[yast-commit] r51977 - in /trunk/audit-laf/src: AuditLaf.ycp complex.ycp helps.ycp wizards.ycp

8 Oct 2008

Author: gs
Date: Wed Oct  8 13:10:10 2008
New Revision: 51977

URL: http://svn.opensuse.org/viewcvs/yast?rev=51977&view=rev
Log:
add additional checks (rules locked), 
reset rules if configuration is aborted,
add comments

Modified:
    trunk/audit-laf/src/AuditLaf.ycp
    trunk/audit-laf/src/complex.ycp
    trunk/audit-laf/src/helps.ycp
    trunk/audit-laf/src/wizards.ycp

Modified: trunk/audit-laf/src/AuditLaf.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/audit-laf/src/AuditLaf.ycp?rev=51977&r1=51976&r2=51977&view=diff
==============================================================================

--- trunk/audit-laf/src/AuditLaf.ycp (original)
+++ trunk/audit-laf/src/AuditLaf.ycp Wed Oct  8 13:10:10 2008
@@ -74,8 +74,17 @@
  */
 boolean write_only = false;
 
+/*
+ * Option "Lock rules" is set (-e 2)
+ */ 
 boolean rules_locked = false;
 
+/*
+ * The rules have been checked
+ */
+boolean rules_checked = false;
+
+
 global void SetRulesLocked( boolean value ) {
     rules_locked = value;
 }
@@ -84,6 +93,14 @@
     return rules_locked;
 }
 
+global void SetRulesChanged( boolean value ) {
+    rules_checked = value;
+}
+
+global boolean RulesChanged() {
+    return rules_checked;
+}
+
 /**
  * Return rules file path
  */ 
@@ -227,11 +244,17 @@
 
 /**
  * Rules for the subsystem audit (passed via auditctl)
- * are read from /etc/audit/audit.rules
+ * (initially read from /etc/audit/audit.rules and edited in
+ * rules editor)
  */ 
 string RULES = "";
 
 /**
+ * Save rules from /etc/audit/audit.rules to be able to restore it
+ */
+string INITIAL_RULES = "";
+
+/**
  * Get value of given option from SEETINGS
  */
 global string GetAuditdOption( string key) {
@@ -263,12 +286,16 @@
 }
 
 /**
- * Get all rules
+ * Get the current rules
  */
 global string GetRules() {
     return RULES;
 }
 
+global string GetInitialRules() {
+    return INITIAL_RULES;
+}
+    
 /*
  * Set rules
  */ 
@@ -292,6 +319,8 @@
   if ( rules != nil && rules != "" )
   {
       RULES = rules;
+      // additionally save initial settings
+      INITIAL_RULES = rules;
       return true;
   }
   else
@@ -503,7 +532,7 @@
 	""
     );
 
-    // check status of audit rules first
+    // check first whether rules are already locked
     boolean locked = RulesAlreadyLocked();
 
     y2milestone ( "Rules already locked: %1", locked?"true":"false" );

Modified: trunk/audit-laf/src/complex.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/audit-laf/src/complex.ycp?rev=51977&r1=51976&r2=51977&view=diff
==============================================================================
--- trunk/audit-laf/src/complex.ycp (original)
+++ trunk/audit-laf/src/complex.ycp Wed Oct  8 13:10:10 2008
@@ -52,14 +52,21 @@
     return !AuditLaf::Modified() || Popup::ReallyAbort(true);
 }
 
+boolean ReallyExit () {
+    // yes-no popup
+    return Popup::YesNo (_("Really exit?
+All changes will be lost."));
+}
+
+
 /**
  * Read settings dialog
  * @return `abort if aborted and `next otherwise
  */
 symbol ReadDialog() {
     Wizard::RestoreHelp(HELPS["read"]:"");
-
     if (!Confirm::MustBeRoot()) return `abort;
+
     boolean ret = AuditLaf::Read();
     return ret ? `next : `abort;
 }
@@ -75,6 +82,9 @@
     return ret ? `next : `abort;
 }
 
+/*
+ * Init log file dialog (set values to values read with AuditLad::Read())
+ */
 void InitLogfileSettingsDialog (string id) {
 
     UI::ChangeWidget( `id("max_log_file"), `ValidChars, "0123456789" );
@@ -98,10 +108,12 @@
 		 UI::ChangeWidget(`id(key), `Value, toupper(AuditLaf::GetAuditdOption(key)) );
     });
     
-    
     y2milestone( "Init log file settings");
 }
 
+/*
+ * Handle actions of log file dialog (button 'Select file')
+ */
 symbol HandleLogfileSettingsDialog(string id, map event) {
     any action = event["ID"]:nil; 
 
