diff options
author | Thierry Vignaud <tvignaud@mandriva.org> | 2002-09-18 06:22:29 +0000 |
---|---|---|
committer | Thierry Vignaud <tvignaud@mandriva.org> | 2002-09-18 06:22:29 +0000 |
commit | 03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8 (patch) | |
tree | dcdf56222871dcf946466cf0d4cc5691bfdf4c2c | |
parent | 0c7fb3de02f1c0fe9cf50d733553dedcb99110e4 (diff) | |
download | drakx-backup-do-not-use-03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8.tar drakx-backup-do-not-use-03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8.tar.gz drakx-backup-do-not-use-03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8.tar.bz2 drakx-backup-do-not-use-03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8.tar.xz drakx-backup-do-not-use-03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8.zip |
"kill quart of draksec code" patch aka make it really working aka "happy fred" :
- security::msec :
o consolidate get_function_value() and get_value into get_value()
o really apply changes, aka save them :
* config_check() : use substInFile and setVarsInSh
* config_function() : use substInFile and append_to_file
* kill stupid and bogus config_option()
o don't overwrite previous changes, aka reread them :
* fix checks and functions current value loading
* fix checks and functions default loading
- security::main :
o simplify ui creation, make it more readable
o kill offuscating basic_secadmin_check(), basic_secadmin_entry(),
network_generate_page(), system_generate_page() and checks_generate_page()
o increase default height because of stupid "add_with_viewport" in
ugtk::createScrolledWindow
o consolidate network and system functions managment, they're all the same for
msec, splitting is only a draksec "feature"; all go in %options_values
- draksec :
o let standalone module configure standalone mode
o security::main already take care of initializing gtk
o security::main already take care of exiting
o don't play with embedded mode special variables
it overall looks better but big cleanups're still possible for mdk9.1
-rw-r--r-- | perl-install/security/main.pm | 242 | ||||
-rw-r--r-- | perl-install/security/msec.pm | 93 | ||||
-rwxr-xr-x | perl-install/standalone/draksec | 11 |
3 files changed, 122 insertions, 224 deletions
diff --git a/perl-install/security/main.pm b/perl-install/security/main.pm index c316ba0a2..2c5499dff 100644 --- a/perl-install/security/main.pm +++ b/perl-install/security/main.pm @@ -1,21 +1,22 @@ +package security::main; + use strict; use standalone; use MDK::Common; use my_gtk qw(:helpers :wrappers :ask); -use log; -#use security::libsafe; use security::msec; -sub myexit { my_gtk::exit @_ } +sub myexit { my_gtk->exit(@_) } sub wait_msg { my $mainw = my_gtk->new('wait'); my $label = new Gtk::Label($_[0]); $mainw->{window}->add(gtkpack(gtkadd(create_vbox(), $label))); - $label->signal_connect(expose_event => sub { $mainw->{displayed} = 1 }); - $mainw->sync until $mainw->{displayed}; +# $label->signal_connect(expose_event => sub { $mainw->{displayed} = 1 }); +# $mainw->sync until $mainw->{displayed}; + $mainw->show; gtkset_mousecursor_wait($mainw->{rwindow}->window); $mainw->flush; $mainw; @@ -23,9 +24,7 @@ sub wait_msg { sub remove_wait_msg { $_[0]->destroy } -sub show_msec_help { - my $command = $_[0]; -} +#sub show_msec_help { my $command = $_[0] } sub basic_seclevel_explanations { my $text = new Gtk::Text(undef, undef); @@ -61,130 +60,10 @@ sub basic_seclevel_option { $$seclevel_entry->set_popdown_strings(@sec_levels); $$seclevel_entry->entry->set_text($current_level); - my $hbox = new Gtk::HBox(0, 0); new Gtk::Label(_("Security Level:")), $$seclevel_entry; } -sub basic_secadmin_check { - my ($secadmin_check, $msec) = @_; - - $$secadmin_check->set_active(1) if ($msec->get_check_value("MAIL_WARN") eq "yes"); - - new Gtk::Label(_("Security Alerts:")), $$secadmin_check; -} - -sub basic_secadmin_entry { - my ($secadmin_entry, $msec) = @_; - - $$secadmin_entry->set_text($msec->get_check_value("MAIL_USER")); - - my $hbox = new