rpm/yast2-apparmor
SHA256
1
0
Fork 0
forked from pool/yast2-apparmor
Code Pull Requests Activity
yast2-apparmor/yast2-apparmor-rename-files
Stephan Kulow 3c7246943b Accepting request 77735 from home:jeff_mahoney:branches:YaST:Head 
- Rename files to use proper AppArmor names and abbreviations
- Change code to reflect new names
  - Basic version needed to use newer perl-apparmor. This version
    gets rid of the old SubDomain names entirely.
- Move yast2-apparmor.desktop to apparmor.desktop


-- NOTE: Without (even a simple version of) these changes, yast2-apparmor
   doesn't work on openSUSE Factory. This is due to perl-apparmor renaming
   Immunix::Subdomain to Immunix::Apparmor, but this is the more complete fix.

OBS-URL: https://build.opensuse.org/request/show/77735
OBS-URL: https://build.opensuse.org/package/show/YaST:Head/yast2-apparmor?expand=0&rev=20
2011-09-05 11:59:48 +00:00

15604 lines
547 KiB
Plaintext
Raw Blame History

From: Jeff Mahoney <jeffm@suse.com>
Subject: yast2-apparmor: Rename old sd/SD/SubDomain filenames
AppArmor hasn't been known as SubDomain for many years. This patch
changes the files via the following script. It *only* renames the files
and the build will fail without the next patch which fixes the contents up.
mkdir -p src/include/apparmor
mv src/include/subdomain/* src/include/apparmor
for file in $(find [a-z]*); do
newfile=$(echo $file| sed -e 's/sd/aa/g' -e 's/subdomain/apparmor/g' -e 's/SD/AA/g')
if [ "$file" != "$newfile" ]; then
echo "$file -> $newfile"
mv $file $newfile
fi
done
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
src/agents/ag_aa_config | 148 +
src/agents/ag_apparmor | 112
src/agents/ag_apparmor_profiles | 153 +
src/agents/ag_sd_config | 148 -
src/agents/ag_subdomain | 112
src/agents/ag_subdomain_profiles | 153 -
src/clients/AA_AddProfile.ycp | 114
src/clients/AA_DeleteProfile.ycp | 91
src/clients/AA_EditProfile.ycp | 93
src/clients/AA_Report.ycp | 108
src/clients/SD_AddProfile.ycp | 114
src/clients/SD_DeleteProfile.ycp | 91
src/clients/SD_EditProfile.ycp | 93
src/clients/SD_Report.ycp | 108
src/clients/apparmor-settings.ycp | 72
src/clients/apparmor_no_impl.ycp | 20
src/clients/subdomain.ycp | 72
src/clients/subdomain_no_impl.ycp | 20
src/include/apparmor/Makefile.am | 19
src/include/apparmor/aa-config.ycp | 415 +++
src/include/apparmor/apparmor_packages.ycp | 30
src/include/apparmor/apparmor_profile_check.ycp | 52
src/include/apparmor/apparmor_ycp_utils.ycp | 679 +++++
src/include/apparmor/capabilities.ycp | 310 ++
src/include/apparmor/config_complain.ycp | 227 +
src/include/apparmor/helps.ycp | 219 +
src/include/apparmor/profile_dialogs.ycp | 1147 ++++++++
src/include/apparmor/report_helptext.ycp | 158 +
src/include/apparmor/reporting_archived_dialogs.ycp | 307 ++
src/include/apparmor/reporting_dialogues.ycp | 2513 +++++++++++++++++++
src/include/apparmor/reporting_utils.ycp | 609 ++++
src/include/subdomain/Makefile.am | 19
src/include/subdomain/Makefile.in | 412 ---
src/include/subdomain/apparmor_packages.ycp | 30
src/include/subdomain/apparmor_profile_check.ycp | 52
src/include/subdomain/apparmor_ycp_utils.ycp | 679 -----
src/include/subdomain/capabilities.ycp | 310 --
src/include/subdomain/config_complain.ycp | 227 -
src/include/subdomain/helps.ycp | 219 -
src/include/subdomain/profile_dialogs.ycp | 1147 --------
src/include/subdomain/report_helptext.ycp | 158 -
src/include/subdomain/reporting_archived_dialogs.ycp | 307 --
src/include/subdomain/reporting_dialogues.ycp | 2513 -------------------
src/include/subdomain/reporting_utils.ycp | 609 ----
src/include/subdomain/sd-config.ycp | 415 ---
src/scrconf/aaconf.scr | 20
src/scrconf/apparmor.scr | 20
src/scrconf/apparmor_profiles.scr | 53
src/scrconf/sdconf.scr | 20
src/scrconf/subdomain.scr | 20
src/scrconf/subdomain_profiles.scr | 53
51 files changed, 7689 insertions(+), 8101 deletions(-)
--- /dev/null
+++ b/src/agents/ag_aa_config
@@ -0,0 +1,148 @@
+#!/usr/bin/perl
+
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+################################################################################
+# ag_sd_config
+################################################################################
+
+use strict;
+use ycp;
+use Data::Dumper;
+
+use Immunix::Notify;
+use Immunix::Reports;
+
+# Subroutines
+################################################################################
+sub setSubdomain {
+
+ my $action = shift;
+ my $errmsg = "";
+ my $lines = 0;
+ if ($action eq "enable") {
+ if (-e "/sbin/rcapparmor") {
+ open(RUN, "/sbin/rcapparmor start 2>&1 |");
+ } else {
+ open(RUN, "/sbin/rcsubdomain start 2>&1 |");
+ }
+ while (<RUN>) {
+ if (/FATAL:(.*)/) {
+ $errmsg = $1;
+ }
+ }
+ close(RUN);
+ if (-f "/etc/init.d/boot.apparmor") {
+ system("/sbin/insserv boot.apparmor");
+ } else {
+ system("/sbin/insserv boot.subdomain");
+ }
+ if (-f "/etc/init.d/aaeventd") {
+ system("/sbin/rcaaeventd start");
+ system("/sbin/insserv aaeventd");
+ }
+ } else {
+ if (-e "/sbin/rcapparmor") {
+ open(RUN, "/sbin/rcapparmor stop 2>&1 |");
+ } else {
+ open(RUN, "/sbin/rcsubdomain stop 2>&1 |");
+ }
+ while (<RUN>) {
+ if (/FATAL:(.*)/) {
+ $errmsg = $1;
+ }
+ }
+ close(RUN);
+ if (-f "/etc/init.d/boot.apparmor") {
+ system("/sbin/insserv -r boot.apparmor");
+ } else {
+ system("/sbin/insserv -r boot.subdomain");
+ }
+ if (-f "/etc/init.d/aaeventd") {
+ system("/sbin/rcaaeventd stop");
+ system("/sbin/insserv -r aaeventd");
+ }
+ }
+ return $errmsg;
+}
+
+sub setNotify {
+
+ my $action = shift;
+
+ return 0;
+}
+
+sub setLearningMode {
+
+ my $action = shift;
+ my $rcscript = -f "/sbin/rcapparmor" ? "/sbin/rcapparmor"
+ : "/sbin/rcsubdomain";
+
+ if ($action eq "enable") {
+ system("$rcscript", "stop");
+ system("$rcscript", "complain");
+ } else {
+ system("$rcscript". "stop");
+ system("$rcscript", "start");
+ }
+
+ return 0;
+}
+
+# Main
+################################################################################
+
+
+while ( <STDIN> ) {
+
+ my ($command, $path, $argument) = ycp::ParseCommand ($_);
+
+ my $result = undef;
+ my $action = undef;
+
+ if ( $command && $path && $argument ) {
+
+ if (ref($argument) eq "HASH" && $argument->{"set_notify"}) {
+ my ($ntSettings, $result) = Immunix::Notify::sanitize($argument);
+
+ if ($result ne "success") {
+ ycp::Return($result);
+ next;
+ } else {
+ $result = Immunix::Notify::setNotifySettings($ntSettings);
+ ycp::Return($result);
+ next;
+ }
+ }
+
+ ($action) = (split(/:/, $argument))[1];
+
+ if ( $argument =~ /subdomain/ ) {
+ $result = setSubdomain($action);
+ } elsif ( $argument =~ /learning/ ) {
+ setLearningMode($action);
+ } elsif ( $argument eq 'sd-notify') {
+ setNotify($action);
+ }
+
+ if ( $result ) {
+ ycp::Return( $result );
+ } else {
+ ycp::Return("true");
+ }
+ }
+}
+
+exit 0;
+
+
+
--- /dev/null
+++ b/src/agents/ag_apparmor
@@ -0,0 +1,112 @@
+#!/usr/bin/perl
+
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+
+################################################################################
+# ag_subdomain
+#
+# Version 0.61
+################################################################################
+
+use strict;
+use ycp;
+use Data::Dumper;
+use Immunix::Notify;
+use Immunix::SubDomain;
+
+
+# Subroutines
+################################################################################
+
+sub getSubdomainStatus {
+
+ my $sdStatus = "disabled";
+
+ # Ok check that there are profiles loaded to
+ # determine status
+ my $mountpoint = Immunix::SubDomain::check_for_subdomain();
+ if ( $mountpoint ) {
+ open( PROFILES, "cat $mountpoint/profiles|" );
+ while (<PROFILES>) {
+ # Ensure we have loaded profiles
+ # not just a loaded module
+ if ( /\// ) {
+ $sdStatus = "enabled";
+ last;
+ }
+ }
+ close PROFILES;
+ }
+ return $sdStatus;
+}
+
+sub profileSyntaxCheck {
+ my $errlist = [];
+ Immunix::SubDomain::checkIncludeSyntax($errlist);
+ Immunix::SubDomain::checkProfileSyntax($errlist);
+ my @errlist = Immunix::SubDomain::uniq(@$errlist);
+ return \@errlist;
+}
+
+
+# Main
+################################################################################
+
+while ( <STDIN> ) {
+ my ($command, $path, $argument) = ycp::ParseCommand($_);
+
+ my $result = undef;
+ my $donereturn = 0;
+ if ( $command && $path && $argument ) {
+ if ( $argument eq 'sd-all') {
+ my %hResult = ''; # hashed result, duh
+ $hResult{'sd-status'} = getSubdomainStatus();
+ $hResult{'sd-notify'} = Immunix::Notify::getNotifyStatus();
+ #ycp::ycpReturnHashAsMap( %hResult );
+ ycp::Return( %hResult );
+ $donereturn = 1;
+ } elsif ( $argument eq 'sd-status') {
+ $result = getSubdomainStatus();
+ } elsif ( $argument eq 'sd-notify') {
+ $result = Immunix::Notify::getNotifyStatus();
+ } elsif ( $command eq "Read" and $argument eq 'custom-includes') {
+ my $cfg = Immunix::SubDomain::read_config("logprof.conf");
+ my @ret = split(' ', $cfg->{settings}{custom_includes});
+ ycp::ycpReturn(\@ret);
+ $donereturn = 1;
+ } elsif ( $command eq "Execute" and $argument eq 'profile-syntax-check') {
+ $result = profileSyntaxCheck();
+ ycp::ycpReturn($result);
+ $donereturn = 1;
+ } elsif ( $argument eq 'sd-notify-settings') {
+ $result = Immunix::Notify::getNotifySettings();
+ ycp::Return($result);
+ $donereturn = 1;
+ }
+ ycp::ycpReturnSkalarAsString( $result ) if ( ! $donereturn );
+ }
+ else {
+ #ycpGetCommand and ycpGetArgType is obsolete, we have those
+ #from ycp::ParseCommand
+ if ($command eq "result") {
+ exit 0;
+ } else {
+ $result = "Unknown instruction $command or argument: $argument\n";
+ ycp::ycpReturnSkalarAsString( $result );
+ }
+ }
+ print "\n";
+}
+exit 0;
+
+
+
--- /dev/null
+++ b/src/agents/ag_apparmor_profiles
@@ -0,0 +1,153 @@
+#!/usr/bin/perl
+
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+
+#####################################################################
+#
+# ag_subdomain_profiles - Immunix SCR agent for the
+# management of SubDomain profiles
+#
+#
+#####################################################################
+
+use strict;
+use ycp;
+
+use Immunix::SubDomain;
+
+################
+# Subroutines
+################
+
+{
+
+sub newprofile {
+ my $filename = shift;
+ system("/usr/sbin/autodep $filename > /dev/null 2>&1");
+ system("/usr/sbin/enforce $filename > /dev/null 2>&1");
+ return;
+}
+
+# ###############################################################################
+#
+# YCP <-> SCR Commands:
+#
+# Command Path Argument Returns
+# ------- ---- -------- --------
+#
+# Read all hash containing all profiles
+#
+# Read .new pathtoprogram true/false (creates new profile)
+#
+# Write hash { true/false
+# PROFILE_NAME =>
+# pathtoprogram,
+# PROFILE_HASH =>
+# <hash containing the
+# profile defs>
+# }
+#
+# Write .delete pathtoprogram true/fale (deletes profile)
+#
+# Write .reload - true (reloads profiles)
+#
+#
+################################################################################
+
+
+while ( <STDIN> ) {
+
+ my ($command, $path, $argument) = ycp::ParseCommand ($_);
+ $argument = "NONE" if ( ! $argument );
+ ycp::y2debug ("DOM command: $command, path: $path, argument: $argument");
+
+ my $result = undef;
+ if ( $command && $path && $argument ) {
+ if ( $command eq "Read" and $argument eq "all") {
+ $UI_Mode = "yast";
+ Immunix::SubDomain::readprofiles();
+ ycp::Return( \%sd );
+ } elsif ( $command eq "Read" and $path eq ".new" ) {
+ my $pfname = getprofilefilename($argument);
+ if ( -e $pfname ) {
+ ycp::Return("false");
+ } else {
+ newprofile( $argument );
+ ycp::Return( "true" );
+ }
+ } elsif ( $command eq "Read" ) {
+ my $pfname = getprofilefilename($argument);
+ if ( -e $pfname ) {
+ $UI_Mode = "yast";
+ Immunix::SubDomain::readprofiles();
+ ycp::Return( $sd{$argument} );
+ } else {
+ ycp::Return( "false" );
+ }
+ } elsif ( $command eq "Read") {
+ $UI_Mode = "yast";
+ Immunix::SubDomain::readprofile("$profiledir/$argument",
+ \&$Immunix::SubDomain::fatal_error, 1);
+ ycp::Return( \%sd );
+ } elsif ( $command eq "Write" and $path eq ".delete") {
+ if ( $argument ne "" ) {
+ my $profilefile = getprofilefilename( $argument );
+ if ( -e $profilefile ) {
+ unlink( $profilefile );
+ }
+ ycp::Return( "true" );
+ } else {
+ ycp::Return( "false" );
+ }
+ } elsif ( $command eq "Write" and $path eq ".reload") {
+ $result = system("/sbin/rcsubdomain reload > /dev/null 2>&1");
+ ycp::Return( "true" );
+ } elsif ( $command eq "Write") {
+ if ( (ref($argument) eq "HASH") ) {
+ my $profilename = "";
+ $profilename = $$argument{"PROFILE_NAME"};
+ my $ref = $$argument{"PROFILE_HASH"};
+ my %profiles = ();
+ $profiles{$profilename} = $ref;
+ if ( (ref($ref) eq "HASH") ) {
+ %sd = %profiles;
+ $UI_Mode = "yast";
+ $result = Immunix::SubDomain::writeprofile($profilename);
+ } else {
+ ycp::Return( "false" );
+ }
+ ycp::Return( "true" );
+ }
+ } elsif ( $command eq "Execute") {
+ if ( $path eq '.mode_to_string') {
+ my $ret = Immunix::SubDomain::mode_to_str( $argument );
+ ycp::Return($ret);
+ }
+ elsif ($path eq '.string_to_mode') {
+ my $ret = Immunix::SubDomain::str_to_mode( $argument );
+ ycp::Return($ret);
+ }
+ } else {
+ #ycpGetCommand and ycpGetArgType is obsolete, we have those
+ #from ycp::ParseCommand
+ if ($command eq "result") {
+ exit 0;
+ } else {
+ $result = "Unknown instruction $command or argument: $argument\n";
+ ycp::Return( $result );
+ }
+ }
+}
+}
+exit 0;
+}
+
--- a/src/agents/ag_sd_config
+++ /dev/null
@@ -1,148 +0,0 @@
-#!/usr/bin/perl
-
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-################################################################################
-# ag_sd_config
-################################################################################
-
-use strict;
-use ycp;
-use Data::Dumper;
-
-use Immunix::Notify;
-use Immunix::Reports;
-
-# Subroutines
-################################################################################
-sub setSubdomain {
-
- my $action = shift;
- my $errmsg = "";
- my $lines = 0;
- if ($action eq "enable") {
- if (-e "/sbin/rcapparmor") {
- open(RUN, "/sbin/rcapparmor start 2>&1 |");
- } else {
- open(RUN, "/sbin/rcsubdomain start 2>&1 |");
- }
- while (<RUN>) {
- if (/FATAL:(.*)/) {
- $errmsg = $1;
- }
- }
- close(RUN);
- if (-f "/etc/init.d/boot.apparmor") {
- system("/sbin/insserv boot.apparmor");
- } else {
- system("/sbin/insserv boot.subdomain");
- }
- if (-f "/etc/init.d/aaeventd") {
- system("/sbin/rcaaeventd start");
- system("/sbin/insserv aaeventd");
- }
- } else {
- if (-e "/sbin/rcapparmor") {
- open(RUN, "/sbin/rcapparmor stop 2>&1 |");
- } else {
- open(RUN, "/sbin/rcsubdomain stop 2>&1 |");
- }
- while (<RUN>) {
- if (/FATAL:(.*)/) {
- $errmsg = $1;
- }
- }
- close(RUN);
- if (-f "/etc/init.d/boot.apparmor") {
- system("/sbin/insserv -r boot.apparmor");
- } else {
- system("/sbin/insserv -r boot.subdomain");
- }
- if (-f "/etc/init.d/aaeventd") {
- system("/sbin/rcaaeventd stop");
- system("/sbin/insserv -r aaeventd");
- }
- }
- return $errmsg;
-}
-
-sub setNotify {
-
- my $action = shift;
-
- return 0;
-}
-
-sub setLearningMode {
-
- my $action = shift;
- my $rcscript = -f "/sbin/rcapparmor" ? "/sbin/rcapparmor"
- : "/sbin/rcsubdomain";
-
- if ($action eq "enable") {
- system("$rcscript", "stop");
- system("$rcscript", "complain");
- } else {
- system("$rcscript". "stop");
- system("$rcscript", "start");
- }
-
- return 0;
-}
-
-# Main
-################################################################################
-
-
-while ( <STDIN> ) {
-
- my ($command, $path, $argument) = ycp::ParseCommand ($_);
-
- my $result = undef;
- my $action = undef;
-
- if ( $command && $path && $argument ) {
-
- if (ref($argument) eq "HASH" && $argument->{"set_notify"}) {
- my ($ntSettings, $result) = Immunix::Notify::sanitize($argument);
-
- if ($result ne "success") {
- ycp::Return($result);
- next;
- } else {
- $result = Immunix::Notify::setNotifySettings($ntSettings);
- ycp::Return($result);
- next;
- }
- }
-
- ($action) = (split(/:/, $argument))[1];
-
- if ( $argument =~ /subdomain/ ) {
- $result = setSubdomain($action);
- } elsif ( $argument =~ /learning/ ) {
- setLearningMode($action);
- } elsif ( $argument eq 'sd-notify') {
- setNotify($action);
- }
-
- if ( $result ) {
- ycp::Return( $result );
- } else {
- ycp::Return("true");
- }
- }
-}
-
-exit 0;
-
-
-
--- a/src/agents/ag_subdomain
+++ /dev/null
@@ -1,112 +0,0 @@
-#!/usr/bin/perl
-
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-
-################################################################################
-# ag_subdomain
-#
-# Version 0.61
-################################################################################
-
-use strict;
-use ycp;
-use Data::Dumper;
-use Immunix::Notify;
-use Immunix::SubDomain;
-
-
-# Subroutines
-################################################################################
-
-sub getSubdomainStatus {
-
- my $sdStatus = "disabled";
-
- # Ok check that there are profiles loaded to
- # determine status
- my $mountpoint = Immunix::SubDomain::check_for_subdomain();
- if ( $mountpoint ) {
- open( PROFILES, "cat $mountpoint/profiles|" );
- while (<PROFILES>) {
- # Ensure we have loaded profiles
- # not just a loaded module
- if ( /\// ) {
- $sdStatus = "enabled";
- last;
- }
- }
- close PROFILES;
- }
- return $sdStatus;
-}
-
-sub profileSyntaxCheck {
- my $errlist = [];
- Immunix::SubDomain::checkIncludeSyntax($errlist);
- Immunix::SubDomain::checkProfileSyntax($errlist);
- my @errlist = Immunix::SubDomain::uniq(@$errlist);
- return \@errlist;
-}
-
-
-# Main
-################################################################################
-
-while ( <STDIN> ) {
- my ($command, $path, $argument) = ycp::ParseCommand($_);
-
- my $result = undef;
- my $donereturn = 0;
- if ( $command && $path && $argument ) {
- if ( $argument eq 'sd-all') {
- my %hResult = ''; # hashed result, duh
- $hResult{'sd-status'} = getSubdomainStatus();
- $hResult{'sd-notify'} = Immunix::Notify::getNotifyStatus();
- #ycp::ycpReturnHashAsMap( %hResult );
- ycp::Return( %hResult );
- $donereturn = 1;
- } elsif ( $argument eq 'sd-status') {
- $result = getSubdomainStatus();
- } elsif ( $argument eq 'sd-notify') {
- $result = Immunix::Notify::getNotifyStatus();
- } elsif ( $command eq "Read" and $argument eq 'custom-includes') {
- my $cfg = Immunix::SubDomain::read_config("logprof.conf");
- my @ret = split(' ', $cfg->{settings}{custom_includes});
- ycp::ycpReturn(\@ret);
- $donereturn = 1;
- } elsif ( $command eq "Execute" and $argument eq 'profile-syntax-check') {
- $result = profileSyntaxCheck();
- ycp::ycpReturn($result);
- $donereturn = 1;
- } elsif ( $argument eq 'sd-notify-settings') {
- $result = Immunix::Notify::getNotifySettings();
- ycp::Return($result);
- $donereturn = 1;
- }
- ycp::ycpReturnSkalarAsString( $result ) if ( ! $donereturn );
- }
- else {
- #ycpGetCommand and ycpGetArgType is obsolete, we have those
- #from ycp::ParseCommand
- if ($command eq "result") {
- exit 0;
- } else {
- $result = "Unknown instruction $command or argument: $argument\n";
- ycp::ycpReturnSkalarAsString( $result );
- }
- }
- print "\n";
-}
-exit 0;
-
-
-
--- a/src/agents/ag_subdomain_profiles
+++ /dev/null
@@ -1,153 +0,0 @@
-#!/usr/bin/perl
-
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-
-#####################################################################
-#
-# ag_subdomain_profiles - Immunix SCR agent for the
-# management of SubDomain profiles
-#
-#
-#####################################################################
-
-use strict;
-use ycp;
-
-use Immunix::SubDomain;
-
-################
-# Subroutines
-################
-
-{
-
-sub newprofile {
- my $filename = shift;
- system("/usr/sbin/autodep $filename > /dev/null 2>&1");
- system("/usr/sbin/enforce $filename > /dev/null 2>&1");
- return;
-}
-
-# ###############################################################################
-#
-# YCP <-> SCR Commands:
-#
-# Command Path Argument Returns
-# ------- ---- -------- --------
-#
-# Read all hash containing all profiles
-#
-# Read .new pathtoprogram true/false (creates new profile)
-#
-# Write hash { true/false
-# PROFILE_NAME =>
-# pathtoprogram,
-# PROFILE_HASH =>
-# <hash containing the
-# profile defs>
-# }
-#
-# Write .delete pathtoprogram true/fale (deletes profile)
-#
-# Write .reload - true (reloads profiles)
-#
-#
-################################################################################
-
-
-while ( <STDIN> ) {
-
- my ($command, $path, $argument) = ycp::ParseCommand ($_);
- $argument = "NONE" if ( ! $argument );
- ycp::y2debug ("DOM command: $command, path: $path, argument: $argument");
-
- my $result = undef;
- if ( $command && $path && $argument ) {
- if ( $command eq "Read" and $argument eq "all") {
- $UI_Mode = "yast";
- Immunix::SubDomain::readprofiles();
- ycp::Return( \%sd );
- } elsif ( $command eq "Read" and $path eq ".new" ) {
- my $pfname = getprofilefilename($argument);
- if ( -e $pfname ) {
- ycp::Return("false");
- } else {
- newprofile( $argument );
- ycp::Return( "true" );
- }
- } elsif ( $command eq "Read" ) {
- my $pfname = getprofilefilename($argument);
- if ( -e $pfname ) {
- $UI_Mode = "yast";
- Immunix::SubDomain::readprofiles();
- ycp::Return( $sd{$argument} );
- } else {
- ycp::Return( "false" );
- }
- } elsif ( $command eq "Read") {
- $UI_Mode = "yast";
- Immunix::SubDomain::readprofile("$profiledir/$argument",
- \&$Immunix::SubDomain::fatal_error, 1);
- ycp::Return( \%sd );
- } elsif ( $command eq "Write" and $path eq ".delete") {
- if ( $argument ne "" ) {
- my $profilefile = getprofilefilename( $argument );
- if ( -e $profilefile ) {
- unlink( $profilefile );
- }
- ycp::Return( "true" );
- } else {
- ycp::Return( "false" );
- }
- } elsif ( $command eq "Write" and $path eq ".reload") {
- $result = system("/sbin/rcsubdomain reload > /dev/null 2>&1");
- ycp::Return( "true" );
- } elsif ( $command eq "Write") {
- if ( (ref($argument) eq "HASH") ) {
- my $profilename = "";
- $profilename = $$argument{"PROFILE_NAME"};
- my $ref = $$argument{"PROFILE_HASH"};
- my %profiles = ();
- $profiles{$profilename} = $ref;
- if ( (ref($ref) eq "HASH") ) {
- %sd = %profiles;
- $UI_Mode = "yast";
- $result = Immunix::SubDomain::writeprofile($profilename);
- } else {
- ycp::Return( "false" );
- }
- ycp::Return( "true" );
- }
- } elsif ( $command eq "Execute") {
- if ( $path eq '.mode_to_string') {
- my $ret = Immunix::SubDomain::mode_to_str( $argument );
- ycp::Return($ret);
- }
- elsif ($path eq '.string_to_mode') {
- my $ret = Immunix::SubDomain::str_to_mode( $argument );
- ycp::Return($ret);
- }
- } else {
- #ycpGetCommand and ycpGetArgType is obsolete, we have those
- #from ycp::ParseCommand
- if ($command eq "result") {
- exit 0;
- } else {
- $result = "Unknown instruction $command or argument: $argument\n";
- ycp::Return( $result );
- }
- }
-}
-}
-exit 0;
-}
-
--- /dev/null
+++ b/src/clients/AA_AddProfile.ycp
@@ -0,0 +1,114 @@
+/* ------------------------------------------------------------------
+*
+* Copyright (C) 2002-2006 Novell/SUSE
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of version 2 of the GNU General Public
+* License published by the Free Software Foundation.
+*
+ ------------------------------------------------------------------*/
+{
+import "Wizard";
+import "Popup";
+import "Label";
+import "Sequencer";
+include "subdomain/apparmor_packages.ycp";
+include "subdomain/apparmor_profile_check.ycp";
+include "subdomain/profile_dialogs.ycp";
+textdomain "yast2-apparmor";
+
+// Globalz
+
+define boolean CreateNewProfile() {
+ string selectfilename = "";
+ while ( true ) {
+ selectfilename = UI::AskForExistingFile( "/", "", _("Select File To Generate A Profile for") );
+ // Check for cancel in the file choose dialog
+ if ( selectfilename == nil ) {
+ return false;
+ }
+ Settings["CURRENT_PROFILE"] = selectfilename;
+ boolean profile = (boolean) SCR::Read (.subdomain_profiles.new, selectfilename);
+ if ( profile == false && Popup::YesNoHeadline( _("Profile for ") + selectfilename + _(" already exists."), _("Would you like to open this profile in editing mode?") ) ) {
+ return true;
+ }
+ Settings["NEW_PROFILE"] = selectfilename;
+ return true;
+ }
+}
+
+
+
+//
+// Setup and run the Wizard
+//
+define any MainSequence() ``{
+
+ map profiles = nil;
+ map aliases = $[
+ "showprofile" : ``(DisplayProfileForm(Settings["CURRENT_PROFILE"]:"", false)),
+ "showHat" : ``(DisplayProfileForm(Settings["CURRENT_HAT"]:"", true))
+ ];
+
+ map sequence = $[
+ "ws_start" : "showprofile",
+ "showprofile" : $[
+ `abort : `abort,
+ `next : `finish,
+ `showhat : "showHat",
+ `finish : `finish,
+ ],
+ "showHat" : $[
+ `abort : `abort,
+ `next : "showprofile",
+ `finish : `next,
+ ]
+ ];
+
+ boolean created_new_profile = CreateNewProfile();
+ if ( created_new_profile == false ) {
+ remove( Settings, "NEW_PROFILE");
+ remove( Settings, "CURRENT_PROFILE");
+ return (any) `abort;
+ }
+ map new_profile = (map) SCR::Read (.subdomain_profiles, Settings["CURRENT_PROFILE"]:"" );
+ Settings["PROFILE_MAP"] = new_profile;
+ Wizard::CreateDialog();
+ Wizard::SetTitleIcon("apparmor_add_profile");
+ any ret = Sequencer::Run(aliases, sequence);
+ Wizard::CloseDialog();
+ if ( ret == `abort ) {
+ string profile_name = Settings["NEW_PROFILE"]:"";
+ any result = SCR::Write(.subdomain_profiles.delete, profile_name);
+ }
+ Settings = remove( Settings, "NEW_PROFILE");
+ Settings = remove( Settings, "CURRENT_PROFILE");
+ return ret;
+}
+
+
+
+//
+// YEAH BABY RUN BABY RUN
+//
+
+any ret = nil;
+
+// no command line support #269891
+if (size(WFM::Args()) > 0 )
+{
+ import "CommandLine";
+ CommandLine::Init($[], WFM::Args());
+ return ret;
+}
+
+if (!installAppArmorPackages()) {
+ return ret;
+}
+if (!checkProfileSyntax()) {
+ return ret;
+}
+ret = MainSequence();
+return ret;
+}
+
--- /dev/null
+++ b/src/clients/AA_DeleteProfile.ycp
@@ -0,0 +1,91 @@
+/* ------------------------------------------------------------------
+*
+* Copyright (C) 2002-2006 Novell/SUSE
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of version 2 of the GNU General Public
+* License published by the Free Software Foundation.
+*
+ ------------------------------------------------------------------*/
+{
+import "Wizard";
+import "Label";
+import "Popup";
+import "Sequencer";
+include "subdomain/apparmor_packages.ycp";
+include "subdomain/apparmor_profile_check.ycp";
+include "subdomain/profile_dialogs.ycp";
+textdomain "yast2-apparmor";
+
+// Globalz
+
+define any DeleteProfileConfirmation() {
+ string profilename = Settings["CURRENT_PROFILE"]:"";
+ if (Popup::YesNoHeadline( _("Delete profile confirmation"),
+ _("Are you sure you want to delete the profile ") + profilename +
+ _(" ?\nAfter this operation the AppArmor module will reload the profile set.") ) ) {
+ y2milestone("Deleted " + profilename );
+ boolean result = SCR::Write(.subdomain_profiles.delete, profilename);
+ any result2 = SCR::Write(.subdomain_profiles.reload, "-");
+ }
+ return `finish;
+}
+
+define any MainSequence() ``{
+
+//
+// Read the profiles from the SCR agent
+ map profiles = (map) SCR::Read (.subdomain_profiles, "all");
+
+ map aliases = $[
+ "chooseprofile" : ``(SelectProfileForm(profiles, _("Please make a
+ selection from the listed profiles and press Next to delete the profile."),
+ _("Delete Profile - Choose profile to delete"), "subdomain/delete_profile")),
+ "deleteprofile" : ``(DeleteProfileConfirmation()),
+ ];
+
+ map sequence = $[
+ "ws_start" : "chooseprofile",
+ "chooseprofile" : $[
+ `abort : `abort,
+ `next : "deleteprofile",
+ `finish : `next,
+ ],
+ ];
+
+ Wizard::CreateDialog();
+ Wizard::SetTitleIcon("apparmor_delete_profile");
+ any ret = Sequencer::Run(aliases, sequence);
+ Wizard::CloseDialog();
+ Settings = remove( Settings, "CURRENT_PROFILE");
+ Settings = remove( Settings, "PROFILE_MAP");
+ return ret;
+}
+
+
+
+//
+// YEAH BABY RUN BABY RUN
+//
+any ret = nil;
+
+// no command line support #269891
+if (size(WFM::Args()) > 0 )
+{
+ import "CommandLine";
+ CommandLine::Init($[], WFM::Args());
+ return ret;
+}
+
+if (!installAppArmorPackages()) {
+ return ret;
+}
+
+if (!checkProfileSyntax()) {
+ return true;
+}
+
+ret = MainSequence();
+return ret;
+}
+
--- /dev/null
+++ b/src/clients/AA_EditProfile.ycp
@@ -0,0 +1,93 @@
+/* ------------------------------------------------------------------
+*
+* Copyright (C) 2002-2006 Novell/SUSE
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of version 2 of the GNU General Public
+* License published by the Free Software Foundation.
+*
+ ------------------------------------------------------------------*/
+{
+import "Wizard";
+import "Popup";
+import "Label";
+import "Sequencer";
+include "subdomain/apparmor_packages.ycp";
+include "subdomain/apparmor_profile_check.ycp";
+include "subdomain/profile_dialogs.ycp";
+textdomain "yast2-apparmor";
+
+// Globalz
+
+
+
+define any MainSequence() ``{
+
+//
+// Read the profiles from the SCR agent
+ map profiles = (map) SCR::Read (.subdomain_profiles, "all");
+
+ map aliases = $[
+ "showProfile" : ``(DisplayProfileForm(Settings["CURRENT_PROFILE"]:"", false)),
+ "showHat" : ``(DisplayProfileForm(Settings["CURRENT_HAT"]:"", true)),
+ "chooseProfile" : ``(SelectProfileForm(profiles, _("Please make a selection from the listed profiles and press Next to edit the profile."), _("Edit Profile - Choose profile to edit"), "apparmor_edit_profile" )),
+
+ ];
+
+ map sequence = $[
+ "ws_start" : "chooseProfile",
+ "chooseProfile" : $[
+ `abort : `abort,
+ `next : "showProfile",
+ `finish : `next,
+ ],
+ "showProfile" : $[
+ `abort : `abort,
+ `next : `ws_finish,
+ `showhat : "showHat",
+ `finish : `next,
+ ],
+ "showHat" : $[
+ `abort : `abort,
+ `next : "showProfile",
+ `finish : `next,
+ ],
+ ];
+
+ Wizard::CreateDialog();
+ Wizard::SetTitleIcon("apparmor_edit_profile");
+ any ret = Sequencer::Run(aliases, sequence);
+ Wizard::CloseDialog();
+ Settings = remove( Settings, "CURRENT_PROFILE");
+ Settings = remove( Settings, "PROFILE_MAP");
+ return ret;
+}
+
+
+
+//
+// YEAH BABY RUN BABY RUN
+//
+any ret = nil;
+
+// no command line support #269891
+if (size(WFM::Args()) > 0 )
+{
+ import "CommandLine";
+ CommandLine::Init($[], WFM::Args());
+ return ret;
+}
+
+if (!installAppArmorPackages()) {
+ return ret;
+}
+
+if (!checkProfileSyntax()) {
+ return ret;
+}
+
+
+ret = MainSequence();
+return ret;
+}
+
--- /dev/null
+++ b/src/clients/AA_Report.ycp
@@ -0,0 +1,108 @@
+/* ------------------------------------------------------------------
+*
+* Copyright (C) 2002-2006 Novell/SUSE
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of version 2 of the GNU General Public
+* License published by the Free Software Foundation.
+*
+ ------------------------------------------------------------------*/
+{
+
+import "Wizard";
+import "Popup";
+import "Label";
+import "Sequencer";
+include "subdomain/apparmor_packages.ycp";
+include "subdomain/apparmor_profile_check.ycp";
+include "subdomain/reporting_dialogues.ycp";
+include "subdomain/report_helptext.ycp";
+textdomain "yast2-apparmor";
+
+// Globalz
+
+define any mainSequence() ``{
+
+// Read the profiles from the SCR agent
+ map aliases = $[
+ "mainreport" : ``(mainReportForm()),
+ "configreport" : ``(reportConfigForm()),
+ "reportview" : ``(mainArchivedReportForm()),
+ "schedReport" : ``(displaySchedForm()),
+ "viewreport" : ``(displayArchForm()),
+ "runReport" : ``(displayRunForm())
+ ];
+
+ map sequence = $[
+ "ws_start" : "schedReport",
+ "mainreport" : $[
+ `back : `back,
+ `abort : `abort,
+ `next : `finish,
+ `schedrep: "schedReport",
+ `finish : `ws_finish
+ ],
+ "schedReport": $[
+ `back : `ws_start,
+ `abort : `abort,
+ `viewrep : "viewreport",
+ `runrep : "runReport",
+ `next : "runReport",
+ `finish : `ws_finish
+ ],
+ "viewreport" : $[
+ `back : "mainreport",
+ `abort : `abort,
+ `next : "mainreport",
+ `finish : `ws_finish
+ ],
+ "runReport": $[
+ `back : `back,
+ `abort : `abort,
+ `next : `finish,
+ `finish : `ws_finish
+ ],
+ "configreport" : $[
+ `back : `back,
+ `abort : `abort,
+ `next : "reportview",
+ `finish : `ws_finish
+ ],
+ "reportview" : $[
+ `back : `back,
+ `abort : `abort,
+ `next : `finish,
+ `finish : `ws_finish
+ ],
+ ];
+
+ Wizard::CreateDialog();
+ Wizard::SetTitleIcon("apparmor_view_profile");
+ any ret = Sequencer::Run(aliases, sequence);
+ Wizard::CloseDialog();
+ return ret;
+}
+
+any ret = nil;
+
+// no command line support #269891
+if (size(WFM::Args()) > 0 )
+{
+ import "CommandLine";
+ CommandLine::Init($[], WFM::Args());
+ return ret;
+}
+
+if (!installAppArmorPackages()) {
+ return ret;
+}
+
+checkProfileSyntax();
+
+ret = mainSequence();
+return ret;
+
+
+}
+
+
--- a/src/clients/SD_AddProfile.ycp
+++ /dev/null
@@ -1,114 +0,0 @@
-/* ------------------------------------------------------------------
-*
-* Copyright (C) 2002-2006 Novell/SUSE
-*
-* This program is free software; you can redistribute it and/or
-* modify it under the terms of version 2 of the GNU General Public
-* License published by the Free Software Foundation.
-*
- ------------------------------------------------------------------*/
-{
-import "Wizard";
-import "Popup";
-import "Label";
-import "Sequencer";
-include "subdomain/apparmor_packages.ycp";
-include "subdomain/apparmor_profile_check.ycp";
-include "subdomain/profile_dialogs.ycp";
-textdomain "yast2-apparmor";
-
-// Globalz
-
-define boolean CreateNewProfile() {
- string selectfilename = "";
- while ( true ) {
- selectfilename = UI::AskForExistingFile( "/", "", _("Select File To Generate A Profile for") );
- // Check for cancel in the file choose dialog
- if ( selectfilename == nil ) {
- return false;
- }
- Settings["CURRENT_PROFILE"] = selectfilename;
- boolean profile = (boolean) SCR::Read (.subdomain_profiles.new, selectfilename);
- if ( profile == false && Popup::YesNoHeadline( _("Profile for ") + selectfilename + _(" already exists."), _("Would you like to open this profile in editing mode?") ) ) {
- return true;
- }
- Settings["NEW_PROFILE"] = selectfilename;
- return true;
- }
-}
-
-
-
-//
-// Setup and run the Wizard
-//
-define any MainSequence() ``{
-
- map profiles = nil;
- map aliases = $[
- "showprofile" : ``(DisplayProfileForm(Settings["CURRENT_PROFILE"]:"", false)),
- "showHat" : ``(DisplayProfileForm(Settings["CURRENT_HAT"]:"", true))
- ];
-
- map sequence = $[
- "ws_start" : "showprofile",
- "showprofile" : $[
- `abort : `abort,
- `next : `finish,
- `showhat : "showHat",
- `finish : `finish,
- ],
- "showHat" : $[
- `abort : `abort,
- `next : "showprofile",
- `finish : `next,
- ]
- ];
-
- boolean created_new_profile = CreateNewProfile();
- if ( created_new_profile == false ) {
- remove( Settings, "NEW_PROFILE");
- remove( Settings, "CURRENT_PROFILE");
- return (any) `abort;
- }
- map new_profile = (map) SCR::Read (.subdomain_profiles, Settings["CURRENT_PROFILE"]:"" );
- Settings["PROFILE_MAP"] = new_profile;
- Wizard::CreateDialog();
- Wizard::SetTitleIcon("apparmor_add_profile");
- any ret = Sequencer::Run(aliases, sequence);
- Wizard::CloseDialog();
- if ( ret == `abort ) {
- string profile_name = Settings["NEW_PROFILE"]:"";
- any result = SCR::Write(.subdomain_profiles.delete, profile_name);
- }
- Settings = remove( Settings, "NEW_PROFILE");
- Settings = remove( Settings, "CURRENT_PROFILE");
- return ret;
-}
-
-
-
-//
-// YEAH BABY RUN BABY RUN
-//
-
-any ret = nil;
-
-// no command line support #269891
-if (size(WFM::Args()) > 0 )
-{
- import "CommandLine";
- CommandLine::Init($[], WFM::Args());
- return ret;
-}
-
-if (!installAppArmorPackages()) {
- return ret;
-}
-if (!checkProfileSyntax()) {
- return ret;
-}
-ret = MainSequence();
-return ret;
-}
-
--- a/src/clients/SD_DeleteProfile.ycp
+++ /dev/null
@@ -1,91 +0,0 @@
-/* ------------------------------------------------------------------
-*
-* Copyright (C) 2002-2006 Novell/SUSE
-*
-* This program is free software; you can redistribute it and/or
-* modify it under the terms of version 2 of the GNU General Public
-* License published by the Free Software Foundation.
-*
- ------------------------------------------------------------------*/
-{
-import "Wizard";
-import "Label";
-import "Popup";
-import "Sequencer";
-include "subdomain/apparmor_packages.ycp";
-include "subdomain/apparmor_profile_check.ycp";
-include "subdomain/profile_dialogs.ycp";
-textdomain "yast2-apparmor";
-
-// Globalz
-
-define any DeleteProfileConfirmation() {
- string profilename = Settings["CURRENT_PROFILE"]:"";
- if (Popup::YesNoHeadline( _("Delete profile confirmation"),
- _("Are you sure you want to delete the profile ") + profilename +
- _(" ?\nAfter this operation the AppArmor module will reload the profile set.") ) ) {
- y2milestone("Deleted " + profilename );
- boolean result = SCR::Write(.subdomain_profiles.delete, profilename);
- any result2 = SCR::Write(.subdomain_profiles.reload, "-");
- }
- return `finish;
-}
-
-define any MainSequence() ``{
-
-//
-// Read the profiles from the SCR agent
- map profiles = (map) SCR::Read (.subdomain_profiles, "all");
-
- map aliases = $[
- "chooseprofile" : ``(SelectProfileForm(profiles, _("Please make a
- selection from the listed profiles and press Next to delete the profile."),
- _("Delete Profile - Choose profile to delete"), "subdomain/delete_profile")),
- "deleteprofile" : ``(DeleteProfileConfirmation()),
- ];
-
- map sequence = $[
- "ws_start" : "chooseprofile",
- "chooseprofile" : $[
- `abort : `abort,
- `next : "deleteprofile",
- `finish : `next,
- ],
- ];
-
- Wizard::CreateDialog();
- Wizard::SetTitleIcon("apparmor_delete_profile");
- any ret = Sequencer::Run(aliases, sequence);
- Wizard::CloseDialog();
- Settings = remove( Settings, "CURRENT_PROFILE");
- Settings = remove( Settings, "PROFILE_MAP");
- return ret;
-}
-
-
-
-//
-// YEAH BABY RUN BABY RUN
-//
-any ret = nil;
-
-// no command line support #269891
-if (size(WFM::Args()) > 0 )
-{
- import "CommandLine";
- CommandLine::Init($[], WFM::Args());
- return ret;
-}
-
-if (!installAppArmorPackages()) {
- return ret;
-}
-
-if (!checkProfileSyntax()) {
- return true;
-}
-
-ret = MainSequence();
-return ret;
-}
-
--- a/src/clients/SD_EditProfile.ycp
+++ /dev/null
@@ -1,93 +0,0 @@
-/* ------------------------------------------------------------------
-*
-* Copyright (C) 2002-2006 Novell/SUSE
-*
-* This program is free software; you can redistribute it and/or
-* modify it under the terms of version 2 of the GNU General Public
-* License published by the Free Software Foundation.
-*
- ------------------------------------------------------------------*/
-{
-import "Wizard";
-import "Popup";
-import "Label";
-import "Sequencer";
-include "subdomain/apparmor_packages.ycp";
-include "subdomain/apparmor_profile_check.ycp";
-include "subdomain/profile_dialogs.ycp";
-textdomain "yast2-apparmor";
-
-// Globalz
-
-
-
-define any MainSequence() ``{
-
-//
-// Read the profiles from the SCR agent
- map profiles = (map) SCR::Read (.subdomain_profiles, "all");
-
- map aliases = $[
- "showProfile" : ``(DisplayProfileForm(Settings["CURRENT_PROFILE"]:"", false)),
- "showHat" : ``(DisplayProfileForm(Settings["CURRENT_HAT"]:"", true)),
- "chooseProfile" : ``(SelectProfileForm(profiles, _("Please make a selection from the listed profiles and press Next to edit the profile."), _("Edit Profile - Choose profile to edit"), "apparmor_edit_profile" )),
-
- ];
-
- map sequence = $[
- "ws_start" : "chooseProfile",
- "chooseProfile" : $[
- `abort : `abort,
- `next : "showProfile",
- `finish : `next,
- ],
- "showProfile" : $[
- `abort : `abort,
- `next : `ws_finish,
- `showhat : "showHat",
- `finish : `next,
- ],
- "showHat" : $[
- `abort : `abort,
- `next : "showProfile",
- `finish : `next,
- ],
- ];
-
- Wizard::CreateDialog();
- Wizard::SetTitleIcon("apparmor_edit_profile");
- any ret = Sequencer::Run(aliases, sequence);
- Wizard::CloseDialog();
- Settings = remove( Settings, "CURRENT_PROFILE");
- Settings = remove( Settings, "PROFILE_MAP");
- return ret;
-}
-
-
-
-//
-// YEAH BABY RUN BABY RUN
-//
-any ret = nil;
-
-// no command line support #269891
-if (size(WFM::Args()) > 0 )
-{
- import "CommandLine";
- CommandLine::Init($[], WFM::Args());
- return ret;
-}
-
-if (!installAppArmorPackages()) {
- return ret;
-}
-
-if (!checkProfileSyntax()) {
- return ret;
-}
-
-
-ret = MainSequence();
-return ret;
-}
-
--- a/src/clients/SD_Report.ycp
+++ /dev/null
@@ -1,108 +0,0 @@
-/* ------------------------------------------------------------------
-*
-* Copyright (C) 2002-2006 Novell/SUSE
-*
-* This program is free software; you can redistribute it and/or
-* modify it under the terms of version 2 of the GNU General Public
-* License published by the Free Software Foundation.
-*
- ------------------------------------------------------------------*/
-{
-
-import "Wizard";
-import "Popup";
-import "Label";
-import "Sequencer";
-include "subdomain/apparmor_packages.ycp";
-include "subdomain/apparmor_profile_check.ycp";
-include "subdomain/reporting_dialogues.ycp";
-include "subdomain/report_helptext.ycp";
-textdomain "yast2-apparmor";
-
-// Globalz
-
-define any mainSequence() ``{
-
-// Read the profiles from the SCR agent
- map aliases = $[
- "mainreport" : ``(mainReportForm()),
- "configreport" : ``(reportConfigForm()),
- "reportview" : ``(mainArchivedReportForm()),
- "schedReport" : ``(displaySchedForm()),
- "viewreport" : ``(displayArchForm()),
- "runReport" : ``(displayRunForm())
- ];
-
- map sequence = $[
- "ws_start" : "schedReport",
- "mainreport" : $[
- `back : `back,
- `abort : `abort,
- `next : `finish,
- `schedrep: "schedReport",
- `finish : `ws_finish
- ],
- "schedReport": $[
- `back : `ws_start,
- `abort : `abort,
- `viewrep : "viewreport",
- `runrep : "runReport",
- `next : "runReport",
- `finish : `ws_finish
- ],
- "viewreport" : $[
- `back : "mainreport",
- `abort : `abort,
- `next : "mainreport",
- `finish : `ws_finish
- ],
- "runReport": $[
- `back : `back,
- `abort : `abort,
- `next : `finish,
- `finish : `ws_finish
- ],
- "configreport" : $[
- `back : `back,
- `abort : `abort,
- `next : "reportview",
- `finish : `ws_finish
- ],
- "reportview" : $[
- `back : `back,
- `abort : `abort,
- `next : `finish,
- `finish : `ws_finish
- ],
- ];
-
- Wizard::CreateDialog();
- Wizard::SetTitleIcon("apparmor_view_profile");
- any ret = Sequencer::Run(aliases, sequence);
- Wizard::CloseDialog();
- return ret;
-}
-
-any ret = nil;
-
-// no command line support #269891
-if (size(WFM::Args()) > 0 )
-{
- import "CommandLine";
- CommandLine::Init($[], WFM::Args());
- return ret;
-}
-
-if (!installAppArmorPackages()) {
- return ret;
-}
-
-checkProfileSyntax();
-
-ret = mainSequence();
-return ret;
-
-
-}
-
-
--- /dev/null
+++ b/src/clients/apparmor_no_impl.ycp
@@ -0,0 +1,20 @@
+/* ------------------------------------------------------------------
+*
+* Copyright (C) 2002-2005 Novell/SUSE
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of version 2 of the GNU General Public
+* License published by the Free Software Foundation.
+*
+ ------------------------------------------------------------------*/
+{
+import "Popup";
+import "Wizard";
+
+//include "subdomain/prof-config.ycp";
+
+/* BEGIN - This is just temporary filler */
+ Popup::Message("This function is not implemented at this time");
+ symbol button = (`ok);
+ return button;
+}
--- /dev/null
+++ a/src/clients/apparmor-settings.ycp
@@ -0,0 +1,72 @@
+/* ------------------------------------------------------------------
+*
+* Copyright (C) 2002-2006 Novell/SUSE
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of version 2 of the GNU General Public
+* License published by the Free Software Foundation.
+*
+ ------------------------------------------------------------------*/
+
+{
+
+textdomain "yast2-apparmor";
+
+/* The main () */
+y2milestone("----------------------------------------");
+y2milestone("Subdomain module started");
+
+import "Label";
+import "Popup";
+import "Wizard";
+
+include "subdomain/apparmor_packages.ycp";
+include "subdomain/sd-config.ycp";
+
+// no command line support #269891
+if (size(WFM::Args()) > 0 )
+{
+ import "CommandLine";
+ CommandLine::Init($[], WFM::Args());
+ return;
+}
+
+if (!installAppArmorPackages()) {
+ return;
+}
+
+list<map> config_steps =
+[
+ $[ "id": "subdomain", "label": _("Enable AppArmor Functions") ],
+];
+
+list<map> steps = flatten( [ config_steps ] );
+
+define symbol displayPage( integer no ) ``{
+
+ string current_id = lookup( steps[ no ]:nil, "id", "");
+ symbol button = nil;
+
+ UI::WizardCommand(`SetCurrentStep( current_id ) );
+
+ if ( current_id == "subdomain") {
+ //button = displaySubdomainConfig();
+ button = displayAppArmorConfig();
+ }
+
+
+
+ return button;
+
+}
+
+integer current_step = 0;
+symbol button = displayPage( current_step );
+
+/* Finish */
+y2milestone("AppArmor module finished");
+y2milestone("----------------------------------------");
+
+/* EOF */
+}
+
--- a/src/clients/subdomain.ycp
+++ /dev/null
@@ -1,72 +0,0 @@
-/* ------------------------------------------------------------------
-*
-* Copyright (C) 2002-2006 Novell/SUSE
-*
-* This program is free software; you can redistribute it and/or
-* modify it under the terms of version 2 of the GNU General Public
-* License published by the Free Software Foundation.
-*
- ------------------------------------------------------------------*/
-
-{
-
-textdomain "yast2-apparmor";
-
-/* The main () */
-y2milestone("----------------------------------------");
-y2milestone("Subdomain module started");
-
-import "Label";
-import "Popup";
-import "Wizard";
-
-include "subdomain/apparmor_packages.ycp";
-include "subdomain/sd-config.ycp";
-
-// no command line support #269891
-if (size(WFM::Args()) > 0 )
-{
- import "CommandLine";
- CommandLine::Init($[], WFM::Args());
- return;
-}
-
-if (!installAppArmorPackages()) {
- return;
-}
-
-list<map> config_steps =
-[
- $[ "id": "subdomain", "label": _("Enable AppArmor Functions") ],
-];
-
-list<map> steps = flatten( [ config_steps ] );
-
-define symbol displayPage( integer no ) ``{
-
- string current_id = lookup( steps[ no ]:nil, "id", "");
- symbol button = nil;
-
- UI::WizardCommand(`SetCurrentStep( current_id ) );
-
- if ( current_id == "subdomain") {
- //button = displaySubdomainConfig();
- button = displayAppArmorConfig();
- }
-
-
-
- return button;
-
-}
-
-integer current_step = 0;
-symbol button = displayPage( current_step );
-
-/* Finish */
-y2milestone("AppArmor module finished");
-y2milestone("----------------------------------------");
-
-/* EOF */
-}
-
--- a/src/clients/subdomain_no_impl.ycp
+++ /dev/null
@@ -1,20 +0,0 @@
-/* ------------------------------------------------------------------
-*
-* Copyright (C) 2002-2005 Novell/SUSE
-*
-* This program is free software; you can redistribute it and/or
-* modify it under the terms of version 2 of the GNU General Public
-* License published by the Free Software Foundation.
-*
- ------------------------------------------------------------------*/
-{
-import "Popup";
-import "Wizard";
-
-//include "subdomain/prof-config.ycp";
-
-/* BEGIN - This is just temporary filler */
- Popup::Message("This function is not implemented at this time");
- symbol button = (`ok);
- return button;
-}
--- /dev/null
+++ b/src/include/apparmor/Makefile.am
@@ -0,0 +1,19 @@
+yncludedir = @yncludedir@/subdomain
+
+ynclude_DATA = \
+ apparmor_packages.ycp \
+ apparmor_profile_check.ycp \
+ apparmor_ycp_utils.ycp \
+ capabilities.ycp \
+ config_complain.ycp \
+ helps.ycp \
+ profile_dialogs.ycp \
+ report_helptext.ycp \
+ reporting_archived_dialogs.ycp \
+ reporting_dialogues.ycp \
+ reporting_utils.ycp \
+ sd-config.ycp
+
+EXTRA_DIST = \
+ $(ynclude_DATA)
+
--- /dev/null
+++ b/src/include/apparmor/aa-config.ycp
@@ -0,0 +1,415 @@
+/* ------------------------------------------------------------------
+*
+* Copyright (C) 2002-2005 Novell/SUSE
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of version 2 of the GNU General Public
+* License published by the Free Software Foundation.
+*
+ ------------------------------------------------------------------*/
+{
+include "subdomain/config_complain.ycp";
+include "subdomain/helps.ycp";
+include "subdomain/apparmor_ycp_utils.ycp";
+textdomain "yast2-apparmor";
+
+import "Label";
+
+define boolean changeAppArmorState(boolean aaEnabled) {
+
+ any error = nil;
+ string sdAction = "";
+
+ if (aaEnabled == true) {
+ sdAction = "subdomain:enable";
+ } else {
+ sdAction = "subdomain:disable";
+ }
+
+ error = SCR::Execute(.sdconf, sdAction);
+
+ if ( error != nil && is(error, string) ) {
+
+ string errorMsg = (string) error;
+ string popError = _("This operation generated the following error. Please check your installation and AppArmor profile settings.");
+ Popup::Message( popError+ "\n[" + errorMsg + "]");
+ aaEnabled = ! aaEnabled;
+
+ }
+
+ return aaEnabled;
+}
+
+define void displayNotifyForm() {
+
+ map settings = (map) SCR::Execute(.subdomain, "sd-notify-settings");
+
+ map<string,any> terse = settings["terse"]:$[];
+ map<string,any> summary = settings["summary"]:$[];
+ map<string,any> verbose = settings["verbose"]:$[];
+
+ any t_freq = terse["terse_freq"]:0;
+ any s_freq = summary["summary_freq"]:0;
+ any v_freq = verbose["verbose_freq"]:0;
+
+ boolean t_unknown = true;
+ any a_t_poop = (any) terse["terse_unknown"]:"1";
+ string t_poop = tostring(a_t_poop);
+ if(t_poop == "0") {
+ t_unknown = false;
+ }
+
+ boolean s_unknown = true;
+ any a_s_poop = terse["summary_unknown"]:"1";
+ string s_poop = tostring(a_s_poop);
+ if(s_poop == "0") {
+ s_unknown = false;
+ }
+
+ boolean v_unknown = true;
+ any a_v_poop = verbose["verbose_unknown"]:"1";
+ string v_poop = tostring(a_v_poop);
+ if(v_poop == "0") {
+ v_unknown = false;
+ }
+
+ list terse_items = [
+ `item(`id(0), _("Disabled"), t_freq==0?true:false),
+ `item(`id(60), _("1 minute"), t_freq==60?true:false),
+ `item(`id(300), _("5 minutes"), t_freq==300?true:false),
+ `item(`id(600), _("10 minutes"), t_freq==600?true:false),
+ `item(`id(900), _("15 minutes"), t_freq==900?true:false),
+ `item(`id(1800), _("30 minutes"), t_freq==1800?true:false),
+ `item(`id(3600), _("1 hour"), t_freq==3600?true:false),
+ `item(`id(86400), _("1 day"), t_freq==86400?true:false),
+ `item(`id(604800), _("1 week"), t_freq==604800?true:false)
+ ];
+
+ list summary_items = [
+ `item(`id(0), _("Disabled"), s_freq==0?true:false),
+ `item(`id(60), _("1 minute"), s_freq==60?true:false),
+ `item(`id(300), _("5 minutes"), s_freq==300?true:false),
+ `item(`id(600), _("10 minutes"), s_freq==600?true:false),
+ `item(`id(900), _("15 minutes"), s_freq==900?true:false),
+ `item(`id(1800), _("30 minutes"), s_freq==1800?true:false),
+ `item(`id(3600), _("1 hour"), s_freq==3600?true:false),
+ `item(`id(86400), _("1 day"), s_freq==86400?true:false),
+ `item(`id(604800), _("1 week"), s_freq==604800?true:false)
+ ];
+
+ list verbose_items = [
+ `item(`id(0), _("Disabled"), v_freq==0?true:false),
+ `item(`id(60), _("1 minute"), v_freq==60?true:false),
+ `item(`id(300), _("5 minutes"), v_freq==300?true:false),
+ `item(`id(600), _("10 minutes"), v_freq==600?true:false),
+ `item(`id(900), _("15 minutes"), v_freq==900?true:false),
+ `item(`id(1800), _("30 minutes"), v_freq==1800?true:false),
+ `item(`id(3600), _("1 hour"), v_freq==3600?true:false),
+ `item(`id(86400), _("1 day"), v_freq==86400?true:false),
+ `item(`id(604800), _("1 week"), v_freq==604800?true:false)
+ ];
+
+
+ term event_config = `HVCenter(`VBox(`opt(`vstretch),
+ `Frame( _("Security Event Notification"),
+ `HBox(`HSpacing(1),
+ `VBox(`opt(`vstretch),
+ `VSpacing(1),
+ `Frame( _("Terse Notification"),
+ `VBox(`opt(`vstretch),
+ `HBox(
+ `ComboBox(`id(`terse_freq), _("Frequency"), terse_items),
+ `TextEntry(`id(`terse_email), _("Email Address"), terse["terse_email"]:""),
+ `IntField(`id(`terse_level), _("Severity"), 0,10, terse["terse_level"]:0)
+ ),
+ `HBox(
+ `CheckBox( `id(`terse_unknown), _("Include Unknown Severity Events"), t_unknown)
+ )
+ )
+ ),
+ `VSpacing(1),
+ `Frame( _("Summary Notification"),
+ `VBox(`opt(`vstretch),
+ `HBox(
+ `ComboBox(`id(`summary_freq), _("Frequency"), summary_items),
+ `TextEntry(`id(`summary_email), _("Email Address"), summary["summary_email"]:""),
+ `IntField(`id(`summary_level), _("Severity"), 0,10, summary["summary_level"]:0)
+ ),
+ `HBox(
+ `CheckBox( `id(`summary_unknown), _("Include Unknown Severity Events"), s_unknown)
+ )
+ )
+ ),
+ `VSpacing(1),
+ `Frame( _("Verbose Notification"),
+ `VBox(`opt(`vstretch),
+ `HBox(
+ `ComboBox(`id(`verbose_freq), _("Frequency"), verbose_items),
+ `TextEntry(`id(`verbose_email), _("Email Address"), verbose["verbose_email"]:""),
+ `IntField(`id(`verbose_level), _("Severity"), 0,10, verbose["verbose_level"]:0)
+ ),
+ `HBox(
+ `CheckBox( `id(`verbose_unknown), _("Include Unknown Severity Events"), v_unknown)
+ )
+ )
+ ),
+ `VSpacing(1)
+ ),
+ `HSpacing(1)
+ )
+ )
+ )
+ );
+
+ Wizard::CreateDialog();
+ Wizard::SetContentsButtons(_("Security Event Notification"), event_config, helps["EventNotifyHelpText"]:"", Label::BackButton(), Label::OKButton());
+ Wizard::DisableBackButton();
+
+ any ntInput = nil;
+ string notifyLabelValue = "";
+
+ while( true ) {
+ ntInput = UI::UserInput();
+
+ if (ntInput == `next) {
+
+ map<string,map> answers = $[ ];
+ map<string,string> set_notify = $[ ];
+ map<string,string> summary = $[ ];
+ map<string,string> verbose = $[ ];
+ map<string,string> terse = $[ ];
+
+ t_freq = UI::QueryWidget(`id(`terse_freq), `Value);
+ s_freq = UI::QueryWidget(`id(`summary_freq), `Value);
+ v_freq = UI::QueryWidget(`id(`verbose_freq), `Value);
+
+ set_notify["sd-set-notify"] = "yes";
+ terse["terse_freq"] = tostring(t_freq);
+ summary["summary_freq"] = tostring(s_freq);
+ verbose["verbose_freq"] = tostring(v_freq);
+
+ if (t_freq != 0) {
+
+ string t_email = (string) UI::QueryWidget(`id(`terse_email), `Value);
+
+ if ( t_email == nil || t_email == "" ) {
+ Popup::Error( _("An email address is required for each selected notification method.") );
+ continue;
+ } else if ( ! checkEmailAddress( t_email ) ) {
+ continue;
+ }
+
+ terse["enable_terse"] = "yes";
+ terse["terse_email"] = (string) UI::QueryWidget(`id(`terse_email), `Value);
+ terse["terse_level"] = (string) tostring(UI::QueryWidget(`id(`terse_level), `Value));
+
+ boolean t_unknown = (boolean) UI::QueryWidget(`id(`terse_unknown), `Value);
+
+ if (t_unknown == true) {
+ terse["terse_unknown"] = "1";
+ } else {
+ terse["terse_unknown"] = "0";
+ }
+
+ } else {
+ terse["enable_terse"] = "no";
+ }
+
+ if (s_freq != 0) {
+
+ string s_email = (string) UI::QueryWidget(`id(`summary_email), `Value);
+ if ( s_email == nil || s_email == "" ) {
+ Popup::Error( _("An email address is required for each selected notification method.") );
+ continue;
+ } else if ( ! checkEmailAddress(s_email) ) {
+ continue;
+ }
+
+ summary["enable_summary"] = "yes";
+ summary["summary_email"] = (string) UI::QueryWidget(`id(`summary_email), `Value);
+ summary["summary_level"] = (string) tostring(UI::QueryWidget(`id(`summary_level), `Value));
+
+ boolean s_unknown = (boolean) UI::QueryWidget(`id(`summary_unknown), `Value);
+
+ if (s_unknown == true) {
+ summary["summary_unknown"] = "1";
+ } else {
+ summary["summary_unknown"] = "0";
+ }
+
+ } else {
+ summary["enable_summary"] = "no";
+ }
+
+ if (v_freq != 0) {
+ string v_email = (string) UI::QueryWidget(`id(`verbose_email), `Value);
+ if ( v_email == nil || v_email == "" ) {
+ Popup::Error( _("An email address is required for each selected notification method.") );
+ continue;
+ } else if (! checkEmailAddress(v_email) ) {
+ continue;
+ }
+
+ verbose["enable_verbose"] = "yes";
+ verbose["verbose_email"] = (string) UI::QueryWidget(`id(`verbose_email), `Value);
+ verbose["verbose_level"] = (string) tostring(UI::QueryWidget(`id(`verbose_level), `Value));
+
+ boolean v_unknown = (boolean) UI::QueryWidget(`id(`verbose_unknown), `Value);
+
+ if (v_unknown == true) {
+ verbose["verbose_unknown"] = "1";
+ } else {
+ verbose["verbose_unknown"] = "0";
+ }
+ } else {
+ verbose["enable_verbose"] = "no";
+ }
+
+ answers["set_notify"] = set_notify;
+ answers["terse"] = terse;
+ answers["summary"] = summary;
+ answers["verbose"] = verbose;
+
+ string result = (string) SCR::Execute(.sdconf, answers);
+
+ if (result != "success") {
+ Popup::Error( _("Configuration failed for the following operations: ") + result);
+ }
+
+ if ( t_freq != 0 || s_freq != 0 || v_freq != 0 ) {
+ notifyLabelValue = _("Notification is enabled");
+ } else {
+ notifyLabelValue = _("Notification is disabled");
+ }
+ }
+
+ Wizard::CloseDialog();
+ if ( (ntInput == `ok) || (ntInput == `next) ) {
+ UI::ChangeWidget( `id(`notifyLabel), `Value, notifyLabelValue );
+ }
+ break;
+ }
+
+}
+
+define symbol displayAppArmorConfig () {
+
+ // AppArmor Status
+ boolean aaEnabled = false;
+ boolean ntIsEnabled = false;
+ string subdomain = (string) SCR::Execute(.subdomain, "sd-status");
+ string sdEnStr = _("AppArmor is disabled");
+
+ if (subdomain == "enabled") {
+ aaEnabled = true;
+ sdEnStr = _("AppArmor is enabled");
+ }
+
+ // Notification Status
+ string evnotify = (string) SCR::Execute(.subdomain, "sd-notify");
+ string evEnStr = _("Notification is disabled");
+ if (evnotify == "enabled") {
+ ntIsEnabled = true;
+ evEnStr = _("Notification is enabled");
+ } else if (evnotify == "notinstalled") {
+ evnotify = "disabled";
+ }
+
+ /* Network dialog caption */
+ string caption = _("AppArmor Configuration");
+ string help = _("<p><b>AppArmor Status</b><br>This reports whether the AppArmor policy enforcement
+module is loaded and functioning.</p>") +
+
+_("<p><b>Security Event Notification</b><br>Configure this tool if you want
+to be notified by email when access violations have occurred.</p>") +
+
+_("<p><b>Profile Modes</b><br>Use this tool to change the way that AppArmor
+uses individual profiles.</p>");
+
+ term contents =
+ `HVCenter(
+ `VBox(
+ `VSpacing(1), `HSpacing(2),
+ `HBox (
+ `HSpacing( `opt(`hstretch), 2 ),
+ `VBox(
+ `Left(`CheckBox( `id(`aaState), `opt(`notify), _("&Enable AppArmor"), aaEnabled)),
+ `VSpacing(1),
+
+ `Frame( `id(`aaEnableFrame), _("Configure AppArmor"),
+ `HBox (
+ `HSpacing( `opt(`hstretch), 4 ),
+ `VBox(
+ `VSpacing(1),
+ `Frame ( _("Security Event Notification"),
+ `HBox(
+ `VSpacing(1), `HSpacing(1),
+ `HVCenter( `Label( `id(`notifyLabel), evEnStr )),
+ `PushButton( `id(`ntconf), _("C&onfigure")),
+ `VSpacing(1), `HSpacing(1)
+ )
+ ),
+ `VSpacing(1), `HSpacing(20),
+
+ `Frame ( _("Configure Profile Modes"),
+ `HBox(
+ `VSpacing(1), `HSpacing(1),
+ `Left(`HVCenter( `Label( `id(`modesLabel), " " + _("Set profile modes") ))),
+ `PushButton( `id(`modeconf), _("Co&nfigure") ),
+ `VSpacing(1), `HSpacing(1)
+ )
+ ),
+ `VSpacing(1)
+ ),
+ `HSpacing( `opt(`hstretch), 4 )
+ ))),
+ `HSpacing( `opt(`hstretch), 2 )
+ ))
+ );
+
+ // May want to replace Wizard() with UI()
+ Wizard::CreateDialog();
+ Wizard::SetTitleIcon("apparmor/control_panel");
+ Wizard::SetContentsButtons(caption, contents, help, Label::BackButton(), _("&Done"));
+ Wizard::DisableBackButton();
+
+ UI::ChangeWidget(`id(`aaEnableFrame), `Enabled, aaEnabled);
+
+ while( true ) {
+
+ symbol ret = (symbol) UI::UserInput();
+
+ if ( ret == `abort || ret == `cancel || ret == `next) {
+ break;
+ } else if (ret == `aaState ) {
+
+ // Set AppArmor state: enabled|disabled
+ boolean requestedAaState = (boolean) UI::QueryWidget(`id(`aaState), `Value);
+
+ aaEnabled = changeAppArmorState(requestedAaState);
+
+ // These will match if the update was successful
+ if ( aaEnabled == requestedAaState ) {
+ UI::ChangeWidget(`id(`aaEnableFrame), `Enabled, aaEnabled);
+ }
+
+ } else if (ret == `ntconf ) {
+ displayNotifyForm();
+
+ } else if (ret == `modeconf ) {
+
+ profileModeConfigForm();
+
+ //displayAppArmorConfig();
+
+ } else {
+ y2error("Unexpected return code: " + tostring(ret));
+ }
+ }
+
+ UI::CloseDialog();
+ return nil;
+}
+
+/* EOF */
+}
--- /dev/null
+++ b/src/include/apparmor/apparmor_packages.ycp
@@ -0,0 +1,30 @@
+/*
+ Copyright (C) 2006 Novell Inc. All Rights Reserved.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of version 2 of the GNU General Public
+ License published by the Free Software Foundation.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, contact Novell, Inc.
