_data["user"]:"MISSING USER"; - string profile = agent_data["profile"]:"MISSING PROFILE"; - string type = agent_data["profile_type"]:"MISSING PROFILE"; - - string headline = ""; - if ( type == "INACTIVE_LOCAL" ) { - headline = _("Local inactive profile"); - } else if ( type == "REPOSITORY" ) { - headline = _("Profile created by user ") + user; - } else { - headline = _("Local profile"); - } - - - Popup::LongText ( headline, `RichText(`opt(`plainText), profile), 50, 20 ); -} - - -/** UI_LongMessage - * Basic message dialog that will scroll long text - * @param agent_data - map - data from backend - * [ headline - string ] - * [ message - string ] - * - * @return void - **/ - -define void UI_LongMessage( map agent_data ) { - - any user = agent_data["user"]:nil; - string headline = agent_data["headline"]:"MISSING HEADLINE"; - string message = agent_data["message"]:"MISSING MESSAGE"; - - Popup::LongText(headline,`RichText(`opt(`plainText), message), 60, 40); - -} - - -/** UI_ShortMessage - * Basic message dialog - no scrollbars - * @param agent_data - map - data from backend - * [ headline - string ] - * [ message - string ] - * - * @return void - **/ - -define void UI_ShortMessage( map agent_data ) { - - any user = agent_data["user"]:nil; - string headline = agent_data["headline"]:"MISSING HEADLINE"; - string message = agent_data["message"]:"MISSING MESSAGE"; - - Popup::AnyMessage(headline, message); - -} - -/** UI_ChangeLog_Dialog - * Takes a list of profiles and collects one or multiple changelog entries - * and returns them - * - * @param agent_data - data from the backend - * [ profiles - list of profile names ] - * - * @return results - map - * [ STATUS - string - ok/cancel ] - * [ SINGLE_CHANGELOG - string - set with changelog if user ] - * [ selects a single changelog ] - * - * [ profile 1 name - string - changelog 1 ] - * [ profile 2 name - string - changelog 2 ] - * ... - * [ profile n name - string - changelog n ] - * - **/ -define map UI_ChangeLog_Dialog ( map agent_data ) { - map results = $[]; - string main_label = _("Enter a changelog for the changes for "); - string main_label_single = _(" the selected profiles"); - string checkbox_label = _("Individual changelogs per profile"); - list profiles = agent_data["profiles"]:[]; - - term dialog = `VBox( - `TextEntry(`id(`stringfield), main_label + "\n" + main_label_single), - `CheckBox(`id(`individual_changelogs), `opt(`notify), checkbox_label), - `VSpacing(0.5), - `HBox( - `HWeight(1, `PushButton(`id(`okay), - `opt(`default, - `key_F10), - Label::OKButton())), - `HSpacing(2), - `HWeight(1, `PushButton(`id(`cancel), `opt(`key_F9), Label::CancelButton())) - ) - ); - results["STATUS"] = "ok"; - boolean single_changelog = true; - foreach( string profile_name, profiles, { - UI::OpenDialog(dialog); - if ( !single_changelog ) { - UI::ChangeWidget(`id(`stringfield), - `Label, - main_label + "\n" + - profile_name); - UI::ChangeWidget(`id(`individual_changelogs), `Value, true); - } - UI::SetFocus(`id(`stringfield)); - any input = nil; - repeat { - input = UI::UserInput(); - if ( input == `cancel ) { - results["STATUS"] = "cancel"; - UI::CloseDialog(); - break; - } else if ( input == `okay ) { - if (((boolean) UI::QueryWidget(`id(`individual_changelogs), - `Value)) == false ) { - results["SINGLE_CHANGELOG"] = - (string) UI::QueryWidget(`id(`stringfield), `Value); - UI::CloseDialog(); - } else { - results[profile_name] = - (string) UI::QueryWidget(`id(`stringfield), `Value); - UI::CloseDialog(); - } - } else if ( input == `individual_changelogs ){ - if (((boolean) UI::QueryWidget(`id(`individual_changelogs), - `Value)) == true ) { - UI::ChangeWidget(`id(`stringfield), - `Label, - main_label + "\n" - + profile_name); - single_changelog = false; - } else { - UI::ChangeWidget(`id(`stringfield), - `Label, - main_label + "\n" - + main_label_single); - } - } - } until ( input == `okay || `input == `cancel ); - if ( single_changelog || input == `cancel ) { - break; - } - }); - return( results ); -} - -/** UI_MultiProfileSelectionDialog - * Two pane dialog with a multi-selection box on the left - * and a long text on the right. Allows a list of profiles - * or profile changes to be viewed and selected for further - * processing - for example uploading to the repository - * - * @param agent_data - map - data from backend - * [ title - string - explanation of the forms use ] - * [ get_changelog - string true/false - prompt user to ] - * [ supply changelogs ] - * [ never_ask_again - string true/false - add widget to let ] - * [ user select to never prompt again to ] - * [ upload unselected profiles to the ] - * [ repository ] - * [ default_select - string true/false - default value for ] - * [ profile selection ] - * [ profiles - map ] - * - * @return results - map - * [ STATUS - string - ok/cancel ] - * [ PROFILES - list[string] - list of selected profiles ] - * [ NEVER_ASK_AGAIN - string - true/false - mark unselected ] - * [ profiles as local only and don't prompt ] - * [ to upload ] - * [ CHANGELOG - map[string,string] - changelog data from ] - * [ UI_ChangeLog_Dialog() ] - * - **/ - -define map UI_MultiProfileSelectionDialog( map agent_data ) { - string headline = agent_data["title"]:"MISSING TITLE"; - string explanation = agent_data["explanation"]:"MISSING EXPLANATION"; - boolean default_select = agent_data["default_select"]:false; - boolean get_changelog = agent_data["get_changelog"]:true; - boolean disable_ask_upload = agent_data["disable_ask_upload"]:false; - map profiles = agent_data["profiles"]:$[]; - map results = $[]; - - list profile_list = []; - foreach ( string profile_name, string profile_contents, - (map) profiles, { - profile_list = add( profile_list, `item( `id(profile_name), - profile_name, default_select) ); - }); - - term first_profile = (term) profile_list[0]:nil; - string first_profile_name = first_profile[1]:"MISSING PROFILE NAME"; - string profile_rules = - (string) profiles[first_profile_name]:"MISSING CONTENTS"; - string disable_ask_upload_str = - _("&Don't ask again for unselected profiles"); - map ui_capabilities = UI::GetDisplayInfo(); - boolean in_ncurses = ui_capabilities["TextMode"]:true;; - term profile_contents_text = nil; - term explanation_text = nil; - - if ( in_ncurses ) { - profile_contents_text = - `RichText( `id(`contents),`opt(`plainText), profile_rules); - } else { - profile_contents_text = - `VBox( - `VSpacing(1.25), - `RichText( `id(`contents),`opt(`plainText), profile_rules) - ); - } - term control_widgets = nil; - if ( disable_ask_upload == true ) { - control_widgets = - `VBox( - `CheckBox(`id(`disable_ask_upload), `opt(`notify), - disable_ask_upload_str), - `VSpacing(0.5), - `HBox( - `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))), - `HWeight( 50, `HCenter(`PushButton(`id(`cancel), - Label::CancelButton()))) - ) - ); - } else { - if ( in_ncurses ) { - control_widgets = - `HBox( - `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))), - `HWeight( 50, `HCenter(`PushButton(`id(`cancel), - Label::CancelButton()))) - ); - } else { - control_widgets = - `VBox( - `VSpacing(0.5), - `HBox( - `HWeight( 50, `HCenter(`PushButton(`id(`save), - Label::OKButton()))), - `HWeight( 50, `HCenter(`PushButton(`id(`cancel), - Label::CancelButton()))) - ) - ); - } - } - - UI::OpenDialog( - `VBox( - `VSpacing(0.1), - `VWeight( 15, `Top(`Label(`id(`explanation), explanation))), - `VSpacing(0.2), - `VWeight( 70, - `HBox( - `VSpacing( 1 ), - `HSpacing( 0.5 ), - `Frame( `id(`select_profiles), headline, - `HBox( - `HWeight( 40, `MinSize( 30, 15, - `MultiSelectionBox( `id(`profiles), - `opt(`notify), - _("Profiles"), - profile_list) ) - ), - `HWeight( 60, profile_contents_text ) - ) - ), - `HSpacing( 0.5 ) - ) - ), - `VSpacing( 0.2 ), - `VWeight( 15, control_widgets ), - `VSpacing( 0.2 ) - ) - ); - UI::ChangeWidget( `id(`profiles), `CurrentValue, first_profile_name ); - - map event2 = $[]; - any id2 = nil; - repeat - { - event2 = UI::WaitForEvent (); - id2 = event2["ID"]:nil; - if ( id2 == `profiles ) { - any itemid = UI::QueryWidget( `id(`profiles), `CurrentItem ); - string stritem = tostring( itemid ); - string contents = profiles[stritem]:"MISSING CONTENTS"; - UI::ChangeWidget( `id(`contents), `Value, contents ); - } - } until ( id2 == `save || id2 == `cancel ); - - list selected_profiles = []; - if (id2 == `save) { - list selected_items = - (list) UI::QueryWidget( `id(`profiles), `SelectedItems ); - integer profile_index = 0; - foreach ( any p_name, selected_items, { - selected_profiles[profile_index] = tostring( p_name ); - profile_index = profile_index + 1; - }); - results["STATUS"] = "ok"; - if (get_changelog == true) { - map changelog_results = - UI_ChangeLog_Dialog( $["profiles":selected_profiles] ); - if ( changelog_results["STATUS"]:"cancel" == "cancel" ) { - results["STATUS"] = "cancel"; - } else { - results["CHANGELOG"] = changelog_results; - results["PROFILES"] = selected_profiles; - } - } else { - results["PROFILES"] = selected_profiles; - } - if ( disable_ask_upload == true && - ((boolean) UI::QueryWidget( `id(`disable_ask_upload), `Value )) - == true ) { - results["NEVER_ASK_AGAIN"] = "true"; - } - } else if ( id2 == `cancel ) { - results["STATUS"] = "cancel"; - } - UI::CloseDialog(); - return results; -} - -/** Form_BusyFeedbackDialog - * - * @param agent_data - map - data from backend - * [ title - string - explanation of the forms use ] - * - * @return results - map - * [ STATUS - string - ok/cancel ] - * - **/ - -define term Form_BusyFeedbackDialog( string message ) { - //`MinSize( 10, 4, `Image(`opt(`animated), movie, "animation" ), - //`Image(`opt(`animated), movie, "animation" ), - string movie = - "/usr/share/YaST2/theme/current/animations/ticks-endless.gif"; - term busy_dialog = - `HBox( - //`MinSize( 10, 4, `Image(`opt(`animated), movie, "animation" ) ), - `Image(`opt(`animated), movie, "animation" ), - `Label( message ) - ); - return busy_dialog; -} - -define void UI_BusyFeedbackStart( map agent_data ) { - string message = agent_data["message"]:"MISSING MESSAGE"; - if ( AppArmorDialogs::busy_dialog != nil ) { - UI::CloseDialog(); - } - AppArmorDialogs::busy_dialog = Form_BusyFeedbackDialog( message ); - UI::OpenDialog( AppArmorDialogs::busy_dialog); - return; -} - -define void UI_BusyFeedbackStop( ) { - if ( AppArmorDialogs::busy_dialog != nil ) { - UI::CloseDialog(); - AppArmorDialogs::busy_dialog = nil; - } -} --- a/src/include/subdomain/capabilities.ycp +++ /dev/null @@ -1,310 +0,0 @@ -/* ------------------------------------------------------------------ -* -* Copyright (C) 2002-2005 Novell/SUSE -* -* This program is free software; you can redistribute it and/or -* modify it under the terms of version 2 of the GNU General Public -* License published by the Free Software Foundation. -* - ------------------------------------------------------------------*/ -// -// YCP map containing definitons for Capabiltiies -// -{ - -textdomain "yast2-apparmor"; - -map capdefs = $[ -"chown" : - $[ - "name" : "CAP_CHOWN", - "info" : _("
  • In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, -this overrides the restriction of changing file ownership -and group ownership.
"), - - ], -"dac_override" : - $[ - "name" : "CAP_DAC_OVERRIDE", - "info" : _("
  • Override all DAC access, including ACL execute access if -[_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
"), - - ], -"dac_read_search" : - $[ - "name" : "CAP_DAC_READ_SEARCH", - "info" : _("
  • Overrides all DAC restrictions regarding read and search -on files and directories, including ACL restrictions if [_POSIX_ACL] is defined. -Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
"), - - ], -"fowner" : - $[ - "name" : "CAP_FOWNER", - "info" : _("
  • Overrides all restrictions about allowed operations on files, -where file owner ID must be equal to the user ID, except where CAP_FSETID is -applicable. It doesn't override MAC and DAC restrictions.
"), - - ], -"fsetid" : - $[ - "name" : "CAP_FSETID", - "info" : _("
  • Overrides the following restrictions that the effective user -ID shall match the file owner ID when setting the S_ISUID and S_ISGID bits on that -file; that the effective group ID (or one of the supplementary group IDs) shall match -the file owner ID when setting the S_ISGID bit on that file; that the S_ISUID and -S_ISGID bits are cleared on successful return from chown(2) (not implemented).
"), - - ], -"kill" : - $[ - "name" : "CAP_KILL", - "info" : _("
  • Overrides the restriction that the real or effective user ID -of a process sending a signal must match the real or effective user ID of the process -receiving the signal.
"), - - ], -"setgid" : - $[ - "name" : "CAP_SETGID", - "info" : _("
  • Allows setgid(2) manipulation
  • Allows setgroups(2)
    • -
  • Allows forged gids on socket credentials passing.
"), - - ], -"setuid" : - $[ - "name" : "CAP_SETUID", - "info" : _("
  • Allows setuid(2) manipulation (including fsuid)
    • -
  • Allows forged pids on socket credentials passing.
"), - - ], -"setpcap" : - $[ - "name" : "CAP_SETPCAP", - "info" : _("
  • Transfer any capability in your permitted set to any pid, -remove any capability in your permitted set from any pid
"), - - ], -"linux_immutable" : - $[ - "name" : "CAP_LINUX_IMMUTABLE", - "info" : _("
  • Allows modification of S_IMMUTABLE and S_APPEND file attributes
"), - - ], -"net_bind_service" : - $[ - "name" : "CAP_NET_BIND_SERVICE", - "info" : _("
  • Allows binding to TCP/UDP sockets below 1024
    • -
  • Allows binding to ATM VCIs below 32
"), - - ], -"net_broadcast" : - $[ - "name" : "CAP_NET_BROADCAST", - "info" : _("
  • Allows broadcasting, listen to multicast
"), - - ], -"net_admin" : - $[ - "name" : "CAP_NET_ADMIN", - "info" : _("
  • Allows interface configuration
    • -
  • Allows administration of IP firewall, masquerading and accounting
    • -
  • Allows setting debug option on sockets
    • -
  • Allows modification of routing tables
    • ") + - -_("
  • Allows setting arbitrary process / process group ownership on sockets
    • -
  • Allows binding to any address for transparent proxying
    • -
  • Allows setting TOS (type of service)
    • -
  • Allows setting promiscuous mode
    • -
  • Allows clearing driver statistics
    • ") + - -_("
  • Allows multicasting
    • -
  • Allows read/write of device-specific registers
    • -
  • Allows activation of ATM control sockets
    • -
"), - - ], -"net_raw" : - $[ - "name" : "CAP_NET_RAW", - "info" : _("
  • Allows use of RAW sockets
    • -
  • Allows use of PACKET sockets
"), - - ], -"ipc_lock" : - $[ - "name" : "CAP_IPC_LOCK", - "info" : _("
  • Allows locking of shared memory segments
    • -
  • Allows mlock and mlockall (which doesn't really have anything to do with IPC)
"), - - ], -"ipc_owner" : - $[ - "name" : "CAP_IPC_OWNER", - "info" : _("
  • Override IPC ownership checks
"), - - ], -"sys_module" : - $[ - "name" : "CAP_SYS_MODULE", - "info" : _("
  • Insert and remove kernel modules - modify kernel without limit
    • -
  • Modify cap_bset
"), - - ], -"sys_rawio" : - $[ - "name" : "CAP_SYS_RAWIO", - "info" : _("
  • Allows ioperm/iopl access
    • -
  • Allows sending USB messages to any device via /proc/bus/usb
"), - - ], -"sys_chroot" : - $[ - "name" : "CAP_SYS_CHROOT", - "info" : _("
  • Allows use of chroot()
"), - - ], -"sys_ptrace" : - $[ - "name" : "CAP_SYS_PTRACE", - "info" : _("
  • Allows ptrace() of any process
"), - - ], -"sys_pacct" : - $[ - "name" : "CAP_SYS_PACCT", - "info" : _("
  • Allows configuration of process accounting
"), - - ], -"sys_admin" : - $[ - "name" : "CAP_SYS_ADMIN", - "info" : _("
  • Allows configuration of the secure attention key
    • -
  • Allows administration of the random device
    • -
  • Allows examination and configuration of disk quotas
    • -
  • Allows configuring the kernel's syslog (printk behaviour)
    • ") + - -_("
  • Allows setting the domain name
    • -
  • Allows setting the hostname
    • -
  • Allows calling bdflush()
    • -
  • Allows mount() and umount(), setting up new smb connection
    • -
  • Allows some autofs root ioctls
    • ") + - -_("
  • Allows nfsservctl
    • -
  • Allows VM86_REQUEST_IRQ
    • -
  • Allows to read/write pci config on alpha
    • -
  • Allows irix_prctl on mips (setstacksize)
    • -
  • Allows flushing all cache on m68k (sys_cacheflush)
    • ") + - -_("
  • Allows removing semaphores
    • -
  • Used instead of CAP_CHOWN to \"chown\" IPC message queues, semaphores and shared memory
    • -
  • Allows locking/unlocking of shared memory segment
    • -
  • Allows turning swap on/off
    • -
  • Allows forged pids on socket credentials passing
    • ") + - -_("
  • Allows setting read ahead and flushing buffers on block devices
    • -
  • Allows setting geometry in floppy driver
    • -
  • Allows turning DMA on/off in xd driver
    • -
  • Allows administration of md devices (mostly the above, but some extra ioctls)
    • ") + - -_("
  • Allows tuning the ide driver
    • -
  • Allows access to the nvram device
    • -
  • Allows administration of apm_bios, serial and bttv (TV) device
    • -
  • Allows manufacturer commands in isdn CAPI support driver
    • ") + - -_("
  • Allows reading non-standardized portions of pci configuration space
    • -
  • Allows DDI debug ioctl on sbpcd driver
    • -
  • Allows setting up serial ports
    • -
  • Allows sending raw qic-117 commands
    • ") + - -_("
  • Allows enabling/disabling tagged queuing on SCSI controllers - and sending arbitrary SCSI commands
    • -
  • Allows setting encryption key on loopback filesystem
"), - - ], -"sys_boot" : - $[ - "name" : "CAP_SYS_BOOT", - "info" : _("
  • Allows use of reboot()
"), - - ], -"sys_nice" : - $[ - "name" : "CAP_SYS_NICE", - "info" : _("
  • Allows raising priority and setting priority on other (different UID) processes
    • -
  • Allows use of FIFO and round-robin (realtime) scheduling on own processes and setting -the scheduling algorithm used by another process.
    • -
  • Allows setting cpu affinity on other processes
"), - ], -"sys_resource" : - $[ - "name" : "CAP_SYS_RESOURCE", - "info" : _("
  • Override resource limits. Set resource limits.
    • -
  • Override quota limits.
    • -
  • Override reserved space on ext2 filesystem
    • -
  • Modify data journaling mode on ext3 filesystem (uses journaling resources)
    • ") + - -_("
  • NOTE: ext2 honors fsuid when checking for resource overrides, so you can override using fsuid too
    • -
  • Override size restrictions on IPC message queues
    • -
  • Allows more than 64hz interrupts from the real-time clock
    • -
  • Override max number of consoles on console allocation
    • -
  • Override max number of keymaps
"), - ], -"sys_time" : - $[ - "name" : "CAP_SYS_TIME", - "info" : _("
  • Allows manipulation of system clock
    • -
  • Allows irix_stime on mips
    • -
  • Allows setting the real-time clock
"), - ], -"sys_tty_config" : - $[ - "name" : "CAP_SYS_TTY_CONFIG", - "info" : _("
  • Allows configuration of tty devices
    • -
  • Allows vhangup() of tty
"), - ], -"mknod" : - $[ - "name" : "CAP_MKNOD", - "info" : _("
  • Allows the privileged aspects of mknod()
"), - ], -"lease" : - $[ - "name" : "CAP_LEASE", - "info" : _("
  • Allows taking of leases on files
"), - ], -]; - - -map linnametolp = $[ -"CAP_CHOWN" : "chown", -"CAP_DAC_OVERRIDE" : "dac_override", -"CAP_DAC_READ_SEARCH" : "dac_read_search", -"CAP_FOWNER" : "fowner", -"CAP_FSETID" : "fsetid", -"CAP_KILL" : "kill", -"CAP_SETGID" : "setgid", -"CAP_SETUID" : "setuid", -"CAP_SETPCAP" : "setpcap", -"CAP_LINUX_IMMUTABLE" : "linux_immutable", -"CAP_NET_BIND_SERVICE" : "net_bind_service", -"CAP_NET_BROADCAST" : "net_broadcast", -"CAP_NET_ADMIN" : "net_admin", -"CAP_NET_RAW" : "net_raw", -"CAP_IPC_LOCK" : "ipc_lock", -"CAP_IPC_OWNER" : "ipc_owner", -"CAP_SYS_MODULE" : "sys_module", -"CAP_SYS_RAWIO" : "sys_rawio", -"CAP_SYS_CHROOT" : "sys_chroot", -"CAP_SYS_PTRACE" : "sys_ptrace", -"CAP_SYS_PACCT" : "sys_pacct", -"CAP_SYS_ADMIN" : "sys_admin", -"CAP_SYS_BOOT" : "sys_boot", -"CAP_SYS_NICE" : "sys_nice", -"CAP_SYS_RESOURCE" : "sys_resource", -"CAP_SYS_TIME" : "sys_time", -"CAP_SYS_TTY_CONFIG" : "sys_tty_config", -"CAP_MKNOD" : "mknod", -"CAP_LEASE" : "lease", -]; -} --- a/src/include/subdomain/config_complain.ycp +++ /dev/null @@ -1,227 +0,0 @@ -/* ------------------------------------------------------------------ -* -* Copyright (C) 2002-2005 Novell/SUSE -* -* This program is free software; you can redistribute it and/or -* modify it under the terms of version 2 of the GNU General Public -* License published by the Free Software Foundation. -* - ------------------------------------------------------------------*/ - -{ -textdomain "yast2-apparmor"; - -import "Label"; - -string modeHelp = _("

Profile Mode Configuration
This tool allows -you to set AppArmor profiles to either complain or enforce mode.

") + - -_("

Complain mode is a profile training state that logs application -activity. All the violations of the AppArmor profile rules are logged -(into /var/log/audit/audit.log file), but still permitted, so -that application's behavior is not restricted.

") + - -_("

With the profile in enforce mode, application is protected by -AppArmor. The profile rules are enforced and their violation is logged, -but not permitted (e.g. an application cannot access files, unless it is -permitted to do so by the profile).