Gtk::HBox(0, 0); - new Gtk::Label(_("Security Administrator:")), $$secadmin_entry; -} - -sub network_generate_page { - my ($rsecurity_net_hash, $msec) = @_; - my @network_options = $msec->get_functions("network"); - my @yesno_choices = qw(yes no default ignore); - my @alllocal_choices = qw(ALL LOCAL NONE default); - - my @items; - - foreach my $tmp (@network_options) { -# my $hbutton = gtksignal_connect(new Gtk::Button(_("Help")), -# 'clicked' => sub { show_msec_help($tmp) } ); - my $default = $msec->get_function_default($tmp); - if (member($default, @yesno_choices) || member($default, @alllocal_choices)) { - $$rsecurity_net_hash{$tmp} = new Gtk::Combo(); - $$rsecurity_net_hash{$tmp}->entry->set_editable(0); - } - else { - $$rsecurity_net_hash{$tmp} = new Gtk::Entry(); - $$rsecurity_net_hash{$tmp}->set_text($msec->get_check_value($tmp)); - } - if (member($default, @yesno_choices)) { - $$rsecurity_net_hash{$tmp}->set_popdown_strings(@yesno_choices); - $$rsecurity_net_hash{$tmp}->entry->set_text($msec->get_check_value($tmp)); - } - elsif (member($default, @alllocal_choices)) { - $$rsecurity_net_hash{$tmp}->set_popdown_strings(@alllocal_choices); - $$rsecurity_net_hash{$tmp}->entry->set_text($msec->get_check_value($tmp)); - } - push @items, [ new Gtk::Label($tmp._(" (default: %s)",$default)), $$rsecurity_net_hash{$tmp} ]; #, $hbutton]; - } - - gtkpack(new Gtk::VBox(0, 0), - new Gtk::Label(_("The following options can be set to customize your\nsystem security. If you need explanations, click on Help.\n")), - create_packtable({ col_spacings => 10, row_spacings => 5 }, @items)); -} - -sub system_generate_page { - my ($rsecurity_system_hash, $msec) = @_; - my @system_options = $msec->get_functions("system"); - my @yesno_choices = qw(yes no default ignore); - my @alllocal_choices = qw(ALL LOCAL NONE default); - - my @items; - - foreach my $tmp (@system_options) { -# my $hbutton = gtksignal_connect(new Gtk::Button(_("Help")), -# 'clicked' => sub { show_msec_help($tmp) } ); - my $default = $msec->get_function_default($tmp); - my $def = $default ? $default : "default"; - my $item_hbox = new Gtk::HBox(0, 0); - if (member($default, @yesno_choices) || member($default, @alllocal_choices)) { - $$rsecurity_system_hash{$tmp} = new Gtk::Combo(); - $$rsecurity_system_hash{$tmp}->entry->set_editable(0); - } else { - $$rsecurity_system_hash{$tmp} = new Gtk::Entry(); -# $$rsecurity_system_hash{$tmp}->set_text($def); - $$rsecurity_system_hash{$tmp}->set_text($msec->get_check_value($tmp)); - - } - if (member($default, @yesno_choices)) { - $$rsecurity_system_hash{$tmp}->set_popdown_strings(@yesno_choices); -# $$rsecurity_system_hash{$tmp}->entry->set_text($msec->get_check_value($tmp)); - $$rsecurity_system_hash{$tmp}->entry->set_text($def); - } - elsif (member($default, @alllocal_choices)) { - $$rsecurity_system_hash{$tmp}->set_popdown_strings(@alllocal_choices); -# $$rsecurity_system_hash{$tmp}->entry->set_text($msec->get_check_value($tmp)); - $$rsecurity_system_hash{$tmp}->entry->set_text($def); - } - push @items, [ new Gtk::Label($tmp._(" (default: %s)",$def)), $$rsecurity_system_hash{$tmp} ]; #, $hbutton ]; - } - - createScrolledWindow(gtkpack(new Gtk::VBox(0, 0), - new Gtk::Label(_("The following options can be set to customize your\nsystem security. If you need explanations, click on Help.\n")), - create_packtable({ col_spacings => 10, row_spacings => 5 }, @items))); -} - -sub checks_generate_page { - my ($rsecurity_checks_hash, $msec) = @_; - my @security_checks = $msec->get_checks; - my @choices = qw(yes no default); - my @ignore_list = qw(MAIL_WARN MAIL_USER); - - my @items; - foreach my $tmp (@security_checks) { - if (!member(@ignore_list, $tmp)) { -# my $hbutton = gtksignal_connect(new Gtk::Button(_("Help")), -# 'clicked' => sub { show_msec_help($tmp) } ); - $$rsecurity_checks_hash{$tmp} = new Gtk::Combo(); - $$rsecurity_checks_hash{$tmp}->entry->set_editable(0); - $$rsecurity_checks_hash{$tmp}->set_popdown_strings(@choices); - $$rsecurity_checks_hash{$tmp}->entry->set_text($msec->get_check_value($tmp)); - push @items, [ new Gtk::Label(_($tmp)), $$rsecurity_checks_hash{$tmp} ]; #, $hbutton ]; - } - } - - createScrolledWindow(gtkpack(new Gtk::VBox(0, 0), - new Gtk::Label(_("The following options can be set to customize your\nsystem security. If you need explanations, click on Help.