+
+ Written by Steve Beattie <sbeattie@suse.de>
+ */
+
+ /* This should probably be more intelligent and query the user once
+ * whether they want optional packages like apparmor-docs, libapparmor,
+ * apache2-mod-apparmor and * (eventually) pam-apparmor installed. */
+
+import "PackageSystem";
+
+list<string> __needed_packages =
+ ["apparmor-parser", "apparmor-utils", "apparmor-profiles"];
+
+define boolean installAppArmorPackages () {
+ return PackageSystem::CheckAndInstallPackagesInteractive (__needed_packages);
+}
--- /dev/null
+++ b/src/include/apparmor/apparmor_profile_check.ycp
@@ -0,0 +1,52 @@
+/*
+ Copyright (C) 2006 Novell Inc. All Rights Reserved.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of version 2 of the GNU General Public
+ License published by the Free Software Foundation.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, contact Novell, Inc.
+
+ */
+
+
+import "Popup";
+textdomain "yast2-apparmor";
+
+define boolean checkProfileSyntax () {
+ map <string,string> args = $[];
+ string errmsg = "<ul>";
+ boolean syntax_ok = true;
+
+ args["profile-syntax-check"] = "1";
+ list <string> errors = (list <string>) SCR::Execute (.subdomain, "profile-syntax-check" );
+ foreach ( string error, errors, ``{
+ syntax_ok = false;
+ errmsg = errmsg + "<li>" + error + "</li>";
+ });
+ errmsg = errmsg + "</ul>";
+ if ( syntax_ok == false ) {
+ string headline = _("Errors found in AppArmor profiles");
+ errmsg = _("<p>These problems must be corrected before AppArmor can be \
+started or the profile management tools can be used.</p> ")
+ + "<p>" + errmsg + "</p>"
+ + _("<p>You can find a description of AppArmor profile syntax by \
+running ")
+ + "<code>man apparmor.d</code></p>"
+ + _("<p>Comprehensive documentation about AppArmor is available in \
+the Administration guide. This is available in the \
+directory: ")
+ + "</p>"
+ + "<code>/usr/share/doc/manual/suselinux-manual_LANGUAGE</code>. "
+ + _("<p>Please refer to this for more detailed information about \
+AppArmor</p>");
+ Popup::LongText( headline, `RichText(errmsg), 55, 15);
+ }
+ return( syntax_ok );
+}
--- /dev/null
+++ b/src/include/apparmor/apparmor_ycp_utils.ycp
@@ -0,0 +1,679 @@
+
+/*
+ Copyright (C) 2007 Novell Inc. All Rights Reserved.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of version 2 of the GNU General Public
+ License published by the Free Software Foundation.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, contact Novell, Inc.
+
+ */
+
+
+import "Label";
+import "Popup";
+import "AppArmorDialogs";
+textdomain "yast2-apparmor";
+
+ map CMDS = $[ ];
+ CMDS["CMD_ALLOW"] = _("&Allow");
+ CMDS["CMD_DENY"] = _("&Deny");
+ CMDS["CMD_ABORT"] = _("Abo&rt");
+ CMDS["CMD_FINISHED"] = Label::FinishButton();
+ CMDS["CMD_AUDIT_NEW"] = _("Audi&t");
+ CMDS["CMD_AUDIT_OFF"] = _("Audi&t off");
+ CMDS["CMD_AUDIT_FULL"] = _("Audit &All");
+ CMDS["CMD_OTHER"] = _("&Opts");
+ CMDS["CMD_USER_ON"] = _("&Owner permissions on");
+ CMDS["CMD_USER_OFF"] = _("&Owner permissions off");
+ CMDS["CMD_ix"] = _("&Inherit");
+ CMDS["CMD_px"] = _("&Profile");
+ CMDS["CMD_px_safe"] = _("&Profile Clean Exec");
+ CMDS["CMD_cx"] = _("&Child");
+ CMDS["CMD_cx_safe"] = _("&Child Clean Exec");
+ CMDS["CMD_nx"] = _("&Name");
+ CMDS["CMD_nx_safe"] = _("&Named Clean Exec");
+ CMDS["CMD_ux"] = _("&Unconfined");
+ CMDS["CMD_ux_safe"] = _("&Unconfined Clean Exec");
+ CMDS["CMD_pix"] = _("&Profile ix");
+ CMDS["CMD_pix_safe"] = _("&Profile ix Clean Exec");
+ CMDS["CMD_cix"] = _("&Child ix");
+ CMDS["CMD_cix_safe"] = _("&Child ix Cx Clean Exec");
+ CMDS["CMD_nix"] = _("&Name ix");
+ CMDS["CMD_nix_safe"] = _("&Name ix");
+ CMDS["CMD_EXEC_IX_ON"] = _("i&x fallback on");
+ CMDS["CMD_EXEC_IX_OFF"] = _("i&x fallback off");
+ CMDS["CMD_CONTINUE"] = _("&Continue Profiling");
+ CMDS["CMD_INHERIT"] = _("&Inherit");
+ CMDS["CMD_PROFILE"] = _("&Profile");
+ CMDS["CMD_UNCONFINED"] = _("&Unconfined");
+ CMDS["CMD_NEW"] = _("&Edit");
+ CMDS["CMD_GLOB"] = _("&Glob");
+ CMDS["CMD_GLOBEXT"] = _("Glob w/E&xt");
+ CMDS["CMD_ADDHAT"] = _("&Add Requested Hat");
+ CMDS["CMD_USEDEFAULT"] = _("&Use Default Hat");
+ CMDS["CMD_SCAN"] = _("&Scan system log for AppArmor events");
+ CMDS["CMD_VIEW_PROFILE"] = _("&View Profile");
+ CMDS["CMD_USE_PROFILE"] = _("&Use Profile");
+ CMDS["CMD_CREATE_PROFILE"] = _("&Create New Profile");
+ CMDS["CMD_UPDATE_PROFILE"] = _("&Update Profile");
+ CMDS["CMD_IGNORE_UPDATE"] = _("&Ignore Update");
+ CMDS["CMD_SAVE_CHANGES"] = _("&Save Changes");
+ CMDS["CMD_UPLOAD_CHANGES"] = _("&Upload Changes");
+ CMDS["CMD_VIEW_CHANGES"] = _("&View Changes");
+ CMDS["CMD_ENABLE_REPO"] = _("&Enable Repository");
+ CMDS["CMD_DISABLE_REPO"] = _("&Disable Repository");
+ CMDS["CMD_ASK_NEVER"] = _("&Never Ask Again");
+ CMDS["CMD_ASK_LATER"] = _("Ask Me &Later");
+ CMDS["CMD_YES"] = Label::YesButton();
+ CMDS["CMD_NO"] = Label::NoButton();
+
+
+define boolean validEmailAddress ( string emailAddr, boolean allowlocal ) {
+
+ integer emailAddrLength = size(emailAddr);
+ boolean isSafe = false;
+
+ if ( allowlocal && regexpmatch( emailAddr, "^\/var\/mail\/\\w+$" )) {
+ isSafe = true;
+ } else if ((regexpmatch( emailAddr, "\\w+(-\\w+?)@\\w+" ) ||
+ regexpmatch( emailAddr, "/^(\\w+\.?)+\\w+\@(\\w+\.?)+\\w+$" ) ||
+ regexpmatch( emailAddr, "\\w+@\\w+" ) ||
+ !regexpmatch( emailAddr, "..+" )) &&
+ emailAddrLength < 129 ) {
+ isSafe = true;
+ }
+ return isSafe;
+}
+
+define boolean checkEmailAddress( string emailAddr ) {
+
+ if ( ! validEmailAddress( emailAddr, false ) ) {
+ string err_email_format = _("Email address format invalid.\nEmail address must be less than 129 characters \n and of the format \"name@domain\". \n Please enter another address.");
+ Popup::Error( err_email_format );
+ return false;
+ }
+ return true;
+}
+
+
+/** UI_RepositorySignInDialog
+ * Dialog to allow users to signin or register with an external AppArmor
+ * profile repository
+ *
+ * @param agent_data - data from the backend
+ * [ repo_url - string ]
+ * @return answers - map that contains:
+ * [ newuser => 1|0 - registering a new user? ]
+ * [ user => username ]
+ * [ pass => password ]
+ * [ email => email address - if newuser = 1 ]
+ * [ save_config => true/false - save this information on ]
+ * [ the system ]
+ *
+ **/
+define map<string,string> UI_RepositorySignInDialog( map<any,any> agent_data ) {
+ string repo_url = (string) agent_data["repo_url"]:"MISSING_REPO_URL";
+ term dialog =
+ `VBox(
+ `VSpacing(1),
+ `Top(`Label(_("AppArmor Profile Repository Setup") + "\n" + repo_url)),
+ `VBox(
+ `ReplacePoint(`id(`replace), `Empty())
+ ),
+ `VSpacing(1)
+ );
+
+ term signin_box =
+ `VBox(
+ `HBox(
+ `HSpacing(1),
+ `Frame(`id(`signin_frame), _("Sign in to the repository"),
+ `HBox(
+ `HSpacing(0.5),
+ `VBox(
+ `TextEntry(`id(`username), _("Username")),
+ `Password(`id(`password), Label::Password()),
+ `VSpacing(1),
+ `HBox(
+ `CheckBox(`id(`save_conf), `opt(`notify),
+ _("S&ave configuration")),
+ `HSpacing( 0.5),
+ `Left(`PushButton(`id(`signin_submit),
+ _("&Sign in"))),
+ `Right(`PushButton(`id(`signin_cancel),
+ Label::CancelButton())),
+ `HSpacing( 0.5)
+ )
+ ),
+ `HSpacing(0.5)
+ )
+ ),
+ `HSpacing(1)
+ ),
+ `VSpacing(1),
+ `PushButton(`id(`newuser), _("&Register new user..."))
+ );
+
+ term registration_box =
+ `VBox(
+ `HBox(
+ `HSpacing(1),
+ `Frame(`id(`register_frame), _("Register New User"),
+ `HBox(
+ `HSpacing(0.5),
+ `VBox(
+ `TextEntry(`id(`register_username),
+ _("Enter Username")),
+ `TextEntry(`id(`register_email),
+ _("Enter Email Address")),
+ `Password(`id(`register_password),
+ _("Enter Password")),
+ `Password(`id(`register_password2),
+ _("Verify Password")),
+ `VSpacing(1),
+ `HBox(
+ `HSpacing( 0.2),
+ `CheckBox(`id(`save_conf_new), `opt(`notify),
+ _("S&ave configuration")),
+ `Left(`PushButton(`id(`register_submit),
+ _("&Register"))),
+ `Right(`PushButton(`id(`register_cancel),
+ Label::CancelButton())),
+ `HSpacing( 0.2)
+ )
+ ),
+ `HSpacing( 0.5)
+ )
+ ),
+ `HSpacing(1)
+ ),
+ `VSpacing(1),
+ `PushButton(`id(`signin), _("&Sign in as existing user..."))
+ );
+
+ UI::OpenDialog(`opt(`decorated), dialog);
+ UI::ReplaceWidget(`replace, signin_box);
+ map<string,string> answers = $[ ];
+ any input = nil;
+ repeat {
+ input = UI::UserInput();
+ if(input == `newreg) {
+ boolean new_registration =
+ (boolean) UI::QueryWidget(`id(`newreg), `Value);
+ if ( new_registration == true ) {
+ UI::ChangeWidget(`id(`register_frame), `Enabled, true);
+ UI::ChangeWidget(`id(`signin_frame), `Enabled, false);
+ } else {
+ UI::ChangeWidget(`id(`register_frame), `Enabled, false);
+ UI::ChangeWidget(`id(`signin_frame), `Enabled, true);
+ }
+ } else if(input == `newuser) {
+ UI::ReplaceWidget(`replace, registration_box);
+ UI::ChangeWidget(`id(`register_email), `InputMaxLength, 129);
+ } else if(input == `signin) {
+ UI::ReplaceWidget(`replace, signin_box);
+ UI::ChangeWidget(`id(`register_email), `InputMaxLength, 129);
+ } else if(input == `signin_cancel || input == `register_cancel) {
+ answers["answer"] = "cancel";
+ } else if ( input == `signin_submit ) {
+ string username = (string) UI::QueryWidget(`id(`username), `Value);
+ string password = (string) UI::QueryWidget(`id(`password), `Value);
+ string save_config =
+ (boolean) UI::QueryWidget(`id(`save_conf), `Value) ? "y": "n";
+
+ if ( username == "" ) {
+ Popup::Error(_("Username is required"));
+ } else if ( password == "" ) {
+ Popup::Error(_("Password is required"));
+ } else {
+ y2milestone("APPARMOR : REPO - signon: \n\tusername [" +
+ username +
+ "]\n\tpassword [" +
+ password + "]");
+ answers["newuser"] = "n";
+ answers["user"] = username;
+ answers["pass"] = password;
+ answers["save_config"] = save_config;
+ input = `done;
+ }
+ } else if ( input == `register_submit ) {
+ string username =
+ (string) UI::QueryWidget( `id(`register_username), `Value);
+ string password =
+ (string) UI::QueryWidget( `id(`register_password), `Value);
+ string password_verify =
+ (string) UI::QueryWidget( `id(`register_password2), `Value);
+ string email = (string) UI::QueryWidget( `id(`register_email),
+ `Value );
+ string save_config =
+ (boolean) UI::QueryWidget( `id(`save_conf_new), `Value )
+ ? "y": "n";
+
+ if ( username == "" ) {
+ Popup::Error( _("Username required for registration." ));
+ } else if ( email == "" ) {
+ Popup::Error( _("Email address required for registration." ));
+ } else if ( password == "" && password_verify == "" ) {
+ Popup::Error( _("Password is required for registration." ));
+ } else if ( password != password_verify ) {
+ Popup::Error( _("Passwords do not match. Please re-enter." ));
+ } else if ( ! checkEmailAddress( email ) ) {
+ any dummy = nil;
+ } else {
+ y2milestone(
+ "APPARMOR : REPO - new registration: \n\tusername [" +
+ username + "]\n\tpassword [" + password +
+ "]\n\temail [" + email + "]\n\tsave config [" +
+ save_config + "]" );
+ answers["newuser"] = "y";
+ answers["pass"] = password;
+ answers["user"] = username;
+ answers["email"] = email;
+ answers["save_config"] = save_config;
+ input = `done;
+ }
+ } else {
+ y2milestone("APPARMOR : REPO - signon - no valid input[" +
+ tostring(input) + "]");
+ }
+ } until ((input == `done) ||
+ (input == `register_cancel) ||
+ (input == `signin_cancel));
+ if ( input != `done ) {
+ answers["cancelled"] = "y";
+ }
+ UI::CloseDialog();
+ return( answers );
+}
+
+
+/** UI_RepositoryViewProfile
+ * Dialog to allow users to view a profile from the repository
+ * and display it in a small scrollable dialog
+ *
+ * @param agent_data - map data from the backend
+ * [ user => string ]
+ * [ profile => string contiaining profile contents ]
+ * [ profile_type => string INACTIVE_LOCAL|REPOSITORY ]
+ *
+ * @return void
+ *
+ **/
+
+define void UI_RepositoryViewProfile( map<any,any> agent_data ) {
+
+ string user = agent_data["user"]:"MISSING USER";
+ string profile = agent_data["profile"]:"MISSING PROFILE";
+ string type = agent_data["profile_type"]:"MISSING PROFILE";
+
+ string headline = "";
+ if ( type == "INACTIVE_LOCAL" ) {
+ headline = _("Local inactive profile");
+ } else if ( type == "REPOSITORY" ) {
+ headline = _("Profile created by user ") + user;
+ } else {
+ headline = _("Local profile");
+ }
+
+
+ Popup::LongText ( headline, `RichText(`opt(`plainText), profile), 50, 20 );
+}
+
+
+/** UI_LongMessage
+ * Basic message dialog that will scroll long text
+ * @param agent_data - map - data from backend
+ * [ headline - string ]
+ * [ message - string ]
+ *
+ * @return void
+ **/
+
+define void UI_LongMessage( map<any,any> agent_data ) {
+
+ any user = agent_data["user"]:nil;
+ string headline = agent_data["headline"]:"MISSING HEADLINE";
+ string message = agent_data["message"]:"MISSING MESSAGE";
+
+ Popup::LongText(headline,`RichText(`opt(`plainText), message), 60, 40);
+
+}
+
+
+/** UI_ShortMessage
+ * Basic message dialog - no scrollbars
+ * @param agent_data - map - data from backend
+ * [ headline - string ]
+ * [ message - string ]
+ *
+ * @return void
+ **/
+
+define void UI_ShortMessage( map<any,any> agent_data ) {
+
+ any user = agent_data["user"]:nil;
+ string headline = agent_data["headline"]:"MISSING HEADLINE";
+ string message = agent_data["message"]:"MISSING MESSAGE";
+
+ Popup::AnyMessage(headline, message);
+
+}
+
+/** UI_ChangeLog_Dialog
+ * Takes a list of profiles and collects one or multiple changelog entries
+ * and returns them
+ *
+ * @param agent_data - data from the backend
+ * [ profiles - list of profile names ]
+ *
+ * @return results - map
+ * [ STATUS - string - ok/cancel ]
+ * [ SINGLE_CHANGELOG - string - set with changelog if user ]
+ * [ selects a single changelog ]
+ *
+ * [ profile 1 name - string - changelog 1 ]
+ * [ profile 2 name - string - changelog 2 ]
+ * ...
+ * [ profile n name - string - changelog n ]
+ *
+ **/
+define map<string,any> UI_ChangeLog_Dialog ( map<any,any> agent_data ) {
+ map<string,any> results = $[];
+ string main_label = _("Enter a changelog for the changes for ");
+ string main_label_single = _(" the selected profiles");
+ string checkbox_label = _("Individual changelogs per profile");
+ list<string> profiles = agent_data["profiles"]:[];
+
+ term dialog = `VBox(
+ `TextEntry(`id(`stringfield), main_label + "\n" + main_label_single),
+ `CheckBox(`id(`individual_changelogs), `opt(`notify), checkbox_label),
+ `VSpacing(0.5),
+ `HBox(
+ `HWeight(1, `PushButton(`id(`okay),
+ `opt(`default,
+ `key_F10),
+ Label::OKButton())),
+ `HSpacing(2),
+ `HWeight(1, `PushButton(`id(`cancel), `opt(`key_F9), Label::CancelButton()))
+ )
+ );
+ results["STATUS"] = "ok";
+ boolean single_changelog = true;
+ foreach( string profile_name, profiles, {
+ UI::OpenDialog(dialog);
+ if ( !single_changelog ) {
+ UI::ChangeWidget(`id(`stringfield),
+ `Label,
+ main_label + "\n" +
+ profile_name);
+ UI::ChangeWidget(`id(`individual_changelogs), `Value, true);
+ }
+ UI::SetFocus(`id(`stringfield));
+ any input = nil;
+ repeat {
+ input = UI::UserInput();
+ if ( input == `cancel ) {
+ results["STATUS"] = "cancel";
+ UI::CloseDialog();
+ break;
+ } else if ( input == `okay ) {
+ if (((boolean) UI::QueryWidget(`id(`individual_changelogs),
+ `Value)) == false ) {
+ results["SINGLE_CHANGELOG"] =
+ (string) UI::QueryWidget(`id(`stringfield), `Value);
+ UI::CloseDialog();
+ } else {
+ results[profile_name] =
+ (string) UI::QueryWidget(`id(`stringfield), `Value);
+ UI::CloseDialog();
+ }
+ } else if ( input == `individual_changelogs ){
+ if (((boolean) UI::QueryWidget(`id(`individual_changelogs),
+ `Value)) == true ) {
+ UI::ChangeWidget(`id(`stringfield),
+ `Label,
+ main_label + "\n"
+ + profile_name);
+ single_changelog = false;
+ } else {
+ UI::ChangeWidget(`id(`stringfield),
+ `Label,
+ main_label + "\n"
+ + main_label_single);
+ }
+ }
+ } until ( input == `okay || `input == `cancel );
+ if ( single_changelog || input == `cancel ) {
+ break;
+ }
+ });
+ return( results );
+}
+
+/** UI_MultiProfileSelectionDialog
+ * Two pane dialog with a multi-selection box on the left
+ * and a long text on the right. Allows a list of profiles
+ * or profile changes to be viewed and selected for further
+ * processing - for example uploading to the repository
+ *
+ * @param agent_data - map - data from backend
+ * [ title - string - explanation of the forms use ]
+ * [ get_changelog - string true/false - prompt user to ]
+ * [ supply changelogs ]
+ * [ never_ask_again - string true/false - add widget to let ]
+ * [ user select to never prompt again to ]
+ * [ upload unselected profiles to the ]
+ * [ repository ]
+ * [ default_select - string true/false - default value for ]
+ * [ profile selection ]
+ * [ profiles - map<string,string> ]
+ *
+ * @return results - map
+ * [ STATUS - string - ok/cancel ]
+ * [ PROFILES - list[string] - list of selected profiles ]
+ * [ NEVER_ASK_AGAIN - string - true/false - mark unselected ]
+ * [ profiles as local only and don't prompt ]
+ * [ to upload ]
+ * [ CHANGELOG - map[string,string] - changelog data from ]
+ * [ UI_ChangeLog_Dialog() ]
+ *
+ **/
+
+define map<any,any> UI_MultiProfileSelectionDialog( map<any,any> agent_data ) {
+ string headline = agent_data["title"]:"MISSING TITLE";
+ string explanation = agent_data["explanation"]:"MISSING EXPLANATION";
+ boolean default_select = agent_data["default_select"]:false;
+ boolean get_changelog = agent_data["get_changelog"]:true;
+ boolean disable_ask_upload = agent_data["disable_ask_upload"]:false;
+ map<any,any> profiles = agent_data["profiles"]:$[];
+ map<any,any> results = $[];
+
+ list profile_list = [];
+ foreach ( string profile_name, string profile_contents,
+ (map<string,string>) profiles, {
+ profile_list = add( profile_list, `item( `id(profile_name),
+ profile_name, default_select) );
+ });
+
+ term first_profile = (term) profile_list[0]:nil;
+ string first_profile_name = first_profile[1]:"MISSING PROFILE NAME";
+ string profile_rules =
+ (string) profiles[first_profile_name]:"MISSING CONTENTS";
+ string disable_ask_upload_str =
+ _("&Don't ask again for unselected profiles");
+ map ui_capabilities = UI::GetDisplayInfo();
+ boolean in_ncurses = ui_capabilities["TextMode"]:true;;
+ term profile_contents_text = nil;
+ term explanation_text = nil;
+
+ if ( in_ncurses ) {
+ profile_contents_text =
+ `RichText( `id(`contents),`opt(`plainText), profile_rules);
+ } else {
+ profile_contents_text =
+ `VBox(
+ `VSpacing(1.25),
+ `RichText( `id(`contents),`opt(`plainText), profile_rules)
+ );
+ }
+ term control_widgets = nil;
+ if ( disable_ask_upload == true ) {
+ control_widgets =
+ `VBox(
+ `CheckBox(`id(`disable_ask_upload), `opt(`notify),
+ disable_ask_upload_str),
+ `VSpacing(0.5),
+ `HBox(
+ `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))),
+ `HWeight( 50, `HCenter(`PushButton(`id(`cancel),
+ Label::CancelButton())))
+ )
+ );
+ } else {
+ if ( in_ncurses ) {
+ control_widgets =
+ `HBox(
+ `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))),
+ `HWeight( 50, `HCenter(`PushButton(`id(`cancel),
+ Label::CancelButton())))
+ );
+ } else {
+ control_widgets =
+ `VBox(
+ `VSpacing(0.5),
+ `HBox(
+ `HWeight( 50, `HCenter(`PushButton(`id(`save),
+ Label::OKButton()))),
+ `HWeight( 50, `HCenter(`PushButton(`id(`cancel),
+ Label::CancelButton())))
+ )
+ );
+ }
+ }
+
+ UI::OpenDialog(
+ `VBox(
+ `VSpacing(0.1),
+ `VWeight( 15, `Top(`Label(`id(`explanation), explanation))),
+ `VSpacing(0.2),
+ `VWeight( 70,
+ `HBox(
+ `VSpacing( 1 ),
+ `HSpacing( 0.5 ),
+ `Frame( `id(`select_profiles), headline,
+ `HBox(
+ `HWeight( 40, `MinSize( 30, 15,
+ `MultiSelectionBox( `id(`profiles),
+ `opt(`notify),
+ _("Profiles"),
+ profile_list) )
+ ),
+ `HWeight( 60, profile_contents_text )
+ )
+ ),
+ `HSpacing( 0.5 )
+ )
+ ),
+ `VSpacing( 0.2 ),
+ `VWeight( 15, control_widgets ),
+ `VSpacing( 0.2 )
+ )
+ );
+ UI::ChangeWidget( `id(`profiles), `CurrentValue, first_profile_name );
+
+ map event2 = $[];
+ any id2 = nil;
+ repeat
+ {
+ event2 = UI::WaitForEvent ();
+ id2 = event2["ID"]:nil;
+ if ( id2 == `profiles ) {
+ any itemid = UI::QueryWidget( `id(`profiles), `CurrentItem );
+ string stritem = tostring( itemid );
+ string contents = profiles[stritem]:"MISSING CONTENTS";
+ UI::ChangeWidget( `id(`contents), `Value, contents );
+ }
+ } until ( id2 == `save || id2 == `cancel );
+
+ list selected_profiles = [];
+ if (id2 == `save) {
+ list<any> selected_items =
+ (list<any>) UI::QueryWidget( `id(`profiles), `SelectedItems );
+ integer profile_index = 0;
+ foreach ( any p_name, selected_items, {
+ selected_profiles[profile_index] = tostring( p_name );
+ profile_index = profile_index + 1;
+ });
+ results["STATUS"] = "ok";
+ if (get_changelog == true) {
+ map<string,any> changelog_results =
+ UI_ChangeLog_Dialog( $["profiles":selected_profiles] );
+ if ( changelog_results["STATUS"]:"cancel" == "cancel" ) {
+ results["STATUS"] = "cancel";
+ } else {
+ results["CHANGELOG"] = changelog_results;
+ results["PROFILES"] = selected_profiles;
+ }
+ } else {
+ results["PROFILES"] = selected_profiles;
+ }
+ if ( disable_ask_upload == true &&
+ ((boolean) UI::QueryWidget( `id(`disable_ask_upload), `Value ))
+ == true ) {
+ results["NEVER_ASK_AGAIN"] = "true";
+ }
+ } else if ( id2 == `cancel ) {
+ results["STATUS"] = "cancel";
+ }
+ UI::CloseDialog();
+ return results;
+}
+
+/** Form_BusyFeedbackDialog
+ *
+ * @param agent_data - map - data from backend
+ * [ title - string - explanation of the forms use ]
+ *
+ * @return results - map
+ * [ STATUS - string - ok/cancel ]
+ *
+ **/
+
+define term Form_BusyFeedbackDialog( string message ) {
+ //`MinSize( 10, 4, `Image(`opt(`animated), movie, "animation" ),
+ //`Image(`opt(`animated), movie, "animation" ),
+ string movie =
+ "/usr/share/YaST2/theme/current/animations/ticks-endless.gif";
+ term busy_dialog =
+ `HBox(
+ //`MinSize( 10, 4, `Image(`opt(`animated), movie, "animation" ) ),
+ `Image(`opt(`animated), movie, "animation" ),
+ `Label( message )
+ );
+ return busy_dialog;
+}
+
+define void UI_BusyFeedbackStart( map<any,any> agent_data ) {
+ string message = agent_data["message"]:"MISSING MESSAGE";
+ if ( AppArmorDialogs::busy_dialog != nil ) {
+ UI::CloseDialog();
+ }
+ AppArmorDialogs::busy_dialog = Form_BusyFeedbackDialog( message );
+ UI::OpenDialog( AppArmorDialogs::busy_dialog);
+ return;
+}
+
+define void UI_BusyFeedbackStop( ) {
+ if ( AppArmorDialogs::busy_dialog != nil ) {
+ UI::CloseDialog();
+ AppArmorDialogs::busy_dialog = nil;
+ }
+}
--- /dev/null
+++ b/src/include/apparmor/capabilities.ycp
@@ -0,0 +1,310 @@
+/* ------------------------------------------------------------------
+*
+* Copyright (C) 2002-2005 Novell/SUSE
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of version 2 of the GNU General Public
+* License published by the Free Software Foundation.
+*
+ ------------------------------------------------------------------*/
+//
+// YCP map containing definitons for Capabiltiies
+//
+{
+
+textdomain "yast2-apparmor";
+
+map<string,map> capdefs = $[
+"chown" :
+ $[
+ "name" : "CAP_CHOWN",
+ "info" : _("<ul><li>In a system with the [_POSIX_CHOWN_RESTRICTED] option defined,
+this overrides the restriction of changing file ownership
+and group ownership.</li></ul>"),
+
+ ],
+"dac_override" :
+ $[
+ "name" : "CAP_DAC_OVERRIDE",
+ "info" : _("<ul><li>Override all DAC access, including ACL execute access if
+[_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.</li></ul>"),
+
+ ],
+"dac_read_search" :
+ $[
+ "name" : "CAP_DAC_READ_SEARCH",
+ "info" : _("<ul><li>Overrides all DAC restrictions regarding read and search
+on files and directories, including ACL restrictions if [_POSIX_ACL] is defined.
+Excluding DAC access covered by CAP_LINUX_IMMUTABLE. </li></ul>"),
+
+ ],
+"fowner" :
+ $[
+ "name" : "CAP_FOWNER",
+ "info" : _("<ul><li>Overrides all restrictions about allowed operations on files,
+where file owner ID must be equal to the user ID, except where CAP_FSETID is
+applicable. It doesn't override MAC and DAC restrictions. </li></ul>"),
+
+ ],
+"fsetid" :
+ $[
+ "name" : "CAP_FSETID",
+ "info" : _("<ul><li>Overrides the following restrictions that the effective user
+ID shall match the file owner ID when setting the S_ISUID and S_ISGID bits on that
+file; that the effective group ID (or one of the supplementary group IDs) shall match
+the file owner ID when setting the S_ISGID bit on that file; that the S_ISUID and
+S_ISGID bits are cleared on successful return from chown(2) (not implemented). </li></ul>"),
+
+ ],
+"kill" :
+ $[
+ "name" : "CAP_KILL",
+ "info" : _("<ul><li>Overrides the restriction that the real or effective user ID
+of a process sending a signal must match the real or effective user ID of the process
+receiving the signal.</li></ul>"),
+
+ ],
+"setgid" :
+ $[
+ "name" : "CAP_SETGID",
+ "info" : _("<ul><li>Allows setgid(2) manipulation </li> <li> Allows setgroups(2) </li>
+<li> Allows forged gids on socket credentials passing. </li></ul>"),
+
+ ],
+"setuid" :
+ $[
+ "name" : "CAP_SETUID",
+ "info" : _("<ul><li>Allows setuid(2) manipulation (including fsuid) </li>
+<li> Allows forged pids on socket credentials passing. </li></ul>"),
+
+ ],
+"setpcap" :
+ $[
+ "name" : "CAP_SETPCAP",
+ "info" : _("<ul><li> Transfer any capability in your permitted set to any pid,
+remove any capability in your permitted set from any pid</li></ul>"),
+
+ ],
+"linux_immutable" :
+ $[
+ "name" : "CAP_LINUX_IMMUTABLE",
+ "info" : _("<ul><li>Allows modification of S_IMMUTABLE and S_APPEND file attributes</li></ul>"),
+
+ ],
+"net_bind_service" :
+ $[
+ "name" : "CAP_NET_BIND_SERVICE",
+ "info" : _("<ul><li>Allows binding to TCP/UDP sockets below 1024 </li>
+<li> Allows binding to ATM VCIs below 32</li></ul>"),
+
+ ],
+"net_broadcast" :
+ $[
+ "name" : "CAP_NET_BROADCAST",
+ "info" : _("<ul><li> Allows broadcasting, listen to multicast </li></ul>"),
+
+ ],
+"net_admin" :
+ $[
+ "name" : "CAP_NET_ADMIN",
+ "info" : _("<ul><li> Allows interface configuration</li>
+<li> Allows administration of IP firewall, masquerading and accounting</li>
+<li> Allows setting debug option on sockets</li>
+<li> Allows modification of routing tables</li>") +
+
+_("<li> Allows setting arbitrary process / process group ownership on sockets</li>
+<li> Allows binding to any address for transparent proxying</li>
+<li> Allows setting TOS (type of service)</li>
+<li> Allows setting promiscuous mode</li>
+<li> Allows clearing driver statistics</li>") +
+
+_("<li> Allows multicasting</li>
+<li> Allows read/write of device-specific registers</li>
+<li> Allows activation of ATM control sockets </li>
+</ul>"),
+
+ ],
+"net_raw" :
+ $[
+ "name" : "CAP_NET_RAW",
+ "info" : _("<ul><li> Allows use of RAW sockets</li>
+<li> Allows use of PACKET sockets </li></ul>"),
+
+ ],
+"ipc_lock" :
+ $[
+ "name" : "CAP_IPC_LOCK",
+ "info" : _("<ul><li> Allows locking of shared memory segments</li>
+<li> Allows mlock and mlockall (which doesn't really have anything to do with IPC) </li></ul>"),
+
+ ],
+"ipc_owner" :
+ $[
+ "name" : "CAP_IPC_OWNER",
+ "info" : _("<ul><li> Override IPC ownership checks </li></ul>"),
+
+ ],
+"sys_module" :
+ $[
+ "name" : "CAP_SYS_MODULE",
+ "info" : _("<ul><li> Insert and remove kernel modules - modify kernel without limit</li>
+<li> Modify cap_bset </li></ul>"),
+
+ ],
+"sys_rawio" :
+ $[
+ "name" : "CAP_SYS_RAWIO",
+ "info" : _("<ul><li> Allows ioperm/iopl access</li>
+<li> Allows sending USB messages to any device via /proc/bus/usb </li></ul>"),
+
+ ],
+"sys_chroot" :
+ $[
+ "name" : "CAP_SYS_CHROOT",
+ "info" : _("<ul><li> Allows use of chroot() </li></ul>"),
+
+ ],
+"sys_ptrace" :
+ $[
+ "name" : "CAP_SYS_PTRACE",
+ "info" : _("<ul><li> Allows ptrace() of any process </li></ul>"),
+
+ ],
+"sys_pacct" :
+ $[
+ "name" : "CAP_SYS_PACCT",
+ "info" : _("<ul><li> Allows configuration of process accounting </li></ul>"),
+
+ ],
+"sys_admin" :
+ $[
+ "name" : "CAP_SYS_ADMIN",
+ "info" : _("<ul><li> Allows configuration of the secure attention key</li>
+<li> Allows administration of the random device</li>
+<li> Allows examination and configuration of disk quotas</li>
+<li> Allows configuring the kernel's syslog (printk behaviour)</li>") +
+
+_("<li> Allows setting the domain name</li>
+<li> Allows setting the hostname</li>
+<li> Allows calling bdflush()</li>
+<li> Allows mount() and umount(), setting up new smb connection</li>
+<li> Allows some autofs root ioctls</li>") +
+
+_("<li> Allows nfsservctl</li>
+<li> Allows VM86_REQUEST_IRQ</li>
+<li> Allows to read/write pci config on alpha</li>
+<li> Allows irix_prctl on mips (setstacksize)</li>
+<li> Allows flushing all cache on m68k (sys_cacheflush)</li>") +
+
+_("<li> Allows removing semaphores</li>
+<li> Used instead of CAP_CHOWN to \"chown\" IPC message queues, semaphores and shared memory</li>
+<li> Allows locking/unlocking of shared memory segment</li>
+<li> Allows turning swap on/off</li>
+<li> Allows forged pids on socket credentials passing</li>") +
+
+_("<li> Allows setting read ahead and flushing buffers on block devices</li>
+<li> Allows setting geometry in floppy driver</li>
+<li> Allows turning DMA on/off in xd driver</li>
+<li> Allows administration of md devices (mostly the above, but some extra ioctls)</li>") +
+
+_("<li> Allows tuning the ide driver</li>
+<li> Allows access to the nvram device</li>
+<li> Allows administration of apm_bios, serial and bttv (TV) device</li>
+<li> Allows manufacturer commands in isdn CAPI support driver</li>") +
+
+_("<li> Allows reading non-standardized portions of pci configuration space</li>
+<li> Allows DDI debug ioctl on sbpcd driver</li>
+<li> Allows setting up serial ports</li>
+<li> Allows sending raw qic-117 commands</li>") +
+
+_("<li> Allows enabling/disabling tagged queuing on SCSI controllers
+ and sending arbitrary SCSI commands</li>
+<li> Allows setting encryption key on loopback filesystem </li></ul>"),
+
+ ],
+"sys_boot" :
+ $[
+ "name" : "CAP_SYS_BOOT",
+ "info" : _("<ul><li> Allows use of reboot() </li></ul>"),
+
+ ],
+"sys_nice" :
+ $[
+ "name" : "CAP_SYS_NICE",
+ "info" : _("<ul><li> Allows raising priority and setting priority on other (different UID) processes</li>
+<li> Allows use of FIFO and round-robin (realtime) scheduling on own processes and setting
+the scheduling algorithm used by another process.</li>
+<li> Allows setting cpu affinity on other processes </li></ul>"),
+ ],
+"sys_resource" :
+ $[
+ "name" : "CAP_SYS_RESOURCE",
+ "info" : _("<ul><li> Override resource limits. Set resource limits.</li>
+<li> Override quota limits.</li>
+<li> Override reserved space on ext2 filesystem</li>
+<li> Modify data journaling mode on ext3 filesystem (uses journaling resources)</li>") +
+
+_("<li> NOTE: ext2 honors fsuid when checking for resource overrides, so you can override using fsuid too</li>
+<li> Override size restrictions on IPC message queues</li>
+<li> Allows more than 64hz interrupts from the real-time clock</li>
+<li> Override max number of consoles on console allocation</li>
+<li> Override max number of keymaps </li></ul>"),
+ ],
+"sys_time" :
+ $[
+ "name" : "CAP_SYS_TIME",
+ "info" : _("<ul><li> Allows manipulation of system clock</li>
+<li> Allows irix_stime on mips</li>
+<li> Allows setting the real-time clock </li></ul>"),
+ ],
+"sys_tty_config" :
+ $[
+ "name" : "CAP_SYS_TTY_CONFIG",
+ "info" : _("<ul><li> Allows configuration of tty devices</li>
+<li> Allows vhangup() of tty </li></ul>"),
+ ],
+"mknod" :
+ $[
+ "name" : "CAP_MKNOD",
+ "info" : _("<ul><li> Allows the privileged aspects of mknod() </li></ul>"),
+ ],
+"lease" :
+ $[
+ "name" : "CAP_LEASE",
+ "info" : _("<ul><li> Allows taking of leases on files </li></ul>"),
+ ],
+];
+
+
+map<string,string> linnametolp = $[
+"CAP_CHOWN" : "chown",
+"CAP_DAC_OVERRIDE" : "dac_override",
+"CAP_DAC_READ_SEARCH" : "dac_read_search",
+"CAP_FOWNER" : "fowner",
+"CAP_FSETID" : "fsetid",
+"CAP_KILL" : "kill",
+"CAP_SETGID" : "setgid",
+"CAP_SETUID" : "setuid",
+"CAP_SETPCAP" : "setpcap",
+"CAP_LINUX_IMMUTABLE" : "linux_immutable",
+"CAP_NET_BIND_SERVICE" : "net_bind_service",
+"CAP_NET_BROADCAST" : "net_broadcast",
+"CAP_NET_ADMIN" : "net_admin",
+"CAP_NET_RAW" : "net_raw",
+"CAP_IPC_LOCK" : "ipc_lock",
+"CAP_IPC_OWNER" : "ipc_owner",
+"CAP_SYS_MODULE" : "sys_module",
+"CAP_SYS_RAWIO" : "sys_rawio",
+"CAP_SYS_CHROOT" : "sys_chroot",
+"CAP_SYS_PTRACE" : "sys_ptrace",
+"CAP_SYS_PACCT" : "sys_pacct",
+"CAP_SYS_ADMIN" : "sys_admin",
+"CAP_SYS_BOOT" : "sys_boot",
+"CAP_SYS_NICE" : "sys_nice",
+"CAP_SYS_RESOURCE" : "sys_resource",
+"CAP_SYS_TIME" : "sys_time",
+"CAP_SYS_TTY_CONFIG" : "sys_tty_config",
+"CAP_MKNOD" : "mknod",
+"CAP_LEASE" : "lease",
+];
+}
--- /dev/null
+++ b/src/include/apparmor/config_complain.ycp
@@ -0,0 +1,227 @@
+/* ------------------------------------------------------------------
+*
+* Copyright (C) 2002-2005 Novell/SUSE
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of version 2 of the GNU General Public
+* License published by the Free Software Foundation.
+*
+ ------------------------------------------------------------------*/
+
+{
+textdomain "yast2-apparmor";
+
+import "Label";
+
+string modeHelp = _("<p><b>Profile Mode Configuration</b><br>This tool allows
+you to set AppArmor profiles to either complain or enforce mode.</p>") +
+
+_("<p><b>Complain mode</b> is a profile training state that logs application
+activity. All the violations of the AppArmor profile rules are logged
+(into <i>/var/log/audit/audit.log</i> file), but still permitted, so
+that application's behavior is not restricted.</p>") +
+
+_("<p>With the profile in <b>enforce mode</b>, application is protected by
+AppArmor. The profile rules are enforced and their violation is logged,
+but not permitted (e.g. an application cannot access files, unless it is
+permitted to do so by the profile).</p>");
+
+boolean showAll = false; // Button for showing active or all profiles
+
+define void updateComplain(any id, string profile, string mode, boolean showAll) {
+
+ boolean error = false;
+ map<string,string> profCmd = $[ ];
+
+ if (id == `allEnforce || id == `allComplain) {
+ profCmd["all"] = "1";
+ } else if ( profile != "" ) {
+ profCmd["profile"] = profile;
+ } else {
+ Popup::Error( _("Couldn't recognize profile name: ") + profile );
+ return;
+ }
+
+ if ( id == `toggle && mode != "" ) {
+ // Reverse modes for toggling
+ if ( mode == "enforce" ) {
+ profCmd["mode"] = "complain";
+ } else if (mode == "complain") {
+ profCmd["mode"] = "enforce";
+ } else {
+ error = true;
+ Popup::Error( _("Couldn't recognize mode: ") + mode );
+ }
+ } else if ( id != `toggle ) {
+ profCmd["mode"] = mode;
+ }
+
+ if ( showAll == true ) {
+ profCmd["showall"] = "1";
+ } else {
+ profCmd["showall"] = "0";
+ }
+
+ SCR::Write(.complain, profCmd);
+
+ return;
+}
+
+define list<term> getRecordList(boolean showAll) {
+
+ map<string,string> Settings = $[ ];
+ Settings["list"] = "1";
+
+ if ( showAll == true ) {
+ Settings["showall"] = "1";
+ } else {
+ Settings["showall"] = "0";
+ }
+
+ list<term> recList = [];
+ integer key = 1;
+
+ // restarts ag_complain agent if necessary
+ list <map> db = nil;
+ while ( db == nil ) {
+ db = (list <map>) SCR::Read (.complain, Settings);
+ }
+
+ foreach ( map record, db, {
+ recList = add( recList, `item( `id(key), record["name"]:nil, record["mode"]:nil ));
+ key = key + 1;
+ });
+
+ return recList;
+}
+
+define term getProfModeForm(list<term> recList, boolean showAll ) {
+
+ term allBtn = `PushButton(`id(`showAll), _("Show All Profiles") );
+ string allText = _("Configure Mode for Active Profiles");
+
+ if ( showAll && showAll == true ) {
+ allBtn = `PushButton(`id(`showAct), _("Show Active Profiles") );
+ allText = _("Configure Mode for All Profiles");
+ }
+
+ term modeForm =
+
+ `Frame( `id(`changeMode), allText,
+ //`Frame( `id(`changeMode), _("Configure Profile Mode"),
+ `VBox(
+ `VSpacing(2),
+ `HBox(
+ `VSpacing(10),
+ `Table(`id(`table), `opt(`notify), `header(_("Profile Name"), _("Mode")), recList)
+ ),
+ `VSpacing(0.5),
+ `HBox(
+ allBtn,
+ `PushButton(`id(`toggle), _("Toggle Mode") ),
+ `PushButton(`id(`allEnforce), _("Set All to Enforce") ),
+ `PushButton(`id(`allComplain), _("Set All to Complain") )
+ ))
+ );
+
+ return modeForm;
+}
+
+define term updateModeConfigForm(boolean showAll) {
+
+ list<term> recList = getRecordList(showAll);
+ term newModeForm = getProfModeForm(recList, showAll);
+
+ return newModeForm;
+}
+
+// Profile Mode Configuration -- Sets Complain and Enforce Behavior
+define symbol profileModeConfigForm() {
+
+ list<term> recList = getRecordList(showAll);
+ term modeForm = getProfModeForm(recList, showAll);
+ Wizard::CreateDialog();
+ Wizard::SetContentsButtons( _("Profile Mode Configuration"), modeForm, modeHelp, Label::BackButton(), _("&Done") );
+
+ map event = $[];
+ any id = nil;
+ boolean modified = false;
+
+ while( true ) {
+
+ event = UI::WaitForEvent();
+
+ id = event["ID"]:nil; // We'll need this often - cache it
+ string profile = nil;
+ string mode = nil;
+
+ if ( id == `abort || id == `cancel || id == `back ) {
+ break;
+
+ } else if ( id == `next ) {
+ integer ret = -1;
+ if ( modified )
+ ret = (integer) SCR::Execute (.target.bash, "/sbin/rcsubdomain reload > /dev/null 2>&1");
+ else {
+ y2milestone("No change to Apparmor profile modes - nothing to do.");
+ break;
+ }
+ if ( ret == 0)
+ y2milestone("Apparmor profiles reloaded succesfully.");
+ else
+ y2error("Reloading Apparmor profiles failed with exit code %1", ret);
+
+ break;
+ } else if ( id == `showAll ) {
+
+ showAll = true;
+ Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") );
+ continue;
+
+ } else if ( id == `showAct ) {
+
+ showAll = false;
+ Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") );
+ continue;
+
+ } else if ( id == `toggle) {
+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
+ profile = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "");
+ mode = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 2, "");
+
+ updateComplain(id, profile, mode, showAll);
+ modified = true;
+ Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") );
+ continue;
+
+ } else if ( id == `allEnforce || id == `allComplain) {
+
+ profile = "";
+
+ if ( id == `allEnforce ) {
+ mode = "enforce";
+ } else {
+ mode = "complain";
+ }
+
+ updateComplain(id, profile, mode, showAll);
+ modified = true;
+ Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") );
+ continue;
+
+ } else if ( id == `table ) {
+
+ Popup::Message( _("Please select an action to perform from the buttons below.") );
+
+ } else {
+ y2error("Unexpected return code: %1", id);
+ break;
+ }
+ }
+
+ Wizard::CloseDialog(); // new
+ return (symbol) id;
+}
+
+/* EOF */
+}
--- /dev/null
+++ b/src/include/apparmor/helps.ycp
@@ -0,0 +1,219 @@
+/* ------------------------------------------------------------------
+*
+* Copyright (C) 2002-2005 Novell/SUSE
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of version 2 of the GNU General Public
+* License published by the Free Software Foundation.
+*
+ ------------------------------------------------------------------*/
+
+{
+
+textdomain "yast2-apparmor";
+
+/* START Help Section
+************************************************************/
+map <string, any> helps = $[
+ "EventNotifyHelpText" :
+ _("<p>The Security Event Notification screen enables you to setup email
+alerts for security events. In the following steps, specify how often
+alerts are sent, who receives the alert, and how severe the security
+event must be to send an alert.</p>") +
+
+ _("<p><b>Notification Types</b><br> <b>Terse Notification:</b>
+Terse notification summarizes the total number of system events without
+providing details. <br>For example:<br> <tt>dhcp-101.up.wirex.com has
+had 10 security events since Tue Oct 12 11:10:00 2004</tt></p>") +
+
+ _("<p><b>Summary Notification:</b> The Summary notification displays
+the logged AppArmor security events, and lists the number of
+individual occurrences, including the date of the last occurrence.
+<br>For example:<br> <tt>SubDomain: PERMITTING access to capability
+'setgid' (httpd2-prefork(6347) profile /usr/sbin/httpd2-prefork
+active /usr/sbin/httpd2-prefork) 2 times, the latest at Sat Oct 9 16:05:54 2004.</tt>
+</p>") +
+
+ _("<p><b>Verbose Notification:</b> The Verbose notification displays
+unmodified, logged AppArmor security events. It tells you every time
+an event occurs and writes a new line in the Verbose log. These
+security events include the date and time the event occurred, when
+the application profile permits access as well as rejects access,
+and the type of file permission access that is permitted or rejected.</p>") +
+
+ _("<p>Verbose Notification also reports several messages that
+the logprof tool uses to interpret profiles. <br>For example:<br>
+<tt> Oct 9 15:40:31 SubDomain: PERMITTING r access to
+/etc/apache2/httpd.conf (httpd2-prefork(6068) profile
+/usr/sbin/httpd2-prefork active /usr/sbin/httpd2-prefork)</tt></p>") +
+
+ "<ol>" + _("<li> For each notification type that you would like
+enabled, select the frequency of notification that you would
+like. For example, if you select <b>1 day</b> from the
+pull-down list, you will be sent daily notifications of
+security events, if they occur.</li>") +
+
+ _("<li> Enter the email address of those who should receive
+the Terse, Summary, or Verbose notifications.If there is no local
+SMTP server configured to distribute e-mails from this host to the
+domain you entered, enter for example <i><user>@localhost</i>
+and enable <i><user></i> to receive system mail, if it is not
+a root user. </li>") +
+
+ _("<li>Select the lowest <b>severity level</b> for which a notification
+should be sent. Security events will be logged and the notifications
+will be sent at the time indicated by the interval when events are
+equal or greater than the selected severity level. If the interval
+is 1 day, the notification will be sent daily, if security events
+occur.") +
+
+ _("<b>Severity Levels:</b> These are numbered 1 through 10,
+10 being the most severe security incident. The <b>severity.db</b>
+file defines the severity level of potential security events.
+The severity levels are determined by the importance of
+different security events, such as certain resources accessed
+or services denied.</li>") +
+
+ _("<li>Select <b>Include unknown security events</b> if
+you would like to include events that are not rated with a severity number.</li>") +
+ "</ol>",
+// ----------------------------
+ "profileWizard" :
+ _("<b>AppArmor Profiling Wizard</b><br>") +
+ _("This wizard presents entries generated by the AppArmor access control module.
+You can generate highly optimized and robust security profiles
+by using the suggestions made by AppArmor.") +
+
+ _("AppArmor suggests that you allow or deny access to specific resources
+or define execute permission for entries. Questions
+that display were logged during the normal application
+execution test previously performed. <br>") +
+
+ _("The following help text describes the detail of the security profile
+syntax used by AppArmor. <br><br>At any stage, you may
+customize the profile entry by changing the suggested response.
+This overview will assist you in your options. Refer to the
+Novell AppArmor Administration Guide for step-by-step
+instructions. <br><br>") +
+
+ _("<b>Access Modes</b><br>") +
+ _("File permission access modes consists of combinations of the following six modes:") +
+
+ "<ul>" +
+ _("<li>r - read</li>") +
+ _("<li>w - write</li>") +
+ _("<li>m - mmap PROT_EXEC</li>") +
+ _("<li>px - discrete profile execute</li>") +
+ _("<li>ux - unconfined execute</li>") +
+ _("<li>ix - inherit execute</li>") +
+ _("<li>l - link</li>") + "</ul>" +
+
+ _("<b>Details for Access Modes</b>") +
+ "<br><br>" +
+
+ _("<b>Read mode</b><br>") +
+ _("Allows the program to have read access to the
+resource. Read access is required for shell scripts
+and other interpreted content, and determines if an
+executing process can core dump or be attached to with
+ptrace(2). (ptrace(2) is used by utilities such as
+strace(1), ltrace(1), and gdb(1).)") +
+ "<br><br>" +
+
+ _("<b>Write mode</b><br>") +
+ _("Allows the program to have write access to the
+resource. Files must have this permission if they are
+to be unlinked (removed.)") +
+ "<br><br>" +
+
+ _("<b>Mmap PROT_EXEC mode</b><br>") +
+ _("Allows the program to call mmap with PROT_EXEC on the
+resource.") +
+ "<br><br>" +
+
+ _("<b>Unconfined execute mode</b><br>") +
+ _("Allows the program to execute the resource without any
+AppArmor profile being applied to the executed
+resource. Requires listing execute mode as well.
+Incompatible with Inherit and Discrete Profile execute
+entries.") +
+ "<br><br>" +
+
+ _("This mode is useful when a confined program needs to
+be able to perform a privileged operation, such as
+rebooting the machine. By placing the privileged section
+in another executable and granting unconfined
+execution rights, it is possible to bypass the mandatory
+constraints imposed on all confined processes.
+For more information on what is constrained, see the
+subdomain(7) man page.") +
+ "<br><br>" +
+
+ _("<b>Discrete Profile execute mode</b><br>") +
+ _("This mode requires that a discrete security profile is
+defined for a resource executed at a AppArmor domain
+transition. If there is no profile defined then the
+access will be denied. Incompatible with Inherit and
+Unconstrained execute entries.") +
+ "<br><br>" +
+
+ _("<b>Link mode</b><br>") +
+ _("Allows the program to be able to create and remove a
+link with this name (including symlinks). When a link
+is created, the file that is being linked to MUST have
+the same access permissions as the link being created
+(with the exception that the destination does not have
+to have link access.) Link access is required for
+unlinking a file.") +
+ "<br><br>" +
+
+ _("<b>Globbing</b>") +
+ "<br><br>" +
+ _("File resources may be specified with a globbing syntax
+similar to that used by popular shells, such as csh(1),
+bash(1), zsh(1).") +
+ "<br>" +
+
+ "<ul>" +
+ _("<li><b>*</b> can substitute for any number of characters, except '/'<li>") +
+ _("<li><b>**</b> can substitute for any number of characters, including '/'</li>") +
+ _("<li><b>?</b> can substitute for any single character except '/'</li>") +
+ _("<li><b>[abc]</b> will substitute for the single character a, b, or c</li>") +
+ _("<li><b>[a-c]</b> will substitute for the single character a, b, or c</li>") +
+ _("<li><b>{ab,cd}</b> will expand to one rule to match ab, one rule to match cd</li>") +
+ "</ul>" +
+
+ _("<b>Clean Exec - for sanitized execution</b>") +
+ "<br><br>" +
+ _("The Clean Exec option for the discrete profile and unconstrained
+execute permissions provide added security by stripping the
+environment that is inherited by the child program of specific
+variables. You will be prompted to choose whether you want to sanitize the
+environment if you choose 'p' or 'u' during the profiling process.
+The variables are:") +
+
+ "<ul>" +
+ "<li>GCONV_PATH</li>" +
+ "<li>GETCONF_DIR</li>" +
+ "<li>HOSTALIASES</li>" +
+ "<li>LD_AUDIT</li>" +
+ "<li>LD_DEBUG</li>" +
+ "<li>LD_DEBUG_OUTPUT</li>" +
+ "<li>LD_DYNAMIC_WEAK</li>" +
+ "<li>LD_LIBRARY_PATH</li>" +
+ "<li>LD_ORIGIN_PATH</li>" +
+ "<li>LD_PRELOAD</li>" +
+ "<li>LD_PROFILE</li>" +
+ "<li>LD_SHOW_AUXV</li>" +
+ "<li>LD_USE_LOAD_BIAS</li>" +
+ "<li>LOCALDOMAIN</li>" +
+ "<li>LOCPATH</li>" +
+ "<li>MALLOC_TRACE</li>" +
+ "<li>NLSPATH</li>" +
+ "<li>RESOLV_HOST_CONF</li>" +
+ "<li>RES_OPTION</li>" +
+ "<li>TMPDIR</li>" +
+ "<li>TZDIR</li> </ul>",
+
+ ];
+}
--- /dev/null
+++ b/src/include/apparmor/profile_dialogs.ycp
@@ -0,0 +1,1147 @@
+/* ------------------------------------------------------------------
+*
+* Copyright (C) 2002-2005 Novell/SUSE
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of version 2 of the GNU General Public
+* License published by the Free Software Foundation.
+*
+ ------------------------------------------------------------------*/
+{
+import "Wizard";
+import "Popup";
+import "Label";
+import "Map";
+include "subdomain/capabilities.ycp";
+textdomain "yast2-apparmor";
+
+// Globalz
+integer timeout_millisec = 20 * 1000;
+map<string,any> Settings = $[
+ "CURRENT_PROFILE" : ""
+];
+
+
+define map capabilityEntryPopup( map capmap,
+ string linuxcapname,
+ string profile ) {
+ map results = $[];
+ string lpname = linnametolp[linuxcapname]:"";
+ map cdef = capdefs[lpname]:nil;
+ list caplist = [];
+ boolean capbool = false;
+ foreach( string clname, string clpname, (map<string,string>) linnametolp, {
+ if ( capmap[clpname]:nil != nil) capbool = true;
+ caplist = add( caplist, `item( `id(clname), clname, capbool) );
+ capbool = false;
+ });
+ string info = (string) cdef["info"]:_("<b>Capability Selection</b>.
+<br>Select desired capabilities for this profile.
