2012-04-13 17:04:45 +02:00
|
|
|
## usersPage.py - show selinux mappings
|
|
|
|
## Copyright (C) 2006,2007,2008 Red Hat, Inc.
|
|
|
|
|
|
|
|
## This program is free software; you can redistribute it and/or modify
|
|
|
|
## it under the terms of the GNU General Public License as published by
|
|
|
|
## the Free Software Foundation; either version 2 of the License, or
|
|
|
|
## (at your option) any later version.
|
|
|
|
|
|
|
|
## This program is distributed in the hope that it will be useful,
|
|
|
|
## but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
## GNU General Public License for more details.
|
|
|
|
|
|
|
|
## You should have received a copy of the GNU General Public License
|
|
|
|
## along with this program; if not, write to the Free Software
|
|
|
|
## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
|
|
|
|
|
## Author: Dan Walsh
|
|
|
|
import sys
|
2016-08-04 20:34:04 +02:00
|
|
|
try:
|
|
|
|
from subprocess import getstatusoutput
|
|
|
|
except ImportError:
|
|
|
|
from commands import getstatusoutput
|
|
|
|
|
2017-09-20 08:56:54 +02:00
|
|
|
from gi.repository import GObject, Gtk
|
2012-04-13 17:04:45 +02:00
|
|
|
import seobject
|
2015-07-24 10:07:13 +02:00
|
|
|
from semanagePage import *
|
2012-04-13 17:04:45 +02:00
|
|
|
|
|
|
|
##
|
|
|
|
## I18N
|
|
|
|
##
|
2015-07-24 10:07:13 +02:00
|
|
|
PROGNAME = "policycoreutils"
|
2012-04-13 17:04:45 +02:00
|
|
|
try:
|
2016-08-04 20:34:02 +02:00
|
|
|
import gettext
|
|
|
|
kwargs = {}
|
|
|
|
if sys.version_info < (3,):
|
|
|
|
kwargs['unicode'] = True
|
|
|
|
gettext.install(PROGNAME,
|
|
|
|
localedir="/usr/share/locale",
|
|
|
|
codeset='utf-8',
|
|
|
|
**kwargs)
|
|
|
|
except:
|
|
|
|
try:
|
|
|
|
import builtins
|
|
|
|
builtins.__dict__['_'] = str
|
|
|
|
except ImportError:
|
|
|
|
import __builtin__
|
|
|
|
__builtin__.__dict__['_'] = unicode
|
2012-04-13 17:04:45 +02:00
|
|
|
|
2015-07-24 10:07:13 +02:00
|
|
|
|
2012-04-13 17:04:45 +02:00
|
|
|
class usersPage(semanagePage):
|
2015-07-24 10:07:13 +02:00
|
|
|
|
2012-04-13 17:04:45 +02:00
|
|
|
def __init__(self, xml):
|
|
|
|
semanagePage.__init__(self, xml, "users", _("SELinux User"))
|
|
|
|
|
2017-09-20 08:56:54 +02:00
|
|
|
self.store = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING, GObject.TYPE_STRING, GObject.TYPE_STRING, GObject.TYPE_STRING)
|
2012-04-13 17:04:45 +02:00
|
|
|
self.view.set_model(self.store)
|
2017-09-20 08:56:54 +02:00
|
|
|
self.store.set_sort_column_id(0, Gtk.SortType.ASCENDING)
|
2012-04-13 17:04:45 +02:00
|
|
|
|
2017-09-20 08:56:54 +02:00
|
|
|
col = Gtk.TreeViewColumn(_("SELinux\nUser"), Gtk.CellRendererText(), text=0)
|
2012-04-13 17:04:45 +02:00
|
|
|
col.set_sort_column_id(0)
|
|
|
|
col.set_resizable(True)
|
|
|
|
self.view.append_column(col)
|
|
|
|
|
2017-09-20 08:56:54 +02:00
|
|
|
col = Gtk.TreeViewColumn(_("MLS/\nMCS Range"), Gtk.CellRendererText(), text=1)
|
2012-04-13 17:04:45 +02:00
|
|
|
col.set_resizable(True)
|
|
|
|
self.view.append_column(col)
|
|
|
|
|
2017-09-20 08:56:54 +02:00
|
|
|
col = Gtk.TreeViewColumn(_("SELinux Roles"), Gtk.CellRendererText(), text=2)
|
2012-04-13 17:04:45 +02:00
|
|
|
col.set_resizable(True)
|
|
|
|
self.view.append_column(col)
|
|
|
|
|
|
|
|
self.load()
|
2017-09-20 08:56:54 +02:00
|
|