"); - -boolean showAll = false; // Button for showing active or all profiles - -define void updateComplain(any id, string profile, string mode, boolean showAll) { - - boolean error = false; - map profCmd = $[ ]; - - if (id == `allEnforce || id == `allComplain) { - profCmd["all"] = "1"; - } else if ( profile != "" ) { - profCmd["profile"] = profile; - } else { - Popup::Error( _("Couldn't recognize profile name: ") + profile ); - return; - } - - if ( id == `toggle && mode != "" ) { - // Reverse modes for toggling - if ( mode == "enforce" ) { - profCmd["mode"] = "complain"; - } else if (mode == "complain") { - profCmd["mode"] = "enforce"; - } else { - error = true; - Popup::Error( _("Couldn't recognize mode: ") + mode ); - } - } else if ( id != `toggle ) { - profCmd["mode"] = mode; - } - - if ( showAll == true ) { - profCmd["showall"] = "1"; - } else { - profCmd["showall"] = "0"; - } - - SCR::Write(.complain, profCmd); - - return; -} - -define list getRecordList(boolean showAll) { - - map Settings = $[ ]; - Settings["list"] = "1"; - - if ( showAll == true ) { - Settings["showall"] = "1"; - } else { - Settings["showall"] = "0"; - } - - list recList = []; - integer key = 1; - - // restarts ag_complain agent if necessary - list db = nil; - while ( db == nil ) { - db = (list ) SCR::Read (.complain, Settings); - } - - foreach ( map record, db, { - recList = add( recList, `item( `id(key), record["name"]:nil, record["mode"]:nil )); - key = key + 1; - }); - - return recList; -} - -define term getProfModeForm(list recList, boolean showAll ) { - - term allBtn = `PushButton(`id(`showAll), _("Show All Profiles") ); - string allText = _("Configure Mode for Active Profiles"); - - if ( showAll && showAll == true ) { - allBtn = `PushButton(`id(`showAct), _("Show Active Profiles") ); - allText = _("Configure Mode for All Profiles"); - } - - term modeForm = - - `Frame( `id(`changeMode), allText, - //`Frame( `id(`changeMode), _("Configure Profile Mode"), - `VBox( - `VSpacing(2), - `HBox( - `VSpacing(10), - `Table(`id(`table), `opt(`notify), `header(_("Profile Name"), _("Mode")), recList) - ), - `VSpacing(0.5), - `HBox( - allBtn, - `PushButton(`id(`toggle), _("Toggle Mode") ), - `PushButton(`id(`allEnforce), _("Set All to Enforce") ), - `PushButton(`id(`allComplain), _("Set All to Complain") ) - )) - ); - - return modeForm; -} - -define term updateModeConfigForm(boolean showAll) { - - list recList = getRecordList(showAll); - term newModeForm = getProfModeForm(recList, showAll); - - return newModeForm; -} - -// Profile Mode Configuration -- Sets Complain and Enforce Behavior -define symbol profileModeConfigForm() { - - list recList = getRecordList(showAll); - term modeForm = getProfModeForm(recList, showAll); - Wizard::CreateDialog(); - Wizard::SetContentsButtons( _("Profile Mode Configuration"), modeForm, modeHelp, Label::BackButton(), _("&Done") ); - - map event = $[]; - any id = nil; - boolean modified = false; - - while( true ) { - - event = UI::WaitForEvent(); - - id = event["ID"]:nil; // We'll need this often - cache it - string profile = nil; - string mode = nil; - - if ( id == `abort || id == `cancel || id == `back ) { - break; - - } else if ( id == `next ) { - integer ret = -1; - if ( modified ) - ret = (integer) SCR::Execute (.target.bash, "/sbin/rcsubdomain reload > /dev/null 2>&1"); - else { - y2milestone("No change to Apparmor profile modes - nothing to do."); - break; - } - if ( ret == 0) - y2milestone("Apparmor profiles reloaded succesfully."); - else - y2error("Reloading Apparmor profiles failed with exit code %1", ret); - - break; - } else if ( id == `showAll ) { - - showAll = true; - Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") ); - continue; - - } else if ( id == `showAct ) { - - showAll = false; - Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") ); - continue; - - } else if ( id == `toggle) { - integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); - profile = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); - mode = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 2, ""); - - updateComplain(id, profile, mode, showAll); - modified = true; - Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") ); - continue; - - } else if ( id == `allEnforce || id == `allComplain) { - - profile = ""; - - if ( id == `allEnforce ) { - mode = "enforce"; - } else { - mode = "complain"; - } - - updateComplain(id, profile, mode, showAll); - modified = true; - Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") ); - continue; - - } else if ( id == `table ) { - - Popup::Message( _("Please select an action to perform from the buttons below.") ); - - } else { - y2error("Unexpected return code: %1", id); - break; - } - } - - Wizard::CloseDialog(); // new - return (symbol) id; -} - -/* EOF */ -} --- a/src/include/subdomain/helps.ycp +++ /dev/null @@ -1,219 +0,0 @@ -/* ------------------------------------------------------------------ -* -* Copyright (C) 2002-2005 Novell/SUSE -* -* This program is free software; you can redistribute it and/or -* modify it under the terms of version 2 of the GNU General Public -* License published by the Free Software Foundation. -* - ------------------------------------------------------------------*/ - -{ - -textdomain "yast2-apparmor"; - -/* START Help Section -************************************************************/ -map helps = $[ - "EventNotifyHelpText" : - _("

The Security Event Notification screen enables you to setup email -alerts for security events. In the following steps, specify how often -alerts are sent, who receives the alert, and how severe the security -event must be to send an alert.

") + - - _("

Notification Types
Terse Notification: -Terse notification summarizes the total number of system events without -providing details.
For example:
dhcp-101.up.wirex.com has -had 10 security events since Tue Oct 12 11:10:00 2004

") + - - _("

Summary Notification: The Summary notification displays -the logged AppArmor security events, and lists the number of -individual occurrences, including the date of the last occurrence. -
For example:
SubDomain: PERMITTING access to capability -'setgid' (httpd2-prefork(6347) profile /usr/sbin/httpd2-prefork -active /usr/sbin/httpd2-prefork) 2 times, the latest at Sat Oct 9 16:05:54 2004. -

") + - - _("

Verbose Notification: The Verbose notification displays -unmodified, logged AppArmor security events. It tells you every time -an event occurs and writes a new line in the Verbose log. These -security events include the date and time the event occurred, when -the application profile permits access as well as rejects access, -and the type of file permission access that is permitted or rejected.

") + - - _("

Verbose Notification also reports several messages that -the logprof tool uses to interpret profiles.
For example:
- Oct 9 15:40:31 SubDomain: PERMITTING r access to -/etc/apache2/httpd.conf (httpd2-prefork(6068) profile -/usr/sbin/httpd2-prefork active /usr/sbin/httpd2-prefork)

") + - - "
    " + _("
  1. For each notification type that you would like -enabled, select the frequency of notification that you would -like. For example, if you select 1 day from the -pull-down list, you will be sent daily notifications of -security events, if they occur.
    2. ") + - - _("
  2. Enter the email address of those who should receive -the Terse, Summary, or Verbose notifications.If there is no local -SMTP server configured to distribute e-mails from this host to the -domain you entered, enter for example @localhost -and enable to receive system mail, if it is not -a root user.
    3. ") + - - _("
  3. Select the lowest severity level for which a notification -should be sent. Security events will be logged and the notifications -will be sent at the time indicated by the interval when events are -equal or greater than the selected severity level. If the interval -is 1 day, the notification will be sent daily, if security events -occur.") + - - _("Severity Levels: These are numbered 1 through 10, -10 being the most severe security incident. The severity.db -file defines the severity level of potential security events. -The severity levels are determined by the importance of -different security events, such as certain resources accessed -or services denied.
    4. ") + - - _("
  4. Select Include unknown security events if -you would like to include events that are not rated with a severity number.
    5. ") + - "
", -// ---------------------------- - "profileWizard" : - _("AppArmor Profiling Wizard
") + - _("This wizard presents entries generated by the AppArmor access control module. -You can generate highly optimized and robust security profiles -by using the suggestions made by AppArmor.") + - - _("AppArmor suggests that you allow or deny access to specific resources -or define execute permission for entries. Questions -that display were logged during the normal application -execution test previously performed.
") + - - _("The following help text describes the detail of the security profile -syntax used by AppArmor.

At any stage, you may -customize the profile entry by changing the suggested response. -This overview will assist you in your options. Refer to the -Novell AppArmor Administration Guide for step-by-step -instructions.

") + - - _("Access Modes
") + - _("File permission access modes consists of combinations of the following six modes:") + - - "
    " + - _("
  • r - read
    • ") + - _("
  • w - write
    • ") + - _("
  • m - mmap PROT_EXEC
    • ") + - _("
  • px - discrete profile execute
    • ") + - _("
  • ux - unconfined execute
    • ") + - _("
  • ix - inherit execute
    • ") + - _("
  • l - link
    • ") + "
" + - - _("Details for Access Modes") + - "

" + - - _("Read mode
") + - _("Allows the program to have read access to the -resource. Read access is required for shell scripts -and other interpreted content, and determines if an -executing process can core dump or be attached to with -ptrace(2). (ptrace(2) is used by utilities such as -strace(1), ltrace(1), and gdb(1).)") + - "

" + - - _("Write mode
") + - _("Allows the program to have write access to the -resource. Files must have this permission if they are -to be unlinked (removed.)") + - "

" + - - _("Mmap PROT_EXEC mode
") + - _("Allows the program to call mmap with PROT_EXEC on the -resource.") + - "

" + - - _("Unconfined execute mode
") + - _("Allows the program to execute the resource without any -AppArmor profile being applied to the executed -resource. Requires listing execute mode as well. -Incompatible with Inherit and Discrete Profile execute -entries.") + - "

" + - - _("This mode is useful when a confined program needs to -be able to perform a privileged operation, such as -rebooting the machine. By placing the privileged section -in another executable and granting unconfined -execution rights, it is possible to bypass the mandatory -constraints imposed on all confined processes. -For more information on what is constrained, see the -subdomain(7) man page.") + - "

" + - - _("Discrete Profile execute mode
") + - _("This mode requires that a discrete security profile is -defined for a resource executed at a AppArmor domain -transition. If there is no profile defined then the -access will be denied. Incompatible with Inherit and -Unconstrained execute entries.") + - "

" + - - _("Link mode
") + - _("Allows the program to be able to create and remove a -link with this name (including symlinks). When a link -is created, the file that is being linked to MUST have -the same access permissions as the link being created -(with the exception that the destination does not have -to have link access.) Link access is required for -unlinking a file.") + - "

" + - - _("Globbing") + - "

" + - _("File resources may be specified with a globbing syntax -similar to that used by popular shells, such as csh(1), -bash(1), zsh(1).") + - "
" + - - "
    " + - _("
  • * can substitute for any number of characters, except '/'
  • ") + - _("
  • ** can substitute for any number of characters, including '/'
    • ") + - _("
  • ? can substitute for any single character except '/'
    • ") + - _("
  • [abc] will substitute for the single character a, b, or c
    • ") + - _("
  • [a-c] will substitute for the single character a, b, or c
    • ") + - _("
  • {ab,cd} will expand to one rule to match ab, one rule to match cd
    • ") + - "
" + - - _("Clean Exec - for sanitized execution") + - "

" + - _("The Clean Exec option for the discrete profile and unconstrained -execute permissions provide added security by stripping the -environment that is inherited by the child program of specific -variables. You will be prompted to choose whether you want to sanitize the -environment if you choose 'p' or 'u' during the profiling process. -The variables are:") + - - "
    " + - "
  • GCONV_PATH
    • " + - "
  • GETCONF_DIR
    • " + - "
  • HOSTALIASES
    • " + - "
  • LD_AUDIT
    • " + - "
  • LD_DEBUG
    • " + - "
  • LD_DEBUG_OUTPUT
    • " + - "
  • LD_DYNAMIC_WEAK
    • " + - "
  • LD_LIBRARY_PATH
    • " + - "
  • LD_ORIGIN_PATH
    • " + - "
  • LD_PRELOAD
    • " + - "
  • LD_PROFILE
    • " + - "
  • LD_SHOW_AUXV
    • " + - "
  • LD_USE_LOAD_BIAS
    • " + - "
  • LOCALDOMAIN
    • " + - "
  • LOCPATH
    • " + - "
  • MALLOC_TRACE
    • " + - "
  • NLSPATH
    • " + - "
  • RESOLV_HOST_CONF
    • " + - "
  • RES_OPTION
    • " + - "
  • TMPDIR
    • " + - "
  • TZDIR
", - - ]; -} --- a/src/include/subdomain/profile_dialogs.ycp +++ /dev/null @@ -1,1147 +0,0 @@ -/* ------------------------------------------------------------------ -* -* Copyright (C) 2002-2005 Novell/SUSE -* -* This program is free software; you can redistribute it and/or -* modify it under the terms of version 2 of the GNU General Public -* License published by the Free Software Foundation. -* - ------------------------------------------------------------------*/ -{ -import "Wizard"; -import "Popup"; -import "Label"; -import "Map"; -include "subdomain/capabilities.ycp"; -textdomain "yast2-apparmor"; - -// Globalz -integer timeout_millisec = 20 * 1000; -map Settings = $[ - "CURRENT_PROFILE" : "" -]; - - -define map capabilityEntryPopup( map capmap, - string linuxcapname, - string profile ) { - map results = $[]; - string lpname = linnametolp[linuxcapname]:""; - map cdef = capdefs[lpname]:nil; - list caplist = []; - boolean capbool = false; - foreach( string clname, string clpname, (map) linnametolp, { - if ( capmap[clpname]:nil != nil) capbool = true; - caplist = add( caplist, `item( `id(clname), clname, capbool) ); - capbool = false; - }); - string info = (string) cdef["info"]:_("Capability Selection. -
Select desired capabilities for this profile. -Select a Capability name to see information about the capability."); - string frametitle = " " + _("Capabilities enabled for the profile") + " " + profile + " "; - UI::OpenDialog( - `VBox( - `HSpacing( 75 ), - `VSpacing( `opt(`hstretch), 1 ), - `HBox( - `VSpacing( 20 ), - `HSpacing( 0.5 ), - `Frame( frametitle, - `HBox( - `HWeight( 30, - `MultiSelectionBox( `id(`caps), `opt(`notify), _("Capabilities"), caplist) - ), - `HWeight( 60, `RichText( `id(`captext), info) ) - ) - ), - `HSpacing( 0.05 ) - ), - `VSpacing( 0.5 ), - `HBox( - `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))), - `HWeight( 50, `HCenter(`PushButton(`id(`cancel), Label::CancelButton()))) - ), - `VSpacing( `opt(`hstretch), 0.5 ) - ) - ); - - if ( linuxcapname != "" ) { - UI::ChangeWidget( `id(`caps), `CurrentItem, linuxcapname ); - } - - map event2 = $[]; - any id2 = nil; - repeat - { - event2 = UI::WaitForEvent( timeout_millisec ); - id2 = event2["ID"]:nil; // We'll need this often - cache it - if ( id2 == `caps ) { - any itemid = UI::QueryWidget( `id(`caps), `CurrentItem ); - list selecteditems = (list) UI::QueryWidget( `id(`caps), `SelectedItems ); - string stritem = tostring( itemid ); - string capindex = linnametolp[stritem]:""; - map cdf = capdefs[capindex]:nil; - string cdfi = cdf["info"]:""; - UI::ChangeWidget( `id(`captext), `Value, cdfi ); - } - } until ( id2 == `save || id2 == `cancel ); - - map newcapmap = $[]; - if ( id2 == `save ) { - list selectedcaps = (list) UI::QueryWidget( `id(`caps), `SelectedItems ); - string s = ""; - foreach( any cpname, selectedcaps, { - s = linnametolp[tostring(cpname)]:""; - newcapmap = add( newcapmap, s, $["audit":0, "set":1]); - }); - } - UI::CloseDialog(); - if ( id2 == `cancel ) { - return capmap; - } - return newcapmap; -} - - -define string networkEntryPopup( string rule ) { - integer listnum = 0; - list netlist = splitstring( rule, " " ); - integer netrulesize = size( netlist ); - string family = ""; - string sockettype = ""; - if ( netrulesize == 1 ) { - family = "All"; - } else if ( netrulesize == 2 ) { - family = netlist[1]:""; - } else if ( netrulesize == 3 ) { - family = netlist[1]:""; - sockettype = netlist[2]:""; - } - - list famList = [ - `item( `id( `allfam ), _("All") ), - `item( `id( `inet ), "inet" ), - `item( `id( `inet6 ), "inet6" ), - `item( `id( `ax25 ), "ax25" ), - `item( `id( `ipx ), "ipx" ), - `item( `id( `appletalk ), "appletalk" ), - `item( `id( `netrom ), "netrom" ), - `item( `id( `bridge ), "bridge" ), - `item( `id( `atmpvc ), "atmpvc" ), - `item( `id( `x25 ), "x25" ), - `item( `id( `rose ), "rose" ), - `item( `id( `netbeui ), "netbeui" ), - `item( `id( `security ), "security" ), - `item( `id( `key ), "key" ), - `item( `id( `packet ), "packet" ), - `item( `id( `ash ), "ash" ), - `item( `id( `econet ), "econet" ), - `item( `id( `atmsvc ), "atmsvc" ), - `item( `id( `sna ), "sna" ), - `item( `id( `irda ), "irda" ), - `item( `id( `ppox ), "pppox" ), - `item( `id( `wanpipe ), "wanpipe" ), - `item( `id( `bluetooth ), "bluetooth" ), - ]; - - list typeList = [ - `item( `id( `alltype ), _("All") ), - `item( `id( `stream ), "stream" ), - `item( `id( `dgram ), "dgram" ), - `item( `id( `seqpacket ), "seqpacket" ), - `item( `id( `rdm ), "rdm" ), - `item( `id( `raw ), "raw" ), - `item( `id( `packet ), "packet" ), - `item( `id( `dccp ), "dccp" ), - ]; - - map results = $[]; - - UI::OpenDialog( - `VBox( - `VSpacing( 1 ), - `HBox( - `HCenter( `ComboBox( `id(`famItems), - `opt(`notify), - _("Network Family"), - famList - ) - ), - `HSpacing(`opt(`hstretch), 0.2), - `HCenter( `ComboBox( `id(`typeItems), - `opt(`notify), - _("Socket Type"), - typeList - ) - ) - ), - `VSpacing(1), - `HBox( - `HCenter(`PushButton(`id(`cancel), Label::CancelButton())), - `HCenter(`PushButton(`id(`save), Label::SaveButton())) - ), - `VSpacing(0.5) - ) - ); - - if ( rule == "" || family == "All" ) { - UI::ChangeWidget( `famItems, `Value, `allfam ); - UI::ChangeWidget( `typeItems, `Value, `alltype ); - UI::ChangeWidget( `typeItems, `Enabled, false ); - } else { - if ( family != "" ) { - UI::ChangeWidget( `famItems, `Value, symbolof(toterm(family)) ); - } - if ( sockettype != "" ) { - UI::ChangeWidget( `typeItems, `Value, symbolof(toterm(sockettype)) ); - } - } - map event2 = $[]; - any id2 = nil; // We'll need this often - cache it - repeat - { - event2 = UI::WaitForEvent( timeout_millisec ); - id2 = event2["ID"]:nil; // We'll need this often - cache it - if ( id2 == `famItems ) { - if ( UI::QueryWidget( `famItems, `Value ) == `allfam ) { - UI::ChangeWidget( `typeItems, `Value, `alltype ); - UI::ChangeWidget( `typeItems, `Enabled, false ); - } else { - UI::ChangeWidget( `typeItems, `Enabled, true ); - } - } - } until ( id2 == `save || id2 == `cancel ); - if ( id2 == `save ) { - rule = "network"; - symbol famselection = (symbol) UI::QueryWidget( `famItems, `Value ); - symbol typeselection = (symbol) UI::QueryWidget( `typeItems, `Value ); - if ( famselection != `allfam ) { - rule = rule + " " + substring( tostring(famselection), 1); - if ( typeselection != `alltype ) { - rule = rule + " " + substring( tostring(typeselection), 1); - } - } - } else { - rule = ""; - } - UI::CloseDialog(); - return rule; -} - - -// -// Popup the Edit Profile Entry dialog -// return a map containing PERM and FILE -// for the updated permissions and filename -// for the profile entry -// - -define map pathEntryPopup( string filename, string perms, string profile, string filetype ) { - map results = $[]; - UI::OpenDialog( - `VBox( - `VSpacing( `opt(`hstretch), 1 ), - `HSpacing( 45 ), - `HBox( - `VSpacing( 10 ), - `HSpacing( 0.75 ), - `Frame( _("Profile Entry For ") + profile, - `HBox( - `HWeight( 60, - `VBox( - `TextEntry(`id(`filename), _("Enter or modify Filename")), - `HCenter(`PushButton(`id(`browse), _("&Browse") )) - ) - ), - `HWeight( 40, - `MultiSelectionBox( `id(`perms), `opt(`notify), _("Permissions"), - [ `item( `id(`read), _("Read"), issubstring(perms, "r")), - `item( `id(`write), _("Write"), issubstring(perms, "w")), - `item( `id(`link), _("Link"), issubstring(perms, "l")), - `item( `id(`append), _("Append"), issubstring(perms, "a")), - `item( `id(`lock), _("Lock"), issubstring(perms, "k")), - `item( `id(`mmap), _("MMap PROT_EXEC"), issubstring(perms, "m")), - `item( `id(`execute), _("Execute"), issubstring(perms, "x")), - `item( `id(`inherit), _("Inherit"), issubstring(perms, "i")), - `item( `id(`profile), _("Profile"), issubstring(perms, "p")), - `item( `id(`clean_profile), _("Profile Clean Exec"), issubstring(perms, "P")), - `item( `id(`unconstrained), _("Unconstrained"), issubstring(perms, "u")), - `item( `id(`clean_unconstrained), _("Unconstrained Clean Exec"), issubstring(perms, "U")) - ] - ) - ) - ) - ), - `HSpacing( 0.75 ) - ), - `VSpacing( 0.5 ), - `HBox( - `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))), - `HWeight( 50, `HCenter(`PushButton(`id(`cancel), Label::CancelButton()))) - ), - `VSpacing( `opt(`hstretch), 0.5 ) - ) - ); - UI::ChangeWidget(`id(`filename), `Value, filename); - map event2 = $[]; - any id2 = nil; // We'll need this often - cache it - repeat - { - event2 = UI::WaitForEvent( timeout_millisec ); - id2 = event2["ID"]:nil; // We'll need this often - cache it - - // - // Something clicked in the 'perms list - // - if ( id2 == `perms ) { - any itemid = UI::QueryWidget( `id(`perms), `CurrentItem ); - list selecteditems = (list) UI::QueryWidget( `id(`perms), `SelectedItems ); - if ( itemid == `execute ) { - // - // If we turn off Execute bit then also - // turn off execute modifiers - // - if ( contains( selecteditems, `execute ) == false ) { - if ( contains( selecteditems, `inherit )) { - selecteditems = filter (any k, selecteditems, { return (k != `inherit); }); - UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); - } - if ( contains( selecteditems, `profile )) { - selecteditems = filter (any k, selecteditems, { return (k != `profile); }); - UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); - } - if ( contains( selecteditems, `unconstrained )) { - selecteditems = filter (any k, selecteditems, { return (k != `unconstrained); }); - UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); - } - if ( contains( selecteditems, `clean_unconstrained )) { - selecteditems = filter (any k, selecteditems, { return (k != `clean_unconstrained); }); - UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); - } - if ( contains( selecteditems, `clean_profile )) { - selecteditems = filter (any k, selecteditems, { return (k != `clean_profile); }); - UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); - } - } else if (!( contains( selecteditems, `inherit ) || - contains( selecteditems, `unconstrained ) || - contains( selecteditems, `clean_unconstrained ) || - contains( selecteditems, `clean_profile ) || - contains( selecteditems, `profile )) - ) { - //if you just select X alone then by default you get P - selecteditems = prepend( selecteditems, `profile); - UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); - } - } - - // - // Execute modifier is selected - // -- if Execute is NOT ON then turn Execute ON - // -- ensure that only one modifier is selected. - // - if (( contains( selecteditems, `inherit ) || - contains( selecteditems, `clean_unconstrained ) || - contains( selecteditems, `clean_profile ) || - contains( selecteditems, `unconstrained ) || - contains( selecteditems, `profile )) ) { - if ( contains( selecteditems, `execute ) == false ) { - selecteditems = prepend( selecteditems, `execute); - UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems ); - } else if ( itemid == `profile ) { - selecteditems = filter (any k, - selecteditems, - { return (k != `inherit); }); - selecteditems = filter (any k, - selecteditems, - { return (k != `clean_unconstrained); }); - selecteditems = filter (any k, - selecteditems, - { return (k != `clean_profile); }); - selecteditems = filter (any k, - selecteditems, - { return (k != `unconstrained); }); - UI::ChangeWidget( `id(`perms), - `SelectedItems, - selecteditems ); - } else if ( itemid == `inherit ) { - selecteditems = filter (any k, - selecteditems, - { return (k != `profile); }); - selecteditems = filter (any k, - selecteditems, - { return (k != `unconstrained); }); - selecteditems = filter (any k, - selecteditems, - { return (k != `clean_unconstrained); }); - selecteditems = filter (any k, - selecteditems, - { return (k != `clean_profile); }); - UI::ChangeWidget( `id(`perms), - `SelectedItems, - selecteditems ); - } else if ( itemid == `unconstrained ) { - selecteditems = filter (any k, - selecteditems, - { return (k != `profile); }); - selecteditems = filter (any k, - selecteditems, - { return (k != `inherit); }); - selecteditems = - filter (any k, - selecteditems, - { return (k != `clean_unconstrained); }); - selecteditems = filter (any k, - selecteditems, - { return (k != `clean_profile); }); - UI::ChangeWidget( `id(`perms), - `SelectedItems, - selecteditems ); - } else if ( itemid == `clean_unconstrained ) { - selecteditems = filter (any k, - selecteditems, - { return (k != `profile); }); - selecteditems = filter (any k, - selecteditems, - { return (k != `inherit); }); - selecteditems = filter (any k, - selecteditems, - { return (k != `unconstrained); }); - selecteditems = filter (any k, - selecteditems, - { return (k != `clean_profile); }); - UI::ChangeWidget( `id(`perms), - `SelectedItems, - selecteditems ); - } else if ( itemid == `clean_profile ) { - selecteditems = filter (any k, - selecteditems, - { return (k != `profile); }); - selecteditems = filter (any k, - selecteditems, - { return (k != `inherit); }); - selecteditems = - filter (any k, - selecteditems, - { return (k != `clean_unconstrained); }); - selecteditems = filter (any k, - selecteditems, - { return (k != `unconstrained); }); - UI::ChangeWidget( `id(`perms), - `SelectedItems, - selecteditems ); - } - } else if ( contains( selecteditems, `execute) ) { - selecteditems = filter (any k, - selecteditems, - { return (k != `execute); }); - UI::ChangeWidget( `id(`perms), - `SelectedItems, - selecteditems ); - } - } - // - // Popup a dialog to let a user browse for a file - // - if ( id2 == `browse ) { - string selectfilename = ""; - if ( filetype == "dir" ) { - selectfilename = UI::AskForExistingDirectory( "/", _("Select Directory")); - } else { - selectfilename = UI::AskForExistingFile( "/", "", _("Select File")); - } - if ( selectfilename != nil ) { - UI::ChangeWidget(`id(`filename), `Value, selectfilename); - } - } - } until ( id2 == `save || id2 == `cancel ); - - if ( id2 == `cancel ) { - UI::CloseDialog(); - return nil; - } - - // - // Update table values - // - if ( id2 == `save ) { - list selectedbits = (list) UI::QueryWidget( `id(`perms), `SelectedItems ); - string newperms = ""; - if ( contains( selectedbits, `write ) ) { - newperms = newperms + "w" ; - } - if ( contains(selectedbits, `mmap ) ) { - newperms = newperms + "m" ; - } - if ( contains(selectedbits, `read ) ) { - newperms = newperms + "r" ; - } - if ( contains(selectedbits, `link ) ) { - newperms = newperms + "l" ; - } - if ( contains(selectedbits, `lock ) ) { - newperms = newperms + "k" ; - } - if ( contains(selectedbits, `append ) ) { - newperms = newperms + "a" ; - } - if ( contains(selectedbits, `execute) ) { - if ( contains(selectedbits, `profile) ) { - newperms = newperms + "p" ; - } else if ( contains(selectedbits, `inherit) ) { - newperms = newperms + "i" ; - } else if ( contains(selectedbits, `unconstrained) ) { - newperms = newperms + "u" ; - } else if ( contains(selectedbits, `clean_unconstrained) ) { - newperms = newperms + "U" ; - } else if ( contains(selectedbits, `clean_profile) ) { - newperms = newperms + "P" ; - } - newperms = newperms + "x" ; - } - filename = tostring( UI::QueryWidget(`id(`filename), `Value) ); - UI::CloseDialog(); - if ( filename == "" || newperms == "" ) { - Popup::Error(_("Entry will not added. Entry name or permissions not defined.")); - results = nil; - } else { - results = $[ "PERM": newperms, "FILE": filename ]; - } - } - return results; -} - -define map fileEntryPopup( string filename, string perms, string profile ) { - return (map) pathEntryPopup( filename, perms, profile, "file" ); -} - -define map dirEntryPopup( string filename, string perms, string profile ) { - return (map) pathEntryPopup( filename, perms, profile, "dir" ); -} - - -define map deleteNetworkRule( map netRules, string rule ) { - map audit = netRules["audit"]:$[]; - map rules = netRules["rule"]:$[]; - list netlist = splitstring( rule, " " ); - integer netrulesize = size( netlist ); - string family = ""; - string sockettype = ""; - - if ( netrulesize == 1 ) { - audit = $[]; - rules = $[]; - } else if ( netrulesize == 2 ) { - family = netlist[1]:""; - audit = remove( audit, family ); - rules = remove( rules, family ); - } else if ( netrulesize == 3 ) { - family = netlist[1]:""; - sockettype = netlist[2]:""; - map a = audit[family]:$[]; - map r = rules[family]:$[]; - a = remove(a, sockettype); - r = remove(r, sockettype); - audit[family] = a; - rules[family] = r; - /*any fam = netRules[family]:nil; - if ( is( fam, map ) ) { - fam = remove( ((map) fam), sockettype ); - netRules[family] = fam; - } else { - y2warning("deleteNetworkRule: deleting non-existing rule: " + - rule); - }*/ - } - return $["audit" : audit, "rule" : rules]; -} - -define map addNetworkRule( map netRules, string rule ) { - map audit = netRules["audit"]:$[]; - map rules = netRules["rule"]:$[]; - list netlist = splitstring( rule, " " ); - integer netrulesize = size( netlist ); - string family = ""; - string sockettype = ""; - - if ( netrulesize == 1 ) { - return ( $["audit" : $["all":1], "rule" : $["all" :1] ] ); - } - else{ - if (haskey(audit, "all") && haskey(rules, "all")) { - audit = remove(audit, "all"); - rules = remove(rules, "all"); - } - - if ( netrulesize == 2 ) { - family = netlist[1]:""; - audit[family] = 0; - rules[family] = 1; - } else if ( netrulesize == 3 ) { - family = netlist[1]:""; - sockettype = netlist[2]:""; - audit[family] = add(audit[family]:$[], sockettype,0); - rules[family] = add(rules[family]:$[], sockettype,1); - } - /*any any_fam = netRules[family]:nil; - map fam = nil; - if ( is( any_fam, map ) ) { - fam = (map) any_fam; - } - if ( fam == nil ) { - fam = $[]; - } - fam[sockettype] = "1"; - netRules[family] = fam;*/ - } - return $[ "audit": audit, "rule": rules]; -} - -define map editNetworkRule( map netRules, string old, string new ) { - netRules = deleteNetworkRule( netRules, old ); - netRules = addNetworkRule( netRules, new ); - return( netRules ); -} - -// -// generateTableContents - generate the list that is used in the table to display the profile -// - -define list generateTableContents( map paths, map network, map caps, map includes, map hats ) { - list newlist = []; - - integer indx = 0; - - foreach( string hatname, any hat, (map) hats, { - newlist = add( newlist, `item( `id(indx), "[+] ^"+ hatname, "")); - indx = indx+1; }); - - foreach( string incname, integer incval, (map) includes, { - newlist = add( newlist, `item( `id(indx), "#include " +incname, "")); - indx = indx+1; }); - - foreach( string capname, map capval, (map) caps, { - map capdef = capdefs[capname]:nil; - newlist = add( newlist, `item( `id(indx), capdef["name"]:"", "")); - indx = indx+1; }); - - foreach( string name, map val, (map) paths, { - string mode = (string) SCR::Execute(.subdomain_profiles.mode_to_string, val["mode"]:0); - newlist = add( newlist, `item( `id(indx), name, mode)); - indx = indx+1; }); - - map rules = network["rule"]:$[]; - foreach( string family, any any_fam, (map) rules, { - if ( is( any_fam, map ) ) { - foreach( string socktype, any any_type, (map) any_fam, { - newlist = add( newlist, - `item( `id(indx), - "network " + family + " " + socktype, - "" - ) - ); - indx = indx+1; - }); - } else { - // Check for all network - if ( family == "all" ) { - newlist = add( newlist, - `item( `id(indx), - "network", - "" - ) - ); - indx = indx+1; - } else { - newlist = add( newlist, - `item( `id(indx), - "network " + family, - "" - ) - ); - indx = indx+1; - } - } - }); - return newlist; -} - - -define map collectHats(map profile, string pathname ) { - map hats = $[]; - y2debug("collecting hats for " + pathname); - if( profile != nil){ - foreach( string resname, any resource, (map) profile, { - if ( resname != pathname ) { - map hat = tomap(resource); - if ( hat != nil ) { - y2debug("HAT " + resname); - hats = add(hats, resname, resource); - } - } - }); - } - return hats; -} - - -// -// Prompts the user for a hatname -// Side-Effect: sets Settings["CURRENT_HAT"] -// returns true (hat entered) -// false (user aborted) -// -define boolean newHatNamePopup(string parentProfile, map currentHats ) { - -term intro = `VBox( - `Top( - `VBox( - `VSpacing(1), - `Left(`Label( _("Please enter the name of the Hat that you would like \nto add to the profile") + " " + parentProfile + ".")), - `VSpacing(0.5), - `Left( - `TextEntry( - `id(`hatname), - _("&Hat name to add"), - "" - ) - ), - `VSpacing(`opt(`vstretch), 0.25) - ) - ), - `HBox( - `HSpacing(`opt(`hstretch), 0.1), - `HCenter(`PushButton(`id(`create), _("&Create Hat"))), - `HCenter(`PushButton(`id(`abort), Label::AbortButton())), - `HSpacing(`opt(`hstretch), 0.1), - `VSpacing(1) - ) - ); - - UI::OpenDialog(intro); - UI::SetFocus(`id(`hatname)); - while (true) { - any input = Wizard::UserInput(); - if(input == `create) { - string hatname = (string) UI::QueryWidget(`id(`hatname), `Value); - // Check for no application entry in the dialog - if ( hatname == "" ) { - Popup::Error(_("You have not given a name for the hat you want to add.\nPlease -enter a hat name to create a new hat, or press Abort to cancel this wizard.")); - } else if ( haskey( currentHats, hatname ) ) { - Popup::Error(_("The profile already contains the provided hat name. -Please enter a different name to try again, or press Abort to cancel this wizard.")); - } else { - Settings["CURRENT_HAT"] = hatname; - UI::CloseDialog(); - return true; - } - } else { - UI::CloseDialog(); - return false; - } - } -} - -define symbol DisplayProfileForm(string pathname, boolean hat) { - map profile_map = (map) Settings["PROFILE_MAP"]:$[]; - map profile = (map) profile_map[pathname]:$[]; - map hats = $[]; - if ( !hat ) { - hats = collectHats( profile_map, pathname ); - } - map paths = (map) profile["allow","path"]:$[]; - map caps = (map) profile["allow","capability"]:$[]; - map includes = (map) profile["include"]:$[]; - map netdomain = (map) profile["allow", "netdomain"]:$[]; - list profilelist = generateTableContents( paths, - netdomain, - caps, - includes, - hats ); - - - // FIXME: format these texts better - - /* help text */ - string help1 = _("

