Changeset f7c535e


Ignore:
Timestamp:
04/18/13 08:15:34 (16 months ago)
Author:
Kris Moore <kris@…>
Branches:
master, 9.1-release, 9.2-release, releng/10.0, releng/10.0.1, releng/10.0.2
Children:
73d8dee
Parents:
5cb55b5
Message:
  • Rename the Jail IP widget -> Jail Configuration
  • Add new "Permissions" tab to the Jail config widget
  • Add support for getting / setting jail permissions
Location:
src-qt4/warden-gui
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • src-qt4/warden-gui/dialogEditIP.cpp

    r1620346 rf7c535e  
    1818#include <QMessageBox> 
    1919#include <QDebug> 
     20#include <QListWidgetItem> 
    2021#include "pcbsd-utils.h" 
    2122 
    2223// Local Includes 
    2324#include "dialogEditIP.h" 
     25 
    2426 
    2527void dialogEditIP::programInit(QString name) 
     
    133135  slotCheckChecks(); 
    134136  slotComboIPChanged(); 
     137  loadPerms(); 
     138} 
     139 
     140void dialogEditIP::loadPerms() 
     141{ 
     142 
     143  // Add the allow flags to show in the GUI 
     144  // <flag> | <default value> | <descrip> 
     145  jailFlags \ 
     146        << "allow.set_hostname|true|" + tr("A process within the jail has access to System V IPC primitives.") \ 
     147        << "allow.sysvipc|false|" + tr("A process within the jail has access to System V IPC primitives.") \ 
     148        << "allow.raw_sockets|false|" + tr("The prison root is allowed to create raw sockets. Enables ping / traceroute.") \ 
     149        << "allow.chflags|false|" + tr("When this parameter is set, such users are treated as privileged, and may manipulate system file flags subject to the usual constraints on kern.securelevel.") \ 
     150        << "allow.mount|false|" + tr("Privileged users inside the jail will be able to mount and unmount file system types marked as jail-friendly.") \ 
     151        << "allow.mount.devfs|false|" + tr("Privileged users inside the jail will be able to mount and unmount the devfs file system.") \ 
     152        << "allow.mount.nullfs|false|" + tr("Privileged users inside the jail will be able to mount and unmount the nullfs file system.") \ 
     153        << "allow.mount.procfs|false|" + tr("Privileged users inside the jail will be able to mount and unmount the procfs file system.") \ 
     154        << "allow.mount.zfs|false|" + tr("Privileged users inside the jail will be able to mount and unmount the zfs file system.") \ 
     155        << "allow.quotas|false|" + tr("The prison root may administer quotas on the jail's filesystem(s).") \ 
     156        << "allow.socket_af|false|" + tr("This allows access to other protocol stacks that have not had jail functionality added to them.") \ 
     157        ; 
     158 
     159  QString jDefault; 
     160  QString toggled; 
     161  QString curFlags; 
     162  QFile file( JailDir + "/." + jailName + ".meta/jail-flags" ); 
     163  if ( file.exists() && file.open( QIODevice::ReadOnly ) ) { 
     164     QTextStream stream( &file ); 
     165     curFlags = stream.readLine(); 
     166     file.close(); 
     167  } 
     168 
     169 
     170  for (int i = 0; i < jailFlags.size(); ++i) { 
     171      QListWidgetItem *myItem = new QListWidgetItem; 
     172      myItem->setText( jailFlags.at(i).section("|", 0, 0) ); 
     173      jDefault = jailFlags.at(i).section("|", 1, 1); 
     174      myItem->setToolTip( jailFlags.at(i).section("|", 2, 2) ); 
     175      if ( jDefault == "false" ) { 
     176        if ( curFlags.indexOf(jailFlags.at(i).section("|", 0,0) + "=true") != -1 ) 
     177          myItem->setCheckState(Qt::Checked); 
     178        else 
     179          myItem->setCheckState(Qt::Unchecked); 
     180      } else { 
     181        if ( curFlags.indexOf(jailFlags.at(i).section("|", 0,0) + "=false") != -1 ) 
     182          myItem->setCheckState(Qt::Unchecked); 
     183        else 
     184          myItem->setCheckState(Qt::Checked); 
     185      } 
     186      listPerms->addItem(myItem); 
     187  } 
     188} 
     189 
     190void dialogEditIP::savePerms() 
     191{ 
     192  QStringList savePerms; 
     193  QString jFlag, jDefault; 
     194  QString lFlag, lChecked; 
     195 
     196  for ( int i=0; i < listPerms->count() ; i++) { 
     197    lFlag =  listPerms->item(i)->text(); 
     198    if ( listPerms->item(i)->checkState() == Qt::Checked ) 
     199       lChecked="true"; 
     200    else 
     201       lChecked="false"; 
     202     
     203    for ( int j=0; j < jailFlags.count() ; j++) { 
     204       jFlag = jailFlags.at(j).section("|", 0, 0); 
     205       if ( jFlag != lFlag )  
     206         continue; 
     207 
     208       jDefault = jailFlags.at(j).section("|", 1, 1); 
     209       if ( jDefault == "true" && lChecked == "false" ) 
     210          savePerms << jFlag + "=false"; 
     211       if ( jDefault == "false" && lChecked == "true" ) 
     212          savePerms << jFlag + "=true"; 
     213    } 
     214  } 
     215 
     216  QFile file( JailDir + "/." + jailName + ".meta/jail-flags" ); 
     217  if ( ! savePerms.isEmpty() ) { 
     218    if ( file.open( QIODevice::WriteOnly ) ) { 
     219       QTextStream stream( &file ); 
     220       stream << savePerms.join(" "); 
     221       file.close(); 
     222    } 
     223  } else { 
     224    file.remove(); 
     225  } 
     226 
     227 
    135228} 
    136229 
     