\n")), - create_packtable({ col_spacings => 10, row_spacings => 5 }, @items))); -} - sub draksec_main { - # Variable Declarations my $msec = new security::msec; my $w = my_gtk->new('draksec'); my $window = $w->{window}; @@ -192,16 +71,15 @@ sub draksec_main { ############################ MAIN WINDOW ################################### # Set different options to Gtk::Window unless ($::isEmbedded) { - $w->{rwindow}->set_policy(1,1,1); + $w->{rwindow}->set_policy(1, 1, 1); $w->{rwindow}->set_position(1); $w->{rwindow}->set_title("DrakSec"); - $window->set_usize( 598,490); + $window->set_usize(598, 590); } # Connect the signals $window->signal_connect('delete_event', sub { $window->destroy(); } ); $window->signal_connect('destroy', sub { my_gtk->exit(); } ); - $window->realize(); $window->add(my $vbox = gtkshow(new Gtk::VBox(0, 0))); @@ -211,38 +89,75 @@ sub draksec_main { ######################## BASIC OPTIONS PAGE ################################ my $seclevel_entry = new Gtk::Combo(); - my $secadmin_check = new Gtk::CheckButton(); - my $secadmin_entry = new Gtk::Entry(); $notebook->append_page(gtkpack__(gtkshow(my $basic_page = new Gtk::VBox(0, 0)), basic_seclevel_explanations($msec), create_packtable ({ col_spacings => 10, row_spacings => 5 }, [ basic_seclevel_option(\$seclevel_entry, $msec) ], - [ basic_secadmin_check(\$secadmin_check, $msec) ], - [ basic_secadmin_entry(\$secadmin_entry, $msec) ] )), - gtkshow(new Gtk::Label(_("Basic")))); - - ######################### NETWORK OPTIONS ################################## - my %network_options_value; - $notebook->append_page(gtkpack__(gtkshow(new Gtk::VBox(0, 0)), - network_generate_page(\%network_options_value, $msec)), - gtkshow(new Gtk::Label(_("Network Options")))); + [ new Gtk::Label(_("Security Alerts:")), + my $secadmin_check = new Gtk::CheckButton ], + [ new Gtk::Label(_("Security Administrator:")), + my $secadmin_entry = new Gtk::Entry ] )), + new Gtk::Label(_("Basic"))); + $secadmin_entry->set_text($msec->get_check_value("MAIL_USER")); + $secadmin_check->set_active(1) if $msec->get_check_value("MAIL_WARN") eq "yes"; - ########################## SYSTEM OPTIONS ################################## - my %system_options_value; - - $notebook->append_page(gtkpack_( - gtkshow(new Gtk::VBox(0, 0)), - 1, system_generate_page(\%system_options_value, $msec)), - gtkshow(new Gtk::Label(_("System Options")))); + ######################### NETWORK & SYSTEM OPTIONS ######################### + my @yesno_choices = qw(yes no default ignore); + my @alllocal_choices = qw(ALL LOCAL NONE default); + my @all_choices = (@yesno_choices, @alllocal_choices); + my %options_values; + + foreach ( [ 'network', _("Network Options") ], [ 'system', _("System Options") ] ) { + my ($domain, $label) = @$_; + my %values; + + $notebook->append_page(gtkshow(createScrolledWindow(gtkpack(new Gtk::VBox(0, 0), + new Gtk::Label(_("The following options can be set to customize your\nsystem security. If you need explanations, click on Help.\n")), + create_packtable({ col_spacings => 10, row_spacings => 5 }, + map { + my $i = $_; + my $default = $msec->get_function_default($i); + if (member($default, @all_choices)) { + $values{$i} = new Gtk::Combo(); + $values{$i}->entry->set_editable(0); + if (member($default, @yesno_choices)) { + $values{$i}->set_popdown_strings(@yesno_choices); + } elsif (member($default, @alllocal_choices)) { + $values{$i}->set_popdown_strings(@alllocal_choices); + } + $values{$i}->entry->set_text($msec->get_function_value($i)); + } else { + $values{$i} = new Gtk::Entry(); + $values{$i}->set_text($msec->get_function_value($i)); + } + [ new Gtk::Label($i._(" (default: %s)", $default)), $values{$i} ]; + # , gtksignal_connect(new