In this form you can view and modify the contents of an individual profile. -For existing entries you can double click the permissions to access a modification dialog.

"); - - /* help text */ - string help2 = _("

Permission Definitions:
r - read
-w -write
l - link
m - mmap PROT_EXEC
k - file locking
-a - file append
x - execute
i - inherit
p - discrete profile
-P - discrete profile
(*clean exec)
u - unconstrained
-U -unconstrained
(*clean exec)

"); - - /* help text */ - string help3 = _("

Add Entry:
Select the type of resource to add from the drop down list.

"); - - /* help text - part x1 */ - string help4 = _("

  • File
    Add a file entry to this profile
    • "); - /* help text - part x2 */ - string help5 = _("
  • Directory
    Add a directory entry to this profile
    • "); - /* help text - part x3 */ - string help6 = _("
  • Capability
    Add a capability entry to this profile
    • "); - /* help text - part x4 */ - string help7 = _("
  • Include
    Add an include entry to this profile. This option -includes the profile entry contents of another file in this profile at load time.
    • "); - /* help text - part x5 */ - string help_net = _("
  • Network Entry
    Add a network rule entry to this profile. -This option will allow you to specify network access privileges for the profile. -You may specify a network address family and socket type.
    • "); - /* help text - part x6 */ - string helpHat = _("
  • Hat
    Add a sub-profile for this profile - called a Hat. -This option is analogous to manually creating a new profile, which can selected -during execution only in the context of being asked for by a changehat aware -application. For more information on changehat please see man changehat on your -system or the Novell AppArmor Administration Guide.
    • "); - /* help text - part x7 */ - string helpEdit = _("

Edit Entry:
Edit the selected entry.

"); - - /* help text */ - string help8 = _("

Delete Entry:
Removes the selected entry from this profile.

"); - - /* help text - part y1 */ - string help9 = _("

*Clean Exec
The Clean Exec option for the discrete profile -and unconstrained execute permissions provide added security by stripping the environment -that is inherited by the child program of specific variables. These variables are:"); - /* help text - part y2 */ - string help10 = "

  • GCONV_PATH
  • GETCONF_DIR
  • HOSTALIASES
  • LD_AUDIT
  • LD_DEBUG
  • LD_DEBUG_OUTPUT
  • LD_DYNAMIC_WEAK
  • LD_LIBRARY_PATH
  • LD_ORIGIN_PATH
  • LD_PRELOAD
  • LD_PROFILE
  • LD_SHOW_AUXV
  • LD_USE_LOAD_BIAS
  • LOCALDOMAIN
  • LOCPATH
  • MALLOC_TRACE
  • NLSPATH
  • RESOLV_HOST_CONF
  • RES_OPTION
  • TMPDIR
  • TZDIR

"; - - - integer listnum = 0; - list itemList = [ `item( `id( `file ), _("&File") ), - `item( `id( `net ), _("Network &Rule") ), - `item( `id( `dir ), _("&Directory") ), - `item( `id( `cap ), _("&Capability") ), - `item( `id( `include ), _("&Include File") ), - ]; - - - string mainLabel = ""; - - if ( hat ) { - mainLabel = _("AppArmor profile ") + Settings["CURRENT_PROFILE"]:"" + "^" + pathname; - } else { - itemList = add(itemList,`item( `id( `hat ), _("&Hat") )); - mainLabel = _("AppArmor profile for ") + pathname ; - } - // Define the widget contents - // for the Wizard - term contents_main_profile_form = - `VBox( - `Label(mainLabel), - `HBox( - `VSpacing(10), - `Table(`id(`table), `opt(`notify, `immediate ), `header(_("File Name"), _("Permissions")), profilelist) - ), - `VSpacing(0.5), - `HBox( - `HSpacing(`opt(`hstretch), 0.1), - `HCenter( `MenuButton(`id(`addMenu), _("Add Entry"), itemList)), - `HCenter(`PushButton(`id(`edit), _("&Edit Entry"))), - `HCenter(`PushButton(`id(`delete), _("&Delete Entry"))), - `HSpacing(`opt(`hstretch), 0.1), - `VSpacing(1) - ), - `VSpacing(1) - ); - string help = ""; - string formtitle = ""; - if ( hat ) { - help = help1 + help2 + help3 + help4 + help5 + help6 + help7 + help_net + help8 + helpEdit + help9 + help10; - formtitle = _("AppArmor Hat Dialog"); - } else { - help = help1 + help2 + help3 + help4 + help5 + help6 + help7 + help_net + helpHat + helpEdit + help8 + help9 + help10; - formtitle = _("AppArmor Profile Dialog"); - } - Wizard::SetContentsButtons( formtitle, contents_main_profile_form, help, Label::BackButton(), _("&Done") ); - - - - map event = $[]; - any id = nil; - while( true ) - { - event = UI::WaitForEvent( timeout_millisec ); - id = event["ID"]:nil; // We'll need this often - cache it - integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); - if ( (( id == `table ) && (event["EventReason"]:nil == "Activated" )) || - ( id == `edit) ) - { - // Widget activated in the table - string rule = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); - integer findcap = find( rule, "CAP_"); - integer findinc = find( rule, "#include"); - integer findhat = find( rule, "[+] ^"); - integer findnet = find( rule, "network"); - string oldrule = rule; - if ( findcap == 0 ) { - caps = capabilityEntryPopup( caps, rule, pathname ); - profile["allow", "capability"] = caps; - } else if ( findinc == 0 ) { - Popup::Error(_("Include entries can not be edited. Please select add or delete to manage Include entries.")); - continue; - } else if ( findhat == 0 ) { - string hatToEdit = substring( rule, 5); - Settings["CURRENT_HAT"] = hatToEdit; - return `showhat; - } else if ( findnet == 0 ) { - string newrule = networkEntryPopup( rule ); - if ( newrule != "" && newrule != rule ) { - netdomain = editNetworkRule( netdomain, rule, newrule ); - } - profile["allow","netdomain"] = netdomain; - } else { - string perms = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 2, ""); - map results = fileEntryPopup( rule, perms, pathname ); - integer newperms = 0; - newperms = (integer) SCR::Execute(.subdomain_profiles.string_to_mode, results["PERM"]:""); - rule = results["FILE"]:""; - if ( rule != "" ) { - if ( rule != oldrule ) { - paths = remove( paths, oldrule ); - } - paths = add(paths, rule, $[ "audit": 0, "mode": newperms]); - profile["allow","path"] = paths; - } - } - profile_map[pathname] = profile; - Settings["PROFILE_MAP"] = profile_map; - list profilelist = generateTableContents( paths, - netdomain, - caps, - includes, - hats ); - UI::ChangeWidget( `id(`table), `Items, profilelist ); - UI::ChangeWidget( `id(`table), `CurrentItem, itemselected ); - } else if ( id == `delete ) { - string rule = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); - integer findcap = find( rule, "CAP_"); - integer findinc = find( rule, "#include"); - integer findhat = find( rule, "[+] ^"); - integer findnet = find( rule, "network"); - - if ( findcap == 0 ) { - string capNameToDelete = linnametolp[rule]:""; - caps = remove( caps, capNameToDelete ); - profile["allow", "capability"] = caps; - } else if ( findinc == 0 ) { - string includeToRemove = substring( rule, 9); - includes = remove( includes, includeToRemove ); - profile["include"] = includes; - } else if ( findhat == 0 ) { - string hatToRemove = substring( rule, 5); - hats = remove( hats, hatToRemove); - profile_map = remove( profile_map, hatToRemove ); - } else if ( findnet == 0 ) { - netdomain = deleteNetworkRule( netdomain, rule ); - profile["allow","netdomain"] = netdomain; - } else { - paths = remove( paths, rule ); - profile["allow","path"] = paths; - } - profile_map[pathname] = profile; - Settings["PROFILE_MAP"] = profile_map; - list profilelist = generateTableContents( paths, - netdomain, - caps, - includes, - hats ); - UI::ChangeWidget( `id(`table), `Items, profilelist ); - UI::ChangeWidget( `id(`table), `CurrentItem, (itemselected == 0) ? 0 : itemselected -1 ); - } else if ( id == `file || id == `dir ) { - string addfname = ""; - integer addperms = 0; - map newentry = nil; - if ( id == `dir ) { - newentry = dirEntryPopup( "", "", pathname ); - } else { - newentry = fileEntryPopup( "", "", pathname ); - } - if ( newentry == nil ) { - continue; - } - addfname = newentry["FILE"]:""; - addperms = (integer) SCR::Execute(.subdomain_profiles.string_to_mode, newentry["PERM"]:""); - // Make sure that the entry doesn't already exist - paths = add( paths, addfname, $["audit":0, "mode": addperms] ); - profile["allow","path"] = paths; - profile_map[pathname] = profile; - Settings["PROFILE_MAP"] = profile_map; - list profilelist = generateTableContents( paths, - netdomain, - caps, - includes, - hats ); - UI::ChangeWidget( `id(`table), `Items, profilelist ); - UI::ChangeWidget( `id(`table), `CurrentItem, itemselected ); - } else if ( id == `cap ) { - caps = capabilityEntryPopup( caps, "", pathname ); - profile["allow","capability"] = caps; - profile_map[pathname] = profile; - Settings["PROFILE_MAP"] = profile_map; - list profilelist = generateTableContents( paths, - netdomain, - caps, - includes, - hats ); - UI::ChangeWidget( `id(`table), `Items, profilelist ); - } else if ( id == `hat ) { - if ( hat ) { - Popup::Error(_("Hats can not have embedded hats.")); - } - boolean hatCreated = newHatNamePopup( pathname, hats ); - if ( hatCreated == true ) { - return `showhat; - } - } else if ( id == `include ) { - list customIncludes = (list ) SCR::Read(.subdomain, "custom-includes"); - string newInclude = UI::AskForExistingFile( "/etc/apparmor.d/abstractions", "", _("Select File To Include")); - if ( newInclude == nil || (string)newInclude == "" ) { - continue; - } - list validIncludes = [ "/etc/apparmor.d/abstractions", "/etc/apparmor.d/program-chunks", "/etc/apparmor.d/tunables" ]; - foreach( string incPath, customIncludes, { - validIncludes = add( validIncludes, "/etc/apparmor.d/" + incPath); - }); - - integer result = 0; - boolean includePathOK = false; - foreach( string pathToCheck, (list) validIncludes, { - result = find (newInclude, pathToCheck); - if ( result != -1 ) { - includePathOK = true; - } - }); - - if ( ! includePathOK ) { - string pathListMsg = ""; - foreach( string pathItem, (list) validIncludes, { - pathListMsg = pathListMsg + "\n " + pathItem; - }); - Popup::Error(_("Invalid #include file. Include files must be located in one of these directories: \n") + pathListMsg ); - } else { - string includeName = substring(newInclude, 16 ); - includes = add( includes, includeName, 1 ); - profile["include"] = includes; - profile_map[pathname] = profile; - Settings["PROFILE_MAP"] = profile_map; - list profilelist = generateTableContents( paths, - netdomain, - caps, - includes, - hats ); - UI::ChangeWidget( `id(`table), `Items, profilelist ); - } - } else if ( id == `net ) { - string newrule = networkEntryPopup( "" ); - if ( newrule != "" ) { - netdomain = addNetworkRule( netdomain, newrule ); - profile["allow","netdomain"] = netdomain; - profile_map[pathname] = profile; - Settings["PROFILE_MAP"] = profile_map; - list profilelist = generateTableContents( paths, - netdomain, - caps, - includes, - hats ); - UI::ChangeWidget( `id(`table), `Items, profilelist ); - } - } else if ( id == `abort || id == `cancel ) { - break; - } else if ( id == `back ) { - break; - } else if ( id == `next ) { - if ( ! hat ) { - if (Popup::YesNoHeadline(_("Save changes to the Profile"), - _("Would you like to save the changes to this profile? \n(Note: after saving the changes the AppArmor profiles will be reloaded.)"))) { - map argmap = $[ "PROFILE_HASH" : Settings["PROFILE_MAP"]:$[], - "PROFILE_NAME" : pathname - ]; - any result = SCR::Write(.subdomain_profiles, argmap); - any result2 = SCR::Write(.subdomain_profiles.reload, "-"); - } - } else { - if ( ! haskey(hats, Settings["CURRENT_HAT"]:"") ) { - profile["allow","path"] = paths; - profile["allow","capability"] = caps; - profile["include"] = includes; - profile_map[pathname] = profile; - Settings["PROFILE_MAP"] = profile_map; - } - return `next; - } - break; - } else { - y2error("Unexpected return code: %1", id); - continue; - } - } - return (symbol) id; -} - - - // - // Select a profile to edit and populate - // Settings["CURRENT_PROFILE"]: profile name - // Settings["PROFILE_MAP"]: map containing the profile - // -define symbol SelectProfileForm( map profiles, string formhelp, string formtitle, string iconname ) { - list profilelisting = []; - integer indx = 0; - foreach( string p, any ignore, (map) profiles, { - profilelisting = add( profilelisting, `item( `id(p), p)); - indx = indx+1; - }); - - term contents_select_profile_form = - `VBox( - `VSpacing(2), - `SelectionBox( `id(`profilelist), `opt(`notify), _("Profile Name"), profilelisting ), - `VSpacing(3) - ); - - // - // Create the Dialog Window and parse user input - // - Wizard::CreateDialog(); - Wizard::SetContents( formtitle, contents_select_profile_form, formhelp, false, true ); - Wizard::SetTitleIcon(iconname); - - map event = $[]; - any id = nil; - string profilename = ""; - while( true ) - { - event = UI::WaitForEvent( timeout_millisec ); - id = event["ID"]:nil; // We'll need this often - cache it - if ( id == `next || id == `profilelist ) { - profilename = tostring( UI::QueryWidget(`id(`profilelist), `CurrentItem) ); - if ( profilename != nil && profilename != "" ) { - break; - } else { - Popup::Error(_("You must select a profile to edit")); - continue; - } - } // TODO ELSE POPUP NO ENTRY SELECTED ERROR - if(id == `abort || id == `cancel) { - break; - } else if(id == `back) { - break; - } else { - y2error("Unexpected return code: %1", id); - continue; - } - } - if ( id == `next || id == `profilelist) { - Settings["CURRENT_PROFILE"] = profilename; - Settings["PROFILE_MAP"] = profiles[profilename]:nil; - id = `next; - } - UI::CloseDialog(); - return (symbol) id; - } - -} - --- a/src/include/subdomain/report_helptext.ycp +++ /dev/null @@ -1,158 +0,0 @@ -/* ------------------------------------------------------------------ -* -* Copyright (C) 2002-2005 Novell/SUSE -* -* This program is free software; you can redistribute it and/or -* modify it under the terms of version 2 of the GNU General Public -* License published by the Free Software Foundation. -* - ------------------------------------------------------------------*/ - -{ - -textdomain "yast2-apparmor"; - -string defs = _("Program Name Pattern:
When you enter a program name or pattern -that matches the name of the binary executable of the program of -interest, the report will display security events that have -occurred for a specific program.
") + - -_("Profile Name Pattern: When you enter the name of the profile, -the report will display the security events that are generated for -the specified profile. You can use this to see what is being confined -by a specific profile.
") + - -_("PID Number: Process ID number is a number that uniquely identifies -one specific process or running program (this number is valid only -during the lifetime of that process).
") + - -_("Severity Level: Select the lowest severity level for security -events that you would like to be included in the report. The selected -severity level, and above, will be included in the reports.
") + - -_("Detail: A source to which the profile has denied access. -This includes capabilities and files. You can use this field to -report the resources are not allowed to be accessed by profiles.
") + - -_("Mode: The Mode is the permission that the profile grants -to the program or process to which it is applied. The options are: -r (read) w (write) l (link) x (execute)
") + - -_("Access Type: The access type describes what is actually happening -with the security event. The options are: PERMITTING, REJECTING, -or AUDITING.
") + - -_("CSV or HTML: Enables you to export a CSV (comma separated -values) or html file. The CSV file separates pieces of data in -the log entries with commas using a standard data format for -importing into table-oriented applications. You can enter a -pathname for your exported report by typing in the full -pathname in the field provided.

"); - -string setArchHelp = _("

The Report Configuration dialog enables you to filter the archived -report selected in the previous screen. To filter by Date Range:") + - -_("

  1. Click Filter By Date Range. The fields become active.
    2. -
  2. Enter the start and end dates that delineate the scope of the report.
    3. -
  3. Enter other filtering parameters. See below for definitions of parameters.

") + - -_("The following definitions help you to enter the filtering parameters in the -Report Configuration Dialog:
") + defs; - - -string types = _("Executive Security Summary: A combined report, -consisting of one or more Security incident reports from -one or more machines. This report provides a single view of -security events on multiple machines.
") + - -_("Applications Audit Report: An auditing tool that -reports which application servers are running and whether -the applications are confined by AppArmor. Application -servers are applications that accept incoming network connections.
") + - -_("Security Incident Report: A report that displays application -security for a single host. It reports policy violations for locally -confined applications during a specific time period. You can edit and -customize this report, or add new versions.

"); - -string runHelp = _("

The AppArmor On-Demand Report screen displays -an instantly generated version of one of the following -reports:
") + types; - - -string filterCfHelp1 = setArchHelp; -/* START Help Section -************************************************************/ - -string repGenHelpText = _("

Generate Reports Help

If there were, in fact, -going to be any help for you (which, incidentally, there isn't going to be), -then you would indeed find said help, here.

Thank you for your time, -and have a nice day.

"); - - - -string schedHelpText = -_("

The summary of scheduled reports page shows us when reports are scheduled to run. -Reports can be set to run monthly, weekly, daily, or hourly. The default settings are -daily at midnight. The reports can also be emailed, upon completion, to up to three -email recipients.
") + - -_("In the Set Schedule section, you can schedule the following three types of security reports:
") + types; - -string archHelpText = _("

The View Archive Reports form enables you to view -previously generated reports, located in the /var/log/apparmor/reports-archived -directory. The checkboxes at the top of the form enable you to narrow-down -the category of reports shown in the list to the following: SIR Reports, AUD -Reports, or ESS Reports. To see report details, select a report and click the -View button.