+Select a Capability name to see information about the capability.");
+ string frametitle = " " + _("Capabilities enabled for the profile") + " " + profile + " ";
+ UI::OpenDialog(
+ `VBox(
+ `HSpacing( 75 ),
+ `VSpacing( `opt(`hstretch), 1 ),
+ `HBox(
+ `VSpacing( 20 ),
+ `HSpacing( 0.5 ),
+ `Frame( frametitle,
+ `HBox(
+ `HWeight( 30,
+ `MultiSelectionBox( `id(`caps), `opt(`notify), _("Capabilities"), caplist)
+ ),
+ `HWeight( 60, `RichText( `id(`captext), info) )
+ )
+ ),
+ `HSpacing( 0.05 )
+ ),
+ `VSpacing( 0.5 ),
+ `HBox(
+ `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))),
+ `HWeight( 50, `HCenter(`PushButton(`id(`cancel), Label::CancelButton())))
+ ),
+ `VSpacing( `opt(`hstretch), 0.5 )
+ )
+ );
+
+ if ( linuxcapname != "" ) {
+ UI::ChangeWidget( `id(`caps), `CurrentItem, linuxcapname );
+ }
+
+ map event2 = $[];
+ any id2 = nil;
+ repeat
+ {
+ event2 = UI::WaitForEvent( timeout_millisec );
+ id2 = event2["ID"]:nil; // We'll need this often - cache it
+ if ( id2 == `caps ) {
+ any itemid = UI::QueryWidget( `id(`caps), `CurrentItem );
+ list selecteditems = (list) UI::QueryWidget( `id(`caps), `SelectedItems );
+ string stritem = tostring( itemid );
+ string capindex = linnametolp[stritem]:"";
+ map cdf = capdefs[capindex]:nil;
+ string cdfi = cdf["info"]:"";
+ UI::ChangeWidget( `id(`captext), `Value, cdfi );
+ }
+ } until ( id2 == `save || id2 == `cancel );
+
+ map<string, map> newcapmap = $[];
+ if ( id2 == `save ) {
+ list<any> selectedcaps = (list<any>) UI::QueryWidget( `id(`caps), `SelectedItems );
+ string s = "";
+ foreach( any cpname, selectedcaps, {
+ s = linnametolp[tostring(cpname)]:"";
+ newcapmap = add( newcapmap, s, $["audit":0, "set":1]);
+ });
+ }
+ UI::CloseDialog();
+ if ( id2 == `cancel ) {
+ return capmap;
+ }
+ return newcapmap;
+}
+
+
+define string networkEntryPopup( string rule ) {
+ integer listnum = 0;
+ list netlist = splitstring( rule, " " );
+ integer netrulesize = size( netlist );
+ string family = "";
+ string sockettype = "";
+ if ( netrulesize == 1 ) {
+ family = "All";
+ } else if ( netrulesize == 2 ) {
+ family = netlist[1]:"";
+ } else if ( netrulesize == 3 ) {
+ family = netlist[1]:"";
+ sockettype = netlist[2]:"";
+ }
+
+ list<term> famList = [
+ `item( `id( `allfam ), _("All") ),
+ `item( `id( `inet ), "inet" ),
+ `item( `id( `inet6 ), "inet6" ),
+ `item( `id( `ax25 ), "ax25" ),
+ `item( `id( `ipx ), "ipx" ),
+ `item( `id( `appletalk ), "appletalk" ),
+ `item( `id( `netrom ), "netrom" ),
+ `item( `id( `bridge ), "bridge" ),
+ `item( `id( `atmpvc ), "atmpvc" ),
+ `item( `id( `x25 ), "x25" ),
+ `item( `id( `rose ), "rose" ),
+ `item( `id( `netbeui ), "netbeui" ),
+ `item( `id( `security ), "security" ),
+ `item( `id( `key ), "key" ),
+ `item( `id( `packet ), "packet" ),
+ `item( `id( `ash ), "ash" ),
+ `item( `id( `econet ), "econet" ),
+ `item( `id( `atmsvc ), "atmsvc" ),
+ `item( `id( `sna ), "sna" ),
+ `item( `id( `irda ), "irda" ),
+ `item( `id( `ppox ), "pppox" ),
+ `item( `id( `wanpipe ), "wanpipe" ),
+ `item( `id( `bluetooth ), "bluetooth" ),
+ ];
+
+ list<term> typeList = [
+ `item( `id( `alltype ), _("All") ),
+ `item( `id( `stream ), "stream" ),
+ `item( `id( `dgram ), "dgram" ),
+ `item( `id( `seqpacket ), "seqpacket" ),
+ `item( `id( `rdm ), "rdm" ),
+ `item( `id( `raw ), "raw" ),
+ `item( `id( `packet ), "packet" ),
+ `item( `id( `dccp ), "dccp" ),
+ ];
+
+ map results = $[];
+
+ UI::OpenDialog(
+ `VBox(
+ `VSpacing( 1 ),
+ `HBox(
+ `HCenter( `ComboBox( `id(`famItems),
+ `opt(`notify),
+ _("Network Family"),
+ famList
+ )
+ ),
+ `HSpacing(`opt(`hstretch), 0.2),
+ `HCenter( `ComboBox( `id(`typeItems),
+ `opt(`notify),
+ _("Socket Type"),
+ typeList
+ )
+ )
+ ),
+ `VSpacing(1),
+ `HBox(
+ `HCenter(`PushButton(`id(`cancel), Label::CancelButton())),
+ `HCenter(`PushButton(`id(`save), Label::SaveButton()))
+ ),
+ `VSpacing(0.5)
+ )
+ );
+
+ if ( rule == "" || family == "All" ) {
+ UI::ChangeWidget( `famItems, `Value, `allfam );
+ UI::ChangeWidget( `typeItems, `Value, `alltype );
+ UI::ChangeWidget( `typeItems, `Enabled, false );
+ } else {
+ if ( family != "" ) {
+ UI::ChangeWidget( `famItems, `Value, symbolof(toterm(family)) );
+ }
+ if ( sockettype != "" ) {
+ UI::ChangeWidget( `typeItems, `Value, symbolof(toterm(sockettype)) );
+ }
+ }
+ map event2 = $[];
+ any id2 = nil; // We'll need this often - cache it
+ repeat
+ {
+ event2 = UI::WaitForEvent( timeout_millisec );
+ id2 = event2["ID"]:nil; // We'll need this often - cache it
+ if ( id2 == `famItems ) {
+ if ( UI::QueryWidget( `famItems, `Value ) == `allfam ) {
+ UI::ChangeWidget( `typeItems, `Value, `alltype );
+ UI::ChangeWidget( `typeItems, `Enabled, false );
+ } else {
+ UI::ChangeWidget( `typeItems, `Enabled, true );
+ }
+ }
+ } until ( id2 == `save || id2 == `cancel );
+ if ( id2 == `save ) {
+ rule = "network";
+ symbol famselection = (symbol) UI::QueryWidget( `famItems, `Value );
+ symbol typeselection = (symbol) UI::QueryWidget( `typeItems, `Value );
+ if ( famselection != `allfam ) {
+ rule = rule + " " + substring( tostring(famselection), 1);
+ if ( typeselection != `alltype ) {
+ rule = rule + " " + substring( tostring(typeselection), 1);
+ }
+ }
+ } else {
+ rule = "";
+ }
+ UI::CloseDialog();
+ return rule;
+}
+
+
+//
+// Popup the Edit Profile Entry dialog
+// return a map containing PERM and FILE
+// for the updated permissions and filename
+// for the profile entry
+//
+
+define map pathEntryPopup( string filename, string perms, string profile, string filetype ) {
+ map results = $[];
+ UI::OpenDialog(
+ `VBox(
+ `VSpacing( `opt(`hstretch), 1 ),
+ `HSpacing( 45 ),
+ `HBox(
+ `VSpacing( 10 ),
+ `HSpacing( 0.75 ),
+ `Frame( _("Profile Entry For ") + profile,
+ `HBox(
+ `HWeight( 60,
+ `VBox(
+ `TextEntry(`id(`filename), _("Enter or modify Filename")),
+ `HCenter(`PushButton(`id(`browse), _("&Browse") ))
+ )
+ ),
+ `HWeight( 40,
+ `MultiSelectionBox( `id(`perms), `opt(`notify), _("Permissions"),
+ [ `item( `id(`read), _("Read"), issubstring(perms, "r")),
+ `item( `id(`write), _("Write"), issubstring(perms, "w")),
+ `item( `id(`link), _("Link"), issubstring(perms, "l")),
+ `item( `id(`append), _("Append"), issubstring(perms, "a")),
+ `item( `id(`lock), _("Lock"), issubstring(perms, "k")),
+ `item( `id(`mmap), _("MMap PROT_EXEC"), issubstring(perms, "m")),
+ `item( `id(`execute), _("Execute"), issubstring(perms, "x")),
+ `item( `id(`inherit), _("Inherit"), issubstring(perms, "i")),
+ `item( `id(`profile), _("Profile"), issubstring(perms, "p")),
+ `item( `id(`clean_profile), _("Profile Clean Exec"), issubstring(perms, "P")),
+ `item( `id(`unconstrained), _("Unconstrained"), issubstring(perms, "u")),
+ `item( `id(`clean_unconstrained), _("Unconstrained Clean Exec"), issubstring(perms, "U"))
+ ]
+ )
+ )
+ )
+ ),
+ `HSpacing( 0.75 )
+ ),
+ `VSpacing( 0.5 ),
+ `HBox(
+ `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))),
+ `HWeight( 50, `HCenter(`PushButton(`id(`cancel), Label::CancelButton())))
+ ),
+ `VSpacing( `opt(`hstretch), 0.5 )
+ )
+ );
+ UI::ChangeWidget(`id(`filename), `Value, filename);
+ map event2 = $[];
+ any id2 = nil; // We'll need this often - cache it
+ repeat
+ {
+ event2 = UI::WaitForEvent( timeout_millisec );
+ id2 = event2["ID"]:nil; // We'll need this often - cache it
+
+ //
+ // Something clicked in the 'perms list
+ //
+ if ( id2 == `perms ) {
+ any itemid = UI::QueryWidget( `id(`perms), `CurrentItem );
+ list selecteditems = (list) UI::QueryWidget( `id(`perms), `SelectedItems );
+ if ( itemid == `execute ) {
+ //
+ // If we turn off Execute bit then also
+ // turn off execute modifiers
+ //
+ if ( contains( selecteditems, `execute ) == false ) {
+ if ( contains( selecteditems, `inherit )) {
+ selecteditems = filter (any k, selecteditems, { return (k != `inherit); });
+ UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems );
+ }
+ if ( contains( selecteditems, `profile )) {
+ selecteditems = filter (any k, selecteditems, { return (k != `profile); });
+ UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems );
+ }
+ if ( contains( selecteditems, `unconstrained )) {
+ selecteditems = filter (any k, selecteditems, { return (k != `unconstrained); });
+ UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems );
+ }
+ if ( contains( selecteditems, `clean_unconstrained )) {
+ selecteditems = filter (any k, selecteditems, { return (k != `clean_unconstrained); });
+ UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems );
+ }
+ if ( contains( selecteditems, `clean_profile )) {
+ selecteditems = filter (any k, selecteditems, { return (k != `clean_profile); });
+ UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems );
+ }
+ } else if (!( contains( selecteditems, `inherit ) ||
+ contains( selecteditems, `unconstrained ) ||
+ contains( selecteditems, `clean_unconstrained ) ||
+ contains( selecteditems, `clean_profile ) ||
+ contains( selecteditems, `profile ))
+ ) {
+ //if you just select X alone then by default you get P
+ selecteditems = prepend( selecteditems, `profile);
+ UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems );
+ }
+ }
+
+ //
+ // Execute modifier is selected
+ // -- if Execute is NOT ON then turn Execute ON
+ // -- ensure that only one modifier is selected.
+ //
+ if (( contains( selecteditems, `inherit ) ||
+ contains( selecteditems, `clean_unconstrained ) ||
+ contains( selecteditems, `clean_profile ) ||
+ contains( selecteditems, `unconstrained ) ||
+ contains( selecteditems, `profile )) ) {
+ if ( contains( selecteditems, `execute ) == false ) {
+ selecteditems = prepend( selecteditems, `execute);
+ UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems );
+ } else if ( itemid == `profile ) {
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `inherit); });
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `clean_unconstrained); });
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `clean_profile); });
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `unconstrained); });
+ UI::ChangeWidget( `id(`perms),
+ `SelectedItems,
+ selecteditems );
+ } else if ( itemid == `inherit ) {
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `profile); });
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `unconstrained); });
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `clean_unconstrained); });
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `clean_profile); });
+ UI::ChangeWidget( `id(`perms),
+ `SelectedItems,
+ selecteditems );
+ } else if ( itemid == `unconstrained ) {
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `profile); });
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `inherit); });
+ selecteditems =
+ filter (any k,
+ selecteditems,
+ { return (k != `clean_unconstrained); });
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `clean_profile); });
+ UI::ChangeWidget( `id(`perms),
+ `SelectedItems,
+ selecteditems );
+ } else if ( itemid == `clean_unconstrained ) {
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `profile); });
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `inherit); });
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `unconstrained); });
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `clean_profile); });
+ UI::ChangeWidget( `id(`perms),
+ `SelectedItems,
+ selecteditems );
+ } else if ( itemid == `clean_profile ) {
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `profile); });
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `inherit); });
+ selecteditems =
+ filter (any k,
+ selecteditems,
+ { return (k != `clean_unconstrained); });
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `unconstrained); });
+ UI::ChangeWidget( `id(`perms),
+ `SelectedItems,
+ selecteditems );
+ }
+ } else if ( contains( selecteditems, `execute) ) {
+ selecteditems = filter (any k,
+ selecteditems,
+ { return (k != `execute); });
+ UI::ChangeWidget( `id(`perms),
+ `SelectedItems,
+ selecteditems );
+ }
+ }
+ //
+ // Popup a dialog to let a user browse for a file
+ //
+ if ( id2 == `browse ) {
+ string selectfilename = "";
+ if ( filetype == "dir" ) {
+ selectfilename = UI::AskForExistingDirectory( "/", _("Select Directory"));
+ } else {
+ selectfilename = UI::AskForExistingFile( "/", "", _("Select File"));
+ }
+ if ( selectfilename != nil ) {
+ UI::ChangeWidget(`id(`filename), `Value, selectfilename);
+ }
+ }
+ } until ( id2 == `save || id2 == `cancel );
+
+ if ( id2 == `cancel ) {
+ UI::CloseDialog();
+ return nil;
+ }
+
+ //
+ // Update table values
+ //
+ if ( id2 == `save ) {
+ list selectedbits = (list) UI::QueryWidget( `id(`perms), `SelectedItems );
+ string newperms = "";
+ if ( contains( selectedbits, `write ) ) {
+ newperms = newperms + "w" ;
+ }
+ if ( contains(selectedbits, `mmap ) ) {
+ newperms = newperms + "m" ;
+ }
+ if ( contains(selectedbits, `read ) ) {
+ newperms = newperms + "r" ;
+ }
+ if ( contains(selectedbits, `link ) ) {
+ newperms = newperms + "l" ;
+ }
+ if ( contains(selectedbits, `lock ) ) {
+ newperms = newperms + "k" ;
+ }
+ if ( contains(selectedbits, `append ) ) {
+ newperms = newperms + "a" ;
+ }
+ if ( contains(selectedbits, `execute) ) {
+ if ( contains(selectedbits, `profile) ) {
+ newperms = newperms + "p" ;
+ } else if ( contains(selectedbits, `inherit) ) {
+ newperms = newperms + "i" ;
+ } else if ( contains(selectedbits, `unconstrained) ) {
+ newperms = newperms + "u" ;
+ } else if ( contains(selectedbits, `clean_unconstrained) ) {
+ newperms = newperms + "U" ;
+ } else if ( contains(selectedbits, `clean_profile) ) {
+ newperms = newperms + "P" ;
+ }
+ newperms = newperms + "x" ;
+ }
+ filename = tostring( UI::QueryWidget(`id(`filename), `Value) );
+ UI::CloseDialog();
+ if ( filename == "" || newperms == "" ) {
+ Popup::Error(_("Entry will not added. Entry name or permissions not defined."));
+ results = nil;
+ } else {
+ results = $[ "PERM": newperms, "FILE": filename ];
+ }
+ }
+ return results;
+}
+
+define map fileEntryPopup( string filename, string perms, string profile ) {
+ return (map) pathEntryPopup( filename, perms, profile, "file" );
+}
+
+define map dirEntryPopup( string filename, string perms, string profile ) {
+ return (map) pathEntryPopup( filename, perms, profile, "dir" );
+}
+
+
+define map deleteNetworkRule( map netRules, string rule ) {
+ map audit = netRules["audit"]:$[];
+ map rules = netRules["rule"]:$[];
+ list netlist = splitstring( rule, " " );
+ integer netrulesize = size( netlist );
+ string family = "";
+ string sockettype = "";
+
+ if ( netrulesize == 1 ) {
+ audit = $[];
+ rules = $[];
+ } else if ( netrulesize == 2 ) {
+ family = netlist[1]:"";
+ audit = remove( audit, family );
+ rules = remove( rules, family );
+ } else if ( netrulesize == 3 ) {
+ family = netlist[1]:"";
+ sockettype = netlist[2]:"";
+ map a = audit[family]:$[];
+ map r = rules[family]:$[];
+ a = remove(a, sockettype);
+ r = remove(r, sockettype);
+ audit[family] = a;
+ rules[family] = r;
+ /*any fam = netRules[family]:nil;
+ if ( is( fam, map ) ) {
+ fam = remove( ((map) fam), sockettype );
+ netRules[family] = fam;
+ } else {
+ y2warning("deleteNetworkRule: deleting non-existing rule: " +
+ rule);
+ }*/
+ }
+ return $["audit" : audit, "rule" : rules];
+}
+
+define map addNetworkRule( map netRules, string rule ) {
+ map audit = netRules["audit"]:$[];
+ map rules = netRules["rule"]:$[];
+ list netlist = splitstring( rule, " " );
+ integer netrulesize = size( netlist );
+ string family = "";
+ string sockettype = "";
+
+ if ( netrulesize == 1 ) {
+ return ( $["audit" : $["all":1], "rule" : $["all" :1] ] );
+ }
+ else{
+ if (haskey(audit, "all") && haskey(rules, "all")) {
+ audit = remove(audit, "all");
+ rules = remove(rules, "all");
+ }
+
+ if ( netrulesize == 2 ) {
+ family = netlist[1]:"";
+ audit[family] = 0;
+ rules[family] = 1;
+ } else if ( netrulesize == 3 ) {
+ family = netlist[1]:"";
+ sockettype = netlist[2]:"";
+ audit[family] = add(audit[family]:$[], sockettype,0);
+ rules[family] = add(rules[family]:$[], sockettype,1);
+ }
+ /*any any_fam = netRules[family]:nil;
+ map fam = nil;
+ if ( is( any_fam, map ) ) {
+ fam = (map) any_fam;
+ }
+ if ( fam == nil ) {
+ fam = $[];
+ }
+ fam[sockettype] = "1";
+ netRules[family] = fam;*/
+ }
+ return $[ "audit": audit, "rule": rules];
+}
+
+define map editNetworkRule( map netRules, string old, string new ) {
+ netRules = deleteNetworkRule( netRules, old );
+ netRules = addNetworkRule( netRules, new );
+ return( netRules );
+}
+
+//
+// generateTableContents - generate the list that is used in the table to display the profile
+//
+
+define list<term> generateTableContents( map paths, map network, map caps, map includes, map hats ) {
+ list<term> newlist = [];
+
+ integer indx = 0;
+
+ foreach( string hatname, any hat, (map<string,map>) hats, {
+ newlist = add( newlist, `item( `id(indx), "[+] ^"+ hatname, ""));
+ indx = indx+1; });
+
+ foreach( string incname, integer incval, (map<string,integer>) includes, {
+ newlist = add( newlist, `item( `id(indx), "#include " +incname, ""));
+ indx = indx+1; });
+
+ foreach( string capname, map capval, (map<string,map>) caps, {
+ map capdef = capdefs[capname]:nil;
+ newlist = add( newlist, `item( `id(indx), capdef["name"]:"", ""));
+ indx = indx+1; });
+
+ foreach( string name, map val, (map<string,map>) paths, {
+ string mode = (string) SCR::Execute(.subdomain_profiles.mode_to_string, val["mode"]:0);
+ newlist = add( newlist, `item( `id(indx), name, mode));
+ indx = indx+1; });
+
+ map rules = network["rule"]:$[];
+ foreach( string family, any any_fam, (map<string,any>) rules, {
+ if ( is( any_fam, map ) ) {
+ foreach( string socktype, any any_type, (map<string,any>) any_fam, {
+ newlist = add( newlist,
+ `item( `id(indx),
+ "network " + family + " " + socktype,
+ ""
+ )
+ );
+ indx = indx+1;
+ });
+ } else {
+ // Check for all network
+ if ( family == "all" ) {
+ newlist = add( newlist,
+ `item( `id(indx),
+ "network",
+ ""
+ )
+ );
+ indx = indx+1;
+ } else {
+ newlist = add( newlist,
+ `item( `id(indx),
+ "network " + family,
+ ""
+ )
+ );
+ indx = indx+1;
+ }
+ }
+ });
+ return newlist;
+}
+
+
+define map collectHats(map profile, string pathname ) {
+ map<string,any> hats = $[];
+ y2debug("collecting hats for " + pathname);
+ if( profile != nil){
+ foreach( string resname, any resource, (map<string,any>) profile, {
+ if ( resname != pathname ) {
+ map<any,any> hat = tomap(resource);
+ if ( hat != nil ) {
+ y2debug("HAT " + resname);
+ hats = add(hats, resname, resource);
+ }
+ }
+ });
+ }
+ return hats;
+}
+
+
+//
+// Prompts the user for a hatname
+// Side-Effect: sets Settings["CURRENT_HAT"]
+// returns true (hat entered)
+// false (user aborted)
+//
+define boolean newHatNamePopup(string parentProfile, map currentHats ) {
+
+term intro = `VBox(
+ `Top(
+ `VBox(
+ `VSpacing(1),
+ `Left(`Label( _("Please enter the name of the Hat that you would like \nto add to the profile") + " " + parentProfile + ".")),
+ `VSpacing(0.5),
+ `Left(
+ `TextEntry(
+ `id(`hatname),
+ _("&Hat name to add"),
+ ""
+ )
+ ),
+ `VSpacing(`opt(`vstretch), 0.25)
+ )
+ ),
+ `HBox(
+ `HSpacing(`opt(`hstretch), 0.1),
+ `HCenter(`PushButton(`id(`create), _("&Create Hat"))),
+ `HCenter(`PushButton(`id(`abort), Label::AbortButton())),
+ `HSpacing(`opt(`hstretch), 0.1),
+ `VSpacing(1)
+ )
+ );
+
+ UI::OpenDialog(intro);
+ UI::SetFocus(`id(`hatname));
+ while (true) {
+ any input = Wizard::UserInput();
+ if(input == `create) {
+ string hatname = (string) UI::QueryWidget(`id(`hatname), `Value);
+ // Check for no application entry in the dialog
+ if ( hatname == "" ) {
+ Popup::Error(_("You have not given a name for the hat you want to add.\nPlease
+enter a hat name to create a new hat, or press Abort to cancel this wizard."));
+ } else if ( haskey( currentHats, hatname ) ) {
+ Popup::Error(_("The profile already contains the provided hat name.
+Please enter a different name to try again, or press Abort to cancel this wizard."));
+ } else {
+ Settings["CURRENT_HAT"] = hatname;
+ UI::CloseDialog();
+ return true;
+ }
+ } else {
+ UI::CloseDialog();
+ return false;
+ }
+ }
+}
+
+define symbol DisplayProfileForm(string pathname, boolean hat) {
+ map profile_map = (map) Settings["PROFILE_MAP"]:$[];
+ map profile = (map) profile_map[pathname]:$[];
+ map hats = $[];
+ if ( !hat ) {
+ hats = collectHats( profile_map, pathname );
+ }
+ map paths = (map) profile["allow","path"]:$[];
+ map caps = (map) profile["allow","capability"]:$[];
+ map includes = (map) profile["include"]:$[];
+ map netdomain = (map) profile["allow", "netdomain"]:$[];
+ list<term> profilelist = generateTableContents( paths,
+ netdomain,
+ caps,
+ includes,
+ hats );
+
+
+ // FIXME: format these texts better
+
+ /* help text */
+ string help1 = _("<p>In this form you can view and modify the contents of an individual profile.
+For existing entries you can double click the permissions to access a modification dialog.</p>");
+
+ /* help text */
+ string help2 = _("<p><b>Permission Definitions:</b><br><code> r - read <br>
+w -write<br>l - link<br>m - mmap PROT_EXEC<br>k - file locking<br>
+a - file append<br>x - execute<br> i - inherit<br> p - discrete profile<br>
+P - discrete profile <br> (*clean exec)<br> u - unconstrained<br>
+U -unconstrained<br> (*clean exec)</code></p>");
+
+ /* help text */
+ string help3 = _("<p><b>Add Entry:</b><br>Select the type of resource to add from the drop down list.</p>");
+
+ /* help text - part x1 */
+ string help4 = _("<p><ul><li><b>File</b><br>Add a file entry to this profile</li>");
+ /* help text - part x2 */
+ string help5 = _("<li><b>Directory</b><br>Add a directory entry to this profile</li>");
+ /* help text - part x3 */
+ string help6 = _("<li><b>Capability</b><br>Add a capability entry to this profile</li>");
+ /* help text - part x4 */
+ string help7 = _("<li><b>Include</b><br>Add an include entry to this profile. This option
+includes the profile entry contents of another file in this profile at load time.</li>");
+ /* help text - part x5 */
+ string help_net = _("<li><b>Network Entry</b><br>Add a network rule entry to this profile.
+This option will allow you to specify network access privileges for the profile.
+You may specify a network address family and socket type.</li>");
+ /* help text - part x6 */
+ string helpHat = _("<li><b>Hat</b><br>Add a sub-profile for this profile - called a Hat.
+This option is analogous to manually creating a new profile, which can selected
+during execution only in the context of being asked for by a <b>changehat aware</b>
+application. For more information on changehat please see <b>man changehat</b> on your
+system or the Novell AppArmor Administration Guide.</li>");
+ /* help text - part x7 */
+ string helpEdit = _("</ul></p><p><b>Edit Entry:</b><br>Edit the selected entry.</p>");
+
+ /* help text */
+ string help8 = _("<p><b>Delete Entry:</b><br>Removes the selected entry from this profile.</p>");
+
+ /* help text - part y1 */
+ string help9 = _("<p><b>*Clean Exec</b><br>The Clean Exec option for the discrete profile
+and unconstrained execute permissions provide added security by stripping the environment
+that is inherited by the child program of specific variables. These variables are:");
+ /* help text - part y2 */
+ string help10 = "<ul> <li>GCONV_PATH</li><li>GETCONF_DIR</li><li>HOSTALIASES</li><li>LD_AUDIT</li><li>LD_DEBUG</li><li>LD_DEBUG_OUTPUT</li><li>LD_DYNAMIC_WEAK</li><li>LD_LIBRARY_PATH</li><li>LD_ORIGIN_PATH</li><li>LD_PRELOAD</li><li>LD_PROFILE</li><li>LD_SHOW_AUXV</li><li>LD_USE_LOAD_BIAS</li><li>LOCALDOMAIN</li><li>LOCPATH</li><li>MALLOC_TRACE</li><li>NLSPATH</li><li>RESOLV_HOST_CONF</li><li>RES_OPTION</li><li>TMPDIR</li><li>TZDIR</li></ul></p>";
+
+
+ integer listnum = 0;
+ list<term> itemList = [ `item( `id( `file ), _("&File") ),
+ `item( `id( `net ), _("Network &Rule") ),
+ `item( `id( `dir ), _("&Directory") ),
+ `item( `id( `cap ), _("&Capability") ),
+ `item( `id( `include ), _("&Include File") ),
+ ];
+
+
+ string mainLabel = "";
+
+ if ( hat ) {
+ mainLabel = _("AppArmor profile ") + Settings["CURRENT_PROFILE"]:"" + "^" + pathname;
+ } else {
+ itemList = add(itemList,`item( `id( `hat ), _("&Hat") ));
+ mainLabel = _("AppArmor profile for ") + pathname ;
+ }
+ // Define the widget contents
+ // for the Wizard
+ term contents_main_profile_form =
+ `VBox(
+ `Label(mainLabel),
+ `HBox(
+ `VSpacing(10),
+ `Table(`id(`table), `opt(`notify, `immediate ), `header(_("File Name"), _("Permissions")), profilelist)
+ ),
+ `VSpacing(0.5),
+ `HBox(
+ `HSpacing(`opt(`hstretch), 0.1),
+ `HCenter( `MenuButton(`id(`addMenu), _("Add Entry"), itemList)),
+ `HCenter(`PushButton(`id(`edit), _("&Edit Entry"))),
+ `HCenter(`PushButton(`id(`delete), _("&Delete Entry"))),
+ `HSpacing(`opt(`hstretch), 0.1),
+ `VSpacing(1)
+ ),
+ `VSpacing(1)
+ );
+ string help = "";
+ string formtitle = "";
+ if ( hat ) {
+ help = help1 + help2 + help3 + help4 + help5 + help6 + help7 + help_net + help8 + helpEdit + help9 + help10;
+ formtitle = _("AppArmor Hat Dialog");
+ } else {
+ help = help1 + help2 + help3 + help4 + help5 + help6 + help7 + help_net + helpHat + helpEdit + help8 + help9 + help10;
+ formtitle = _("AppArmor Profile Dialog");
+ }
+ Wizard::SetContentsButtons( formtitle, contents_main_profile_form, help, Label::BackButton(), _("&Done") );
+
+
+
+ map event = $[];
+ any id = nil;
+ while( true )
+ {
+ event = UI::WaitForEvent( timeout_millisec );
+ id = event["ID"]:nil; // We'll need this often - cache it
+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
+ if ( (( id == `table ) && (event["EventReason"]:nil == "Activated" )) ||
+ ( id == `edit) )
+ {
+ // Widget activated in the table
+ string rule = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "");
+ integer findcap = find( rule, "CAP_");
+ integer findinc = find( rule, "#include");
+ integer findhat = find( rule, "[+] ^");
+ integer findnet = find( rule, "network");
+ string oldrule = rule;
+ if ( findcap == 0 ) {
+ caps = capabilityEntryPopup( caps, rule, pathname );
+ profile["allow", "capability"] = caps;
+ } else if ( findinc == 0 ) {
+ Popup::Error(_("Include entries can not be edited. Please select add or delete to manage Include entries."));
+ continue;
+ } else if ( findhat == 0 ) {
+ string hatToEdit = substring( rule, 5);
+ Settings["CURRENT_HAT"] = hatToEdit;
+ return `showhat;
+ } else if ( findnet == 0 ) {
+ string newrule = networkEntryPopup( rule );
+ if ( newrule != "" && newrule != rule ) {
+ netdomain = editNetworkRule( netdomain, rule, newrule );
+ }
+ profile["allow","netdomain"] = netdomain;
+ } else {
+ string perms = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 2, "");
+ map results = fileEntryPopup( rule, perms, pathname );
+ integer newperms = 0;
+ newperms = (integer) SCR::Execute(.subdomain_profiles.string_to_mode, results["PERM"]:"");
+ rule = results["FILE"]:"";
+ if ( rule != "" ) {
+ if ( rule != oldrule ) {
+ paths = remove( paths, oldrule );
+ }
+ paths = add(paths, rule, $[ "audit": 0, "mode": newperms]);
+ profile["allow","path"] = paths;
+ }
+ }
+ profile_map[pathname] = profile;
+ Settings["PROFILE_MAP"] = profile_map;
+ list<term> profilelist = generateTableContents( paths,
+ netdomain,
+ caps,
+ includes,
+ hats );
+ UI::ChangeWidget( `id(`table), `Items, profilelist );
+ UI::ChangeWidget( `id(`table), `CurrentItem, itemselected );
+ } else if ( id == `delete ) {
+ string rule = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "");
+ integer findcap = find( rule, "CAP_");
+ integer findinc = find( rule, "#include");
+ integer findhat = find( rule, "[+] ^");
+ integer findnet = find( rule, "network");
+
+ if ( findcap == 0 ) {
+ string capNameToDelete = linnametolp[rule]:"";
+ caps = remove( caps, capNameToDelete );
+ profile["allow", "capability"] = caps;
+ } else if ( findinc == 0 ) {
+ string includeToRemove = substring( rule, 9);
+ includes = remove( includes, includeToRemove );
+ profile["include"] = includes;
+ } else if ( findhat == 0 ) {
+ string hatToRemove = substring( rule, 5);
+ hats = remove( hats, hatToRemove);
+ profile_map = remove( profile_map, hatToRemove );
+ } else if ( findnet == 0 ) {
+ netdomain = deleteNetworkRule( netdomain, rule );
+ profile["allow","netdomain"] = netdomain;
+ } else {
+ paths = remove( paths, rule );
+ profile["allow","path"] = paths;
+ }
+ profile_map[pathname] = profile;
+ Settings["PROFILE_MAP"] = profile_map;
+ list<term> profilelist = generateTableContents( paths,
+ netdomain,
+ caps,
+ includes,
+ hats );
+ UI::ChangeWidget( `id(`table), `Items, profilelist );
+ UI::ChangeWidget( `id(`table), `CurrentItem, (itemselected == 0) ? 0 : itemselected -1 );
+ } else if ( id == `file || id == `dir ) {
+ string addfname = "";
+ integer addperms = 0;
+ map newentry = nil;
+ if ( id == `dir ) {
+ newentry = dirEntryPopup( "", "", pathname );
+ } else {
+ newentry = fileEntryPopup( "", "", pathname );
+ }
+ if ( newentry == nil ) {
+ continue;
+ }
+ addfname = newentry["FILE"]:"";
+ addperms = (integer) SCR::Execute(.subdomain_profiles.string_to_mode, newentry["PERM"]:"");
+ // Make sure that the entry doesn't already exist
+ paths = add( paths, addfname, $["audit":0, "mode": addperms] );
+ profile["allow","path"] = paths;
+ profile_map[pathname] = profile;
+ Settings["PROFILE_MAP"] = profile_map;
+ list<term> profilelist = generateTableContents( paths,
+ netdomain,
+ caps,
+ includes,
+ hats );
+ UI::ChangeWidget( `id(`table), `Items, profilelist );
+ UI::ChangeWidget( `id(`table), `CurrentItem, itemselected );
+ } else if ( id == `cap ) {
+ caps = capabilityEntryPopup( caps, "", pathname );
+ profile["allow","capability"] = caps;
+ profile_map[pathname] = profile;
+ Settings["PROFILE_MAP"] = profile_map;
+ list<term> profilelist = generateTableContents( paths,
+ netdomain,
+ caps,
+ includes,
+ hats );
+ UI::ChangeWidget( `id(`table), `Items, profilelist );
+ } else if ( id == `hat ) {
+ if ( hat ) {
+ Popup::Error(_("Hats can not have embedded hats."));
+ }
+ boolean hatCreated = newHatNamePopup( pathname, hats );
+ if ( hatCreated == true ) {
+ return `showhat;
+ }
+ } else if ( id == `include ) {
+ list <string> customIncludes = (list <string>) SCR::Read(.subdomain, "custom-includes");
+ string newInclude = UI::AskForExistingFile( "/etc/apparmor.d/abstractions", "", _("Select File To Include"));
+ if ( newInclude == nil || (string)newInclude == "" ) {
+ continue;
+ }
+ list <string> validIncludes = [ "/etc/apparmor.d/abstractions", "/etc/apparmor.d/program-chunks", "/etc/apparmor.d/tunables" ];
+ foreach( string incPath, customIncludes, {
+ validIncludes = add( validIncludes, "/etc/apparmor.d/" + incPath);
+ });
+
+ integer result = 0;
+ boolean includePathOK = false;
+ foreach( string pathToCheck, (list<string>) validIncludes, {
+ result = find (newInclude, pathToCheck);
+ if ( result != -1 ) {
+ includePathOK = true;
+ }
+ });
+
+ if ( ! includePathOK ) {
+ string pathListMsg = "";
+ foreach( string pathItem, (list<string>) validIncludes, {
+ pathListMsg = pathListMsg + "\n " + pathItem;
+ });
+ Popup::Error(_("Invalid #include file. Include files must be located in one of these directories: \n") + pathListMsg );
+ } else {
+ string includeName = substring(newInclude, 16 );
+ includes = add( includes, includeName, 1 );
+ profile["include"] = includes;
+ profile_map[pathname] = profile;
+ Settings["PROFILE_MAP"] = profile_map;
+ list<term> profilelist = generateTableContents( paths,
+ netdomain,
+ caps,
+ includes,
+ hats );
+ UI::ChangeWidget( `id(`table), `Items, profilelist );
+ }
+ } else if ( id == `net ) {
+ string newrule = networkEntryPopup( "" );
+ if ( newrule != "" ) {
+ netdomain = addNetworkRule( netdomain, newrule );
+ profile["allow","netdomain"] = netdomain;
+ profile_map[pathname] = profile;
+ Settings["PROFILE_MAP"] = profile_map;
+ list<term> profilelist = generateTableContents( paths,
+ netdomain,
+ caps,
+ includes,
+ hats );
+ UI::ChangeWidget( `id(`table), `Items, profilelist );
+ }
+ } else if ( id == `abort || id == `cancel ) {
+ break;
+ } else if ( id == `back ) {
+ break;
+ } else if ( id == `next ) {
+ if ( ! hat ) {
+ if (Popup::YesNoHeadline(_("Save changes to the Profile"),
+ _("Would you like to save the changes to this profile? \n(Note: after saving the changes the AppArmor profiles will be reloaded.)"))) {
+ map argmap = $[ "PROFILE_HASH" : Settings["PROFILE_MAP"]:$[],
+ "PROFILE_NAME" : pathname
+ ];
+ any result = SCR::Write(.subdomain_profiles, argmap);
+ any result2 = SCR::Write(.subdomain_profiles.reload, "-");
+ }
+ } else {
+ if ( ! haskey(hats, Settings["CURRENT_HAT"]:"") ) {
+ profile["allow","path"] = paths;
+ profile["allow","capability"] = caps;
+ profile["include"] = includes;
+ profile_map[pathname] = profile;
+ Settings["PROFILE_MAP"] = profile_map;
+ }
+ return `next;
+ }
+ break;
+ } else {
+ y2error("Unexpected return code: %1", id);
+ continue;
+ }
+ }
+ return (symbol) id;
+}
+
+
+ //
+ // Select a profile to edit and populate
+ // Settings["CURRENT_PROFILE"]: profile name
+ // Settings["PROFILE_MAP"]: map containing the profile
+ //
+define symbol SelectProfileForm( map profiles, string formhelp, string formtitle, string iconname ) {
+ list<term> profilelisting = [];
+ integer indx = 0;
+ foreach( string p, any ignore, (map<string,any>) profiles, {
+ profilelisting = add( profilelisting, `item( `id(p), p));
+ indx = indx+1;
+ });
+
+ term contents_select_profile_form =
+ `VBox(
+ `VSpacing(2),
+ `SelectionBox( `id(`profilelist), `opt(`notify), _("Profile Name"), profilelisting ),
+ `VSpacing(3)
+ );
+
+ //
+ // Create the Dialog Window and parse user input
+ //
+ Wizard::CreateDialog();
+ Wizard::SetContents( formtitle, contents_select_profile_form, formhelp, false, true );
+ Wizard::SetTitleIcon(iconname);
+
+ map event = $[];
+ any id = nil;
+ string profilename = "";
+ while( true )
+ {
+ event = UI::WaitForEvent( timeout_millisec );
+ id = event["ID"]:nil; // We'll need this often - cache it
+ if ( id == `next || id == `profilelist ) {
+ profilename = tostring( UI::QueryWidget(`id(`profilelist), `CurrentItem) );
+ if ( profilename != nil && profilename != "" ) {
+ break;
+ } else {
+ Popup::Error(_("You must select a profile to edit"));
+ continue;
+ }
+ } // TODO ELSE POPUP NO ENTRY SELECTED ERROR
+ if(id == `abort || id == `cancel) {
+ break;
+ } else if(id == `back) {
+ break;
+ } else {
+ y2error("Unexpected return code: %1", id);
+ continue;
+ }
+ }
+ if ( id == `next || id == `profilelist) {
+ Settings["CURRENT_PROFILE"] = profilename;
+ Settings["PROFILE_MAP"] = profiles[profilename]:nil;
+ id = `next;
+ }
+ UI::CloseDialog();
+ return (symbol) id;
+ }
+
+}
+
--- /dev/null
+++ b/src/include/apparmor/report_helptext.ycp
@@ -0,0 +1,158 @@
+/* ------------------------------------------------------------------
+*
+* Copyright (C) 2002-2005 Novell/SUSE
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of version 2 of the GNU General Public
+* License published by the Free Software Foundation.
+*
+ ------------------------------------------------------------------*/
+
+{
+
+textdomain "yast2-apparmor";
+
+string defs = _("<b>Program Name Pattern:</b><br> When you enter a program name or pattern
+that matches the name of the binary executable of the program of
+interest, the report will display security events that have
+occurred for a specific program.<br>") +
+
+_("<b>Profile Name Pattern:</b> When you enter the name of the profile,
+the report will display the security events that are generated for
+the specified profile. You can use this to see what is being confined
+by a specific profile.<br>") +
+
+_("<b>PID Number:</b> Process ID number is a number that uniquely identifies
+one specific process or running program (this number is valid only
+during the lifetime of that process).<br>") +
+
+_("<b>Severity Level:</b> Select the lowest severity level for security
+events that you would like to be included in the report. The selected
+severity level, and above, will be included in the reports.<br>") +
+
+_("<b>Detail:</b> A source to which the profile has denied access.
+This includes capabilities and files. You can use this field to
+report the resources are not allowed to be accessed by profiles.<br>") +
+
+_("<b>Mode:</b> The Mode is the permission that the profile grants
+to the program or process to which it is applied. The options are:
+r (read) w (write) l (link) x (execute)<br>") +
+
+_("<b>Access Type:</b> The access type describes what is actually happening
+with the security event. The options are: PERMITTING, REJECTING,
+or AUDITING.<br>") +
+
+_("<b>CSV or HTML:</b> Enables you to export a CSV (comma separated
+values) or html file. The CSV file separates pieces of data in
+the log entries with commas using a standard data format for
+importing into table-oriented applications. You can enter a
+pathname for your exported report by typing in the full
+pathname in the field provided.</p>");
+
+string setArchHelp = _("<p>The Report Configuration dialog enables you to filter the archived
+report selected in the previous screen. To filter by <b>Date Range:</b>") +
+
+_("<ol><li>Click <b>Filter By Date Range</b>. The fields become active.</li>
+<li>Enter the start and end dates that delineate the scope of the report.</li>
+ <li>Enter other filtering parameters. See below for definitions of parameters.</li></ol></p>") +
+
+_("The following definitions help you to enter the filtering parameters in the
+Report Configuration Dialog:<br>") + defs;
+
+
+string types = _("<b>Executive Security Summary:</b> A combined report,
+consisting of one or more Security incident reports from
+one or more machines. This report provides a single view of
+security events on multiple machines.<br>") +
+
+_("<b>Applications Audit Report:</b> An auditing tool that
+reports which application servers are running and whether
+the applications are confined by AppArmor. Application
+servers are applications that accept incoming network connections. <br>") +
+
+_("<b>Security Incident Report:</b> A report that displays application
+security for a single host. It reports policy violations for locally
+confined applications during a specific time period. You can edit and
+customize this report, or add new versions.</p>");
+
+string runHelp = _("<p>The AppArmor On-Demand Report screen displays
+an instantly generated version of one of the following
+reports:<br>") + types;
+
+
+string filterCfHelp1 = setArchHelp;
+/* START Help Section
+************************************************************/
+
+string repGenHelpText = _("<p><b>Generate Reports Help</b> <p>If there were, in fact,
+going to be any help for you (which, incidentally, there isn't going to be),
+then you would indeed find said help, here.</p><p>Thank you for your time,
+and have a nice day.</p>");
+
+
+
+string schedHelpText =
+_("<p>The summary of scheduled reports page shows us when reports are scheduled to run.
+Reports can be set to run monthly, weekly, daily, or hourly. The default settings are
+daily at midnight. The reports can also be emailed, upon completion, to up to three
+email recipients.<br>") +
+
+_("In the Set Schedule section, you can schedule the following three types of security reports:<br>") + types;
+
+string archHelpText = _("<p>The View Archive Reports form enables you to view
+previously generated reports, located in the /var/log/apparmor/reports-archived
+directory. The checkboxes at the top of the form enable you to narrow-down
+the category of reports shown in the list to the following: SIR Reports, AUD
+Reports, or ESS Reports. To see report details, select a report and click the
+<b>View</b> button.<br><br> You can view reports from one or more systems if
+you move the reports to the /var/log/apparmor/reports-archived directory.</p>");
+
+string mainHelp = schedHelpText;
+
+
+list helpList = [ schedHelpText ];
+
+term defaultHelp = `RichText ( schedHelpText );
+term schedHelp = `RichText ( schedHelpText );
+term repGenHelp = `RichText ( repGenHelpText );
+term archHelp = `RichText ( archHelpText );
+term otherHelp = `RichText ( archHelpText );
+
+string repConfHelp = _("repConfHelp");
+
+string sirHelp = _("<p><b>Security Incident Report (SIR):</b> A report that displays security
+events of interest to an administrator. The SIR reports policy violations
+for locally confined applications during the specified time period. The SIR
+reports policy exceptions and policy engine state changes. These two types
+of security events are defined as follows:") +
+
+_("<ul> <li><b>Policy Exceptions:</b> When an application requests a resource
+that's not defined within its profile, a security event is generated.</li>
+<li><b>Policy Engine State Changes:</b> Enforces policy for applications and
+maintains its own state, including when engines start or stop, when a policy
+is reloaded, and when global security feature are enabled or disabled.</li></ul>
+Select the report from the archive, then <b>View</b> to see the report details.</p>");
+
+
+string audHelp = _("<p><b>Applications Audit Report (AUD):</b> An auditing tool
+that reports which application servers are running and whether they are confined
+by AppArmor. Application servers are applications that accept incoming network
+connections. This report provides the host machine's IP Address, the date the
+Applications Audit Report ran, the name and path of the unconfined program or
+application server, the suggested profile or a placeholder for a profile for an
+unconfined program, the process ID number, The state of the program (confined or
+unconfined), and the type of confinement that the profile is performing
+(enforce/complain).</p>");
+
+string essHelp = _("<p><b>Executive Security Summary (ESS):</b> A combined report,
+consisting of one or more high-level reports from one or more machines. This
+report can provide a single view of security events on multiple machines if each
+machine's data is copied to the reports archive directory, which is
+<b>/var/log/apparmor/reports-archived</b>. This report provides the host
+machine's IP address, the start and end dates of the polled events, total number
+of rejects, total number of events, average of severity levels reported, and the
+highest severity level reported. One line of the ESS report represents a range
+of SIR reports.</p>");
+
+}
+
--- /dev/null
+++ b/src/include/apparmor/reporting_archived_dialogs.ycp
@@ -0,0 +1,307 @@
+/* ------------------------------------------------------------------
+*
+* Copyright (C) 2002-2005 Novell/SUSE
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of version 2 of the GNU General Public
+* License published by the Free Software Foundation.
+*
+ ------------------------------------------------------------------*/
+
+{
+
+import "Wizard";
+import "Popup";
+import "Label";
+include "subdomain/report_helptext.ycp";
+include "subdomain/reporting_utils.ycp";
+textdomain "yast2-apparmor";
+
+// Global
+integer timeout_millisec = 20 * 1000;
+
+//define term turnReportPage (integer curPage) {
+define term turnArchReportPage (integer curPage, integer lastPage) {
+
+ map<string,string> Settings = $[ ];
+ list<term> reportList = [];
+
+ string currentPage = tostring( curPage );
+ string slastPage = tostring( lastPage );
+ Settings["page"] = currentPage;
+ Settings["turnArch"] = "1";
+ Settings["turnPage"] = "1";
+
+ reportList = getReportList("sir",Settings);
+
+ // poor i18n
+ string myLabel = _("Archived Security Incident Report - Page ") + currentPage + _(" of ") + slastPage;
+
+ term odForm =
+
+ `Frame( `id(`odframe), myLabel,
+
+ `VBox(
+ `HBox(
+ `VSpacing(10),
+ makeSirTable(reportList),
+ `VSpacing(0.5)
+ ),
+ `HSpacing(`opt(`hstretch), 1.0),
+ `VSpacing(0.5),
+ `HBox(
+ `PushButton(`id(`first), _("F&irst") ),
+ `PushButton(`id(`prev), _("&Previous") ),
+ `PushButton(`id(`psort), _("&Sort") ),
+ `PushButton(`id(`fwd), _("&Forward") ),
+ `PushButton(`id(`last), _("&Last") )
+ ),
+ `VSpacing(1)
+ ));
+
+ return odForm;
+}
+
+define term filterArchForm() {
+
+ string expPath = "/var/log/apparmor/reports-exported";
+
+ term arForm =
+
+ `Top(`VBox(
+ `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )),
+ `Frame( `id(`bydate_frame), _(" Select Date Range ") ,
+ `VBox(
+ `Label( _("Enter Starting Date/Time") ),
+ `HBox(
+ `HSpacing( `opt(`hstretch), 1),
+ `IntField(`id(`startHours), _("Hours"), 0, 23, 0),
+ `IntField(`id(`startMins), _("Minutes"), 0, 59, 0),
+ `IntField(`id(`startDay), _("Day"), 1, 31, 1),
+ `IntField(`id(`startMonth), _("Month"), 1, 12, 1),
+ `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005)
+ ),
+ `VSpacing(1.0),
+ `Label( _("Enter Ending Date") ),
+ `HBox(
+ `HSpacing( `opt(`hstretch), 1),
+ `IntField(`id(`endHours), _("Hours"), 0, 23, 0),
+ `IntField(`id(`endMins), _("Minutes"), 0, 59, 0),
+ `IntField(`id(`endDay), _("Day"), 1, 31, 1),
+ `IntField(`id(`endMonth), _("Month"), 1, 12, 1),
+ `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005)
+ ),
+ `VSpacing(1.0)
+ )),
+ `VSpacing( 1.0 ),
+ `HBox(
+ `HWeight( 4, `TextEntry(`id(`prog), _("Program name") )),
+ `HWeight( 4, `TextEntry(`id(`prof), _("Profile name") )),
+ `HWeight( 3, `TextEntry(`id(`pid), _("PID number") )),
+ `HWeight( 2,
+ `ComboBox(`id(`sev), _("Severity"), [
+ _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10"
+ ]) ),
+ `HSpacing( `opt(`hstretch), 5)
+ ),
+ `HBox(
+ `HWeight( 3, `TextEntry(`id(`res), _("Detail") )),
+ `HWeight( 3, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))),
+ `HWeight( 3, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))),
+ `HSpacing( `opt(`hstretch), 5)
+ ),
+ `VSpacing( 0.5 ),
+
+ `HBox(
+ `VSpacing(0.5),
+ `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [
+ _("None"), _("csv"), _("html"), _("Both")
+ ]),
+ `TextEntry(`id(`expPath), _("Location to store log."), expPath ),
+ `Bottom( `VWeight( 1, `PushButton(`id(`accept), Label::AcceptButton()) )),
+ `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) ))
+ )
+ ));
+
+ return arForm;
+}
+
+define map<any,any> setArchFilter() {
+
+ map<any,any> Settings = $[];
+
+ term archForm = filterArchForm();
+ Wizard::SetContentsButtons( _("Report Configuration Dialog"), archForm,
+ setArchHelp, Label::BackButton(), Label::NextButton() );
+
+ UI::ChangeWidget(`id(`bydate_frame), `Enabled, false);
+
+ string mode = "All";
+ string sdmode = "R";
+
+ map event = $[];
+ any id = nil;
+
+ while ( true ) {
+
+ event = UI::WaitForEvent( timeout_millisec );
+ id = event["ID"]:nil; // We'll need this often - cache it
+
+ if ( id == `bydate ) {
+
+ UI::ChangeWidget(`id(`bydate_frame), `Enabled, true);
+
+ } else if ( id == `next || id == `save ) {
+
+ boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value);
+
+ if ( bydate == true ) {
+
+ integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value);
+ integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value);
+ integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value);
+ integer startHours = (integer) UI::QueryWidget(`id(`startHours), `Value);
+ integer startMins = (integer) UI::QueryWidget(`id(`startMins), `Value);
+ integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value);
+ integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value);
+ integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value);
+ integer endHours = (integer) UI::QueryWidget(`id(`endHours), `Value);
+ integer endMins = (integer) UI::QueryWidget(`id(`endMins), `Value);
+
+ // start_day & start_month are mutually exclusive
+ if ( id == `startDay ) {
+ UI::ChangeWidget(`id(`startMonth), `Value, 0);
+ } else if ( id == `startMonth ) {
+ UI::ChangeWidget(`id(`startDay), `Value, 0);
+ }
+
+ // start_day & start_month are mutually exclusive
+ if ( id == `endDay ) {
+ UI::ChangeWidget(`id(`endMonth), `Value, 0);
+ } else if ( id == `endMonth ) {
+ UI::ChangeWidget(`id(`endDay), `Value, 0);
+ }
+
+ if ( CheckDate(startDay,startMonth,startYear) == false ) {
+ Popup::Error( _("Illegal start date entered. Please retry.") );
+ continue;
+ }
+
+ if ( CheckDate(endDay,endMonth,endYear) == false ) {
+ Popup::Error( _("Illegal end date entered. Please retry.") );
+ continue;
+ }
+ ////////////////////////////////////////////////////////////
+
+ string startday = tostring(startDay);
+ string startmonth = tostring(startMonth);
+ string startyear = tostring(startYear);
+ string starthours = tostring(startHours);
+ string startmins = tostring(startMins);
+ string endday = tostring(endDay);
+ string endmonth = tostring(endMonth);
+ string endyear = tostring(endYear);
+ string endhours = tostring(endHours);
+ string endmins = tostring(endMins);
+
+ Settings["startday"] = startday;
+ Settings["startmonth"] = startmonth;
+ Settings["startyear"] = startyear;
+ Settings["endday"] = endday;
+ Settings["endmonth"] = endmonth;
+ Settings["endyear"] = endyear;
+ Settings["starttime"] = starthours + ":" + startmins;
+ Settings["endtime"] = endhours + ":" + endmins;
+
+ }
+
+ string expType = (string) UI::QueryWidget(`id(`exportType), `Value);
+ string expPath = (string) UI::QueryWidget(`id(`exportPath), `Value);
+
+ if ( expType != "" && expType != "None" ) {
+
+ if ( expType == "csv" ) {
+ Settings["exporttext"] = "true";
+ } else if ( expType == "html" ) {
+ Settings["exporthtml"] = "true";
+ } else if ( expType == "both" ) {
+ Settings["exporttext"] = "true";
+ Settings["exporthtml"] = "true";
+ }
+ }
+
+ string program_name = (string) UI::QueryWidget(`id(`prog), `Value);
+ string profile = (string) UI::QueryWidget(`id(`prof), `Value);
+ string pid = (string) UI::QueryWidget(`id(`pid), `Value);
+ string sev = (string) UI::QueryWidget(`id(`sev), `Value);
+ string res = (string) UI::QueryWidget(`id(`res), `Value);
+ string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label);
+ string mode = (string) UI::QueryWidget(`id(`mode), `Label);
+ string exppath = (string) UI::QueryWidget(`id(`expPath), `Value);
+
+ if (sdmode == "-") { sdmode = "All"; }
+ if (mode == "-") { mode = "All"; }
+
+ if ( program_name != "" ) { Settings["prog"] = program_name; }
+ if ( profile != "" ) { Settings["profile"] = profile; }
+ if ( pid != "" ) { Settings["pid"] = pid; }
+ if ( sev != "" && sev != "All" ) { Settings["severity"] = sev; }
+ if ( res != "" ) { Settings["resource"] = res; }
+ if ( sdmode != "" ) { Settings["sdmode"] = sdmode; }
+ if ( mode != "" ) { Settings["mode"] = mode; }
+ if ( exppath != "" ) { Settings["exportPath"] = exppath; }
+
+ id = nil;
+ break;
+
+ } else if ( id == `sdmode ) {
+ sdmode = popUpSdMode();
+ Settings["sdmode"] = sdmode;
+ UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: ") + sdmode) );
+
+ } else if ( id == `mode ) {
+ mode = popUpMode();
+ Settings["mode"] = mode;
+ UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: ") + mode) );
+
+ } else if ( id == `abort || id == `cancel || id == `done ) {
+ Settings["break"] = "abort";
+ break;
+ } else if ( id == `close || id == `back) {
+ Settings["break"] = "back";
+ break;
+ }
+ }
+
+ return Settings;
+}
+
+define term viewArchForm(string tab, string logFile, map<any,any> Settings) {
+
+ Settings["archRep"] = "1";
+ Settings["logFile"] = logFile;
+ Settings["type"] = "archRep";
+
+ integer curPage = 1;
+ string currentPage = "1";
+ Settings["currentPage"] = currentPage;
+
+ integer isingle = Settings["single"]:1;
+ string single = "1";
+ if ( isingle != nil ) {
+ single = tostring(isingle);
+ }
+ Settings["single"] = single;
+
+ // mark - new
+ any junk = SCR::Read(.logparse,Settings);
+
+ integer lastPage = getLastPage("sirRep",Settings,"");
+ term myPage = turnArchReportPage(curPage,lastPage);
+
+ return myPage;
+}
+
+
+}
+
--- /dev/null
+++ b/src/include/apparmor/reporting_dialogues.ycp
@@ -0,0 +1,2513 @@
+/* ------------------------------------------------------------------
+*
+* Copyright (C) 2002-2005 Novell/SUSE
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of version 2 of the GNU General Public
+* License published by the Free Software Foundation.
+*
+ ------------------------------------------------------------------*/
+{
+
+import "Wizard";
+import "Popup";
+import "Label";
+include "subdomain/reporting_utils.ycp";
+include "subdomain/report_helptext.ycp";
+include "subdomain/reporting_archived_dialogs.ycp";
+textdomain "yast2-apparmor";
+
+// Globalz
+//integer timeout_millisec = 20 * 1000;
+map<string,string> Settings = $[ ];
+string defExpPath = "/var/log/apparmor/reports-exported";
+string oldExpPath = "/var/log/apparmor/reports-exported";
+string expPath = oldExpPath;
+
+// This map is to pull the string to send back to the backend agent on save
+map<any,any> md_map= $[
+ `md_00: _("All"),
+ `md_01: "1", `md_02: "2", `md_03: "3",
+ `md_04: "4", `md_05: "5", `md_06: "6",
+ `md_07: "7", `md_08: "8", `md_09: "9",
+ `md_10: "10", `md_11: "11", `md_12: "12",
+ `md_13: "13", `md_14: "14", `md_15: "15",
+ `md_16: "16", `md_17: "17", `md_18: "18",
+ `md_19: "19", `md_20: "20", `md_21: "21",
+ `md_22: "22", `md_23: "23", `md_24: "24",
+ `md_25: "25", `md_26: "26", `md_27: "27",
+ `md_28: "28", `md_29: "29", `md_30: "30",
+ `md_31: "31" ];
+
+string modeToHumanString( string mode) {
+ return ( mode == "All") ? _("All") : mode;
+}
+
+string humanStringToMode( string hs) {
+ return ( hs == _("All")) ? "All" : hs ;
+}
+
+string typeToHumanString( string type ) {
+ string ret = "";
+
+ switch ( type )
+ {
+ case "Security.Incident.Report":
+ ret = _("Security Incident Report");
+ break;
+ case "Applications.Audit":
+ ret = _("Applications Audit Report");
+ break;
+ case "Executive.Security.Summary":
+ ret = _("Executive Security Summary");
+ break;
+ default:
+ ret = type;
+ break;
+ }
+
+ return ret;
+}
+
+string humanStringToType( string hs ) {
+ string ret = "";
+
+ if( hs == _("Security Incident Report"))
+ ret = "Security.Incident.Report";
+ else if ( hs == _("Applications Audit Report"))
+ ret = "Applications.Audit";
+ else if ( hs == _("Executive Security Summary"))
+ ret = "Executive.Security.Summary";
+ else
+ ret = hs;
+
+ return ret;
+}
+
+// Grey out inappropriate paging buttons
+define void setPageButtons(integer curPage, integer lastPage) {
+
+ if (lastPage <= 1 ) {
+ UI::ChangeWidget(`id(`first), `Enabled, false);
+ UI::ChangeWidget(`id(`last), `Enabled, false);
+ UI::ChangeWidget(`id(`prev), `Enabled, false);
+ UI::ChangeWidget(`id(`fwd), `Enabled, false);
+ UI::ChangeWidget(`id(`goto), `Enabled, false);
+
+ } else if (curPage <= 1 ) {
+ UI::ChangeWidget(`id(`first), `Enabled, false);
+ UI::ChangeWidget(`id(`prev), `Enabled, false);
+ } else if ( curPage >= lastPage ) {
+ UI::ChangeWidget(`id(`last), `Enabled, false);
+ UI::ChangeWidget(`id(`fwd), `Enabled, false);
+ } else {
+ UI::SetFocus(`id(`goto));
+ }
+
+ return;
+}
+
+// return input from edit scheduled forms as map of strings
+define map<string,string> getSchedSettings( map<string,string> Settings ) {
+
+ string name = (string) UI::QueryWidget(`id(`name), `Value);
+ //integer iMonthdate = (integer) UI::QueryWidget(`id(`monthdate), `Value);
+ any md = (any) UI::QueryWidget(`id(`monthdate), `Value);
+ string monthdate = (string) md_map[md]:_("All");
+ string weekday = (string) UI::QueryWidget(`id(`weekday), `Value);
+ any iHours = (any) UI::QueryWidget(`id(`hour), `Value);
+ any iMins = (any) UI::QueryWidget(`id(`mins), `Value);
+ string expType = (string) UI::QueryWidget(`id(`expType), `Value);
+ string email1 = (string) UI::QueryWidget(`id(`email1), `Value);
+ string email2 = (string) UI::QueryWidget(`id(`email2), `Value);
+ string email3 = (string) UI::QueryWidget(`id(`email3), `Value);
+
+ //string monthdate = tostring( iMonthdate );
+ string hour = tostring( iHours );
+ string mins = tostring( iMins );
+
+ if ( weekday == _("All") ) { weekday = "-"; }
+ if ( monthdate == _("All") ) { monthdate = "-"; }
+
+ // de-i18n
+ if ( weekday == _("Mon") ) { weekday = "Mon"; }
+ if ( weekday == _("Tue") ) { weekday = "Tue"; }
+ if ( weekday == _("Weds") ) { weekday = "Weds"; }
+ if ( weekday == _("Thu") ) { weekday = "Thu"; }
+ if ( weekday == _("Fri") ) { weekday = "Fri"; }
+ if ( weekday == _("Sat") ) { weekday = "Sat"; }
+ if ( weekday == _("Sun") ) { weekday = "Sun"; }
+
+ Settings["getconf"] = "";
+ Settings["setconf"] = "1";
+ Settings["name"] = name;
+ Settings["monthdate"] = monthdate;
+
+ Settings["weekday"] = weekday;
+ Settings["hour"] = hour;
+ Settings["mins"] = mins;
+ if ( expType == _("csv") || expType == _("Both") ) {
+ Settings["csv"] = "1";
+ } else {
+ Settings["csv"] = "0";
+ }
+
+ if ( expType == _("html") || expType == _("Both") ) {
+ Settings["html"] = "1";
+ } else {
+ Settings["html"] = "0";
+ }
+
+ Settings["email1"] = email1;
+ Settings["email2"] = email2;
+ Settings["email3"] = email3;
+
+ return Settings;
+}
+
+// Gets list of archived reports based on 'type'
+define list<term> getArrayList(string type, string repPath) {
+
+ map<string,string> Settings = $[ ];
+ string readSched = "1";
+ Settings["readSched"] = readSched;
+ Settings["type"] = type;
+
+ if ( repPath != "" ) {
+ Settings["repPath"] = repPath;
+ }
+
+ list<term> itemList = [];
+
+ integer key = 1;
+
+ if ( type == "sirRep" || type == "essRep" || type == "audRep" ) {
+ list <map> db = (list <map>) SCR::Read (.reports_parse, Settings);
+
+ foreach ( map record, db, {
+ any strName = record["name"]:nil;
+ any strTime = record["time"]:nil;
+ string name = tostring(strName);
+ string mytime = tostring(strTime);
+ itemList = add( itemList, `item( `id(key), record["name"]:nil, record["time"]:nil ));
+ key = key + 1;
+ });
+
+ } else if (type == "schedRep") {
+
+ Settings["getcron"] = "1";
+
+ list <map> db = (list <map>) SCR::Read (.reports_sched, Settings);
+
+ foreach ( map record, db, {
+ itemList = add( itemList, `item( `id(key), record["name"]:nil, record["hour"]:nil, record["mins"]:nil,
+ record["wday"]:nil, record["mday"]:nil ));
+ key = key + 1;
+ });
+
+ } else {
+
+ Popup::Error( _("Unrecognized form request.") );
+
+ }
+
+ return itemList;
+}
+
+
+// Filter form for editing scheduled reports
+define term editFilterForm (map Settings) {
+
+ /* debug */
+ string prog = Settings["prog"]:"";
+ string prof = Settings["prof"]:"";
+ string pid = Settings["pid"]:"";
+ string res = Settings["res"]:"";
+ string sdmode = Settings["sdmode"]:"R";
+ string mode = Settings["mode"]:"All";
+ string sev = Settings["sev"]:"All";
+
+ term eForm = `VBox(
+
+ `VSpacing( 0.5 ),
+ `HBox(
+ `HWeight( 5, `TextEntry(`id(`prog), _("Program name"), prog )),
+ `HWeight( 5, `TextEntry(`id(`prof), _("Profile name"), prof )),
+ `HSpacing( `opt(`hstretch), 1)
+ ),
+ `VSpacing( 0.5 ),
+ `HBox(
+ `HWeight( 5, `TextEntry(`id(`pid), _("PID number"), pid )),
+ `HWeight( 5, `TextEntry(`id(`res), _("Detail"), res )),
+ `HSpacing( `opt(`hstretch), 1)
+ ),
+ `VSpacing( 0.5 ),
+ `HBox(
+ `HWeight( 2,
+ `ComboBox(`id(`sev), _("Severity"), [
+ _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10"
+ ]) ),
+ `VBox(
+ `Label( _("Access Type: ") ),
+ `Bottom( `HWeight( 4,
+ `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode )))))
+ ),
+ `VBox(
+ `Label( _("Mode: ") ),
+ `Bottom( `HWeight( 4,
+ `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode )))))
+ ),
+ `HSpacing( `opt(`hstretch), 1)
+ ),
+ `VSpacing( 1 ),
+ `HBox(
+ `PushButton(`id(`cancel), Label::CancelButton() ),
+ `PushButton(`id(`save), Label::SaveButton() )
+ )
+ );
+
+ return eForm;
+}
+
+term schedFilterForm =
+
+ `VBox(
+ `VSpacing( 0.5 ),
+ `HBox(
+ `HWeight( 5, `TextEntry(`id(`prog), _("Program name") )),
+ `HWeight( 5, `TextEntry(`id(`prof), _("Profile name") )),
+ `HSpacing( `opt(`hstretch), 1)
+ ),
+ `VSpacing( 0.5 ),
+ `HBox(
+ `HWeight( 5, `TextEntry(`id(`pid), _("PID number") )),
+ `HWeight( 5, `TextEntry(`id(`res), _("Detail") ) ),
+ `HSpacing( `opt(`hstretch), 1)
+ ),
+ `VSpacing( 0.5 ),
+ `HBox(
+ `HWeight( 2,
+ `ComboBox(`id(`sev), _("Severity"), [
+ _("All"), "U", "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10"
+ ]) ),
+
+ `VBox(
+ `Label( _("Access Type: ") ),
+ `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), "R" ))
+ ),
+ `VBox(
+ `Label( _("Mode: ") ),
+ `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("All") ))
+ ),
+
+ //`HWeight( 4, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))),
+ //`HWeight( 4, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))),
+ `HSpacing( `opt(`hstretch), 1)
+ ),
+ `VSpacing( 1 ),
+ `HBox(
+ `PushButton(`id(`cancel), Label::CancelButton() ),
+ `PushButton(`id(`save), Label::SaveButton() )
+ )
+ );
+
+term filterForm =
+
+ `VBox(
+ `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )),
+ `Frame( `id(`bydate_frame), _(" Select Date Range "),
+ `VBox(
+ `Label( _("Enter Starting Date/Time") ),
+ `HBox(
+ `HSpacing( `opt(`hstretch), 1),
+ `IntField(`id(`startHours), _("Hours"), 00, 23, 00),
+ `IntField(`id(`startMins), _("Minutes"), 00, 59, 00),
+ `IntField(`id(`startDay), _("Day"), 01, 31, 01),
+ `IntField(`id(`startMonth), _("Month"), 01, 12, 01),
+ `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005)
+ ),
+ `VSpacing(1.0),
+ `Label( _("Enter Ending Date") ),
+ `HBox(
+ `HSpacing( `opt(`hstretch), 1),
+ `IntField(`id(`endHours), _("Hours"), 0, 23, 0),
+ `IntField(`id(`endMins), _("Minutes"), 0, 59, 0),
+ `IntField(`id(`endDay), _("Day"), 1, 31, 1),
+ `IntField(`id(`endMonth), _("Month"), 1, 12, 1),
+ `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005)
+ )
+ ),
+ `VSpacing(1.0),
+ `HBox(
+ `HWeight( 4, `TextEntry(`id(`prog), _("Program name")) ),
+ `HWeight( 4, `TextEntry(`id(`prof), _("Profile name")) ),
+ `HWeight( 3, `TextEntry(`id(`pid), _("PID number")) ),
+ `HWeight( 2,
+ `ComboBox(`id(`sev), _("Severity"), [
+ _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10"
+ ]) ),
+ `HSpacing( `opt(`hstretch), 5)
+ ),
+ `HBox(
+ `HWeight( 3, `TextEntry(`id(`res), _("Detail") ) ),
+
+ `VBox(
+ `Label( _("Access Type: ") ),
+ `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), "R" ))
+ ),
+ `VBox(
+ `Label( _("Mode: ") ),
+ `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("All") ))
+ ),
+
+
+ //`HWeight( 3, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))),
+ //`HWeight( 3, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))),
+ `HSpacing( `opt(`hstretch), 5)
+ ),
+ `VSpacing( 0.5 ),
+
+ `HBox(
+ `VSpacing(0.5),
+ // DWR MOD `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [
+ `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [
+ _("None"), _("csv"), _("html"), _("Both")
+ ]),
+ `TextEntry(`id(`expPath), _("Location to store log."), expPath ),
+ `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) ))
+ )
+
+ ));
+
+// filter-defining form
+define term filterForm2(string name, map<any,any> preFilters) {
+
+ any aprog = preFilters["prog"]:nil;
+ any aprof = preFilters["profile"]:nil;
+ any apid = preFilters["pid"]:nil;
+ any ares = preFilters["resource"]:nil;
+ any amode = preFilters["mode"]:"All";
+ any asdmode = preFilters["sdmode"]:"All";
+
+ string prog = "";
+ string prof = "";
+ string pid = "";
+ string res = "";
+ string mode = "";
+ string sdmode = "";
+
+ if ( aprog != nil ) { prog = tostring(aprog); }
+ if ( aprof != nil ) { prof = tostring(aprof); }
+ if ( apid != nil ) { pid = tostring(apid); }
+ if ( ares != nil ) { res = tostring(ares); }
+ if ( amode != nil ) { mode = tostring(amode); }
+ if ( asdmode != nil ) { sdmode = tostring(asdmode); }
+ if (sdmode == "-") { sdmode = "All"; }
+ if (mode == "-") { mode = "All"; }
+
+ term ff2 =
+ `Top(`VBox(
+ `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )),
+ `Frame( `id(`bydate_frame), _(" Select Date Range "),
+ `VBox(
+ `Label( _("Enter Starting Date/Time") ),
+ `HBox(
+ `HSpacing( `opt(`hstretch), 1),
+ `IntField(`id(`startHours), _("Hours"), 0, 23, 0),
+ `IntField(`id(`startMins), _("Minutes"), 0, 59, 0),
+ `IntField(`id(`startDay), _("Day"), 1, 31, 1),
+ `IntField(`id(`startMonth), _("Month"), 1, 12, 1),
+ `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005)
+ ),
+ `VSpacing(1.0),
+ `Label( _("Enter Ending Date") ),
+ `HBox(
+ `HSpacing( `opt(`hstretch), 1),
+ `IntField(`id(`endHours), _("Hours"), 0, 23, 0),
+ `IntField(`id(`endMins), _("Minutes"), 0, 59, 0),
+ `IntField(`id(`endDay), _("Day"), 1, 31, 1),
+ `IntField(`id(`endMonth), _("Month"), 1, 12, 1),
+ `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005)
+ ),
+ `VSpacing(1.0)
+ )),
+ `VSpacing( 1.0 ),
+ `HBox(
+ `HWeight( 4, `TextEntry(`id(`prog), _("Program name"), prog) ),
+ `HWeight( 4, `TextEntry(`id(`prof), _("Profile name"), prof) ),
+ `HWeight( 3, `TextEntry(`id(`pid), _("PID number"), pid) ),
+ `HWeight( 2,
+ `ComboBox(`id(`sev), _("Severity"), [
+ _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10"
+ ]) ),
+ `HSpacing( `opt(`hstretch), 5)
+ ),
+ `HBox(
+ `VSpacing(0.5),
+ `TextEntry(`id(`res), _("Detail"), res),
+ `VBox(
+ `Label( _("Access Type: ") ),
+ `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode )))
+ ),
+ `VBox(
+ `Label( _("Mode: ") ),
+ `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode )))
+ )
+ ),
+ `VSpacing( 0.5 ),
+
+ `HBox(
+ `VSpacing(0.5),
+ `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [
+ _("None"), _("csv"), _("html"), _("Both")
+ ]),
+ `TextEntry(`id(`expPath), _("Location to store log."), expPath ),
+ `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) ))
+ )
+ ));
+
+ return ff2;
+
+}
+
+// Gets data for next or previous page of current report
+define term turnReportPage (string name, integer curPage, string slastPage, map Settings) {
+
+ //map<string,string> Settings = $[ ]; - 07-07
+ list<term> reportList = [];
+
+ string currentPage = tostring( curPage );
+ Settings["name"] = name;
+ Settings["page"] = currentPage;
+ Settings["turnPage"] = "1";
+
+ reportList = getReportList("sir", Settings);
+
+ // New map is a list, not a hash
+
+ /* Old aa-eventd
+ list <map> db = (list <map>) SCR::Read (.logparse, Settings);
+ integer key = 1;
+ foreach ( map record, db, {
+ reportList = add( reportList, `item( `id(key), record["host"]:nil,
+ record["date"]:nil, record["prog"]:nil, record["profile"]:nil,
+ record["pid"]:nil, record["severity"]:nil, record["mode"]:nil,
+ record["resource"]:nil, record["sdmode"]:nil ));
+ key = key + 1;
+ });
+ */
+
+ string myLabel = _("On Demand Event Report - Page ") + currentPage + _(" of ") + slastPage;
+
+ term odForm =
+
+ `Frame( `id(`odpage), myLabel,
+
+ `VBox(
+ //`Label("AppArmor Event Report Data " + currentPage ),
+ //`Label(myLabel),
+
+ `HBox(
+ `VSpacing(10),
+ // New aa-eventd
+ makeSirTable(reportList),
+ /* Old aa-eventd
+ `Table(`id(`table), `opt(`keepSorting, `immediate ), `header( _("Host"), _("Date"), _("Program"),
+ _("Profile"), _("PID"), _("Severity"), _("Mode"), _("Detail"), _("Access Type") ), reportList),
+ */
+
+ `VSpacing(0.5)
+ ),
+ `HSpacing(`opt(`hstretch), 1.0),
+ `VSpacing(0.5),
+ `HBox(
+ `PushButton(`id(`first), _("F&irst Page") ),
+ `PushButton(`id(`prev), _("&Previous") ),
+ `PushButton(`id(`psort), _("&Sort") ),
+ `PushButton(`id(`fwd), _("&Forward") ),
+ `PushButton(`id(`last), _("&Last Page") ),
+ `PushButton(`id(`goto), _("&Go to Page") )
+ ),
+ `VSpacing(1)
+ ));
+
+ return odForm;
+}
+
+define symbol reportConfigForm() {
+
+ term contents_report_config_form =
+ `VBox(
+ `VSpacing( 1 ),
+ `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )),
+ `Frame( `id(`bydate_frame), _(" Select Date Range ") ,
+ `VBox(
+ `Label( _("Enter Starting Date/Time") ),
+ `HBox(
+ `HSpacing( `opt(`hstretch), 1),
+ `HWeight( 1, `TextEntry(`id(`start_time), _("Time") )),
+ `HSpacing( `opt(`hstretch), 1),
+ `HWeight( 1, `TextEntry(`id(`start_day), _("Day") )),
+ `HSpacing( `opt(`hstretch), 1),
+ `HWeight( 1, `TextEntry(`id(`start_month), _("Month") )),
+ `HSpacing( `opt(`hstretch), 1),
+ `HWeight( 1, `TextEntry(`id(`start_year), _("Year") )),
+ `HSpacing( `opt(`hstretch), 1)
+ ),
+ `VSpacing( 1.0 ),
+ `Label( _("Enter Ending Date") ),
+ `HBox(
+ `HSpacing( `opt(`hstretch), 1),
+ `HWeight( 1, `TextEntry(`id(`end_time), _("Time") )),
+ `HSpacing( `opt(`hstretch), 1),
+ `HWeight( 1, `TextEntry(`id(`end_day), _("Day") )),
+ `HSpacing( `opt(`hstretch), 1),
+ `HWeight( 1, `TextEntry(`id(`end_month), _("Month") )),
+ `HSpacing( `opt(`hstretch), 1),
+ `HWeight( 1, `TextEntry(`id(`end_year), _("Year") )),
+ `HSpacing( `opt(`hstretch), 1),
+ `VSpacing( `opt(`vstretch), 2)
+ )
+ )),
+ `VSpacing( 0.5 ),
+ `Left(`CheckBox( `id(`byprog), `opt(`notify), _("Filter By Program Name") )),
+ `HBox(`id(`pbox),
+ `Left(`TextEntry(`id(`prog), _("Program name") )),
+ `HSpacing( `opt(`hstretch), 45)
+ ),
+ `VSpacing( 0.5 ),
+ `Left(`CheckBox( `id(`expLog), `opt(`notify), _("Export Report") )),
+ `HBox(`id(`ebox),
+ `Left(`TextEntry(`id(`exportName), _("Export File Location") )),
+ `Label( _("Select Export Format") ),
+ `Left(`CheckBox(`id(`exportText), _("CSV"), false)),
+ `Left(`CheckBox(`id(`exportHtml), _("HTML"), true))
+ )
+ );
+ Wizard::SetContentsButtons( _("Report Configuration Dialog"), contents_report_config_form, repConfHelp, Label::BackButton(), Label::NextButton() );
+
+ Settings = $[ ];
+ map event = $[];
+ any id = nil;
+ UI::ChangeWidget(`id(`pbox), `Enabled, false);
+ UI::ChangeWidget(`id(`ebox), `Enabled, false);
+ UI::ChangeWidget(`id(`bydate_frame), `Enabled, false);
+ UI::ChangeWidget(`id(`exportName), `Value, "/tmp/export.log");
+
+ while( true ) {
+ event = UI::WaitForEvent( timeout_millisec );
+ id = event["ID"]:nil; // We'll need this often - cache it
+
+ integer start_day = (integer) UI::QueryWidget(`id(`start_day), `Value);
+ integer start_month = (integer) UI::QueryWidget(`id(`start_month), `Value);
+ integer start_year = (integer) UI::QueryWidget(`id(`start_year), `Value);
+ integer end_day = (integer) UI::QueryWidget(`id(`end_day), `Value);
+ integer end_month = (integer) UI::QueryWidget(`id(`end_month), `Value);
+ integer end_year = (integer) UI::QueryWidget(`id(`end_year), `Value);
+
+ if ( id == `byprog ) {
+ boolean val = (boolean) UI::QueryWidget(`id(`byprog), `Value);
+ if ( val == true ) {
+ UI::ChangeWidget(`id(`pbox), `Enabled, true);
+ UI::ChangeWidget(`id(`allevents), `Value, false);
+ } else {
+ UI::ChangeWidget(`id(`pbox), `Enabled, false);
+ }
+ } else if ( id == `bydate ) {
+ boolean val = (boolean) UI::QueryWidget(`id(`bydate), `Value);
+ if ( val == true ) {
+ UI::ChangeWidget(`id(`bydate_frame), `Enabled, true);
+ UI::ChangeWidget(`id(`allevents), `Value, false);
+ } else {
+ UI::ChangeWidget(`id(`bydate_frame), `Enabled, false);
+ }
+ } else if ( id == `expLog ) {
+ boolean val = (boolean) UI::QueryWidget(`id(`expLog), `Value);
+ if ( val == true ) {
+ UI::ChangeWidget(`id(`ebox), `Enabled, true);
+ //UI::ChangeWidget(`id(`allevents), `Value, false);
+ } else {
+ UI::ChangeWidget(`id(`ebox), `Enabled, false);
+ }
+ } else if ( id == `next ) {
+
+ // Setup the data structures.
+ boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value);
+ boolean byprog = (boolean) UI::QueryWidget(`id(`byprog), `Value);
+ boolean allevents = (boolean) UI::QueryWidget(`id(`allevents), `Value);
+ boolean expLog = (boolean) UI::QueryWidget(`id(`expLog), `Value);
+
+ if ( expLog ) {
+ string exportName = (string) UI::QueryWidget(`id(`exportName), `Value);
+ any expText = (boolean) UI::QueryWidget(`id(`exportText), `Value);
+ any expHtml = (boolean) UI::QueryWidget(`id(`exportHtml), `Value);
+ string exportText = tostring( expText );
+ string exportHtml = tostring( expHtml );
+ Settings["exportname"] = exportName;
+ Settings["exporttext"] = exportText;
+ Settings["exporthtml"] = exportHtml;
+ }
+
+ if ( byprog ) {
+ string program_name = (string) UI::QueryWidget(`id(`prog), `Value);
+ Settings["prog"] = program_name;
+ }
+
+ if ( bydate ) {
+
+ integer start_hour = (integer) UI::QueryWidget(`id(`startHour), `Value);
+ integer start_min = (integer) UI::QueryWidget(`id(`startMin), `Value);
+ integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value);
+ integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value);
+ integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value);
+ integer end_hour = (integer) UI::QueryWidget(`id(`endHour), `Value);
+ integer end_min = (integer) UI::QueryWidget(`id(`endMin), `Value);
+ integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value);
+ integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value);
+ integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value);
+ string start_time = tostring(start_hour) + ":" + tostring(start_min);
+ string end_time = tostring(end_hour) + ":" + tostring(end_min);
+
+ if ( CheckDate(startDay,startMonth,startYear) == false ) {
+ Popup::Error( _("Illegal start date entered. Please retry.") );
+ continue;
+ }
+
+ if ( CheckDate(endDay,endMonth,endYear) == false ) {
+ Popup::Error( _("Illegal end date entered. Please retry.") );
+ continue;
+ }
+
+ Settings["startday"] = tostring(startDay);
+ Settings["startmonth"] = tostring(startMonth);
+ Settings["startyear"] = tostring(startYear);
+ Settings["endday"] = tostring(endDay);
+ Settings["endmonth"] = tostring(endMonth);
+ Settings["endyear"] = tostring(endYear);
+ Settings["starttime"] = start_time;
+ Settings["endtime"] = end_time;
+ }
+
+ } else if ( id == `abort || id == `back || id == `done ) {
+ Popup::Message( _("Abort or Back") );
+ break;
+ }
+
+ //break;
+ }
+ return (symbol) id;
+}
+
+// Main Report Form
+define symbol mainArchivedReportForm() {
+
+ map <any,any> reportdata = nil;
+ reportdata = (map) SCR::Read (.logparse, Settings );
+ list<term> reportlist = [];
+
+ foreach( integer key, map repdata, (map<integer,map>) reportdata, {
+ reportlist = add( reportlist, `item( `id(key), repdata["date"]:nil, repdata["prof"]:nil, repdata["pid"]:nil, repdata["mesg"]:nil));
+ });
+
+ string help1 = _("<b>AppArmor Security Events</b><p>
+ This table displays the events found that match your search criteria.");
+
+
+ // DBG y2milestone("in MainReportForm");
+ term contents_main_prof_form =
+ `VBox(
+ `Label( _("AppArmor Event Report Data") ),
+ `HBox(
+ `VSpacing(10),
+ `Table(`id(`table), `opt(`notify, `immediate ), `header(_("Date"),
+ _("Profile"), _("PID"), _("AppArmor Message") ), reportlist),
+ `VSpacing(0.5)
+ )
+ );
+ Wizard::SetContentsButtons( _("AppArmor Security Event Report"),
+ contents_main_prof_form, help1, Label::BackButton(), _("&Done") );
+
+
+ map event = $[];
+ any id = nil;
+ while( true ) {
+
+ event = UI::WaitForEvent( timeout_millisec );
+ id = event["ID"]:nil; // We'll need this often - cache it
+
+ if ( id == `table ) {
+
+ if ( event["EventReason"]:nil == "Activated" ) {
+ // Widget activated in the table
+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
+ }
+
+ } else if ( id == `abort || id == `cancel || id == `done ) {
+ break;
+ } else if ( id == `back || id == `next ) {
+ break;
+ } else {
+ y2error("Unexpected return code: %1", id);
+ continue;
+ }
+ }
+ return (symbol) id;
+}
+
+// This is the first and base reporting form
+define symbol mainReportForm() {
+
+ term mainForm =
+
+ `VBox(
+ `Label( _("AppArmor Reporting") ),
+ `VSpacing(2),
+ `VBox(
+ `Left(`CheckBox( `id(`schedrep), `opt(`notify), _("Schedule Reports"), true )),
+ `Left(`CheckBox( `id(`viewrep), `opt(`notify), _("View Archived Reports") )),
+ `Left(`CheckBox( `id(`runrep), `opt(`notify), _("Run Reports") ))
+ ),
+ `VSpacing(0.5)
+ );
+
+ Wizard::SetContentsButtons( _("AppArmor Security Event Report"), mainForm, mainHelp, Label::BackButton(), Label::NextButton() );
+
+ map event = $[];
+ any id = nil;
+ while( true ) {
+
+ event = UI::WaitForEvent( timeout_millisec );
+ id = event["ID"]:nil; // We'll need this often - cache it
+
+ if ( id == `schedrep ) {
+ UI::ChangeWidget(`id(`viewrep), `Value, false);
+ UI::ChangeWidget(`id(`runrep), `Value, false);
+ } else if ( id == `viewrep ) {
+ UI::ChangeWidget(`id(`schedrep), `Value, false);
+ UI::ChangeWidget(`id(`runrep), `Value, false);
+ } else if ( id == `runrep ) {
+ UI::ChangeWidget(`id(`schedrep), `Value, false);
+ UI::ChangeWidget(`id(`viewrep), `Value, false);
+ } else if ( id == `abort || id == `cancel || id == `done ) {
+ break;
+ } else if ( id == `back ) {
+ break;
+ } else if ( id == `next ) {
+
+ if ( UI::QueryWidget(`id(`schedrep), `Value) == true ) {
+ id = `schedrep;
+ } else if ( UI::QueryWidget(`id(`viewrep), `Value) == true ) {
+ id = `viewrep;
+ } else if ( UI::QueryWidget(`id(`runrep), `Value) == true ) {
+ id = `runrep;
+ }
+
+ break;
+
+ } else {
+ y2error("Unexpected return code: %1", id);
+ continue;
+ }
+ }
+
+ return (symbol) id;
+}
+
+// Form used to select the type of archived report to list
+define term viewForm(map archType, list itemList, string repPath) {
+
+ boolean sirRep = archType["sirRep"]:false;
+ boolean audRep = archType["audRep"]:false;
+ boolean essRep = archType["essRep"]:false;
+
+ if ( repPath == "" || repPath == nil ) {
+ repPath = "/var/log/apparmor/reports-archived/";
+ }
+
+ if ( audRep == false && essRep == false ) {
+ sirRep = true;
+ }
+
+ term vForm =
+ `ReplacePoint(`id(`viewform), `VBox(
+ `Label( _("View Archived Reports") ),
+ `HSpacing(60), // make the table and thus the dialog wide enough
+ `VSpacing(1),
+ `HBox(
+ `Frame( `id(`radioSelect), _("Choose a Report Type"),
+ `RadioButtonGroup(`id(`chooseRep), `HBox(
+ `HStretch(),
+ `RadioButton(`id(`sirRep), `opt(`notify, `immediate), _("SIR"), sirRep),
+ `HSpacing(1),
+ `RadioButton(`id(`audRep), `opt(`notify, `immediate), _("App Aud"), audRep),
+ `HSpacing(1),
+ `RadioButton(`id(`essRep), `opt(`notify, `immediate), _("ESS"), essRep),
+ `HSpacing(1),
+ `HStretch()
+ )))
+ ),
+ `VSpacing(1),
+ `Frame( `id(`repFrame), _("Location of Archived Reports"),
+ `HBox(
+ `Left(`Label(repPath)),
+ `HSpacing(1),
+ `Left(`PushButton(`id(`browse), _("&Browse"))),
+ `HStretch()
+ )
+ ),
+ `VSpacing(0.5),
+ `VWeight( 10, `HBox(
+ `VSpacing(1),
+ `Table(`id(`table), `opt(`notify, `immediate), `header(_("Report"),
+ _("Date") ), itemList ) )
+ ),
+ `VSpacing(1),
+ `HBox(
+ `VSpacing(1),
+ `PushButton(`id(`view), _("&View") ),
+ `PushButton(`id(`viewall), _("View &All") )
+ )
+ ));
+
+ return vForm;
+}
+
+define map<any,any> filterConfigForm(string name) {
+
+ // Cheating way to set filters
+ map<string,string> opts = $[];
+ opts["getSirFilters"] = "1";
+ opts["name"] = name;
+ opts["gui"] = "1";
+ map<any,any> preFilters = $[];
+ preFilters = (map) SCR::Read( .logparse, opts );
+
+ any asev = preFilters["severity"]:nil;
+ string sev = "";
+ if ( asev != nil ) { sev = tostring(asev); }
+ if ( sev == "-" ) { sev = _("All"); }
+
+ Wizard::SetContentsButtons( _("Report Configuration Dialog"),
+ filterForm2(name,preFilters), filterCfHelp1, Label::BackButton(), Label::NextButton() );
+
+ if ( sev != "" && sev != _("All") ) {
+ if ( sev != "U" ) {
+ integer isev = tointeger(sev);
+ if ( isev < 10 ) {
+ sev = "0" + sev;
+ }
+ }
+
+ UI::ChangeWidget(`id(`sev), `Value, sev);
+ }
+
+ string mode = "All";
+ string sdmode = "R";
+
+ Settings = $[ ];
+ map event = $[];
+ any id = nil;
+ UI::ChangeWidget(`id(`bydate_frame), `Enabled, false);
+
+ while( true ) {
+
+ event = UI::WaitForEvent( timeout_millisec );
+ id = event["ID"]:nil;
+
+ if ( id == `bydate ) {
+
+ boolean val = (boolean) UI::QueryWidget(`id(`bydate), `Value);
+ if ( val == true ) {
+ UI::ChangeWidget(`id(`bydate_frame), `Enabled, true);
+ } else {
+ UI::ChangeWidget(`id(`bydate_frame), `Enabled, false);
+ }
+
+ } else if ( id == `abort || id == `done || id == `cancel) {
+ Settings["break"] = "abort";
+ break;
+
+ } else if ( id == `back ) {
+ Settings["break"] = "back";
+ break;
+
+ } else if ( id == `sdmode ) {
+
+ sdmode = popUpSdMode();
+
+ if ( sdmode != "" ) {
+ Settings["sdmode"] = sdmode;
+ UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) ) );
+ }
+
+ } else if ( id == `mode ) {
+
+ mode = popUpMode();
+
+ if ( mode != "" ) {
+ Settings["mode"] = mode;
+ UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode )));
+ }
+
+ } else if ( id == `browse ) {
+
+ string selectFile = "";
+ selectFile = UI::AskForExistingDirectory( "/", _("Select Directory"));
+
+ if ( selectFile != nil ) {
+ UI::ChangeWidget(`id(`expPath), `Value, selectFile);
+ }
+
+ Settings["expPath"] = expPath;
+
+ } else if ( id == `save || id == `next) {
+
+ // Setup the data structures.
+ boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value);
+ boolean expText = false;
+ boolean expHtml = false;
+
+ if ( UI::QueryWidget(`id(`expLog), `Enabled) == true ) {
+ expText = (boolean) UI::QueryWidget(`id(`exportText), `Value);
+ expHtml = (boolean) UI::QueryWidget(`id(`exportHtml), `Value);
+ }
+
+ if ( expText == true ) {
+ Settings["exporttext"] = "true";
+ }
+ if ( expHtml == true ) {
+ Settings["exporthtml"] = "true";
+ }
+
+ string program_name = (string) UI::QueryWidget(`id(`prog), `Value);
+ string profile = (string) UI::QueryWidget(`id(`prof), `Value);
+ string pid = (string) UI::QueryWidget(`id(`pid), `Value);
+ string sev = (string) UI::QueryWidget(`id(`sev), `Value);
+ string res = (string) UI::QueryWidget(`id(`res), `Value);
+ string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label);
+ string mode = (string) UI::QueryWidget(`id(`mode), `Label);
+ string exppath = (string) UI::QueryWidget(`id(`expPath), `Value);
+
+ // de-i18n
+ if ( sev == _("All") ) { sev = "All"; }
+ if ( sev == _("U") ) { sev = "U"; }
+
+ if (exppath != "" ) { Settings["exportPath"] = expPath; }
+ if ( program_name != "" ) { Settings["prog"] = program_name; }
+ if ( profile != "" ) { Settings["profile"] = profile; }
+ if ( pid != "" ) { Settings["pid"] = pid; }
+ if ( sev != "" && sev != "All" ) { Settings["severity"] = sev; }
+ if ( res != "" ) { Settings["resource"] = res; }
+ if ( sdmode != "" ) { Settings["sdmode"] = humanStringToMode( sdmode); }
+ if ( mode != "" ) { Settings["mode"] = humanStringToMode( mode ); }
+
+ if ( bydate == true ) {
+
+ integer start_hour = (integer) UI::QueryWidget(`id(`startHour), `Value);
+ integer start_min = (integer) UI::QueryWidget(`id(`startMin), `Value);
+ integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value);
+ integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value);
+ integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value);
+ integer end_hour = (integer) UI::QueryWidget(`id(`endHour), `Value);
+ integer end_min = (integer) UI::QueryWidget(`id(`endMin), `Value);
+ integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value);
+ integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value);
+ integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value);
+
+ string start_time = tostring(start_hour) + ":" + tostring(start_min);
+ string end_time = tostring(end_hour) + ":" + tostring(end_min);
+
+ if ( CheckDate(startDay,startMonth,startYear) == false ) {
+ Popup::Error( _("Illegal start date entered. Please retry.") );
+ continue;
+ }
+
+ if ( CheckDate(endDay,endMonth,endYear) == false ) {
+ Popup::Error( _("Illegal end date entered. Please retry.") );
+ continue;
+ }
+
+ string start_day = tostring(startDay);
+ string start_month = tostring(startMonth);
+ string start_year = tostring(startYear);
+ string end_day = tostring(endDay);
+ string end_month = tostring(endMonth);
+ string end_year = tostring(endYear);
+
+ Settings["startday"] = tostring(start_day);
+ Settings["startmonth"] = tostring(start_month);
+ Settings["startyear"] = tostring(start_year);
+ Settings["endday"] = tostring(end_day);
+ Settings["endmonth"] = tostring(end_month);
+ Settings["endyear"] = tostring(end_year);
+ Settings["starttime"] = start_time;
+ Settings["endtime"] = end_time;
+
+ }
+
+ string expType = (string) UI::QueryWidget(`id(`expType), `Value);
+ string expPath = (string) UI::QueryWidget(`id(`expPath), `Value);
+
+ if ( expType == _("csv") ) {
+ Settings["exporttext"] = "1";
+ } else if ( expType == _("html") ) {
+ Settings["exporthtml"] = "1";
+ } else if ( expType == _("Both") ) {
+ Settings["exporttext"] = "1";
+ Settings["exporthtml"] = "1";
+ }
+
+ Settings["exportPath"] = expPath;
+
+ break;
+ }
+ }
+
+ return Settings;
+}
+
+define term displayEmptyRep(string type) {
+
+ string myLabel = "";
+ string myInfo = "";
+
+ if ( type == "noDb" ) {
+ myLabel = _("Events DB Not Initialized.");
+ myInfo = _("The events database has not been populated. No records exist.");
+ } else if ( type == "noList" ) {
+ myLabel = _("Query Returned Empty List.");
+ myInfo = _("The events database has no records that match the search query.");
+ }
+
+ term newPage =
+
+ `Frame( `id(`newpage), myLabel,
+
+ `VBox(
+ //`Label(myLabel),
+ `HBox(
+ `VSpacing(10),
+ `Label( myInfo ),
+ `VSpacing(0.5)
+ ),
+ `HSpacing(`opt(`hstretch), 1.0),
+ `VSpacing(1)
+ ));
+
+
+ return newPage;
+}
+
+define term displayRep(string type, integer curPage, string slastPage, list reportList ) {
+
+ string myLabel = "";
+ string currentPage = tostring(curPage);
+ term myTable = nil;
+
+ if (type == "onDemand" || type == "sir") {
+ // Very poor i18n here
+ myLabel = _("On Demand Event Report - Page ") + currentPage + _(" of ") + slastPage;
+ myTable = makeSirTable(reportList);
+
+ } else if (type == "archRep") {
+
+ myLabel = _("Archived Event Report - Page ") + currentPage + _(" of ") + slastPage;
+ myTable = makeSirTable(reportList);
+
+ } else if (type == "aud" || type == "audRep" ) {
+
+ myLabel = _("Applications Audit Report");
+ myTable = `Table(`id(`table), `opt(`notify, `immediate ),
+ `header(_("Host"), _("Date"), _("Program"),
+ _("Profile"), _("PID"), _("State"), _("Type") ), reportList);
+
+ } else if (type == "ess" || type == "essRep" ) {
+ if (reportList == nil) {
+ myLabel = _("Executive Security Summary");
+ myTable = `Table(`id(`table), `opt(`notify),
+ `header(_("Query Results")), _("No event information exists."));
+
+ } else {
+ myLabel = _("Executive Security Summary");
+ myTable = `Table(`id(`table), `opt(`notify, `immediate ),
+ `header(_("Host"), _("Start Date"),_("End Date"), _("Num Rejects"),
+ _("Num Events"), _("Ave. Sev"), _("High Sev") ), reportList);
+ }
+ }
+
+ term newPage =
+
+ `Frame( `id(`newpage), myLabel,
+
+ `VBox(
+ `HBox(
+ `VSpacing(10),
+ myTable,
+ `VSpacing(0.5)
+ ),
+ `HSpacing(`opt(`hstretch), 1.0),
+ `VSpacing(0.5),
+ `HBox(
+ `PushButton(`id(`first), _("F&irst Page") ),
+ `PushButton(`id(`prev), _("&Previous") ),
+ `PushButton(`id(`psort), _("&Sort") ),
+ `PushButton(`id(`fwd), _("&Forward") ),
+ `PushButton(`id(`last), _("&Last Page") ),
+ `PushButton(`id(`goto), _("&Go to Page") )
+ ),
+ `VSpacing(1)
+ ));
+
+ return newPage;
+}
+
+
+// View Archived Reports
+define symbol displayArchForm() {
+
+ map<string,boolean> archType = $[ ];
+ archType["sirRep"] = true;
+ archType["audRep"] = false;
+ archType["essRep"] = false;
+
+ map<string,string> Settings = $[ ];
+ string readSched = "1";
+ Settings["getcron"] = "0";
+ Settings["readSched"] = "1";
+ Settings["type"] = "sirRep";
+ string type = Settings["type"]:nil;
+
+ list<term> itemList = [];
+ itemList = getArrayList(type,"");
+
+ Wizard::SetContentsButtons( _("AppArmor Security Event Report"),
+ viewForm(archType, itemList, ""), archHelpText, Label::BackButton(), _("&Done") );
+
+ map event = $[];
+ any archId = nil;
+
+ string repPath = "";
+ integer lastPage = 1;
+ integer curPage = 1;
+
+ string formHelp = runHelp;
+
+
+ while( true ) {
+
+ event = UI::WaitForEvent( );
+
+ archId = event["ID"]:nil; // We'll need this often - cache it
+
+ if (archId == `back || archId == `abort || archId == `done) {
+ break;
+ } else if ( archId == `close || archId == `cancel || archId == `next) {
+ break;
+
+ } else if ( archId == `repPath ) {
+
+ repPath = (string) UI::QueryWidget(`id(`repPath), `Value);
+ Settings["repPath"] = repPath;
+ itemList = getArrayList(type,repPath);
+ Wizard::SetContentsButtons( _("AppArmor Security Event Report"),
+ viewForm(archType, itemList, repPath), archHelpText, Label::BackButton(), _("&Done") );
+
+ } else if ( archId == `browse ) {
+
+ string selectFile = "";
+ selectFile = UI::AskForExistingDirectory( "/", _("Select Directory"));
+
+ if ( selectFile != nil ) {
+ UI::ChangeWidget(`id(`repPath), `Value, selectFile);
+ // set new reppath
+ repPath = selectFile;
+ Settings["repPath"] = repPath;
+ itemList = getArrayList(type,repPath);
+ Wizard::SetContentsButtons( _("AppArmor Security Event Report"),
+ viewForm(archType, itemList, repPath), archHelpText, Label::BackButton(),
+ _("&Done") );
+ }
+
+
+ } else if ( archId == `sirRep ) {
+ formHelp = sirHelp;
+ archType["sirRep"] = true;
+ archType["audRep"] = false;
+ archType["essRep"] = false;
+ Settings["type"] = "sirRep";
+ type = Settings["type"]:nil;
+
+ itemList = getArrayList(type,repPath);
+
+ Wizard::SetContentsButtons( _("View Archived SIR Report"),
+ viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done"));
+
+ } else if ( archId == `audRep ) {
+ formHelp = audHelp;
+ archType["sirRep"] = false;
+ archType["audRep"] = true;
+ archType["essRep"] = false;
+ Settings["type"] = "audRep";
+ type = Settings["type"]:nil;
+
+ itemList= getArrayList(type,"");
+ Wizard::SetContentsButtons( _("View Archived AUD Report"),
+ viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done"));
+
+ } else if ( archId == `essRep ) {
+ formHelp = essHelp;
+ archType["sirRep"] = false;
+ archType["audRep"] = false;
+ archType["essRep"] = true;
+ Settings["type"] = "essRep";
+ type = Settings["type"]:nil;
+
+ itemList= getArrayList(type,"");
+ Wizard::SetContentsButtons( _("View Archived ESS Report"),
+ viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done"));
+
+
+ } else if ( archId == `view || archId == `viewall || archId == `table) {
+
+ if ( archId == `viewall ) {
+ Settings["single"] = "0";
+ } else {
+ Settings["single"] = "1";
+ }
+
+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
+ string logFile = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "");
+ string logPath = (string) UI::QueryWidget(`id(`repPath), `Value);
+ list splitPath = splitstring (logPath, "/");
+ string checkPath = splitPath[size(splitPath)-1]:"";
+
+ string longLogName = "";
+
+
+ // Cat strings & check for trailing "/" in path
+ if ( logPath != "" ) {
+ if ( checkPath != "" ) {
+ longLogName = logPath + "/" + logFile;
+ } else {
+ longLogName = logPath + logFile;
+ }
+ }
+
+ if ( type == "sirRep" ) {
+
+ formHelp = sirHelp;
+ map<any,any> sirSettings = nil;
+ sirSettings = setArchFilter();
+ if ( archId == `viewall ) { sirSettings["single"] = 0; }
+
+ // Force an exit if appropriate
+ any breakCheck = sirSettings["break"]:nil;
+
+ if ( breakCheck == "abort" ) {
+ symbol myBreak = `abort;
+ return myBreak;
+
+ } else if ( breakCheck == "back" ) {
+ symbol myBreak = `back;
+ return myBreak;
+ }
+
+ if ( repPath != "" ) {
+ sirSettings["repPath"] = repPath;
+ }
+
+ Wizard::SetContentsButtons( _("Security Incident Report"),
+ viewArchForm(type,logFile,sirSettings), sirHelp, Label::BackButton(), _("&Done"));
+
+ lastPage = getLastPage(type,Settings,""); // check 'name'
+ setPageButtons(curPage,lastPage);
+
+ } else if ( type == "audRep" ) {
+
+ formHelp = audHelp;
+ list<term> reportList = [];
+ integer key = 1;
+ Settings["page"] = "1";
+ Settings["audArch"] = "1";
+ Settings["turnPage"] = "1";
+ Settings["file"] = logFile;
+
+ list <map> db = (list <map>) SCR::Read (.reports_confined, Settings);
+
+ foreach ( map repdata, db, {
+ reportList = add( reportList, `item( `id(key), repdata["host"]:nil,
+ repdata["date"]:nil, repdata["prog"]:nil, repdata["prof"]:nil,
+ repdata["pid"]:nil, repdata["state"]:nil, repdata["type"]:nil ));
+ key = key + 1;
+ });
+
+ lastPage = getLastPage(type,Settings,"");
+ string slastPage = tostring(lastPage);
+
+ Wizard::SetContentsButtons( _("Applications Audit Report"),
+ displayRep(type,curPage,slastPage,reportList), formHelp, Label::BackButton(),
+ _("&Done") );
+ setPageButtons(curPage,lastPage);
+
+ } else if ( type == "essRep" ) {
+
+ formHelp = essHelp;
+ list<term> reportList = [];
+ integer key = 1;
+ Settings["file"] = logFile;
+ Settings["essArch"] = "1";
+
+ list <map> db = (list <map>) SCR::Read (.reports_ess, Settings);
+
+ foreach ( map repdata, db, {
+ reportList = add( reportList, `item( `id(key), repdata["host"]:nil,
+ repdata["startdate"]:nil, repdata["enddate"]:nil, repdata["numRejects"]:nil,
+ repdata["numEvents"]:nil, repdata["sevMean"]:nil, repdata["sevHi"]:nil ));
+ key = key + 1;
+ });
+
+ lastPage = getLastPage(type,Settings,"");
+ string slastPage = tostring(lastPage);
+
+ Wizard::SetContentsButtons( _("Executive Security Summary Report"),
+ displayRep(type,curPage,slastPage,reportList), formHelp, Label::BackButton(),
+ _("&Done") );
+ setPageButtons(curPage,lastPage);
+
+ } else {
+ Popup::Error( _("No recognized report type selected. Try again.") );
+ continue;
+ }
+
+ } else if ( archId == `goto ) {
+
+ integer newPage = popUpGoto(lastPage);
+
+ if ( newPage > 0 && newPage <= lastPage && newPage != curPage ) {
+ curPage = newPage;
+
+ term fwdForm = turnArchReportPage(curPage,lastPage);
+ Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, runHelp, Label::BackButton(), _("&Done") );
+ setPageButtons(curPage,lastPage);
+ }
+
+ } else if ( archId == `psort ) {
+
+ string sortKey = popUpSort(type);
+
+ if ( sortKey != nil && sortKey != "" ) {
+ curPage = 1;
+ map<string,string> sortCmd = $[];
+ sortCmd["sortKey"] = sortKey;
+ sortCmd["sort"] = "1";
+ any junk = SCR::Write(.logparse, sortCmd);
+ term fwdForm = turnArchReportPage(curPage,lastPage);
+ Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, runHelp, Label::BackButton(), _("&Done") );
+ setPageButtons(curPage,lastPage);
+ }
+
+ } else if ( archId == `fwd ) {
+
+ curPage = curPage +1;
+ term fwdForm = turnArchReportPage(curPage,lastPage);
+ Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, formHelp, Label::BackButton(), _("&Done") );
+
+ setPageButtons(curPage,lastPage);
+
+
+ } else if ( archId == `prev ) {
+
+ if ( curPage > 0 ) { curPage = curPage -1; }
+ term prevForm = turnArchReportPage(curPage,lastPage);
+ Wizard::SetContentsButtons( _("AppArmor Report"), prevForm, formHelp, Label::BackButton(), _("&Done") );
+
+ setPageButtons(curPage,lastPage);
+
+ } else if ( archId == `first ) {
+
+ curPage = 1;
+ term firstForm = turnArchReportPage(curPage,lastPage);
+ Wizard::SetContentsButtons( _("AppArmor Report"), firstForm, formHelp, Label::BackButton(), _("&Done") );
+ setPageButtons(curPage,lastPage);
+
+ } else if ( archId == `last ) {
+
+ curPage = lastPage;
+ term lastForm = turnArchReportPage(curPage,lastPage);
+ Wizard::SetContentsButtons( _("AppArmor Report"), lastForm, formHelp, Label::BackButton(), _("&Done") );
+ setPageButtons(curPage,lastPage);
+
+ } else {
+ y2error("Unexpected return code: %1", archId);
+ continue;
+ }
+ //break;
+ }
+
+ if (archId != `back && archId != `abort && archId != `done) {
+ archId = `back;
+ }
+
+ return (symbol) archId;
+}
+
+// The main form for On-Demand reports, executed from the wizard by selecting 'Run Now'
+define symbol displayRunForm() {
+
+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
+ string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""));
+
+ string type = "";
+
+ if (name == "Security.Incident.Report") {
+ type = "sir";
+ } else if (name == "Applications.Audit") {
+ type = "aud";
+ } else if ( name == "Executive.Security.Summary") {
+ type = "ess";
+ } else {
+ type = "sir"; // All added reports are SIRs
+ }
+
+ if ( type != "aud" ) {
+ boolean dbActivated = checkEventDb();
+ if ( dbActivated == false ) {
+ type = "noDb";
+ }
+ }
+
+ list<term> reportList = [];
+ map<any,any> Settings = $[ ];
+ integer curPage = 1;
+ integer lastPage = 1;
+ string slastPage = "1";
+
+ string formHelp = runHelp;
+ map <any,any> reportdata = nil;
+
+ if (type == "sir") {
+
+ Settings = filterConfigForm(name);
+
+ // Force an exit if appropriate
+ any breakCheck = Settings["break"]:nil;
+
+ if ( breakCheck == "abort" ) {
+ symbol myBreak = `abort;
+ return myBreak;
+
+ } else if ( breakCheck == "back" ) {
+ symbol myBreak = `back;
+ return myBreak;
+ }
+
+ formHelp = sirHelp;
+ Settings["type"] = "onDemand";
+ Settings["turnPage"] = "0";
+
+ reportList = getReportList("sir",Settings);
+ integer listSize = size(reportList);
+ if ( listSize < 1 ) {
+ type = "noList";
+ }
+
+ } else if ( type == "aud" ) {
+
+ formHelp = audHelp;
+ Settings["type"] = "onDemand";
+ Settings["turnPage"] = "0";
+
+ list <map> db = (list <map>) SCR::Read (.reports_confined, Settings);
+
+ integer key = 1;
+
+ foreach ( map repdata, db, {
+ reportList = add( reportList, `item( `id(key), repdata["host"]:nil,
+ repdata["date"]:nil, repdata["prog"]:nil, repdata["prof"]:nil,
+ repdata["pid"]:nil, repdata["state"]:nil, repdata["type"]:nil ));
+ key = key + 1;
+ });
+
+ } else if ( type == "ess" ) {
+
+ formHelp = essHelp;
+ Settings["type"] = "onDemand";
+ Settings["turnPage"] = "0";
+ list <map> db = (list <map>) SCR::Read (.reports_ess, Settings);
+
+ if (db != nil) {
+
+ integer key = 1;
+
+ foreach ( map repdata, db, {
+ reportList = add( reportList, `item( `id(key), repdata["host"]:nil,
+ repdata["startdate"]:nil, repdata["enddate"]:nil,
+ repdata["numRejects"]:nil, repdata["numEvents"]:nil, repdata["sevMean"]:nil,
+ repdata["sevHi"]:nil ));
+ key = key + 1;
+ });
+ }
+
+ }
+
+ if ( type == "noDb" ) {
+ Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayEmptyRep(type),
+ formHelp, Label::BackButton(), _("&Done") );
+ } else if ( type == "noList" ) {
+ Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayEmptyRep(type),
+ formHelp, Label::BackButton(), _("&Done") );
+ } else {
+
+ lastPage = getLastPage(type,Settings,name);
+ slastPage = tostring(lastPage);
+
+ Wizard::SetContentsButtons( _("AppArmor On-Demand Report"),
+ displayRep(type,curPage,slastPage,reportList), formHelp,
+ Label::BackButton(), _("&Done") );
+ setPageButtons(curPage,lastPage);
+ }
+
+ map event = $[];
+ any id = nil;
+
+ while( true ) {
+
+ // Grey out inappropriate paging buttons
+ if (curPage <= 1 ) {
+ UI::ChangeWidget(`id(`prev), `Enabled, false);
+ } else if ( curPage >= lastPage ) {
+ UI::ChangeWidget(`id(`fwd), `Enabled, false);
+ }
+
+ event = UI::WaitForEvent( timeout_millisec );
+ id = event["ID"]:nil; // We'll need this often - cache it
+
+ // REDO
+ if ( id == `schedrep ) {
+ break;
+ } else if ( id == `abort || id == `cancel || id == `back || id == `done) {
+ break;
+ } else if ( id == `next ) {
+
+ break;
+
+ } else if ( id == `goto ) {
+
+ integer newPage = popUpGoto(lastPage);
+
+ if ( newPage > 0 && newPage <= lastPage && newPage != curPage ) {
+ curPage = newPage;
+
+ term goForm = turnReportPage(name,curPage,slastPage,Settings);
+ Wizard::SetContentsButtons( _("AppArmor - Run Reports"), goForm,
+ formHelp, Label::BackButton(), _("&Done") );
+ setPageButtons(curPage,lastPage);
+ }
+
+ } else if ( id == `psort ) {
+
+ string sortKey = popUpSort(type);
+
+ if ( sortKey != nil && sortKey != "" ) {
+
+ // branch added 08.01.2005
+ curPage = 1;
+ Settings["type"] = "onDemand";
+ Settings["turnPage"] = "0";
+ Settings["sortKey"] = sortKey;
+
+ reportList = getReportList(type,Settings);
+
+ Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayRep(type,curPage,
+ slastPage,reportList), formHelp, Label::BackButton(), _("&Done") );
+ setPageButtons(curPage,lastPage);
+
+ }
+
+ } else if ( id == `prev ) {
+
+ if ( curPage > 0 ) { curPage = curPage -1; }
+ term prevForm = turnReportPage(name,curPage,slastPage,Settings);
+ Wizard::SetContentsButtons( _("AppArmor - Run Reports"), prevForm,
+ formHelp, Label::BackButton(), _("&Done") );
+ setPageButtons(curPage,lastPage);
+
+ } else if ( id == `fwd ) {
+ curPage = curPage + 1;
+ term fwdForm = turnReportPage(name,curPage,slastPage,Settings);
+ Wizard::SetContentsButtons( _("AppArmor - Run Reports"), fwdForm,
+ formHelp, Label::BackButton(), _("&Done") );
+ setPageButtons(curPage,lastPage);
+
+ } else if ( id == `first ) {
+
+ curPage = 1;
+ slastPage = tostring(lastPage);
+ term firstForm = turnReportPage(name,curPage,slastPage,Settings);
+ Wizard::SetContentsButtons( _("AppArmor - Run Reports"), firstForm, formHelp,
+ Label::BackButton(), _("&Done") );
+ setPageButtons(curPage,lastPage);
+
+ } else if ( id == `last ) {
+
+ curPage = lastPage;
+ slastPage = tostring(lastPage);
+ term lastForm = turnReportPage(name,curPage,slastPage,Settings);
+ Wizard::SetContentsButtons( _("AppArmor - Run Reports"), lastForm, formHelp,
+ Label::BackButton(), _("&Done") );
+ setPageButtons(curPage,lastPage);
+
+ } else {
+ y2error("Unexpected return code: %1", id);
+ continue;
+ }
+
+ }
+
+ type = "";
+ return (symbol) id;
+}
+
+define void addSchedForm() {
+
+ map<string,string> Settings = $[ ];
+ string readSched = "1";
+ Settings["getcron"] = "1";
+ Settings["readSched"] = "1";
+ Settings["type"] = "schedRep";
+
+ string expPath = "/var/log/apparmor/reports-exported";
+
+ UI::OpenDialog(
+
+ `ReplacePoint( `id(`addSchedRep), `VBox(
+ `Label( _("Add Scheduled SIR") ),
+ `VSpacing(1),
+ `TextEntry(`id(`name), _("Report Name")),
+ `VSpacing(1),
+ `HBox(
+ `ComboBox(`id(`monthdate), `opt(`notify), _("Day of Month"), [
+ `item(`id(`md_00), _("All")),
+ `item(`id(`md_01), "1"), `item(`id(`md_02), "2"), `item(`id(`md_03), "3"),
+ `item(`id(`md_04), "4"), `item(`id(`md_05), "5"), `item(`id(`md_06), "6"),
+ `item(`id(`md_07), "7"), `item(`id(`md_08), "8"), `item(`id(`md_09), "9"),
+ `item(`id(`md_10), "10"), `item(`id(`md_11), "9"), `item(`id(`md_12), "12"),
+ `item(`id(`md_13), "13"), `item(`id(`md_14), "14"), `item(`id(`md_15), "15"),
+ `item(`id(`md_16), "16"), `item(`id(`md_17), "17"), `item(`id(`md_18), "18"),
+ `item(`id(`md_19), "19"), `item(`id(`md_20), "20"), `item(`id(`md_21), "21"),
+ `item(`id(`md_22), "22"), `item(`id(`md_23), "23"), `item(`id(`md_24), "24"),
+ `item(`id(`md_25), "25"), `item(`id(`md_26), "26"), `item(`id(`md_27), "27"),
+ `item(`id(`md_28), "28"), `item(`id(`md_29), "29"), `item(`id(`md_30), "30"),
+ `item(`id(`md_31), "31") ]),
+ `ComboBox(`id(`weekday), `opt(`notify), _("Day of Week"), [
+ _("All"), _("Sun"), _("Mon"), _("Tue"), _("Wed"), _("Thu"), _("Fri"), _("Sat")
+ ]),
+ `IntField(`id(`hour), _("Hour"), 00, 23, 00),
+ `IntField(`id(`mins), _("Minute"), 00, 59, 00)
+ ),
+ `VSpacing(1),
+ `HBox(
+ `VSpacing(1),
+ `TextEntry(`id(`email1), `opt(`notify), _("Email Target 1"), ""),
+ `TextEntry(`id(`email2), `opt(`notify), _("Email Target 2"), ""),
+ `TextEntry(`id(`email3), `opt(`notify), _("Email Target 3"), "")
+ ),
+ `VSpacing(1),
+ `HBox(
+ `VSpacing(0.5),
+ `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [
+ _("None"), _("csv"), _("html"), _("Both")
+ ]),
+ `TextEntry(`id(`expPath), _("Location to store log."), expPath ),
+ `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) ))
+ ),
+ `VSpacing(1),
+ `HBox(
+ `PushButton(`id(`cancel), Label::CancelButton() ),
+ `PushButton(`id(`next), Label::NextButton() )
+ )
+ )));
+
+ string mode = "All";
+ string sdmode = "R";
+ integer timeout_millisec = 20 * 1000;
+ map event = $[];
+ any addInput = nil;
+
+ while( true ) {
+
+ event = UI::WaitForEvent( timeout_millisec );
+ addInput = event["ID"]:nil; // We'll need this often - cache it
+
+
+ if ( addInput == `monthdate && addInput != 0 ) {
+ UI::ChangeWidget(`id(`weekday), `Value, _("All") );
+ } else if ( addInput == `weekday && addInput != _("All") ) {
+ UI::ChangeWidget(`id(`monthdate), `Value, _("All") );
+ }
+
+ if ( addInput == `next ) {
+
+ // Check for valid path
+ expPath = (string) UI::QueryWidget(`id(`expPath), `Value);
+ map<any,any> fileTest = $[];
+ fileTest["checkFile"] = "1";
+ fileTest["file"] = expPath;
+
+ any pathExists = SCR::Read(.reports_parse, fileTest);
+ string spath = tostring(pathExists);
+
+ if ( spath != "1" ) {
+ Popup::Error(_("The specified directory does not exist."));
+ UI::ChangeWidget(`id(`expPath), `Value, oldExpPath);
+ } else {
+
+ Settings["expPath"] = expPath;
+ UI::ChangeWidget(`id(`expPath), `Value, expPath);
+
+ string name = (string) UI::QueryWidget(`id(`name), `Value);
+ string monthdate = (string) UI::QueryWidget(`id(`monthdate), `Value);
+ string weekday = (string) UI::QueryWidget(`id(`weekday), `Value);
+ any iHours = (any) UI::QueryWidget(`id(`hour), `Value);
+ any iMins = (any) UI::QueryWidget(`id(`mins), `Value);
+ string email1 = (string) UI::QueryWidget(`id(`email1), `Value);
+ string email2 = (string) UI::QueryWidget(`id(`email2), `Value);
+ string email3 = (string) UI::QueryWidget(`id(`email3), `Value);
+
+ //string monthdate = tostring( iMonthdate );
+ string hour = tostring( iHours );
+ string mins = tostring( iMins );
+
+ string expType = (string) UI::QueryWidget(`id(`expType), `Value);
+
+ if ( expType == _("csv") || expType == _("Both") ) {
+ Settings["csv"] = "1";
+ }
+
+ if ( expType == _("html") || expType == _("Both") ) {
+ Settings["html"] = "1";
+ }
+
+ if ( weekday == _("All") ) { weekday = "-"; }
+ if ( monthdate == _("All") ) { monthdate = "-"; }
+
+ // de-i18n
+ if ( weekday == _("Mon") ) { weekday = "Mon"; }
+ if ( weekday == _("Tue") ) { weekday = "Tue"; }
+ if ( weekday == _("Weds") ) { weekday = "Weds"; }
+ if ( weekday == _("Thu") ) { weekday = "Thu"; }
+ if ( weekday == _("Fri") ) { weekday = "Fri"; }
+ if ( weekday == _("Sat") ) { weekday = "Sat"; }
+ if ( weekday == _("Sun") ) { weekday = "Sun"; }
+
+ Settings["add"] = "1";
+ Settings["name"] = name;
+ Settings["monthdate"] = monthdate;
+ Settings["weekday"] = weekday;
+ Settings["hour"] = hour;
+ Settings["mins"] = mins;
+ Settings["email1"] = email1;
+ Settings["email2"] = email2;
+ Settings["email3"] = email3;
+
+ // Confirm reasonable input on report names
+ string checkName = filterchars(name, "`~!@#$%^&*()[{]};:'\",<>?/\|");
+ integer nameLength = size(name);
+
+ if ( regexpmatch(name, " ") == true ) {
+ Popup::Error( _("Only one contiguous space allowed in report names."));
+ } else if ( checkName != "" ) {
+ Popup::Error( _("These characters are not allowed in report names:
+ \"`~!@#$%^&*()[{]};:'\",<>?/\|\"") );
+ } else if ( nameLength > 128 ) {
+ Popup::Error( _("Only 128 characters are allowed in report names."));
+ } else {
+ boolean uniqueName = findDupe(name);
+ if ( uniqueName == true ) {
+ UI::ReplaceWidget(`addSchedRep, schedFilterForm );
+ } else {
+ Popup::Error( _("Each report name should be unique.") );
+ }
+ }}
+
+ } else if ( addInput == `sdmode ) {
+
+ sdmode = popUpSdMode();
+
+ if (sdmode != "") {
+ Settings["sdmode"] = sdmode;
+ UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) ));
+ }
+
+ } else if ( addInput == `mode ) {
+
+ mode = popUpMode();
+
+ if (mode != "") {
+ Settings["mode"] = mode;
+ UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode )) );
+ }
+
+ } else if (addInput == `save ) {
+
+ string prog = (string) UI::QueryWidget(`id(`prog), `Value);
+ string prof = (string) UI::QueryWidget(`id(`prof), `Value);
+ string pid = (string) UI::QueryWidget(`id(`pid), `Value);
+ string res = (string) UI::QueryWidget(`id(`res), `Value);
+ string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label);
+ string mode = (string) UI::QueryWidget(`id(`mode), `Label);
+ string sev = (string) UI::QueryWidget(`id(`sev), `Value);
+ string expType = (string) UI::QueryWidget(`id(`expType), `Value);
+
+ if ( expType == "csv" ) {
+ Settings["exporttext"] = "1";
+ } else if ( expType == "html" ) {
+ Settings["exporthtml"] = "1";
+ } else if ( expType == "both" ) {
+ Settings["exporttext"] = "1";
+ Settings["exporthtml"] = "1";
+ }
+
+ if ( sev == _("All") ) { sev = "-"; }
+
+ Settings["getcron"] = "";
+ Settings["prog"] = prog;
+ Settings["prof"] = prof;
+ Settings["pid"] = pid;
+ Settings["sev"] = sev;
+ Settings["res"] = res;
+ Settings["sdmode"] = humanStringToMode( sdmode );
+ Settings["mode"] = humanStringToMode( mode );
+
+ any error = (any) SCR::Write(.reports_sched, Settings);
+
+ if (is(error, string)) {
+ string erStr = tostring(error);
+ Popup::Error("Error: " + erStr);
+ }
+
+ addInput = `close;
+ break;
+
+ } else if ( addInput == `accept ) {
+
+ expPath = (string) UI::QueryWidget(`id(`expPath), `Value);
+ map<any,any> fileTest = $[];
+ fileTest["checkFile"] = "1";
+ fileTest["file"] = expPath;
+
+ any pathExists = SCR::Read(.reports_parse, fileTest);
+ string spath = tostring(pathExists);
+
+ if ( spath == "1" ) {
+ Settings["expPath"] = expPath;
+ UI::ChangeWidget(`id(`expPath), `Value, expPath);
+ } else {
+ Popup::Error(_("The specified directory does not exist."));
+ }
+
+ } else if ( addInput == `browse ) {
+
+ string selectFile = "";
+ selectFile = UI::AskForExistingDirectory( "/", _("Select Directory"));
+
+ if ( selectFile != nil ) {
+ UI::ChangeWidget(`id(`expPath), `Value, selectFile);
+ }
+
+ Settings["expPath"] = expPath;
+
+ } else if ( addInput == `cancel || addInput == `close ) {
+
+ addInput = `close;
+ break;
+ }
+ }
+
+ UI::CloseDialog();
+
+ return;
+}
+
+define void editSchedForm() {
+
+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
+ string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""));
+
+ map<string,string> Settings = $[ ];
+ string readSched = "1";
+ Settings["name"] = name;
+ Settings["getcron"] = "";
+ Settings["getrep"] = "1";
+ Settings["readSched"] = "1";
+ Settings["type"] = "schedRep";
+
+ list<term> itemList = [];
+ integer key = 1;
+
+ map <any,any> db = nil;
+ db = (map) SCR::Read (.reports_sched, Settings );
+ string sname = name; // Don't know why this was pulled from db instead of name above
+ any amday = db["mday"]:nil;
+ any wday = db["wday"]:nil;
+ any shour = db["hour"]:nil;
+ any smins = db["mins"]:nil;
+
+ string oldRepName = sname;
+ string swday = "All";
+ string monthdate = "All";
+
+ if (amday != nil) { monthdate = tostring(amday); }
+ if (wday != nil) { swday = tostring(wday); }
+
+ integer ihour = 23;
+ integer imins = 59;
+ if (shour != nil) { ihour = tointeger(shour); }
+ if (smins != nil) { imins = tointeger(smins); }
+
+ // Get reports.conf info
+ Settings["getrep"] = "";
+ Settings["getconf"] = "1";
+ map <any,any> db2 = nil;
+ db2 = (map) SCR::Read (.reports_sched, Settings );
+
+ any aemail1 = db2["addr1"]:nil;
+ any aemail2 = db2["addr2"]:nil;
+ any aemail3 = db2["addr3"]:nil;
+ any tmpPath = db2["exportpath"]:nil;
+
+ string email1 = "";
+ string email2 = "";
+ string email3 = "";
+
+ string expType = "";
+ string expPath = "/var/log/apparmor/reports-exported";
+ if ( tmpPath != nil ) {
+ oldExpPath = tostring(tmpPath);
+ expPath = oldExpPath;
+ } else {
+ oldExpPath = defExpPath;
+ expPath = oldExpPath;
+ }
+
+ if (aemail1 != nil) { email1 = tostring(aemail1); }
+ if (aemail2 != nil) { email2 = tostring(aemail2); }
+ if (aemail3 != nil) { email3 = tostring(aemail3); }
+
+ /* Get Filtering Info for Report */
+ any aprog = db2["prog"]:nil;
+ any aprof = db2["prof"]:nil;
+ any apid = db2["pid"]:nil;
+ any ares = db2["res"]:nil;
+ any asev = db2["severity"]:nil;
+ any asdmode = db2["sdmode"]:nil;
+ any amode = db2["mode"]:nil;
+ any acsv = db2["csv"]:nil;
+ any ahtml = db2["html"]:nil;
+
+ /* debug */
+ if ( aprog != nil ) { Settings["prog"] = tostring(aprog); }
+ if ( aprof != nil ) { Settings["prof"] = tostring(aprof); }
+ if ( apid != nil ) { Settings["pid"] = tostring(apid); }
+ if ( ares != nil ) { Settings["res"] = tostring(ares); }
+ if ( asev != nil ) { Settings["sev"] = tostring(asev); }
+ if ( asdmode != nil ) { Settings["sdmode"] = tostring(asdmode); }
+ if ( asdmode == nil || asdmode == "-" ) {
+ Settings["sdmode"] = "All";
+ }
+ if ( amode != nil ) { Settings["mode"] = tostring(amode); }
+
+ if ( acsv != nil && ahtml != nil ) {
+ expType = "Both";
+ Settings["csv"] = "1";
+ Settings["html"] = "1";
+ } else if ( acsv != nil && ahtml == nil ) {
+ expType = "csv";
+ Settings["csv"] = "1";
+ Settings["html"] = "";
+ } else if ( acsv == nil && ahtml != nil ) {
+ expType = "html";
+ Settings["csv"] = "";
+ Settings["html"] = "1";
+ } else if ( acsv == nil && ahtml == nil ) {
+ expType = "None";
+ Settings["csv"] = "";
+ Settings["html"] = "";
+ }
+
+ // Special handling for sev
+ string formatSev = "";
+ if ( asev != nil ) { formatSev = tostring(asev); }
+ if ( formatSev != "" && formatSev != "U" && formatSev != "All" && formatSev != nil) {
+ formatSev = "0" + formatSev;
+ }
+
+ term continueBtns =
+
+ `HBox(
+ `PushButton(`id(`cancel), Label::CancelButton() ),
+ `PushButton(`id(`fwd), _("N&ext") )
+ );
+
+
+ // We need secondary filters for SIR reports only
+ if ( sname == "Executive.Security.Summary" || sname == "Applications.Audit" ) {
+
+ continueBtns =
+ `HBox(
+ `PushButton(`id(`cancel), Label::CancelButton() ),
+ `PushButton(`id(`save), Label::SaveButton() )
+ );
+
+ }
+
+ string edLabel = _("Edit Report Schedule for ") + typeToHumanString(sname);
+
+ UI::OpenDialog(
+
+ `ReplacePoint( `id(`editSchedRep),
+
+ `VBox(
+ `HBox( `Label(`id(`edname), edLabel) ),
+ `VSpacing(1),
+ `HBox(
+ `ComboBox(`id(`monthdate), `opt(`notify), _("Day of Month"), [
+ `item(`id(`md_00), _("All")),
+ `item(`id(`md_01), "1"), `item(`id(`md_02), "2"), `item(`id(`md_03), "3"),
+ `item(`id(`md_04), "4"), `item(`id(`md_05), "5"), `item(`id(`md_06), "6"),
+ `item(`id(`md_07), "7"), `item(`id(`md_08), "8"), `item(`id(`md_09), "9"),
+ `item(`id(`md_10), "10"), `item(`id(`md_11), "11"), `item(`id(`md_12), "12"),
+ `item(`id(`md_13), "13"), `item(`id(`md_14), "14"), `item(`id(`md_15), "15"),
+ `item(`id(`md_16), "16"), `item(`id(`md_17), "17"), `item(`id(`md_18), "18"),
+ `item(`id(`md_19), "19"), `item(`id(`md_20), "20"), `item(`id(`md_21), "21"),
+ `item(`id(`md_22), "22"), `item(`id(`md_23), "23"), `item(`id(`md_24), "24"),
+ `item(`id(`md_25), "25"), `item(`id(`md_26), "26"), `item(`id(`md_27), "27"),
+ `item(`id(`md_28), "28"), `item(`id(`md_29), "29"), `item(`id(`md_30), "30"),
+ `item(`id(`md_31), "31")
+ ]),
+ `ComboBox(`id(`weekday), `opt(`notify), _("Day of Week"), [
+ _("All"), _("Sun"), _("Mon"), _("Tue"), _("Wed"), _("Thu"), _("Fri"), _("Sat")
+ ]),
+ `IntField(`id(`hour), _("Hour"), 0, 23, ihour),
+ `IntField(`id(`mins), _("Minute"), 0, 59, imins)
+ ),
+ `VSpacing(1),
+ `HBox(
+ `VSpacing(1),
+ `TextEntry(`id(`email1), `opt(`notify), _("Email Target 1"), email1),
+ `TextEntry(`id(`email2), `opt(`notify), _("Email Target 2"), email2),
+ `TextEntry(`id(`email3), `opt(`notify), _("Email Target 3"), email3)
+ ),
+ `VSpacing(1),
+ `HBox(
+ `VSpacing(0.5),
+
+ // DWR MOD `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [
+ `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [
+ _("None"), _("csv"), _("html"), _("Both")
+ ]),
+ `TextEntry(`id(`expPath), _("Location to store log."), expPath ),
+ `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) ))
+ ),
+ `VSpacing(1),
+ continueBtns
+ )));
+
+ /**************************************************/
+ string mode = _("All");
+ string sdmode = _("R");
+
+ integer timeout_millisec = 20 * 1000;
+ map event = $[];
+ any editInput = nil;
+ //map<string,string> Settings = $[ ];
+
+ //Cheap & easy way to give default value to ComboBox
+ if (swday != _("All") ) {
+ UI::ChangeWidget(`id(`weekday), `Value, swday);
+ }
+
+ if ( monthdate != _("All") ) {
+ UI::ChangeWidget(`id(`monthdate), `Value, monthdate);
+ }
+
+ if ( expType != _("None") ) {
+ UI::ChangeWidget(`id(`expType), `Value, expType);
+ }
+
+ while( true ) {
+
+ event = UI::WaitForEvent( timeout_millisec );
+ editInput = event["ID"]:nil; // We'll need this often - cache it
+
+ if ( editInput == `monthdate && editInput != 0 ) {
+ UI::ChangeWidget(`id(`weekday), `Value, _("All") );
+ } else if ( editInput == `weekday && editInput != _("All") ) {
+ UI::ChangeWidget(`id(`monthdate), `Value, _("All") );
+ }
+
+ if ( editInput == `fwd ) {
+
+ string email1 = (string) UI::QueryWidget(`id(`email1), `Value);
+ string email2 = (string) UI::QueryWidget(`id(`email2), `Value);
+ string email3 = (string) UI::QueryWidget(`id(`email3), `Value);
+
+ string spath = "0";
+
+ expPath = (string) UI::QueryWidget(`id(`expPath), `Value);
+ map<any,any> fileTest = $[];
+ fileTest["checkFile"] = "1";
+ fileTest["file"] = expPath;
+
+ any pathExists = SCR::Read(.reports_parse, fileTest);
+ spath = tostring(pathExists);
+ Settings["expPath"] = expPath;
+
+ if ( spath == "1" ) {
+
+ Settings = getSchedSettings(Settings);
+ UI::ReplaceWidget(`editSchedRep, editFilterForm(Settings) );
+
+ // Special handling for ComboBoxes (sev)
+ if ( formatSev != "" ) { UI::ChangeWidget(`id(`sev), `Value, formatSev); }
+
+ } else {
+ Popup::Error(_("The specified directory does not exist."));
+ UI::ChangeWidget(`id(`expPath), `Value, oldExpPath);
+ }
+
+ } else if ( editInput == `sdmode ) {
+
+ sdmode = popUpSdMode();
+
+ if ( sdmode != "" ) {
+ Settings["sdmode"] = sdmode;
+ UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) ));
+ }
+
+ } else if ( editInput == `mode ) {
+
+ mode = popUpMode();
+ if ( mode != "" ) {
+ Settings["mode"] = mode;
+ UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode )));
+ }
+
+ } else if ( editInput == `browse ) {
+
+ string selectFile = "";
+ selectFile = UI::AskForExistingDirectory( "/", _("Select Directory"));
+
+ if ( selectFile != nil ) {
+ UI::ChangeWidget(`id(`expPath), `Value, selectFile);
+ }
+
+ Settings["expPath"] = expPath;
+
+ } else if ( editInput == `close || editInput == `cancel ) {
+ break;
+ } else if ( editInput == `save ) {
+
+ string spath = "0";
+
+ if ( sname == "Executive.Security.Summary" || sname == "Applications.Audit" ) {
+
+ expPath = (string) UI::QueryWidget(`id(`expPath), `Value);
+ map<any,any> fileTest = $[];
+ fileTest["checkFile"] = "1";
+ fileTest["file"] = expPath;
+
+ any pathExists = SCR::Read(.reports_parse, fileTest);
+ spath = tostring(pathExists);
+ Settings["expPath"] = expPath;
+ } else {
+ // SIR Reports already checked
+ spath = "1";
+ }
+
+ if ( spath != "1" ) {
+ Popup::Error(_("The specified directory does not exist."));
+ UI::ChangeWidget(`id(`expPath), `Value, oldExpPath);
+ } else {
+
+
+ if ( sname != "Executive.Security.Summary" && sname != "Applications.Audit" ) {
+
+ string prog = (string) UI::QueryWidget(`id(`prog), `Value);
+ string prof = (string) UI::QueryWidget(`id(`prof), `Value);
+ string pid = (string) UI::QueryWidget(`id(`pid), `Value);
+ string res = (string) UI::QueryWidget(`id(`res), `Value);
+ string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label);
+ string mode = (string) UI::QueryWidget(`id(`mode), `Label);
+ string sev = (string) UI::QueryWidget(`id(`sev), `Value);
+
+ Settings["prog"] = prog;
+ Settings["prof"] = prof;
+ Settings["pid"] = pid;
+ Settings["sev"] = sev;
+ Settings["res"] = res;
+ Settings["sdmode"] = humanStringToMode( sdmode );
+ Settings["mode"] = humanStringToMode( mode );
+
+ } else {
+
+ string email1 = (string) UI::QueryWidget(`id(`email1), `Value);
+ string email2 = (string) UI::QueryWidget(`id(`email2), `Value);
+ string email3 = (string) UI::QueryWidget(`id(`email3), `Value);
+
+ Settings = getSchedSettings(Settings);
+ }
+
+ Settings["name"] = sname;
+ Settings["getconf"] = "";
+ Settings["setconf"] = "1";
+
+ string expType = (string) UI::QueryWidget(`id(`expType), `Value);
+
+ if ( expType == "csv" ) {
+ Settings["exporttext"] = "1";
+ } else if ( expType == "html" ) {
+ Settings["exporthtml"] = "1";
+ } else if ( expType == "both" ) {
+ Settings["exporttext"] = "1";
+ Settings["exporthtml"] = "1";
+ }
+
+ any error = (any) SCR::Write(.reports_sched, Settings);
+
+ if (is(error, string)) {
+ string erStr = tostring(error);
+ Popup::Error( _("Error: ") + erStr);
+ }
+
+ break;
+ }}
+ // END - Save Dialog (editInput == `save)
+ }
+
+ UI::CloseDialog();
+
+ //return (symbol) editInput;
+ return;
+}
+
+define void delSchedForm() {
+
+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
+ string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""));
+
+ map<string,string> Settings = $[ ];
+ Settings["del"] = "1";
+ Settings["name"] = name;
+
+ UI::OpenDialog(
+
+ `VBox(
+ `VSpacing(0.5),
+ `Label( _("Delete Confirmation") ),
+ `VSpacing(1),
+ `HBox(
+ `HSpacing( `opt(`hstretch), 0.75 ),
+ `Left(`HWeight( 0, `Label( _("Are you sure you want to delete: ") + name + _("?") )))
+ ),
+ `VSpacing(1),
+ `HBox(
+ `PushButton(`id(`cancel), Label::CancelButton() ),
+ `PushButton(`id(`del), Label::DeleteButton() )
+ )
+ ));
+
+ symbol delInput = `default;
+
+ while ( delInput != `close ) {
+
+ delInput = (symbol) UI::UserInput();
+
+ if ( delInput == `del ) {
+ SCR::Write(.reports_sched, Settings);
+ //any error = (any) SCR::Write(.reportsched, Settings);
+ break;
+ } else if (delInput == `close || delInput == `cancel) {
+ break;
+ }
+ }
+
+ UI::CloseDialog();
+
+ return;
+
+}
+
+// Forces update of the table of available scheduled reports
+define void updateSched() {
+
+ map<string,string> Settings = $[ ];
+ string readSched = "1";
+ Settings["getcron"] = "1";
+ Settings["readSched"] = "1";
+ Settings["type"] = "schedRep";
+
+ list<term> itemList = [];
+ integer key = 1;
+
+ list <map> db = (list <map>) SCR::Read (.reports_sched, Settings);
+
+ foreach ( map record, db, {
+ itemList = add( itemList, `item( `id(key), typeToHumanString( record["name"]:"" ), record["mday"]:nil, record["wday"]:nil,
+ record["hour"]:nil, record["mins"]:nil ));
+ key = key + 1;
+ });
+
+ term schedForm =
+
+ `VBox(
+ `Label( _("Schedule Reports") ),
+ `VSpacing(2),
+ `HBox(
+ `VSpacing(10),
+ `Table(`id(`table), `opt(`notify), `header(_("Report Name"),
+ _("Day of Month"), _("Day of Week"), _("Hour"), _("Mins")), itemList)
+ ),
+ `VSpacing(0.5),
+ `HBox(
+ `PushButton(`id(`viewrep), _("View Archive") ),
+ `PushButton(`id(`runrep), _("Run Now") )
+ ),
+ `HBox(
+ `PushButton(`id(`add), Label::AddButton() ),
+ `PushButton(`id(`edit), Label::EditButton() ),
+ `PushButton(`id(`delete), Label::DeleteButton() )
+ )
+ );
+
+ Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm,
+ mainHelp, Label::BackButton(), Label::NextButton() );
+
+ return;
+}
+
+define symbol displaySchedForm() {
+
+// START - Move to separate Routine - START
+
+ map<string,string> Settings = $[ ];
+ string readSched = "1";
+ Settings["getcron"] = "1";
+ Settings["readSched"] = "1";
+ Settings["type"] = "schedRep";
+
+ list<term> itemList = [];
+ integer key = 1;
+
+ list <map> db = (list <map>) SCR::Read (.reports_sched, Settings);
+
+ foreach ( map record, db, {
+ itemList = add( itemList, `item( `id(key), typeToHumanString( record["name"]:""), record["mday"]:nil, record["wday"]:nil,
+ record["hour"]:nil, record["mins"]:nil ));
+ key = key + 1;
+ });
+
+ term schedForm =
+
+ `Frame( `id(`dosched), _("Schedule Reports"),
+ `VBox(
+ `VSpacing(2),
+ `HBox(
+ `VSpacing(10),
+ `Table(`id(`table), `opt(`notify), `header(_("Report Name"),
+ _("Day of Month"), _("Day of Week"), _("Hour"), _("Mins")),
+ itemList)
+ ),
+ `VSpacing(0.5),
+ `HBox(
+ `PushButton(`id(`viewrep), _("View Archive") ),
+ `PushButton(`id(`runrep), _("Run Now") )
+ ),
+ `HBox(
+ `PushButton(`id(`add), Label::AddButton() ),
+ `PushButton(`id(`edit), Label::EditButton() ),
+ `PushButton(`id(`delete), Label::DeleteButton() )
+ ))
+ );
+
+ Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm,
+ mainHelp, Label::BackButton(), _("&Done") );
+
+ // Double-click tracking
+ integer newRecord = nil;
+ integer lastRecord = nil;
+
+ map event = $[];
+ any id = nil;
+ while( true ) {
+
+ event = UI::WaitForEvent( timeout_millisec );
+
+ id = event["ID"]:nil; // We'll need this often - cache it
+
+ if ( id == `schedrep ) {
+
+ break;
+
+ } else if ( id == `abort || id == `cancel || id == `done ) {
+ break;
+ } else if ( id == `back ) {
+ break;
+ } else if ( id == `runrep || id == `viewrep ) {
+ break;
+ } else if ( id == `next ) {
+ id = `done;
+ break;
+ } else if ( id == `add ) {
+ addSchedForm();
+ Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm, mainHelp, Label::BackButton(), Label::NextButton() );
+ updateSched();
+ continue;
+
+ } else if ( id == `edit ) {
+ editSchedForm();
+ updateSched();
+ continue;
+
+ } else if ( id == `delete ) {
+
+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
+ string repName = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""));
+
+ if ( repName == "Executive.Security.Summary" || repName == "Applications.Audit" || repName == "Security.Incident.Report" ) {
+ Popup::Error( _("Cannot delete a stock report.") );
+ } else {
+
+ delSchedForm();
+ updateSched();
+ }
+
+ continue;
+
+ } else if ( id == `table ) {
+
+ newRecord = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
+
+ if ( newRecord == lastRecord ) {
+ //editSchedForm();
+ //updateSched();
+ id = `runrep;
+ break;
+ newRecord = 0;
+ }
+
+ lastRecord = newRecord;
+
+ } else {
+ y2error("Unexpected return code: %1", id);
+ continue;
+ }
+ }
+
+ return (symbol) id;
+}
+
+
+}
+
+
--- /dev/null
+++ b/src/include/apparmor/reporting_utils.ycp
@@ -0,0 +1,609 @@
+/* ------------------------------------------------------------------
+*
+* Copyright (C) 2002-2005 Novell/SUSE
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of version 2 of the GNU General Public
+* License published by the Free Software Foundation.