@@ -115,12 +127,9 @@
     return nil;
 }
 
-boolean ReallyExit () {
-    // yes-no popup
-    return Popup::YesNo (_("Really exit?
-All changes will be lost."));
-}
-
+/*
+ * Store all settings made in log file dialog
+ */
 void StoreLogfileSettingsDialog (string id, map event) {
 
     AuditLaf::SetModified( true );
@@ -143,6 +152,10 @@
     y2milestone( "Store log file settings" );
 
 }
+
+/*
+ * Init dispatcher dialog (set values to values read with AuditLad::Read())
+ */
 void InitDispatcherDialog (string id) {
 
     // Set all values to values read from /etc/audit/auditd.conf
@@ -154,6 +167,9 @@
     y2milestone( "Init dispatcher dialog" );
 }
 
+/*
+ * Handle actions of dispatcher dialog (button 'Select file')
+ */
 symbol HandleDispatcherDialog(string id, map event) {
     any action = event["ID"]:nil; 
 
@@ -167,6 +183,9 @@
     return nil;
 }
 
+/*
+ * Store all settings made in dispatcher dialog
+ */
 void StoreDispatcherDialog (string id, map event) {
 
     AuditLaf::SetModified( true );
@@ -180,7 +199,9 @@
     y2milestone( "Store dispatcher dialog" );
 }
 
-
+/*
+ * Init disk space dialog (set values to values read with AuditLad::Read())
+ */
 void InitDiskspaceSettingsDialog (string id) {
     UI::ChangeWidget( `id("space_left"), `ValidChars, "0123456789" );
     UI::ChangeWidget( `id("admin_space_left"), `ValidChars, "0123456789" );
@@ -204,6 +225,9 @@
     y2milestone( "Init disk space settings" );
 }
 
+/*
+ * Store all settings made in disk space dialog
+ */
 void StoreDiskspaceSettingsDialog (string id, map event) {
     AuditLaf::SetModified( true );
 
@@ -220,9 +244,17 @@
     y2milestone( "Store disk space settings" );
 }
 
+/*
+ * Init rules dialog
+ */
 void InitRulesDialog( string id )   {
-    string rules =  AuditLaf::GetRules();
+    string rules = "";
     string combo_box_id = "disabled";
+
+    if ( id == "restore" || id == "reset" )
+	rules = AuditLaf::GetInitialRules();
+    else
+	rules = AuditLaf::GetRules();
     
     UI::ChangeWidget( `id( "rules"), `Value, rules );
     list <string> rules_list = splitstring( rules, "\n" );
@@ -246,16 +278,54 @@
     y2milestone ( "Init rules dialog" );
 }
 
+/*
+ * Reset rules - called if button 'Restore and Reset' is pressed or if the user
+ * aborts configuration after doing 'Check Syntax' (which changes the rules).
+ */
+void ResetRules() {
+    
+	if ( AuditLaf::RulesAlreadyLocked() )
+	{
+	    // FIXME - does it make sense to call SCR::Execute( .target.bash, "auditctl -D" ) ???
+
+	    // Warning - the audit configuration is locked, reset impossible
+	    Report::Warning( _("The rules are already locked, a reset is impossible.\n
+If you want to unlock, set the enabled flag accordingly and
+finish the configuration. Afterwards a reboot is required.") ); 
+	}
+	else
+	{
+	    integer exit_code = (integer)SCR::Execute( .target.bash, "auditctl -D" );
+
+	    if ( exit_code == 0 )
+		exit_code = (integer)SCR::Execute( .target.bash, "auditctl -R /etc/audit/audit.rules" );
+
+	    if ( exit_code == 0 )
+	    {
+		// Report success
+		Popup::Message( _("Rules successfully restored" ) );
+		AuditLaf::SetRulesChanged( false );
+	    }
+	    else
+		// Report error - error during reset
+		Report::Error( _("Cannot reset rules. Please check /etc/audit/audit.rules." ) );
+	}
+}
+
+/*
+ * Handle actions of rules dialog
+ */
 symbol HandleRulesDialog(string id, map event) {
     any action = event["ID"]:nil; 
  
     if ( action == "audit_enabled" )
     {
-	string value = (string)UI::QueryWidget( `id("audit_enabled"), `Value );
 	string rule = "";
-	string rules = AuditLaf::GetRules();
 	list <string> rules_list = [];
 	
+	string value = (string)UI::QueryWidget( `id("audit_enabled"), `Value );
+	string rules =  (string)UI::QueryWidget( `id("rules"), `Value );
+	
 	y2milestone( "Setting status to: %1", value );
 
 	switch ( value )
@@ -308,22 +378,7 @@
     {
 	InitRulesDialog( "reset" );
 