You can view reports from one or more systems if -you move the reports to the /var/log/apparmor/reports-archived directory.

"); - -string mainHelp = schedHelpText; - - -list helpList = [ schedHelpText ]; - -term defaultHelp = `RichText ( schedHelpText ); -term schedHelp = `RichText ( schedHelpText ); -term repGenHelp = `RichText ( repGenHelpText ); -term archHelp = `RichText ( archHelpText ); -term otherHelp = `RichText ( archHelpText ); - -string repConfHelp = _("repConfHelp"); - -string sirHelp = _("

Security Incident Report (SIR): A report that displays security -events of interest to an administrator. The SIR reports policy violations -for locally confined applications during the specified time period. The SIR -reports policy exceptions and policy engine state changes. These two types -of security events are defined as follows:") + - -_("

  • Policy Exceptions: When an application requests a resource -that's not defined within its profile, a security event is generated.
    • -
  • Policy Engine State Changes: Enforces policy for applications and -maintains its own state, including when engines start or stop, when a policy -is reloaded, and when global security feature are enabled or disabled.
-Select the report from the archive, then View to see the report details.

"); - - -string audHelp = _("

Applications Audit Report (AUD): An auditing tool -that reports which application servers are running and whether they are confined -by AppArmor. Application servers are applications that accept incoming network -connections. This report provides the host machine's IP Address, the date the -Applications Audit Report ran, the name and path of the unconfined program or -application server, the suggested profile or a placeholder for a profile for an -unconfined program, the process ID number, The state of the program (confined or -unconfined), and the type of confinement that the profile is performing -(enforce/complain).

"); - -string essHelp = _("

Executive Security Summary (ESS): A combined report, -consisting of one or more high-level reports from one or more machines. This -report can provide a single view of security events on multiple machines if each -machine's data is copied to the reports archive directory, which is -/var/log/apparmor/reports-archived. This report provides the host -machine's IP address, the start and end dates of the polled events, total number -of rejects, total number of events, average of severity levels reported, and the -highest severity level reported. One line of the ESS report represents a range -of SIR reports.

"); - -} - --- a/src/include/subdomain/reporting_archived_dialogs.ycp +++ /dev/null @@ -1,307 +0,0 @@ -/* ------------------------------------------------------------------ -* -* Copyright (C) 2002-2005 Novell/SUSE -* -* This program is free software; you can redistribute it and/or -* modify it under the terms of version 2 of the GNU General Public -* License published by the Free Software Foundation. -* - ------------------------------------------------------------------*/ - -{ - -import "Wizard"; -import "Popup"; -import "Label"; -include "subdomain/report_helptext.ycp"; -include "subdomain/reporting_utils.ycp"; -textdomain "yast2-apparmor"; - -// Global -integer timeout_millisec = 20 * 1000; - -//define term turnReportPage (integer curPage) { -define term turnArchReportPage (integer curPage, integer lastPage) { - - map Settings = $[ ]; - list reportList = []; - - string currentPage = tostring( curPage ); - string slastPage = tostring( lastPage ); - Settings["page"] = currentPage; - Settings["turnArch"] = "1"; - Settings["turnPage"] = "1"; - - reportList = getReportList("sir",Settings); - - // poor i18n - string myLabel = _("Archived Security Incident Report - Page ") + currentPage + _(" of ") + slastPage; - - term odForm = - - `Frame( `id(`odframe), myLabel, - - `VBox( - `HBox( - `VSpacing(10), - makeSirTable(reportList), - `VSpacing(0.5) - ), - `HSpacing(`opt(`hstretch), 1.0), - `VSpacing(0.5), - `HBox( - `PushButton(`id(`first), _("F&irst") ), - `PushButton(`id(`prev), _("&Previous") ), - `PushButton(`id(`psort), _("&Sort") ), - `PushButton(`id(`fwd), _("&Forward") ), - `PushButton(`id(`last), _("&Last") ) - ), - `VSpacing(1) - )); - - return odForm; -} - -define term filterArchForm() { - - string expPath = "/var/log/apparmor/reports-exported"; - - term arForm = - - `Top(`VBox( - `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )), - `Frame( `id(`bydate_frame), _(" Select Date Range ") , - `VBox( - `Label( _("Enter Starting Date/Time") ), - `HBox( - `HSpacing( `opt(`hstretch), 1), - `IntField(`id(`startHours), _("Hours"), 0, 23, 0), - `IntField(`id(`startMins), _("Minutes"), 0, 59, 0), - `IntField(`id(`startDay), _("Day"), 1, 31, 1), - `IntField(`id(`startMonth), _("Month"), 1, 12, 1), - `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005) - ), - `VSpacing(1.0), - `Label( _("Enter Ending Date") ), - `HBox( - `HSpacing( `opt(`hstretch), 1), - `IntField(`id(`endHours), _("Hours"), 0, 23, 0), - `IntField(`id(`endMins), _("Minutes"), 0, 59, 0), - `IntField(`id(`endDay), _("Day"), 1, 31, 1), - `IntField(`id(`endMonth), _("Month"), 1, 12, 1), - `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005) - ), - `VSpacing(1.0) - )), - `VSpacing( 1.0 ), - `HBox( - `HWeight( 4, `TextEntry(`id(`prog), _("Program name") )), - `HWeight( 4, `TextEntry(`id(`prof), _("Profile name") )), - `HWeight( 3, `TextEntry(`id(`pid), _("PID number") )), - `HWeight( 2, - `ComboBox(`id(`sev), _("Severity"), [ - _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" - ]) ), - `HSpacing( `opt(`hstretch), 5) - ), - `HBox( - `HWeight( 3, `TextEntry(`id(`res), _("Detail") )), - `HWeight( 3, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))), - `HWeight( 3, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))), - `HSpacing( `opt(`hstretch), 5) - ), - `VSpacing( 0.5 ), - - `HBox( - `VSpacing(0.5), - `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [ - _("None"), _("csv"), _("html"), _("Both") - ]), - `TextEntry(`id(`expPath), _("Location to store log."), expPath ), - `Bottom( `VWeight( 1, `PushButton(`id(`accept), Label::AcceptButton()) )), - `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) - ) - )); - - return arForm; -} - -define map setArchFilter() { - - map Settings = $[]; - - term archForm = filterArchForm(); - Wizard::SetContentsButtons( _("Report Configuration Dialog"), archForm, - setArchHelp, Label::BackButton(), Label::NextButton() ); - - UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); - - string mode = "All"; - string sdmode = "R"; - - map event = $[]; - any id = nil; - - while ( true ) { - - event = UI::WaitForEvent( timeout_millisec ); - id = event["ID"]:nil; // We'll need this often - cache it - - if ( id == `bydate ) { - - UI::ChangeWidget(`id(`bydate_frame), `Enabled, true); - - } else if ( id == `next || id == `save ) { - - boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value); - - if ( bydate == true ) { - - integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value); - integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value); - integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value); - integer startHours = (integer) UI::QueryWidget(`id(`startHours), `Value); - integer startMins = (integer) UI::QueryWidget(`id(`startMins), `Value); - integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value); - integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value); - integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value); - integer endHours = (integer) UI::QueryWidget(`id(`endHours), `Value); - integer endMins = (integer) UI::QueryWidget(`id(`endMins), `Value); - - // start_day & start_month are mutually exclusive - if ( id == `startDay ) { - UI::ChangeWidget(`id(`startMonth), `Value, 0); - } else if ( id == `startMonth ) { - UI::ChangeWidget(`id(`startDay), `Value, 0); - } - - // start_day & start_month are mutually exclusive - if ( id == `endDay ) { - UI::ChangeWidget(`id(`endMonth), `Value, 0); - } else if ( id == `endMonth ) { - UI::ChangeWidget(`id(`endDay), `Value, 0); - } - - if ( CheckDate(startDay,startMonth,startYear) == false ) { - Popup::Error( _("Illegal start date entered. Please retry.") ); - continue; - } - - if ( CheckDate(endDay,endMonth,endYear) == false ) { - Popup::Error( _("Illegal end date entered. Please retry.") ); - continue; - } - //////////////////////////////////////////////////////////// - - string startday = tostring(startDay); - string startmonth = tostring(startMonth); - string startyear = tostring(startYear); - string starthours = tostring(startHours); - string startmins = tostring(startMins); - string endday = tostring(endDay); - string endmonth = tostring(endMonth); - string endyear = tostring(endYear); - string endhours = tostring(endHours); - string endmins = tostring(endMins); - - Settings["startday"] = startday; - Settings["startmonth"] = startmonth; - Settings["startyear"] = startyear; - Settings["endday"] = endday; - Settings["endmonth"] = endmonth; - Settings["endyear"] = endyear; - Settings["starttime"] = starthours + ":" + startmins; - Settings["endtime"] = endhours + ":" + endmins; - - } - - string expType = (string) UI::QueryWidget(`id(`exportType), `Value); - string expPath = (string) UI::QueryWidget(`id(`exportPath), `Value); - - if ( expType != "" && expType != "None" ) { - - if ( expType == "csv" ) { - Settings["exporttext"] = "true"; - } else if ( expType == "html" ) { - Settings["exporthtml"] = "true"; - } else if ( expType == "both" ) { - Settings["exporttext"] = "true"; - Settings["exporthtml"] = "true"; - } - } - - string program_name = (string) UI::QueryWidget(`id(`prog), `Value); - string profile = (string) UI::QueryWidget(`id(`prof), `Value); - string pid = (string) UI::QueryWidget(`id(`pid), `Value); - string sev = (string) UI::QueryWidget(`id(`sev), `Value); - string res = (string) UI::QueryWidget(`id(`res), `Value); - string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); - string mode = (string) UI::QueryWidget(`id(`mode), `Label); - string exppath = (string) UI::QueryWidget(`id(`expPath), `Value); - - if (sdmode == "-") { sdmode = "All"; } - if (mode == "-") { mode = "All"; } - - if ( program_name != "" ) { Settings["prog"] = program_name; } - if ( profile != "" ) { Settings["profile"] = profile; } - if ( pid != "" ) { Settings["pid"] = pid; } - if ( sev != "" && sev != "All" ) { Settings["severity"] = sev; } - if ( res != "" ) { Settings["resource"] = res; } - if ( sdmode != "" ) { Settings["sdmode"] = sdmode; } - if ( mode != "" ) { Settings["mode"] = mode; } - if ( exppath != "" ) { Settings["exportPath"] = exppath; } - - id = nil; - break; - - } else if ( id == `sdmode ) { - sdmode = popUpSdMode(); - Settings["sdmode"] = sdmode; - UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: ") + sdmode) ); - - } else if ( id == `mode ) { - mode = popUpMode(); - Settings["mode"] = mode; - UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: ") + mode) ); - - } else if ( id == `abort || id == `cancel || id == `done ) { - Settings["break"] = "abort"; - break; - } else if ( id == `close || id == `back) { - Settings["break"] = "back"; - break; - } - } - - return Settings; -} - -define term viewArchForm(string tab, string logFile, map Settings) { - - Settings["archRep"] = "1"; - Settings["logFile"] = logFile; - Settings["type"] = "archRep"; - - integer curPage = 1; - string currentPage = "1"; - Settings["currentPage"] = currentPage; - - integer isingle = Settings["single"]:1; - string single = "1"; - if ( isingle != nil ) { - single = tostring(isingle); - } - Settings["single"] = single; - - // mark - new - any junk = SCR::Read(.logparse,Settings); - - integer lastPage = getLastPage("sirRep",Settings,""); - term myPage = turnArchReportPage(curPage,lastPage); - - return myPage; -} - - -} - --- a/src/include/subdomain/reporting_dialogues.ycp +++ /dev/null @@ -1,2513 +0,0 @@ -/* ------------------------------------------------------------------ -* -* Copyright (C) 2002-2005 Novell/SUSE -* -* This program is free software; you can redistribute it and/or -* modify it under the terms of version 2 of the GNU General Public -* License published by the Free Software Foundation. -* - ------------------------------------------------------------------*/ -{ - -import "Wizard"; -import "Popup"; -import "Label"; -include "subdomain/reporting_utils.ycp"; -include "subdomain/report_helptext.ycp"; -include "subdomain/reporting_archived_dialogs.ycp"; -textdomain "yast2-apparmor"; - -// Globalz -//integer timeout_millisec = 20 * 1000; -map Settings = $[ ]; -string defExpPath = "/var/log/apparmor/reports-exported"; -string oldExpPath = "/var/log/apparmor/reports-exported"; -string expPath = oldExpPath; - -// This map is to pull the string to send back to the backend agent on save -map md_map= $[ - `md_00: _("All"), - `md_01: "1", `md_02: "2", `md_03: "3", - `md_04: "4", `md_05: "5", `md_06: "6", - `md_07: "7", `md_08: "8", `md_09: "9", - `md_10: "10", `md_11: "11", `md_12: "12", - `md_13: "13", `md_14: "14", `md_15: "15", - `md_16: "16", `md_17: "17", `md_18: "18", - `md_19: "19", `md_20: "20", `md_21: "21", - `md_22: "22", `md_23: "23", `md_24: "24", - `md_25: "25", `md_26: "26", `md_27: "27", - `md_28: "28", `md_29: "29", `md_30: "30", - `md_31: "31" ]; - -string modeToHumanString( string mode) { - return ( mode == "All") ? _("All") : mode; -} - -string humanStringToMode( string hs) { - return ( hs == _("All")) ? "All" : hs ; -} - -string typeToHumanString( string type ) { - string ret = ""; - - switch ( type ) - { - case "Security.Incident.Report": - ret = _("Security Incident Report"); - break; - case "Applications.Audit": - ret = _("Applications Audit Report"); - break; - case "Executive.Security.Summary": - ret = _("Executive Security Summary"); - break; - default: - ret = type; - break; - } - - return ret; -} - -string humanStringToType( string hs ) { - string ret = ""; - - if( hs == _("Security Incident Report")) - ret = "Security.Incident.Report"; - else if ( hs == _("Applications Audit Report")) - ret = "Applications.Audit"; - else if ( hs == _("Executive Security Summary")) - ret = "Executive.Security.Summary"; - else - ret = hs; - - return ret; -} - -// Grey out inappropriate paging buttons -define void setPageButtons(integer curPage, integer lastPage) { - - if (lastPage <= 1 ) { - UI::ChangeWidget(`id(`first), `Enabled, false); - UI::ChangeWidget(`id(`last), `Enabled, false); - UI::ChangeWidget(`id(`prev), `Enabled, false); - UI::ChangeWidget(`id(`fwd), `Enabled, false); - UI::ChangeWidget(`id(`goto), `Enabled, false); - - } else if (curPage <= 1 ) { - UI::ChangeWidget(`id(`first), `Enabled, false); - UI::ChangeWidget(`id(`prev), `Enabled, false); - } else if ( curPage >= lastPage ) { - UI::ChangeWidget(`id(`last), `Enabled, false); - UI::ChangeWidget(`id(`fwd), `Enabled, false); - } else { - UI::SetFocus(`id(`goto)); - } - - return; -} - -// return input from edit scheduled forms as map of strings -define map getSchedSettings( map Settings ) { - - string name = (string) UI::QueryWidget(`id(`name), `Value); - //integer iMonthdate = (integer) UI::QueryWidget(`id(`monthdate), `Value); - any md = (any) UI::QueryWidget(`id(`monthdate), `Value); - string monthdate = (string) md_map[md]:_("All"); - string weekday = (string) UI::QueryWidget(`id(`weekday), `Value); - any iHours = (any) UI::QueryWidget(`id(`hour), `Value); - any iMins = (any) UI::QueryWidget(`id(`mins), `Value); - string expType = (string) UI::QueryWidget(`id(`expType), `Value); - string email1 = (string) UI::QueryWidget(`id(`email1), `Value); - string email2 = (string) UI::QueryWidget(`id(`email2), `Value); - string email3 = (string) UI::QueryWidget(`id(`email3), `Value); - - //string monthdate = tostring( iMonthdate ); - string hour = tostring( iHours ); - string mins = tostring( iMins ); - - if ( weekday == _("All") ) { weekday = "-"; } - if ( monthdate == _("All") ) { monthdate = "-"; } - - // de-i18n - if ( weekday == _("Mon") ) { weekday = "Mon"; } - if ( weekday == _("Tue") ) { weekday = "Tue"; } - if ( weekday == _("Weds") ) { weekday = "Weds"; } - if ( weekday == _("Thu") ) { weekday = "Thu"; } - if ( weekday == _("Fri") ) { weekday = "Fri"; } - if ( weekday == _("Sat") ) { weekday = "Sat"; } - if ( weekday == _("Sun") ) { weekday = "Sun"; } - - Settings["getconf"] = ""; - Settings["setconf"] = "1"; - Settings["name"] = name; - Settings["monthdate"] = monthdate; - - Settings["weekday"] = weekday; - Settings["hour"] = hour; - Settings["mins"] = mins; - if ( expType == _("csv") || expType == _("Both") ) { - Settings["csv"] = "1"; - } else { - Settings["csv"] = "0"; - } - - if ( expType == _("html") || expType == _("Both") ) { - Settings["html"] = "1"; - } else { - Settings["html"] = "0"; - } - - Settings["email1"] = email1; - Settings["email2"] = email2; - Settings["email3"] = email3; - - return Settings; -} - -// Gets list of archived reports based on 'type' -define list getArrayList(string type, string repPath) { - - map Settings = $[ ]; - string readSched = "1"; - Settings["readSched"] = readSched; - Settings["type"] = type; - - if ( repPath != "" ) { - Settings["repPath"] = repPath; - } - - list itemList = []; - - integer key = 1; - - if ( type == "sirRep" || type == "essRep" || type == "audRep" ) { - list db = (list ) SCR::Read (.reports_parse, Settings); - - foreach ( map record, db, { - any strName = record["name"]:nil; - any strTime = record["time"]:nil; - string name = tostring(strName); - string mytime = tostring(strTime); - itemList = add( itemList, `item( `id(key), record["name"]:nil, record["time"]:nil )); - key = key + 1; - }); - - } else if (type == "schedRep") { - - Settings["getcron"] = "1"; - - list db = (list ) SCR::Read (.reports_sched, Settings); - - foreach ( map record, db, { - itemList = add( itemList, `item( `id(key), record["name"]:nil, record["hour"]:nil, record["mins"]:nil, - record["wday"]:nil, record["mday"]:nil )); - key = key + 1; - }); - - } else { - - Popup::Error( _("Unrecognized form request.") ); - - } - - return itemList; -} - - -// Filter form for editing scheduled reports -define term editFilterForm (map Settings) { - - /* debug */ - string prog = Settings["prog"]:""; - string prof = Settings["prof"]:""; - string pid = Settings["pid"]:""; - string res = Settings["res"]:""; - string sdmode = Settings["sdmode"]:"R"; - string mode = Settings["mode"]:"All"; - string sev = Settings["sev"]:"All"; - - term eForm = `VBox( - - `VSpacing( 0.5 ), - `HBox( - `HWeight( 5, `TextEntry(`id(`prog), _("Program name"), prog )), - `HWeight( 5, `TextEntry(`id(`prof), _("Profile name"), prof )), - `HSpacing( `opt(`hstretch), 1) - ), - `VSpacing( 0.5 ), - `HBox( - `HWeight( 5, `TextEntry(`id(`pid), _("PID number"), pid )), - `HWeight( 5, `TextEntry(`id(`res), _("Detail"), res )), - `HSpacing( `opt(`hstretch), 1) - ), - `VSpacing( 0.5 ), - `HBox( - `HWeight( 2, - `ComboBox(`id(`sev), _("Severity"), [ - _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" - ]) ), - `VBox( - `Label( _("Access Type: ") ), - `Bottom( `HWeight( 4, - `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode ))))) - ), - `VBox( - `Label( _("Mode: ") ), - `Bottom( `HWeight( 4, - `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode ))))) - ), - `HSpacing( `opt(`hstretch), 1) - ), - `VSpacing( 1 ), - `HBox( - `PushButton(`id(`cancel), Label::CancelButton() ), - `PushButton(`id(`save), Label::SaveButton() ) - ) - ); - - return eForm; -} - -term schedFilterForm = - - `VBox( - `VSpacing( 0.5 ), - `HBox( - `HWeight( 5, `TextEntry(`id(`prog), _("Program name") )), - `HWeight( 5, `TextEntry(`id(`prof), _("Profile name") )), - `HSpacing( `opt(`hstretch), 1) - ), - `VSpacing( 0.5 ), - `HBox( - `HWeight( 5, `TextEntry(`id(`pid), _("PID number") )), - `HWeight( 5, `TextEntry(`id(`res), _("Detail") ) ), - `HSpacing( `opt(`hstretch), 1) - ), - `VSpacing( 0.5 ), - `HBox( - `HWeight( 2, - `ComboBox(`id(`sev), _("Severity"), [ - _("All"), "U", "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" - ]) ), - - `VBox( - `Label( _("Access Type: ") ), - `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), "R" )) - ), - `VBox( - `Label( _("Mode: ") ), - `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("All") )) - ), - - //`HWeight( 4, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))), - //`HWeight( 4, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))), - `HSpacing( `opt(`hstretch), 1) - ), - `VSpacing( 1 ), - `HBox( - `PushButton(`id(`cancel), Label::CancelButton() ), - `PushButton(`id(`save), Label::SaveButton() ) - ) - ); - -term filterForm = - - `VBox( - `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )), - `Frame( `id(`bydate_frame), _(" Select Date Range "), - `VBox( - `Label( _("Enter Starting Date/Time") ), - `HBox( - `HSpacing( `opt(`hstretch), 1), - `IntField(`id(`startHours), _("Hours"), 00, 23, 00), - `IntField(`id(`startMins), _("Minutes"), 00, 59, 00), - `IntField(`id(`startDay), _("Day"), 01, 31, 01), - `IntField(`id(`startMonth), _("Month"), 01, 12, 01), - `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005) - ), - `VSpacing(1.0), - `Label( _("Enter Ending Date") ), - `HBox( - `HSpacing( `opt(`hstretch), 1), - `IntField(`id(`endHours), _("Hours"), 0, 23, 0), - `IntField(`id(`endMins), _("Minutes"), 0, 59, 0), - `IntField(`id(`endDay), _("Day"), 1, 31, 1), - `IntField(`id(`endMonth), _("Month"), 1, 12, 1), - `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005) - ) - ), - `VSpacing(1.0), - `HBox( - `HWeight( 4, `TextEntry(`id(`prog), _("Program name")) ), - `HWeight( 4, `TextEntry(`id(`prof), _("Profile name")) ), - `HWeight( 3, `TextEntry(`id(`pid), _("PID number")) ), - `HWeight( 2, - `ComboBox(`id(`sev), _("Severity"), [ - _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" - ]) ), - `HSpacing( `opt(`hstretch), 5) - ), - `HBox( - `HWeight( 3, `TextEntry(`id(`res), _("Detail") ) ), - - `VBox( - `Label( _("Access Type: ") ), - `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), "R" )) - ), - `VBox( - `Label( _("Mode: ") ), - `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("All") )) - ), - - - //`HWeight( 3, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))), - //`HWeight( 3, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))), - `HSpacing( `opt(`hstretch), 5) - ), - `VSpacing( 0.5 ), - - `HBox( - `VSpacing(0.5), - // DWR MOD `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [ - `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [ - _("None"), _("csv"), _("html"), _("Both") - ]), - `TextEntry(`id(`expPath), _("Location to store log."), expPath ), - `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) - ) - - )); - -// filter-defining form -define term filterForm2(string name, map preFilters) { - - any aprog = preFilters["prog"]:nil; - any aprof = preFilters["profile"]:nil; - any apid = preFilters["pid"]:nil; - any ares = preFilters["resource"]:nil; - any amode = preFilters["mode"]:"All"; - any asdmode = preFilters["sdmode"]:"All"; - - string prog = ""; - string prof = ""; - string pid = ""; - string res = ""; - string mode = ""; - string sdmode = ""; - - if ( aprog != nil ) { prog = tostring(aprog); } - if ( aprof != nil ) { prof = tostring(aprof); } - if ( apid != nil ) { pid = tostring(apid); } - if ( ares != nil ) { res = tostring(ares); } - if ( amode != nil ) { mode = tostring(amode); } - if ( asdmode != nil ) { sdmode = tostring(asdmode); } - if (sdmode == "-") { sdmode = "All"; } - if (mode == "-") { mode = "All"; } - - term ff2 = - `Top(`VBox( - `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )), - `Frame( `id(`bydate_frame), _(" Select Date Range "), - `VBox( - `Label( _("Enter Starting Date/Time") ), - `HBox( - `HSpacing( `opt(`hstretch), 1), - `IntField(`id(`startHours), _("Hours"), 0, 23, 0), - `IntField(`id(`startMins), _("Minutes"), 0, 59, 0), - `IntField(`id(`startDay), _("Day"), 1, 31, 1), - `IntField(`id(`startMonth), _("Month"), 1, 12, 1), - `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005) - ), - `VSpacing(1.0), - `Label( _("Enter Ending Date") ), - `HBox( - `HSpacing( `opt(`hstretch), 1), - `IntField(`id(`endHours), _("Hours"), 0, 23, 0), - `IntField(`id(`endMins), _("Minutes"), 0, 59, 0), - `IntField(`id(`endDay), _("Day"), 1, 31, 1), - `IntField(`id(`endMonth), _("Month"), 1, 12, 1), - `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005) - ), - `VSpacing(1.0) - )), - `VSpacing( 1.0 ), - `HBox( - `HWeight( 4, `TextEntry(`id(`prog), _("Program name"), prog) ), - `HWeight( 4, `TextEntry(`id(`prof), _("Profile name"), prof) ), - `HWeight( 3, `TextEntry(`id(`pid), _("PID number"), pid) ), - `HWeight( 2, - `ComboBox(`id(`sev), _("Severity"), [ - _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10" - ]) ), - `HSpacing( `opt(`hstretch), 5) - ), - `HBox( - `VSpacing(0.5), - `TextEntry(`id(`res), _("Detail"), res), - `VBox( - `Label( _("Access Type: ") ), - `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode ))) - ), - `VBox( - `Label( _("Mode: ") ), - `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode ))) - ) - ), - `VSpacing( 0.5 ), - - `HBox( - `VSpacing(0.5), - `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [ - _("None"), _("csv"), _("html"), _("Both") - ]), - `TextEntry(`id(`expPath), _("Location to store log."), expPath ), - `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) - ) - )); - - return ff2; - -} - -// Gets data for next or previous page of current report -define term turnReportPage (string name, integer curPage, string slastPage, map Settings) { - - //map Settings = $[ ]; - 07-07 - list reportList = []; - - string currentPage = tostring( curPage ); - Settings["name"] = name; - Settings["page"] = currentPage; - Settings["turnPage"] = "1"; - - reportList = getReportList("sir", Settings); - - // New map is a list, not a hash - - /* Old aa-eventd - list db = (list ) SCR::Read (.logparse, Settings); - integer key = 1; - foreach ( map record, db, { - reportList = add( reportList, `item( `id(key), record["host"]:nil, - record["date"]:nil, record["prog"]:nil, record["profile"]:nil, - record["pid"]:nil, record["severity"]:nil, record["mode"]:nil, - record["resource"]:nil, record["sdmode"]:nil )); - key = key + 1; - }); - */ - - string myLabel = _("On Demand Event Report - Page ") + currentPage + _(" of ") + slastPage; - - term odForm = - - `Frame( `id(`odpage), myLabel, - - `VBox( - //`Label("AppArmor Event Report Data " + currentPage ), - //`Label(myLabel), - - `HBox( - `VSpacing(10), - // New aa-eventd - makeSirTable(reportList), - /* Old aa-eventd - `Table(`id(`table), `opt(`keepSorting, `immediate ), `header( _("Host"), _("Date"), _("Program"), - _("Profile"), _("PID"), _("Severity"), _("Mode"), _("Detail"), _("Access Type") ), reportList), - */ - - `VSpacing(0.5) - ), - `HSpacing(`opt(`hstretch), 1.0), - `VSpacing(0.5), - `HBox( - `PushButton(`id(`first), _("F&irst Page") ), - `PushButton(`id(`prev), _("&Previous") ), - `PushButton(`id(`psort), _("&Sort") ), - `PushButton(`id(`fwd), _("&Forward") ), - `PushButton(`id(`last), _("&Last Page") ), - `PushButton(`id(`goto), _("&Go to Page") ) - ), - `VSpacing(1) - )); - - return odForm; -} - -define symbol reportConfigForm() { - - term contents_report_config_form = - `VBox( - `VSpacing( 1 ), - `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )), - `Frame( `id(`bydate_frame), _(" Select Date Range ") , - `VBox( - `Label( _("Enter Starting Date/Time") ), - `HBox( - `HSpacing( `opt(`hstretch), 1), - `HWeight( 1, `TextEntry(`id(`start_time), _("Time") )), - `HSpacing( `opt(`hstretch), 1), - `HWeight( 1, `TextEntry(`id(`start_day), _("Day") )), - `HSpacing( `opt(`hstretch), 1), - `HWeight( 1, `TextEntry(`id(`start_month), _("Month") )), - `HSpacing( `opt(`hstretch), 1), - `HWeight( 1, `TextEntry(`id(`start_year), _("Year") )), - `HSpacing( `opt(`hstretch), 1) - ), - `VSpacing( 1.0 ), - `Label( _("Enter Ending Date") ), - `HBox( - `HSpacing( `opt(`hstretch), 1), - `HWeight( 1, `TextEntry(`id(`end_time), _("Time") )), - `HSpacing( `opt(`hstretch), 1), - `HWeight( 1, `TextEntry(`id(`end_day), _("Day") )), - `HSpacing( `opt(`hstretch), 1), - `HWeight( 1, `TextEntry(`id(`end_month), _("Month") )), - `HSpacing( `opt(`hstretch), 1), - `HWeight( 1, `TextEntry(`id(`end_year), _("Year") )), - `HSpacing( `opt(`hstretch), 1), - `VSpacing( `opt(`vstretch), 2) - ) - )), - `VSpacing( 0.5 ), - `Left(`CheckBox( `id(`byprog), `opt(`notify), _("Filter By Program Name") )), - `HBox(`id(`pbox), - `Left(`TextEntry(`id(`prog), _("Program name") )), - `HSpacing( `opt(`hstretch), 45) - ), - `VSpacing( 0.5 ), - `Left(`CheckBox( `id(`expLog), `opt(`notify), _("Export Report") )), - `HBox(`id(`ebox), - `Left(`TextEntry(`id(`exportName), _("Export File Location") )), - `Label( _("Select Export Format") ), - `Left(`CheckBox(`id(`exportText), _("CSV"), false)), - `Left(`CheckBox(`id(`exportHtml), _("HTML"), true)) - ) - ); - Wizard::SetContentsButtons( _("Report Configuration Dialog"), contents_report_config_form, repConfHelp, Label::BackButton(), Label::NextButton() ); - - Settings = $[ ]; - map event = $[]; - any id = nil; - UI::ChangeWidget(`id(`pbox), `Enabled, false); - UI::ChangeWidget(`id(`ebox), `Enabled, false); - UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); - UI::ChangeWidget(`id(`exportName), `Value, "/tmp/export.log"); - - while( true ) { - event = UI::WaitForEvent( timeout_millisec ); - id = event["ID"]:nil; // We'll need this often - cache it - - integer start_day = (integer) UI::QueryWidget(`id(`start_day), `Value); - integer start_month = (integer) UI::QueryWidget(`id(`start_month), `Value); - integer start_year = (integer) UI::QueryWidget(`id(`start_year), `Value); - integer end_day = (integer) UI::QueryWidget(`id(`end_day), `Value); - integer end_month = (integer) UI::QueryWidget(`id(`end_month), `Value); - integer end_year = (integer) UI::QueryWidget(`id(`end_year), `Value); - - if ( id == `byprog ) { - boolean val = (boolean) UI::QueryWidget(`id(`byprog), `Value); - if ( val == true ) { - UI::ChangeWidget(`id(`pbox), `Enabled, true); - UI::ChangeWidget(`id(`allevents), `Value, false); - } else { - UI::ChangeWidget(`id(`pbox), `Enabled, false); - } - } else if ( id == `bydate ) { - boolean val = (boolean) UI::QueryWidget(`id(`bydate), `Value); - if ( val == true ) { - UI::ChangeWidget(`id(`bydate_frame), `Enabled, true); - UI::ChangeWidget(`id(`allevents), `Value, false); - } else { - UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); - } - } else if ( id == `expLog ) { - boolean val = (boolean) UI::QueryWidget(`id(`expLog), `Value); - if ( val == true ) { - UI::ChangeWidget(`id(`ebox), `Enabled, true); - //UI::ChangeWidget(`id(`allevents), `Value, false); - } else { - UI::ChangeWidget(`id(`ebox), `Enabled, false); - } - } else if ( id == `next ) { - - // Setup the data structures. - boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value); - boolean byprog = (boolean) UI::QueryWidget(`id(`byprog), `Value); - boolean allevents = (boolean) UI::QueryWidget(`id(`allevents), `Value); - boolean expLog = (boolean) UI::QueryWidget(`id(`expLog), `Value); - - if ( expLog ) { - string exportName = (string) UI::QueryWidget(`id(`exportName), `Value); - any expText = (boolean) UI::QueryWidget(`id(`exportText), `Value); - any expHtml = (boolean) UI::QueryWidget(`id(`exportHtml), `Value); - string exportText = tostring( expText ); - string exportHtml = tostring( expHtml ); - Settings["exportname"] = exportName; - Settings["exporttext"] = exportText; - Settings["exporthtml"] = exportHtml; - } - - if ( byprog ) { - string program_name = (string) UI::QueryWidget(`id(`prog), `Value); - Settings["prog"] = program_name; - } - - if ( bydate ) { - - integer start_hour = (integer) UI::QueryWidget(`id(`startHour), `Value); - integer start_min = (integer) UI::QueryWidget(`id(`startMin), `Value); - integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value); - integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value); - integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value); - integer end_hour = (integer) UI::QueryWidget(`id(`endHour), `Value); - integer end_min = (integer) UI::QueryWidget(`id(`endMin), `Value); - integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value); - integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value); - integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value); - string start_time = tostring(start_hour) + ":" + tostring(start_min); - string end_time = tostring(end_hour) + ":" + tostring(end_min); - - if ( CheckDate(startDay,startMonth,startYear) == false ) { - Popup::Error( _("Illegal start date entered. Please retry.") ); - continue; - } - - if ( CheckDate(endDay,endMonth,endYear) == false ) { - Popup::Error( _("Illegal end date entered. Please retry.") ); - continue; - } - - Settings["startday"] = tostring(startDay); - Settings["startmonth"] = tostring(startMonth); - Settings["startyear"] = tostring(startYear); - Settings["endday"] = tostring(endDay); - Settings["endmonth"] = tostring(endMonth); - Settings["endyear"] = tostring(endYear); - Settings["starttime"] = start_time; - Settings["endtime"] = end_time; - } - - } else if ( id == `abort || id == `back || id == `done ) { - Popup::Message( _("Abort or Back") ); - break; - } - - //break; - } - return (symbol) id; -} - -// Main Report Form -define symbol mainArchivedReportForm() { - - map reportdata = nil; - reportdata = (map) SCR::Read (.logparse, Settings ); - list reportlist = []; - - foreach( integer key, map repdata, (map) reportdata, { - reportlist = add( reportlist, `item( `id(key), repdata["date"]:nil, repdata["prof"]:nil, repdata["pid"]:nil, repdata["mesg"]:nil)); - }); - - string help1 = _("AppArmor Security Events