+*
+ ------------------------------------------------------------------*/
+{
+
+import "Wizard";
+import "Popup";
+import "Label";
+include "subdomain/report_helptext.ycp";
+textdomain "yast2-apparmor";
+
+define boolean checkEventDb() {
+
+ boolean dbActivated = false;
+ map<string,string> args = $[];
+ args["checkDb"] = "1";
+
+ any dbCheck = (any) SCR::Read( .reports_parse, args);
+ integer dbOn = tointeger(dbCheck);
+
+ if ( dbOn == 1 ) {
+ dbActivated = true;
+ }
+
+ return dbActivated;
+}
+
+define boolean findDupe(string name) {
+
+ boolean unique = false;
+ map<string,string> args = $[ ];
+ args["name"] = name;
+ args["getdupe"] = "1";
+ any aDupe = (any) SCR::Read (.reports_sched, args );
+
+ if ( aDupe == "" || aDupe == nil ) {
+ unique = true; // bad, but try for a non-breaking failure
+ } else if ( aDupe == 1 ) {
+ unique = false;
+ } else {
+ unique = true;
+ }
+
+ return unique;
+}
+
+define string unI18n(string weekday) {
+
+ if ( weekday == _("Mon") ) { weekday = "Mon"; }
+ if ( weekday == _("Tue") ) { weekday = "Tue"; }
+ if ( weekday == _("Wed") ) { weekday = "Wed"; }
+ if ( weekday == _("Thu") ) { weekday = "Thu"; }
+ if ( weekday == _("Fri") ) { weekday = "Fri"; }
+ if ( weekday == _("Sat") ) { weekday = "Sat"; }
+ if ( weekday == _("Sun") ) { weekday = "Sun"; }
+
+ return weekday;
+}
+
+/* Possible 'type's for getLastPage() && getLastSirPage()
+ - displayArchForm(): type = sirRep || audRep || essRep
+ - displayRunForm(): type = sir || aud || ess
+*/
+
+// Return last page number of post-filtered report
+define integer getLastPage(string type, map Settings, string name) {
+
+ if ( type == "sir" || type == "sirRep" ) {
+ if ( name != nil && name != "" ) {
+ Settings["name"] = name;
+ } else {
+ y2error(_("No name provided for retrieving SIR report page count."));
+ return 1; // return a page count of 1
+ }
+ }
+
+ Settings["type"] = type;
+ Settings["getLastPage"] = "1";
+ map<any,any> page = $[];
+ page = (map) SCR::Read (.reports_parse, Settings);
+ integer lastPage = page["numPages"]:1;
+
+ return lastPage;
+}
+
+define boolean CheckDate( integer day, integer month, integer year ) ``{
+
+ list mdays = [ 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 ];
+ boolean ret = true;
+
+ if (year == nil || month == nil || day == nil)
+ return false;
+
+ ret = ret && month>=1 && month<=12;
+
+ if( year%4==0 && (year%100!=0 || year%400==0)) {
+ mdays[1] = 29;
+ }
+
+ ret = ret && day>=1 && day<=mdays[month-1]:0;
+ ret = ret && year>=1970 && year<2032;
+ return( ret );
+
+}
+
+// Make the table for displaying report data
+define term makeSirTable (list reportList) {
+ term myTable =
+ `Table(`id(`table), `opt(`keepSorting, `immediate ), `header(_("Host"),
+ _("Date"), _("Program"), _("Profile"), _("PID"), _("Severity"),
+ _("Mode Request"), _("Mode Deny"), _("Detail"), _("Event Type"),
+ _("Operation"), _("Attribute"), _("Additional Name"), _("Net Family"),
+ _("Net Protocol"), _("Net Socket Type")), reportList
+ );
+ return myTable;
+}
+
+define integer popUpGoto(integer lastPage) {
+
+ UI::OpenDialog(
+ `VBox(
+ `HBox(
+ `TextEntry(`id(`gotoPage), _("Enter a Page to Move to."), "")
+ ),
+ `HBox(
+ `PushButton(`id(`abort), `opt(`notify), Label::AbortButton() ),
+ `PushButton(`id(`save), `opt(`notify), Label::SaveButton() )
+ )
+ )
+ );
+
+ map event = $[];
+ any id = nil;
+ integer igoto = nil;
+
+ while( true ) {
+
+ event = UI::WaitForEvent();
+ id = event["ID"]:nil;
+
+ if ( id == `abort || id == `close || id == `cancel ) {
+
+ break;
+
+ } else if ( id == `save ) {
+
+ any agoto = UI::QueryWidget(`id(`gotoPage), `Value);
+ igoto = tointeger(agoto);
+
+ if ( igoto == nil || igoto < 1 || igoto > lastPage ) {
+
+ Popup::Message("You must enter a value between 1 and " + lastPage + ".");
+
+ } else {
+
+ break;
+
+ }
+ }
+ }
+
+ UI::CloseDialog();
+
+ return igoto;
+}
+
+define string getSortId(string type, any sortId) {
+
+ string sortKey = "";
+
+
+ if ( type == "aud" || type == "audRep") {
+
+ if ( sortId == 0 ) {
+ sortKey = "prog";
+ } else if ( sortId == 1 ) {
+ sortKey = "profile";
+ } else if ( sortId == 2 ) {
+ sortKey = "pid";
+ } else if ( sortId == 3 ) {
+ sortKey = "state";
+ } else if ( sortId == 4 ) {
+ sortKey = "type";
+ }
+
+ } else if (type == "ess" || type == "essRep" ) {
+
+ if ( sortId == 0 ) {
+ sortKey = "host";
+ } else if ( sortId == 1 ) {
+ //sortKey = "date";
+ sortKey = "numRejects";
+ } else if ( sortId == 2 ) {
+ sortKey = "numEvents";
+ } else if ( sortId == 3 ) {
+ sortKey = "sevMean";
+ } else if ( sortId == 4 ) {
+ sortKey = "sevHi";
+ }
+
+ } else {
+
+ if ( sortId == 0 ) {
+ sortKey = "host";
+ } else if ( sortId == 1 ) {
+ //sortKey = "date";
+ sortKey = "time";
+ } else if ( sortId == 2 ) {
+ sortKey = "prog";
+ } else if ( sortId == 3 ) {
+ sortKey = "profile";
+ } else if ( sortId == 4 ) {
+ sortKey = "pid";
+ } else if ( sortId == 5 ) {
+ sortKey = "resource";
+ } else if ( sortId == 6 ) {
+ sortKey = "severity";
+ } else if ( sortId == 7 ) {
+ sortKey = "sdmode";
+ } else if ( sortId == 8 ) {
+ sortKey = "mode";
+ }
+
+ }
+
+ return sortKey;
+}
+
+// Get the name of the filter (header column) to sort by
+define string popUpSort(string type) {
+
+ term btnList = nil;
+
+ if ( type == "aud" || type == "audRep") {
+ btnList =
+ `VBox(
+ `Left(`RadioButton(`id(0), _("Program") )),
+ `Left(`RadioButton(`id(1), _("Profile") )),
+ `Left(`RadioButton(`id(2), _("PID") )),
+ `Left(`RadioButton(`id(3), _("State") )),
+ `Left(`RadioButton(`id(4), _("Type") ))
+ );
+
+ } else if (type == "ess" || type == "essRep" ) {
+ btnList =
+ `VBox(
+ `Left(`RadioButton(`id(0), _("Host") )),
+ `Left(`RadioButton(`id(1), _("Num. Rejects") )),
+ `Left(`RadioButton(`id(2), _("Num. Events") )),
+ `Left(`RadioButton(`id(3), _("Ave. Sev") )),
+ `Left(`RadioButton(`id(4), _("High Sev") ))
+ );
+ } else {
+
+ btnList =
+ `VBox(
+ // Sorting by host is no longer meaningful (due to sql changes)
+ //`Left(`RadioButton(`id(0), _("Host") )),
+ `Left(`RadioButton(`id(1), _("Date") )),
+ `Left(`RadioButton(`id(2), _("Program") )),
+ `Left(`RadioButton(`id(3), _("Profile") )),
+ `Left(`RadioButton(`id(4), _("PID") )),
+ `Left(`RadioButton(`id(5), _("Detail") )),
+ `Left(`RadioButton(`id(6), _("Severity") )),
+ `Left(`RadioButton(`id(7), _("Access Type") )),
+ `Left(`RadioButton(`id(8), _("Mode") ))
+ );
+ }
+
+ UI::OpenDialog(
+ `VBox(
+ `HBox(
+ //`HSpacing( `opt(`vstretch), 0.5),
+ `RadioButtonGroup(`id(`sortKey),
+ btnList
+ )
+ ),
+ `HBox(
+ `PushButton(`id(`abort), Label::AbortButton() ),
+ `PushButton(`id(`save), Label::SaveButton() )
+ )
+ )
+ );
+
+ map event = $[];
+ any id = nil;
+ string sortKey = nil;
+
+ while( true ) {
+
+ event = UI::WaitForEvent();
+ id = event["ID"]:nil; // We'll need this often - cache it
+
+ if ( id == `abort || id == `cancel || id == `close) {
+
+ break;
+
+ } else if (id == `save ) {
+
+ any sortId = UI::QueryWidget(`id(`sortKey), `CurrentButton);
+
+ /* sortKey needs to match the hash reference names in parseEventLog()
+ && sortRecords() in Immunix::Reports.pm */
+
+ sortKey = getSortId(type,sortId);
+ break;
+
+ }
+ }
+
+ UI::CloseDialog();
+
+ return sortKey;
+
+}
+
+// Mode
+define string popUpMode() {
+
+ string checkMode = (string) UI::QueryWidget(`id(`mode), `Label);
+ list splitMode = splitstring (checkMode, " ");
+ string myMode = splitMode[size(splitMode)-1]:"All";
+
+ UI::OpenDialog(
+ `VBox(
+ `HBox(
+ `CheckBox(`id(`clear), `opt(`notify, `immediate ), _("All"), true),
+ `CheckBox(`id(`read), `opt(`notify, `immediate ), _("Read"), false),
+ `CheckBox(`id(`write), `opt(`notify, `immediate ), _("Write"), false),
+ `CheckBox(`id(`link), `opt(`notify, `immediate ), _("Link"), false),
+ `CheckBox(`id(`exec), `opt(`notify, `immediate ), _("Execute"), false),
+ `CheckBox(`id(`mmap), `opt(`notify, `immediate ), _("MMap"), false)
+ ),
+ `HBox(
+ `PushButton(`id(`cancel), Label::CancelButton() ),
+ `PushButton(`id(`save), Label::SaveButton() )
+ )
+ )
+ );
+
+ integer isall = search( myMode, "All");
+ if ( isall != nil && isall >= 0 ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ UI::ChangeWidget(`id(`read), `Value, true);
+ UI::ChangeWidget(`id(`write), `Value, true);
+ UI::ChangeWidget(`id(`link), `Value, true);
+ UI::ChangeWidget(`id(`exec), `Value, true);
+ UI::ChangeWidget(`id(`mmap), `Value, true);
+ } else {
+ if ( search( myMode, "r") != nil ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ UI::ChangeWidget(`id(`read), `Value, true);
+ }
+ if ( search( myMode, "w") != nil ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ UI::ChangeWidget(`id(`write), `Value, true);
+ }
+ if ( search( myMode, "l") != nil ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ UI::ChangeWidget(`id(`link), `Value, true);
+ }
+ if ( search( myMode, "x") != nil ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ UI::ChangeWidget(`id(`exec), `Value, true);
+ }
+ if ( search( myMode, "m") != nil ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ UI::ChangeWidget(`id(`mmap), `Value, true);
+ }
+ }
+
+ string mode = "";
+ map event = $[];
+ any id = nil;
+
+ while( true ) {
+
+ event = UI::WaitForEvent();
+ id = event["ID"]:nil; // We'll need this often - cache it
+
+ if ( id == `clear) {
+
+ if ( UI::QueryWidget(`id(`clear), `Value) == true ) {
+ UI::ChangeWidget(`id(`read), `Value, false);
+ UI::ChangeWidget(`id(`write), `Value, false);
+ UI::ChangeWidget(`id(`link), `Value, false);
+ UI::ChangeWidget(`id(`exec), `Value, false);
+ UI::ChangeWidget(`id(`mmap), `Value, false);
+ mode = "All";
+ }
+
+ } else if ( id == `read || id == `write || id == `link || id == `exec || id == `mmap ) {
+
+ if ( UI::QueryWidget(`id(`read), `Value) == true ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ } else if ( UI::QueryWidget(`id(`write), `Value) == true ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ } else if ( UI::QueryWidget(`id(`link), `Value) == true ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ } else if ( UI::QueryWidget(`id(`exec), `Value) == true ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ } else if ( UI::QueryWidget(`id(`mmap), `Value) == true ) {
+ UI::ChangeWidget(`id(`link), `Value, false);
+ }
+
+ } else if ( id == `abort || id == `cancel || id == `close) {
+ mode = myMode;
+ break;
+ } else if ( id == `save ) {
+
+ if ( UI::QueryWidget(`id(`clear), `Value) == true ) {
+ mode = "All";
+ } else {
+ list<string> sdList = [];
+ if ( UI::QueryWidget(`id(`read), `Value) == true ) { sdList = add(sdList, "r"); }
+ if ( UI::QueryWidget(`id(`write), `Value) == true ) { sdList = add(sdList, "w"); }
+ if ( UI::QueryWidget(`id(`link), `Value) == true ) { sdList = add(sdList, "l"); }
+ if ( UI::QueryWidget(`id(`exec), `Value) == true ) { sdList = add(sdList, "x"); }
+ if ( UI::QueryWidget(`id(`mmap), `Value) == true ) { sdList = add(sdList, "m"); }
+
+ foreach ( string perm, sdList, { mode = mode + perm; });
+ }
+
+ break;
+ }
+ }
+
+ UI::CloseDialog();
+ return mode;
+}
+
+// Access Type - SD Mode
+define string popUpSdMode() {
+
+ string checkMode = (string) UI::QueryWidget(`id(`sdmode), `Label);
+ checkMode = filterchars(checkMode, "APRl");
+ list splitMode = splitstring (checkMode, " ");
+ string mySdMode = splitMode[size(splitMode)-1]:"R";
+
+ UI::OpenDialog(
+ `VBox(
+ `HBox(
+ `CheckBox(`id(`clear), `opt(`notify, `immediate ), _("All"), false),
+ `CheckBox(`id(`permit), `opt(`notify, `immediate ), _("Permit"), false),
+ `CheckBox(`id(`reject),`opt(`notify, `immediate ), _("Reject"), false),
+ `CheckBox(`id(`audit),`opt(`notify, `immediate ), _("Audit"), false)
+ ),
+ `HBox(
+ `PushButton(`id(`cancel), `opt(`notify), Label::CancelButton() ),
+ `PushButton(`id(`save), `opt(`notify), Label::SaveButton() )
+ )
+ )
+ );
+
+ if ( mySdMode == "P") {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ UI::ChangeWidget(`id(`permit), `Value, true);
+
+ } else if ( mySdMode == "R") {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ UI::ChangeWidget(`id(`reject), `Value, true);
+
+ } else if ( mySdMode == "A") {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ UI::ChangeWidget(`id(`audit), `Value, true);
+
+ } else if ( mySdMode == "PR" ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ UI::ChangeWidget(`id(`permit), `Value, true);
+ UI::ChangeWidget(`id(`reject), `Value, true);
+
+ } else if (mySdMode == "PA" ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ UI::ChangeWidget(`id(`permit), `Value, true);
+ UI::ChangeWidget(`id(`audit), `Value, true);
+
+ } else if (mySdMode == "PRA" ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ UI::ChangeWidget(`id(`permit), `Value, true);
+ UI::ChangeWidget(`id(`reject), `Value, true);
+ UI::ChangeWidget(`id(`audit), `Value, true);
+
+ } else if (mySdMode == "RA" ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ UI::ChangeWidget(`id(`reject), `Value, true);
+ UI::ChangeWidget(`id(`audit), `Value, true);
+ } else if ( mySdMode == "All" ) {
+ UI::ChangeWidget(`id(`clear), `Value, true);
+ UI::ChangeWidget(`id(`permit), `Value, false);
+ UI::ChangeWidget(`id(`reject), `Value, false);
+ UI::ChangeWidget(`id(`audit), `Value, false);
+ }
+
+ string sdMode = "";
+ map event = $[];
+ any id = nil;
+
+ while( true ) {
+
+ event = UI::WaitForEvent();
+ id = event["ID"]:nil;
+
+ if ( id == `clear) {
+
+ if ( UI::QueryWidget(`id(`clear), `Value) == true ) {
+ UI::ChangeWidget(`id(`permit), `Value, false);
+ UI::ChangeWidget(`id(`reject), `Value, false);
+ UI::ChangeWidget(`id(`audit), `Value, false);
+ sdMode = "All";
+ }
+
+ } else if ( id == `permit || id == `reject || id == `audit ) {
+
+ if ( UI::QueryWidget(`id(`permit), `Value) == true ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ } else if ( UI::QueryWidget(`id(`reject), `Value) == true ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ } else if ( UI::QueryWidget(`id(`audit), `Value) == true ) {
+ UI::ChangeWidget(`id(`clear), `Value, false);
+ }
+
+ } else if ( id == `cancel ) {
+
+ sdMode = mySdMode;
+ break;
+
+ } else if ( id == `save ) {
+
+ if ( UI::QueryWidget(`id(`clear), `Value) == true ) {
+ sdMode = "All";
+ } else {
+ sdMode = "";
+ list<string> mList = [];
+ if ( UI::QueryWidget(`id(`permit), `Value) == true ) { mList = add(mList, "P"); }
+ if ( UI::QueryWidget(`id(`reject), `Value) == true ) { mList = add(mList, "R"); }
+ if ( UI::QueryWidget(`id(`audit), `Value) == true ) { mList = add(mList, "A"); }
+
+ foreach ( string state, mList, { sdMode = sdMode + state; });
+ }
+
+ break;
+ }
+
+ }
+
+ UI::CloseDialog();
+ return sdMode;
+}
+
+/* For On Demand Reports
+ - Returns list of terms corresponding to the type of report
+***********************************************************************/
+define list<term> getReportList(string type, map Settings) {
+
+ list<term> reportList = [];
+
+ if ( type == "aud" ) {
+
+ list <map> db = (list <map>) SCR::Read (.reports_confined, Settings);
+ integer key = 1;
+
+ foreach ( map repdata, db, {
+ reportList = add( reportList, `item( `id(key), repdata["host"]:nil, repdata["date"]:nil,
+ repdata["prog"]:nil, repdata["prof"]:nil, repdata["pid"]:nil, repdata["state"]:nil,
+ repdata["type"]:nil ));
+ key = key + 1;
+ });
+
+ } else if ( type == "ess" ) {
+
+ list <map> db = (list <map>) SCR::Read (.reports_ess, Settings);
+ integer key = 1;
+
+ foreach ( map repdata, db, {
+ reportList = add( reportList, `item( `id(key), repdata["host"]:nil,
+ repdata["startdate"]:nil, repdata["enddate"]:nil, repdata["numRejects"]:nil,
+ repdata["numEvents"]:nil, repdata["sevMean"]:nil, repdata["sevHi"]:nil ));
+ key = key + 1;
+ });
+
+ } else {
+
+ list <map> db = (list <map>) SCR::Read (.logparse, Settings);
+ integer key = 0;
+
+ foreach ( map record, db, {
+ reportList = add( reportList, `item( `id(key),
+ record["host"]:nil, record["date"]:nil, record["prog"]:nil,
+ record["profile"]:nil, record["pid"]:nil, record["severity"]:nil,
+ record["mode_req"]:nil, record["mode_deny"]:nil,
+ record["resource"]:nil, record["sdmode"]:nil, record["op"]:nil,
+ record["attr"]:nil, record["name_alt"]:nil, record["net_family"]:nil,
+ record["net_proto"]:nil, record["net_socktype"]:nil
+ ));
+ key = key + 1;
+ });
+
+ }
+
+ return reportList;
+}
+
+}
--- a/src/include/subdomain/Makefile.am
+++ /dev/null
@@ -1,19 +0,0 @@
-yncludedir = @yncludedir@/subdomain
-
-ynclude_DATA = \
- apparmor_packages.ycp \
- apparmor_profile_check.ycp \
- apparmor_ycp_utils.ycp \
- capabilities.ycp \
- config_complain.ycp \
- helps.ycp \
- profile_dialogs.ycp \
- report_helptext.ycp \
- reporting_archived_dialogs.ycp \
- reporting_dialogues.ycp \
- reporting_utils.ycp \
- sd-config.ycp
-
-EXTRA_DIST = \
- $(ynclude_DATA)
-
--- a/src/include/subdomain/apparmor_packages.ycp
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- Copyright (C) 2006 Novell Inc. All Rights Reserved.
-
- This program is free software; you can redistribute it and/or
- modify it under the terms of version 2 of the GNU General Public
- License published by the Free Software Foundation.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, contact Novell, Inc.
-
- Written by Steve Beattie <sbeattie@suse.de>
- */
-
- /* This should probably be more intelligent and query the user once
- * whether they want optional packages like apparmor-docs, libapparmor,
- * apache2-mod-apparmor and * (eventually) pam-apparmor installed. */
-
-import "PackageSystem";
-
-list<string> __needed_packages =
- ["apparmor-parser", "apparmor-utils", "apparmor-profiles"];
-
-define boolean installAppArmorPackages () {
- return PackageSystem::CheckAndInstallPackagesInteractive (__needed_packages);
-}
--- a/src/include/subdomain/apparmor_profile_check.ycp
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- Copyright (C) 2006 Novell Inc. All Rights Reserved.
-
- This program is free software; you can redistribute it and/or
- modify it under the terms of version 2 of the GNU General Public
- License published by the Free Software Foundation.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, contact Novell, Inc.
-
- */
-
-
-import "Popup";
-textdomain "yast2-apparmor";
-
-define boolean checkProfileSyntax () {
- map <string,string> args = $[];
- string errmsg = "<ul>";
- boolean syntax_ok = true;
-
- args["profile-syntax-check"] = "1";
- list <string> errors = (list <string>) SCR::Execute (.subdomain, "profile-syntax-check" );
- foreach ( string error, errors, ``{
- syntax_ok = false;
- errmsg = errmsg + "<li>" + error + "</li>";
- });
- errmsg = errmsg + "</ul>";
- if ( syntax_ok == false ) {
- string headline = _("Errors found in AppArmor profiles");
- errmsg = _("<p>These problems must be corrected before AppArmor can be \
-started or the profile management tools can be used.</p> ")
- + "<p>" + errmsg + "</p>"
- + _("<p>You can find a description of AppArmor profile syntax by \
-running ")
- + "<code>man apparmor.d</code></p>"
- + _("<p>Comprehensive documentation about AppArmor is available in \
-the Administration guide. This is available in the \
-directory: ")
- + "</p>"
- + "<code>/usr/share/doc/manual/suselinux-manual_LANGUAGE</code>. "
- + _("<p>Please refer to this for more detailed information about \
-AppArmor</p>");
- Popup::LongText( headline, `RichText(errmsg), 55, 15);
- }
- return( syntax_ok );
-}
--- a/src/include/subdomain/apparmor_ycp_utils.ycp
+++ /dev/null
@@ -1,679 +0,0 @@
-
-/*
- Copyright (C) 2007 Novell Inc. All Rights Reserved.
-
- This program is free software; you can redistribute it and/or
- modify it under the terms of version 2 of the GNU General Public
- License published by the Free Software Foundation.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, contact Novell, Inc.
-
- */
-
-
-import "Label";
-import "Popup";
-import "AppArmorDialogs";
-textdomain "yast2-apparmor";
-
- map CMDS = $[ ];
- CMDS["CMD_ALLOW"] = _("&Allow");
- CMDS["CMD_DENY"] = _("&Deny");
- CMDS["CMD_ABORT"] = _("Abo&rt");
- CMDS["CMD_FINISHED"] = Label::FinishButton();
- CMDS["CMD_AUDIT_NEW"] = _("Audi&t");
- CMDS["CMD_AUDIT_OFF"] = _("Audi&t off");
- CMDS["CMD_AUDIT_FULL"] = _("Audit &All");
- CMDS["CMD_OTHER"] = _("&Opts");
- CMDS["CMD_USER_ON"] = _("&Owner permissions on");
- CMDS["CMD_USER_OFF"] = _("&Owner permissions off");
- CMDS["CMD_ix"] = _("&Inherit");
- CMDS["CMD_px"] = _("&Profile");
- CMDS["CMD_px_safe"] = _("&Profile Clean Exec");
- CMDS["CMD_cx"] = _("&Child");
- CMDS["CMD_cx_safe"] = _("&Child Clean Exec");
- CMDS["CMD_nx"] = _("&Name");
- CMDS["CMD_nx_safe"] = _("&Named Clean Exec");
- CMDS["CMD_ux"] = _("&Unconfined");
- CMDS["CMD_ux_safe"] = _("&Unconfined Clean Exec");
- CMDS["CMD_pix"] = _("&Profile ix");
- CMDS["CMD_pix_safe"] = _("&Profile ix Clean Exec");
- CMDS["CMD_cix"] = _("&Child ix");
- CMDS["CMD_cix_safe"] = _("&Child ix Cx Clean Exec");
- CMDS["CMD_nix"] = _("&Name ix");
- CMDS["CMD_nix_safe"] = _("&Name ix");
- CMDS["CMD_EXEC_IX_ON"] = _("i&x fallback on");
- CMDS["CMD_EXEC_IX_OFF"] = _("i&x fallback off");
- CMDS["CMD_CONTINUE"] = _("&Continue Profiling");
- CMDS["CMD_INHERIT"] = _("&Inherit");
- CMDS["CMD_PROFILE"] = _("&Profile");
- CMDS["CMD_UNCONFINED"] = _("&Unconfined");
- CMDS["CMD_NEW"] = _("&Edit");
- CMDS["CMD_GLOB"] = _("&Glob");
- CMDS["CMD_GLOBEXT"] = _("Glob w/E&xt");
- CMDS["CMD_ADDHAT"] = _("&Add Requested Hat");
- CMDS["CMD_USEDEFAULT"] = _("&Use Default Hat");
- CMDS["CMD_SCAN"] = _("&Scan system log for AppArmor events");
- CMDS["CMD_VIEW_PROFILE"] = _("&View Profile");
- CMDS["CMD_USE_PROFILE"] = _("&Use Profile");
- CMDS["CMD_CREATE_PROFILE"] = _("&Create New Profile");
- CMDS["CMD_UPDATE_PROFILE"] = _("&Update Profile");
- CMDS["CMD_IGNORE_UPDATE"] = _("&Ignore Update");
- CMDS["CMD_SAVE_CHANGES"] = _("&Save Changes");
- CMDS["CMD_UPLOAD_CHANGES"] = _("&Upload Changes");
- CMDS["CMD_VIEW_CHANGES"] = _("&View Changes");
- CMDS["CMD_ENABLE_REPO"] = _("&Enable Repository");
- CMDS["CMD_DISABLE_REPO"] = _("&Disable Repository");
- CMDS["CMD_ASK_NEVER"] = _("&Never Ask Again");
- CMDS["CMD_ASK_LATER"] = _("Ask Me &Later");
- CMDS["CMD_YES"] = Label::YesButton();
- CMDS["CMD_NO"] = Label::NoButton();
-
-
-define boolean validEmailAddress ( string emailAddr, boolean allowlocal ) {
-
- integer emailAddrLength = size(emailAddr);
- boolean isSafe = false;
-
- if ( allowlocal && regexpmatch( emailAddr, "^\/var\/mail\/\\w+$" )) {
- isSafe = true;
- } else if ((regexpmatch( emailAddr, "\\w+(-\\w+?)@\\w+" ) ||
- regexpmatch( emailAddr, "/^(\\w+\.?)+\\w+\@(\\w+\.?)+\\w+$" ) ||
- regexpmatch( emailAddr, "\\w+@\\w+" ) ||
- !regexpmatch( emailAddr, "..+" )) &&
- emailAddrLength < 129 ) {
- isSafe = true;
- }
- return isSafe;
-}
-
-define boolean checkEmailAddress( string emailAddr ) {
-
- if ( ! validEmailAddress( emailAddr, false ) ) {
- string err_email_format = _("Email address format invalid.\nEmail address must be less than 129 characters \n and of the format \"name@domain\". \n Please enter another address.");
- Popup::Error( err_email_format );
- return false;
- }
- return true;
-}
-
-
-/** UI_RepositorySignInDialog
- * Dialog to allow users to signin or register with an external AppArmor
- * profile repository
- *
- * @param agent_data - data from the backend
- * [ repo_url - string ]
- * @return answers - map that contains:
- * [ newuser => 1|0 - registering a new user? ]
- * [ user => username ]
- * [ pass => password ]
- * [ email => email address - if newuser = 1 ]
- * [ save_config => true/false - save this information on ]
- * [ the system ]
- *
- **/
-define map<string,string> UI_RepositorySignInDialog( map<any,any> agent_data ) {
- string repo_url = (string) agent_data["repo_url"]:"MISSING_REPO_URL";
- term dialog =
- `VBox(
- `VSpacing(1),
- `Top(`Label(_("AppArmor Profile Repository Setup") + "\n" + repo_url)),
- `VBox(
- `ReplacePoint(`id(`replace), `Empty())
- ),
- `VSpacing(1)
- );
-
- term signin_box =
- `VBox(
- `HBox(
- `HSpacing(1),
- `Frame(`id(`signin_frame), _("Sign in to the repository"),
- `HBox(
- `HSpacing(0.5),
- `VBox(
- `TextEntry(`id(`username), _("Username")),
- `Password(`id(`password), Label::Password()),
- `VSpacing(1),
- `HBox(
- `CheckBox(`id(`save_conf), `opt(`notify),
- _("S&ave configuration")),
- `HSpacing( 0.5),
- `Left(`PushButton(`id(`signin_submit),
- _("&Sign in"))),
- `Right(`PushButton(`id(`signin_cancel),
- Label::CancelButton())),
- `HSpacing( 0.5)
- )
- ),
- `HSpacing(0.5)
- )
- ),
- `HSpacing(1)
- ),
- `VSpacing(1),
- `PushButton(`id(`newuser), _("&Register new user..."))
- );
-
- term registration_box =
- `VBox(
- `HBox(
- `HSpacing(1),
- `Frame(`id(`register_frame), _("Register New User"),
- `HBox(
- `HSpacing(0.5),
- `VBox(
- `TextEntry(`id(`register_username),
- _("Enter Username")),
- `TextEntry(`id(`register_email),
- _("Enter Email Address")),
- `Password(`id(`register_password),
- _("Enter Password")),
- `Password(`id(`register_password2),
- _("Verify Password")),
- `VSpacing(1),
- `HBox(
- `HSpacing( 0.2),
- `CheckBox(`id(`save_conf_new), `opt(`notify),
- _("S&ave configuration")),
- `Left(`PushButton(`id(`register_submit),
- _("&Register"))),
- `Right(`PushButton(`id(`register_cancel),
- Label::CancelButton())),
- `HSpacing( 0.2)
- )
- ),
- `HSpacing( 0.5)
- )
- ),
- `HSpacing(1)
- ),
- `VSpacing(1),
- `PushButton(`id(`signin), _("&Sign in as existing user..."))
- );
-
- UI::OpenDialog(`opt(`decorated), dialog);
- UI::ReplaceWidget(`replace, signin_box);
- map<string,string> answers = $[ ];
- any input = nil;
- repeat {
- input = UI::UserInput();
- if(input == `newreg) {
- boolean new_registration =
- (boolean) UI::QueryWidget(`id(`newreg), `Value);
- if ( new_registration == true ) {
- UI::ChangeWidget(`id(`register_frame), `Enabled, true);
- UI::ChangeWidget(`id(`signin_frame), `Enabled, false);
- } else {
- UI::ChangeWidget(`id(`register_frame), `Enabled, false);
- UI::ChangeWidget(`id(`signin_frame), `Enabled, true);
- }
- } else if(input == `newuser) {
- UI::ReplaceWidget(`replace, registration_box);
- UI::ChangeWidget(`id(`register_email), `InputMaxLength, 129);
- } else if(input == `signin) {
- UI::ReplaceWidget(`replace, signin_box);
- UI::ChangeWidget(`id(`register_email), `InputMaxLength, 129);
- } else if(input == `signin_cancel || input == `register_cancel) {
- answers["answer"] = "cancel";
- } else if ( input == `signin_submit ) {
- string username = (string) UI::QueryWidget(`id(`username), `Value);
- string password = (string) UI::QueryWidget(`id(`password), `Value);
- string save_config =
- (boolean) UI::QueryWidget(`id(`save_conf), `Value) ? "y": "n";
-
- if ( username == "" ) {
- Popup::Error(_("Username is required"));
- } else if ( password == "" ) {
- Popup::Error(_("Password is required"));
- } else {
- y2milestone("APPARMOR : REPO - signon: \n\tusername [" +
- username +
- "]\n\tpassword [" +
- password + "]");
- answers["newuser"] = "n";
- answers["user"] = username;
- answers["pass"] = password;
- answers["save_config"] = save_config;
- input = `done;
- }
- } else if ( input == `register_submit ) {
- string username =
- (string) UI::QueryWidget( `id(`register_username), `Value);
- string password =
- (string) UI::QueryWidget( `id(`register_password), `Value);
- string password_verify =
- (string) UI::QueryWidget( `id(`register_password2), `Value);
- string email = (string) UI::QueryWidget( `id(`register_email),
- `Value );
- string save_config =
- (boolean) UI::QueryWidget( `id(`save_conf_new), `Value )
- ? "y": "n";
-
- if ( username == "" ) {
- Popup::Error( _("Username required for registration." ));
- } else if ( email == "" ) {
- Popup::Error( _("Email address required for registration." ));
- } else if ( password == "" && password_verify == "" ) {
- Popup::Error( _("Password is required for registration." ));
- } else if ( password != password_verify ) {
- Popup::Error( _("Passwords do not match. Please re-enter." ));
- } else if ( ! checkEmailAddress( email ) ) {
- any dummy = nil;
- } else {
- y2milestone(
- "APPARMOR : REPO - new registration: \n\tusername [" +
- username + "]\n\tpassword [" + password +
- "]\n\temail [" + email + "]\n\tsave config [" +
- save_config + "]" );
- answers["newuser"] = "y";
- answers["pass"] = password;
- answers["user"] = username;
- answers["email"] = email;
- answers["save_config"] = save_config;
- input = `done;
- }
- } else {
- y2milestone("APPARMOR : REPO - signon - no valid input[" +
- tostring(input) + "]");
- }
- } until ((input == `done) ||
- (input == `register_cancel) ||
- (input == `signin_cancel));
- if ( input != `done ) {
- answers["cancelled"] = "y";
- }
- UI::CloseDialog();
- return( answers );
-}
-
-
-/** UI_RepositoryViewProfile
- * Dialog to allow users to view a profile from the repository
- * and display it in a small scrollable dialog
- *
- * @param agent_data - map data from the backend
- * [ user => string ]
- * [ profile => string contiaining profile contents ]
- * [ profile_type => string INACTIVE_LOCAL|REPOSITORY ]
- *
- * @return void
- *
- **/
-
-define void UI_RepositoryViewProfile( map<any,any> agent_data ) {
-
- string user = agent_data["user"]:"MISSING USER";
- string profile = agent_data["profile"]:"MISSING PROFILE";
- string type = agent_data["profile_type"]:"MISSING PROFILE";
-
- string headline = "";
- if ( type == "INACTIVE_LOCAL" ) {
- headline = _("Local inactive profile");
- } else if ( type == "REPOSITORY" ) {
- headline = _("Profile created by user ") + user;
- } else {
- headline = _("Local profile");
- }
-
-
- Popup::LongText ( headline, `RichText(`opt(`plainText), profile), 50, 20 );
-}
-
-
-/** UI_LongMessage
- * Basic message dialog that will scroll long text
- * @param agent_data - map - data from backend
- * [ headline - string ]
- * [ message - string ]
- *
- * @return void
- **/
-
-define void UI_LongMessage( map<any,any> agent_data ) {
-
- any user = agent_data["user"]:nil;
- string headline = agent_data["headline"]:"MISSING HEADLINE";
- string message = agent_data["message"]:"MISSING MESSAGE";
-
- Popup::LongText(headline,`RichText(`opt(`plainText), message), 60, 40);
-
-}
-
-
-/** UI_ShortMessage
- * Basic message dialog - no scrollbars
- * @param agent_data - map - data from backend
- * [ headline - string ]
- * [ message - string ]
- *
- * @return void
- **/
-
-define void UI_ShortMessage( map<any,any> agent_data ) {
-
- any user = agent_data["user"]:nil;
- string headline = agent_data["headline"]:"MISSING HEADLINE";
- string message = agent_data["message"]:"MISSING MESSAGE";
-
- Popup::AnyMessage(headline, message);
-
-}
-
-/** UI_ChangeLog_Dialog
- * Takes a list of profiles and collects one or multiple changelog entries
- * and returns them
- *
- * @param agent_data - data from the backend
- * [ profiles - list of profile names ]
- *
- * @return results - map
- * [ STATUS - string - ok/cancel ]
- * [ SINGLE_CHANGELOG - string - set with changelog if user ]
- * [ selects a single changelog ]
- *
- * [ profile 1 name - string - changelog 1 ]
- * [ profile 2 name - string - changelog 2 ]
- * ...
- * [ profile n name - string - changelog n ]
- *
- **/
-define map<string,any> UI_ChangeLog_Dialog ( map<any,any> agent_data ) {
- map<string,any> results = $[];
- string main_label = _("Enter a changelog for the changes for ");
- string main_label_single = _(" the selected profiles");
- string checkbox_label = _("Individual changelogs per profile");
- list<string> profiles = agent_data["profiles"]:[];
-
- term dialog = `VBox(
- `TextEntry(`id(`stringfield), main_label + "\n" + main_label_single),
- `CheckBox(`id(`individual_changelogs), `opt(`notify), checkbox_label),
- `VSpacing(0.5),
- `HBox(
- `HWeight(1, `PushButton(`id(`okay),
- `opt(`default,
- `key_F10),
- Label::OKButton())),
- `HSpacing(2),
- `HWeight(1, `PushButton(`id(`cancel), `opt(`key_F9), Label::CancelButton()))
- )
- );
- results["STATUS"] = "ok";
- boolean single_changelog = true;
- foreach( string profile_name, profiles, {
- UI::OpenDialog(dialog);
- if ( !single_changelog ) {
- UI::ChangeWidget(`id(`stringfield),
- `Label,
- main_label + "\n" +
- profile_name);
- UI::ChangeWidget(`id(`individual_changelogs), `Value, true);
- }
- UI::SetFocus(`id(`stringfield));
- any input = nil;
- repeat {
- input = UI::UserInput();
- if ( input == `cancel ) {
- results["STATUS"] = "cancel";
- UI::CloseDialog();
- break;
- } else if ( input == `okay ) {
- if (((boolean) UI::QueryWidget(`id(`individual_changelogs),
- `Value)) == false ) {
- results["SINGLE_CHANGELOG"] =
- (string) UI::QueryWidget(`id(`stringfield), `Value);
- UI::CloseDialog();
- } else {
- results[profile_name] =
- (string) UI::QueryWidget(`id(`stringfield), `Value);
- UI::CloseDialog();
- }
- } else if ( input == `individual_changelogs ){
- if (((boolean) UI::QueryWidget(`id(`individual_changelogs),
- `Value)) == true ) {
- UI::ChangeWidget(`id(`stringfield),
- `Label,
- main_label + "\n"
- + profile_name);
- single_changelog = false;
- } else {
- UI::ChangeWidget(`id(`stringfield),
- `Label,
- main_label + "\n"
- + main_label_single);
- }
- }
- } until ( input == `okay || `input == `cancel );
- if ( single_changelog || input == `cancel ) {
- break;
- }
- });
- return( results );
-}
-
-/** UI_MultiProfileSelectionDialog
- * Two pane dialog with a multi-selection box on the left
- * and a long text on the right. Allows a list of profiles
- * or profile changes to be viewed and selected for further
- * processing - for example uploading to the repository
- *
- * @param agent_data - map - data from backend
- * [ title - string - explanation of the forms use ]
- * [ get_changelog - string true/false - prompt user to ]
- * [ supply changelogs ]
- * [ never_ask_again - string true/false - add widget to let ]
- * [ user select to never prompt again to ]
- * [ upload unselected profiles to the ]
- * [ repository ]
- * [ default_select - string true/false - default value for ]
- * [ profile selection ]
- * [ profiles - map<string,string> ]
- *
- * @return results - map
- * [ STATUS - string - ok/cancel ]
- * [ PROFILES - list[string] - list of selected profiles ]
- * [ NEVER_ASK_AGAIN - string - true/false - mark unselected ]
- * [ profiles as local only and don't prompt ]
- * [ to upload ]
- * [ CHANGELOG - map[string,string] - changelog data from ]
- * [ UI_ChangeLog_Dialog() ]
- *
- **/
-
-define map<any,any> UI_MultiProfileSelectionDialog( map<any,any> agent_data ) {
- string headline = agent_data["title"]:"MISSING TITLE";
- string explanation = agent_data["explanation"]:"MISSING EXPLANATION";
- boolean default_select = agent_data["default_select"]:false;
- boolean get_changelog = agent_data["get_changelog"]:true;
- boolean disable_ask_upload = agent_data["disable_ask_upload"]:false;
- map<any,any> profiles = agent_data["profiles"]:$[];
- map<any,any> results = $[];
-
- list profile_list = [];
- foreach ( string profile_name, string profile_contents,
- (map<string,string>) profiles, {
- profile_list = add( profile_list, `item( `id(profile_name),
- profile_name, default_select) );
- });
-
- term first_profile = (term) profile_list[0]:nil;
- string first_profile_name = first_profile[1]:"MISSING PROFILE NAME";
- string profile_rules =
- (string) profiles[first_profile_name]:"MISSING CONTENTS";
- string disable_ask_upload_str =
- _("&Don't ask again for unselected profiles");
- map ui_capabilities = UI::GetDisplayInfo();
- boolean in_ncurses = ui_capabilities["TextMode"]:true;;
- term profile_contents_text = nil;
- term explanation_text = nil;
-
- if ( in_ncurses ) {
- profile_contents_text =
- `RichText( `id(`contents),`opt(`plainText), profile_rules);
- } else {
- profile_contents_text =
- `VBox(
- `VSpacing(1.25),
- `RichText( `id(`contents),`opt(`plainText), profile_rules)
- );
- }
- term control_widgets = nil;
- if ( disable_ask_upload == true ) {
- control_widgets =
- `VBox(
- `CheckBox(`id(`disable_ask_upload), `opt(`notify),
- disable_ask_upload_str),
- `VSpacing(0.5),
- `HBox(
- `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))),
- `HWeight( 50, `HCenter(`PushButton(`id(`cancel),
- Label::CancelButton())))
- )
- );
- } else {
- if ( in_ncurses ) {
- control_widgets =
- `HBox(
- `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))),
- `HWeight( 50, `HCenter(`PushButton(`id(`cancel),
- Label::CancelButton())))
- );
- } else {
- control_widgets =
- `VBox(
- `VSpacing(0.5),
- `HBox(
- `HWeight( 50, `HCenter(`PushButton(`id(`save),
- Label::OKButton()))),
- `HWeight( 50, `HCenter(`PushButton(`id(`cancel),
- Label::CancelButton())))
- )
- );
- }
- }
-
- UI::OpenDialog(
- `VBox(
- `VSpacing(0.1),
- `VWeight( 15, `Top(`Label(`id(`explanation), explanation))),
- `VSpacing(0.2),
- `VWeight( 70,
- `HBox(
- `VSpacing( 1 ),
- `HSpacing( 0.5 ),
- `Frame( `id(`select_profiles), headline,
- `HBox(
- `HWeight( 40, `MinSize( 30, 15,
- `MultiSelectionBox( `id(`profiles),
- `opt(`notify),
- _("Profiles"),
- profile_list) )
- ),
- `HWeight( 60, profile_contents_text )
- )
- ),
- `HSpacing( 0.5 )
- )
- ),
- `VSpacing( 0.2 ),
- `VWeight( 15, control_widgets ),
- `VSpacing( 0.2 )
- )
- );
- UI::ChangeWidget( `id(`profiles), `CurrentValue, first_profile_name );
-
- map event2 = $[];
- any id2 = nil;
- repeat
- {
- event2 = UI::WaitForEvent ();
- id2 = event2["ID"]:nil;
- if ( id2 == `profiles ) {
- any itemid = UI::QueryWidget( `id(`profiles), `CurrentItem );
- string stritem = tostring( itemid );
- string contents = profiles[stritem]:"MISSING CONTENTS";
- UI::ChangeWidget( `id(`contents), `Value, contents );
- }
- } until ( id2 == `save || id2 == `cancel );
-
- list selected_profiles = [];
- if (id2 == `save) {
- list<any> selected_items =
- (list<any>) UI::QueryWidget( `id(`profiles), `SelectedItems );
- integer profile_index = 0;
- foreach ( any p_name, selected_items, {
- selected_profiles[profile_index] = tostring( p_name );
- profile_index = profile_index + 1;
- });
- results["STATUS"] = "ok";
- if (get_changelog == true) {
- map<string,any> changelog_results =
- UI_ChangeLog_Dialog( $["profiles":selected_profiles] );
- if ( changelog_results["STATUS"]:"cancel" == "cancel" ) {
- results["STATUS"] = "cancel";
- } else {
- results["CHANGELOG"] = changelog_results;
- results["PROFILES"] = selected_profiles;
- }
- } else {
- results["PROFILES"] = selected_profiles;
- }
- if ( disable_ask_upload == true &&
- ((boolean) UI::QueryWidget( `id(`disable_ask_upload), `Value ))
- == true ) {
- results["NEVER_ASK_AGAIN"] = "true";
- }
- } else if ( id2 == `cancel ) {
- results["STATUS"] = "cancel";
- }
- UI::CloseDialog();
- return results;
-}
-
-/** Form_BusyFeedbackDialog
- *
- * @param agent_data - map - data from backend
- * [ title - string - explanation of the forms use ]
- *
- * @return results - map
- * [ STATUS - string - ok/cancel ]
- *
- **/
-
-define term Form_BusyFeedbackDialog( string message ) {
- //`MinSize( 10, 4, `Image(`opt(`animated), movie, "animation" ),
- //`Image(`opt(`animated), movie, "animation" ),
- string movie =
- "/usr/share/YaST2/theme/current/animations/ticks-endless.gif";
- term busy_dialog =
- `HBox(
- //`MinSize( 10, 4, `Image(`opt(`animated), movie, "animation" ) ),
- `Image(`opt(`animated), movie, "animation" ),
- `Label( message )
- );
- return busy_dialog;
-}
-
-define void UI_BusyFeedbackStart( map<any,any> agent_data ) {
- string message = agent_data["message"]:"MISSING MESSAGE";
- if ( AppArmorDialogs::busy_dialog != nil ) {
- UI::CloseDialog();
- }
- AppArmorDialogs::busy_dialog = Form_BusyFeedbackDialog( message );
- UI::OpenDialog( AppArmorDialogs::busy_dialog);
- return;
-}
-
-define void UI_BusyFeedbackStop( ) {
- if ( AppArmorDialogs::busy_dialog != nil ) {
- UI::CloseDialog();
- AppArmorDialogs::busy_dialog = nil;
- }
-}
--- a/src/include/subdomain/capabilities.ycp
+++ /dev/null
@@ -1,310 +0,0 @@
-/* ------------------------------------------------------------------
-*
-* Copyright (C) 2002-2005 Novell/SUSE
-*
-* This program is free software; you can redistribute it and/or
-* modify it under the terms of version 2 of the GNU General Public
-* License published by the Free Software Foundation.
-*
- ------------------------------------------------------------------*/
-//
-// YCP map containing definitons for Capabiltiies
-//
-{
-
-textdomain "yast2-apparmor";
-
-map<string,map> capdefs = $[
-"chown" :
- $[
- "name" : "CAP_CHOWN",
- "info" : _("<ul><li>In a system with the [_POSIX_CHOWN_RESTRICTED] option defined,
-this overrides the restriction of changing file ownership
-and group ownership.</li></ul>"),
-
- ],
-"dac_override" :
- $[
- "name" : "CAP_DAC_OVERRIDE",
- "info" : _("<ul><li>Override all DAC access, including ACL execute access if
-[_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.</li></ul>"),
-
- ],
-"dac_read_search" :
- $[
- "name" : "CAP_DAC_READ_SEARCH",
- "info" : _("<ul><li>Overrides all DAC restrictions regarding read and search
-on files and directories, including ACL restrictions if [_POSIX_ACL] is defined.
-Excluding DAC access covered by CAP_LINUX_IMMUTABLE. </li></ul>"),
-
- ],
-"fowner" :
- $[
- "name" : "CAP_FOWNER",
- "info" : _("<ul><li>Overrides all restrictions about allowed operations on files,
-where file owner ID must be equal to the user ID, except where CAP_FSETID is
-applicable. It doesn't override MAC and DAC restrictions. </li></ul>"),
-
- ],
-"fsetid" :
- $[
- "name" : "CAP_FSETID",
- "info" : _("<ul><li>Overrides the following restrictions that the effective user
-ID shall match the file owner ID when setting the S_ISUID and S_ISGID bits on that
-file; that the effective group ID (or one of the supplementary group IDs) shall match
-the file owner ID when setting the S_ISGID bit on that file; that the S_ISUID and
-S_ISGID bits are cleared on successful return from chown(2) (not implemented). </li></ul>"),
-
- ],
-"kill" :
- $[
- "name" : "CAP_KILL",
- "info" : _("<ul><li>Overrides the restriction that the real or effective user ID
-of a process sending a signal must match the real or effective user ID of the process
-receiving the signal.</li></ul>"),
-
- ],
-"setgid" :
- $[
- "name" : "CAP_SETGID",
- "info" : _("<ul><li>Allows setgid(2) manipulation </li> <li> Allows setgroups(2) </li>
-<li> Allows forged gids on socket credentials passing. </li></ul>"),
-
- ],
-"setuid" :
- $[
- "name" : "CAP_SETUID",
- "info" : _("<ul><li>Allows setuid(2) manipulation (including fsuid) </li>
-<li> Allows forged pids on socket credentials passing. </li></ul>"),
-
- ],
-"setpcap" :
- $[
- "name" : "CAP_SETPCAP",
- "info" : _("<ul><li> Transfer any capability in your permitted set to any pid,
-remove any capability in your permitted set from any pid</li></ul>"),
-
- ],
-"linux_immutable" :
- $[
- "name" : "CAP_LINUX_IMMUTABLE",
- "info" : _("<ul><li>Allows modification of S_IMMUTABLE and S_APPEND file attributes</li></ul>"),
-
- ],
-"net_bind_service" :
- $[
- "name" : "CAP_NET_BIND_SERVICE",
- "info" : _("<ul><li>Allows binding to TCP/UDP sockets below 1024 </li>
-<li> Allows binding to ATM VCIs below 32</li></ul>"),
-
- ],
-"net_broadcast" :
- $[
- "name" : "CAP_NET_BROADCAST",
- "info" : _("<ul><li> Allows broadcasting, listen to multicast </li></ul>"),
-
- ],
-"net_admin" :
- $[
- "name" : "CAP_NET_ADMIN",
- "info" : _("<ul><li> Allows interface configuration</li>
-<li> Allows administration of IP firewall, masquerading and accounting</li>
-<li> Allows setting debug option on sockets</li>
-<li> Allows modification of routing tables</li>") +
-
-_("<li> Allows setting arbitrary process / process group ownership on sockets</li>
-<li> Allows binding to any address for transparent proxying</li>
-<li> Allows setting TOS (type of service)</li>
-<li> Allows setting promiscuous mode</li>
-<li> Allows clearing driver statistics</li>") +
-
-_("<li> Allows multicasting</li>
-<li> Allows read/write of device-specific registers</li>
-<li> Allows activation of ATM control sockets </li>
-</ul>"),
-
- ],
-"net_raw" :
- $[
- "name" : "CAP_NET_RAW",
- "info" : _("<ul><li> Allows use of RAW sockets</li>
-<li> Allows use of PACKET sockets </li></ul>"),
-
- ],
-"ipc_lock" :
- $[
- "name" : "CAP_IPC_LOCK",
- "info" : _("<ul><li> Allows locking of shared memory segments</li>
-<li> Allows mlock and mlockall (which doesn't really have anything to do with IPC) </li></ul>"),
-
- ],
-"ipc_owner" :
- $[
- "name" : "CAP_IPC_OWNER",
- "info" : _("<ul><li> Override IPC ownership checks </li></ul>"),
-
- ],
-"sys_module" :
- $[
- "name" : "CAP_SYS_MODULE",
- "info" : _("<ul><li> Insert and remove kernel modules - modify kernel without limit</li>
-<li> Modify cap_bset </li></ul>"),
-
- ],
-"sys_rawio" :
- $[
- "name" : "CAP_SYS_RAWIO",
- "info" : _("<ul><li> Allows ioperm/iopl access</li>
-<li> Allows sending USB messages to any device via /proc/bus/usb </li></ul>"),
-
- ],
-"sys_chroot" :
- $[
- "name" : "CAP_SYS_CHROOT",
- "info" : _("<ul><li> Allows use of chroot() </li></ul>"),
-
- ],
-"sys_ptrace" :
- $[
- "name" : "CAP_SYS_PTRACE",
- "info" : _("<ul><li> Allows ptrace() of any process </li></ul>"),
-
- ],
-"sys_pacct" :
- $[
- "name" : "CAP_SYS_PACCT",
- "info" : _("<ul><li> Allows configuration of process accounting </li></ul>"),
-
- ],
-"sys_admin" :
- $[
- "name" : "CAP_SYS_ADMIN",
- "info" : _("<ul><li> Allows configuration of the secure attention key</li>
-<li> Allows administration of the random device</li>
-<li> Allows examination and configuration of disk quotas</li>
-<li> Allows configuring the kernel's syslog (printk behaviour)</li>") +
-
-_("<li> Allows setting the domain name</li>
-<li> Allows setting the hostname</li>
-<li> Allows calling bdflush()</li>
-<li> Allows mount() and umount(), setting up new smb connection</li>
-<li> Allows some autofs root ioctls</li>") +
-
-_("<li> Allows nfsservctl</li>
-<li> Allows VM86_REQUEST_IRQ</li>
-<li> Allows to read/write pci config on alpha</li>
-<li> Allows irix_prctl on mips (setstacksize)</li>
-<li> Allows flushing all cache on m68k (sys_cacheflush)</li>") +
-
-_("<li> Allows removing semaphores</li>
-<li> Used instead of CAP_CHOWN to \"chown\" IPC message queues, semaphores and shared memory</li>
-<li> Allows locking/unlocking of shared memory segment</li>
-<li> Allows turning swap on/off</li>
-<li> Allows forged pids on socket credentials passing</li>") +
-
-_("<li> Allows setting read ahead and flushing buffers on block devices</li>
-<li> Allows setting geometry in floppy driver</li>
-<li> Allows turning DMA on/off in xd driver</li>
-<li> Allows administration of md devices (mostly the above, but some extra ioctls)</li>") +
-
-_("<li> Allows tuning the ide driver</li>
-<li> Allows access to the nvram device</li>
-<li> Allows administration of apm_bios, serial and bttv (TV) device</li>
-<li> Allows manufacturer commands in isdn CAPI support driver</li>") +
-
-_("<li> Allows reading non-standardized portions of pci configuration space</li>
-<li> Allows DDI debug ioctl on sbpcd driver</li>
-<li> Allows setting up serial ports</li>
-<li> Allows sending raw qic-117 commands</li>") +
-
-_("<li> Allows enabling/disabling tagged queuing on SCSI controllers
- and sending arbitrary SCSI commands</li>
-<li> Allows setting encryption key on loopback filesystem </li></ul>"),
-
- ],
-"sys_boot" :
- $[
- "name" : "CAP_SYS_BOOT",
- "info" : _("<ul><li> Allows use of reboot() </li></ul>"),
-
- ],
-"sys_nice" :
- $[
- "name" : "CAP_SYS_NICE",
- "info" : _("<ul><li> Allows raising priority and setting priority on other (different UID) processes</li>
-<li> Allows use of FIFO and round-robin (realtime) scheduling on own processes and setting
-the scheduling algorithm used by another process.</li>
-<li> Allows setting cpu affinity on other processes </li></ul>"),
- ],
-"sys_resource" :
- $[
- "name" : "CAP_SYS_RESOURCE",
- "info" : _("<ul><li> Override resource limits. Set resource limits.</li>
-<li> Override quota limits.</li>
-<li> Override reserved space on ext2 filesystem</li>
-<li> Modify data journaling mode on ext3 filesystem (uses journaling resources)</li>") +
-
-_("<li> NOTE: ext2 honors fsuid when checking for resource overrides, so you can override using fsuid too</li>
-<li> Override size restrictions on IPC message queues</li>
-<li> Allows more than 64hz interrupts from the real-time clock</li>
-<li> Override max number of consoles on console allocation</li>
-<li> Override max number of keymaps </li></ul>"),
- ],
-"sys_time" :
- $[
- "name" : "CAP_SYS_TIME",
- "info" : _("<ul><li> Allows manipulation of system clock</li>
-<li> Allows irix_stime on mips</li>
-<li> Allows setting the real-time clock </li></ul>"),
- ],
-"sys_tty_config" :
- $[
- "name" : "CAP_SYS_TTY_CONFIG",
- "info" : _("<ul><li> Allows configuration of tty devices</li>
-<li> Allows vhangup() of tty </li></ul>"),
- ],
-"mknod" :
- $[
- "name" : "CAP_MKNOD",
- "info" : _("<ul><li> Allows the privileged aspects of mknod() </li></ul>"),
- ],
-"lease" :
- $[
- "name" : "CAP_LEASE",
- "info" : _("<ul><li> Allows taking of leases on files </li></ul>"),
- ],
-];
-
-
-map<string,string> linnametolp = $[
-"CAP_CHOWN" : "chown",
-"CAP_DAC_OVERRIDE" : "dac_override",
-"CAP_DAC_READ_SEARCH" : "dac_read_search",
-"CAP_FOWNER" : "fowner",
-"CAP_FSETID" : "fsetid",
-"CAP_KILL" : "kill",
-"CAP_SETGID" : "setgid",
-"CAP_SETUID" : "setuid",
-"CAP_SETPCAP" : "setpcap",
-"CAP_LINUX_IMMUTABLE" : "linux_immutable",
-"CAP_NET_BIND_SERVICE" : "net_bind_service",
-"CAP_NET_BROADCAST" : "net_broadcast",
-"CAP_NET_ADMIN" : "net_admin",
-"CAP_NET_RAW" : "net_raw",
-"CAP_IPC_LOCK" : "ipc_lock",
-"CAP_IPC_OWNER" : "ipc_owner",
-"CAP_SYS_MODULE" : "sys_module",
-"CAP_SYS_RAWIO" : "sys_rawio",
-"CAP_SYS_CHROOT" : "sys_chroot",
-"CAP_SYS_PTRACE" : "sys_ptrace",
-"CAP_SYS_PACCT" : "sys_pacct",
-"CAP_SYS_ADMIN" : "sys_admin",
-"CAP_SYS_BOOT" : "sys_boot",
-"CAP_SYS_NICE" : "sys_nice",
-"CAP_SYS_RESOURCE" : "sys_resource",
-"CAP_SYS_TIME" : "sys_time",
-"CAP_SYS_TTY_CONFIG" : "sys_tty_config",
-"CAP_MKNOD" : "mknod",
-"CAP_LEASE" : "lease",
-];
-}
--- a/src/include/subdomain/config_complain.ycp
+++ /dev/null
@@ -1,227 +0,0 @@
-/* ------------------------------------------------------------------
-*
-* Copyright (C) 2002-2005 Novell/SUSE
-*
-* This program is free software; you can redistribute it and/or
-* modify it under the terms of version 2 of the GNU General Public
-* License published by the Free Software Foundation.