-	if ( AuditLaf::RulesAlreadyLocked() )
-	{
-	    SCR::Execute( .target.bash, "auditctl -D" );
-	}
-	else
-	{
-	    integer exit_code = (integer)SCR::Execute( .target.bash, "auditctl -D" );
-
-	    if ( exit_code == 0 )
-		exit_code = (integer)SCR::Execute( .target.bash, "auditctl -R /etc/audit/audit.rules" );
-
-	    if ( exit_code == 0 )
-		Popup::Message( _("Rules successfully restored" ) );
-	    else
-		Report::Error( _("Cannot reset rules, please test again" ) );
-	}
+	ResetRules();
     }
     else if ( action == "test" )
     {
@@ -361,6 +416,8 @@
 	    if ( success )
 	    {
 		map output = (map)SCR::Execute(.target.bash_output, sformat( "auditctl -R %1", tmpfile ) );
+		AuditLaf::SetRulesChanged( true );
+		
 		if ( output["exit"]:0 != 0 )
 		{
 		    Report::Error( output["stderr"]:"" );
@@ -388,6 +445,9 @@
     return nil;
 }
 
+/*
+ * Store the rules edited in rules dialog
+ */
 void StoreRulesDialog( string id, map event) {
 
     AuditLaf::SetModified( true );
@@ -400,6 +460,20 @@
     y2milestone( "Store rules dialog" );
 }
 
+
+
+/*
+ * Called if 'Abort' button is pressed in main dialog.
+ * If the rules are changed by a syntax check the changes will be reseted.
+ */
+symbol Reset() {
+
+    if ( AuditLaf::RulesChanged() )
+    {
+	ResetRules();
+    }
+}
+
 symbol CheckSettings() {
     symbol ret = `next;
     AuditLaf::SetRulesLocked( false );

Modified: trunk/audit-laf/src/helps.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/audit-laf/src/helps.ycp?rev=51977&r1=51976&r2=51977&view=diff
==============================================================================
--- trunk/audit-laf/src/helps.ycp (original)
+++ trunk/audit-laf/src/helps.ycp Wed Oct  8 13:10:10 2008
@@ -124,9 +124,11 @@
     _("<p>This module also allows you to edit the rules manually. <br>
 Detailed information about all options gives 'man auditctl'.</p>") +
     /* rules dialog help 5/6 */
-    _("<p><b>Check Syntax</b> sends the rules via <i>auditctl</i> to the audit subsystem and tells whether the syntax is correct.</p>") +
+    _("<p><b>Check Syntax</b> sends the rules via <i>auditctl</i> to the audit subsystem and tells whether the syntax is correct.<br>
+<b>Restore</b> restores the settings from /etc/audit/audit.rules.</p>") +
      /* rules dialog help 6/6 */ 
-    _("<p>Use the <b>Restore and Reset</b> button to restore the rules and reset the changes (from previous syntax checks) by calling <i>auditctl</i> with it.<br>
+    _("<p>Use the <b>Restore and Reset</b> button to restore the rules and reset
+the changes (from previous syntax checks) by calling <i>auditctl</i> with it.<br>
 The <b>Load</b> button opens a file selection dialog and you are able to load
 an example rules file.</p>")
 

Modified: trunk/audit-laf/src/wizards.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/audit-laf/src/wizards.ycp?rev=51977&r1=51976&r2=51977&view=diff
==============================================================================
--- trunk/audit-laf/src/wizards.ycp (original)
+++ trunk/audit-laf/src/wizards.ycp Wed Oct  8 13:10:10 2008
@@ -99,7 +99,7 @@
 	],
 	"audit_rules" : $[
 	    // Header of tab in tab widget
-            // (auditctl is a program which sends the rules to the audit subsystem)		  
+            // (auditctl is a program which sends the rules to the audit subsystem)
 	    "header" : _("&Rules for 'auditctl'"),
 	    "widget_names" : ["rules"],
 	    "contents" : RulesDialogContent(),
@@ -153,6 +153,7 @@
 	"read"	: [ ``( ReadDialog() ), true ],
 	"main"	:   ``( MainSequence() ),
 	"check" :   ``( CheckSettings() ),
+	"reset" :   ``( Reset() ),
 	"write"	: [ ``( WriteDialog() ), true ]
     ];
 
@@ -163,7 +164,7 @@
 	    `next	: "main"
 	],
 	"main" : $[
-	    `abort	: `abort,
+	    `abort	: "reset",
 	    `next	: "check"
 	],
 	"check" : $[

-- 
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org

    

[yast-commit] r51977 - in /trunk/audit-laf/src: AuditLaf.ycp complex.ycp helps.ycp wizards.ycp

gs＠svn.opensuse.org