- This table displays the events found that match your search criteria."); - - - // DBG y2milestone("in MainReportForm"); - term contents_main_prof_form = - `VBox( - `Label( _("AppArmor Event Report Data") ), - `HBox( - `VSpacing(10), - `Table(`id(`table), `opt(`notify, `immediate ), `header(_("Date"), - _("Profile"), _("PID"), _("AppArmor Message") ), reportlist), - `VSpacing(0.5) - ) - ); - Wizard::SetContentsButtons( _("AppArmor Security Event Report"), - contents_main_prof_form, help1, Label::BackButton(), _("&Done") ); - - - map event = $[]; - any id = nil; - while( true ) { - - event = UI::WaitForEvent( timeout_millisec ); - id = event["ID"]:nil; // We'll need this often - cache it - - if ( id == `table ) { - - if ( event["EventReason"]:nil == "Activated" ) { - // Widget activated in the table - integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); - } - - } else if ( id == `abort || id == `cancel || id == `done ) { - break; - } else if ( id == `back || id == `next ) { - break; - } else { - y2error("Unexpected return code: %1", id); - continue; - } - } - return (symbol) id; -} - -// This is the first and base reporting form -define symbol mainReportForm() { - - term mainForm = - - `VBox( - `Label( _("AppArmor Reporting") ), - `VSpacing(2), - `VBox( - `Left(`CheckBox( `id(`schedrep), `opt(`notify), _("Schedule Reports"), true )), - `Left(`CheckBox( `id(`viewrep), `opt(`notify), _("View Archived Reports") )), - `Left(`CheckBox( `id(`runrep), `opt(`notify), _("Run Reports") )) - ), - `VSpacing(0.5) - ); - - Wizard::SetContentsButtons( _("AppArmor Security Event Report"), mainForm, mainHelp, Label::BackButton(), Label::NextButton() ); - - map event = $[]; - any id = nil; - while( true ) { - - event = UI::WaitForEvent( timeout_millisec ); - id = event["ID"]:nil; // We'll need this often - cache it - - if ( id == `schedrep ) { - UI::ChangeWidget(`id(`viewrep), `Value, false); - UI::ChangeWidget(`id(`runrep), `Value, false); - } else if ( id == `viewrep ) { - UI::ChangeWidget(`id(`schedrep), `Value, false); - UI::ChangeWidget(`id(`runrep), `Value, false); - } else if ( id == `runrep ) { - UI::ChangeWidget(`id(`schedrep), `Value, false); - UI::ChangeWidget(`id(`viewrep), `Value, false); - } else if ( id == `abort || id == `cancel || id == `done ) { - break; - } else if ( id == `back ) { - break; - } else if ( id == `next ) { - - if ( UI::QueryWidget(`id(`schedrep), `Value) == true ) { - id = `schedrep; - } else if ( UI::QueryWidget(`id(`viewrep), `Value) == true ) { - id = `viewrep; - } else if ( UI::QueryWidget(`id(`runrep), `Value) == true ) { - id = `runrep; - } - - break; - - } else { - y2error("Unexpected return code: %1", id); - continue; - } - } - - return (symbol) id; -} - -// Form used to select the type of archived report to list -define term viewForm(map archType, list itemList, string repPath) { - - boolean sirRep = archType["sirRep"]:false; - boolean audRep = archType["audRep"]:false; - boolean essRep = archType["essRep"]:false; - - if ( repPath == "" || repPath == nil ) { - repPath = "/var/log/apparmor/reports-archived/"; - } - - if ( audRep == false && essRep == false ) { - sirRep = true; - } - - term vForm = - `ReplacePoint(`id(`viewform), `VBox( - `Label( _("View Archived Reports") ), - `HSpacing(60), // make the table and thus the dialog wide enough - `VSpacing(1), - `HBox( - `Frame( `id(`radioSelect), _("Choose a Report Type"), - `RadioButtonGroup(`id(`chooseRep), `HBox( - `HStretch(), - `RadioButton(`id(`sirRep), `opt(`notify, `immediate), _("SIR"), sirRep), - `HSpacing(1), - `RadioButton(`id(`audRep), `opt(`notify, `immediate), _("App Aud"), audRep), - `HSpacing(1), - `RadioButton(`id(`essRep), `opt(`notify, `immediate), _("ESS"), essRep), - `HSpacing(1), - `HStretch() - ))) - ), - `VSpacing(1), - `Frame( `id(`repFrame), _("Location of Archived Reports"), - `HBox( - `Left(`Label(repPath)), - `HSpacing(1), - `Left(`PushButton(`id(`browse), _("&Browse"))), - `HStretch() - ) - ), - `VSpacing(0.5), - `VWeight( 10, `HBox( - `VSpacing(1), - `Table(`id(`table), `opt(`notify, `immediate), `header(_("Report"), - _("Date") ), itemList ) ) - ), - `VSpacing(1), - `HBox( - `VSpacing(1), - `PushButton(`id(`view), _("&View") ), - `PushButton(`id(`viewall), _("View &All") ) - ) - )); - - return vForm; -} - -define map filterConfigForm(string name) { - - // Cheating way to set filters - map opts = $[]; - opts["getSirFilters"] = "1"; - opts["name"] = name; - opts["gui"] = "1"; - map preFilters = $[]; - preFilters = (map) SCR::Read( .logparse, opts ); - - any asev = preFilters["severity"]:nil; - string sev = ""; - if ( asev != nil ) { sev = tostring(asev); } - if ( sev == "-" ) { sev = _("All"); } - - Wizard::SetContentsButtons( _("Report Configuration Dialog"), - filterForm2(name,preFilters), filterCfHelp1, Label::BackButton(), Label::NextButton() ); - - if ( sev != "" && sev != _("All") ) { - if ( sev != "U" ) { - integer isev = tointeger(sev); - if ( isev < 10 ) { - sev = "0" + sev; - } - } - - UI::ChangeWidget(`id(`sev), `Value, sev); - } - - string mode = "All"; - string sdmode = "R"; - - Settings = $[ ]; - map event = $[]; - any id = nil; - UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); - - while( true ) { - - event = UI::WaitForEvent( timeout_millisec ); - id = event["ID"]:nil; - - if ( id == `bydate ) { - - boolean val = (boolean) UI::QueryWidget(`id(`bydate), `Value); - if ( val == true ) { - UI::ChangeWidget(`id(`bydate_frame), `Enabled, true); - } else { - UI::ChangeWidget(`id(`bydate_frame), `Enabled, false); - } - - } else if ( id == `abort || id == `done || id == `cancel) { - Settings["break"] = "abort"; - break; - - } else if ( id == `back ) { - Settings["break"] = "back"; - break; - - } else if ( id == `sdmode ) { - - sdmode = popUpSdMode(); - - if ( sdmode != "" ) { - Settings["sdmode"] = sdmode; - UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) ) ); - } - - } else if ( id == `mode ) { - - mode = popUpMode(); - - if ( mode != "" ) { - Settings["mode"] = mode; - UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode ))); - } - - } else if ( id == `browse ) { - - string selectFile = ""; - selectFile = UI::AskForExistingDirectory( "/", _("Select Directory")); - - if ( selectFile != nil ) { - UI::ChangeWidget(`id(`expPath), `Value, selectFile); - } - - Settings["expPath"] = expPath; - - } else if ( id == `save || id == `next) { - - // Setup the data structures. - boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value); - boolean expText = false; - boolean expHtml = false; - - if ( UI::QueryWidget(`id(`expLog), `Enabled) == true ) { - expText = (boolean) UI::QueryWidget(`id(`exportText), `Value); - expHtml = (boolean) UI::QueryWidget(`id(`exportHtml), `Value); - } - - if ( expText == true ) { - Settings["exporttext"] = "true"; - } - if ( expHtml == true ) { - Settings["exporthtml"] = "true"; - } - - string program_name = (string) UI::QueryWidget(`id(`prog), `Value); - string profile = (string) UI::QueryWidget(`id(`prof), `Value); - string pid = (string) UI::QueryWidget(`id(`pid), `Value); - string sev = (string) UI::QueryWidget(`id(`sev), `Value); - string res = (string) UI::QueryWidget(`id(`res), `Value); - string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); - string mode = (string) UI::QueryWidget(`id(`mode), `Label); - string exppath = (string) UI::QueryWidget(`id(`expPath), `Value); - - // de-i18n - if ( sev == _("All") ) { sev = "All"; } - if ( sev == _("U") ) { sev = "U"; } - - if (exppath != "" ) { Settings["exportPath"] = expPath; } - if ( program_name != "" ) { Settings["prog"] = program_name; } - if ( profile != "" ) { Settings["profile"] = profile; } - if ( pid != "" ) { Settings["pid"] = pid; } - if ( sev != "" && sev != "All" ) { Settings["severity"] = sev; } - if ( res != "" ) { Settings["resource"] = res; } - if ( sdmode != "" ) { Settings["sdmode"] = humanStringToMode( sdmode); } - if ( mode != "" ) { Settings["mode"] = humanStringToMode( mode ); } - - if ( bydate == true ) { - - integer start_hour = (integer) UI::QueryWidget(`id(`startHour), `Value); - integer start_min = (integer) UI::QueryWidget(`id(`startMin), `Value); - integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value); - integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value); - integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value); - integer end_hour = (integer) UI::QueryWidget(`id(`endHour), `Value); - integer end_min = (integer) UI::QueryWidget(`id(`endMin), `Value); - integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value); - integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value); - integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value); - - string start_time = tostring(start_hour) + ":" + tostring(start_min); - string end_time = tostring(end_hour) + ":" + tostring(end_min); - - if ( CheckDate(startDay,startMonth,startYear) == false ) { - Popup::Error( _("Illegal start date entered. Please retry.") ); - continue; - } - - if ( CheckDate(endDay,endMonth,endYear) == false ) { - Popup::Error( _("Illegal end date entered. Please retry.") ); - continue; - } - - string start_day = tostring(startDay); - string start_month = tostring(startMonth); - string start_year = tostring(startYear); - string end_day = tostring(endDay); - string end_month = tostring(endMonth); - string end_year = tostring(endYear); - - Settings["startday"] = tostring(start_day); - Settings["startmonth"] = tostring(start_month); - Settings["startyear"] = tostring(start_year); - Settings["endday"] = tostring(end_day); - Settings["endmonth"] = tostring(end_month); - Settings["endyear"] = tostring(end_year); - Settings["starttime"] = start_time; - Settings["endtime"] = end_time; - - } - - string expType = (string) UI::QueryWidget(`id(`expType), `Value); - string expPath = (string) UI::QueryWidget(`id(`expPath), `Value); - - if ( expType == _("csv") ) { - Settings["exporttext"] = "1"; - } else if ( expType == _("html") ) { - Settings["exporthtml"] = "1"; - } else if ( expType == _("Both") ) { - Settings["exporttext"] = "1"; - Settings["exporthtml"] = "1"; - } - - Settings["exportPath"] = expPath; - - break; - } - } - - return Settings; -} - -define term displayEmptyRep(string type) { - - string myLabel = ""; - string myInfo = ""; - - if ( type == "noDb" ) { - myLabel = _("Events DB Not Initialized."); - myInfo = _("The events database has not been populated. No records exist."); - } else if ( type == "noList" ) { - myLabel = _("Query Returned Empty List."); - myInfo = _("The events database has no records that match the search query."); - } - - term newPage = - - `Frame( `id(`newpage), myLabel, - - `VBox( - //`Label(myLabel), - `HBox( - `VSpacing(10), - `Label( myInfo ), - `VSpacing(0.5) - ), - `HSpacing(`opt(`hstretch), 1.0), - `VSpacing(1) - )); - - - return newPage; -} - -define term displayRep(string type, integer curPage, string slastPage, list reportList ) { - - string myLabel = ""; - string currentPage = tostring(curPage); - term myTable = nil; - - if (type == "onDemand" || type == "sir") { - // Very poor i18n here - myLabel = _("On Demand Event Report - Page ") + currentPage + _(" of ") + slastPage; - myTable = makeSirTable(reportList); - - } else if (type == "archRep") { - - myLabel = _("Archived Event Report - Page ") + currentPage + _(" of ") + slastPage; - myTable = makeSirTable(reportList); - - } else if (type == "aud" || type == "audRep" ) { - - myLabel = _("Applications Audit Report"); - myTable = `Table(`id(`table), `opt(`notify, `immediate ), - `header(_("Host"), _("Date"), _("Program"), - _("Profile"), _("PID"), _("State"), _("Type") ), reportList); - - } else if (type == "ess" || type == "essRep" ) { - if (reportList == nil) { - myLabel = _("Executive Security Summary"); - myTable = `Table(`id(`table), `opt(`notify), - `header(_("Query Results")), _("No event information exists.")); - - } else { - myLabel = _("Executive Security Summary"); - myTable = `Table(`id(`table), `opt(`notify, `immediate ), - `header(_("Host"), _("Start Date"),_("End Date"), _("Num Rejects"), - _("Num Events"), _("Ave. Sev"), _("High Sev") ), reportList); - } - } - - term newPage = - - `Frame( `id(`newpage), myLabel, - - `VBox( - `HBox( - `VSpacing(10), - myTable, - `VSpacing(0.5) - ), - `HSpacing(`opt(`hstretch), 1.0), - `VSpacing(0.5), - `HBox( - `PushButton(`id(`first), _("F&irst Page") ), - `PushButton(`id(`prev), _("&Previous") ), - `PushButton(`id(`psort), _("&Sort") ), - `PushButton(`id(`fwd), _("&Forward") ), - `PushButton(`id(`last), _("&Last Page") ), - `PushButton(`id(`goto), _("&Go to Page") ) - ), - `VSpacing(1) - )); - - return newPage; -} - - -// View Archived Reports -define symbol displayArchForm() { - - map archType = $[ ]; - archType["sirRep"] = true; - archType["audRep"] = false; - archType["essRep"] = false; - - map Settings = $[ ]; - string readSched = "1"; - Settings["getcron"] = "0"; - Settings["readSched"] = "1"; - Settings["type"] = "sirRep"; - string type = Settings["type"]:nil; - - list itemList = []; - itemList = getArrayList(type,""); - - Wizard::SetContentsButtons( _("AppArmor Security Event Report"), - viewForm(archType, itemList, ""), archHelpText, Label::BackButton(), _("&Done") ); - - map event = $[]; - any archId = nil; - - string repPath = ""; - integer lastPage = 1; - integer curPage = 1; - - string formHelp = runHelp; - - - while( true ) { - - event = UI::WaitForEvent( ); - - archId = event["ID"]:nil; // We'll need this often - cache it - - if (archId == `back || archId == `abort || archId == `done) { - break; - } else if ( archId == `close || archId == `cancel || archId == `next) { - break; - - } else if ( archId == `repPath ) { - - repPath = (string) UI::QueryWidget(`id(`repPath), `Value); - Settings["repPath"] = repPath; - itemList = getArrayList(type,repPath); - Wizard::SetContentsButtons( _("AppArmor Security Event Report"), - viewForm(archType, itemList, repPath), archHelpText, Label::BackButton(), _("&Done") ); - - } else if ( archId == `browse ) { - - string selectFile = ""; - selectFile = UI::AskForExistingDirectory( "/", _("Select Directory")); - - if ( selectFile != nil ) { - UI::ChangeWidget(`id(`repPath), `Value, selectFile); - // set new reppath - repPath = selectFile; - Settings["repPath"] = repPath; - itemList = getArrayList(type,repPath); - Wizard::SetContentsButtons( _("AppArmor Security Event Report"), - viewForm(archType, itemList, repPath), archHelpText, Label::BackButton(), - _("&Done") ); - } - - - } else if ( archId == `sirRep ) { - formHelp = sirHelp; - archType["sirRep"] = true; - archType["audRep"] = false; - archType["essRep"] = false; - Settings["type"] = "sirRep"; - type = Settings["type"]:nil; - - itemList = getArrayList(type,repPath); - - Wizard::SetContentsButtons( _("View Archived SIR Report"), - viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done")); - - } else if ( archId == `audRep ) { - formHelp = audHelp; - archType["sirRep"] = false; - archType["audRep"] = true; - archType["essRep"] = false; - Settings["type"] = "audRep"; - type = Settings["type"]:nil; - - itemList= getArrayList(type,""); - Wizard::SetContentsButtons( _("View Archived AUD Report"), - viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done")); - - } else if ( archId == `essRep ) { - formHelp = essHelp; - archType["sirRep"] = false; - archType["audRep"] = false; - archType["essRep"] = true; - Settings["type"] = "essRep"; - type = Settings["type"]:nil; - - itemList= getArrayList(type,""); - Wizard::SetContentsButtons( _("View Archived ESS Report"), - viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done")); - - - } else if ( archId == `view || archId == `viewall || archId == `table) { - - if ( archId == `viewall ) { - Settings["single"] = "0"; - } else { - Settings["single"] = "1"; - } - - integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); - string logFile = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); - string logPath = (string) UI::QueryWidget(`id(`repPath), `Value); - list splitPath = splitstring (logPath, "/"); - string checkPath = splitPath[size(splitPath)-1]:""; - - string longLogName = ""; - - - // Cat strings & check for trailing "/" in path - if ( logPath != "" ) { - if ( checkPath != "" ) { - longLogName = logPath + "/" + logFile; - } else { - longLogName = logPath + logFile; - } - } - - if ( type == "sirRep" ) { - - formHelp = sirHelp; - map sirSettings = nil; - sirSettings = setArchFilter(); - if ( archId == `viewall ) { sirSettings["single"] = 0; } - - // Force an exit if appropriate - any breakCheck = sirSettings["break"]:nil; - - if ( breakCheck == "abort" ) { - symbol myBreak = `abort; - return myBreak; - - } else if ( breakCheck == "back" ) { - symbol myBreak = `back; - return myBreak; - } - - if ( repPath != "" ) { - sirSettings["repPath"] = repPath; - } - - Wizard::SetContentsButtons( _("Security Incident Report"), - viewArchForm(type,logFile,sirSettings), sirHelp, Label::BackButton(), _("&Done")); - - lastPage = getLastPage(type,Settings,""); // check 'name' - setPageButtons(curPage,lastPage); - - } else if ( type == "audRep" ) { - - formHelp = audHelp; - list reportList = []; - integer key = 1; - Settings["page"] = "1"; - Settings["audArch"] = "1"; - Settings["turnPage"] = "1"; - Settings["file"] = logFile; - - list db = (list ) SCR::Read (.reports_confined, Settings); - - foreach ( map repdata, db, { - reportList = add( reportList, `item( `id(key), repdata["host"]:nil, - repdata["date"]:nil, repdata["prog"]:nil, repdata["prof"]:nil, - repdata["pid"]:nil, repdata["state"]:nil, repdata["type"]:nil )); - key = key + 1; - }); - - lastPage = getLastPage(type,Settings,""); - string slastPage = tostring(lastPage); - - Wizard::SetContentsButtons( _("Applications Audit Report"), - displayRep(type,curPage,slastPage,reportList), formHelp, Label::BackButton(), - _("&Done") ); - setPageButtons(curPage,lastPage); - - } else if ( type == "essRep" ) { - - formHelp = essHelp; - list reportList = []; - integer key = 1; - Settings["file"] = logFile; - Settings["essArch"] = "1"; - - list db = (list ) SCR::Read (.reports_ess, Settings); - - foreach ( map repdata, db, { - reportList = add( reportList, `item( `id(key), repdata["host"]:nil, - repdata["startdate"]:nil, repdata["enddate"]:nil, repdata["numRejects"]:nil, - repdata["numEvents"]:nil, repdata["sevMean"]:nil, repdata["sevHi"]:nil )); - key = key + 1; - }); - - lastPage = getLastPage(type,Settings,""); - string slastPage = tostring(lastPage); - - Wizard::SetContentsButtons( _("Executive Security Summary Report"), - displayRep(type,curPage,slastPage,reportList), formHelp, Label::BackButton(), - _("&Done") ); - setPageButtons(curPage,lastPage); - - } else { - Popup::Error( _("No recognized report type selected. Try again.") ); - continue; - } - - } else if ( archId == `goto ) { - - integer newPage = popUpGoto(lastPage); - - if ( newPage > 0 && newPage <= lastPage && newPage != curPage ) { - curPage = newPage; - - term fwdForm = turnArchReportPage(curPage,lastPage); - Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, runHelp, Label::BackButton(), _("&Done") ); - setPageButtons(curPage,lastPage); - } - - } else if ( archId == `psort ) { - - string sortKey = popUpSort(type); - - if ( sortKey != nil && sortKey != "" ) { - curPage = 1; - map sortCmd = $[]; - sortCmd["sortKey"] = sortKey; - sortCmd["sort"] = "1"; - any junk = SCR::Write(.logparse, sortCmd); - term fwdForm = turnArchReportPage(curPage,lastPage); - Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, runHelp, Label::BackButton(), _("&Done") ); - setPageButtons(curPage,lastPage); - } - - } else if ( archId == `fwd ) { - - curPage = curPage +1; - term fwdForm = turnArchReportPage(curPage,lastPage); - Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, formHelp, Label::BackButton(), _("&Done") ); - - setPageButtons(curPage,lastPage); - - - } else if ( archId == `prev ) { - - if ( curPage > 0 ) { curPage = curPage -1; } - term prevForm = turnArchReportPage(curPage,lastPage); - Wizard::SetContentsButtons( _("AppArmor Report"), prevForm, formHelp, Label::BackButton(), _("&Done") ); - - setPageButtons(curPage,lastPage); - - } else if ( archId == `first ) { - - curPage = 1; - term firstForm = turnArchReportPage(curPage,lastPage); - Wizard::SetContentsButtons( _("AppArmor Report"), firstForm, formHelp, Label::BackButton(), _("&Done") ); - setPageButtons(curPage,lastPage); - - } else if ( archId == `last ) { - - curPage = lastPage; - term lastForm = turnArchReportPage(curPage,lastPage); - Wizard::SetContentsButtons( _("AppArmor Report"), lastForm, formHelp, Label::BackButton(), _("&Done") ); - setPageButtons(curPage,lastPage); - - } else { - y2error("Unexpected return code: %1", archId); - continue; - } - //break; - } - - if (archId != `back && archId != `abort && archId != `done) { - archId = `back; - } - - return (symbol) archId; -} - -// The main form for On-Demand reports, executed from the wizard by selecting 'Run Now' -define symbol displayRunForm() { - - integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); - string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "")); - - string type = ""; - - if (name == "Security.Incident.Report") { - type = "sir"; - } else if (name == "Applications.Audit") { - type = "aud"; - } else if ( name == "Executive.Security.Summary") { - type = "ess"; - } else { - type = "sir"; // All added reports are SIRs - } - - if ( type != "aud" ) { - boolean dbActivated = checkEventDb(); - if ( dbActivated == false ) { - type = "noDb"; - } - } - - list reportList = []; - map Settings = $[ ]; - integer curPage = 1; - integer lastPage = 1; - string slastPage = "1"; - - string formHelp = runHelp; - map reportdata = nil; - - if (type == "sir") { - - Settings = filterConfigForm(name); - - // Force an exit if appropriate - any breakCheck = Settings["break"]:nil; - - if ( breakCheck == "abort" ) { - symbol myBreak = `abort; - return myBreak; - - } else if ( breakCheck == "back" ) { - symbol myBreak = `back; - return myBreak; - } - - formHelp = sirHelp; - Settings["type"] = "onDemand"; - Settings["turnPage"] = "0"; - - reportList = getReportList("sir",Settings); - integer listSize = size(reportList); - if ( listSize < 1 ) { - type = "noList"; - } - - } else if ( type == "aud" ) { - - formHelp = audHelp; - Settings["type"] = "onDemand"; - Settings["turnPage"] = "0"; - - list db = (list ) SCR::Read (.reports_confined, Settings); - - integer key = 1; - - foreach ( map repdata, db, { - reportList = add( reportList, `item( `id(key), repdata["host"]:nil, - repdata["date"]:nil, repdata["prog"]:nil, repdata["prof"]:nil, - repdata["pid"]:nil, repdata["state"]:nil, repdata["type"]:nil )); - key = key + 1; - }); - - } else if ( type == "ess" ) { - - formHelp = essHelp; - Settings["type"] = "onDemand"; - Settings["turnPage"] = "0"; - list db = (list ) SCR::Read (.reports_ess, Settings); - - if (db != nil) { - - integer key = 1; - - foreach ( map repdata, db, { - reportList = add( reportList, `item( `id(key), repdata["host"]:nil, - repdata["startdate"]:nil, repdata["enddate"]:nil, - repdata["numRejects"]:nil, repdata["numEvents"]:nil, repdata["sevMean"]:nil, - repdata["sevHi"]:nil )); - key = key + 1; - }); - } - - } - - if ( type == "noDb" ) { - Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayEmptyRep(type), - formHelp, Label::BackButton(), _("&Done") ); - } else if ( type == "noList" ) { - Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayEmptyRep(type), - formHelp, Label::BackButton(), _("&Done") ); - } else { - - lastPage = getLastPage(type,Settings,name); - slastPage = tostring(lastPage); - - Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), - displayRep(type,curPage,slastPage,reportList), formHelp, - Label::BackButton(), _("&Done") ); - setPageButtons(curPage,lastPage); - } - - map event = $[]; - any id = nil; - - while( true ) { - - // Grey out inappropriate paging buttons - if (curPage <= 1 ) { - UI::ChangeWidget(`id(`prev), `Enabled, false); - } else if ( curPage >= lastPage ) { - UI::ChangeWidget(`id(`fwd), `Enabled, false); - } - - event = UI::WaitForEvent( timeout_millisec ); - id = event["ID"]:nil; // We'll need this often - cache it - - // REDO - if ( id == `schedrep ) { - break; - } else if ( id == `abort || id == `cancel || id == `back || id == `done) { - break; - } else if ( id == `next ) { - - break; - - } else if ( id == `goto ) { - - integer newPage = popUpGoto(lastPage); - - if ( newPage > 0 && newPage <= lastPage && newPage != curPage ) { - curPage = newPage; - - term goForm = turnReportPage(name,curPage,slastPage,Settings); - Wizard::SetContentsButtons( _("AppArmor - Run Reports"), goForm, - formHelp, Label::BackButton(), _("&Done") ); - setPageButtons(curPage,lastPage); - } - - } else if ( id == `psort ) { - - string sortKey = popUpSort(type); - - if ( sortKey != nil && sortKey != "" ) { - - // branch added 08.01.2005 - curPage = 1; - Settings["type"] = "onDemand"; - Settings["turnPage"] = "0"; - Settings["sortKey"] = sortKey; - - reportList = getReportList(type,Settings); - - Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayRep(type,curPage, - slastPage,reportList), formHelp, Label::BackButton(), _("&Done") ); - setPageButtons(curPage,lastPage); - - } - - } else if ( id == `prev ) { - - if ( curPage > 0 ) { curPage = curPage -1; } - term prevForm = turnReportPage(name,curPage,slastPage,Settings); - Wizard::SetContentsButtons( _("AppArmor - Run Reports"), prevForm, - formHelp, Label::BackButton(), _("&Done") ); - setPageButtons(curPage,lastPage); - - } else