    212305   { 
    213306     saveSettings(); 
     307     savePerms(); 
    214308     emit saved(); 
    215309     close(); 
  • src-qt4/warden-gui/dialogEditIP.h

    r1620346 rf7c535e  
    3232private: 
    3333        void displayRepos(); 
     34        void loadPerms(); 
     35        void savePerms(); 
    3436        void saveSettings(); 
    3537        bool checkValidBlock(QString block, QString type); 
     
    4042        QStringList IPv6Alias; 
    4143        QStringList IPv6AliasBridge; 
     44        QStringList jailFlags; 
    4245 
    4346signals: 
  • src-qt4/warden-gui/dialogEditIP.ui

    r1620346 rf7c535e  
    1212  </property> 
    1313  <property name="windowTitle"> 
    14    <string>IP Configuration</string> 
     14   <string>Jail Configuration</string> 
    1515  </property> 
    1616  <property name="windowIcon"> 
     
    2222    <widget class="QGroupBox" name="groupBox"> 
    2323     <property name="title"> 
    24       <string>Jail IP Addresses</string> 
     24      <string>Jail Configuration</string> 
    2525     </property> 
    2626     <layout class="QGridLayout" name="gridLayout"> 
     
    165165        <widget class="QWidget" name="tab_2"> 
    166166         <attribute name="title"> 
    167           <string>Advanced</string> 
     167          <string>Aliases</string> 
    168168         </attribute> 
    169169         <layout class="QGridLayout" name="gridLayout_3"> 
     
    233233            </item> 
    234234           </layout> 
     235          </item> 
     236         </layout> 
     237        </widget> 
     238        <widget class="QWidget" name="tab_4"> 
     239         <attribute name="title"> 
     240          <string>Permissions</string> 
     241         </attribute> 
     242         <layout class="QGridLayout" name="gridLayout_6"> 
     243          <item row="0" column="0"> 
     244           <widget class="QLabel" name="label"> 
     245            <property name="text"> 
     246             <string>The following permissions can be enabled or diabled for this jail. For more details hover over each item or refer to the jail manpage.</string> 
     247            </property> 
     248            <property name="wordWrap"> 
     249             <bool>true</bool> 
     250            </property> 
     251           </widget> 
     252          </item> 
     253          <item row="1" column="0"> 
     254           <widget class="QListWidget" name="listPerms"/> 
    235255          </item> 
    236256         </layout> 
Note: See TracChangeset for help on using the changeset viewer.