Gtk::Button(_("Help")), 'clicked' => sub { show_msec_help($_) } ) ] + } $msec->get_functions($domain))))), + new Gtk::Label($label)); + $options_values{$domain} = \%values; + } ######################## PERIODIC CHECKS ################################### my %security_checks_value; - $notebook->append_page(gtkpack(gtkshow(new Gtk::VBox(0, 0)), - checks_generate_page(\%security_checks_value, $msec)), - gtkshow(new Gtk::Label(_("Periodic Checks")))); + $notebook->append_page(gtkshow(createScrolledWindow(gtkpack(new Gtk::VBox(0, 0), + new Gtk::Label(_("The following options can be set to customize your\nsystem security. If you need explanations, click on Help.\n")), + create_packtable({ col_spacings => 10, row_spacings => 5 }, + map { + my $i = $_; + if (!member(qw(MAIL_WARN MAIL_USER), $i)) { + $security_checks_value{$i} = new Gtk::Combo(); + $security_checks_value{$i}->entry->set_editable(0); + $security_checks_value{$i}->set_popdown_strings(qw(yes no default)); + $security_checks_value{$i}->entry->set_text($msec->get_check_value($i)); + [ gtkshow(new Gtk::Label(_($i))), $security_checks_value{$i} ]; + # , gtksignal_connect(new Gtk::Button(_("Help")), 'clicked' => sub { show_msec_help($i) } ) ] + } + } ($msec->get_default_checks)), + new Gtk::Label(_("Periodic Checks 2"))))), + new Gtk::Label(_("Periodic Checks"))); ####################### OK CANCEL BUTTONS ################################## @@ -255,7 +170,7 @@ sub draksec_main { standalone::explanations("Configuring msec"); - if($seclevel_value ne $msec->get_secure_level()) { + if ($seclevel_value ne $msec->get_secure_level()) { $w = wait_msg(_("Please wait, setting security level...")); standalone::explanations("Setting security level"); $msec->set_secure_level($seclevel_value); @@ -264,11 +179,11 @@ sub draksec_main { $w = wait_msg(_("Please wait, setting security options...")); standalone::explanations("Setting security administrator option"); - if($secadmin_check_value == 1) { $msec->config_check('MAIL_WARN', 'yes') } + if ($secadmin_check_value == 1) { $msec->config_check('MAIL_WARN', 'yes') } else { $msec->config_check('MAIL_WARN', 'no') } standalone::explanations("Setting security administrator contact"); - if($secadmin_value ne $msec->get_check_value('MAIL_USER') && $secadmin_check_value) { + if ($secadmin_value ne $msec->get_check_value('MAIL_USER') && $secadmin_check_value) { $msec->config_check('MAIL_USER', $secadmin_value); } @@ -279,17 +194,14 @@ sub draksec_main { } } - standalone::explanations("Setting msec functions related to networking"); - foreach my $key (keys %network_options_value) { - if($network_options_value{$key} =~ /Combo/) { $msec->config_function($key, $network_options_value{$key}->entry->get_text()) } - else { $msec->config_function($key, $network_options_value{$key}->get_text()) } - } + foreach my $domain (keys %options_values) { + standalone::explanations("Setting msec functions related to $domain"); + foreach my $key (keys %{$options_values{$domain}}) { + my $opt = $options_values{$domain}{$key}; + $msec->config_function($key, $opt =~ /Combo/ ? $opt->entry->get_text() : $opt->get_text()); + } + } - standalone::explanations("Setting msec functions related to the system"); - foreach my $key (keys %system_options_value) { - if($system_options_value{$key} =~ /Combo/) { $msec->config_function($key, $system_options_value{$key}->entry->get_text()) } - else { $msec->config_function($key, $system_options_value{$key}->get_text()) } - } remove_wait_msg($w); my_gtk->exit(0); diff --git a/perl-install/security/msec.pm b/perl-install/security/msec.pm index 905705003..56364684f 100644 --- a/perl-install/security/msec.pm +++ b/perl-install/security/msec.pm @@ -23,7 +23,7 @@ msec - Perl functions to handle msec configuration files foreach @functions { %defaults{$_} = $msec->get_function_default($_) } foreach @functions { $msec->config_function($_, %options{$_}) } - @checks = $msec->get_checks; + @checks = $msec->get_default_checks; foreach @checks { %options{$_} = $msec->get_check_value($_) } foreach @checks { %defaults{$_} = $msec->get_check_default($_) } foreach @checks { $msec->config_check($_, %options{$_}) } @@ -81,14 +81,45 @@ sub get_default { open F, $default_file; while(<F>) { - if ($_ =~ /^$option/) { (undef, $default_value) = split(/$category eq "functions" ? ' ' : '=' /o, $_); } + if ($category eq 'functions') { + if ($_ =~ /^$option/) { (undef, $default_value) = split(/ /, $_) } + } elsif ($category eq 'checks') { + if ($_ =~ /^$option/) { (undef, $default_value) = split(/=/, $_) } + } } close F; chop $default_value; - $default_value; } +sub get_value { + my ($item, $category) = @_; + my $value = ''; + my $found = 0; + my $item_file; + $item_file = "$::prefix/etc/security/msec/level.local" if $category eq 'functions'; + $item_file = $check_file if $category eq 'checks'; + + if (-e $item_file) { + open F, $item_file; + while(<F>) { + if($_ =~ /^$item/) { + if ($category eq 'functions') { + (undef, $value) = split(/ /, $_); + } elsif ($category eq 'checks') { + (undef, $value) = split(/=/, $_); + } + chop $value; + $found = 1; + close F; + } + } + close F; + $value = "default" if $found == 0; + } + else { $value = "default" } + $value; +} # *********************************************** # SPECIFIC OPTIONS @@ -174,34 +205,15 @@ sub get_functions { # return the value of the function passed in argument. If no value is set, # return "default". sub get_function_value { - my ($function) = @_; - my $value = ''; - my $msec_options = "$::prefix/etc/security/msec/level.local"; - my $found = 0; - - if (-e $msec_options) { - open F, $msec_options; - while(<F>) { - if($_ =~ /^$function/) { - (undef, $value) = split(/\(/, $_); - chop $value; chop $value; - $found = 1; - } - } - close F; - if ($found == 0) { $value = "default" } - } - else { $value = "default" } - - $value; + shift; + get_value(@_, 'functions'); } # get_function_default(function) - # return the default value of the function according to the security level sub get_function_default { shift; - my ($function) = @_; - return get_default($function, "functions"); + return get_default(@_, "functions"); } # config_function(function, value) - @@ -223,9 +235,9 @@ sub config_function { # PERIODIC CHECKS (security.conf) RELATED # *********************************************** -# get_checks() - +# get_default_checks() - # return a list of periodic checks handled by security.conf -sub get_checks { +sub get_default_checks { my $check; my @checks = (); @@ -236,11 +248,10 @@ sub get_checks { open F, $check_file; while (<F>) { ($check, undef) = split(/=/, $_); - if(!(member($check, @ignore_list))) { push(@checks, $check) } + push @checks, $check if (!(member($check, @ignore_list))) } close F; } - @checks; } @@ -248,34 +259,14 @@ sub get_checks { # return the value of the check passed in argument sub get_check_value { shift; - my ($check) = @_; - my $check_file = $check_file; - my $value = ''; - my $found = 0; - - if (-e $check_file) { - open F, $check_file; - while(<F>) { - if($_ =~ /^$check/) { - (undef, $value) = split(/=/, $_); - chop $value; - $found = 1; - close F; - } - } - close F; - $value = "default" if ($found == 0); - } - else { $value = "default" } - - $value; + get_value(@_, 'checks'); } # get_check_default(check) # Get the default value according to the security level sub get_check_default { my ($check) = @_; - return get_default($check, "checks"); + return get_default($check, 'checks'); } # config_check(check, value) diff --git a/perl-install/standalone/draksec b/perl-install/standalone/draksec index 084ae3f42..fe2794b52 100755 --- a/perl-install/standalone/draksec +++ b/perl-install/standalone/draksec @@ -26,9 +26,9 @@ }; use lib qw(/usr/lib/libDrakX); - +use standalone; use strict; -use vars qw($MODE %options $XID $CCPID); +use vars qw($MODE %options); use security::main; @@ -38,9 +38,4 @@ $0 =~ '/draksec-perms$' and $MODE = 'perms'; /^-?-(\S+)$/ and $options{$1} = 1 foreach @ARGV; -$::isStandalone = 1; -Gtk->init; - -draksec_main(); - -myexit 0; +security::main::draksec_main(); |