if ( id == `fwd ) { - curPage = curPage + 1; - term fwdForm = turnReportPage(name,curPage,slastPage,Settings); - Wizard::SetContentsButtons( _("AppArmor - Run Reports"), fwdForm, - formHelp, Label::BackButton(), _("&Done") ); - setPageButtons(curPage,lastPage); - - } else if ( id == `first ) { - - curPage = 1; - slastPage = tostring(lastPage); - term firstForm = turnReportPage(name,curPage,slastPage,Settings); - Wizard::SetContentsButtons( _("AppArmor - Run Reports"), firstForm, formHelp, - Label::BackButton(), _("&Done") ); - setPageButtons(curPage,lastPage); - - } else if ( id == `last ) { - - curPage = lastPage; - slastPage = tostring(lastPage); - term lastForm = turnReportPage(name,curPage,slastPage,Settings); - Wizard::SetContentsButtons( _("AppArmor - Run Reports"), lastForm, formHelp, - Label::BackButton(), _("&Done") ); - setPageButtons(curPage,lastPage); - - } else { - y2error("Unexpected return code: %1", id); - continue; - } - - } - - type = ""; - return (symbol) id; -} - -define void addSchedForm() { - - map Settings = $[ ]; - string readSched = "1"; - Settings["getcron"] = "1"; - Settings["readSched"] = "1"; - Settings["type"] = "schedRep"; - - string expPath = "/var/log/apparmor/reports-exported"; - - UI::OpenDialog( - - `ReplacePoint( `id(`addSchedRep), `VBox( - `Label( _("Add Scheduled SIR") ), - `VSpacing(1), - `TextEntry(`id(`name), _("Report Name")), - `VSpacing(1), - `HBox( - `ComboBox(`id(`monthdate), `opt(`notify), _("Day of Month"), [ - `item(`id(`md_00), _("All")), - `item(`id(`md_01), "1"), `item(`id(`md_02), "2"), `item(`id(`md_03), "3"), - `item(`id(`md_04), "4"), `item(`id(`md_05), "5"), `item(`id(`md_06), "6"), - `item(`id(`md_07), "7"), `item(`id(`md_08), "8"), `item(`id(`md_09), "9"), - `item(`id(`md_10), "10"), `item(`id(`md_11), "9"), `item(`id(`md_12), "12"), - `item(`id(`md_13), "13"), `item(`id(`md_14), "14"), `item(`id(`md_15), "15"), - `item(`id(`md_16), "16"), `item(`id(`md_17), "17"), `item(`id(`md_18), "18"), - `item(`id(`md_19), "19"), `item(`id(`md_20), "20"), `item(`id(`md_21), "21"), - `item(`id(`md_22), "22"), `item(`id(`md_23), "23"), `item(`id(`md_24), "24"), - `item(`id(`md_25), "25"), `item(`id(`md_26), "26"), `item(`id(`md_27), "27"), - `item(`id(`md_28), "28"), `item(`id(`md_29), "29"), `item(`id(`md_30), "30"), - `item(`id(`md_31), "31") ]), - `ComboBox(`id(`weekday), `opt(`notify), _("Day of Week"), [ - _("All"), _("Sun"), _("Mon"), _("Tue"), _("Wed"), _("Thu"), _("Fri"), _("Sat") - ]), - `IntField(`id(`hour), _("Hour"), 00, 23, 00), - `IntField(`id(`mins), _("Minute"), 00, 59, 00) - ), - `VSpacing(1), - `HBox( - `VSpacing(1), - `TextEntry(`id(`email1), `opt(`notify), _("Email Target 1"), ""), - `TextEntry(`id(`email2), `opt(`notify), _("Email Target 2"), ""), - `TextEntry(`id(`email3), `opt(`notify), _("Email Target 3"), "") - ), - `VSpacing(1), - `HBox( - `VSpacing(0.5), - `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [ - _("None"), _("csv"), _("html"), _("Both") - ]), - `TextEntry(`id(`expPath), _("Location to store log."), expPath ), - `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) - ), - `VSpacing(1), - `HBox( - `PushButton(`id(`cancel), Label::CancelButton() ), - `PushButton(`id(`next), Label::NextButton() ) - ) - ))); - - string mode = "All"; - string sdmode = "R"; - integer timeout_millisec = 20 * 1000; - map event = $[]; - any addInput = nil; - - while( true ) { - - event = UI::WaitForEvent( timeout_millisec ); - addInput = event["ID"]:nil; // We'll need this often - cache it - - - if ( addInput == `monthdate && addInput != 0 ) { - UI::ChangeWidget(`id(`weekday), `Value, _("All") ); - } else if ( addInput == `weekday && addInput != _("All") ) { - UI::ChangeWidget(`id(`monthdate), `Value, _("All") ); - } - - if ( addInput == `next ) { - - // Check for valid path - expPath = (string) UI::QueryWidget(`id(`expPath), `Value); - map fileTest = $[]; - fileTest["checkFile"] = "1"; - fileTest["file"] = expPath; - - any pathExists = SCR::Read(.reports_parse, fileTest); - string spath = tostring(pathExists); - - if ( spath != "1" ) { - Popup::Error(_("The specified directory does not exist.")); - UI::ChangeWidget(`id(`expPath), `Value, oldExpPath); - } else { - - Settings["expPath"] = expPath; - UI::ChangeWidget(`id(`expPath), `Value, expPath); - - string name = (string) UI::QueryWidget(`id(`name), `Value); - string monthdate = (string) UI::QueryWidget(`id(`monthdate), `Value); - string weekday = (string) UI::QueryWidget(`id(`weekday), `Value); - any iHours = (any) UI::QueryWidget(`id(`hour), `Value); - any iMins = (any) UI::QueryWidget(`id(`mins), `Value); - string email1 = (string) UI::QueryWidget(`id(`email1), `Value); - string email2 = (string) UI::QueryWidget(`id(`email2), `Value); - string email3 = (string) UI::QueryWidget(`id(`email3), `Value); - - //string monthdate = tostring( iMonthdate ); - string hour = tostring( iHours ); - string mins = tostring( iMins ); - - string expType = (string) UI::QueryWidget(`id(`expType), `Value); - - if ( expType == _("csv") || expType == _("Both") ) { - Settings["csv"] = "1"; - } - - if ( expType == _("html") || expType == _("Both") ) { - Settings["html"] = "1"; - } - - if ( weekday == _("All") ) { weekday = "-"; } - if ( monthdate == _("All") ) { monthdate = "-"; } - - // de-i18n - if ( weekday == _("Mon") ) { weekday = "Mon"; } - if ( weekday == _("Tue") ) { weekday = "Tue"; } - if ( weekday == _("Weds") ) { weekday = "Weds"; } - if ( weekday == _("Thu") ) { weekday = "Thu"; } - if ( weekday == _("Fri") ) { weekday = "Fri"; } - if ( weekday == _("Sat") ) { weekday = "Sat"; } - if ( weekday == _("Sun") ) { weekday = "Sun"; } - - Settings["add"] = "1"; - Settings["name"] = name; - Settings["monthdate"] = monthdate; - Settings["weekday"] = weekday; - Settings["hour"] = hour; - Settings["mins"] = mins; - Settings["email1"] = email1; - Settings["email2"] = email2; - Settings["email3"] = email3; - - // Confirm reasonable input on report names - string checkName = filterchars(name, "`~!@#$%^&*()[{]};:'\",<>?/\|"); - integer nameLength = size(name); - - if ( regexpmatch(name, " ") == true ) { - Popup::Error( _("Only one contiguous space allowed in report names.")); - } else if ( checkName != "" ) { - Popup::Error( _("These characters are not allowed in report names: - \"`~!@#$%^&*()[{]};:'\",<>?/\|\"") ); - } else if ( nameLength > 128 ) { - Popup::Error( _("Only 128 characters are allowed in report names.")); - } else { - boolean uniqueName = findDupe(name); - if ( uniqueName == true ) { - UI::ReplaceWidget(`addSchedRep, schedFilterForm ); - } else { - Popup::Error( _("Each report name should be unique.") ); - } - }} - - } else if ( addInput == `sdmode ) { - - sdmode = popUpSdMode(); - - if (sdmode != "") { - Settings["sdmode"] = sdmode; - UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) )); - } - - } else if ( addInput == `mode ) { - - mode = popUpMode(); - - if (mode != "") { - Settings["mode"] = mode; - UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode )) ); - } - - } else if (addInput == `save ) { - - string prog = (string) UI::QueryWidget(`id(`prog), `Value); - string prof = (string) UI::QueryWidget(`id(`prof), `Value); - string pid = (string) UI::QueryWidget(`id(`pid), `Value); - string res = (string) UI::QueryWidget(`id(`res), `Value); - string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); - string mode = (string) UI::QueryWidget(`id(`mode), `Label); - string sev = (string) UI::QueryWidget(`id(`sev), `Value); - string expType = (string) UI::QueryWidget(`id(`expType), `Value); - - if ( expType == "csv" ) { - Settings["exporttext"] = "1"; - } else if ( expType == "html" ) { - Settings["exporthtml"] = "1"; - } else if ( expType == "both" ) { - Settings["exporttext"] = "1"; - Settings["exporthtml"] = "1"; - } - - if ( sev == _("All") ) { sev = "-"; } - - Settings["getcron"] = ""; - Settings["prog"] = prog; - Settings["prof"] = prof; - Settings["pid"] = pid; - Settings["sev"] = sev; - Settings["res"] = res; - Settings["sdmode"] = humanStringToMode( sdmode ); - Settings["mode"] = humanStringToMode( mode ); - - any error = (any) SCR::Write(.reports_sched, Settings); - - if (is(error, string)) { - string erStr = tostring(error); - Popup::Error("Error: " + erStr); - } - - addInput = `close; - break; - - } else if ( addInput == `accept ) { - - expPath = (string) UI::QueryWidget(`id(`expPath), `Value); - map fileTest = $[]; - fileTest["checkFile"] = "1"; - fileTest["file"] = expPath; - - any pathExists = SCR::Read(.reports_parse, fileTest); - string spath = tostring(pathExists); - - if ( spath == "1" ) { - Settings["expPath"] = expPath; - UI::ChangeWidget(`id(`expPath), `Value, expPath); - } else { - Popup::Error(_("The specified directory does not exist.")); - } - - } else if ( addInput == `browse ) { - - string selectFile = ""; - selectFile = UI::AskForExistingDirectory( "/", _("Select Directory")); - - if ( selectFile != nil ) { - UI::ChangeWidget(`id(`expPath), `Value, selectFile); - } - - Settings["expPath"] = expPath; - - } else if ( addInput == `cancel || addInput == `close ) { - - addInput = `close; - break; - } - } - - UI::CloseDialog(); - - return; -} - -define void editSchedForm() { - - integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); - string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "")); - - map Settings = $[ ]; - string readSched = "1"; - Settings["name"] = name; - Settings["getcron"] = ""; - Settings["getrep"] = "1"; - Settings["readSched"] = "1"; - Settings["type"] = "schedRep"; - - list itemList = []; - integer key = 1; - - map db = nil; - db = (map) SCR::Read (.reports_sched, Settings ); - string sname = name; // Don't know why this was pulled from db instead of name above - any amday = db["mday"]:nil; - any wday = db["wday"]:nil; - any shour = db["hour"]:nil; - any smins = db["mins"]:nil; - - string oldRepName = sname; - string swday = "All"; - string monthdate = "All"; - - if (amday != nil) { monthdate = tostring(amday); } - if (wday != nil) { swday = tostring(wday); } - - integer ihour = 23; - integer imins = 59; - if (shour != nil) { ihour = tointeger(shour); } - if (smins != nil) { imins = tointeger(smins); } - - // Get reports.conf info - Settings["getrep"] = ""; - Settings["getconf"] = "1"; - map db2 = nil; - db2 = (map) SCR::Read (.reports_sched, Settings ); - - any aemail1 = db2["addr1"]:nil; - any aemail2 = db2["addr2"]:nil; - any aemail3 = db2["addr3"]:nil; - any tmpPath = db2["exportpath"]:nil; - - string email1 = ""; - string email2 = ""; - string email3 = ""; - - string expType = ""; - string expPath = "/var/log/apparmor/reports-exported"; - if ( tmpPath != nil ) { - oldExpPath = tostring(tmpPath); - expPath = oldExpPath; - } else { - oldExpPath = defExpPath; - expPath = oldExpPath; - } - - if (aemail1 != nil) { email1 = tostring(aemail1); } - if (aemail2 != nil) { email2 = tostring(aemail2); } - if (aemail3 != nil) { email3 = tostring(aemail3); } - - /* Get Filtering Info for Report */ - any aprog = db2["prog"]:nil; - any aprof = db2["prof"]:nil; - any apid = db2["pid"]:nil; - any ares = db2["res"]:nil; - any asev = db2["severity"]:nil; - any asdmode = db2["sdmode"]:nil; - any amode = db2["mode"]:nil; - any acsv = db2["csv"]:nil; - any ahtml = db2["html"]:nil; - - /* debug */ - if ( aprog != nil ) { Settings["prog"] = tostring(aprog); } - if ( aprof != nil ) { Settings["prof"] = tostring(aprof); } - if ( apid != nil ) { Settings["pid"] = tostring(apid); } - if ( ares != nil ) { Settings["res"] = tostring(ares); } - if ( asev != nil ) { Settings["sev"] = tostring(asev); } - if ( asdmode != nil ) { Settings["sdmode"] = tostring(asdmode); } - if ( asdmode == nil || asdmode == "-" ) { - Settings["sdmode"] = "All"; - } - if ( amode != nil ) { Settings["mode"] = tostring(amode); } - - if ( acsv != nil && ahtml != nil ) { - expType = "Both"; - Settings["csv"] = "1"; - Settings["html"] = "1"; - } else if ( acsv != nil && ahtml == nil ) { - expType = "csv"; - Settings["csv"] = "1"; - Settings["html"] = ""; - } else if ( acsv == nil && ahtml != nil ) { - expType = "html"; - Settings["csv"] = ""; - Settings["html"] = "1"; - } else if ( acsv == nil && ahtml == nil ) { - expType = "None"; - Settings["csv"] = ""; - Settings["html"] = ""; - } - - // Special handling for sev - string formatSev = ""; - if ( asev != nil ) { formatSev = tostring(asev); } - if ( formatSev != "" && formatSev != "U" && formatSev != "All" && formatSev != nil) { - formatSev = "0" + formatSev; - } - - term continueBtns = - - `HBox( - `PushButton(`id(`cancel), Label::CancelButton() ), - `PushButton(`id(`fwd), _("N&ext") ) - ); - - - // We need secondary filters for SIR reports only - if ( sname == "Executive.Security.Summary" || sname == "Applications.Audit" ) { - - continueBtns = - `HBox( - `PushButton(`id(`cancel), Label::CancelButton() ), - `PushButton(`id(`save), Label::SaveButton() ) - ); - - } - - string edLabel = _("Edit Report Schedule for ") + typeToHumanString(sname); - - UI::OpenDialog( - - `ReplacePoint( `id(`editSchedRep), - - `VBox( - `HBox( `Label(`id(`edname), edLabel) ), - `VSpacing(1), - `HBox( - `ComboBox(`id(`monthdate), `opt(`notify), _("Day of Month"), [ - `item(`id(`md_00), _("All")), - `item(`id(`md_01), "1"), `item(`id(`md_02), "2"), `item(`id(`md_03), "3"), - `item(`id(`md_04), "4"), `item(`id(`md_05), "5"), `item(`id(`md_06), "6"), - `item(`id(`md_07), "7"), `item(`id(`md_08), "8"), `item(`id(`md_09), "9"), - `item(`id(`md_10), "10"), `item(`id(`md_11), "11"), `item(`id(`md_12), "12"), - `item(`id(`md_13), "13"), `item(`id(`md_14), "14"), `item(`id(`md_15), "15"), - `item(`id(`md_16), "16"), `item(`id(`md_17), "17"), `item(`id(`md_18), "18"), - `item(`id(`md_19), "19"), `item(`id(`md_20), "20"), `item(`id(`md_21), "21"), - `item(`id(`md_22), "22"), `item(`id(`md_23), "23"), `item(`id(`md_24), "24"), - `item(`id(`md_25), "25"), `item(`id(`md_26), "26"), `item(`id(`md_27), "27"), - `item(`id(`md_28), "28"), `item(`id(`md_29), "29"), `item(`id(`md_30), "30"), - `item(`id(`md_31), "31") - ]), - `ComboBox(`id(`weekday), `opt(`notify), _("Day of Week"), [ - _("All"), _("Sun"), _("Mon"), _("Tue"), _("Wed"), _("Thu"), _("Fri"), _("Sat") - ]), - `IntField(`id(`hour), _("Hour"), 0, 23, ihour), - `IntField(`id(`mins), _("Minute"), 0, 59, imins) - ), - `VSpacing(1), - `HBox( - `VSpacing(1), - `TextEntry(`id(`email1), `opt(`notify), _("Email Target 1"), email1), - `TextEntry(`id(`email2), `opt(`notify), _("Email Target 2"), email2), - `TextEntry(`id(`email3), `opt(`notify), _("Email Target 3"), email3) - ), - `VSpacing(1), - `HBox( - `VSpacing(0.5), - - // DWR MOD `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [ - `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [ - _("None"), _("csv"), _("html"), _("Both") - ]), - `TextEntry(`id(`expPath), _("Location to store log."), expPath ), - `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) )) - ), - `VSpacing(1), - continueBtns - ))); - - /**************************************************/ - string mode = _("All"); - string sdmode = _("R"); - - integer timeout_millisec = 20 * 1000; - map event = $[]; - any editInput = nil; - //map Settings = $[ ]; - - //Cheap & easy way to give default value to ComboBox - if (swday != _("All") ) { - UI::ChangeWidget(`id(`weekday), `Value, swday); - } - - if ( monthdate != _("All") ) { - UI::ChangeWidget(`id(`monthdate), `Value, monthdate); - } - - if ( expType != _("None") ) { - UI::ChangeWidget(`id(`expType), `Value, expType); - } - - while( true ) { - - event = UI::WaitForEvent( timeout_millisec ); - editInput = event["ID"]:nil; // We'll need this often - cache it - - if ( editInput == `monthdate && editInput != 0 ) { - UI::ChangeWidget(`id(`weekday), `Value, _("All") ); - } else if ( editInput == `weekday && editInput != _("All") ) { - UI::ChangeWidget(`id(`monthdate), `Value, _("All") ); - } - - if ( editInput == `fwd ) { - - string email1 = (string) UI::QueryWidget(`id(`email1), `Value); - string email2 = (string) UI::QueryWidget(`id(`email2), `Value); - string email3 = (string) UI::QueryWidget(`id(`email3), `Value); - - string spath = "0"; - - expPath = (string) UI::QueryWidget(`id(`expPath), `Value); - map fileTest = $[]; - fileTest["checkFile"] = "1"; - fileTest["file"] = expPath; - - any pathExists = SCR::Read(.reports_parse, fileTest); - spath = tostring(pathExists); - Settings["expPath"] = expPath; - - if ( spath == "1" ) { - - Settings = getSchedSettings(Settings); - UI::ReplaceWidget(`editSchedRep, editFilterForm(Settings) ); - - // Special handling for ComboBoxes (sev) - if ( formatSev != "" ) { UI::ChangeWidget(`id(`sev), `Value, formatSev); } - - } else { - Popup::Error(_("The specified directory does not exist.")); - UI::ChangeWidget(`id(`expPath), `Value, oldExpPath); - } - - } else if ( editInput == `sdmode ) { - - sdmode = popUpSdMode(); - - if ( sdmode != "" ) { - Settings["sdmode"] = sdmode; - UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) )); - } - - } else if ( editInput == `mode ) { - - mode = popUpMode(); - if ( mode != "" ) { - Settings["mode"] = mode; - UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode ))); - } - - } else if ( editInput == `browse ) { - - string selectFile = ""; - selectFile = UI::AskForExistingDirectory( "/", _("Select Directory")); - - if ( selectFile != nil ) { - UI::ChangeWidget(`id(`expPath), `Value, selectFile); - } - - Settings["expPath"] = expPath; - - } else if ( editInput == `close || editInput == `cancel ) { - break; - } else if ( editInput == `save ) { - - string spath = "0"; - - if ( sname == "Executive.Security.Summary" || sname == "Applications.Audit" ) { - - expPath = (string) UI::QueryWidget(`id(`expPath), `Value); - map fileTest = $[]; - fileTest["checkFile"] = "1"; - fileTest["file"] = expPath; - - any pathExists = SCR::Read(.reports_parse, fileTest); - spath = tostring(pathExists); - Settings["expPath"] = expPath; - } else { - // SIR Reports already checked - spath = "1"; - } - - if ( spath != "1" ) { - Popup::Error(_("The specified directory does not exist.")); - UI::ChangeWidget(`id(`expPath), `Value, oldExpPath); - } else { - - - if ( sname != "Executive.Security.Summary" && sname != "Applications.Audit" ) { - - string prog = (string) UI::QueryWidget(`id(`prog), `Value); - string prof = (string) UI::QueryWidget(`id(`prof), `Value); - string pid = (string) UI::QueryWidget(`id(`pid), `Value); - string res = (string) UI::QueryWidget(`id(`res), `Value); - string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label); - string mode = (string) UI::QueryWidget(`id(`mode), `Label); - string sev = (string) UI::QueryWidget(`id(`sev), `Value); - - Settings["prog"] = prog; - Settings["prof"] = prof; - Settings["pid"] = pid; - Settings["sev"] = sev; - Settings["res"] = res; - Settings["sdmode"] = humanStringToMode( sdmode ); - Settings["mode"] = humanStringToMode( mode ); - - } else { - - string email1 = (string) UI::QueryWidget(`id(`email1), `Value); - string email2 = (string) UI::QueryWidget(`id(`email2), `Value); - string email3 = (string) UI::QueryWidget(`id(`email3), `Value); - - Settings = getSchedSettings(Settings); - } - - Settings["name"] = sname; - Settings["getconf"] = ""; - Settings["setconf"] = "1"; - - string expType = (string) UI::QueryWidget(`id(`expType), `Value); - - if ( expType == "csv" ) { - Settings["exporttext"] = "1"; - } else if ( expType == "html" ) { - Settings["exporthtml"] = "1"; - } else if ( expType == "both" ) { - Settings["exporttext"] = "1"; - Settings["exporthtml"] = "1"; - } - - any error = (any) SCR::Write(.reports_sched, Settings); - - if (is(error, string)) { - string erStr = tostring(error); - Popup::Error( _("Error: ") + erStr); - } - - break; - }} - // END - Save Dialog (editInput == `save) - } - - UI::CloseDialog(); - - //return (symbol) editInput; - return; -} - -define void delSchedForm() { - - integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); - string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "")); - - map Settings = $[ ]; - Settings["del"] = "1"; - Settings["name"] = name; - - UI::OpenDialog( - - `VBox( - `VSpacing(0.5), - `Label( _("Delete Confirmation") ), - `VSpacing(1), - `HBox( - `HSpacing( `opt(`hstretch), 0.75 ), - `Left(`HWeight( 0, `Label( _("Are you sure you want to delete: ") + name + _("?") ))) - ), - `VSpacing(1), - `HBox( - `PushButton(`id(`cancel), Label::CancelButton() ), - `PushButton(`id(`del), Label::DeleteButton() ) - ) - )); - - symbol delInput = `default; - - while ( delInput != `close ) { - - delInput = (symbol) UI::UserInput(); - - if ( delInput == `del ) { - SCR::Write(.reports_sched, Settings); - //any error = (any) SCR::Write(.reportsched, Settings); - break; - } else if (delInput == `close || delInput == `cancel) { - break; - } - } - - UI::CloseDialog(); - - return; - -} - -// Forces update of the table of available scheduled reports -define void updateSched() { - - map Settings = $[ ]; - string readSched = "1"; - Settings["getcron"] = "1"; - Settings["readSched"] = "1"; - Settings["type"] = "schedRep"; - - list itemList = []; - integer key = 1; - - list db = (list ) SCR::Read (.reports_sched, Settings); - - foreach ( map record, db, { - itemList = add( itemList, `item( `id(key), typeToHumanString( record["name"]:"" ), record["mday"]:nil, record["wday"]:nil, - record["hour"]:nil, record["mins"]:nil )); - key = key + 1; - }); - - term schedForm = - - `VBox( - `Label( _("Schedule Reports") ), - `VSpacing(2), - `HBox( - `VSpacing(10), - `Table(`id(`table), `opt(`notify), `header(_("Report Name"), - _("Day of Month"), _("Day of Week"), _("Hour"), _("Mins")), itemList) - ), - `VSpacing(0.5), - `HBox( - `PushButton(`id(`viewrep), _("View Archive") ), - `PushButton(`id(`runrep), _("Run Now") ) - ), - `HBox( - `PushButton(`id(`add), Label::AddButton() ), - `PushButton(`id(`edit), Label::EditButton() ), - `PushButton(`id(`delete), Label::DeleteButton() ) - ) - ); - - Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm, - mainHelp, Label::BackButton(), Label::NextButton() ); - - return; -} - -define symbol displaySchedForm() { - -// START - Move to separate Routine - START - - map Settings = $[ ]; - string readSched = "1"; - Settings["getcron"] = "1"; - Settings["readSched"] = "1"; - Settings["type"] = "schedRep"; - - list itemList = []; - integer key = 1; - - list db = (list ) SCR::Read (.reports_sched, Settings); - - foreach ( map record, db, { - itemList = add( itemList, `item( `id(key), typeToHumanString( record["name"]:""), record["mday"]:nil, record["wday"]:nil, - record["hour"]:nil, record["mins"]:nil )); - key = key + 1; - }); - - term schedForm = - - `Frame( `id(`dosched), _("Schedule Reports"), - `VBox( - `VSpacing(2), - `HBox( - `VSpacing(10), - `Table(`id(`table), `opt(`notify), `header(_("Report Name"), - _("Day of Month"), _("Day of Week"), _("Hour"), _("Mins")), - itemList) - ), - `VSpacing(0.5), - `HBox( - `PushButton(`id(`viewrep), _("View Archive") ), - `PushButton(`id(`runrep), _("Run Now") ) - ), - `HBox( - `PushButton(`id(`add), Label::AddButton() ), - `PushButton(`id(`edit), Label::EditButton() ), - `PushButton(`id(`delete), Label::DeleteButton() ) - )) - ); - - Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm, - mainHelp, Label::BackButton(), _("&Done") ); - - // Double-click tracking - integer newRecord = nil; - integer lastRecord = nil; - - map event = $[]; - any id = nil; - while( true ) { - - event = UI::WaitForEvent( timeout_millisec ); - - id = event["ID"]:nil; // We'll need this often - cache it - - if ( id == `schedrep ) { - - break; - - } else if ( id == `abort || id == `cancel || id == `done ) { - break; - } else if ( id == `back ) { - break; - } else if ( id == `runrep || id == `viewrep ) { - break; - } else if ( id == `next ) { - id = `done; - break; - } else if ( id == `add ) { - addSchedForm(); - Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm, mainHelp, Label::BackButton(), Label::NextButton() ); - updateSched(); - continue; - - } else if ( id == `edit ) { - editSchedForm(); - updateSched(); - continue; - - } else if ( id == `delete ) { - - integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); - string repName = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "")); - - if ( repName == "Executive.Security.Summary" || repName == "Applications.Audit" || repName == "Security.Incident.Report" ) { - Popup::Error( _("Cannot delete a stock report.") ); - } else { - - delSchedForm(); - updateSched(); - } - - continue; - - } else if ( id == `table ) { - - newRecord = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); - - if ( newRecord == lastRecord ) { - //editSchedForm(); - //updateSched(); - id = `runrep; - break; - newRecord = 0; - } - - lastRecord = newRecord; - - } else { - y2error("Unexpected return code: %1", id); - continue; - } - } - - return (symbol) id; -} - - -} - - --- a/src/include/subdomain/reporting_utils.ycp +++ /dev/null @@ -1,609 +0,0 @@ -/* ------------------------------------------------------------------ -* -* Copyright (C) 2002-2005 Novell/SUSE -* -* This program is free software; you can redistribute it and/or -* modify it under the terms of version 2 of the GNU General Public -* License published by the Free Software Foundation. -* - ------------------------------------------------------------------*/ -{ - -import "Wizard"; -import "Popup"; -import "Label"; -include "subdomain/report_helptext.ycp"; -textdomain "yast2-apparmor"; - -define boolean checkEventDb() { - - boolean dbActivated = false; - map args = $[]; - args["checkDb"] = "1"; - - any dbCheck = (any) SCR::Read( .reports_parse, args); - integer dbOn = tointeger(dbCheck); - - if ( dbOn == 1 ) { - dbActivated = true; - } - - return dbActivated; -} - -define boolean findDupe(string name) { - - boolean unique = false; - map args = $[ ]; - args["name"] = name; - args["getdupe"] = "1"; - any aDupe = (any) SCR::Read (.reports_sched, args ); - - if ( aDupe == "" || aDupe == nil ) { - unique = true; // bad, but try for a non-breaking failure - } else if ( aDupe == 1 ) { - unique = false; - } else { - unique = true; - } - - return unique; -} - -define string unI18n(string weekday) { - - if ( weekday == _("Mon") ) { weekday = "Mon"; } - if ( weekday == _("Tue") ) { weekday = "Tue"; } - if ( weekday == _("Wed") ) { weekday = "Wed"; } - if ( weekday == _("Thu") ) { weekday = "Thu"; } - if ( weekday == _("Fri") ) { weekday = "Fri"; } - if ( weekday == _("Sat") ) { weekday = "Sat"; } - if ( weekday == _("Sun") ) { weekday = "Sun"; } - - return weekday; -} - -/* Possible 'type's for getLastPage() && getLastSirPage() - - displayArchForm(): type = sirRep || audRep || essRep - - displayRunForm(): type = sir || aud || ess -*/ - -// Return last page number of post-filtered report -define integer getLastPage(string type, map Settings, string name) { - - if ( type == "sir" || type == "sirRep" ) { - if ( name != nil && name != "" ) { - Settings["name"] = name; - } else { - y2error(_("No name provided for retrieving SIR report page count.")); - return 1; // return a page count of 1 - } - } - - Settings["type"] = type; - Settings["getLastPage"] = "1"; - map page = $[]; - page = (map) SCR::Read (.reports_parse, Settings); - integer lastPage = page["numPages"]:1; - - return lastPage; -} - -define boolean CheckDate( integer day, integer month, integer year ) ``{ - - list mdays = [ 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 ]; - boolean ret = true; - - if (year == nil || month == nil || day == nil) - return false; - - ret = ret && month>=1 && month<=12; - - if( year%4==0 && (year%100!