-*
- ------------------------------------------------------------------*/
-
-{
-textdomain "yast2-apparmor";
-
-import "Label";
-
-string modeHelp = _("<p><b>Profile Mode Configuration</b><br>This tool allows
-you to set AppArmor profiles to either complain or enforce mode.</p>") +
-
-_("<p><b>Complain mode</b> is a profile training state that logs application
-activity. All the violations of the AppArmor profile rules are logged
-(into <i>/var/log/audit/audit.log</i> file), but still permitted, so
-that application's behavior is not restricted.</p>") +
-
-_("<p>With the profile in <b>enforce mode</b>, application is protected by
-AppArmor. The profile rules are enforced and their violation is logged,
-but not permitted (e.g. an application cannot access files, unless it is
-permitted to do so by the profile).</p>");
-
-boolean showAll = false; // Button for showing active or all profiles
-
-define void updateComplain(any id, string profile, string mode, boolean showAll) {
-
- boolean error = false;
- map<string,string> profCmd = $[ ];
-
- if (id == `allEnforce || id == `allComplain) {
- profCmd["all"] = "1";
- } else if ( profile != "" ) {
- profCmd["profile"] = profile;
- } else {
- Popup::Error( _("Couldn't recognize profile name: ") + profile );
- return;
- }
-
- if ( id == `toggle && mode != "" ) {
- // Reverse modes for toggling
- if ( mode == "enforce" ) {
- profCmd["mode"] = "complain";
- } else if (mode == "complain") {
- profCmd["mode"] = "enforce";
- } else {
- error = true;
- Popup::Error( _("Couldn't recognize mode: ") + mode );
- }
- } else if ( id != `toggle ) {
- profCmd["mode"] = mode;
- }
-
- if ( showAll == true ) {
- profCmd["showall"] = "1";
- } else {
- profCmd["showall"] = "0";
- }
-
- SCR::Write(.complain, profCmd);
-
- return;
-}
-
-define list<term> getRecordList(boolean showAll) {
-
- map<string,string> Settings = $[ ];
- Settings["list"] = "1";
-
- if ( showAll == true ) {
- Settings["showall"] = "1";
- } else {
- Settings["showall"] = "0";
- }
-
- list<term> recList = [];
- integer key = 1;
-
- // restarts ag_complain agent if necessary
- list <map> db = nil;
- while ( db == nil ) {
- db = (list <map>) SCR::Read (.complain, Settings);
- }
-
- foreach ( map record, db, {
- recList = add( recList, `item( `id(key), record["name"]:nil, record["mode"]:nil ));
- key = key + 1;
- });
-
- return recList;
-}
-
-define term getProfModeForm(list<term> recList, boolean showAll ) {
-
- term allBtn = `PushButton(`id(`showAll), _("Show All Profiles") );
- string allText = _("Configure Mode for Active Profiles");
-
- if ( showAll && showAll == true ) {
- allBtn = `PushButton(`id(`showAct), _("Show Active Profiles") );
- allText = _("Configure Mode for All Profiles");
- }
-
- term modeForm =
-
- `Frame( `id(`changeMode), allText,
- //`Frame( `id(`changeMode), _("Configure Profile Mode"),
- `VBox(
- `VSpacing(2),
- `HBox(
- `VSpacing(10),
- `Table(`id(`table), `opt(`notify), `header(_("Profile Name"), _("Mode")), recList)
- ),
- `VSpacing(0.5),
- `HBox(
- allBtn,
- `PushButton(`id(`toggle), _("Toggle Mode") ),
- `PushButton(`id(`allEnforce), _("Set All to Enforce") ),
- `PushButton(`id(`allComplain), _("Set All to Complain") )
- ))
- );
-
- return modeForm;
-}
-
-define term updateModeConfigForm(boolean showAll) {
-
- list<term> recList = getRecordList(showAll);
- term newModeForm = getProfModeForm(recList, showAll);
-
- return newModeForm;
-}
-
-// Profile Mode Configuration -- Sets Complain and Enforce Behavior
-define symbol profileModeConfigForm() {
-
- list<term> recList = getRecordList(showAll);
- term modeForm = getProfModeForm(recList, showAll);
- Wizard::CreateDialog();
- Wizard::SetContentsButtons( _("Profile Mode Configuration"), modeForm, modeHelp, Label::BackButton(), _("&Done") );
-
- map event = $[];
- any id = nil;
- boolean modified = false;
-
- while( true ) {
-
- event = UI::WaitForEvent();
-
- id = event["ID"]:nil; // We'll need this often - cache it
- string profile = nil;
- string mode = nil;
-
- if ( id == `abort || id == `cancel || id == `back ) {
- break;
-
- } else if ( id == `next ) {
- integer ret = -1;
- if ( modified )
- ret = (integer) SCR::Execute (.target.bash, "/sbin/rcsubdomain reload > /dev/null 2>&1");
- else {
- y2milestone("No change to Apparmor profile modes - nothing to do.");
- break;
- }
- if ( ret == 0)
- y2milestone("Apparmor profiles reloaded succesfully.");
- else
- y2error("Reloading Apparmor profiles failed with exit code %1", ret);
-
- break;
- } else if ( id == `showAll ) {
-
- showAll = true;
- Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") );
- continue;
-
- } else if ( id == `showAct ) {
-
- showAll = false;
- Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") );
- continue;
-
- } else if ( id == `toggle) {
- integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
- profile = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "");
- mode = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 2, "");
-
- updateComplain(id, profile, mode, showAll);
- modified = true;
- Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") );
- continue;
-
- } else if ( id == `allEnforce || id == `allComplain) {
-
- profile = "";
-
- if ( id == `allEnforce ) {
- mode = "enforce";
- } else {
- mode = "complain";
- }
-
- updateComplain(id, profile, mode, showAll);
- modified = true;
- Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, Label::BackButton(), _("&Done") );
- continue;
-
- } else if ( id == `table ) {
-
- Popup::Message( _("Please select an action to perform from the buttons below.") );
-
- } else {
- y2error("Unexpected return code: %1", id);
- break;
- }
- }
-
- Wizard::CloseDialog(); // new
- return (symbol) id;
-}
-
-/* EOF */
-}
--- a/src/include/subdomain/helps.ycp
+++ /dev/null
@@ -1,219 +0,0 @@
-/* ------------------------------------------------------------------
-*
-* Copyright (C) 2002-2005 Novell/SUSE
-*
-* This program is free software; you can redistribute it and/or
-* modify it under the terms of version 2 of the GNU General Public
-* License published by the Free Software Foundation.
-*
- ------------------------------------------------------------------*/
-
-{
-
-textdomain "yast2-apparmor";
-
-/* START Help Section
-************************************************************/
-map <string, any> helps = $[
- "EventNotifyHelpText" :
- _("<p>The Security Event Notification screen enables you to setup email
-alerts for security events. In the following steps, specify how often
-alerts are sent, who receives the alert, and how severe the security
-event must be to send an alert.</p>") +
-
- _("<p><b>Notification Types</b><br> <b>Terse Notification:</b>
-Terse notification summarizes the total number of system events without
-providing details. <br>For example:<br> <tt>dhcp-101.up.wirex.com has
-had 10 security events since Tue Oct 12 11:10:00 2004</tt></p>") +
-
- _("<p><b>Summary Notification:</b> The Summary notification displays
-the logged AppArmor security events, and lists the number of
-individual occurrences, including the date of the last occurrence.
-<br>For example:<br> <tt>SubDomain: PERMITTING access to capability
-'setgid' (httpd2-prefork(6347) profile /usr/sbin/httpd2-prefork
-active /usr/sbin/httpd2-prefork) 2 times, the latest at Sat Oct 9 16:05:54 2004.</tt>
-</p>") +
-
- _("<p><b>Verbose Notification:</b> The Verbose notification displays
-unmodified, logged AppArmor security events. It tells you every time
-an event occurs and writes a new line in the Verbose log. These
-security events include the date and time the event occurred, when
-the application profile permits access as well as rejects access,
-and the type of file permission access that is permitted or rejected.</p>") +
-
- _("<p>Verbose Notification also reports several messages that
-the logprof tool uses to interpret profiles. <br>For example:<br>
-<tt> Oct 9 15:40:31 SubDomain: PERMITTING r access to
-/etc/apache2/httpd.conf (httpd2-prefork(6068) profile
-/usr/sbin/httpd2-prefork active /usr/sbin/httpd2-prefork)</tt></p>") +
-
- "<ol>" + _("<li> For each notification type that you would like
-enabled, select the frequency of notification that you would
-like. For example, if you select <b>1 day</b> from the
-pull-down list, you will be sent daily notifications of
-security events, if they occur.</li>") +
-
- _("<li> Enter the email address of those who should receive
-the Terse, Summary, or Verbose notifications.If there is no local
-SMTP server configured to distribute e-mails from this host to the
-domain you entered, enter for example <i><user>@localhost</i>
-and enable <i><user></i> to receive system mail, if it is not
-a root user. </li>") +
-
- _("<li>Select the lowest <b>severity level</b> for which a notification
-should be sent. Security events will be logged and the notifications
-will be sent at the time indicated by the interval when events are
-equal or greater than the selected severity level. If the interval
-is 1 day, the notification will be sent daily, if security events
-occur.") +
-
- _("<b>Severity Levels:</b> These are numbered 1 through 10,
-10 being the most severe security incident. The <b>severity.db</b>
-file defines the severity level of potential security events.
-The severity levels are determined by the importance of
-different security events, such as certain resources accessed
-or services denied.</li>") +
-
- _("<li>Select <b>Include unknown security events</b> if
-you would like to include events that are not rated with a severity number.</li>") +
- "</ol>",
-// ----------------------------
- "profileWizard" :
- _("<b>AppArmor Profiling Wizard</b><br>") +
- _("This wizard presents entries generated by the AppArmor access control module.
-You can generate highly optimized and robust security profiles
-by using the suggestions made by AppArmor.") +
-
- _("AppArmor suggests that you allow or deny access to specific resources
-or define execute permission for entries. Questions
-that display were logged during the normal application
-execution test previously performed. <br>") +
-
- _("The following help text describes the detail of the security profile
-syntax used by AppArmor. <br><br>At any stage, you may
-customize the profile entry by changing the suggested response.
-This overview will assist you in your options. Refer to the
-Novell AppArmor Administration Guide for step-by-step
-instructions. <br><br>") +
-
- _("<b>Access Modes</b><br>") +
- _("File permission access modes consists of combinations of the following six modes:") +
-
- "<ul>" +
- _("<li>r - read</li>") +
- _("<li>w - write</li>") +
- _("<li>m - mmap PROT_EXEC</li>") +
- _("<li>px - discrete profile execute</li>") +
- _("<li>ux - unconfined execute</li>") +
- _("<li>ix - inherit execute</li>") +
- _("<li>l - link</li>") + "</ul>" +
-
- _("<b>Details for Access Modes</b>") +
- "<br><br>" +
-
- _("<b>Read mode</b><br>") +
- _("Allows the program to have read access to the
-resource. Read access is required for shell scripts
-and other interpreted content, and determines if an
-executing process can core dump or be attached to with
-ptrace(2). (ptrace(2) is used by utilities such as
-strace(1), ltrace(1), and gdb(1).)") +
- "<br><br>" +
-
- _("<b>Write mode</b><br>") +
- _("Allows the program to have write access to the
-resource. Files must have this permission if they are
-to be unlinked (removed.)") +
- "<br><br>" +
-
- _("<b>Mmap PROT_EXEC mode</b><br>") +
- _("Allows the program to call mmap with PROT_EXEC on the
-resource.") +
- "<br><br>" +
-
- _("<b>Unconfined execute mode</b><br>") +
- _("Allows the program to execute the resource without any
-AppArmor profile being applied to the executed
-resource. Requires listing execute mode as well.
-Incompatible with Inherit and Discrete Profile execute
-entries.") +
- "<br><br>" +
-
- _("This mode is useful when a confined program needs to
-be able to perform a privileged operation, such as
-rebooting the machine. By placing the privileged section
-in another executable and granting unconfined
-execution rights, it is possible to bypass the mandatory
-constraints imposed on all confined processes.
-For more information on what is constrained, see the
-subdomain(7) man page.") +
- "<br><br>" +
-
- _("<b>Discrete Profile execute mode</b><br>") +
- _("This mode requires that a discrete security profile is
-defined for a resource executed at a AppArmor domain
-transition. If there is no profile defined then the
-access will be denied. Incompatible with Inherit and
-Unconstrained execute entries.") +
- "<br><br>" +
-
- _("<b>Link mode</b><br>") +
- _("Allows the program to be able to create and remove a
-link with this name (including symlinks). When a link
-is created, the file that is being linked to MUST have
-the same access permissions as the link being created
-(with the exception that the destination does not have
-to have link access.) Link access is required for
-unlinking a file.") +
- "<br><br>" +
-
- _("<b>Globbing</b>") +
- "<br><br>" +
- _("File resources may be specified with a globbing syntax
-similar to that used by popular shells, such as csh(1),
-bash(1), zsh(1).") +
- "<br>" +
-
- "<ul>" +
- _("<li><b>*</b> can substitute for any number of characters, except '/'<li>") +
- _("<li><b>**</b> can substitute for any number of characters, including '/'</li>") +
- _("<li><b>?</b> can substitute for any single character except '/'</li>") +
- _("<li><b>[abc]</b> will substitute for the single character a, b, or c</li>") +
- _("<li><b>[a-c]</b> will substitute for the single character a, b, or c</li>") +
- _("<li><b>{ab,cd}</b> will expand to one rule to match ab, one rule to match cd</li>") +
- "</ul>" +
-
- _("<b>Clean Exec - for sanitized execution</b>") +
- "<br><br>" +
- _("The Clean Exec option for the discrete profile and unconstrained
-execute permissions provide added security by stripping the
-environment that is inherited by the child program of specific
-variables. You will be prompted to choose whether you want to sanitize the
-environment if you choose 'p' or 'u' during the profiling process.
-The variables are:") +
-
- "<ul>" +
- "<li>GCONV_PATH</li>" +
- "<li>GETCONF_DIR</li>" +
- "<li>HOSTALIASES</li>" +
- "<li>LD_AUDIT</li>" +
- "<li>LD_DEBUG</li>" +
- "<li>LD_DEBUG_OUTPUT</li>" +
- "<li>LD_DYNAMIC_WEAK</li>" +
- "<li>LD_LIBRARY_PATH</li>" +
- "<li>LD_ORIGIN_PATH</li>" +
- "<li>LD_PRELOAD</li>" +
- "<li>LD_PROFILE</li>" +
- "<li>LD_SHOW_AUXV</li>" +
- "<li>LD_USE_LOAD_BIAS</li>" +
- "<li>LOCALDOMAIN</li>" +
- "<li>LOCPATH</li>" +
- "<li>MALLOC_TRACE</li>" +
- "<li>NLSPATH</li>" +
- "<li>RESOLV_HOST_CONF</li>" +
- "<li>RES_OPTION</li>" +
- "<li>TMPDIR</li>" +
- "<li>TZDIR</li> </ul>",
-
- ];
-}
--- a/src/include/subdomain/profile_dialogs.ycp
+++ /dev/null
@@ -1,1147 +0,0 @@
-/* ------------------------------------------------------------------
-*
-* Copyright (C) 2002-2005 Novell/SUSE
-*
-* This program is free software; you can redistribute it and/or
-* modify it under the terms of version 2 of the GNU General Public
-* License published by the Free Software Foundation.
-*
- ------------------------------------------------------------------*/
-{
-import "Wizard";
-import "Popup";
-import "Label";
-import "Map";
-include "subdomain/capabilities.ycp";
-textdomain "yast2-apparmor";
-
-// Globalz
-integer timeout_millisec = 20 * 1000;
-map<string,any> Settings = $[
- "CURRENT_PROFILE" : ""
-];
-
-
-define map capabilityEntryPopup( map capmap,
- string linuxcapname,
- string profile ) {
- map results = $[];
- string lpname = linnametolp[linuxcapname]:"";
- map cdef = capdefs[lpname]:nil;
- list caplist = [];
- boolean capbool = false;
- foreach( string clname, string clpname, (map<string,string>) linnametolp, {
- if ( capmap[clpname]:nil != nil) capbool = true;
- caplist = add( caplist, `item( `id(clname), clname, capbool) );
- capbool = false;
- });
- string info = (string) cdef["info"]:_("<b>Capability Selection</b>.
-<br>Select desired capabilities for this profile.
-Select a Capability name to see information about the capability.");
- string frametitle = " " + _("Capabilities enabled for the profile") + " " + profile + " ";
- UI::OpenDialog(
- `VBox(
- `HSpacing( 75 ),
- `VSpacing( `opt(`hstretch), 1 ),
- `HBox(
- `VSpacing( 20 ),
- `HSpacing( 0.5 ),
- `Frame( frametitle,
- `HBox(
- `HWeight( 30,
- `MultiSelectionBox( `id(`caps), `opt(`notify), _("Capabilities"), caplist)
- ),
- `HWeight( 60, `RichText( `id(`captext), info) )
- )
- ),
- `HSpacing( 0.05 )
- ),
- `VSpacing( 0.5 ),
- `HBox(
- `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))),
- `HWeight( 50, `HCenter(`PushButton(`id(`cancel), Label::CancelButton())))
- ),
- `VSpacing( `opt(`hstretch), 0.5 )
- )
- );
-
- if ( linuxcapname != "" ) {
- UI::ChangeWidget( `id(`caps), `CurrentItem, linuxcapname );
- }
-
- map event2 = $[];
- any id2 = nil;
- repeat
- {
- event2 = UI::WaitForEvent( timeout_millisec );
- id2 = event2["ID"]:nil; // We'll need this often - cache it
- if ( id2 == `caps ) {
- any itemid = UI::QueryWidget( `id(`caps), `CurrentItem );
- list selecteditems = (list) UI::QueryWidget( `id(`caps), `SelectedItems );
- string stritem = tostring( itemid );
- string capindex = linnametolp[stritem]:"";
- map cdf = capdefs[capindex]:nil;
- string cdfi = cdf["info"]:"";
- UI::ChangeWidget( `id(`captext), `Value, cdfi );
- }
- } until ( id2 == `save || id2 == `cancel );
-
- map<string, map> newcapmap = $[];
- if ( id2 == `save ) {
- list<any> selectedcaps = (list<any>) UI::QueryWidget( `id(`caps), `SelectedItems );
- string s = "";
- foreach( any cpname, selectedcaps, {
- s = linnametolp[tostring(cpname)]:"";
- newcapmap = add( newcapmap, s, $["audit":0, "set":1]);
- });
- }
- UI::CloseDialog();
- if ( id2 == `cancel ) {
- return capmap;
- }
- return newcapmap;
-}
-
-
-define string networkEntryPopup( string rule ) {
- integer listnum = 0;
- list netlist = splitstring( rule, " " );
- integer netrulesize = size( netlist );
- string family = "";
- string sockettype = "";
- if ( netrulesize == 1 ) {
- family = "All";
- } else if ( netrulesize == 2 ) {
- family = netlist[1]:"";
- } else if ( netrulesize == 3 ) {
- family = netlist[1]:"";
- sockettype = netlist[2]:"";
- }
-
- list<term> famList = [
- `item( `id( `allfam ), _("All") ),
- `item( `id( `inet ), "inet" ),
- `item( `id( `inet6 ), "inet6" ),
- `item( `id( `ax25 ), "ax25" ),
- `item( `id( `ipx ), "ipx" ),
- `item( `id( `appletalk ), "appletalk" ),
- `item( `id( `netrom ), "netrom" ),
- `item( `id( `bridge ), "bridge" ),
- `item( `id( `atmpvc ), "atmpvc" ),
- `item( `id( `x25 ), "x25" ),
- `item( `id( `rose ), "rose" ),
- `item( `id( `netbeui ), "netbeui" ),
- `item( `id( `security ), "security" ),
- `item( `id( `key ), "key" ),
- `item( `id( `packet ), "packet" ),
- `item( `id( `ash ), "ash" ),
- `item( `id( `econet ), "econet" ),
- `item( `id( `atmsvc ), "atmsvc" ),
- `item( `id( `sna ), "sna" ),
- `item( `id( `irda ), "irda" ),
- `item( `id( `ppox ), "pppox" ),
- `item( `id( `wanpipe ), "wanpipe" ),
- `item( `id( `bluetooth ), "bluetooth" ),
- ];
-
- list<term> typeList = [
- `item( `id( `alltype ), _("All") ),
- `item( `id( `stream ), "stream" ),
- `item( `id( `dgram ), "dgram" ),
- `item( `id( `seqpacket ), "seqpacket" ),
- `item( `id( `rdm ), "rdm" ),
- `item( `id( `raw ), "raw" ),
- `item( `id( `packet ), "packet" ),
- `item( `id( `dccp ), "dccp" ),
- ];
-
- map results = $[];
-
- UI::OpenDialog(
- `VBox(
- `VSpacing( 1 ),
- `HBox(
- `HCenter( `ComboBox( `id(`famItems),
- `opt(`notify),
- _("Network Family"),
- famList
- )
- ),
- `HSpacing(`opt(`hstretch), 0.2),
- `HCenter( `ComboBox( `id(`typeItems),
- `opt(`notify),
- _("Socket Type"),
- typeList
- )
- )
- ),
- `VSpacing(1),
- `HBox(
- `HCenter(`PushButton(`id(`cancel), Label::CancelButton())),
- `HCenter(`PushButton(`id(`save), Label::SaveButton()))
- ),
- `VSpacing(0.5)
- )
- );
-
- if ( rule == "" || family == "All" ) {
- UI::ChangeWidget( `famItems, `Value, `allfam );
- UI::ChangeWidget( `typeItems, `Value, `alltype );
- UI::ChangeWidget( `typeItems, `Enabled, false );
- } else {
- if ( family != "" ) {
- UI::ChangeWidget( `famItems, `Value, symbolof(toterm(family)) );
- }
- if ( sockettype != "" ) {
- UI::ChangeWidget( `typeItems, `Value, symbolof(toterm(sockettype)) );
- }
- }
- map event2 = $[];
- any id2 = nil; // We'll need this often - cache it
- repeat
- {
- event2 = UI::WaitForEvent( timeout_millisec );
- id2 = event2["ID"]:nil; // We'll need this often - cache it
- if ( id2 == `famItems ) {
- if ( UI::QueryWidget( `famItems, `Value ) == `allfam ) {
- UI::ChangeWidget( `typeItems, `Value, `alltype );
- UI::ChangeWidget( `typeItems, `Enabled, false );
- } else {
- UI::ChangeWidget( `typeItems, `Enabled, true );
- }
- }
- } until ( id2 == `save || id2 == `cancel );
- if ( id2 == `save ) {
- rule = "network";
- symbol famselection = (symbol) UI::QueryWidget( `famItems, `Value );
- symbol typeselection = (symbol) UI::QueryWidget( `typeItems, `Value );
- if ( famselection != `allfam ) {
- rule = rule + " " + substring( tostring(famselection), 1);
- if ( typeselection != `alltype ) {
- rule = rule + " " + substring( tostring(typeselection), 1);
- }
- }
- } else {
- rule = "";
- }
- UI::CloseDialog();
- return rule;
-}
-
-
-//
-// Popup the Edit Profile Entry dialog
-// return a map containing PERM and FILE
-// for the updated permissions and filename
-// for the profile entry
-//
-
-define map pathEntryPopup( string filename, string perms, string profile, string filetype ) {
- map results = $[];
- UI::OpenDialog(
- `VBox(
- `VSpacing( `opt(`hstretch), 1 ),
- `HSpacing( 45 ),
- `HBox(
- `VSpacing( 10 ),
- `HSpacing( 0.75 ),
- `Frame( _("Profile Entry For ") + profile,
- `HBox(
- `HWeight( 60,
- `VBox(
- `TextEntry(`id(`filename), _("Enter or modify Filename")),
- `HCenter(`PushButton(`id(`browse), _("&Browse") ))
- )
- ),
- `HWeight( 40,
- `MultiSelectionBox( `id(`perms), `opt(`notify), _("Permissions"),
- [ `item( `id(`read), _("Read"), issubstring(perms, "r")),
- `item( `id(`write), _("Write"), issubstring(perms, "w")),
- `item( `id(`link), _("Link"), issubstring(perms, "l")),
- `item( `id(`append), _("Append"), issubstring(perms, "a")),
- `item( `id(`lock), _("Lock"), issubstring(perms, "k")),
- `item( `id(`mmap), _("MMap PROT_EXEC"), issubstring(perms, "m")),
- `item( `id(`execute), _("Execute"), issubstring(perms, "x")),
- `item( `id(`inherit), _("Inherit"), issubstring(perms, "i")),
- `item( `id(`profile), _("Profile"), issubstring(perms, "p")),
- `item( `id(`clean_profile), _("Profile Clean Exec"), issubstring(perms, "P")),
- `item( `id(`unconstrained), _("Unconstrained"), issubstring(perms, "u")),
- `item( `id(`clean_unconstrained), _("Unconstrained Clean Exec"), issubstring(perms, "U"))
- ]
- )
- )
- )
- ),
- `HSpacing( 0.75 )
- ),
- `VSpacing( 0.5 ),
- `HBox(
- `HWeight( 50, `HCenter(`PushButton(`id(`save), Label::OKButton()))),
- `HWeight( 50, `HCenter(`PushButton(`id(`cancel), Label::CancelButton())))
- ),
- `VSpacing( `opt(`hstretch), 0.5 )
- )
- );
- UI::ChangeWidget(`id(`filename), `Value, filename);
- map event2 = $[];
- any id2 = nil; // We'll need this often - cache it
- repeat
- {
- event2 = UI::WaitForEvent( timeout_millisec );
- id2 = event2["ID"]:nil; // We'll need this often - cache it
-
- //
- // Something clicked in the 'perms list
- //
- if ( id2 == `perms ) {
- any itemid = UI::QueryWidget( `id(`perms), `CurrentItem );
- list selecteditems = (list) UI::QueryWidget( `id(`perms), `SelectedItems );
- if ( itemid == `execute ) {
- //
- // If we turn off Execute bit then also
- // turn off execute modifiers
- //
- if ( contains( selecteditems, `execute ) == false ) {
- if ( contains( selecteditems, `inherit )) {
- selecteditems = filter (any k, selecteditems, { return (k != `inherit); });
- UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems );
- }
- if ( contains( selecteditems, `profile )) {
- selecteditems = filter (any k, selecteditems, { return (k != `profile); });
- UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems );
- }
- if ( contains( selecteditems, `unconstrained )) {
- selecteditems = filter (any k, selecteditems, { return (k != `unconstrained); });
- UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems );
- }
- if ( contains( selecteditems, `clean_unconstrained )) {
- selecteditems = filter (any k, selecteditems, { return (k != `clean_unconstrained); });
- UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems );
- }
- if ( contains( selecteditems, `clean_profile )) {
- selecteditems = filter (any k, selecteditems, { return (k != `clean_profile); });
- UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems );
- }
- } else if (!( contains( selecteditems, `inherit ) ||
- contains( selecteditems, `unconstrained ) ||
- contains( selecteditems, `clean_unconstrained ) ||
- contains( selecteditems, `clean_profile ) ||
- contains( selecteditems, `profile ))
- ) {
- //if you just select X alone then by default you get P
- selecteditems = prepend( selecteditems, `profile);
- UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems );
- }
- }
-
- //
- // Execute modifier is selected
- // -- if Execute is NOT ON then turn Execute ON
- // -- ensure that only one modifier is selected.
- //
- if (( contains( selecteditems, `inherit ) ||
- contains( selecteditems, `clean_unconstrained ) ||
- contains( selecteditems, `clean_profile ) ||
- contains( selecteditems, `unconstrained ) ||
- contains( selecteditems, `profile )) ) {
- if ( contains( selecteditems, `execute ) == false ) {
- selecteditems = prepend( selecteditems, `execute);
- UI::ChangeWidget( `id(`perms), `SelectedItems, selecteditems );
- } else if ( itemid == `profile ) {
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `inherit); });
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `clean_unconstrained); });
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `clean_profile); });
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `unconstrained); });
- UI::ChangeWidget( `id(`perms),
- `SelectedItems,
- selecteditems );
- } else if ( itemid == `inherit ) {
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `profile); });
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `unconstrained); });
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `clean_unconstrained); });
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `clean_profile); });
- UI::ChangeWidget( `id(`perms),
- `SelectedItems,
- selecteditems );
- } else if ( itemid == `unconstrained ) {
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `profile); });
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `inherit); });
- selecteditems =
- filter (any k,
- selecteditems,
- { return (k != `clean_unconstrained); });
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `clean_profile); });
- UI::ChangeWidget( `id(`perms),
- `SelectedItems,
- selecteditems );
- } else if ( itemid == `clean_unconstrained ) {
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `profile); });
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `inherit); });
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `unconstrained); });
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `clean_profile); });
- UI::ChangeWidget( `id(`perms),
- `SelectedItems,
- selecteditems );
- } else if ( itemid == `clean_profile ) {
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `profile); });
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `inherit); });
- selecteditems =
- filter (any k,
- selecteditems,
- { return (k != `clean_unconstrained); });
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `unconstrained); });
- UI::ChangeWidget( `id(`perms),
- `SelectedItems,
- selecteditems );
- }
- } else if ( contains( selecteditems, `execute) ) {
- selecteditems = filter (any k,
- selecteditems,
- { return (k != `execute); });
- UI::ChangeWidget( `id(`perms),
- `SelectedItems,
- selecteditems );
- }
- }
- //
- // Popup a dialog to let a user browse for a file
- //
- if ( id2 == `browse ) {
- string selectfilename = "";
- if ( filetype == "dir" ) {
- selectfilename = UI::AskForExistingDirectory( "/", _("Select Directory"));
- } else {
- selectfilename = UI::AskForExistingFile( "/", "", _("Select File"));
- }
- if ( selectfilename != nil ) {
- UI::ChangeWidget(`id(`filename), `Value, selectfilename);
- }
- }
- } until ( id2 == `save || id2 == `cancel );
-
- if ( id2 == `cancel ) {
- UI::CloseDialog();
- return nil;
- }
-
- //
- // Update table values
- //
- if ( id2 == `save ) {
- list selectedbits = (list) UI::QueryWidget( `id(`perms), `SelectedItems );
- string newperms = "";
- if ( contains( selectedbits, `write ) ) {
- newperms = newperms + "w" ;
- }
- if ( contains(selectedbits, `mmap ) ) {
- newperms = newperms + "m" ;
- }
- if ( contains(selectedbits, `read ) ) {
- newperms = newperms + "r" ;
- }
- if ( contains(selectedbits, `link ) ) {
- newperms = newperms + "l" ;
- }
- if ( contains(selectedbits, `lock ) ) {
- newperms = newperms + "k" ;
- }
- if ( contains(selectedbits, `append ) ) {
- newperms = newperms + "a" ;
- }
- if ( contains(selectedbits, `execute) ) {
- if ( contains(selectedbits, `profile) ) {
- newperms = newperms + "p" ;
- } else if ( contains(selectedbits, `inherit) ) {
- newperms = newperms + "i" ;
- } else if ( contains(selectedbits, `unconstrained) ) {
- newperms = newperms + "u" ;
- } else if ( contains(selectedbits, `clean_unconstrained) ) {
- newperms = newperms + "U" ;
- } else if ( contains(selectedbits, `clean_profile) ) {
- newperms = newperms + "P" ;
- }
- newperms = newperms + "x" ;
- }
- filename = tostring( UI::QueryWidget(`id(`filename), `Value) );
- UI::CloseDialog();
- if ( filename == "" || newperms == "" ) {
- Popup::Error(_("Entry will not added. Entry name or permissions not defined."));
- results = nil;
- } else {
- results = $[ "PERM": newperms, "FILE": filename ];
- }
- }
- return results;
-}
-
-define map fileEntryPopup( string filename, string perms, string profile ) {
- return (map) pathEntryPopup( filename, perms, profile, "file" );
-}
-
-define map dirEntryPopup( string filename, string perms, string profile ) {
- return (map) pathEntryPopup( filename, perms, profile, "dir" );
-}
-
-
-define map deleteNetworkRule( map netRules, string rule ) {
- map audit = netRules["audit"]:$[];
- map rules = netRules["rule"]:$[];
- list netlist = splitstring( rule, " " );
- integer netrulesize = size( netlist );
- string family = "";
- string sockettype = "";
-
- if ( netrulesize == 1 ) {
- audit = $[];
- rules = $[];
- } else if ( netrulesize == 2 ) {
- family = netlist[1]:"";
- audit = remove( audit, family );
- rules = remove( rules, family );
- } else if ( netrulesize == 3 ) {
- family = netlist[1]:"";
- sockettype = netlist[2]:"";
- map a = audit[family]:$[];
- map r = rules[family]:$[];
- a = remove(a, sockettype);
- r = remove(r, sockettype);
- audit[family] = a;
- rules[family] = r;
- /*any fam = netRules[family]:nil;
- if ( is( fam, map ) ) {
- fam = remove( ((map) fam), sockettype );
- netRules[family] = fam;
- } else {
- y2warning("deleteNetworkRule: deleting non-existing rule: " +
- rule);
- }*/
- }
- return $["audit" : audit, "rule" : rules];
-}
-
-define map addNetworkRule( map netRules, string rule ) {
- map audit = netRules["audit"]:$[];
- map rules = netRules["rule"]:$[];
- list netlist = splitstring( rule, " " );
- integer netrulesize = size( netlist );
- string family = "";
- string sockettype = "";
-
- if ( netrulesize == 1 ) {
- return ( $["audit" : $["all":1], "rule" : $["all" :1] ] );
- }
- else{
- if (haskey(audit, "all") && haskey(rules, "all")) {
- audit = remove(audit, "all");
- rules = remove(rules, "all");
- }
-
- if ( netrulesize == 2 ) {
- family = netlist[1]:"";
- audit[family] = 0;
- rules[family] = 1;
- } else if ( netrulesize == 3 ) {
- family = netlist[1]:"";
- sockettype = netlist[2]:"";
- audit[family] = add(audit[family]:$[], sockettype,0);
- rules[family] = add(rules[family]:$[], sockettype,1);
- }
- /*any any_fam = netRules[family]:nil;
- map fam = nil;
- if ( is( any_fam, map ) ) {
- fam = (map) any_fam;
- }
- if ( fam == nil ) {
- fam = $[];
- }
- fam[sockettype] = "1";
- netRules[family] = fam;*/
- }
- return $[ "audit": audit, "rule": rules];
-}
-
-define map editNetworkRule( map netRules, string old, string new ) {
- netRules = deleteNetworkRule( netRules, old );
- netRules = addNetworkRule( netRules, new );
- return( netRules );
-}
-
-//
-// generateTableContents - generate the list that is used in the table to display the profile
-//
-
-define list<term> generateTableContents( map paths, map network, map caps, map includes, map hats ) {
- list<term> newlist = [];
-
- integer indx = 0;
-
- foreach( string hatname, any hat, (map<string,map>) hats, {
- newlist = add( newlist, `item( `id(indx), "[+] ^"+ hatname, ""));
- indx = indx+1; });
-
- foreach( string incname, integer incval, (map<string,integer>) includes, {
- newlist = add( newlist, `item( `id(indx), "#include " +incname, ""));
- indx = indx+1; });
-
- foreach( string capname, map capval, (map<string,map>) caps, {
- map capdef = capdefs[capname]:nil;
- newlist = add( newlist, `item( `id(indx), capdef["name"]:"", ""));
- indx = indx+1; });
-
- foreach( string name, map val, (map<string,map>) paths, {
- string mode = (string) SCR::Execute(.subdomain_profiles.mode_to_string, val["mode"]:0);
- newlist = add( newlist, `item( `id(indx), name, mode));
- indx = indx+1; });
-
- map rules = network["rule"]:$[];
- foreach( string family, any any_fam, (map<string,any>) rules, {
- if ( is( any_fam, map ) ) {
- foreach( string socktype, any any_type, (map<string,any>) any_fam, {
- newlist = add( newlist,
- `item( `id(indx),
- "network " + family + " " + socktype,
- ""
- )
- );
- indx = indx+1;
- });
- } else {
- // Check for all network
- if ( family == "all" ) {
- newlist = add( newlist,
- `item( `id(indx),
- "network",
- ""
- )
- );
- indx = indx+1;
- } else {
- newlist = add( newlist,
- `item( `id(indx),
- "network " + family,
- ""
- )
- );
- indx = indx+1;
- }
- }
- });
- return newlist;
-}
-
-
-define map collectHats(map profile, string pathname ) {
- map<string,any> hats = $[];
- y2debug("collecting hats for " + pathname);
- if( profile != nil){
- foreach( string resname, any resource, (map<string,any>) profile, {
- if ( resname != pathname ) {
- map<any,any> hat = tomap(resource);
- if ( hat != nil ) {
- y2debug("HAT " + resname);
- hats = add(hats, resname, resource);
- }
- }
- });
- }
- return hats;
-}
-
-
-//
-// Prompts the user for a hatname
-// Side-Effect: sets Settings["CURRENT_HAT"]
-// returns true (hat entered)
-// false (user aborted)
-//
-define boolean newHatNamePopup(string parentProfile, map currentHats ) {
-
-term intro = `VBox(
- `Top(
- `VBox(
- `VSpacing(1),
- `Left(`Label( _("Please enter the name of the Hat that you would like \nto add to the profile") + " " + parentProfile + ".")),
- `VSpacing(0.5),
- `Left(
- `TextEntry(
- `id(`hatname),
- _("&Hat name to add"),
- ""
- )
- ),
- `VSpacing(`opt(`vstretch), 0.25)
- )
- ),
- `HBox(
- `HSpacing(`opt(`hstretch), 0.1),
- `HCenter(`PushButton(`id(`create), _("&Create Hat"))),
- `HCenter(`PushButton(`id(`abort), Label::AbortButton())),
- `HSpacing(`opt(`hstretch), 0.1),
- `VSpacing(1)
- )
- );
-
- UI::OpenDialog(intro);
- UI::SetFocus(`id(`hatname));
- while (true) {
- any input = Wizard::UserInput();
- if(input == `create) {
- string hatname = (string) UI::QueryWidget(`id(`hatname), `Value);
- // Check for no application entry in the dialog
- if ( hatname == "" ) {
- Popup::Error(_("You have not given a name for the hat you want to add.\nPlease
-enter a hat name to create a new hat, or press Abort to cancel this wizard."));
- } else if ( haskey( currentHats, hatname ) ) {
- Popup::Error(_("The profile already contains the provided hat name.
-Please enter a different name to try again, or press Abort to cancel this wizard."));
- } else {
- Settings["CURRENT_HAT"] = hatname;
- UI::CloseDialog();
- return true;
- }
- } else {
- UI::CloseDialog();
- return false;
- }
- }
-}
-
-define symbol DisplayProfileForm(string pathname, boolean hat) {
- map profile_map = (map) Settings["PROFILE_MAP"]:$[];
- map profile = (map) profile_map[pathname]:$[];
- map hats = $[];
- if ( !hat ) {
- hats = collectHats( profile_map, pathname );
- }
- map paths = (map) profile["allow","path"]:$[];
- map caps = (map) profile["allow","capability"]:$[];
- map includes = (map) profile["include"]:$[];
- map netdomain = (map) profile["allow", "netdomain"]:$[];
- list<term> profilelist = generateTableContents( paths,
- netdomain,
- caps,
- includes,
- hats );
-
-
- // FIXME: format these texts better
-
- /* help text */
- string help1 = _("<p>In this form you can view and modify the contents of an individual profile.
-For existing entries you can double click the permissions to access a modification dialog.</p>");
-
- /* help text */
- string help2 = _("<p><b>Permission Definitions:</b><br><code> r - read <br>
-w -write<br>l - link<br>m - mmap PROT_EXEC<br>k - file locking<br>
-a - file append<br>x - execute<br> i - inherit<br> p - discrete profile<br>
-P - discrete profile <br> (*clean exec)<br> u - unconstrained<br>
-U -unconstrained<br> (*clean exec)</code></p>");
-
- /* help text */
- string help3 = _("<p><b>Add Entry:</b><br>Select the type of resource to add from the drop down list.</p>");
-
- /* help text - part x1 */
- string help4 = _("<p><ul><li><b>File</b><br>Add a file entry to this profile</li>");
- /* help text - part x2 */
- string help5 = _("<li><b>Directory</b><br>Add a directory entry to this profile</li>");
- /* help text - part x3 */
- string help6 = _("<li><b>Capability</b><br>Add a capability entry to this profile</li>");
- /* help text - part x4 */
- string help7 = _("<li><b>Include</b><br>Add an include entry to this profile. This option
-includes the profile entry contents of another file in this profile at load time.</li>");
- /* help text - part x5 */
- string help_net = _("<li><b>Network Entry</b><br>Add a network rule entry to this profile.
-This option will allow you to specify network access privileges for the profile.
-You may specify a network address family and socket type.</li>");
- /* help text - part x6 */
- string helpHat = _("<li><b>Hat</b><br>Add a sub-profile for this profile - called a Hat.
-This option is analogous to manually creating a new profile, which can selected
-during execution only in the context of being asked for by a <b>changehat aware</b>
-application. For more information on changehat please see <b>man changehat</b> on your
-system or the Novell AppArmor Administration Guide.</li>");
- /* help text - part x7 */
- string helpEdit = _("</ul></p><p><b>Edit Entry:</b><br>Edit the selected entry.</p>");
-
- /* help text */
- string help8 = _("<p><b>Delete Entry:</b><br>Removes the selected entry from this profile.</p>");
-
- /* help text - part y1 */
- string help9 = _("<p><b>*Clean Exec</b><br>The Clean Exec option for the discrete profile
-and unconstrained execute permissions provide added security by stripping the environment
-that is inherited by the child program of specific variables. These variables are:");
- /* help text - part y2 */
- string help10 = "<ul> <li>GCONV_PATH</li><li>GETCONF_DIR</li><li>HOSTALIASES</li><li>LD_AUDIT</li><li>LD_DEBUG</li><li>LD_DEBUG_OUTPUT</li><li>LD_DYNAMIC_WEAK</li><li>LD_LIBRARY_PATH</li><li>LD_ORIGIN_PATH</li><li>LD_PRELOAD</li><li>LD_PROFILE</li><li>LD_SHOW_AUXV</li><li>LD_USE_LOAD_BIAS</li><li>LOCALDOMAIN</li><li>LOCPATH</li><li>MALLOC_TRACE</li><li>NLSPATH</li><li>RESOLV_HOST_CONF</li><li>RES_OPTION</li><li>TMPDIR</li><li>TZDIR</li></ul></p>";
-
-
- integer listnum = 0;
- list<term> itemList = [ `item( `id( `file ), _("&File") ),
- `item( `id( `net ), _("Network &Rule") ),
- `item( `id( `dir ), _("&Directory") ),
- `item( `id( `cap ), _("&Capability") ),
- `item( `id( `include ), _("&Include File") ),
- ];
-
-
- string mainLabel = "";
-
- if ( hat ) {
- mainLabel = _("AppArmor profile ") + Settings["CURRENT_PROFILE"]:"" + "^" + pathname;
- } else {
- itemList = add(itemList,`item( `id( `hat ), _("&Hat") ));
- mainLabel = _("AppArmor profile for ") + pathname ;
- }
- // Define the widget contents
- // for the Wizard
- term contents_main_profile_form =
- `VBox(
- `Label(mainLabel),
- `HBox(
- `VSpacing(10),
- `Table(`id(`table), `opt(`notify, `immediate ), `header(_("File Name"), _("Permissions")), profilelist)
- ),
- `VSpacing(0.5),
- `HBox(
- `HSpacing(`opt(`hstretch), 0.1),
- `HCenter( `MenuButton(`id(`addMenu), _("Add Entry"), itemList)),
- `HCenter(`PushButton(`id(`edit), _("&Edit Entry"))),
- `HCenter(`PushButton(`id(`delete), _("&Delete Entry"))),
- `HSpacing(`opt(`hstretch), 0.1),
- `VSpacing(1)
- ),
- `VSpacing(1)
- );
- string help = "";
- string formtitle = "";
- if ( hat ) {
- help = help1 + help2 + help3 + help4 + help5 + help6 + help7 + help_net + help8 + helpEdit + help9 + help10;
- formtitle = _("AppArmor Hat Dialog");
- } else {
- help = help1 + help2 + help3 + help4 + help5 + help6 + help7 + help_net + helpHat + helpEdit + help8 + help9 + help10;
- formtitle = _("AppArmor Profile Dialog");
- }
- Wizard::SetContentsButtons( formtitle, contents_main_profile_form, help, Label::BackButton(), _("&Done") );
-
-
-
- map event = $[];
- any id = nil;
- while( true )
- {
- event = UI::WaitForEvent( timeout_millisec );
- id = event["ID"]:nil; // We'll need this often - cache it
- integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
- if ( (( id == `table ) && (event["EventReason"]:nil == "Activated" )) ||
- ( id == `edit) )
- {
- // Widget activated in the table
- string rule = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "");
- integer findcap = find( rule, "CAP_");
- integer findinc = find( rule, "#include");
- integer findhat = find( rule, "[+] ^");
- integer findnet = find( rule, "network");
- string oldrule = rule;
- if ( findcap == 0 ) {
- caps = capabilityEntryPopup( caps, rule, pathname );
- profile["allow", "capability"] = caps;
- } else if ( findinc == 0 ) {
- Popup::Error(_("Include entries can not be edited. Please select add or delete to manage Include entries."));
- continue;
- } else if ( findhat == 0 ) {
- string hatToEdit = substring( rule, 5);
- Settings["CURRENT_HAT"] = hatToEdit;
- return `showhat;
- } else if ( findnet == 0 ) {
- string newrule = networkEntryPopup( rule );
- if ( newrule != "" && newrule != rule ) {
- netdomain = editNetworkRule( netdomain, rule, newrule );
- }
- profile["allow","netdomain"] = netdomain;
- } else {
- string perms = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 2, "");
- map results = fileEntryPopup( rule, perms, pathname );
- integer newperms = 0;
- newperms = (integer) SCR::Execute(.subdomain_profiles.string_to_mode, results["PERM"]:"");
- rule = results["FILE"]:"";
- if ( rule != "" ) {
- if ( rule != oldrule ) {
- paths = remove( paths, oldrule );
- }
- paths = add(paths, rule, $[ "audit": 0, "mode": newperms]);
- profile["allow","path"] = paths;
- }
- }
- profile_map[pathname] = profile;
- Settings["PROFILE_MAP"] = profile_map;
- list<term> profilelist = generateTableContents( paths,
- netdomain,
- caps,
- includes,
- hats );
- UI::ChangeWidget( `id(`table), `Items, profilelist );
- UI::ChangeWidget( `id(`table), `CurrentItem, itemselected );
- } else if ( id == `delete ) {
- string rule = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "");
- integer findcap = find( rule, "CAP_");
- integer findinc = find( rule, "#include");
- integer findhat = find( rule, "[+] ^");
- integer findnet = find( rule, "network");
-
- if ( findcap == 0 ) {
- string capNameToDelete = linnametolp[rule]:"";
- caps = remove( caps, capNameToDelete );
- profile["allow", "capability"] = caps;
- } else if ( findinc == 0 ) {
- string includeToRemove = substring( rule, 9);
- includes = remove( includes, includeToRemove );
- profile["include"] = includes;
- } else if ( findhat == 0 ) {
- string hatToRemove = substring( rule, 5);
- hats = remove( hats, hatToRemove);
- profile_map = remove( profile_map, hatToRemove );
- } else if ( findnet == 0 ) {
- netdomain = deleteNetworkRule( netdomain, rule );
- profile["allow","netdomain"] = netdomain;
- } else {
- paths = remove( paths, rule );
- profile["allow","path"] = paths;
- }
- profile_map[pathname] = profile;
- Settings["PROFILE_MAP"] = profile_map;
- list<term> profilelist = generateTableContents( paths,
- netdomain,
- caps,
- includes,
- hats );
- UI::ChangeWidget( `id(`table), `Items, profilelist );
- UI::ChangeWidget( `id(`table), `CurrentItem, (itemselected == 0) ? 0 : itemselected -1 );
- } else if ( id == `file || id == `dir ) {
- string addfname = "";
- integer addperms = 0;
- map newentry = nil;
- if ( id == `dir ) {
- newentry = dirEntryPopup( "", "", pathname );
- } else {
- newentry = fileEntryPopup( "", "", pathname );
- }
- if ( newentry == nil ) {
- continue;
- }
- addfname = newentry["FILE"]:"";
- addperms = (integer) SCR::Execute(.subdomain_profiles.string_to_mode, newentry["PERM"]:"");
- // Make sure that the entry doesn't already exist
- paths = add( paths, addfname, $["audit":0, "mode": addperms] );
- profile["allow","path"] = paths;
- profile_map[pathname] = profile;
- Settings["PROFILE_MAP"] = profile_map;
- list<term> profilelist = generateTableContents( paths,
- netdomain,
- caps,
- includes,
- hats );
- UI::ChangeWidget( `id(`table), `Items, profilelist );
- UI::ChangeWidget( `id(`table), `CurrentItem, itemselected );
- } else if ( id == `cap ) {
- caps = capabilityEntryPopup( caps, "", pathname );
- profile["allow","capability"] = caps;
- profile_map[pathname] = profile;
- Settings["PROFILE_MAP"] = profile_map;
- list<term> profilelist = generateTableContents( paths,
- netdomain,
- caps,
- includes,
- hats );
- UI::ChangeWidget( `id(`table), `Items, profilelist );
- } else if ( id == `hat ) {
- if ( hat ) {
- Popup::Error(_("Hats can not have embedded hats."));
- }
- boolean hatCreated = newHatNamePopup( pathname, hats );
- if ( hatCreated == true ) {
- return `showhat;
- }
- } else if ( id == `include ) {
- list <string> customIncludes = (list <string>) SCR::Read(.subdomain, "custom-includes");
- string newInclude = UI::AskForExistingFile( "/etc/apparmor.d/abstractions", "", _("Select File To Include"));
- if ( newInclude == nil || (string)newInclude == "" ) {
- continue;
- }
- list <string> validIncludes = [ "/etc/apparmor.d/abstractions", "/etc/apparmor.d/program-chunks", "/etc/apparmor.d/tunables" ];
- foreach( string incPath, customIncludes, {
- validIncludes = add( validIncludes, "/etc/apparmor.d/" + incPath);
- });
-
- integer result = 0;
- boolean includePathOK = false;
- foreach( string pathToCheck, (list<string>) validIncludes, {
- result = find (newInclude, pathToCheck);
- if ( result != -1 ) {
- includePathOK = true;
- }
- });
-
- if ( ! includePathOK ) {
- string pathListMsg = "";
- foreach( string pathItem, (list<string>) validIncludes, {
- pathListMsg = pathListMsg + "\n " + pathItem;
- });
- Popup::Error(_("Invalid #include file. Include files must be located in one of these directories: \n") + pathListMsg );
- } else {
- string includeName = substring(newInclude, 16 );
- includes = add( includes, includeName, 1 );
- profile["include"] = includes;
- profile_map[pathname] = profile;
- Settings["PROFILE_MAP"] = profile_map;
- list<term> profilelist = generateTableContents( paths,
- netdomain,
- caps,
- includes,
- hats );
- UI::ChangeWidget( `id(`table), `Items, profilelist );
- }
- } else if ( id == `net ) {
- string newrule = networkEntryPopup( "" );
- if ( newrule != "" ) {
- netdomain = addNetworkRule( netdomain, newrule );
- profile["allow","netdomain"] = netdomain;
- profile_map[pathname] = profile;
- Settings["PROFILE_MAP"] = profile_map;
- list<term> profilelist = generateTableContents( paths,
- netdomain,
- caps,
- includes,
- hats );
- UI::ChangeWidget( `id(`table), `Items, profilelist );
- }
- } else if ( id == `abort || id == `cancel ) {
- break;
- } else if ( id == `back ) {
- break;
- } else if ( id == `next ) {
- if ( ! hat ) {
- if (Popup::YesNoHeadline(_("Save changes to the Profile"),
- _("Would you like to save the changes to this profile? \n(Note: after saving the changes the AppArmor profiles will be reloaded.)"))) {
- map argmap = $[ "PROFILE_HASH" : Settings["PROFILE_MAP"]:$[],
- "PROFILE_NAME" : pathname
- ];
- any result = SCR::Write(.subdomain_profiles, argmap);
- any result2 = SCR::Write(.subdomain_profiles.reload, "-");
- }
- } else {
- if ( ! haskey(hats, Settings["CURRENT_HAT"]:"") ) {
- profile["allow","path"] = paths;
- profile["allow","capability"] = caps;
- profile["include"] = includes;
- profile_map[pathname] = profile;
- Settings["PROFILE_MAP"] = profile_map;
- }
- return `next;
- }
- break;
- } else {
- y2error("Unexpected return code: %1", id);
- continue;
- }
- }
- return (symbol) id;
-}
-
-
- //
- // Select a profile to edit and populate
- // Settings["CURRENT_PROFILE"]: profile name
- // Settings["PROFILE_MAP"]: map containing the profile
- //
-define symbol SelectProfileForm( map profiles, string formhelp, string formtitle, string iconname ) {
- list<term> profilelisting = [];
- integer indx = 0;
- foreach( string p, any ignore, (map<string,any>) profiles, {
- profilelisting = add( profilelisting, `item( `id(p), p));
- indx = indx+1;
- });
-
- term contents_select_profile_form =
- `VBox(
- `VSpacing(2),
- `SelectionBox( `id(`profilelist), `opt(`notify), _("Profile Name"), profilelisting ),
- `VSpacing(3)
- );
-
- //
- // Create the Dialog Window and parse user input
- //
- Wizard::CreateDialog();
- Wizard::SetContents( formtitle, contents_select_profile_form, formhelp, false, true );
- Wizard::SetTitleIcon(iconname);
-
- map event = $[];
- any id = nil;
- string profilename = "";
- while( true )
- {
- event = UI::WaitForEvent( timeout_millisec );
- id = event["ID"]:nil; // We'll need this often - cache it
- if ( id == `next || id == `profilelist ) {
- profilename = tostring( UI::QueryWidget(`id(`profilelist), `CurrentItem) );
- if ( profilename != nil && profilename != "" ) {
- break;
- } else {
- Popup::Error(_("You must select a profile to edit"));
- continue;
- }
- } // TODO ELSE POPUP NO ENTRY SELECTED ERROR
- if(id == `abort || id == `cancel) {
- break;
- } else if(id == `back) {
- break;
- } else {
- y2error("Unexpected return code: %1", id);
- continue;
- }
- }
- if ( id == `next || id == `profilelist) {
- Settings["CURRENT_PROFILE"] = profilename;
- Settings["PROFILE_MAP"] = profiles[profilename]:nil;
- id = `next;
- }
- UI::CloseDialog();
- return (symbol) id;
- }
-
-}
-
--- a/src/include/subdomain/report_helptext.ycp
+++ /dev/null
@@ -1,158 +0,0 @@
-/* ------------------------------------------------------------------
-*
-* Copyright (C) 2002-2005 Novell/SUSE
-*
-* This program is free software; you can redistribute it and/or
-* modify it under the terms of version 2 of the GNU General Public
-* License published by the Free Software Foundation.
-*
- ------------------------------------------------------------------*/
-
-{
-
-textdomain "yast2-apparmor";
-
-string defs = _("<b>Program Name Pattern:</b><br> When you enter a program name or pattern
-that matches the name of the binary executable of the program of
-interest, the report will display security events that have
-occurred for a specific program.<br>") +
-
-_("<b>Profile Name Pattern:</b> When you enter the name of the profile,
-the report will display the security events that are generated for
-the specified profile. You can use this to see what is being confined
-by a specific profile.<br>") +
-
-_("<b>PID Number:</b> Process ID number is a number that uniquely identifies
-one specific process or running program (this number is valid only
-during the lifetime of that process).<br>") +
-
-_("<b>Severity Level:</b> Select the lowest severity level for security
-events that you would like to be included in the report. The selected
-severity level, and above, will be included in the reports.<br>") +
-
-_("<b>Detail:</b> A source to which the profile has denied access.
-This includes capabilities and files. You can use this field to
-report the resources are not allowed to be accessed by profiles.<br>") +
-
-_("<b>Mode:</b> The Mode is the permission that the profile grants
-to the program or process to which it is applied. The options are:
-r (read) w (write) l (link) x (execute)<br>") +
-
-_("<b>Access Type:</b> The access type describes what is actually happening
-with the security event. The options are: PERMITTING, REJECTING,
-or AUDITING.<br>") +
-
-_("<b>CSV or HTML:</b> Enables you to export a CSV (comma separated
-values) or html file. The CSV file separates pieces of data in
-the log entries with commas using a standard data format for
-importing into table-oriented applications. You can enter a
-pathname for your exported report by typing in the full
-pathname in the field provided.</p>");
-
-string setArchHelp = _("<p>The Report Configuration dialog enables you to filter the archived
-report selected in the previous screen. To filter by <b>Date Range:</b>") +
-
-_("<ol><li>Click <b>Filter By Date Range</b>. The fields become active.</li>
-<li>Enter the start and end dates that delineate the scope of the report.</li>
- <li>Enter other filtering parameters. See below for definitions of parameters.</li></ol></p>") +
-
-_("The following definitions help you to enter the filtering parameters in the
-Report Configuration Dialog:<br>") + defs;
-
-
-string types = _("<b>Executive Security Summary:</b> A combined report,
-consisting of one or more Security incident reports from
-one or more machines. This report provides a single view of
-security events on multiple machines.<br>") +
-
-_("<b>Applications Audit Report:</b> An auditing tool that
-reports which application servers are running and whether
-the applications are confined by AppArmor. Application
-servers are applications that accept incoming network connections. <br>") +
-
-_("<b>Security Incident Report:</b> A report that displays application
-security for a single host. It reports policy violations for locally
-confined applications during a specific time period. You can edit and
-customize this report, or add new versions.</p>");
-
-string runHelp = _("<p>The AppArmor On-Demand Report screen displays
-an instantly generated version of one of the following
-reports:<br>") + types;
-
-
-string filterCfHelp1 = setArchHelp;
-/* START Help Section
-************************************************************/
-
-string repGenHelpText = _("<p><b>Generate Reports Help</b> <p>If there were, in fact,
-going to be any help for you (which, incidentally, there isn't going to be),
-then you would indeed find said help, here.</p><p>Thank you for your time,
-and have a nice day.</p>");
-
-
-
-string schedHelpText =
-_("<p>The summary of scheduled reports page shows us when reports are scheduled to run.
-Reports can be set to run monthly, weekly, daily, or hourly. The default settings are
-daily at midnight. The reports can also be emailed, upon completion, to up to three
-email recipients.<br>") +
-
-_("In the Set Schedule section, you can schedule the following three types of security reports:<br>") + types;
-
-string archHelpText = _("<p>The View Archive Reports form enables you to view
-previously generated reports, located in the /var/log/apparmor/reports-archived
-directory. The checkboxes at the top of the form enable you to narrow-down
-the category of reports shown in the list to the following: SIR Reports, AUD
-Reports, or ESS Reports. To see report details, select a report and click the
-<b>View</b> button.<br><br> You can view reports from one or more systems if
-you move the reports to the /var/log/apparmor/reports-archived directory.</p>");
-
-string mainHelp = schedHelpText;
-
-
-list helpList = [ schedHelpText ];
-
-term defaultHelp = `RichText ( schedHelpText );
-term schedHelp = `RichText ( schedHelpText );
-term repGenHelp = `RichText ( repGenHelpText );
-term archHelp = `RichText ( archHelpText );
-term otherHelp = `RichText ( archHelpText );
-
-string repConfHelp = _("repConfHelp");
-
-string sirHelp = _("<p><b>Security Incident Report (SIR):</b> A report that displays security
-events of interest to an administrator. The SIR reports policy violations
-for locally confined applications during the specified time period. The SIR
-reports policy exceptions and policy engine state changes. These two types
-of security events are defined as follows:") +
-
-_("<ul> <li><b>Policy Exceptions:</b> When an application requests a resource
-that's not defined within its profile, a security event is generated.</li>
-<li><b>Policy Engine State Changes:</b> Enforces policy for applications and
-maintains its own state, including when engines start or stop, when a policy
-is reloaded, and when global security feature are enabled or disabled.</li></ul>
-Select the report from the archive, then <b>View</b> to see the report details.</p>");
-
-
-string audHelp = _("<p><b>Applications Audit Report (AUD):</b> An auditing tool
-that reports which application servers are running and whether they are confined
-by AppArmor. Application servers are applications that accept incoming network
-connections. This report provides the host machine's IP Address, the date the
-Applications Audit Report ran, the name and path of the unconfined program or
-application server, the suggested profile or a placeholder for a profile for an
-unconfined program, the process ID number, The state of the program (confined or
-unconfined), and the type of confinement that the profile is performing
-(enforce/complain).</p>");
-
-string essHelp = _("<p><b>Executive Security Summary (ESS):</b> A combined report,
-consisting of one or more high-level reports from one or more machines. This
-report can provide a single view of security events on multiple machines if each
-machine's data is copied to the reports archive directory, which is
-<b>/var/log/apparmor/reports-archived</b>. This report provides the host
-machine's IP address, the start and end dates of the polled events, total number
-of rejects, total number of events, average of severity levels reported, and the
-highest severity level reported. One line of the ESS report represents a range
-of SIR reports.</p>");
-
-}
-
--- a/src/include/subdomain/reporting_archived_dialogs.ycp
+++ /dev/null
@@ -1,307 +0,0 @@
-/* ------------------------------------------------------------------
-*
-* Copyright (C) 2002-2005 Novell/SUSE
-*
-* This program is free software; you can redistribute it and/or
-* modify it under the terms of version 2 of the GNU General Public
-* License published by the Free Software Foundation.
