diff options
Diffstat (limited to 'apol/roles_tab.tcl')
| -rw-r--r-- | apol/roles_tab.tcl | 196 |
1 files changed, 196 insertions, 0 deletions
diff --git a/apol/roles_tab.tcl b/apol/roles_tab.tcl new file mode 100644 index 0000000..4d8339a --- /dev/null +++ b/apol/roles_tab.tcl @@ -0,0 +1,196 @@ +# Copyright (C) 2001-2007 Tresys Technology, LLC +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +namespace eval Apol_Roles { + variable widgets + variable opts + variable role_list {} +} + +proc Apol_Roles::create {tab_name nb} { + variable widgets + variable opts + + _initializeVars + + set frame [$nb insert end $tab_name -text "Roles"] + set pw [PanedWindow $frame.pw -side top] + set leftf [$pw add -weight 0] + set rightf [$pw add -weight 1] + pack $pw -fill both -expand yes + + set rolebox [TitleFrame $leftf.rolebox -text "Roles"] + set s_optionsbox [TitleFrame $rightf.obox -text "Search Options"] + set resultsbox [TitleFrame $rightf.rbox -text "Search Results"] + pack $rolebox -fill both -expand yes + pack $s_optionsbox -padx 2 -fill both -expand 0 + pack $resultsbox -padx 2 -fill both -expand yes + + set rlistbox [Apol_Widget::makeScrolledListbox [$rolebox getframe].lb \ + -width 20 -listvar Apol_Roles::role_list] + Apol_Widget::setListboxCallbacks $rlistbox \ + {{"Display Role Info" {Apol_Roles::_popupRoleInfo role}}} + pack $rlistbox -fill both -expand yes + + # Search options subframes + set ofm [$s_optionsbox getframe] + set lfm [frame $ofm.to] + set cfm [frame $ofm.co] + pack $lfm $cfm -side left -anchor nw -padx 4 -pady 2 + + radiobutton $lfm.all_info -text "All information" \ + -variable Apol_Roles::opts(showSelection) -value all + radiobutton $lfm.names_only -text "Names only" \ + -variable Apol_Roles::opts(showSelection) -value names + pack $lfm.all_info $lfm.names_only -anchor w -padx 5 -pady 4 + + set cb_type [checkbutton $cfm.cb -variable Apol_Roles::opts(useType) -text "Type"] + set widgets(combo_types) [Apol_Widget::makeTypeCombobox $cfm.combo_types] + Apol_Widget::setTypeComboboxState $widgets(combo_types) disabled + trace add variable Apol_Roles::opts(useType) write \ + [list Apol_Roles::_toggleTypeCombobox $widgets(combo_types)] + pack $cb_type -anchor w + pack $widgets(combo_types) -anchor w -padx 4 + + button $ofm.ok -text OK -width 6 -command Apol_Roles::_searchRoles + pack $ofm.ok -side top -anchor e -pady 5 -padx 5 + + set widgets(results) [Apol_Widget::makeSearchResults [$resultsbox getframe].sw] + pack $widgets(results) -expand 1 -fill both + + return $frame +} + +proc Apol_Roles::open {ppath} { + set q [new_apol_role_query_t] + set v [$q run $::ApolTop::policy] + $q -acquire + $q -delete + variable role_list [lsort [role_vector_to_list $v]] + $v -acquire + $v -delete + + variable widgets + Apol_Widget::resetTypeComboboxToPolicy $widgets(combo_types) +} + +proc Apol_Roles::close {} { + variable widgets + variable opts + variable role_list {} + + _initializeVars + Apol_Widget::clearTypeCombobox $widgets(combo_types) + Apol_Widget::clearSearchResults $widgets(results) +} + +proc Apol_Roles::getTextWidget {} { + variable widgets + return $widgets(results).tb +} + +# Return a list of all role names in the current policy. If no policy +# is loaded then return an empty list. +proc Apol_Roles::getRoles {} { + variable role_list + set role_list +} + +#### private functions below #### + +proc Apol_Roles::_initializeVars {} { + variable opts + array set opts { + useType 0 + showSelection all + } +} + +proc Apol_Roles::_toggleTypeCombobox {path name1 name2 op} { + Apol_Widget::setTypeComboboxState $path $Apol_Roles::opts(useType) +} + +proc Apol_Roles::_popupRoleInfo {which role} { + Apol_Widget::showPopupText $role [_renderRole $role 1] +} + +proc Apol_Roles::_searchRoles {} { + variable widgets + variable opts + + Apol_Widget::clearSearchResults $widgets(results) + if {![ApolTop::is_policy_open]} { + tk_messageBox -icon error -type ok -title "Error" -message "No current policy file is opened." + return + } + if {$opts(useType)} { + set type [lindex [Apol_Widget::getTypeComboboxValueAndAttrib $widgets(combo_types)] 0] + if {$type == {}} { + tk_messageBox -icon error -type ok -title "Error" -message "No type selected." + return + } + } else { + set type {} + } + if {$opts(showSelection) == "names"} { + set show_all 0 + } else { + set show_all 1 + } + + set q [new_apol_role_query_t] + $q set_type $::ApolTop::policy $type + set v [$q run $::ApolTop::policy] + $q -acquire + $q -delete + set roles_data [role_vector_to_list $v] + $v -acquire + $v -delete + set text "ROLES:\n" + if {[llength $roles_data] == 0} { + append text "Search returned no results." + } else { + foreach r [lsort $roles_data] { + append text "\n[_renderRole $r $show_all]" + } + } + Apol_Widget::appendSearchResultText $widgets(results) $text +} + +proc Apol_Roles::_renderRole {role_name show_all} { + set qpol_role_datum [new_qpol_role_t $::ApolTop::qpolicy $role_name] + if {!$show_all} { + return $role_name + } + set i [$qpol_role_datum get_type_iter $::ApolTop::qpolicy] + set types {} + while {![$i end]} { + set qpol_type_datum [qpol_type_from_void [$i get_item]] + lappend types [$qpol_type_datum get_name $::ApolTop::qpolicy] + $i next + } + $i -acquire + $i -delete + set text "$role_name ([llength $types] type" + if {[llength $types] != 1} { + append text "s" + } + append text ")\n" + foreach t [lsort -dictionary $types] { + append text " $t\n" + } +# append text " dominance: $dominates\n" + return $text +} |