Author: gs Date: Wed Oct 8 13:10:10 2008 New Revision: 51977 URL: http://svn.opensuse.org/viewcvs/yast?rev=51977&view=rev Log: add additional checks (rules locked), reset rules if configuration is aborted, add comments Modified: trunk/audit-laf/src/AuditLaf.ycp trunk/audit-laf/src/complex.ycp trunk/audit-laf/src/helps.ycp trunk/audit-laf/src/wizards.ycp Modified: trunk/audit-laf/src/AuditLaf.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/audit-laf/src/AuditLaf.ycp?rev=51977&r1=51976&r2=51977&view=diff ============================================================================== --- trunk/audit-laf/src/AuditLaf.ycp (original) +++ trunk/audit-laf/src/AuditLaf.ycp Wed Oct 8 13:10:10 2008 @@ -74,8 +74,17 @@ */ boolean write_only = false; +/* + * Option "Lock rules" is set (-e 2) + */ boolean rules_locked = false; +/* + * The rules have been checked + */ +boolean rules_checked = false; + + global void SetRulesLocked( boolean value ) { rules_locked = value; } @@ -84,6 +93,14 @@ return rules_locked; } +global void SetRulesChanged( boolean value ) { + rules_checked = value; +} + +global boolean RulesChanged() { + return rules_checked; +} + /** * Return rules file path */ @@ -227,11 +244,17 @@ /** * Rules for the subsystem audit (passed via auditctl) - * are read from /etc/audit/audit.rules + * (initially read from /etc/audit/audit.rules and edited in + * rules editor) */ string RULES = ""; /** + * Save rules from /etc/audit/audit.rules to be able to restore it + */ +string INITIAL_RULES = ""; + +/** * Get value of given option from SEETINGS */ global string GetAuditdOption( string key) { @@ -263,12 +286,16 @@ } /** - * Get all rules + * Get the current rules */ global string GetRules() { return RULES; } +global string GetInitialRules() { + return INITIAL_RULES; +} + /* * Set rules */ @@ -292,6 +319,8 @@ if ( rules != nil && rules != "" ) { RULES = rules; + // additionally save initial settings + INITIAL_RULES = rules; return true; } else @@ -503,7 +532,7 @@ "" ); - // check status of audit rules first + // check first whether rules are already locked boolean locked = RulesAlreadyLocked(); y2milestone ( "Rules already locked: %1", locked?"true":"false" ); Modified: trunk/audit-laf/src/complex.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/audit-laf/src/complex.ycp?rev=51977&r1=51976&r2=51977&view=diff ============================================================================== --- trunk/audit-laf/src/complex.ycp (original) +++ trunk/audit-laf/src/complex.ycp Wed Oct 8 13:10:10 2008 @@ -52,14 +52,21 @@ return !AuditLaf::Modified() || Popup::ReallyAbort(true); } +boolean ReallyExit () { + // yes-no popup + return Popup::YesNo (_("Really exit? +All changes will be lost.")); +} + + /** * Read settings dialog * @return `abort if aborted and `next otherwise */ symbol ReadDialog() { Wizard::RestoreHelp(HELPS["read"]:""); - if (!Confirm::MustBeRoot()) return `abort; + boolean ret = AuditLaf::Read(); return ret ? `next : `abort; } @@ -75,6 +82,9 @@ return ret ? `next : `abort; } +/* + * Init log file dialog (set values to values read with AuditLad::Read()) + */ void InitLogfileSettingsDialog (string id) { UI::ChangeWidget( `id("max_log_file"), `ValidChars, "0123456789" ); @@ -98,10 +108,12 @@ UI::ChangeWidget(`id(key), `Value, toupper(AuditLaf::GetAuditdOption(key)) ); }); - y2milestone( "Init log file settings"); } +/* + * Handle actions of log file dialog (button 'Select file') + */ symbol HandleLogfileSettingsDialog(string id, map event) { any action = event["ID"]:nil; @@ -115,12 +127,9 @@ return nil; } -boolean ReallyExit () { - // yes-no popup - return Popup::YesNo (_("Really exit? -All changes will be lost.")); -} - +/* + * Store all settings made in log file dialog + */ void StoreLogfileSettingsDialog (string id, map event) { AuditLaf::SetModified( true ); @@ -143,6 +152,10 @@ y2milestone( "Store log file settings" ); } + +/* + * Init dispatcher dialog (set values to values read with AuditLad::Read()) + */ void InitDispatcherDialog (string id) { // Set all values to values read from /etc/audit/auditd.conf @@ -154,6 +167,9 @@ y2milestone( "Init dispatcher dialog" ); } +/* + * Handle actions of dispatcher dialog (button 'Select file') + */ symbol HandleDispatcherDialog(string id, map event) { any action = event["ID"]:nil; @@ -167,6 +183,9 @@ return nil; } +/* + * Store all settings made in dispatcher dialog + */ void StoreDispatcherDialog (string id, map event) { AuditLaf::SetModified( true ); @@ -180,7 +199,9 @@ y2milestone( "Store dispatcher dialog" ); } - +/* + * Init disk space dialog (set values to values read with AuditLad::Read()) + */ void InitDiskspaceSettingsDialog (string id) { UI::ChangeWidget( `id("space_left"), `ValidChars, "0123456789" ); UI::ChangeWidget( `id("admin_space_left"), `ValidChars, "0123456789" ); @@ -204,6 +225,9 @@ y2milestone( "Init disk space settings" ); } +/* + * Store all settings made in disk space dialog + */ void StoreDiskspaceSettingsDialog (string id, map event) { AuditLaf::SetModified( true ); @@ -220,9 +244,17 @@ y2milestone( "Store disk space settings" ); } +/* + * Init rules dialog + */ void InitRulesDialog( string id ) { - string rules = AuditLaf::GetRules(); + string rules = ""; string combo_box_id = "disabled"; + + if ( id == "restore" || id == "reset" ) + rules = AuditLaf::GetInitialRules(); + else + rules = AuditLaf::GetRules(); UI::ChangeWidget( `id( "rules"), `Value, rules ); list <string> rules_list = splitstring( rules, "\n" ); @@ -246,16 +278,54 @@ y2milestone ( "Init rules dialog" ); } +/* + * Reset rules - called if button 'Restore and Reset' is pressed or if the user + * aborts configuration after doing 'Check Syntax' (which changes the rules). + */ +void ResetRules() { + + if ( AuditLaf::RulesAlreadyLocked() ) + { + // FIXME - does it make sense to call SCR::Execute( .target.bash, "auditctl -D" ) ??? + + // Warning - the audit configuration is locked, reset impossible + Report::Warning( _("The rules are already locked, a reset is impossible.\n +If you want to unlock, set the enabled flag accordingly and +finish the configuration. Afterwards a reboot is required.") ); + } + else + { + integer exit_code = (integer)SCR::Execute( .target.bash, "auditctl -D" ); + + if ( exit_code == 0 ) + exit_code = (integer)SCR::Execute( .target.bash, "auditctl -R /etc/audit/audit.rules" ); + + if ( exit_code == 0 ) + { + // Report success + Popup::Message( _("Rules successfully restored" ) ); + AuditLaf::SetRulesChanged( false ); + } + else + // Report error - error during reset + Report::Error( _("Cannot reset rules. Please check /etc/audit/audit.rules." ) ); + } +} + +/* + * Handle actions of rules dialog + */ symbol HandleRulesDialog(string id, map event) { any action = event["ID"]:nil; if ( action == "audit_enabled" ) { - string value = (string)UI::QueryWidget( `id("audit_enabled"), `Value ); string rule = ""; - string rules = AuditLaf::GetRules(); list <string> rules_list = []; + string value = (string)UI::QueryWidget( `id("audit_enabled"), `Value ); + string rules = (string)UI::QueryWidget( `id("rules"), `Value ); + y2milestone( "Setting status to: %1", value ); switch ( value ) @@ -308,22 +378,7 @@ { InitRulesDialog( "reset" ); - if ( AuditLaf::RulesAlreadyLocked() ) - { - SCR::Execute( .target.bash, "auditctl -D" ); - } - else - { - integer exit_code = (integer)SCR::Execute( .target.bash, "auditctl -D" ); - - if ( exit_code == 0 ) - exit_code = (integer)SCR::Execute( .target.bash, "auditctl -R /etc/audit/audit.rules" ); - - if ( exit_code == 0 ) - Popup::Message( _("Rules successfully restored" ) ); - else - Report::Error( _("Cannot reset rules, please test again" ) ); - } + ResetRules(); } else if ( action == "test" ) { @@ -361,6 +416,8 @@ if ( success ) { map output = (map)SCR::Execute(.target.bash_output, sformat( "auditctl -R %1", tmpfile ) ); + AuditLaf::SetRulesChanged( true ); + if ( output["exit"]:0 != 0 ) { Report::Error( output["stderr"]:"" ); @@ -388,6 +445,9 @@ return nil; } +/* + * Store the rules edited in rules dialog + */ void StoreRulesDialog( string id, map event) { AuditLaf::SetModified( true ); @@ -400,6 +460,20 @@ y2milestone( "Store rules dialog" ); } + + +/* + * Called if 'Abort' button is pressed in main dialog. + * If the rules are changed by a syntax check the changes will be reseted. + */ +symbol Reset() { + + if ( AuditLaf::RulesChanged() ) + { + ResetRules(); + } +} + symbol CheckSettings() { symbol ret = `next; AuditLaf::SetRulesLocked( false ); Modified: trunk/audit-laf/src/helps.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/audit-laf/src/helps.ycp?rev=51977&r1=51976&r2=51977&view=diff ============================================================================== --- trunk/audit-laf/src/helps.ycp (original) +++ trunk/audit-laf/src/helps.ycp Wed Oct 8 13:10:10 2008 @@ -124,9 +124,11 @@ _("<p>This module also allows you to edit the rules manually. <br> Detailed information about all options gives 'man auditctl'.</p>") + /* rules dialog help 5/6 */ - _("<p><b>Check Syntax</b> sends the rules via <i>auditctl</i> to the audit subsystem and tells whether the syntax is correct.</p>") + + _("<p><b>Check Syntax</b> sends the rules via <i>auditctl</i> to the audit subsystem and tells whether the syntax is correct.<br> +<b>Restore</b> restores the settings from /etc/audit/audit.rules.</p>") + /* rules dialog help 6/6 */ - _("<p>Use the <b>Restore and Reset</b> button to restore the rules and reset the changes (from previous syntax checks) by calling <i>auditctl</i> with it.<br> + _("<p>Use the <b>Restore and Reset</b> button to restore the rules and reset +the changes (from previous syntax checks) by calling <i>auditctl</i> with it.<br> The <b>Load</b> button opens a file selection dialog and you are able to load an example rules file.</p>") Modified: trunk/audit-laf/src/wizards.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/audit-laf/src/wizards.ycp?rev=51977&r1=51976&r2=51977&view=diff ============================================================================== --- trunk/audit-laf/src/wizards.ycp (original) +++ trunk/audit-laf/src/wizards.ycp Wed Oct 8 13:10:10 2008 @@ -99,7 +99,7 @@ ], "audit_rules" : $[ // Header of tab in tab widget - // (auditctl is a program which sends the rules to the audit subsystem) + // (auditctl is a program which sends the rules to the audit subsystem) "header" : _("&Rules for 'auditctl'"), "widget_names" : ["rules"], "contents" : RulesDialogContent(), @@ -153,6 +153,7 @@ "read" : [ ``( ReadDialog() ), true ], "main" : ``( MainSequence() ), "check" : ``( CheckSettings() ), + "reset" : ``( Reset() ), "write" : [ ``( WriteDialog() ), true ] ]; @@ -163,7 +164,7 @@ `next : "main" ], "main" : $[ - `abort : `abort, + `abort : "reset", `next : "check" ], "check" : $[ -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org