=0 || year%400==0)) { - mdays[1] = 29; - } - - ret = ret && day>=1 && day<=mdays[month-1]:0; - ret = ret && year>=1970 && year<2032; - return( ret ); - -} - -// Make the table for displaying report data -define term makeSirTable (list reportList) { - term myTable = - `Table(`id(`table), `opt(`keepSorting, `immediate ), `header(_("Host"), - _("Date"), _("Program"), _("Profile"), _("PID"), _("Severity"), - _("Mode Request"), _("Mode Deny"), _("Detail"), _("Event Type"), - _("Operation"), _("Attribute"), _("Additional Name"), _("Net Family"), - _("Net Protocol"), _("Net Socket Type")), reportList - ); - return myTable; -} - -define integer popUpGoto(integer lastPage) { - - UI::OpenDialog( - `VBox( - `HBox( - `TextEntry(`id(`gotoPage), _("Enter a Page to Move to."), "") - ), - `HBox( - `PushButton(`id(`abort), `opt(`notify), Label::AbortButton() ), - `PushButton(`id(`save), `opt(`notify), Label::SaveButton() ) - ) - ) - ); - - map event = $[]; - any id = nil; - integer igoto = nil; - - while( true ) { - - event = UI::WaitForEvent(); - id = event["ID"]:nil; - - if ( id == `abort || id == `close || id == `cancel ) { - - break; - - } else if ( id == `save ) { - - any agoto = UI::QueryWidget(`id(`gotoPage), `Value); - igoto = tointeger(agoto); - - if ( igoto == nil || igoto < 1 || igoto > lastPage ) { - - Popup::Message("You must enter a value between 1 and " + lastPage + "."); - - } else { - - break; - - } - } - } - - UI::CloseDialog(); - - return igoto; -} - -define string getSortId(string type, any sortId) { - - string sortKey = ""; - - - if ( type == "aud" || type == "audRep") { - - if ( sortId == 0 ) { - sortKey = "prog"; - } else if ( sortId == 1 ) { - sortKey = "profile"; - } else if ( sortId == 2 ) { - sortKey = "pid"; - } else if ( sortId == 3 ) { - sortKey = "state"; - } else if ( sortId == 4 ) { - sortKey = "type"; - } - - } else if (type == "ess" || type == "essRep" ) { - - if ( sortId == 0 ) { - sortKey = "host"; - } else if ( sortId == 1 ) { - //sortKey = "date"; - sortKey = "numRejects"; - } else if ( sortId == 2 ) { - sortKey = "numEvents"; - } else if ( sortId == 3 ) { - sortKey = "sevMean"; - } else if ( sortId == 4 ) { - sortKey = "sevHi"; - } - - } else { - - if ( sortId == 0 ) { - sortKey = "host"; - } else if ( sortId == 1 ) { - //sortKey = "date"; - sortKey = "time"; - } else if ( sortId == 2 ) { - sortKey = "prog"; - } else if ( sortId == 3 ) { - sortKey = "profile"; - } else if ( sortId == 4 ) { - sortKey = "pid"; - } else if ( sortId == 5 ) { - sortKey = "resource"; - } else if ( sortId == 6 ) { - sortKey = "severity"; - } else if ( sortId == 7 ) { - sortKey = "sdmode"; - } else if ( sortId == 8 ) { - sortKey = "mode"; - } - - } - - return sortKey; -} - -// Get the name of the filter (header column) to sort by -define string popUpSort(string type) { - - term btnList = nil; - - if ( type == "aud" || type == "audRep") { - btnList = - `VBox( - `Left(`RadioButton(`id(0), _("Program") )), - `Left(`RadioButton(`id(1), _("Profile") )), - `Left(`RadioButton(`id(2), _("PID") )), - `Left(`RadioButton(`id(3), _("State") )), - `Left(`RadioButton(`id(4), _("Type") )) - ); - - } else if (type == "ess" || type == "essRep" ) { - btnList = - `VBox( - `Left(`RadioButton(`id(0), _("Host") )), - `Left(`RadioButton(`id(1), _("Num. Rejects") )), - `Left(`RadioButton(`id(2), _("Num. Events") )), - `Left(`RadioButton(`id(3), _("Ave. Sev") )), - `Left(`RadioButton(`id(4), _("High Sev") )) - ); - } else { - - btnList = - `VBox( - // Sorting by host is no longer meaningful (due to sql changes) - //`Left(`RadioButton(`id(0), _("Host") )), - `Left(`RadioButton(`id(1), _("Date") )), - `Left(`RadioButton(`id(2), _("Program") )), - `Left(`RadioButton(`id(3), _("Profile") )), - `Left(`RadioButton(`id(4), _("PID") )), - `Left(`RadioButton(`id(5), _("Detail") )), - `Left(`RadioButton(`id(6), _("Severity") )), - `Left(`RadioButton(`id(7), _("Access Type") )), - `Left(`RadioButton(`id(8), _("Mode") )) - ); - } - - UI::OpenDialog( - `VBox( - `HBox( - //`HSpacing( `opt(`vstretch), 0.5), - `RadioButtonGroup(`id(`sortKey), - btnList - ) - ), - `HBox( - `PushButton(`id(`abort), Label::AbortButton() ), - `PushButton(`id(`save), Label::SaveButton() ) - ) - ) - ); - - map event = $[]; - any id = nil; - string sortKey = nil; - - while( true ) { - - event = UI::WaitForEvent(); - id = event["ID"]:nil; // We'll need this often - cache it - - if ( id == `abort || id == `cancel || id == `close) { - - break; - - } else if (id == `save ) { - - any sortId = UI::QueryWidget(`id(`sortKey), `CurrentButton); - - /* sortKey needs to match the hash reference names in parseEventLog() - && sortRecords() in Immunix::Reports.pm */ - - sortKey = getSortId(type,sortId); - break; - - } - } - - UI::CloseDialog(); - - return sortKey; - -} - -// Mode -define string popUpMode() { - - string checkMode = (string) UI::QueryWidget(`id(`mode), `Label); - list splitMode = splitstring (checkMode, " "); - string myMode = splitMode[size(splitMode)-1]:"All"; - - UI::OpenDialog( - `VBox( - `HBox( - `CheckBox(`id(`clear), `opt(`notify, `immediate ), _("All"), true), - `CheckBox(`id(`read), `opt(`notify, `immediate ), _("Read"), false), - `CheckBox(`id(`write), `opt(`notify, `immediate ), _("Write"), false), - `CheckBox(`id(`link), `opt(`notify, `immediate ), _("Link"), false), - `CheckBox(`id(`exec), `opt(`notify, `immediate ), _("Execute"), false), - `CheckBox(`id(`mmap), `opt(`notify, `immediate ), _("MMap"), false) - ), - `HBox( - `PushButton(`id(`cancel), Label::CancelButton() ), - `PushButton(`id(`save), Label::SaveButton() ) - ) - ) - ); - - integer isall = search( myMode, "All"); - if ( isall != nil && isall >= 0 ) { - UI::ChangeWidget(`id(`clear), `Value, false); - UI::ChangeWidget(`id(`read), `Value, true); - UI::ChangeWidget(`id(`write), `Value, true); - UI::ChangeWidget(`id(`link), `Value, true); - UI::ChangeWidget(`id(`exec), `Value, true); - UI::ChangeWidget(`id(`mmap), `Value, true); - } else { - if ( search( myMode, "r") != nil ) { - UI::ChangeWidget(`id(`clear), `Value, false); - UI::ChangeWidget(`id(`read), `Value, true); - } - if ( search( myMode, "w") != nil ) { - UI::ChangeWidget(`id(`clear), `Value, false); - UI::ChangeWidget(`id(`write), `Value, true); - } - if ( search( myMode, "l") != nil ) { - UI::ChangeWidget(`id(`clear), `Value, false); - UI::ChangeWidget(`id(`link), `Value, true); - } - if ( search( myMode, "x") != nil ) { - UI::ChangeWidget(`id(`clear), `Value, false); - UI::ChangeWidget(`id(`exec), `Value, true); - } - if ( search( myMode, "m") != nil ) { - UI::ChangeWidget(`id(`clear), `Value, false); - UI::ChangeWidget(`id(`mmap), `Value, true); - } - } - - string mode = ""; - map event = $[]; - any id = nil; - - while( true ) { - - event = UI::WaitForEvent(); - id = event["ID"]:nil; // We'll need this often - cache it - - if ( id == `clear) { - - if ( UI::QueryWidget(`id(`clear), `Value) == true ) { - UI::ChangeWidget(`id(`read), `Value, false); - UI::ChangeWidget(`id(`write), `Value, false); - UI::ChangeWidget(`id(`link), `Value, false); - UI::ChangeWidget(`id(`exec), `Value, false); - UI::ChangeWidget(`id(`mmap), `Value, false); - mode = "All"; - } - - } else if ( id == `read || id == `write || id == `link || id == `exec || id == `mmap ) { - - if ( UI::QueryWidget(`id(`read), `Value) == true ) { - UI::ChangeWidget(`id(`clear), `Value, false); - } else if ( UI::QueryWidget(`id(`write), `Value) == true ) { - UI::ChangeWidget(`id(`clear), `Value, false); - } else if ( UI::QueryWidget(`id(`link), `Value) == true ) { - UI::ChangeWidget(`id(`clear), `Value, false); - } else if ( UI::QueryWidget(`id(`exec), `Value) == true ) { - UI::ChangeWidget(`id(`clear), `Value, false); - } else if ( UI::QueryWidget(`id(`mmap), `Value) == true ) { - UI::ChangeWidget(`id(`link), `Value, false); - } - - } else if ( id == `abort || id == `cancel || id == `close) { - mode = myMode; - break; - } else if ( id == `save ) { - - if ( UI::QueryWidget(`id(`clear), `Value) == true ) { - mode = "All"; - } else { - list sdList = []; - if ( UI::QueryWidget(`id(`read), `Value) == true ) { sdList = add(sdList, "r"); } - if ( UI::QueryWidget(`id(`write), `Value) == true ) { sdList = add(sdList, "w"); } - if ( UI::QueryWidget(`id(`link), `Value) == true ) { sdList = add(sdList, "l"); } - if ( UI::QueryWidget(`id(`exec), `Value) == true ) { sdList = add(sdList, "x"); } - if ( UI::QueryWidget(`id(`mmap), `Value) == true ) { sdList = add(sdList, "m"); } - - foreach ( string perm, sdList, { mode = mode + perm; }); - } - - break; - } - } - - UI::CloseDialog(); - return mode; -} - -// Access Type - SD Mode -define string popUpSdMode() { - - string checkMode = (string) UI::QueryWidget(`id(`sdmode), `Label); - checkMode = filterchars(checkMode, "APRl"); - list splitMode = splitstring (checkMode, " "); - string mySdMode = splitMode[size(splitMode)-1]:"R"; - - UI::OpenDialog( - `VBox( - `HBox( - `CheckBox(`id(`clear), `opt(`notify, `immediate ), _("All"), false), - `CheckBox(`id(`permit), `opt(`notify, `immediate ), _("Permit"), false), - `CheckBox(`id(`reject),`opt(`notify, `immediate ), _("Reject"), false), - `CheckBox(`id(`audit),`opt(`notify, `immediate ), _("Audit"), false) - ), - `HBox( - `PushButton(`id(`cancel), `opt(`notify), Label::CancelButton() ), - `PushButton(`id(`save), `opt(`notify), Label::SaveButton() ) - ) - ) - ); - - if ( mySdMode == "P") { - UI::ChangeWidget(`id(`clear), `Value, false); - UI::ChangeWidget(`id(`permit), `Value, true); - - } else if ( mySdMode == "R") { - UI::ChangeWidget(`id(`clear), `Value, false); - UI::ChangeWidget(`id(`reject), `Value, true); - - } else if ( mySdMode == "A") { - UI::ChangeWidget(`id(`clear), `Value, false); - UI::ChangeWidget(`id(`audit), `Value, true); - - } else if ( mySdMode == "PR" ) { - UI::ChangeWidget(`id(`clear), `Value, false); - UI::ChangeWidget(`id(`permit), `Value, true); - UI::ChangeWidget(`id(`reject), `Value, true); - - } else if (mySdMode == "PA" ) { - UI::ChangeWidget(`id(`clear), `Value, false); - UI::ChangeWidget(`id(`permit), `Value, true); - UI::ChangeWidget(`id(`audit), `Value, true); - - } else if (mySdMode == "PRA" ) { - UI::ChangeWidget(`id(`clear), `Value, false); - UI::ChangeWidget(`id(`permit), `Value, true); - UI::ChangeWidget(`id(`reject), `Value, true); - UI::ChangeWidget(`id(`audit), `Value, true); - - } else if (mySdMode == "RA" ) { - UI::ChangeWidget(`id(`clear), `Value, false); - UI::ChangeWidget(`id(`reject), `Value, true); - UI::ChangeWidget(`id(`audit), `Value, true); - } else if ( mySdMode == "All" ) { - UI::ChangeWidget(`id(`clear), `Value, true); - UI::ChangeWidget(`id(`permit), `Value, false); - UI::ChangeWidget(`id(`reject), `Value, false); - UI::ChangeWidget(`id(`audit), `Value, false); - } - - string sdMode = ""; - map event = $[]; - any id = nil; - - while( true ) { - - event = UI::WaitForEvent(); - id = event["ID"]:nil; - - if ( id == `clear) { - - if ( UI::QueryWidget(`id(`clear), `Value) == true ) { - UI::ChangeWidget(`id(`permit), `Value, false); - UI::ChangeWidget(`id(`reject), `Value, false); - UI::ChangeWidget(`id(`audit), `Value, false); - sdMode = "All"; - } - - } else if ( id == `permit || id == `reject || id == `audit ) { - - if ( UI::QueryWidget(`id(`permit), `Value) == true ) { - UI::ChangeWidget(`id(`clear), `Value, false); - } else if ( UI::QueryWidget(`id(`reject), `Value) == true ) { - UI::ChangeWidget(`id(`clear), `Value, false); - } else if ( UI::QueryWidget(`id(`audit), `Value) == true ) { - UI::ChangeWidget(`id(`clear), `Value, false); - } - - } else if ( id == `cancel ) { - - sdMode = mySdMode; - break; - - } else if ( id == `save ) { - - if ( UI::QueryWidget(`id(`clear), `Value) == true ) { - sdMode = "All"; - } else { - sdMode = ""; - list mList = []; - if ( UI::QueryWidget(`id(`permit), `Value) == true ) { mList = add(mList, "P"); } - if ( UI::QueryWidget(`id(`reject), `Value) == true ) { mList = add(mList, "R"); } - if ( UI::QueryWidget(`id(`audit), `Value) == true ) { mList = add(mList, "A"); } - - foreach ( string state, mList, { sdMode = sdMode + state; }); - } - - break; - } - - } - - UI::CloseDialog(); - return sdMode; -} - -/* For On Demand Reports - - Returns list of terms corresponding to the type of report -***********************************************************************/ -define list getReportList(string type, map Settings) { - - list reportList = []; - - if ( type == "aud" ) { - - list db = (list ) SCR::Read (.reports_confined, Settings); - integer key = 1; - - foreach ( map repdata, db, { - reportList = add( reportList, `item( `id(key), repdata["host"]:nil, repdata["date"]:nil, - repdata["prog"]:nil, repdata["prof"]:nil, repdata["pid"]:nil, repdata["state"]:nil, - repdata["type"]:nil )); - key = key + 1; - }); - - } else if ( type == "ess" ) { - - list db = (list ) SCR::Read (.reports_ess, Settings); - integer key = 1; - - foreach ( map repdata, db, { - reportList = add( reportList, `item( `id(key), repdata["host"]:nil, - repdata["startdate"]:nil, repdata["enddate"]:nil, repdata["numRejects"]:nil, - repdata["numEvents"]:nil, repdata["sevMean"]:nil, repdata["sevHi"]:nil )); - key = key + 1; - }); - - } else { - - list db = (list ) SCR::Read (.logparse, Settings); - integer key = 0; - - foreach ( map record, db, { - reportList = add( reportList, `item( `id(key), - record["host"]:nil, record["date"]:nil, record["prog"]:nil, - record["profile"]:nil, record["pid"]:nil, record["severity"]:nil, - record["mode_req"]:nil, record["mode_deny"]:nil, - record["resource"]:nil, record["sdmode"]:nil, record["op"]:nil, - record["attr"]:nil, record["name_alt"]:nil, record["net_family"]:nil, - record["net_proto"]:nil, record["net_socktype"]:nil - )); - key = key + 1; - }); - - } - - return reportList; -} - -} --- a/src/include/subdomain/sd-config.ycp +++ /dev/null @@ -1,415 +0,0 @@ -/* ------------------------------------------------------------------ -* -* Copyright (C) 2002-2005 Novell/SUSE -* -* This program is free software; you can redistribute it and/or -* modify it under the terms of version 2 of the GNU General Public -* License published by the Free Software Foundation. -* - ------------------------------------------------------------------*/ -{ -include "subdomain/config_complain.ycp"; -include "subdomain/helps.ycp"; -include "subdomain/apparmor_ycp_utils.ycp"; -textdomain "yast2-apparmor"; - -import "Label"; - -define boolean changeAppArmorState(boolean aaEnabled) { - - any error = nil; - string sdAction = ""; - - if (aaEnabled == true) { - sdAction = "subdomain:enable"; - } else { - sdAction = "subdomain:disable"; - } - - error = SCR::Execute(.sdconf, sdAction); - - if ( error != nil && is(error, string) ) { - - string errorMsg = (string) error; - string popError = _("This operation generated the following error. Please check your installation and AppArmor profile settings."); - Popup::Message( popError+ "\n[" + errorMsg + "]"); - aaEnabled = ! aaEnabled; - - } - - return aaEnabled; -} - -define void displayNotifyForm() { - - map settings = (map) SCR::Execute(.subdomain, "sd-notify-settings"); - - map terse = settings["terse"]:$[]; - map summary = settings["summary"]:$[]; - map verbose = settings["verbose"]:$[]; - - any t_freq = terse["terse_freq"]:0; - any s_freq = summary["summary_freq"]:0; - any v_freq = verbose["verbose_freq"]:0; - - boolean t_unknown = true; - any a_t_poop = (any) terse["terse_unknown"]:"1"; - string t_poop = tostring(a_t_poop); - if(t_poop == "0") { - t_unknown = false; - } - - boolean s_unknown = true; - any a_s_poop = terse["summary_unknown"]:"1"; - string s_poop = tostring(a_s_poop); - if(s_poop == "0") { - s_unknown = false; - } - - boolean v_unknown = true; - any a_v_poop = verbose["verbose_unknown"]:"1"; - string v_poop = tostring(a_v_poop); - if(v_poop == "0") { - v_unknown = false; - } - - list terse_items = [ - `item(`id(0), _("Disabled"), t_freq==0?true:false), - `item(`id(60), _("1 minute"), t_freq==60?true:false), - `item(`id(300), _("5 minutes"), t_freq==300?true:false), - `item(`id(600), _("10 minutes"), t_freq==600?true:false), - `item(`id(900), _("15 minutes"), t_freq==900?true:false), - `item(`id(1800), _("30 minutes"), t_freq==1800?true:false), - `item(`id(3600), _("1 hour"), t_freq==3600?true:false), - `item(`id(86400), _("1 day"), t_freq==86400?true:false), - `item(`id(604800), _("1 week"), t_freq==604800?true:false) - ]; - - list summary_items = [ - `item(`id(0), _("Disabled"), s_freq==0?true:false), - `item(`id(60), _("1 minute"), s_freq==60?true:false), - `item(`id(300), _("5 minutes"), s_freq==300?true:false), - `item(`id(600), _("10 minutes"), s_freq==600?true:false), - `item(`id(900), _("15 minutes"), s_freq==900?true:false), - `item(`id(1800), _("30 minutes"), s_freq==1800?true:false), - `item(`id(3600), _("1 hour"), s_freq==3600?true:false), - `item(`id(86400), _("1 day"), s_freq==86400?true:false), - `item(`id(604800), _("1 week"), s_freq==604800?true:false) - ]; - - list verbose_items = [ - `item(`id(0), _("Disabled"), v_freq==0?true:false), - `item(`id(60), _("1 minute"), v_freq==60?true:false), - `item(`id(300), _("5 minutes"), v_freq==300?true:false), - `item(`id(600), _("10 minutes"), v_freq==600?true:false), - `item(`id(900), _("15 minutes"), v_freq==900?true:false), - `item(`id(1800), _("30 minutes"), v_freq==1800?true:false), - `item(`id(3600), _("1 hour"), v_freq==3600?true:false), - `item(`id(86400), _("1 day"), v_freq==86400?true:false), - `item(`id(604800), _("1 week"), v_freq==604800?true:false) - ]; - - - term event_config = `HVCenter(`VBox(`opt(`vstretch), - `Frame( _("Security Event Notification"), - `HBox(`HSpacing(1), - `VBox(`opt(`vstretch), - `VSpacing(1), - `Frame( _("Terse Notification"), - `VBox(`opt(`vstretch), - `HBox( - `ComboBox(`id(`terse_freq), _("Frequency"), terse_items), - `TextEntry(`id(`terse_email), _("Email Address"), terse["terse_email"]:""), - `IntField(`id(`terse_level), _("Severity"), 0,10, terse["terse_level"]:0) - ), - `HBox( - `CheckBox( `id(`terse_unknown), _("Include Unknown Severity Events"), t_unknown) - ) - ) - ), - `VSpacing(1), - `Frame( _("Summary Notification"), - `VBox(`opt(`vstretch), - `HBox( - `ComboBox(`id(`summary_freq), _("Frequency"), summary_items), - `TextEntry(`id(`summary_email), _("Email Address"), summary["summary_email"]:""), - `IntField(`id(`summary_level), _("Severity"), 0,10, summary["summary_level"]:0) - ), - `HBox( - `CheckBox( `id(`summary_unknown), _("Include Unknown Severity Events"), s_unknown) - ) - ) - ), - `VSpacing(1), - `Frame( _("Verbose Notification"), - `VBox(`opt(`vstretch), - `HBox( - `ComboBox(`id(`verbose_freq), _("Frequency"), verbose_items), - `TextEntry(`id(`verbose_email), _("Email Address"), verbose["verbose_email"]:""), - `IntField(`id(`verbose_level), _("Severity"), 0,10, verbose["verbose_level"]:0) - ), - `HBox( - `CheckBox( `id(`verbose_unknown), _("Include Unknown Severity Events"), v_unknown) - ) - ) - ), - `VSpacing(1) - ), - `HSpacing(1) - ) - ) - ) - ); - - Wizard::CreateDialog(); - Wizard::SetContentsButtons(_("Security Event Notification"), event_config, helps["EventNotifyHelpText"]:"", Label::BackButton(), Label::OKButton()); - Wizard::DisableBackButton(); - - any ntInput = nil; - string notifyLabelValue = ""; - - while( true ) { - ntInput = UI::UserInput(); - - if (ntInput == `next) { - - map answers = $[ ]; - map set_notify = $[ ]; - map summary = $[ ]; - map verbose = $[ ]; - map terse = $[ ]; - - t_freq = UI::QueryWidget(`id(`terse_freq), `Value); - s_freq = UI::QueryWidget(`id(`summary_freq), `Value); - v_freq = UI::QueryWidget(`id(`verbose_freq), `Value); - - set_notify["sd-set-notify"] = "yes"; - terse["terse_freq"] = tostring(t_freq); - summary["summary_freq"] = tostring(s_freq); - verbose["verbose_freq"] = tostring(v_freq); - - if (t_freq != 0) { - - string t_email = (string) UI::QueryWidget(`id(`terse_email), `Value); - - if ( t_email == nil || t_email == "" ) { - Popup::Error( _("An email address is required for each selected notification method.") ); - continue; - } else if ( ! checkEmailAddress( t_email ) ) { - continue; - } - - terse["enable_terse"] = "yes"; - terse["terse_email"] = (string) UI::QueryWidget(`id(`terse_email), `Value); - terse["terse_level"] = (string) tostring(UI::QueryWidget(`id(`terse_level), `Value)); - - boolean t_unknown = (boolean) UI::QueryWidget(`id(`terse_unknown), `Value); - - if (t_unknown == true) { - terse["terse_unknown"] = "1"; - } else { - terse["terse_unknown"] = "0"; - } - - } else { - terse["enable_terse"] = "no"; - } - - if (s_freq != 0) { - - string s_email = (string) UI::QueryWidget(`id(`summary_email), `Value); - if ( s_email == nil || s_email == "" ) { - Popup::Error( _("An email address is required for each selected notification method.") ); - continue; - } else if ( ! checkEmailAddress(s_email) ) { - continue; - } - - summary["enable_summary"] = "yes"; - summary["summary_email"] = (string) UI::QueryWidget(`id(`summary_email), `Value); - summary["summary_level"] = (string) tostring(UI::QueryWidget(`id(`summary_level), `Value)); - - boolean s_unknown = (boolean) UI::QueryWidget(`id(`summary_unknown), `Value); - - if (s_unknown == true) { - summary["summary_unknown"] = "1"; - } else { - summary["summary_unknown"] = "0"; - } - - } else { - summary["enable_summary"] = "no"; - } - - if (v_freq != 0) { - string v_email = (string) UI::QueryWidget(`id(`verbose_email), `Value); - if ( v_email == nil || v_email == "" ) { - Popup::Error( _("An email address is required for each selected notification method.") ); - continue; - } else if (! checkEmailAddress(v_email) ) { - continue; - } - - verbose["enable_verbose"] = "yes"; - verbose["verbose_email"] = (string) UI::QueryWidget(`id(`verbose_email), `Value); - verbose["verbose_level"] = (string) tostring(UI::QueryWidget(`id(`verbose_level), `Value)); - - boolean v_unknown = (boolean) UI::QueryWidget(`id(`verbose_unknown), `Value); - - if (v_unknown == true) { - verbose["verbose_unknown"] = "1"; - } else { - verbose["verbose_unknown"] = "0"; - } - } else { - verbose["enable_verbose"] = "no"; - } - - answers["set_notify"] = set_notify; - answers["terse"] = terse; - answers["summary"] = summary; - answers["verbose"] = verbose; - - string result = (string) SCR::Execute(.sdconf, answers); - - if (result != "success") { - Popup::Error( _("Configuration failed for the following operations: ") + result); - } - - if ( t_freq != 0 || s_freq != 0 || v_freq != 0 ) { - notifyLabelValue = _("Notification is enabled"); - } else { - notifyLabelValue = _("Notification is disabled"); - } - } - - Wizard::CloseDialog(); - if ( (ntInput == `ok) || (ntInput == `next) ) { - UI::ChangeWidget( `id(`notifyLabel), `Value, notifyLabelValue ); - } - break; - } - -} - -define symbol displayAppArmorConfig () { - - // AppArmor Status - boolean aaEnabled = false; - boolean ntIsEnabled = false; - string subdomain = (string) SCR::Execute(.subdomain, "sd-status"); - string sdEnStr = _("AppArmor is disabled"); - - if (subdomain == "enabled") { - aaEnabled = true; - sdEnStr = _("AppArmor is enabled"); - } - - // Notification Status - string evnotify = (string) SCR::Execute(.subdomain, "sd-notify"); - string evEnStr = _("Notification is disabled"); - if (evnotify == "enabled") { - ntIsEnabled = true; - evEnStr = _("Notification is enabled"); - } else if (evnotify == "notinstalled") { - evnotify = "disabled"; - } - - /* Network dialog caption */ - string caption = _("AppArmor Configuration"); - string help = _("