-*
- ------------------------------------------------------------------*/
-
-{
-
-import "Wizard";
-import "Popup";
-import "Label";
-include "subdomain/report_helptext.ycp";
-include "subdomain/reporting_utils.ycp";
-textdomain "yast2-apparmor";
-
-// Global
-integer timeout_millisec = 20 * 1000;
-
-//define term turnReportPage (integer curPage) {
-define term turnArchReportPage (integer curPage, integer lastPage) {
-
- map<string,string> Settings = $[ ];
- list<term> reportList = [];
-
- string currentPage = tostring( curPage );
- string slastPage = tostring( lastPage );
- Settings["page"] = currentPage;
- Settings["turnArch"] = "1";
- Settings["turnPage"] = "1";
-
- reportList = getReportList("sir",Settings);
-
- // poor i18n
- string myLabel = _("Archived Security Incident Report - Page ") + currentPage + _(" of ") + slastPage;
-
- term odForm =
-
- `Frame( `id(`odframe), myLabel,
-
- `VBox(
- `HBox(
- `VSpacing(10),
- makeSirTable(reportList),
- `VSpacing(0.5)
- ),
- `HSpacing(`opt(`hstretch), 1.0),
- `VSpacing(0.5),
- `HBox(
- `PushButton(`id(`first), _("F&irst") ),
- `PushButton(`id(`prev), _("&Previous") ),
- `PushButton(`id(`psort), _("&Sort") ),
- `PushButton(`id(`fwd), _("&Forward") ),
- `PushButton(`id(`last), _("&Last") )
- ),
- `VSpacing(1)
- ));
-
- return odForm;
-}
-
-define term filterArchForm() {
-
- string expPath = "/var/log/apparmor/reports-exported";
-
- term arForm =
-
- `Top(`VBox(
- `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )),
- `Frame( `id(`bydate_frame), _(" Select Date Range ") ,
- `VBox(
- `Label( _("Enter Starting Date/Time") ),
- `HBox(
- `HSpacing( `opt(`hstretch), 1),
- `IntField(`id(`startHours), _("Hours"), 0, 23, 0),
- `IntField(`id(`startMins), _("Minutes"), 0, 59, 0),
- `IntField(`id(`startDay), _("Day"), 1, 31, 1),
- `IntField(`id(`startMonth), _("Month"), 1, 12, 1),
- `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005)
- ),
- `VSpacing(1.0),
- `Label( _("Enter Ending Date") ),
- `HBox(
- `HSpacing( `opt(`hstretch), 1),
- `IntField(`id(`endHours), _("Hours"), 0, 23, 0),
- `IntField(`id(`endMins), _("Minutes"), 0, 59, 0),
- `IntField(`id(`endDay), _("Day"), 1, 31, 1),
- `IntField(`id(`endMonth), _("Month"), 1, 12, 1),
- `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005)
- ),
- `VSpacing(1.0)
- )),
- `VSpacing( 1.0 ),
- `HBox(
- `HWeight( 4, `TextEntry(`id(`prog), _("Program name") )),
- `HWeight( 4, `TextEntry(`id(`prof), _("Profile name") )),
- `HWeight( 3, `TextEntry(`id(`pid), _("PID number") )),
- `HWeight( 2,
- `ComboBox(`id(`sev), _("Severity"), [
- _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10"
- ]) ),
- `HSpacing( `opt(`hstretch), 5)
- ),
- `HBox(
- `HWeight( 3, `TextEntry(`id(`res), _("Detail") )),
- `HWeight( 3, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))),
- `HWeight( 3, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))),
- `HSpacing( `opt(`hstretch), 5)
- ),
- `VSpacing( 0.5 ),
-
- `HBox(
- `VSpacing(0.5),
- `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [
- _("None"), _("csv"), _("html"), _("Both")
- ]),
- `TextEntry(`id(`expPath), _("Location to store log."), expPath ),
- `Bottom( `VWeight( 1, `PushButton(`id(`accept), Label::AcceptButton()) )),
- `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) ))
- )
- ));
-
- return arForm;
-}
-
-define map<any,any> setArchFilter() {
-
- map<any,any> Settings = $[];
-
- term archForm = filterArchForm();
- Wizard::SetContentsButtons( _("Report Configuration Dialog"), archForm,
- setArchHelp, Label::BackButton(), Label::NextButton() );
-
- UI::ChangeWidget(`id(`bydate_frame), `Enabled, false);
-
- string mode = "All";
- string sdmode = "R";
-
- map event = $[];
- any id = nil;
-
- while ( true ) {
-
- event = UI::WaitForEvent( timeout_millisec );
- id = event["ID"]:nil; // We'll need this often - cache it
-
- if ( id == `bydate ) {
-
- UI::ChangeWidget(`id(`bydate_frame), `Enabled, true);
-
- } else if ( id == `next || id == `save ) {
-
- boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value);
-
- if ( bydate == true ) {
-
- integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value);
- integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value);
- integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value);
- integer startHours = (integer) UI::QueryWidget(`id(`startHours), `Value);
- integer startMins = (integer) UI::QueryWidget(`id(`startMins), `Value);
- integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value);
- integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value);
- integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value);
- integer endHours = (integer) UI::QueryWidget(`id(`endHours), `Value);
- integer endMins = (integer) UI::QueryWidget(`id(`endMins), `Value);
-
- // start_day & start_month are mutually exclusive
- if ( id == `startDay ) {
- UI::ChangeWidget(`id(`startMonth), `Value, 0);
- } else if ( id == `startMonth ) {
- UI::ChangeWidget(`id(`startDay), `Value, 0);
- }
-
- // start_day & start_month are mutually exclusive
- if ( id == `endDay ) {
- UI::ChangeWidget(`id(`endMonth), `Value, 0);
- } else if ( id == `endMonth ) {
- UI::ChangeWidget(`id(`endDay), `Value, 0);
- }
-
- if ( CheckDate(startDay,startMonth,startYear) == false ) {
- Popup::Error( _("Illegal start date entered. Please retry.") );
- continue;
- }
-
- if ( CheckDate(endDay,endMonth,endYear) == false ) {
- Popup::Error( _("Illegal end date entered. Please retry.") );
- continue;
- }
- ////////////////////////////////////////////////////////////
-
- string startday = tostring(startDay);
- string startmonth = tostring(startMonth);
- string startyear = tostring(startYear);
- string starthours = tostring(startHours);
- string startmins = tostring(startMins);
- string endday = tostring(endDay);
- string endmonth = tostring(endMonth);
- string endyear = tostring(endYear);
- string endhours = tostring(endHours);
- string endmins = tostring(endMins);
-
- Settings["startday"] = startday;
- Settings["startmonth"] = startmonth;
- Settings["startyear"] = startyear;
- Settings["endday"] = endday;
- Settings["endmonth"] = endmonth;
- Settings["endyear"] = endyear;
- Settings["starttime"] = starthours + ":" + startmins;
- Settings["endtime"] = endhours + ":" + endmins;
-
- }
-
- string expType = (string) UI::QueryWidget(`id(`exportType), `Value);
- string expPath = (string) UI::QueryWidget(`id(`exportPath), `Value);
-
- if ( expType != "" && expType != "None" ) {
-
- if ( expType == "csv" ) {
- Settings["exporttext"] = "true";
- } else if ( expType == "html" ) {
- Settings["exporthtml"] = "true";
- } else if ( expType == "both" ) {
- Settings["exporttext"] = "true";
- Settings["exporthtml"] = "true";
- }
- }
-
- string program_name = (string) UI::QueryWidget(`id(`prog), `Value);
- string profile = (string) UI::QueryWidget(`id(`prof), `Value);
- string pid = (string) UI::QueryWidget(`id(`pid), `Value);
- string sev = (string) UI::QueryWidget(`id(`sev), `Value);
- string res = (string) UI::QueryWidget(`id(`res), `Value);
- string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label);
- string mode = (string) UI::QueryWidget(`id(`mode), `Label);
- string exppath = (string) UI::QueryWidget(`id(`expPath), `Value);
-
- if (sdmode == "-") { sdmode = "All"; }
- if (mode == "-") { mode = "All"; }
-
- if ( program_name != "" ) { Settings["prog"] = program_name; }
- if ( profile != "" ) { Settings["profile"] = profile; }
- if ( pid != "" ) { Settings["pid"] = pid; }
- if ( sev != "" && sev != "All" ) { Settings["severity"] = sev; }
- if ( res != "" ) { Settings["resource"] = res; }
- if ( sdmode != "" ) { Settings["sdmode"] = sdmode; }
- if ( mode != "" ) { Settings["mode"] = mode; }
- if ( exppath != "" ) { Settings["exportPath"] = exppath; }
-
- id = nil;
- break;
-
- } else if ( id == `sdmode ) {
- sdmode = popUpSdMode();
- Settings["sdmode"] = sdmode;
- UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: ") + sdmode) );
-
- } else if ( id == `mode ) {
- mode = popUpMode();
- Settings["mode"] = mode;
- UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: ") + mode) );
-
- } else if ( id == `abort || id == `cancel || id == `done ) {
- Settings["break"] = "abort";
- break;
- } else if ( id == `close || id == `back) {
- Settings["break"] = "back";
- break;
- }
- }
-
- return Settings;
-}
-
-define term viewArchForm(string tab, string logFile, map<any,any> Settings) {
-
- Settings["archRep"] = "1";
- Settings["logFile"] = logFile;
- Settings["type"] = "archRep";
-
- integer curPage = 1;
- string currentPage = "1";
- Settings["currentPage"] = currentPage;
-
- integer isingle = Settings["single"]:1;
- string single = "1";
- if ( isingle != nil ) {
- single = tostring(isingle);
- }
- Settings["single"] = single;
-
- // mark - new
- any junk = SCR::Read(.logparse,Settings);
-
- integer lastPage = getLastPage("sirRep",Settings,"");
- term myPage = turnArchReportPage(curPage,lastPage);
-
- return myPage;
-}
-
-
-}
-
--- a/src/include/subdomain/reporting_dialogues.ycp
+++ /dev/null
@@ -1,2513 +0,0 @@
-/* ------------------------------------------------------------------
-*
-* Copyright (C) 2002-2005 Novell/SUSE
-*
-* This program is free software; you can redistribute it and/or
-* modify it under the terms of version 2 of the GNU General Public
-* License published by the Free Software Foundation.
-*
- ------------------------------------------------------------------*/
-{
-
-import "Wizard";
-import "Popup";
-import "Label";
-include "subdomain/reporting_utils.ycp";
-include "subdomain/report_helptext.ycp";
-include "subdomain/reporting_archived_dialogs.ycp";
-textdomain "yast2-apparmor";
-
-// Globalz
-//integer timeout_millisec = 20 * 1000;
-map<string,string> Settings = $[ ];
-string defExpPath = "/var/log/apparmor/reports-exported";
-string oldExpPath = "/var/log/apparmor/reports-exported";
-string expPath = oldExpPath;
-
-// This map is to pull the string to send back to the backend agent on save
-map<any,any> md_map= $[
- `md_00: _("All"),
- `md_01: "1", `md_02: "2", `md_03: "3",
- `md_04: "4", `md_05: "5", `md_06: "6",
- `md_07: "7", `md_08: "8", `md_09: "9",
- `md_10: "10", `md_11: "11", `md_12: "12",
- `md_13: "13", `md_14: "14", `md_15: "15",
- `md_16: "16", `md_17: "17", `md_18: "18",
- `md_19: "19", `md_20: "20", `md_21: "21",
- `md_22: "22", `md_23: "23", `md_24: "24",
- `md_25: "25", `md_26: "26", `md_27: "27",
- `md_28: "28", `md_29: "29", `md_30: "30",
- `md_31: "31" ];
-
-string modeToHumanString( string mode) {
- return ( mode == "All") ? _("All") : mode;
-}
-
-string humanStringToMode( string hs) {
- return ( hs == _("All")) ? "All" : hs ;
-}
-
-string typeToHumanString( string type ) {
- string ret = "";
-
- switch ( type )
- {
- case "Security.Incident.Report":
- ret = _("Security Incident Report");
- break;
- case "Applications.Audit":
- ret = _("Applications Audit Report");
- break;
- case "Executive.Security.Summary":
- ret = _("Executive Security Summary");
- break;
- default:
- ret = type;
- break;
- }
-
- return ret;
-}
-
-string humanStringToType( string hs ) {
- string ret = "";
-
- if( hs == _("Security Incident Report"))
- ret = "Security.Incident.Report";
- else if ( hs == _("Applications Audit Report"))
- ret = "Applications.Audit";
- else if ( hs == _("Executive Security Summary"))
- ret = "Executive.Security.Summary";
- else
- ret = hs;
-
- return ret;
-}
-
-// Grey out inappropriate paging buttons
-define void setPageButtons(integer curPage, integer lastPage) {
-
- if (lastPage <= 1 ) {
- UI::ChangeWidget(`id(`first), `Enabled, false);
- UI::ChangeWidget(`id(`last), `Enabled, false);
- UI::ChangeWidget(`id(`prev), `Enabled, false);
- UI::ChangeWidget(`id(`fwd), `Enabled, false);
- UI::ChangeWidget(`id(`goto), `Enabled, false);
-
- } else if (curPage <= 1 ) {
- UI::ChangeWidget(`id(`first), `Enabled, false);
- UI::ChangeWidget(`id(`prev), `Enabled, false);
- } else if ( curPage >= lastPage ) {
- UI::ChangeWidget(`id(`last), `Enabled, false);
- UI::ChangeWidget(`id(`fwd), `Enabled, false);
- } else {
- UI::SetFocus(`id(`goto));
- }
-
- return;
-}
-
-// return input from edit scheduled forms as map of strings
-define map<string,string> getSchedSettings( map<string,string> Settings ) {
-
- string name = (string) UI::QueryWidget(`id(`name), `Value);
- //integer iMonthdate = (integer) UI::QueryWidget(`id(`monthdate), `Value);
- any md = (any) UI::QueryWidget(`id(`monthdate), `Value);
- string monthdate = (string) md_map[md]:_("All");
- string weekday = (string) UI::QueryWidget(`id(`weekday), `Value);
- any iHours = (any) UI::QueryWidget(`id(`hour), `Value);
- any iMins = (any) UI::QueryWidget(`id(`mins), `Value);
- string expType = (string) UI::QueryWidget(`id(`expType), `Value);
- string email1 = (string) UI::QueryWidget(`id(`email1), `Value);
- string email2 = (string) UI::QueryWidget(`id(`email2), `Value);
- string email3 = (string) UI::QueryWidget(`id(`email3), `Value);
-
- //string monthdate = tostring( iMonthdate );
- string hour = tostring( iHours );
- string mins = tostring( iMins );
-
- if ( weekday == _("All") ) { weekday = "-"; }
- if ( monthdate == _("All") ) { monthdate = "-"; }
-
- // de-i18n
- if ( weekday == _("Mon") ) { weekday = "Mon"; }
- if ( weekday == _("Tue") ) { weekday = "Tue"; }
- if ( weekday == _("Weds") ) { weekday = "Weds"; }
- if ( weekday == _("Thu") ) { weekday = "Thu"; }
- if ( weekday == _("Fri") ) { weekday = "Fri"; }
- if ( weekday == _("Sat") ) { weekday = "Sat"; }
- if ( weekday == _("Sun") ) { weekday = "Sun"; }
-
- Settings["getconf"] = "";
- Settings["setconf"] = "1";
- Settings["name"] = name;
- Settings["monthdate"] = monthdate;
-
- Settings["weekday"] = weekday;
- Settings["hour"] = hour;
- Settings["mins"] = mins;
- if ( expType == _("csv") || expType == _("Both") ) {
- Settings["csv"] = "1";
- } else {
- Settings["csv"] = "0";
- }
-
- if ( expType == _("html") || expType == _("Both") ) {
- Settings["html"] = "1";
- } else {
- Settings["html"] = "0";
- }
-
- Settings["email1"] = email1;
- Settings["email2"] = email2;
- Settings["email3"] = email3;
-
- return Settings;
-}
-
-// Gets list of archived reports based on 'type'
-define list<term> getArrayList(string type, string repPath) {
-
- map<string,string> Settings = $[ ];
- string readSched = "1";
- Settings["readSched"] = readSched;
- Settings["type"] = type;
-
- if ( repPath != "" ) {
- Settings["repPath"] = repPath;
- }
-
- list<term> itemList = [];
-
- integer key = 1;
-
- if ( type == "sirRep" || type == "essRep" || type == "audRep" ) {
- list <map> db = (list <map>) SCR::Read (.reports_parse, Settings);
-
- foreach ( map record, db, {
- any strName = record["name"]:nil;
- any strTime = record["time"]:nil;
- string name = tostring(strName);
- string mytime = tostring(strTime);
- itemList = add( itemList, `item( `id(key), record["name"]:nil, record["time"]:nil ));
- key = key + 1;
- });
-
- } else if (type == "schedRep") {
-
- Settings["getcron"] = "1";
-
- list <map> db = (list <map>) SCR::Read (.reports_sched, Settings);
-
- foreach ( map record, db, {
- itemList = add( itemList, `item( `id(key), record["name"]:nil, record["hour"]:nil, record["mins"]:nil,
- record["wday"]:nil, record["mday"]:nil ));
- key = key + 1;
- });
-
- } else {
-
- Popup::Error( _("Unrecognized form request.") );
-
- }
-
- return itemList;
-}
-
-
-// Filter form for editing scheduled reports
-define term editFilterForm (map Settings) {
-
- /* debug */
- string prog = Settings["prog"]:"";
- string prof = Settings["prof"]:"";
- string pid = Settings["pid"]:"";
- string res = Settings["res"]:"";
- string sdmode = Settings["sdmode"]:"R";
- string mode = Settings["mode"]:"All";
- string sev = Settings["sev"]:"All";
-
- term eForm = `VBox(
-
- `VSpacing( 0.5 ),
- `HBox(
- `HWeight( 5, `TextEntry(`id(`prog), _("Program name"), prog )),
- `HWeight( 5, `TextEntry(`id(`prof), _("Profile name"), prof )),
- `HSpacing( `opt(`hstretch), 1)
- ),
- `VSpacing( 0.5 ),
- `HBox(
- `HWeight( 5, `TextEntry(`id(`pid), _("PID number"), pid )),
- `HWeight( 5, `TextEntry(`id(`res), _("Detail"), res )),
- `HSpacing( `opt(`hstretch), 1)
- ),
- `VSpacing( 0.5 ),
- `HBox(
- `HWeight( 2,
- `ComboBox(`id(`sev), _("Severity"), [
- _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10"
- ]) ),
- `VBox(
- `Label( _("Access Type: ") ),
- `Bottom( `HWeight( 4,
- `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode )))))
- ),
- `VBox(
- `Label( _("Mode: ") ),
- `Bottom( `HWeight( 4,
- `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode )))))
- ),
- `HSpacing( `opt(`hstretch), 1)
- ),
- `VSpacing( 1 ),
- `HBox(
- `PushButton(`id(`cancel), Label::CancelButton() ),
- `PushButton(`id(`save), Label::SaveButton() )
- )
- );
-
- return eForm;
-}
-
-term schedFilterForm =
-
- `VBox(
- `VSpacing( 0.5 ),
- `HBox(
- `HWeight( 5, `TextEntry(`id(`prog), _("Program name") )),
- `HWeight( 5, `TextEntry(`id(`prof), _("Profile name") )),
- `HSpacing( `opt(`hstretch), 1)
- ),
- `VSpacing( 0.5 ),
- `HBox(
- `HWeight( 5, `TextEntry(`id(`pid), _("PID number") )),
- `HWeight( 5, `TextEntry(`id(`res), _("Detail") ) ),
- `HSpacing( `opt(`hstretch), 1)
- ),
- `VSpacing( 0.5 ),
- `HBox(
- `HWeight( 2,
- `ComboBox(`id(`sev), _("Severity"), [
- _("All"), "U", "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10"
- ]) ),
-
- `VBox(
- `Label( _("Access Type: ") ),
- `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), "R" ))
- ),
- `VBox(
- `Label( _("Mode: ") ),
- `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("All") ))
- ),
-
- //`HWeight( 4, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))),
- //`HWeight( 4, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))),
- `HSpacing( `opt(`hstretch), 1)
- ),
- `VSpacing( 1 ),
- `HBox(
- `PushButton(`id(`cancel), Label::CancelButton() ),
- `PushButton(`id(`save), Label::SaveButton() )
- )
- );
-
-term filterForm =
-
- `VBox(
- `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )),
- `Frame( `id(`bydate_frame), _(" Select Date Range "),
- `VBox(
- `Label( _("Enter Starting Date/Time") ),
- `HBox(
- `HSpacing( `opt(`hstretch), 1),
- `IntField(`id(`startHours), _("Hours"), 00, 23, 00),
- `IntField(`id(`startMins), _("Minutes"), 00, 59, 00),
- `IntField(`id(`startDay), _("Day"), 01, 31, 01),
- `IntField(`id(`startMonth), _("Month"), 01, 12, 01),
- `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005)
- ),
- `VSpacing(1.0),
- `Label( _("Enter Ending Date") ),
- `HBox(
- `HSpacing( `opt(`hstretch), 1),
- `IntField(`id(`endHours), _("Hours"), 0, 23, 0),
- `IntField(`id(`endMins), _("Minutes"), 0, 59, 0),
- `IntField(`id(`endDay), _("Day"), 1, 31, 1),
- `IntField(`id(`endMonth), _("Month"), 1, 12, 1),
- `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005)
- )
- ),
- `VSpacing(1.0),
- `HBox(
- `HWeight( 4, `TextEntry(`id(`prog), _("Program name")) ),
- `HWeight( 4, `TextEntry(`id(`prof), _("Profile name")) ),
- `HWeight( 3, `TextEntry(`id(`pid), _("PID number")) ),
- `HWeight( 2,
- `ComboBox(`id(`sev), _("Severity"), [
- _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10"
- ]) ),
- `HSpacing( `opt(`hstretch), 5)
- ),
- `HBox(
- `HWeight( 3, `TextEntry(`id(`res), _("Detail") ) ),
-
- `VBox(
- `Label( _("Access Type: ") ),
- `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), "R" ))
- ),
- `VBox(
- `Label( _("Mode: ") ),
- `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("All") ))
- ),
-
-
- //`HWeight( 3, `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), _("Access Type: R") ))),
- //`HWeight( 3, `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), _("Mode: All") ))),
- `HSpacing( `opt(`hstretch), 5)
- ),
- `VSpacing( 0.5 ),
-
- `HBox(
- `VSpacing(0.5),
- // DWR MOD `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [
- `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [
- _("None"), _("csv"), _("html"), _("Both")
- ]),
- `TextEntry(`id(`expPath), _("Location to store log."), expPath ),
- `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) ))
- )
-
- ));
-
-// filter-defining form
-define term filterForm2(string name, map<any,any> preFilters) {
-
- any aprog = preFilters["prog"]:nil;
- any aprof = preFilters["profile"]:nil;
- any apid = preFilters["pid"]:nil;
- any ares = preFilters["resource"]:nil;
- any amode = preFilters["mode"]:"All";
- any asdmode = preFilters["sdmode"]:"All";
-
- string prog = "";
- string prof = "";
- string pid = "";
- string res = "";
- string mode = "";
- string sdmode = "";
-
- if ( aprog != nil ) { prog = tostring(aprog); }
- if ( aprof != nil ) { prof = tostring(aprof); }
- if ( apid != nil ) { pid = tostring(apid); }
- if ( ares != nil ) { res = tostring(ares); }
- if ( amode != nil ) { mode = tostring(amode); }
- if ( asdmode != nil ) { sdmode = tostring(asdmode); }
- if (sdmode == "-") { sdmode = "All"; }
- if (mode == "-") { mode = "All"; }
-
- term ff2 =
- `Top(`VBox(
- `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )),
- `Frame( `id(`bydate_frame), _(" Select Date Range "),
- `VBox(
- `Label( _("Enter Starting Date/Time") ),
- `HBox(
- `HSpacing( `opt(`hstretch), 1),
- `IntField(`id(`startHours), _("Hours"), 0, 23, 0),
- `IntField(`id(`startMins), _("Minutes"), 0, 59, 0),
- `IntField(`id(`startDay), _("Day"), 1, 31, 1),
- `IntField(`id(`startMonth), _("Month"), 1, 12, 1),
- `IntField(`id(`startYear), _("Year"), 2005, 2020, 2005)
- ),
- `VSpacing(1.0),
- `Label( _("Enter Ending Date") ),
- `HBox(
- `HSpacing( `opt(`hstretch), 1),
- `IntField(`id(`endHours), _("Hours"), 0, 23, 0),
- `IntField(`id(`endMins), _("Minutes"), 0, 59, 0),
- `IntField(`id(`endDay), _("Day"), 1, 31, 1),
- `IntField(`id(`endMonth), _("Month"), 1, 12, 1),
- `IntField(`id(`endYear), _("Year"), 2005, 2020, 2005)
- ),
- `VSpacing(1.0)
- )),
- `VSpacing( 1.0 ),
- `HBox(
- `HWeight( 4, `TextEntry(`id(`prog), _("Program name"), prog) ),
- `HWeight( 4, `TextEntry(`id(`prof), _("Profile name"), prof) ),
- `HWeight( 3, `TextEntry(`id(`pid), _("PID number"), pid) ),
- `HWeight( 2,
- `ComboBox(`id(`sev), _("Severity"), [
- _("All"), _("U"), "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10"
- ]) ),
- `HSpacing( `opt(`hstretch), 5)
- ),
- `HBox(
- `VSpacing(0.5),
- `TextEntry(`id(`res), _("Detail"), res),
- `VBox(
- `Label( _("Access Type: ") ),
- `ReplacePoint(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode )))
- ),
- `VBox(
- `Label( _("Mode: ") ),
- `ReplacePoint(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode )))
- )
- ),
- `VSpacing( 0.5 ),
-
- `HBox(
- `VSpacing(0.5),
- `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [
- _("None"), _("csv"), _("html"), _("Both")
- ]),
- `TextEntry(`id(`expPath), _("Location to store log."), expPath ),
- `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) ))
- )
- ));
-
- return ff2;
-
-}
-
-// Gets data for next or previous page of current report
-define term turnReportPage (string name, integer curPage, string slastPage, map Settings) {
-
- //map<string,string> Settings = $[ ]; - 07-07
- list<term> reportList = [];
-
- string currentPage = tostring( curPage );
- Settings["name"] = name;
- Settings["page"] = currentPage;
- Settings["turnPage"] = "1";
-
- reportList = getReportList("sir", Settings);
-
- // New map is a list, not a hash
-
- /* Old aa-eventd
- list <map> db = (list <map>) SCR::Read (.logparse, Settings);
- integer key = 1;
- foreach ( map record, db, {
- reportList = add( reportList, `item( `id(key), record["host"]:nil,
- record["date"]:nil, record["prog"]:nil, record["profile"]:nil,
- record["pid"]:nil, record["severity"]:nil, record["mode"]:nil,
- record["resource"]:nil, record["sdmode"]:nil ));
- key = key + 1;
- });
- */
-
- string myLabel = _("On Demand Event Report - Page ") + currentPage + _(" of ") + slastPage;
-
- term odForm =
-
- `Frame( `id(`odpage), myLabel,
-
- `VBox(
- //`Label("AppArmor Event Report Data " + currentPage ),
- //`Label(myLabel),
-
- `HBox(
- `VSpacing(10),
- // New aa-eventd
- makeSirTable(reportList),
- /* Old aa-eventd
- `Table(`id(`table), `opt(`keepSorting, `immediate ), `header( _("Host"), _("Date"), _("Program"),
- _("Profile"), _("PID"), _("Severity"), _("Mode"), _("Detail"), _("Access Type") ), reportList),
- */
-
- `VSpacing(0.5)
- ),
- `HSpacing(`opt(`hstretch), 1.0),
- `VSpacing(0.5),
- `HBox(
- `PushButton(`id(`first), _("F&irst Page") ),
- `PushButton(`id(`prev), _("&Previous") ),
- `PushButton(`id(`psort), _("&Sort") ),
- `PushButton(`id(`fwd), _("&Forward") ),
- `PushButton(`id(`last), _("&Last Page") ),
- `PushButton(`id(`goto), _("&Go to Page") )
- ),
- `VSpacing(1)
- ));
-
- return odForm;
-}
-
-define symbol reportConfigForm() {
-
- term contents_report_config_form =
- `VBox(
- `VSpacing( 1 ),
- `Left( `CheckBox( `id(`bydate), `opt(`notify), _("Filter By Date Range") )),
- `Frame( `id(`bydate_frame), _(" Select Date Range ") ,
- `VBox(
- `Label( _("Enter Starting Date/Time") ),
- `HBox(
- `HSpacing( `opt(`hstretch), 1),
- `HWeight( 1, `TextEntry(`id(`start_time), _("Time") )),
- `HSpacing( `opt(`hstretch), 1),
- `HWeight( 1, `TextEntry(`id(`start_day), _("Day") )),
- `HSpacing( `opt(`hstretch), 1),
- `HWeight( 1, `TextEntry(`id(`start_month), _("Month") )),
- `HSpacing( `opt(`hstretch), 1),
- `HWeight( 1, `TextEntry(`id(`start_year), _("Year") )),
- `HSpacing( `opt(`hstretch), 1)
- ),
- `VSpacing( 1.0 ),
- `Label( _("Enter Ending Date") ),
- `HBox(
- `HSpacing( `opt(`hstretch), 1),
- `HWeight( 1, `TextEntry(`id(`end_time), _("Time") )),
- `HSpacing( `opt(`hstretch), 1),
- `HWeight( 1, `TextEntry(`id(`end_day), _("Day") )),
- `HSpacing( `opt(`hstretch), 1),
- `HWeight( 1, `TextEntry(`id(`end_month), _("Month") )),
- `HSpacing( `opt(`hstretch), 1),
- `HWeight( 1, `TextEntry(`id(`end_year), _("Year") )),
- `HSpacing( `opt(`hstretch), 1),
- `VSpacing( `opt(`vstretch), 2)
- )
- )),
- `VSpacing( 0.5 ),
- `Left(`CheckBox( `id(`byprog), `opt(`notify), _("Filter By Program Name") )),
- `HBox(`id(`pbox),
- `Left(`TextEntry(`id(`prog), _("Program name") )),
- `HSpacing( `opt(`hstretch), 45)
- ),
- `VSpacing( 0.5 ),
- `Left(`CheckBox( `id(`expLog), `opt(`notify), _("Export Report") )),
- `HBox(`id(`ebox),
- `Left(`TextEntry(`id(`exportName), _("Export File Location") )),
- `Label( _("Select Export Format") ),
- `Left(`CheckBox(`id(`exportText), _("CSV"), false)),
- `Left(`CheckBox(`id(`exportHtml), _("HTML"), true))
- )
- );
- Wizard::SetContentsButtons( _("Report Configuration Dialog"), contents_report_config_form, repConfHelp, Label::BackButton(), Label::NextButton() );
-
- Settings = $[ ];
- map event = $[];
- any id = nil;
- UI::ChangeWidget(`id(`pbox), `Enabled, false);
- UI::ChangeWidget(`id(`ebox), `Enabled, false);
- UI::ChangeWidget(`id(`bydate_frame), `Enabled, false);
- UI::ChangeWidget(`id(`exportName), `Value, "/tmp/export.log");
-
- while( true ) {
- event = UI::WaitForEvent( timeout_millisec );
- id = event["ID"]:nil; // We'll need this often - cache it
-
- integer start_day = (integer) UI::QueryWidget(`id(`start_day), `Value);
- integer start_month = (integer) UI::QueryWidget(`id(`start_month), `Value);
- integer start_year = (integer) UI::QueryWidget(`id(`start_year), `Value);
- integer end_day = (integer) UI::QueryWidget(`id(`end_day), `Value);
- integer end_month = (integer) UI::QueryWidget(`id(`end_month), `Value);
- integer end_year = (integer) UI::QueryWidget(`id(`end_year), `Value);
-
- if ( id == `byprog ) {
- boolean val = (boolean) UI::QueryWidget(`id(`byprog), `Value);
- if ( val == true ) {
- UI::ChangeWidget(`id(`pbox), `Enabled, true);
- UI::ChangeWidget(`id(`allevents), `Value, false);
- } else {
- UI::ChangeWidget(`id(`pbox), `Enabled, false);
- }
- } else if ( id == `bydate ) {
- boolean val = (boolean) UI::QueryWidget(`id(`bydate), `Value);
- if ( val == true ) {
- UI::ChangeWidget(`id(`bydate_frame), `Enabled, true);
- UI::ChangeWidget(`id(`allevents), `Value, false);
- } else {
- UI::ChangeWidget(`id(`bydate_frame), `Enabled, false);
- }
- } else if ( id == `expLog ) {
- boolean val = (boolean) UI::QueryWidget(`id(`expLog), `Value);
- if ( val == true ) {
- UI::ChangeWidget(`id(`ebox), `Enabled, true);
- //UI::ChangeWidget(`id(`allevents), `Value, false);
- } else {
- UI::ChangeWidget(`id(`ebox), `Enabled, false);
- }
- } else if ( id == `next ) {
-
- // Setup the data structures.
- boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value);
- boolean byprog = (boolean) UI::QueryWidget(`id(`byprog), `Value);
- boolean allevents = (boolean) UI::QueryWidget(`id(`allevents), `Value);
- boolean expLog = (boolean) UI::QueryWidget(`id(`expLog), `Value);
-
- if ( expLog ) {
- string exportName = (string) UI::QueryWidget(`id(`exportName), `Value);
- any expText = (boolean) UI::QueryWidget(`id(`exportText), `Value);
- any expHtml = (boolean) UI::QueryWidget(`id(`exportHtml), `Value);
- string exportText = tostring( expText );
- string exportHtml = tostring( expHtml );
- Settings["exportname"] = exportName;
- Settings["exporttext"] = exportText;
- Settings["exporthtml"] = exportHtml;
- }
-
- if ( byprog ) {
- string program_name = (string) UI::QueryWidget(`id(`prog), `Value);
- Settings["prog"] = program_name;
- }
-
- if ( bydate ) {
-
- integer start_hour = (integer) UI::QueryWidget(`id(`startHour), `Value);
- integer start_min = (integer) UI::QueryWidget(`id(`startMin), `Value);
- integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value);
- integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value);
- integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value);
- integer end_hour = (integer) UI::QueryWidget(`id(`endHour), `Value);
- integer end_min = (integer) UI::QueryWidget(`id(`endMin), `Value);
- integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value);
- integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value);
- integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value);
- string start_time = tostring(start_hour) + ":" + tostring(start_min);
- string end_time = tostring(end_hour) + ":" + tostring(end_min);
-
- if ( CheckDate(startDay,startMonth,startYear) == false ) {
- Popup::Error( _("Illegal start date entered. Please retry.") );
- continue;
- }
-
- if ( CheckDate(endDay,endMonth,endYear) == false ) {
- Popup::Error( _("Illegal end date entered. Please retry.") );
- continue;
- }
-
- Settings["startday"] = tostring(startDay);
- Settings["startmonth"] = tostring(startMonth);
- Settings["startyear"] = tostring(startYear);
- Settings["endday"] = tostring(endDay);
- Settings["endmonth"] = tostring(endMonth);
- Settings["endyear"] = tostring(endYear);
- Settings["starttime"] = start_time;
- Settings["endtime"] = end_time;
- }
-
- } else if ( id == `abort || id == `back || id == `done ) {
- Popup::Message( _("Abort or Back") );
- break;
- }
-
- //break;
- }
- return (symbol) id;
-}
-
-// Main Report Form
-define symbol mainArchivedReportForm() {
-
- map <any,any> reportdata = nil;
- reportdata = (map) SCR::Read (.logparse, Settings );
- list<term> reportlist = [];
-
- foreach( integer key, map repdata, (map<integer,map>) reportdata, {
- reportlist = add( reportlist, `item( `id(key), repdata["date"]:nil, repdata["prof"]:nil, repdata["pid"]:nil, repdata["mesg"]:nil));
- });
-
- string help1 = _("<b>AppArmor Security Events</b><p>
- This table displays the events found that match your search criteria.");
-
-
- // DBG y2milestone("in MainReportForm");
- term contents_main_prof_form =
- `VBox(
- `Label( _("AppArmor Event Report Data") ),
- `HBox(
- `VSpacing(10),
- `Table(`id(`table), `opt(`notify, `immediate ), `header(_("Date"),
- _("Profile"), _("PID"), _("AppArmor Message") ), reportlist),
- `VSpacing(0.5)
- )
- );
- Wizard::SetContentsButtons( _("AppArmor Security Event Report"),
- contents_main_prof_form, help1, Label::BackButton(), _("&Done") );
-
-
- map event = $[];
- any id = nil;
- while( true ) {
-
- event = UI::WaitForEvent( timeout_millisec );
- id = event["ID"]:nil; // We'll need this often - cache it
-
- if ( id == `table ) {
-
- if ( event["EventReason"]:nil == "Activated" ) {
- // Widget activated in the table
- integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
- }
-
- } else if ( id == `abort || id == `cancel || id == `done ) {
- break;
- } else if ( id == `back || id == `next ) {
- break;
- } else {
- y2error("Unexpected return code: %1", id);
- continue;
- }
- }
- return (symbol) id;
-}
-
-// This is the first and base reporting form
-define symbol mainReportForm() {
-
- term mainForm =
-
- `VBox(
- `Label( _("AppArmor Reporting") ),
- `VSpacing(2),
- `VBox(
- `Left(`CheckBox( `id(`schedrep), `opt(`notify), _("Schedule Reports"), true )),
- `Left(`CheckBox( `id(`viewrep), `opt(`notify), _("View Archived Reports") )),
- `Left(`CheckBox( `id(`runrep), `opt(`notify), _("Run Reports") ))
- ),
- `VSpacing(0.5)
- );
-
- Wizard::SetContentsButtons( _("AppArmor Security Event Report"), mainForm, mainHelp, Label::BackButton(), Label::NextButton() );
-
- map event = $[];
- any id = nil;
- while( true ) {
-
- event = UI::WaitForEvent( timeout_millisec );
- id = event["ID"]:nil; // We'll need this often - cache it
-
- if ( id == `schedrep ) {
- UI::ChangeWidget(`id(`viewrep), `Value, false);
- UI::ChangeWidget(`id(`runrep), `Value, false);
- } else if ( id == `viewrep ) {
- UI::ChangeWidget(`id(`schedrep), `Value, false);
- UI::ChangeWidget(`id(`runrep), `Value, false);
- } else if ( id == `runrep ) {
- UI::ChangeWidget(`id(`schedrep), `Value, false);
- UI::ChangeWidget(`id(`viewrep), `Value, false);
- } else if ( id == `abort || id == `cancel || id == `done ) {
- break;
- } else if ( id == `back ) {
- break;
- } else if ( id == `next ) {
-
- if ( UI::QueryWidget(`id(`schedrep), `Value) == true ) {
- id = `schedrep;
- } else if ( UI::QueryWidget(`id(`viewrep), `Value) == true ) {
- id = `viewrep;
- } else if ( UI::QueryWidget(`id(`runrep), `Value) == true ) {
- id = `runrep;
- }
-
- break;
-
- } else {
- y2error("Unexpected return code: %1", id);
- continue;
- }
- }
-
- return (symbol) id;
-}
-
-// Form used to select the type of archived report to list
-define term viewForm(map archType, list itemList, string repPath) {
-
- boolean sirRep = archType["sirRep"]:false;
- boolean audRep = archType["audRep"]:false;
- boolean essRep = archType["essRep"]:false;
-
- if ( repPath == "" || repPath == nil ) {
- repPath = "/var/log/apparmor/reports-archived/";
- }
-
- if ( audRep == false && essRep == false ) {
- sirRep = true;
- }
-
- term vForm =
- `ReplacePoint(`id(`viewform), `VBox(
- `Label( _("View Archived Reports") ),
- `HSpacing(60), // make the table and thus the dialog wide enough
- `VSpacing(1),
- `HBox(
- `Frame( `id(`radioSelect), _("Choose a Report Type"),
- `RadioButtonGroup(`id(`chooseRep), `HBox(
- `HStretch(),
- `RadioButton(`id(`sirRep), `opt(`notify, `immediate), _("SIR"), sirRep),
- `HSpacing(1),
- `RadioButton(`id(`audRep), `opt(`notify, `immediate), _("App Aud"), audRep),
- `HSpacing(1),
- `RadioButton(`id(`essRep), `opt(`notify, `immediate), _("ESS"), essRep),
- `HSpacing(1),
- `HStretch()
- )))
- ),
- `VSpacing(1),
- `Frame( `id(`repFrame), _("Location of Archived Reports"),
- `HBox(
- `Left(`Label(repPath)),
- `HSpacing(1),
- `Left(`PushButton(`id(`browse), _("&Browse"))),
- `HStretch()
- )
- ),
- `VSpacing(0.5),
- `VWeight( 10, `HBox(
- `VSpacing(1),
- `Table(`id(`table), `opt(`notify, `immediate), `header(_("Report"),
- _("Date") ), itemList ) )
- ),
- `VSpacing(1),
- `HBox(
- `VSpacing(1),
- `PushButton(`id(`view), _("&View") ),
- `PushButton(`id(`viewall), _("View &All") )
- )
- ));
-
- return vForm;
-}
-
-define map<any,any> filterConfigForm(string name) {
-
- // Cheating way to set filters
- map<string,string> opts = $[];
- opts["getSirFilters"] = "1";
- opts["name"] = name;
- opts["gui"] = "1";
- map<any,any> preFilters = $[];
- preFilters = (map) SCR::Read( .logparse, opts );
-
- any asev = preFilters["severity"]:nil;
- string sev = "";
- if ( asev != nil ) { sev = tostring(asev); }
- if ( sev == "-" ) { sev = _("All"); }
-
- Wizard::SetContentsButtons( _("Report Configuration Dialog"),
- filterForm2(name,preFilters), filterCfHelp1, Label::BackButton(), Label::NextButton() );
-
- if ( sev != "" && sev != _("All") ) {
- if ( sev != "U" ) {
- integer isev = tointeger(sev);
- if ( isev < 10 ) {
- sev = "0" + sev;
- }
- }
-
- UI::ChangeWidget(`id(`sev), `Value, sev);
- }
-
- string mode = "All";
- string sdmode = "R";
-
- Settings = $[ ];
- map event = $[];
- any id = nil;
- UI::ChangeWidget(`id(`bydate_frame), `Enabled, false);
-
- while( true ) {
-
- event = UI::WaitForEvent( timeout_millisec );
- id = event["ID"]:nil;
-
- if ( id == `bydate ) {
-
- boolean val = (boolean) UI::QueryWidget(`id(`bydate), `Value);
- if ( val == true ) {
- UI::ChangeWidget(`id(`bydate_frame), `Enabled, true);
- } else {
- UI::ChangeWidget(`id(`bydate_frame), `Enabled, false);
- }
-
- } else if ( id == `abort || id == `done || id == `cancel) {
- Settings["break"] = "abort";
- break;
-
- } else if ( id == `back ) {
- Settings["break"] = "back";
- break;
-
- } else if ( id == `sdmode ) {
-
- sdmode = popUpSdMode();
-
- if ( sdmode != "" ) {
- Settings["sdmode"] = sdmode;
- UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) ) );
- }
-
- } else if ( id == `mode ) {
-
- mode = popUpMode();
-
- if ( mode != "" ) {
- Settings["mode"] = mode;
- UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode )));
- }
-
- } else if ( id == `browse ) {
-
- string selectFile = "";
- selectFile = UI::AskForExistingDirectory( "/", _("Select Directory"));
-
- if ( selectFile != nil ) {
- UI::ChangeWidget(`id(`expPath), `Value, selectFile);
- }
-
- Settings["expPath"] = expPath;
-
- } else if ( id == `save || id == `next) {
-
- // Setup the data structures.
- boolean bydate = (boolean) UI::QueryWidget(`id(`bydate), `Value);
- boolean expText = false;
- boolean expHtml = false;
-
- if ( UI::QueryWidget(`id(`expLog), `Enabled) == true ) {
- expText = (boolean) UI::QueryWidget(`id(`exportText), `Value);
- expHtml = (boolean) UI::QueryWidget(`id(`exportHtml), `Value);
- }
-
- if ( expText == true ) {
- Settings["exporttext"] = "true";
- }
- if ( expHtml == true ) {
- Settings["exporthtml"] = "true";
- }
-
- string program_name = (string) UI::QueryWidget(`id(`prog), `Value);
- string profile = (string) UI::QueryWidget(`id(`prof), `Value);
- string pid = (string) UI::QueryWidget(`id(`pid), `Value);
- string sev = (string) UI::QueryWidget(`id(`sev), `Value);
- string res = (string) UI::QueryWidget(`id(`res), `Value);
- string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label);
- string mode = (string) UI::QueryWidget(`id(`mode), `Label);
- string exppath = (string) UI::QueryWidget(`id(`expPath), `Value);
-
- // de-i18n
- if ( sev == _("All") ) { sev = "All"; }
- if ( sev == _("U") ) { sev = "U"; }
-
- if (exppath != "" ) { Settings["exportPath"] = expPath; }
- if ( program_name != "" ) { Settings["prog"] = program_name; }
- if ( profile != "" ) { Settings["profile"] = profile; }
- if ( pid != "" ) { Settings["pid"] = pid; }
- if ( sev != "" && sev != "All" ) { Settings["severity"] = sev; }
- if ( res != "" ) { Settings["resource"] = res; }
- if ( sdmode != "" ) { Settings["sdmode"] = humanStringToMode( sdmode); }
- if ( mode != "" ) { Settings["mode"] = humanStringToMode( mode ); }
-
- if ( bydate == true ) {
-
- integer start_hour = (integer) UI::QueryWidget(`id(`startHour), `Value);
- integer start_min = (integer) UI::QueryWidget(`id(`startMin), `Value);
- integer startDay = (integer) UI::QueryWidget(`id(`startDay), `Value);
- integer startMonth = (integer) UI::QueryWidget(`id(`startMonth), `Value);
- integer startYear = (integer) UI::QueryWidget(`id(`startYear), `Value);
- integer end_hour = (integer) UI::QueryWidget(`id(`endHour), `Value);
- integer end_min = (integer) UI::QueryWidget(`id(`endMin), `Value);
- integer endDay = (integer) UI::QueryWidget(`id(`endDay), `Value);
- integer endMonth = (integer) UI::QueryWidget(`id(`endMonth), `Value);
- integer endYear = (integer) UI::QueryWidget(`id(`endYear), `Value);
-
- string start_time = tostring(start_hour) + ":" + tostring(start_min);
- string end_time = tostring(end_hour) + ":" + tostring(end_min);
-
- if ( CheckDate(startDay,startMonth,startYear) == false ) {
- Popup::Error( _("Illegal start date entered. Please retry.") );
- continue;
- }
-
- if ( CheckDate(endDay,endMonth,endYear) == false ) {
- Popup::Error( _("Illegal end date entered. Please retry.") );
- continue;
- }
-
- string start_day = tostring(startDay);
- string start_month = tostring(startMonth);
- string start_year = tostring(startYear);
- string end_day = tostring(endDay);
- string end_month = tostring(endMonth);
- string end_year = tostring(endYear);
-
- Settings["startday"] = tostring(start_day);
- Settings["startmonth"] = tostring(start_month);
- Settings["startyear"] = tostring(start_year);
- Settings["endday"] = tostring(end_day);
- Settings["endmonth"] = tostring(end_month);
- Settings["endyear"] = tostring(end_year);
- Settings["starttime"] = start_time;
- Settings["endtime"] = end_time;
-
- }
-
- string expType = (string) UI::QueryWidget(`id(`expType), `Value);
- string expPath = (string) UI::QueryWidget(`id(`expPath), `Value);
-
- if ( expType == _("csv") ) {
- Settings["exporttext"] = "1";
- } else if ( expType == _("html") ) {
- Settings["exporthtml"] = "1";
- } else if ( expType == _("Both") ) {
- Settings["exporttext"] = "1";
- Settings["exporthtml"] = "1";
- }
-
- Settings["exportPath"] = expPath;
-
- break;
- }
- }
-
- return Settings;
-}
-
-define term displayEmptyRep(string type) {
-
- string myLabel = "";
- string myInfo = "";
-
- if ( type == "noDb" ) {
- myLabel = _("Events DB Not Initialized.");
- myInfo = _("The events database has not been populated. No records exist.");
- } else if ( type == "noList" ) {
- myLabel = _("Query Returned Empty List.");
- myInfo = _("The events database has no records that match the search query.");
- }
-
- term newPage =
-
- `Frame( `id(`newpage), myLabel,
-
- `VBox(
- //`Label(myLabel),
- `HBox(
- `VSpacing(10),
- `Label( myInfo ),
- `VSpacing(0.5)
- ),
- `HSpacing(`opt(`hstretch), 1.0),
- `VSpacing(1)
- ));
-
-
- return newPage;
-}
-
-define term displayRep(string type, integer curPage, string slastPage, list reportList ) {
-
- string myLabel = "";
- string currentPage = tostring(curPage);
- term myTable = nil;
-
- if (type == "onDemand" || type == "sir") {
- // Very poor i18n here
- myLabel = _("On Demand Event Report - Page ") + currentPage + _(" of ") + slastPage;
- myTable = makeSirTable(reportList);
-
- } else if (type == "archRep") {
-
- myLabel = _("Archived Event Report - Page ") + currentPage + _(" of ") + slastPage;
- myTable = makeSirTable(reportList);
-
- } else if (type == "aud" || type == "audRep" ) {
-
- myLabel = _("Applications Audit Report");
- myTable = `Table(`id(`table), `opt(`notify, `immediate ),
- `header(_("Host"), _("Date"), _("Program"),
- _("Profile"), _("PID"), _("State"), _("Type") ), reportList);
-
- } else if (type == "ess" || type == "essRep" ) {
- if (reportList == nil) {
- myLabel = _("Executive Security Summary");
- myTable = `Table(`id(`table), `opt(`notify),
- `header(_("Query Results")), _("No event information exists."));
-
- } else {
- myLabel = _("Executive Security Summary");
- myTable = `Table(`id(`table), `opt(`notify, `immediate ),
- `header(_("Host"), _("Start Date"),_("End Date"), _("Num Rejects"),
- _("Num Events"), _("Ave. Sev"), _("High Sev") ), reportList);
- }
- }
-
- term newPage =
-
- `Frame( `id(`newpage), myLabel,
-
- `VBox(
- `HBox(
- `VSpacing(10),
- myTable,
- `VSpacing(0.5)
- ),
- `HSpacing(`opt(`hstretch), 1.0),
- `VSpacing(0.5),
- `HBox(
- `PushButton(`id(`first), _("F&irst Page") ),
- `PushButton(`id(`prev), _("&Previous") ),
- `PushButton(`id(`psort), _("&Sort") ),
- `PushButton(`id(`fwd), _("&Forward") ),
- `PushButton(`id(`last), _("&Last Page") ),
- `PushButton(`id(`goto), _("&Go to Page") )
- ),
- `VSpacing(1)
- ));
-
- return newPage;
-}
-
-
-// View Archived Reports
-define symbol displayArchForm() {
-
- map<string,boolean> archType = $[ ];
- archType["sirRep"] = true;
- archType["audRep"] = false;
- archType["essRep"] = false;
-
- map<string,string> Settings = $[ ];
- string readSched = "1";
- Settings["getcron"] = "0";
- Settings["readSched"] = "1";
- Settings["type"] = "sirRep";
- string type = Settings["type"]:nil;
-
- list<term> itemList = [];
- itemList = getArrayList(type,"");
-
- Wizard::SetContentsButtons( _("AppArmor Security Event Report"),
- viewForm(archType, itemList, ""), archHelpText, Label::BackButton(), _("&Done") );
-
- map event = $[];
- any archId = nil;
-
- string repPath = "";
- integer lastPage = 1;
- integer curPage = 1;
-
- string formHelp = runHelp;
-
-
- while( true ) {
-
- event = UI::WaitForEvent( );
-
- archId = event["ID"]:nil; // We'll need this often - cache it
-
- if (archId == `back || archId == `abort || archId == `done) {
- break;
- } else if ( archId == `close || archId == `cancel || archId == `next) {
- break;
-
- } else if ( archId == `repPath ) {
-
- repPath = (string) UI::QueryWidget(`id(`repPath), `Value);
- Settings["repPath"] = repPath;
- itemList = getArrayList(type,repPath);
- Wizard::SetContentsButtons( _("AppArmor Security Event Report"),
- viewForm(archType, itemList, repPath), archHelpText, Label::BackButton(), _("&Done") );
-
- } else if ( archId == `browse ) {
-
- string selectFile = "";
- selectFile = UI::AskForExistingDirectory( "/", _("Select Directory"));
-
- if ( selectFile != nil ) {
- UI::ChangeWidget(`id(`repPath), `Value, selectFile);
- // set new reppath
- repPath = selectFile;
- Settings["repPath"] = repPath;
- itemList = getArrayList(type,repPath);
- Wizard::SetContentsButtons( _("AppArmor Security Event Report"),
- viewForm(archType, itemList, repPath), archHelpText, Label::BackButton(),
- _("&Done") );
- }
-
-
- } else if ( archId == `sirRep ) {
- formHelp = sirHelp;
- archType["sirRep"] = true;
- archType["audRep"] = false;
- archType["essRep"] = false;
- Settings["type"] = "sirRep";
- type = Settings["type"]:nil;
-
- itemList = getArrayList(type,repPath);
-
- Wizard::SetContentsButtons( _("View Archived SIR Report"),
- viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done"));
-
- } else if ( archId == `audRep ) {
- formHelp = audHelp;
- archType["sirRep"] = false;
- archType["audRep"] = true;
- archType["essRep"] = false;
- Settings["type"] = "audRep";
- type = Settings["type"]:nil;
-
- itemList= getArrayList(type,"");
- Wizard::SetContentsButtons( _("View Archived AUD Report"),
- viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done"));
-
- } else if ( archId == `essRep ) {
- formHelp = essHelp;
- archType["sirRep"] = false;
- archType["audRep"] = false;
- archType["essRep"] = true;
- Settings["type"] = "essRep";
- type = Settings["type"]:nil;
-
- itemList= getArrayList(type,"");
- Wizard::SetContentsButtons( _("View Archived ESS Report"),
- viewForm(archType,itemList,""), formHelp, Label::BackButton(), _("&Done"));
-
-
- } else if ( archId == `view || archId == `viewall || archId == `table) {
-
- if ( archId == `viewall ) {
- Settings["single"] = "0";
- } else {
- Settings["single"] = "1";
- }
-
- integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
- string logFile = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "");
- string logPath = (string) UI::QueryWidget(`id(`repPath), `Value);
- list splitPath = splitstring (logPath, "/");
- string checkPath = splitPath[size(splitPath)-1]:"";
-
- string longLogName = "";
-
-
- // Cat strings & check for trailing "/" in path
- if ( logPath != "" ) {
- if ( checkPath != "" ) {
- longLogName = logPath + "/" + logFile;
- } else {
- longLogName = logPath + logFile;
- }
- }
-
- if ( type == "sirRep" ) {
-
- formHelp = sirHelp;
- map<any,any> sirSettings = nil;
- sirSettings = setArchFilter();
- if ( archId == `viewall ) { sirSettings["single"] = 0; }
-
- // Force an exit if appropriate
- any breakCheck = sirSettings["break"]:nil;
-
- if ( breakCheck == "abort" ) {
- symbol myBreak = `abort;
- return myBreak;
-
- } else if ( breakCheck == "back" ) {
- symbol myBreak = `back;
- return myBreak;
- }
-
- if ( repPath != "" ) {
- sirSettings["repPath"] = repPath;
- }
-
- Wizard::SetContentsButtons( _("Security Incident Report"),
- viewArchForm(type,logFile,sirSettings), sirHelp, Label::BackButton(), _("&Done"));
-
- lastPage = getLastPage(type,Settings,""); // check 'name'
- setPageButtons(curPage,lastPage);
-
- } else if ( type == "audRep" ) {
-
- formHelp = audHelp;
- list<term> reportList = [];
- integer key = 1;
- Settings["page"] = "1";
- Settings["audArch"] = "1";
- Settings["turnPage"] = "1";
- Settings["file"] = logFile;
-
- list <map> db = (list <map>) SCR::Read (.reports_confined, Settings);
-
- foreach ( map repdata, db, {
- reportList = add( reportList, `item( `id(key), repdata["host"]:nil,
- repdata["date"]:nil, repdata["prog"]:nil, repdata["prof"]:nil,
- repdata["pid"]:nil, repdata["state"]:nil, repdata["type"]:nil ));
- key = key + 1;
- });
-
- lastPage = getLastPage(type,Settings,"");
- string slastPage = tostring(lastPage);
-
- Wizard::SetContentsButtons( _("Applications Audit Report"),
- displayRep(type,curPage,slastPage,reportList), formHelp, Label::BackButton(),
- _("&Done") );
- setPageButtons(curPage,lastPage);
-
- } else if ( type == "essRep" ) {
-
- formHelp = essHelp;
- list<term> reportList = [];
- integer key = 1;
- Settings["file"] = logFile;
- Settings["essArch"] = "1";
-
- list <map> db = (list <map>) SCR::Read (.reports_ess, Settings);
-
- foreach ( map repdata, db, {
- reportList = add( reportList, `item( `id(key), repdata["host"]:nil,
- repdata["startdate"]:nil, repdata["enddate"]:nil, repdata["numRejects"]:nil,
- repdata["numEvents"]:nil, repdata["sevMean"]:nil, repdata["sevHi"]:nil ));
- key = key + 1;
- });
-
- lastPage = getLastPage(type,Settings,"");
- string slastPage = tostring(lastPage);
-
- Wizard::SetContentsButtons( _("Executive Security Summary Report"),
- displayRep(type,curPage,slastPage,reportList), formHelp, Label::BackButton(),
- _("&Done") );
- setPageButtons(curPage,lastPage);
-
- } else {
- Popup::Error( _("No recognized report type selected. Try again.") );
- continue;
- }
-
- } else if ( archId == `goto ) {
-
- integer newPage = popUpGoto(lastPage);
-
- if ( newPage > 0 && newPage <= lastPage && newPage != curPage ) {
- curPage = newPage;
-
- term fwdForm = turnArchReportPage(curPage,lastPage);
- Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, runHelp, Label::BackButton(), _("&Done") );
- setPageButtons(curPage,lastPage);
- }
-
- } else if ( archId == `psort ) {
-
- string sortKey = popUpSort(type);
-
- if ( sortKey != nil && sortKey != "" ) {
- curPage = 1;
- map<string,string> sortCmd = $[];
- sortCmd["sortKey"] = sortKey;
- sortCmd["sort"] = "1";
- any junk = SCR::Write(.logparse, sortCmd);
- term fwdForm = turnArchReportPage(curPage,lastPage);
- Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, runHelp, Label::BackButton(), _("&Done") );
- setPageButtons(curPage,lastPage);
- }
-
- } else if ( archId == `fwd ) {
-
- curPage = curPage +1;
- term fwdForm = turnArchReportPage(curPage,lastPage);
- Wizard::SetContentsButtons( _("AppArmor Report"), fwdForm, formHelp, Label::BackButton(), _("&Done") );
-
- setPageButtons(curPage,lastPage);
-
-
- } else if ( archId == `prev ) {
-
- if ( curPage > 0 ) { curPage = curPage -1; }
- term prevForm = turnArchReportPage(curPage,lastPage);
- Wizard::SetContentsButtons( _("AppArmor Report"), prevForm, formHelp, Label::BackButton(), _("&Done") );
-
- setPageButtons(curPage,lastPage);
-
- } else if ( archId == `first ) {
-
- curPage = 1;
- term firstForm = turnArchReportPage(curPage,lastPage);
- Wizard::SetContentsButtons( _("AppArmor Report"), firstForm, formHelp, Label::BackButton(), _("&Done") );
- setPageButtons(curPage,lastPage);
-
- } else if ( archId == `last ) {
-
- curPage = lastPage;
- term lastForm = turnArchReportPage(curPage,lastPage);
- Wizard::SetContentsButtons( _("AppArmor Report"), lastForm, formHelp, Label::BackButton(), _("&Done") );
- setPageButtons(curPage,lastPage);
-
- } else {
- y2error("Unexpected return code: %1", archId);
- continue;
- }
- //break;
- }
-
- if (archId != `back && archId != `abort && archId != `done) {
- archId = `back;
- }
-
- return (symbol) archId;
-}
-
-// The main form for On-Demand reports, executed from the wizard by selecting 'Run Now'
-define symbol displayRunForm() {
-
- integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
- string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""));
-
- string type = "";
-
- if (name == "Security.Incident.Report") {
- type = "sir";
- } else if (name == "Applications.Audit") {
- type = "aud";
- } else if ( name == "Executive.Security.Summary") {
- type = "ess";
- } else {
- type = "sir"; // All added reports are SIRs
- }
-
- if ( type != "aud" ) {
- boolean dbActivated = checkEventDb();
- if ( dbActivated == false ) {
- type = "noDb";
- }
- }
-
- list<term> reportList = [];
- map<any,any> Settings = $[ ];
- integer curPage = 1;
- integer lastPage = 1;
- string slastPage = "1";
-
- string formHelp = runHelp;
- map <any,any> reportdata = nil;
-
- if (type == "sir") {
-
- Settings = filterConfigForm(name);
-
- // Force an exit if appropriate
- any breakCheck = Settings["break"]:nil;
-
- if ( breakCheck == "abort" ) {
- symbol myBreak = `abort;
- return myBreak;
-
- } else if ( breakCheck == "back" ) {
- symbol myBreak = `back;
- return myBreak;
- }
-
- formHelp = sirHelp;
- Settings["type"] = "onDemand";
- Settings["turnPage"] = "0";
-
- reportList = getReportList("sir",Settings);
- integer listSize = size(reportList);
- if ( listSize < 1 ) {
- type = "noList";
- }
-
- } else if ( type == "aud" ) {
-
- formHelp = audHelp;
- Settings["type"] = "onDemand";
- Settings["turnPage"] = "0";
-
- list <map> db = (list <map>) SCR::Read (.reports_confined, Settings);
-
- integer key = 1;
-
- foreach ( map repdata, db, {
- reportList = add( reportList, `item( `id(key), repdata["host"]:nil,
- repdata["date"]:nil, repdata["prog"]:nil, repdata["prof"]:nil,
- repdata["pid"]:nil, repdata["state"]:nil, repdata["type"]:nil ));
- key = key + 1;
- });
-
- } else if ( type == "ess" ) {
-
- formHelp = essHelp;
- Settings["type"] = "onDemand";
- Settings["turnPage"] = "0";
- list <map> db = (list <map>) SCR::Read (.reports_ess, Settings);
-
- if (db != nil) {
-
- integer key = 1;
-
- foreach ( map repdata, db, {
- reportList = add( reportList, `item( `id(key), repdata["host"]:nil,
- repdata["startdate"]:nil, repdata["enddate"]:nil,
- repdata["numRejects"]:nil, repdata["numEvents"]:nil, repdata["sevMean"]:nil,
- repdata["sevHi"]:nil ));
- key = key + 1;
- });
- }
-
- }
-
- if ( type == "noDb" ) {
- Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayEmptyRep(type),
- formHelp, Label::BackButton(), _("&Done") );
- } else if ( type == "noList" ) {
- Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayEmptyRep(type),
- formHelp, Label::BackButton(), _("&Done") );
- } else {
-
- lastPage = getLastPage(type,Settings,name);
- slastPage = tostring(lastPage);
-
- Wizard::SetContentsButtons( _("AppArmor On-Demand Report"),
- displayRep(type,curPage,slastPage,reportList), formHelp,
- Label::BackButton(), _("&Done") );
- setPageButtons(curPage,lastPage);
- }
-
- map event = $[];
- any id = nil;
-
- while( true ) {
-
- // Grey out inappropriate paging buttons
- if (curPage <= 1 ) {
- UI::ChangeWidget(`id(`prev), `Enabled, false);
- } else if ( curPage >= lastPage ) {
- UI::ChangeWidget(`id(`fwd), `Enabled, false);
- }
-
- event = UI::WaitForEvent( timeout_millisec );
- id = event["ID"]:nil; // We'll need this often - cache it
-
- // REDO
- if ( id == `schedrep ) {
- break;
- } else if ( id == `abort || id == `cancel || id == `back || id == `done) {
- break;
- } else if ( id == `next ) {
-
- break;
-
- } else if ( id == `goto ) {
-
- integer newPage = popUpGoto(lastPage);
-
- if ( newPage > 0 && newPage <= lastPage && newPage != curPage ) {
- curPage = newPage;
-
- term goForm = turnReportPage(name,curPage,slastPage,Settings);
- Wizard::SetContentsButtons( _("AppArmor - Run Reports"), goForm,
- formHelp, Label::BackButton(), _("&Done") );
- setPageButtons(curPage,lastPage);
- }
-
- } else if ( id == `psort ) {
-
- string sortKey = popUpSort(type);
-
- if ( sortKey != nil && sortKey != "" ) {
-
- // branch added 08.01.2005
- curPage = 1;
- Settings["type"] = "onDemand";
- Settings["turnPage"] = "0";
- Settings["sortKey"] = sortKey;
-
- reportList = getReportList(type,Settings);
-
- Wizard::SetContentsButtons( _("AppArmor On-Demand Report"), displayRep(type,curPage,
- slastPage,reportList), formHelp, Label::BackButton(), _("&Done") );
- setPageButtons(curPage,lastPage);
-
- }
-
- } else if ( id == `prev ) {
-
- if ( curPage > 0 ) { curPage = curPage -1; }
- term prevForm = turnReportPage(name,curPage,slastPage,Settings);
- Wizard::SetContentsButtons( _("AppArmor - Run Reports"), prevForm,
- formHelp, Label::BackButton(), _("&Done") );
- setPageButtons(curPage,lastPage);
-
- } else if ( id == `fwd ) {
- curPage = curPage + 1;
- term fwdForm = turnReportPage(name,curPage,slastPage,Settings);
- Wizard::SetContentsButtons( _("AppArmor - Run Reports"), fwdForm,
- formHelp, Label::BackButton(), _("&Done") );
- setPageButtons(curPage,lastPage);
-
- } else if ( id == `first ) {
-
- curPage = 1;
- slastPage = tostring(lastPage);
- term firstForm = turnReportPage(name,curPage,slastPage,Settings);
- Wizard::SetContentsButtons( _("AppArmor - Run Reports"), firstForm, formHelp,
- Label::BackButton(), _("&Done") );
- setPageButtons(curPage,lastPage);
-
- } else if ( id == `last ) {
-
- curPage = lastPage;
- slastPage = tostring(lastPage);
- term lastForm = turnReportPage(name,curPage,slastPage,Settings);
- Wizard::SetContentsButtons( _("AppArmor - Run Reports"), lastForm, formHelp,
- Label::BackButton(), _("&Done") );
- setPageButtons(curPage,lastPage);
-
- } else {
- y2error("Unexpected return code: %1", id);
- continue;
- }
-
- }
-
- type = "";
- return (symbol) id;
-}
-
-define void addSchedForm() {
-
- map<string,string> Settings = $[ ];
- string readSched = "1";
- Settings["getcron"] = "1";
- Settings["readSched"] = "1";
- Settings["type"] = "schedRep";
-
- string expPath = "/var/log/apparmor/reports-exported";
-
- UI::OpenDialog(
-
- `ReplacePoint( `id(`addSchedRep), `VBox(
- `Label( _("Add Scheduled SIR") ),
- `VSpacing(1),
- `TextEntry(`id(`name), _("Report Name")),
- `VSpacing(1),
- `HBox(
- `ComboBox(`id(`monthdate), `opt(`notify), _("Day of Month"), [
- `item(`id(`md_00), _("All")),
- `item(`id(`md_01), "1"), `item(`id(`md_02), "2"), `item(`id(`md_03), "3"),
- `item(`id(`md_04), "4"), `item(`id(`md_05), "5"), `item(`id(`md_06), "6"),
- `item(`id(`md_07), "7"), `item(`id(`md_08), "8"), `item(`id(`md_09), "9"),
- `item(`id(`md_10), "10"), `item(`id(`md_11), "9"), `item(`id(`md_12), "12"),
- `item(`id(`md_13), "13"), `item(`id(`md_14), "14"), `item(`id(`md_15), "15"),
- `item(`id(`md_16), "16"), `item(`id(`md_17), "17"), `item(`id(`md_18), "18"),
- `item(`id(`md_19), "19"), `item(`id(`md_20), "20"), `item(`id(`md_21), "21"),
- `item(`id(`md_22), "22"), `item(`id(`md_23), "23"), `item(`id(`md_24), "24"),
- `item(`id(`md_25), "25"), `item(`id(`md_26), "26"), `item(`id(`md_27), "27"),
- `item(`id(`md_28), "28"), `item(`id(`md_29), "29"), `item(`id(`md_30), "30"),
- `item(`id(`md_31), "31") ]),
- `ComboBox(`id(`weekday), `opt(`notify), _("Day of Week"), [
- _("All"), _("Sun"), _("Mon"), _("Tue"), _("Wed"), _("Thu"), _("Fri"), _("Sat")
- ]),
- `IntField(`id(`hour), _("Hour"), 00, 23, 00),
- `IntField(`id(`mins), _("Minute"), 00, 59, 00)
- ),
- `VSpacing(1),
- `HBox(
- `VSpacing(1),
- `TextEntry(`id(`email1), `opt(`notify), _("Email Target 1"), ""),
- `TextEntry(`id(`email2), `opt(`notify), _("Email Target 2"), ""),
- `TextEntry(`id(`email3), `opt(`notify), _("Email Target 3"), "")
- ),
- `VSpacing(1),
- `HBox(
- `VSpacing(0.5),
- `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [
- _("None"), _("csv"), _("html"), _("Both")
- ]),
- `TextEntry(`id(`expPath), _("Location to store log."), expPath ),
- `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) ))
- ),
- `VSpacing(1),
- `HBox(
- `PushButton(`id(`cancel), Label::CancelButton() ),
- `PushButton(`id(`next), Label::NextButton() )
- )
- )));
-
- string mode = "All";
- string sdmode = "R";
- integer timeout_millisec = 20 * 1000;
- map event = $[];
- any addInput = nil;
-
- while( true ) {
-
- event = UI::WaitForEvent( timeout_millisec );
- addInput = event["ID"]:nil; // We'll need this often - cache it
-
-
- if ( addInput == `monthdate && addInput != 0 ) {
- UI::ChangeWidget(`id(`weekday), `Value, _("All") );
- } else if ( addInput == `weekday && addInput != _("All") ) {
- UI::ChangeWidget(`id(`monthdate), `Value, _("All") );
- }
-
- if ( addInput == `next ) {
-
- // Check for valid path
- expPath = (string) UI::QueryWidget(`id(`expPath), `Value);
- map<any,any> fileTest = $[];
- fileTest["checkFile"] = "1";
- fileTest["file"] = expPath;
-
- any pathExists = SCR::Read(.reports_parse, fileTest);
- string spath = tostring(pathExists);
-
- if ( spath != "1" ) {
- Popup::Error(_("The specified directory does not exist."));
- UI::ChangeWidget(`id(`expPath), `Value, oldExpPath);
- } else {
-
- Settings["expPath"] = expPath;
- UI::ChangeWidget(`id(`expPath), `Value, expPath);
-
- string name = (string) UI::QueryWidget(`id(`name), `Value);
- string monthdate = (string) UI::QueryWidget(`id(`monthdate), `Value);
- string weekday = (string) UI::QueryWidget(`id(`weekday), `Value);
- any iHours = (any) UI::QueryWidget(`id(`hour), `Value);
- any iMins = (any) UI::QueryWidget(`id(`mins), `Value);
- string email1 = (string) UI::QueryWidget(`id(`email1), `Value);
- string email2 = (string) UI::QueryWidget(`id(`email2), `Value);
- string email3 = (string) UI::QueryWidget(`id(`email3), `Value);
-
- //string monthdate = tostring( iMonthdate );
- string hour = tostring( iHours );
- string mins = tostring( iMins );
-
- string expType = (string) UI::QueryWidget(`id(`expType), `Value);
-
- if ( expType == _("csv") || expType == _("Both") ) {
- Settings["csv"] = "1";
- }
-
- if ( expType == _("html") || expType == _("Both") ) {
- Settings["html"] = "1";
- }
-
- if ( weekday == _("All") ) { weekday = "-"; }
- if ( monthdate == _("All") ) { monthdate = "-"; }
-
- // de-i18n
- if ( weekday == _("Mon") ) { weekday = "Mon"; }
- if ( weekday == _("Tue") ) { weekday = "Tue"; }
- if ( weekday == _("Weds") ) { weekday = "Weds"; }
- if ( weekday == _("Thu") ) { weekday = "Thu"; }
- if ( weekday == _("Fri") ) { weekday = "Fri"; }
- if ( weekday == _("Sat") ) { weekday = "Sat"; }
- if ( weekday == _("Sun") ) { weekday = "Sun"; }
-
- Settings["add"] = "1";
- Settings["name"] = name;
- Settings["monthdate"] = monthdate;
- Settings["weekday"] = weekday;
- Settings["hour"] = hour;
- Settings["mins"] = mins;
- Settings["email1"] = email1;
- Settings["email2"] = email2;
- Settings["email3"] = email3;
-
- // Confirm reasonable input on report names
- string checkName = filterchars(name, "`~!@#$%^&*()[{]};:'\",<>?/\|");
- integer nameLength = size(name);
-
- if ( regexpmatch(name, " ") == true ) {
- Popup::Error( _("Only one contiguous space allowed in report names."));
- } else if ( checkName != "" ) {
- Popup::Error( _("These characters are not allowed in report names:
- \"`~!@#$%^&*()[{]};:'\",<>?/\|\"") );
- } else if ( nameLength > 128 ) {
- Popup::Error( _("Only 128 characters are allowed in report names."));
- } else {
- boolean uniqueName = findDupe(name);
- if ( uniqueName == true ) {
- UI::ReplaceWidget(`addSchedRep, schedFilterForm );
- } else {
- Popup::Error( _("Each report name should be unique.") );
- }
- }}
-
- } else if ( addInput == `sdmode ) {
-
- sdmode = popUpSdMode();
-
- if (sdmode != "") {
- Settings["sdmode"] = sdmode;
- UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) ));
- }
-
- } else if ( addInput == `mode ) {
-
- mode = popUpMode();
-
- if (mode != "") {
- Settings["mode"] = mode;
- UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode )) );
- }
-
- } else if (addInput == `save ) {
-
- string prog = (string) UI::QueryWidget(`id(`prog), `Value);
- string prof = (string) UI::QueryWidget(`id(`prof), `Value);
- string pid = (string) UI::QueryWidget(`id(`pid), `Value);
- string res = (string) UI::QueryWidget(`id(`res), `Value);
- string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label);
- string mode = (string) UI::QueryWidget(`id(`mode), `Label);
- string sev = (string) UI::QueryWidget(`id(`sev), `Value);
- string expType = (string) UI::QueryWidget(`id(`expType), `Value);
-
- if ( expType == "csv" ) {
- Settings["exporttext"] = "1";
- } else if ( expType == "html" ) {
- Settings["exporthtml"] = "1";
- } else if ( expType == "both" ) {
- Settings["exporttext"] = "1";
- Settings["exporthtml"] = "1";
- }
-
- if ( sev == _("All") ) { sev = "-"; }
-
- Settings["getcron"] = "";
- Settings["prog"] = prog;
- Settings["prof"] = prof;
- Settings["pid"] = pid;
- Settings["sev"] = sev;
- Settings["res"] = res;
- Settings["sdmode"] = humanStringToMode( sdmode );
- Settings["mode"] = humanStringToMode( mode );
-
- any error = (any) SCR::Write(.reports_sched, Settings);
-
- if (is(error, string)) {
- string erStr = tostring(error);
- Popup::Error("Error: " + erStr);
- }
-
- addInput = `close;
- break;
-
- } else if ( addInput == `accept ) {
-
- expPath = (string) UI::QueryWidget(`id(`expPath), `Value);
- map<any,any> fileTest = $[];
- fileTest["checkFile"] = "1";
- fileTest["file"] = expPath;
-
- any pathExists = SCR::Read(.reports_parse, fileTest);
- string spath = tostring(pathExists);
-
- if ( spath == "1" ) {
- Settings["expPath"] = expPath;
- UI::ChangeWidget(`id(`expPath), `Value, expPath);
- } else {
- Popup::Error(_("The specified directory does not exist."));
- }
-
- } else if ( addInput == `browse ) {
-
- string selectFile = "";
- selectFile = UI::AskForExistingDirectory( "/", _("Select Directory"));
-
- if ( selectFile != nil ) {
- UI::ChangeWidget(`id(`expPath), `Value, selectFile);
- }
-
- Settings["expPath"] = expPath;
-
- } else if ( addInput == `cancel || addInput == `close ) {
-
- addInput = `close;
- break;
- }
- }
-
- UI::CloseDialog();
-
- return;
-}
-
-define void editSchedForm() {
-
- integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
- string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""));
-
- map<string,string> Settings = $[ ];
- string readSched = "1";
- Settings["name"] = name;
- Settings["getcron"] = "";
- Settings["getrep"] = "1";
- Settings["readSched"] = "1";
- Settings["type"] = "schedRep";
-
- list<term> itemList = [];
- integer key = 1;
-
- map <any,any> db = nil;
- db = (map) SCR::Read (.reports_sched, Settings );
- string sname = name; // Don't know why this was pulled from db instead of name above
- any amday = db["mday"]:nil;
- any wday = db["wday"]:nil;
- any shour = db["hour"]:nil;
- any smins = db["mins"]:nil;
-
- string oldRepName = sname;
- string swday = "All";
- string monthdate = "All";
-
- if (amday != nil) { monthdate = tostring(amday); }
- if (wday != nil) { swday = tostring(wday); }
-
- integer ihour = 23;
- integer imins = 59;
- if (shour != nil) { ihour = tointeger(shour); }
- if (smins != nil) { imins = tointeger(smins); }
-
- // Get reports.conf info
- Settings["getrep"] = "";
- Settings["getconf"] = "1";
- map <any,any> db2 = nil;
- db2 = (map) SCR::Read (.reports_sched, Settings );
-
- any aemail1 = db2["addr1"]:nil;
- any aemail2 = db2["addr2"]:nil;
- any aemail3 = db2["addr3"]:nil;
- any tmpPath = db2["exportpath"]:nil;
-
- string email1 = "";
- string email2 = "";
- string email3 = "";
-
- string expType = "";
- string expPath = "/var/log/apparmor/reports-exported";
- if ( tmpPath != nil ) {
- oldExpPath = tostring(tmpPath);
- expPath = oldExpPath;
- } else {
- oldExpPath = defExpPath;
- expPath = oldExpPath;
- }
-
- if (aemail1 != nil) { email1 = tostring(aemail1); }
- if (aemail2 != nil) { email2 = tostring(aemail2); }
- if (aemail3 != nil) { email3 = tostring(aemail3); }
-
- /* Get Filtering Info for Report */
- any aprog = db2["prog"]:nil;
- any aprof = db2["prof"]:nil;
- any apid = db2["pid"]:nil;
- any ares = db2["res"]:nil;
- any asev = db2["severity"]:nil;
- any asdmode = db2["sdmode"]:nil;
- any amode = db2["mode"]:nil;
- any acsv = db2["csv"]:nil;
- any ahtml = db2["html"]:nil;
-
- /* debug */
- if ( aprog != nil ) { Settings["prog"] = tostring(aprog); }
- if ( aprof != nil ) { Settings["prof"] = tostring(aprof); }
- if ( apid != nil ) { Settings["pid"] = tostring(apid); }
- if ( ares != nil ) { Settings["res"] = tostring(ares); }
- if ( asev != nil ) { Settings["sev"] = tostring(asev); }
- if ( asdmode != nil ) { Settings["sdmode"] = tostring(asdmode); }
- if ( asdmode == nil || asdmode == "-" ) {
- Settings["sdmode"] = "All";
- }
- if ( amode != nil ) { Settings["mode"] = tostring(amode); }
-
- if ( acsv != nil && ahtml != nil ) {
- expType = "Both";
- Settings["csv"] = "1";
- Settings["html"] = "1";
- } else if ( acsv != nil && ahtml == nil ) {
- expType = "csv";
- Settings["csv"] = "1";
- Settings["html"] = "";
- } else if ( acsv == nil && ahtml != nil ) {
- expType = "html";
- Settings["csv"] = "";
- Settings["html"] = "1";
- } else if ( acsv == nil && ahtml == nil ) {
- expType = "None";
- Settings["csv"] = "";
- Settings["html"] = "";
- }
-
- // Special handling for sev
- string formatSev = "";
- if ( asev != nil ) { formatSev = tostring(asev); }
- if ( formatSev != "" && formatSev != "U" && formatSev != "All" && formatSev != nil) {
- formatSev = "0" + formatSev;
- }
-
- term continueBtns =
-
- `HBox(
- `PushButton(`id(`cancel), Label::CancelButton() ),
- `PushButton(`id(`fwd), _("N&ext") )
- );
-
-
- // We need secondary filters for SIR reports only
- if ( sname == "Executive.Security.Summary" || sname == "Applications.Audit" ) {
-
- continueBtns =
- `HBox(
- `PushButton(`id(`cancel), Label::CancelButton() ),
- `PushButton(`id(`save), Label::SaveButton() )
- );
-
- }
-
- string edLabel = _("Edit Report Schedule for ") + typeToHumanString(sname);
-
- UI::OpenDialog(
-
- `ReplacePoint( `id(`editSchedRep),
-
- `VBox(
- `HBox( `Label(`id(`edname), edLabel) ),
- `VSpacing(1),
- `HBox(
- `ComboBox(`id(`monthdate), `opt(`notify), _("Day of Month"), [
- `item(`id(`md_00), _("All")),
- `item(`id(`md_01), "1"), `item(`id(`md_02), "2"), `item(`id(`md_03), "3"),
- `item(`id(`md_04), "4"), `item(`id(`md_05), "5"), `item(`id(`md_06), "6"),
- `item(`id(`md_07), "7"), `item(`id(`md_08), "8"), `item(`id(`md_09), "9"),
- `item(`id(`md_10), "10"), `item(`id(`md_11), "11"), `item(`id(`md_12), "12"),
- `item(`id(`md_13), "13"), `item(`id(`md_14), "14"), `item(`id(`md_15), "15"),
- `item(`id(`md_16), "16"), `item(`id(`md_17), "17"), `item(`id(`md_18), "18"),
- `item(`id(`md_19), "19"), `item(`id(`md_20), "20"), `item(`id(`md_21), "21"),
- `item(`id(`md_22), "22"), `item(`id(`md_23), "23"), `item(`id(`md_24), "24"),
- `item(`id(`md_25), "25"), `item(`id(`md_26), "26"), `item(`id(`md_27), "27"),
- `item(`id(`md_28), "28"), `item(`id(`md_29), "29"), `item(`id(`md_30), "30"),
- `item(`id(`md_31), "31")
- ]),
- `ComboBox(`id(`weekday), `opt(`notify), _("Day of Week"), [
- _("All"), _("Sun"), _("Mon"), _("Tue"), _("Wed"), _("Thu"), _("Fri"), _("Sat")
- ]),
- `IntField(`id(`hour), _("Hour"), 0, 23, ihour),
- `IntField(`id(`mins), _("Minute"), 0, 59, imins)
- ),
- `VSpacing(1),
- `HBox(
- `VSpacing(1),
- `TextEntry(`id(`email1), `opt(`notify), _("Email Target 1"), email1),
- `TextEntry(`id(`email2), `opt(`notify), _("Email Target 2"), email2),
- `TextEntry(`id(`email3), `opt(`notify), _("Email Target 3"), email3)
- ),
- `VSpacing(1),
- `HBox(
- `VSpacing(0.5),
-
- // DWR MOD `ComboBox(`id(`expType), `opt(`notify, `immediate), _("Export Type"), [
- `ComboBox(`id(`expType), `opt(`notify), _("Export Type"), [
- _("None"), _("csv"), _("html"), _("Both")
- ]),
- `TextEntry(`id(`expPath), _("Location to store log."), expPath ),
- `Bottom( `VWeight( 1, `PushButton(`id(`browse), _("&Browse")) ))
- ),
- `VSpacing(1),
- continueBtns
- )));
-
- /**************************************************/
- string mode = _("All");
- string sdmode = _("R");
-
- integer timeout_millisec = 20 * 1000;
- map event = $[];
- any editInput = nil;
- //map<string,string> Settings = $[ ];
-
- //Cheap & easy way to give default value to ComboBox
- if (swday != _("All") ) {
- UI::ChangeWidget(`id(`weekday), `Value, swday);
- }
-
- if ( monthdate != _("All") ) {
- UI::ChangeWidget(`id(`monthdate), `Value, monthdate);
- }
-
- if ( expType != _("None") ) {
- UI::ChangeWidget(`id(`expType), `Value, expType);
- }
-
- while( true ) {
-
- event = UI::WaitForEvent( timeout_millisec );
- editInput = event["ID"]:nil; // We'll need this often - cache it
-
- if ( editInput == `monthdate && editInput != 0 ) {
- UI::ChangeWidget(`id(`weekday), `Value, _("All") );
- } else if ( editInput == `weekday && editInput != _("All") ) {
- UI::ChangeWidget(`id(`monthdate), `Value, _("All") );
- }
-
- if ( editInput == `fwd ) {
-
- string email1 = (string) UI::QueryWidget(`id(`email1), `Value);
- string email2 = (string) UI::QueryWidget(`id(`email2), `Value);
- string email3 = (string) UI::QueryWidget(`id(`email3), `Value);
-
- string spath = "0";
-
- expPath = (string) UI::QueryWidget(`id(`expPath), `Value);
- map<any,any> fileTest = $[];
- fileTest["checkFile"] = "1";
- fileTest["file"] = expPath;
-
- any pathExists = SCR::Read(.reports_parse, fileTest);
- spath = tostring(pathExists);
- Settings["expPath"] = expPath;
-
- if ( spath == "1" ) {
-
- Settings = getSchedSettings(Settings);
- UI::ReplaceWidget(`editSchedRep, editFilterForm(Settings) );
-
- // Special handling for ComboBoxes (sev)
- if ( formatSev != "" ) { UI::ChangeWidget(`id(`sev), `Value, formatSev); }
-
- } else {
- Popup::Error(_("The specified directory does not exist."));
- UI::ChangeWidget(`id(`expPath), `Value, oldExpPath);
- }
-
- } else if ( editInput == `sdmode ) {
-
- sdmode = popUpSdMode();
-
- if ( sdmode != "" ) {
- Settings["sdmode"] = sdmode;
- UI::ReplaceWidget(`id(`replace_sdmode), `PushButton(`id(`sdmode), modeToHumanString( sdmode) ));
- }
-
- } else if ( editInput == `mode ) {
-
- mode = popUpMode();
- if ( mode != "" ) {
- Settings["mode"] = mode;
- UI::ReplaceWidget(`id(`replace_mode), `PushButton(`id(`mode), modeToHumanString( mode )));
- }
-
- } else if ( editInput == `browse ) {
-
- string selectFile = "";
- selectFile = UI::AskForExistingDirectory( "/", _("Select Directory"));
-
- if ( selectFile != nil ) {
- UI::ChangeWidget(`id(`expPath), `Value, selectFile);
- }
-
- Settings["expPath"] = expPath;
-
- } else if ( editInput == `close || editInput == `cancel ) {
- break;
- } else if ( editInput == `save ) {
-
- string spath = "0";
-
- if ( sname == "Executive.Security.Summary" || sname == "Applications.Audit" ) {
-
- expPath = (string) UI::QueryWidget(`id(`expPath), `Value);
- map<any,any> fileTest = $[];
- fileTest["checkFile"] = "1";
- fileTest["file"] = expPath;
-
- any pathExists = SCR::Read(.reports_parse, fileTest);
- spath = tostring(pathExists);
- Settings["expPath"] = expPath;
- } else {
- // SIR Reports already checked
- spath = "1";
- }
-
- if ( spath != "1" ) {
- Popup::Error(_("The specified directory does not exist."));
- UI::ChangeWidget(`id(`expPath), `Value, oldExpPath);
- } else {
-
-
- if ( sname != "Executive.Security.Summary" && sname != "Applications.Audit" ) {
-
- string prog = (string) UI::QueryWidget(`id(`prog), `Value);
- string prof = (string) UI::QueryWidget(`id(`prof), `Value);
- string pid = (string) UI::QueryWidget(`id(`pid), `Value);
- string res = (string) UI::QueryWidget(`id(`res), `Value);
- string sdmode = (string) UI::QueryWidget(`id(`sdmode), `Label);
- string mode = (string) UI::QueryWidget(`id(`mode), `Label);
- string sev = (string) UI::QueryWidget(`id(`sev), `Value);
-
- Settings["prog"] = prog;
- Settings["prof"] = prof;
- Settings["pid"] = pid;
- Settings["sev"] = sev;
- Settings["res"] = res;
- Settings["sdmode"] = humanStringToMode( sdmode );
- Settings["mode"] = humanStringToMode( mode );
-
- } else {
-
- string email1 = (string) UI::QueryWidget(`id(`email1), `Value);
- string email2 = (string) UI::QueryWidget(`id(`email2), `Value);
- string email3 = (string) UI::QueryWidget(`id(`email3), `Value);
-
- Settings = getSchedSettings(Settings);
- }
-
- Settings["name"] = sname;
- Settings["getconf"] = "";
- Settings["setconf"] = "1";
-
- string expType = (string) UI::QueryWidget(`id(`expType), `Value);
-
- if ( expType == "csv" ) {
- Settings["exporttext"] = "1";
- } else if ( expType == "html" ) {
- Settings["exporthtml"] = "1";
- } else if ( expType == "both" ) {
- Settings["exporttext"] = "1";
- Settings["exporthtml"] = "1";
- }
-
- any error = (any) SCR::Write(.reports_sched, Settings);
-
- if (is(error, string)) {
- string erStr = tostring(error);
- Popup::Error( _("Error: ") + erStr);
- }
-
- break;
- }}
- // END - Save Dialog (editInput == `save)
- }
-
- UI::CloseDialog();
-
- //return (symbol) editInput;
- return;
-}
-
-define void delSchedForm() {
-
- integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
- string name = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""));
-
- map<string,string> Settings = $[ ];
- Settings["del"] = "1";
- Settings["name"] = name;
-
- UI::OpenDialog(
-
- `VBox(
- `VSpacing(0.5),
- `Label( _("Delete Confirmation") ),
- `VSpacing(1),
- `HBox(
- `HSpacing( `opt(`hstretch), 0.75 ),
- `Left(`HWeight( 0, `Label( _("Are you sure you want to delete: ") + name + _("?") )))
- ),
- `VSpacing(1),
- `HBox(
- `PushButton(`id(`cancel), Label::CancelButton() ),
- `PushButton(`id(`del), Label::DeleteButton() )
- )
- ));
-
- symbol delInput = `default;
-
- while ( delInput != `close ) {
-
- delInput = (symbol) UI::UserInput();
-
- if ( delInput == `del ) {
- SCR::Write(.reports_sched, Settings);
- //any error = (any) SCR::Write(.reportsched, Settings);
- break;
- } else if (delInput == `close || delInput == `cancel) {
- break;
- }
- }
-
- UI::CloseDialog();
-
- return;
-
-}
-
-// Forces update of the table of available scheduled reports
-define void updateSched() {
-
- map<string,string> Settings = $[ ];
- string readSched = "1";
- Settings["getcron"] = "1";
- Settings["readSched"] = "1";
- Settings["type"] = "schedRep";
-
- list<term> itemList = [];
- integer key = 1;
-
- list <map> db = (list <map>) SCR::Read (.reports_sched, Settings);
-
- foreach ( map record, db, {
- itemList = add( itemList, `item( `id(key), typeToHumanString( record["name"]:"" ), record["mday"]:nil, record["wday"]:nil,
- record["hour"]:nil, record["mins"]:nil ));
- key = key + 1;
- });
-
- term schedForm =
-
- `VBox(
- `Label( _("Schedule Reports") ),
- `VSpacing(2),
- `HBox(
- `VSpacing(10),
- `Table(`id(`table), `opt(`notify), `header(_("Report Name"),
- _("Day of Month"), _("Day of Week"), _("Hour"), _("Mins")), itemList)
- ),
- `VSpacing(0.5),
- `HBox(
- `PushButton(`id(`viewrep), _("View Archive") ),
- `PushButton(`id(`runrep), _("Run Now") )
- ),
- `HBox(
- `PushButton(`id(`add), Label::AddButton() ),
- `PushButton(`id(`edit), Label::EditButton() ),
- `PushButton(`id(`delete), Label::DeleteButton() )
- )
- );
-
- Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm,
- mainHelp, Label::BackButton(), Label::NextButton() );
-
- return;
-}
-
-define symbol displaySchedForm() {
-
-// START - Move to separate Routine - START
-
- map<string,string> Settings = $[ ];
- string readSched = "1";
- Settings["getcron"] = "1";
- Settings["readSched"] = "1";
- Settings["type"] = "schedRep";
-
- list<term> itemList = [];
- integer key = 1;
-
- list <map> db = (list <map>) SCR::Read (.reports_sched, Settings);
-
- foreach ( map record, db, {
- itemList = add( itemList, `item( `id(key), typeToHumanString( record["name"]:""), record["mday"]:nil, record["wday"]:nil,
- record["hour"]:nil, record["mins"]:nil ));
- key = key + 1;
- });
-
- term schedForm =
-
- `Frame( `id(`dosched), _("Schedule Reports"),
- `VBox(
- `VSpacing(2),
- `HBox(
- `VSpacing(10),
- `Table(`id(`table), `opt(`notify), `header(_("Report Name"),
- _("Day of Month"), _("Day of Week"), _("Hour"), _("Mins")),
- itemList)
- ),
- `VSpacing(0.5),
- `HBox(
- `PushButton(`id(`viewrep), _("View Archive") ),
- `PushButton(`id(`runrep), _("Run Now") )
- ),
- `HBox(
- `PushButton(`id(`add), Label::AddButton() ),
- `PushButton(`id(`edit), Label::EditButton() ),
- `PushButton(`id(`delete), Label::DeleteButton() )
- ))
- );
-
- Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm,
- mainHelp, Label::BackButton(), _("&Done") );
-
- // Double-click tracking
- integer newRecord = nil;
- integer lastRecord = nil;
-
- map event = $[];
- any id = nil;
- while( true ) {
-
- event = UI::WaitForEvent( timeout_millisec );
-
- id = event["ID"]:nil; // We'll need this often - cache it
-
- if ( id == `schedrep ) {
-
- break;
-
- } else if ( id == `abort || id == `cancel || id == `done ) {
- break;
- } else if ( id == `back ) {
- break;
- } else if ( id == `runrep || id == `viewrep ) {
- break;
- } else if ( id == `next ) {
- id = `done;
- break;
- } else if ( id == `add ) {
- addSchedForm();
- Wizard::SetContentsButtons( _("AppArmor Security Event Report"), schedForm, mainHelp, Label::BackButton(), Label::NextButton() );
- updateSched();
- continue;
-
- } else if ( id == `edit ) {
- editSchedForm();
- updateSched();
- continue;
-
- } else if ( id == `delete ) {
-
- integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
- string repName = humanStringToType( (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""));
-
- if ( repName == "Executive.Security.Summary" || repName == "Applications.Audit" || repName == "Security.Incident.Report" ) {
- Popup::Error( _("Cannot delete a stock report.") );
- } else {
-
- delSchedForm();
- updateSched();
- }
-
- continue;
-
- } else if ( id == `table ) {
-
- newRecord = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
-
- if ( newRecord == lastRecord ) {
- //editSchedForm();
- //updateSched();
- id = `runrep;
- break;
- newRecord = 0;
- }
-
- lastRecord = newRecord;
-
- } else {
- y2error("Unexpected return code: %1", id);
- continue;
- }
- }
-
- return (symbol) id;
-}
-
-
-}
-
-
--- a/src/include/subdomain/reporting_utils.ycp
+++ /dev/null
@@ -1,609 +0,0 @@
-/* ------------------------------------------------------------------
-*
-* Copyright (C) 2002-2005 Novell/SUSE
-*
-* This program is free software; you can redistribute it and/or
-* modify it under the terms of version 2 of the GNU General Public
-* License published by the Free Software Foundation.
-*
- ------------------------------------------------------------------*/
-{
-
-import "Wizard";
-import "Popup";
-import "Label";
-include "subdomain/report_helptext.ycp";
-textdomain "yast2-apparmor";
-
-define boolean checkEventDb() {
-
- boolean dbActivated = false;
- map<string,string> args = $[];
- args["checkDb"] = "1";
-
- any dbCheck = (any) SCR::Read( .reports_parse, args);
- integer dbOn = tointeger(dbCheck);
-
- if ( dbOn == 1 ) {
- dbActivated = true;
- }
-
- return dbActivated;
-}
-
-define boolean findDupe(string name) {
-
- boolean unique = false;
- map<string,string> args = $[ ];
- args["name"] = name;
- args["getdupe"] = "1";
- any aDupe = (any) SCR::Read (.reports_sched, args );
-
- if ( aDupe == "" || aDupe == nil ) {
- unique = true; // bad, but try for a non-breaking failure
- } else if ( aDupe == 1 ) {
- unique = false;
- } else {
- unique = true;
- }
-
- return unique;
-}
-
-define string unI18n(string weekday) {
-
- if ( weekday == _("Mon") ) { weekday = "Mon"; }
- if ( weekday == _("Tue") ) { weekday = "Tue"; }
- if ( weekday == _("Wed") ) { weekday = "Wed"; }
- if ( weekday == _("Thu") ) { weekday = "Thu"; }
- if ( weekday == _("Fri") ) { weekday = "Fri"; }
- if ( weekday == _("Sat") ) { weekday = "Sat"; }
- if ( weekday == _("Sun") ) { weekday = "Sun"; }
-
- return weekday;
-}
-
-/* Possible 'type's for getLastPage() && getLastSirPage()
- - displayArchForm(): type = sirRep || audRep || essRep
- - displayRunForm(): type = sir || aud || ess
-*/
-
-// Return last page number of post-filtered report
-define integer getLastPage(string type, map Settings, string name) {
-
- if ( type == "sir" || type == "sirRep" ) {
- if ( name != nil && name != "" ) {
- Settings["name"] = name;
- } else {
- y2error(_("No name provided for retrieving SIR report page count."));
- return 1; // return a page count of 1
- }
- }
-
- Settings["type"] = type;
- Settings["getLastPage"] = "1";
- map<any,any> page = $[];
- page = (map) SCR::Read (.reports_parse, Settings);
- integer lastPage = page["numPages"]:1;
-
- return lastPage;
-}
-
-define boolean CheckDate( integer day, integer month, integer year ) ``{
-
- list mdays = [ 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 ];
- boolean ret = true;
-
- if (year == nil || month == nil || day == nil)
- return false;
-
- ret = ret && month>=1 && month<=12;
-
- if( year%4==0 && (year%100!=0 || year%400==0)) {
- mdays[1] = 29;
- }
-
- ret = ret && day>=1 && day<=mdays[month-1]:0;
- ret = ret && year>=1970 && year<2032;
- return( ret );
-
-}
-
-// Make the table for displaying report data
-define term makeSirTable (list reportList) {
- term myTable =
- `Table(`id(`table), `opt(`keepSorting, `immediate ), `header(_("Host"),
- _("Date"), _("Program"), _("Profile"), _("PID"), _("Severity"),
- _("Mode Request"), _("Mode Deny"), _("Detail"), _("Event Type"),
- _("Operation"), _("Attribute"), _("Additional Name"), _("Net Family"),
- _("Net Protocol"), _("Net Socket Type")), reportList
- );
- return myTable;
-}
-
-define integer popUpGoto(integer lastPage) {
-
- UI::OpenDialog(
- `VBox(
- `HBox(
- `TextEntry(`id(`gotoPage), _("Enter a Page to Move to."), "")
- ),
- `HBox(
- `PushButton(`id(`abort), `opt(`notify), Label::AbortButton() ),
- `PushButton(`id(`save), `opt(`notify), Label::SaveButton() )
- )
- )
- );
-
- map event = $[];
- any id = nil;
- integer igoto = nil;
-
- while( true ) {
-
- event = UI::WaitForEvent();
- id = event["ID"]:nil;
-
- if ( id == `abort || id == `close || id == `cancel ) {
-
- break;
-
- } else if ( id == `save ) {
-
- any agoto = UI::QueryWidget(`id(`gotoPage), `Value);
- igoto = tointeger(agoto);
-
- if ( igoto == nil || igoto < 1 || igoto > lastPage ) {
-
- Popup::Message("You must enter a value between 1 and " + lastPage + ".");
-
- } else {
-
- break;
-
- }
- }
- }
-
- UI::CloseDialog();
-
- return igoto;
-}
-
-define string getSortId(string type, any sortId) {
-
- string sortKey = "";
-
-
- if ( type == "aud" || type == "audRep") {
-
- if ( sortId == 0 ) {
- sortKey = "prog";
- } else if ( sortId == 1 ) {
- sortKey = "profile";
- } else if ( sortId == 2 ) {
- sortKey = "pid";
- } else if ( sortId == 3 ) {
- sortKey = "state";
- } else if ( sortId == 4 ) {
- sortKey = "type";
- }
-
- } else if (type == "ess" || type == "essRep" ) {
-
- if ( sortId == 0 ) {
- sortKey = "host";
- } else if ( sortId == 1 ) {
- //sortKey = "date";
- sortKey = "numRejects";
- } else if ( sortId == 2 ) {
- sortKey = "numEvents";
- } else if ( sortId == 3 ) {
- sortKey = "sevMean";
- } else if ( sortId == 4 ) {
- sortKey = "sevHi";
- }
-
- } else {
-
- if ( sortId == 0 ) {
- sortKey = "host";
- } else if ( sortId == 1 ) {
- //sortKey = "date";
- sortKey = "time";
- } else if ( sortId == 2 ) {
- sortKey = "prog";
- } else if ( sortId == 3 ) {
- sortKey = "profile";
- } else if ( sortId == 4 ) {
- sortKey = "pid";
- } else if ( sortId == 5 ) {
- sortKey = "resource";
- } else if ( sortId == 6 ) {
- sortKey = "severity";
- } else if ( sortId == 7 ) {
- sortKey = "sdmode";
- } else if ( sortId == 8 ) {
- sortKey = "mode";
- }
-
- }
-
- return sortKey;
-}
-
-// Get the name of the filter (header column) to sort by
-define string popUpSort(string type) {
-
- term btnList = nil;
-
- if ( type == "aud" || type == "audRep") {
- btnList =
- `VBox(
- `Left(`RadioButton(`id(0), _("Program") )),
- `Left(`RadioButton(`id(1), _("Profile") )),
- `Left(`RadioButton(`id(2), _("PID") )),
- `Left(`RadioButton(`id(3), _("State") )),
- `Left(`RadioButton(`id(4), _("Type") ))
- );
-
- } else if (type == "ess" || type == "essRep" ) {
- btnList =
- `VBox(
- `Left(`RadioButton(`id(0), _("Host") )),
- `Left(`RadioButton(`id(1), _("Num. Rejects") )),
- `Left(`RadioButton(`id(2), _("Num. Events") )),
- `Left(`RadioButton(`id(3), _("Ave. Sev") )),
- `Left(`RadioButton(`id(4), _("High Sev") ))
- );
- } else {
-
- btnList =
- `VBox(
- // Sorting by host is no longer meaningful (due to sql changes)
- //`Left(`RadioButton(`id(0), _("Host") )),
- `Left(`RadioButton(`id(1), _("Date") )),
- `Left(`RadioButton(`id(2), _("Program") )),
- `Left(`RadioButton(`id(3), _("Profile") )),
- `Left(`RadioButton(`id(4), _("PID") )),
- `Left(`RadioButton(`id(5), _("Detail") )),
- `Left(`RadioButton(`id(6), _("Severity") )),
- `Left(`RadioButton(`id(7), _("Access Type") )),
- `Left(`RadioButton(`id(8), _("Mode") ))
- );
- }
-
- UI::OpenDialog(
- `VBox(
- `HBox(
- //`HSpacing( `opt(`vstretch), 0.5),
- `RadioButtonGroup(`id(`sortKey),
- btnList
- )
- ),
- `HBox(
- `PushButton(`id(`abort), Label::AbortButton() ),
- `PushButton(`id(`save), Label::SaveButton() )
- )
- )
- );
-
- map event = $[];
- any id = nil;
- string sortKey = nil;
-
- while( true ) {
-
- event = UI::WaitForEvent();
- id = event["ID"]:nil; // We'll need this often - cache it
-
- if ( id == `abort || id == `cancel || id == `close) {
-
- break;
-
- } else if (id == `save ) {
-
- any sortId = UI::QueryWidget(`id(`sortKey), `CurrentButton);
-
- /* sortKey needs to match the hash reference names in parseEventLog()
- && sortRecords() in Immunix::Reports.pm */
-
- sortKey = getSortId(type,sortId);
- break;
-
- }
- }
-
- UI::CloseDialog();
-
- return sortKey;
-
-}
-
-// Mode
-define string popUpMode() {
-
- string checkMode = (string) UI::QueryWidget(`id(`mode), `Label);
- list splitMode = splitstring (checkMode, " ");
- string myMode = splitMode[size(splitMode)-1]:"All";
-
- UI::OpenDialog(
- `VBox(
- `HBox(
- `CheckBox(`id(`clear), `opt(`notify, `immediate ), _("All"), true),
- `CheckBox(`id(`read), `opt(`notify, `immediate ), _("Read"), false),
- `CheckBox(`id(`write), `opt(`notify, `immediate ), _("Write"), false),
- `CheckBox(`id(`link), `opt(`notify, `immediate ), _("Link"), false),
- `CheckBox(`id(`exec), `opt(`notify, `immediate ), _("Execute"), false),
- `CheckBox(`id(`mmap), `opt(`notify, `immediate ), _("MMap"), false)
- ),
- `HBox(
- `PushButton(`id(`cancel), Label::CancelButton() ),
- `PushButton(`id(`save), Label::SaveButton() )
- )
- )
- );
-
- integer isall = search( myMode, "All");
- if ( isall != nil && isall >= 0 ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- UI::ChangeWidget(`id(`read), `Value, true);
- UI::ChangeWidget(`id(`write), `Value, true);
- UI::ChangeWidget(`id(`link), `Value, true);
- UI::ChangeWidget(`id(`exec), `Value, true);
- UI::ChangeWidget(`id(`mmap), `Value, true);
- } else {
- if ( search( myMode, "r") != nil ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- UI::ChangeWidget(`id(`read), `Value, true);
- }
- if ( search( myMode, "w") != nil ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- UI::ChangeWidget(`id(`write), `Value, true);
- }
- if ( search( myMode, "l") != nil ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- UI::ChangeWidget(`id(`link), `Value, true);
- }
- if ( search( myMode, "x") != nil ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- UI::ChangeWidget(`id(`exec), `Value, true);
- }
- if ( search( myMode, "m") != nil ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- UI::ChangeWidget(`id(`mmap), `Value, true);
- }
- }
-
- string mode = "";
- map event = $[];
- any id = nil;
-
- while( true ) {
-
- event = UI::WaitForEvent();
- id = event["ID"]:nil; // We'll need this often - cache it
-
- if ( id == `clear) {
-
- if ( UI::QueryWidget(`id(`clear), `Value) == true ) {
- UI::ChangeWidget(`id(`read), `Value, false);
- UI::ChangeWidget(`id(`write), `Value, false);
- UI::ChangeWidget(`id(`link), `Value, false);
- UI::ChangeWidget(`id(`exec), `Value, false);
- UI::ChangeWidget(`id(`mmap), `Value, false);
- mode = "All";
- }
-
- } else if ( id == `read || id == `write || id == `link || id == `exec || id == `mmap ) {
-
- if ( UI::QueryWidget(`id(`read), `Value) == true ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- } else if ( UI::QueryWidget(`id(`write), `Value) == true ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- } else if ( UI::QueryWidget(`id(`link), `Value) == true ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- } else if ( UI::QueryWidget(`id(`exec), `Value) == true ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- } else if ( UI::QueryWidget(`id(`mmap), `Value) == true ) {
- UI::ChangeWidget(`id(`link), `Value, false);
- }
-
- } else if ( id == `abort || id == `cancel || id == `close) {
- mode = myMode;
- break;
- } else if ( id == `save ) {
-
- if ( UI::QueryWidget(`id(`clear), `Value) == true ) {
- mode = "All";
- } else {
- list<string> sdList = [];
- if ( UI::QueryWidget(`id(`read), `Value) == true ) { sdList = add(sdList, "r"); }
- if ( UI::QueryWidget(`id(`write), `Value) == true ) { sdList = add(sdList, "w"); }
- if ( UI::QueryWidget(`id(`link), `Value) == true ) { sdList = add(sdList, "l"); }
- if ( UI::QueryWidget(`id(`exec), `Value) == true ) { sdList = add(sdList, "x"); }
- if ( UI::QueryWidget(`id(`mmap), `Value) == true ) { sdList = add(sdList, "m"); }
-
- foreach ( string perm, sdList, { mode = mode + perm; });
- }
-
- break;
- }
- }
-
- UI::CloseDialog();
- return mode;
-}
-
-// Access Type - SD Mode
-define string popUpSdMode() {
-
- string checkMode = (string) UI::QueryWidget(`id(`sdmode), `Label);
- checkMode = filterchars(checkMode, "APRl");
- list splitMode = splitstring (checkMode, " ");
- string mySdMode = splitMode[size(splitMode)-1]:"R";
-
- UI::OpenDialog(
- `VBox(
- `HBox(
- `CheckBox(`id(`clear), `opt(`notify, `immediate ), _("All"), false),
- `CheckBox(`id(`permit), `opt(`notify, `immediate ), _("Permit"), false),
- `CheckBox(`id(`reject),`opt(`notify, `immediate ), _("Reject"), false),
- `CheckBox(`id(`audit),`opt(`notify, `immediate ), _("Audit"), false)
- ),
- `HBox(
- `PushButton(`id(`cancel), `opt(`notify), Label::CancelButton() ),
- `PushButton(`id(`save), `opt(`notify), Label::SaveButton() )
- )
- )
- );
-
- if ( mySdMode == "P") {
- UI::ChangeWidget(`id(`clear), `Value, false);
- UI::ChangeWidget(`id(`permit), `Value, true);
-
- } else if ( mySdMode == "R") {
- UI::ChangeWidget(`id(`clear), `Value, false);
- UI::ChangeWidget(`id(`reject), `Value, true);
-
- } else if ( mySdMode == "A") {
- UI::ChangeWidget(`id(`clear), `Value, false);
- UI::ChangeWidget(`id(`audit), `Value, true);
-
- } else if ( mySdMode == "PR" ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- UI::ChangeWidget(`id(`permit), `Value, true);
- UI::ChangeWidget(`id(`reject), `Value, true);
-
- } else if (mySdMode == "PA" ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- UI::ChangeWidget(`id(`permit), `Value, true);
- UI::ChangeWidget(`id(`audit), `Value, true);
-
- } else if (mySdMode == "PRA" ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- UI::ChangeWidget(`id(`permit), `Value, true);
- UI::ChangeWidget(`id(`reject), `Value, true);
- UI::ChangeWidget(`id(`audit), `Value, true);
-
- } else if (mySdMode == "RA" ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- UI::ChangeWidget(`id(`reject), `Value, true);
- UI::ChangeWidget(`id(`audit), `Value, true);
- } else if ( mySdMode == "All" ) {
- UI::ChangeWidget(`id(`clear), `Value, true);
- UI::ChangeWidget(`id(`permit), `Value, false);
- UI::ChangeWidget(`id(`reject), `Value, false);
- UI::ChangeWidget(`id(`audit), `Value, false);
- }
-
- string sdMode = "";
- map event = $[];
- any id = nil;
-
- while( true ) {
-
- event = UI::WaitForEvent();
- id = event["ID"]:nil;
-
- if ( id == `clear) {
-
- if ( UI::QueryWidget(`id(`clear), `Value) == true ) {
- UI::ChangeWidget(`id(`permit), `Value, false);
- UI::ChangeWidget(`id(`reject), `Value, false);
- UI::ChangeWidget(`id(`audit), `Value, false);
- sdMode = "All";
- }
-
- } else if ( id == `permit || id == `reject || id == `audit ) {
-
- if ( UI::QueryWidget(`id(`permit), `Value) == true ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- } else if ( UI::QueryWidget(`id(`reject), `Value) == true ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- } else if ( UI::QueryWidget(`id(`audit), `Value) == true ) {
- UI::ChangeWidget(`id(`clear), `Value, false);
- }
-
- } else if ( id == `cancel ) {
-
- sdMode = mySdMode;
- break;
-
- } else if ( id == `save ) {
-
- if ( UI::QueryWidget(`id(`clear), `Value) == true ) {
- sdMode = "All";
- } else {
- sdMode = "";
- list<string> mList = [];
- if ( UI::QueryWidget(`id(`permit), `Value) == true ) { mList = add(mList, "P"); }
- if ( UI::QueryWidget(`id(`reject), `Value) == true ) { mList = add(mList, "R"); }
- if ( UI::QueryWidget(`id(`audit), `Value) == true ) { mList = add(mList, "A"); }
-
- foreach ( string state, mList, { sdMode = sdMode + state; });
- }
-
- break;
- }
-
- }
-
- UI::CloseDialog();
- return sdMode;
-}
-
-/* For On Demand Reports
- - Returns list of terms corresponding to the type of report
-***********************************************************************/
-define list<term> getReportList(string type, map Settings) {
-
- list<term> reportList = [];
-
- if ( type == "aud" ) {
-
- list <map> db = (list <map>) SCR::Read (.reports_confined, Settings);
- integer key = 1;
-
- foreach ( map repdata, db, {
- reportList = add( reportList, `item( `id(key), repdata["host"]:nil, repdata["date"]:nil,
- repdata["prog"]:nil, repdata["prof"]:nil, repdata["pid"]:nil, repdata["state"]:nil,
- repdata["type"]:nil ));
- key = key + 1;
- });
-
- } else if ( type == "ess" ) {
-
- list <map> db = (list <map>) SCR::Read (.reports_ess, Settings);
- integer key = 1;
-
- foreach ( map repdata, db, {
- reportList = add( reportList, `item( `id(key), repdata["host"]:nil,
- repdata["startdate"]:nil, repdata["enddate"]:nil, repdata["numRejects"]:nil,
- repdata["numEvents"]:nil, repdata["sevMean"]:nil, repdata["sevHi"]:nil ));
- key = key + 1;
- });
-
- } else {
-
- list <map> db = (list <map>) SCR::Read (.logparse, Settings);
- integer key = 0;
-
- foreach ( map record, db, {
- reportList = add( reportList, `item( `id(key),
- record["host"]:nil, record["date"]:nil, record["prog"]:nil,
- record["profile"]:nil, record["pid"]:nil, record["severity"]:nil,
- record["mode_req"]:nil, record["mode_deny"]:nil,
- record["resource"]:nil, record["sdmode"]:nil, record["op"]:nil,
- record["attr"]:nil, record["name_alt"]:nil, record["net_family"]:nil,
- record["net_proto"]:nil, record["net_socktype"]:nil
- ));
- key = key + 1;
- });
-
- }
-
- return reportList;
-}
-
-}
--- a/src/include/subdomain/sd-config.ycp
+++ /dev/null
@@ -1,415 +0,0 @@
-/* ------------------------------------------------------------------
-*
-* Copyright (C) 2002-2005 Novell/SUSE
-*
-* This program is free software; you can redistribute it and/or
-* modify it under the terms of version 2 of the GNU General Public
-* License published by the Free Software Foundation.
-*
- ------------------------------------------------------------------*/
-{
-include "subdomain/config_complain.ycp";
-include "subdomain/helps.ycp";
-include "subdomain/apparmor_ycp_utils.ycp";
-textdomain "yast2-apparmor";
-
-import "Label";
-
-define boolean changeAppArmorState(boolean aaEnabled) {
-
- any error = nil;
- string sdAction = "";
-
- if (aaEnabled == true) {
- sdAction = "subdomain:enable";
- } else {
- sdAction = "subdomain:disable";
- }
-
- error = SCR::Execute(.sdconf, sdAction);
-
- if ( error != nil && is(error, string) ) {
-
- string errorMsg = (string) error;
- string popError = _("This operation generated the following error. Please check your installation and AppArmor profile settings.");
- Popup::Message( popError+ "\n[" + errorMsg + "]");
- aaEnabled = ! aaEnabled;
-
- }
-
- return aaEnabled;
-}
-
-define void displayNotifyForm() {
-
- map settings = (map) SCR::Execute(.subdomain, "sd-notify-settings");
-
- map<string,any> terse = settings["terse"]:$[];
- map<string,any> summary = settings["summary"]:$[];
- map<string,any> verbose = settings["verbose"]:$[];
-
- any t_freq = terse["terse_freq"]:0;
- any s_freq = summary["summary_freq"]:0;
- any v_freq = verbose["verbose_freq"]:0;
-
- boolean t_unknown = true;
- any a_t_poop = (any) terse["terse_unknown"]:"1";
- string t_poop = tostring(a_t_poop);
- if(t_poop == "0") {
- t_unknown = false;
- }
-
- boolean s_unknown = true;
- any a_s_poop = terse["summary_unknown"]:"1";
- string s_poop = tostring(a_s_poop);
- if(s_poop == "0") {
- s_unknown = false;
- }
-
- boolean v_unknown = true;
- any a_v_poop = verbose["verbose_unknown"]:"1";
- string v_poop = tostring(a_v_poop);
- if(v_poop == "0") {
- v_unknown = false;
- }
-
- list terse_items = [
- `item(`id(0), _("Disabled"), t_freq==0?true:false),
- `item(`id(60), _("1 minute"), t_freq==60?true:false),
- `item(`id(300), _("5 minutes"), t_freq==300?true:false),
- `item(`id(600), _("10 minutes"), t_freq==600?true:false),
- `item(`id(900), _("15 minutes"), t_freq==900?true:false),
- `item(`id(1800), _("30 minutes"), t_freq==1800?true:false),
- `item(`id(3600), _("1 hour"), t_freq==3600?true:false),
- `item(`id(86400), _("1 day"), t_freq==86400?true:false),
- `item(`id(604800), _("1 week"), t_freq==604800?true:false)
- ];
-
- list summary_items = [
- `item(`id(0), _("Disabled"), s_freq==0?true:false),
- `item(`id(60), _("1 minute"), s_freq==60?true:false),
- `item(`id(300), _("5 minutes"), s_freq==300?true:false),
- `item(`id(600), _("10 minutes"), s_freq==600?true:false),
- `item(`id(900), _("15 minutes"), s_freq==900?true:false),
- `item(`id(1800), _("30 minutes"), s_freq==1800?true:false),
- `item(`id(3600), _("1 hour"), s_freq==3600?true:false),
- `item(`id(86400), _("1 day"), s_freq==86400?true:false),
- `item(`id(604800), _("1 week"), s_freq==604800?true:false)
- ];
-
- list verbose_items = [
- `item(`id(0), _("Disabled"), v_freq==0?true:false),
- `item(`id(60), _("1 minute"), v_freq==60?true:false),
- `item(`id(300), _("5 minutes"), v_freq==300?true:false),
- `item(`id(600), _("10 minutes"), v_freq==600?true:false),
- `item(`id(900), _("15 minutes"), v_freq==900?true:false),
- `item(`id(1800), _("30 minutes"), v_freq==1800?true:false),
- `item(`id(3600), _("1 hour"), v_freq==3600?true:false),
- `item(`id(86400), _("1 day"), v_freq==86400?true:false),
- `item(`id(604800), _("1 week"), v_freq==604800?true:false)
- ];
-
-
- term event_config = `HVCenter(`VBox(`opt(`vstretch),
- `Frame( _("Security Event Notification"),
- `HBox(`HSpacing(1),
- `VBox(`opt(`vstretch),
- `VSpacing(1),
- `Frame( _("Terse Notification"),
- `VBox(`opt(`vstretch),
- `HBox(
- `ComboBox(`id(`terse_freq), _("Frequency"), terse_items),
- `TextEntry(`id(`terse_email), _("Email Address"), terse["terse_email"]:""),
- `IntField(`id(`terse_level), _("Severity"), 0,10, terse["terse_level"]:0)
- ),
- `HBox(
- `CheckBox( `id(`terse_unknown), _("Include Unknown Severity Events"), t_unknown)
- )
- )
- ),
- `VSpacing(1),
- `Frame( _("Summary Notification"),
- `VBox(`opt(`vstretch),
- `HBox(
- `ComboBox(`id(`summary_freq), _("Frequency"), summary_items),
- `TextEntry(`id(`summary_email), _("Email Address"), summary["summary_email"]:""),
- `IntField(`id(`summary_level), _("Severity"), 0,10, summary["summary_level"]:0)
- ),
- `HBox(
- `CheckBox( `id(`summary_unknown), _("Include Unknown Severity Events"), s_unknown)
- )
- )
- ),
- `VSpacing(1),
- `Frame( _("Verbose Notification"),
- `VBox(`opt(`vstretch),
- `HBox(
- `ComboBox(`id(`verbose_freq), _("Frequency"), verbose_items),
- `TextEntry(`id(`verbose_email), _("Email Address"), verbose["verbose_email"]:""),
- `IntField(`id(`verbose_level), _("Severity"), 0,10, verbose["verbose_level"]:0)
- ),
- `HBox(
- `CheckBox( `id(`verbose_unknown), _("Include Unknown Severity Events"), v_unknown)
- )
- )
- ),
- `VSpacing(1)
- ),
- `HSpacing(1)
- )
- )
- )
- );
-
- Wizard::CreateDialog();
- Wizard::SetContentsButtons(_("Security Event Notification"), event_config, helps["EventNotifyHelpText"]:"", Label::BackButton(), Label::OKButton());
- Wizard::DisableBackButton();
-
- any ntInput = nil;
- string notifyLabelValue = "";
-
- while( true ) {
- ntInput = UI::UserInput();
-
- if (ntInput == `next) {
-
- map<string,map> answers = $[ ];
- map<string,string> set_notify = $[ ];
- map<string,string> summary = $[ ];
- map<string,string> verbose = $[ ];
- map<string,string> terse = $[ ];
-
- t_freq = UI::QueryWidget(`id(`terse_freq), `Value);
- s_freq = UI::QueryWidget(`id(`summary_freq), `Value);
- v_freq = UI::QueryWidget(`id(`verbose_freq), `Value);
-
- set_notify["sd-set-notify"] = "yes";
- terse["terse_freq"] = tostring(t_freq);
- summary["summary_freq"] = tostring(s_freq);
- verbose["verbose_freq"] = tostring(v_freq);
-
- if (t_freq != 0) {
-
- string t_email = (string) UI::QueryWidget(`id(`terse_email), `Value);
-
- if ( t_email == nil || t_email == "" ) {
- Popup::Error( _("An email address is required for each selected notification method.") );
- continue;
- } else if ( ! checkEmailAddress( t_email ) ) {
- continue;
- }
-
- terse["enable_terse"] = "yes";
- terse["terse_email"] = (string) UI::QueryWidget(`id(`terse_email), `Value);
- terse["terse_level"] = (string) tostring(UI::QueryWidget(`id(`terse_level), `Value));
-
- boolean t_unknown = (boolean) UI::QueryWidget(`id(`terse_unknown), `Value);
-
- if (t_unknown == true) {
- terse["terse_unknown"] = "1";
- } else {
- terse["terse_unknown"] = "0";
- }
-
- } else {
- terse["enable_terse"] = "no";
- }
-
- if (s_freq != 0) {
-
- string s_email = (string) UI::QueryWidget(`id(`summary_email), `Value);
- if ( s_email == nil || s_email == "" ) {
- Popup::Error( _("An email address is required for each selected notification method.") );
- continue;
- } else if ( ! checkEmailAddress(s_email) ) {
- continue;
- }
-
- summary["enable_summary"] = "yes";
- summary["summary_email"] = (string) UI::QueryWidget(`id(`summary_email), `Value);
- summary["summary_level"] = (string) tostring(UI::QueryWidget(`id(`summary_level), `Value));
-
- boolean s_unknown = (boolean) UI::QueryWidget(`id(`summary_unknown), `Value);
-
- if (s_unknown == true) {
- summary["summary_unknown"] = "1";
- } else {
- summary["summary_unknown"] = "0";
- }
-
- } else {
- summary["enable_summary"] = "no";
- }
-
- if (v_freq != 0) {
- string v_email = (string) UI::QueryWidget(`id(`verbose_email), `Value);
- if ( v_email == nil || v_email == "" ) {
- Popup::Error( _("An email address is required for each selected notification method.") );
- continue;
- } else if (! checkEmailAddress(v_email) ) {
- continue;
- }
-
- verbose["enable_verbose"] = "yes";
- verbose["verbose_email"] = (string) UI::QueryWidget(`id(`verbose_email), `Value);
- verbose["verbose_level"] = (string) tostring(UI::QueryWidget(`id(`verbose_level), `Value));
-
- boolean v_unknown = (boolean) UI::QueryWidget(`id(`verbose_unknown), `Value);
-
- if (v_unknown == true) {
- verbose["verbose_unknown"] = "1";
- } else {
- verbose["verbose_unknown"] = "0";
- }
- } else {
- verbose["enable_verbose"] = "no";
- }
-
- answers["set_notify"] = set_notify;
- answers["terse"] = terse;
- answers["summary"] = summary;
- answers["verbose"] = verbose;
-
- string result = (string) SCR::Execute(.sdconf, answers);
-
- if (result != "success") {
- Popup::Error( _("Configuration failed for the following operations: ") + result);
- }
-
- if ( t_freq != 0 || s_freq != 0 || v_freq != 0 ) {
- notifyLabelValue = _("Notification is enabled");
- } else {
- notifyLabelValue = _("Notification is disabled");
- }
- }
-
- Wizard::CloseDialog();
- if ( (ntInput == `ok) || (ntInput == `next) ) {
- UI::ChangeWidget( `id(`notifyLabel), `Value, notifyLabelValue );
- }
- break;
- }
-
-}
-
-define symbol displayAppArmorConfig () {
-
- // AppArmor Status
- boolean aaEnabled = false;
- boolean ntIsEnabled = false;
- string subdomain = (string) SCR::Execute(.subdomain, "sd-status");
- string sdEnStr = _("AppArmor is disabled");
-
- if (subdomain == "enabled") {
- aaEnabled = true;
- sdEnStr = _("AppArmor is enabled");
- }
-
- // Notification Status
- string evnotify = (string) SCR::Execute(.subdomain, "sd-notify");
- string evEnStr = _("Notification is disabled");
- if (evnotify == "enabled") {
- ntIsEnabled = true;
- evEnStr = _("Notification is enabled");
- } else if (evnotify == "notinstalled") {
- evnotify = "disabled";
- }
-
- /* Network dialog caption */
- string caption = _("AppArmor Configuration");
- string help = _("<p><b>AppArmor Status</b><br>This reports whether the AppArmor policy enforcement
-module is loaded and functioning.</p>") +
-
-_("<p><b>Security Event Notification</b><br>Configure this tool if you want
-to be notified by email when access violations have occurred.</p>") +
-
-_("<p><b>Profile Modes</b><br>Use this tool to change the way that AppArmor
-uses individual profiles.</p>");
-
- term contents =
- `HVCenter(
- `VBox(
- `VSpacing(1), `HSpacing(2),
- `HBox (
- `HSpacing( `opt(`hstretch), 2 ),
- `VBox(
- `Left(`CheckBox( `id(`aaState), `opt(`notify), _("&Enable AppArmor"), aaEnabled)),
- `VSpacing(1),
-
- `Frame( `id(`aaEnableFrame), _("Configure AppArmor"),
- `HBox (
- `HSpacing( `opt(`hstretch), 4 ),
- `VBox(
- `VSpacing(1),
- `Frame ( _("Security Event Notification"),
- `HBox(
- `VSpacing(1), `HSpacing(1),
- `HVCenter( `Label( `id(`notifyLabel), evEnStr )),
- `PushButton( `id(`ntconf), _("C&onfigure")),
- `VSpacing(1), `HSpacing(1)
- )
- ),
- `VSpacing(1), `HSpacing(20),
-
- `Frame ( _("Configure Profile Modes"),
- `HBox(
- `VSpacing(1), `HSpacing(1),
- `Left(`HVCenter( `Label( `id(`modesLabel), " " + _("Set profile modes") ))),
- `PushButton( `id(`modeconf), _("Co&nfigure") ),
- `VSpacing(1), `HSpacing(1)
- )
- ),
- `VSpacing(1)
- ),
- `HSpacing( `opt(`hstretch), 4 )
- ))),
- `HSpacing( `opt(`hstretch), 2 )
- ))
- );
-
- // May want to replace Wizard() with UI()
- Wizard::CreateDialog();
- Wizard::SetTitleIcon("apparmor/control_panel");
- Wizard::SetContentsButtons(caption, contents, help, Label::BackButton(), _("&Done"));
- Wizard::DisableBackButton();
-
- UI::ChangeWidget(`id(`aaEnableFrame), `Enabled, aaEnabled);
-
- while( true ) {
-
- symbol ret = (symbol) UI::UserInput();
-
- if ( ret == `abort || ret == `cancel || ret == `next) {
- break;
- } else if (ret == `aaState ) {
-
- // Set AppArmor state: enabled|disabled
- boolean requestedAaState = (boolean) UI::QueryWidget(`id(`aaState), `Value);
-
- aaEnabled = changeAppArmorState(requestedAaState);
-
- // These will match if the update was successful
- if ( aaEnabled == requestedAaState ) {
- UI::ChangeWidget(`id(`aaEnableFrame), `Enabled, aaEnabled);
- }
-
- } else if (ret == `ntconf ) {
- displayNotifyForm();
-
- } else if (ret == `modeconf ) {
-
- profileModeConfigForm();
-
- //displayAppArmorConfig();
-
- } else {
- y2error("Unexpected return code: " + tostring(ret));
- }
- }
-
- UI::CloseDialog();
- return nil;
-}
-
-/* EOF */
-}
--- /dev/null
+++ b/src/scrconf/aaconf.scr
@@ -0,0 +1,20 @@
+/**
+ * File:
+ * subdomain.scr
+ * Summary:
+ * SCR Agent for configuring subdomain
+ * Access:
+ * read/write
+ * Authors:
+ * David Drewelow <davidd@immunix.com>
+ * See:
+ * libscr
+ * Example:
+ * Read(.cron,$[..])
+ *
+ * $Id: sdconf.scr 3715 2005-01-19 09:06:05Z sarnold $
+ *
+ */
+.sdconf
+
+`ag_sd_config ()
--- /dev/null
+++ b/src/scrconf/apparmor.scr
@@ -0,0 +1,20 @@
+/**
+ * File:
+ * subdomain.scr
+ * Summary:
+ * SCR Agent for configuring subdomain
+ * Access:
+ * read/write
+ * Authors:
+ * David Drewelow <davidd@immunix.com>
+ * See:
+ * libscr
+ * Example:
+ * Read(.cron,$[..])
+ *
+ * $Id: subdomain.scr 3715 2005-01-19 09:06:05Z sarnold $
+ *
+ */
+.subdomain
+
+`ag_subdomain ()
--- /dev/null
+++ b/src/scrconf/apparmor_profiles.scr
@@ -0,0 +1,53 @@
+/**
+ * File:
+ * target.scr
+ * Summary:
+ * SCR Agent for interfacing with (shell) commands of the target system
+ * and reading/writing files.
+ * Access:
+ * read/write/execute
+ * Authors:
+ * Unknown <yast2-hacker@suse.de>
+ * See:
+ * libscr
+ * man bash
+ * source/y2a_system/doc/systemagent.txt
+ * Example:
+ * Execute (.target.bash, "uname -a")
+ * (0)
+ **
+ * Execute (.target.bash_output, "uname -a")
+ * (
+ * $[
+ * "exit":0,
+ * "stderr":"",
+ * "stdout":"Linux steiner 2.2.18 #1 Fri Jan 19 22:10:35 GMT 2001 i686 unknown\n"
+ * ]
+ * )
+ **
+ * Read(.target.dir, "/")
+ * (["usr", "tmp", "floppy", "var", "root", "opt", "home", "etc", ...])
+ **
+ * Write(.target.string, "/tmp/target.1", "Some Test\n")
+ * (true)
+ **
+ * Read(.target.string, "/tmp/target.1")
+ * ("Some Test\n")
+ *
+ * $Id: subdomain_profiles.scr 3715 2005-01-19 09:06:05Z sarnold $
+ *
+ * <p>The target-agent is used for various actions on the target system.</p>
+ *
+ * <p>The Execute Interface can be used to execute some predefined commands
+ * like mount, umount, mkdir, remove, modprobe ... or arbitrary commands
+ * using the bash, bash_output or bash_background.</p>
+ *
+ * <p>The Read and Write interface can be used to access the target
+ * filesystem, most prominent reading or writing whole files using the
+ * "string" subpath.</p>
+ *
+ * <p>For more information see the agent's own documentation.</p>
+ */
+.subdomain_profiles
+
+`ag_subdomain_profiles ()
--- a/src/scrconf/sdconf.scr
+++ /dev/null
@@ -1,20 +0,0 @@
-/**
- * File:
- * subdomain.scr
- * Summary:
- * SCR Agent for configuring subdomain
- * Access:
- * read/write
- * Authors:
- * David Drewelow <davidd@immunix.com>
- * See:
- * libscr
- * Example:
- * Read(.cron,$[..])
- *
- * $Id: sdconf.scr 3715 2005-01-19 09:06:05Z sarnold $
- *
- */
-.sdconf
-
-`ag_sd_config ()
--- a/src/scrconf/subdomain.scr
+++ /dev/null
@@ -1,20 +0,0 @@
-/**
- * File:
- * subdomain.scr
- * Summary:
- * SCR Agent for configuring subdomain
- * Access:
- * read/write
- * Authors:
- * David Drewelow <davidd@immunix.com>
- * See:
- * libscr
- * Example:
- * Read(.cron,$[..])
- *
- * $Id: subdomain.scr 3715 2005-01-19 09:06:05Z sarnold $
- *
- */
-.subdomain
-
-`ag_subdomain ()
--- a/src/scrconf/subdomain_profiles.scr
+++ /dev/null
@@ -1,53 +0,0 @@
-/**
- * File:
- * target.scr
- * Summary:
- * SCR Agent for interfacing with (shell) commands of the target system
- * and reading/writing files.
- * Access:
- * read/write/execute
- * Authors:
- * Unknown <yast2-hacker@suse.de>
- * See:
- * libscr
- * man bash
- * source/y2a_system/doc/systemagent.txt
- * Example:
- * Execute (.target.bash, "uname -a")
- * (0)
- **
- * Execute (.target.bash_output, "uname -a")
- * (
- * $[
- * "exit":0,
- * "stderr":"",
- * "stdout":"Linux steiner 2.2.18 #1 Fri Jan 19 22:10:35 GMT 2001 i686 unknown\n"
- * ]
- * )
- **
- * Read(.target.dir, "/")
- * (["usr", "tmp", "floppy", "var", "root", "opt", "home", "etc", ...])
- **
- * Write(.target.string, "/tmp/target.1", "Some Test\n")
- * (true)
- **
- * Read(.target.string, "/tmp/target.1")
- * ("Some Test\n")
- *
- * $Id: subdomain_profiles.scr 3715 2005-01-19 09:06:05Z sarnold $
- *
- * <p>The target-agent is used for various actions on the target system.</p>
- *
- * <p>The Execute Interface can be used to execute some predefined commands
- * like mount, umount, mkdir, remove, modprobe ... or arbitrary commands
- * using the bash, bash_output or bash_background.</p>
- *
- * <p>The Read and Write interface can be used to access the target
- * filesystem, most prominent reading or writing whole files using the
- * "string" subpath.</p>
- *
- * <p>For more information see the agent's own documentation.</p>
- */
-.subdomain_profiles
-
-`ag_subdomain_profiles ()
View Git Blame Copy Permalink