AppArmor Status
This reports whether the AppArmor policy enforcement -module is loaded and functioning.

") + - -_("

Security Event Notification
Configure this tool if you want -to be notified by email when access violations have occurred.

") + - -_("

Profile Modes
Use this tool to change the way that AppArmor -uses individual profiles.

"); - - term contents = - `HVCenter( - `VBox( - `VSpacing(1), `HSpacing(2), - `HBox ( - `HSpacing( `opt(`hstretch), 2 ), - `VBox( - `Left(`CheckBox( `id(`aaState), `opt(`notify), _("&Enable AppArmor"), aaEnabled)), - `VSpacing(1), - - `Frame( `id(`aaEnableFrame), _("Configure AppArmor"), - `HBox ( - `HSpacing( `opt(`hstretch), 4 ), - `VBox( - `VSpacing(1), - `Frame ( _("Security Event Notification"), - `HBox( - `VSpacing(1), `HSpacing(1), - `HVCenter( `Label( `id(`notifyLabel), evEnStr )), - `PushButton( `id(`ntconf), _("C&onfigure")), - `VSpacing(1), `HSpacing(1) - ) - ), - `VSpacing(1), `HSpacing(20), - - `Frame ( _("Configure Profile Modes"), - `HBox( - `VSpacing(1), `HSpacing(1), - `Left(`HVCenter( `Label( `id(`modesLabel), " " + _("Set profile modes") ))), - `PushButton( `id(`modeconf), _("Co&nfigure") ), - `VSpacing(1), `HSpacing(1) - ) - ), - `VSpacing(1) - ), - `HSpacing( `opt(`hstretch), 4 ) - ))), - `HSpacing( `opt(`hstretch), 2 ) - )) - ); - - // May want to replace Wizard() with UI() - Wizard::CreateDialog(); - Wizard::SetTitleIcon("apparmor/control_panel"); - Wizard::SetContentsButtons(caption, contents, help, Label::BackButton(), _("&Done")); - Wizard::DisableBackButton(); - - UI::ChangeWidget(`id(`aaEnableFrame), `Enabled, aaEnabled); - - while( true ) { - - symbol ret = (symbol) UI::UserInput(); - - if ( ret == `abort || ret == `cancel || ret == `next) { - break; - } else if (ret == `aaState ) { - - // Set AppArmor state: enabled|disabled - boolean requestedAaState = (boolean) UI::QueryWidget(`id(`aaState), `Value); - - aaEnabled = changeAppArmorState(requestedAaState); - - // These will match if the update was successful - if ( aaEnabled == requestedAaState ) { - UI::ChangeWidget(`id(`aaEnableFrame), `Enabled, aaEnabled); - } - - } else if (ret == `ntconf ) { - displayNotifyForm(); - - } else if (ret == `modeconf ) { - - profileModeConfigForm(); - - //displayAppArmorConfig(); - - } else { - y2error("Unexpected return code: " + tostring(ret)); - } - } - - UI::CloseDialog(); - return nil; -} - -/* EOF */ -} --- /dev/null +++ b/src/scrconf/aaconf.scr @@ -0,0 +1,20 @@ +/** + * File: + * subdomain.scr + * Summary: + * SCR Agent for configuring subdomain + * Access: + * read/write + * Authors: + * David Drewelow + * See: + * libscr + * Example: + * Read(.cron,$[..]) + * + * $Id: sdconf.scr 3715 2005-01-19 09:06:05Z sarnold $ + * + */ +.sdconf + +`ag_sd_config () --- /dev/null +++ b/src/scrconf/apparmor.scr @@ -0,0 +1,20 @@ +/** + * File: + * subdomain.scr + * Summary: + * SCR Agent for configuring subdomain + * Access: + * read/write + * Authors: + * David Drewelow + * See: + * libscr + * Example: + * Read(.cron,$[..]) + * + * $Id: subdomain.scr 3715 2005-01-19 09:06:05Z sarnold $ + * + */ +.subdomain + +`ag_subdomain () --- /dev/null +++ b/src/scrconf/apparmor_profiles.scr @@ -0,0 +1,53 @@ +/** + * File: + * target.scr + * Summary: + * SCR Agent for interfacing with (shell) commands of the target system + * and reading/writing files. + * Access: + * read/write/execute + * Authors: + * Unknown + * See: + * libscr + * man bash + * source/y2a_system/doc/systemagent.txt + * Example: + * Execute (.target.bash, "uname -a") + * (0) + ** + * Execute (.target.bash_output, "uname -a") + * ( + * $[ + * "exit":0, + * "stderr":"", + * "stdout":"Linux steiner 2.2.18 #1 Fri Jan 19 22:10:35 GMT 2001 i686 unknown\n" + * ] + * ) + ** + * Read(.target.dir, "/") + * (["usr", "tmp", "floppy", "var", "root", "opt", "home", "etc", ...]) + ** + * Write(.target.string, "/tmp/target.1", "Some Test\n") + * (true) + ** + * Read(.target.string, "/tmp/target.1") + * ("Some Test\n") + * + * $Id: subdomain_profiles.scr 3715 2005-01-19 09:06:05Z sarnold $ + * + *

The target-agent is used for various actions on the target system.

+ * + *

The Execute Interface can be used to execute some predefined commands + * like mount, umount, mkdir, remove, modprobe ... or arbitrary commands + * using the bash, bash_output or bash_background.

+ * + *

The Read and Write interface can be used to access the target + * filesystem, most prominent reading or writing whole files using the + * "string" subpath.

+ * + *

For more information see the agent's own documentation.

+ */ +.subdomain_profiles + +`ag_subdomain_profiles () --- a/src/scrconf/sdconf.scr +++ /dev/null @@ -1,20 +0,0 @@ -/** - * File: - * subdomain.scr - * Summary: - * SCR Agent for configuring subdomain - * Access: - * read/write - * Authors: - * David Drewelow - * See: - * libscr - * Example: - * Read(.cron,$[..]) - * - * $Id: sdconf.scr 3715 2005-01-19 09:06:05Z sarnold $ - * - */ -.sdconf - -`ag_sd_config () --- a/src/scrconf/subdomain.scr +++ /dev/null @@ -1,20 +0,0 @@ -/** - * File: - * subdomain.scr - * Summary: - * SCR Agent for configuring subdomain - * Access: - * read/write - * Authors: - * David Drewelow - * See: - * libscr - * Example: - * Read(.cron,$[..]) - * - * $Id: subdomain.scr 3715 2005-01-19 09:06:05Z sarnold $ - * - */ -.subdomain - -`ag_subdomain () --- a/src/scrconf/subdomain_profiles.scr +++ /dev/null @@ -1,53 +0,0 @@ -/** - * File: - * target.scr - * Summary: - * SCR Agent for interfacing with (shell) commands of the target system - * and reading/writing files. - * Access: - * read/write/execute - * Authors: - * Unknown - * See: - * libscr - * man bash - * source/y2a_system/doc/systemagent.txt - * Example: - * Execute (.target.bash, "uname -a") - * (0) - ** - * Execute (.target.bash_output, "uname -a") - * ( - * $[ - * "exit":0, - * "stderr":"", - * "stdout":"Linux steiner 2.2.18 #1 Fri Jan 19 22:10:35 GMT 2001 i686 unknown\n" - * ] - * ) - ** - * Read(.target.dir, "/") - * (["usr", "tmp", "floppy", "var", "root", "opt", "home", "etc", ...]) - ** - * Write(.target.string, "/tmp/target.1", "Some Test\n") - * (true) - ** - * Read(.target.string, "/tmp/target.1") - * ("Some Test\n") - * - * $Id: subdomain_profiles.scr 3715 2005-01-19 09:06:05Z sarnold $ - * - *

The target-agent is used for various actions on the target system.

- * - *

The Execute Interface can be used to execute some predefined commands - * like mount, umount, mkdir, remove, modprobe ... or arbitrary commands - * using the bash, bash_output or bash_background.

- * - *

The Read and Write interface can be used to access the target - * filesystem, most prominent reading or writing whole files using the - * "string" subpath.

- * - *

For more information see the agent's own documentation.

- */ -.subdomain_profiles - -`ag_subdomain_profiles ()