|
self.selinuxUserEntry = xml.get_object("selinuxUserEntry")
|
|
|
|
self.mlsRangeEntry = xml.get_object("mlsRangeEntry")
|
|
|
|
self.selinuxRolesEntry = xml.get_object("selinuxRolesEntry")
|
2012-04-13 17:04:45 +02:00
|
|
|
|
2015-07-24 10:07:13 +02:00
|
|
|
def load(self, filter=""):
|
|
|
|
self.filter = filter
|
2012-04-13 17:04:45 +02:00
|
|
|
self.user = seobject.seluserRecords()
|
|
|
|
dict = self.user.get_all()
|
|
|
|
self.store.clear()
|
2016-08-04 20:34:03 +02:00
|
|
|
for k in sorted(dict.keys()):
|
2012-04-13 17:04:45 +02:00
|
|
|
range = seobject.translate(dict[k][2])
|
|
|
|
if not (self.match(k, filter) or self.match(dict[k][0], filter) or self.match(range, filter) or self.match(dict[k][3], filter)):
|
|
|
|
continue
|
|
|
|
|
|
|
|
iter = self.store.append()
|
|
|
|
self.store.set_value(iter, 0, k)
|
|
|
|
self.store.set_value(iter, 1, range)
|
|
|
|
self.store.set_value(iter, 2, dict[k][3])
|
2015-07-24 10:07:13 +02:00
|
|
|
self.view.get_selection().select_path((0,))
|
2012-04-13 17:04:45 +02:00
|
|
|
|
|
|
|
def dialogInit(self):
|
|
|
|
store, iter = self.view.get_selection().get_selected()
|
|
|
|
self.selinuxUserEntry.set_text(store.get_value(iter, 0))
|
|
|
|
self.selinuxUserEntry.set_sensitive(False)
|
|
|
|
self.mlsRangeEntry.set_text(store.get_value(iter, 1))
|
|
|
|
self.selinuxRolesEntry.set_text(store.get_value(iter, 2))
|
|
|
|
|
|
|
|
def dialogClear(self):
|
|
|
|
self.selinuxUserEntry.set_text("")
|
|
|
|
self.selinuxUserEntry.set_sensitive(True)
|
|
|
|
self.mlsRangeEntry.set_text("s0")
|
|
|
|
self.selinuxRolesEntry.set_text("")
|
|
|
|
|
|
|
|
def add(self):
|
|
|
|
user = self.selinuxUserEntry.get_text()
|
|
|
|
range = self.mlsRangeEntry.get_text()
|
|
|
|
roles = self.selinuxRolesEntry.get_text()
|
|
|
|
|
|
|
|
self.wait()
|
2016-08-04 20:34:04 +02:00
|
|
|
(rc, out) = getstatusoutput("semanage user -a -R '%s' -r %s %s" % (roles, range, user))
|
2012-04-13 17:04:45 +02:00
|
|
|
self.ready()
|
|
|
|
if rc != 0:
|
|
|
|
self.error(out)
|
|
|
|
return False
|
|
|
|
iter = self.store.append()
|
|
|
|
self.store.set_value(iter, 0, user)
|
|
|
|
self.store.set_value(iter, 1, range)
|
|
|
|
self.store.set_value(iter, 2, roles)
|
|
|
|
|
|
|
|
def modify(self):
|
|
|
|
user = self.selinuxUserEntry.get_text()
|
|
|
|
range = self.mlsRangeEntry.get_text()
|
|
|
|
roles = self.selinuxRolesEntry.get_text()
|
|
|
|
|
|
|
|
self.wait()
|
2016-08-04 20:34:04 +02:00
|
|
|
(rc, out) = getstatusoutput("semanage user -m -R '%s' -r %s %s" % (roles, range, user))
|
2012-04-13 17:04:45 +02:00
|
|
|
self.ready()
|
|
|
|
|
|
|
|
if rc != 0:
|
|
|
|
self.error(out)
|
|
|
|
return False
|
|
|
|
self.load(self.filter)
|
|
|
|
|
|
|
|
def delete(self):
|
|
|
|
store, iter = self.view.get_selection().get_selected()
|
|
|
|
try:
|
2015-07-24 10:07:13 +02:00
|
|
|
user = store.get_value(iter, 0)
|
2012-04-13 17:04:45 +02:00
|
|
|
if user == "root" or user == "user_u":
|
|
|
|
raise ValueError(_("SELinux user '%s' is required") % user)
|
|
|
|
|
|
|
|
self.wait()
|
2016-08-04 20:34:04 +02:00
|
|
|
(rc, out) = getstatusoutput("semanage user -d %s" % user)
|
2012-04-13 17:04:45 +02:00
|
|
|
self.ready()
|
|
|
|
if rc != 0:
|
|
|
|
self.error(out)
|
|
|
|
return False
|
|
|
|
store.remove(iter)
|
2015-07-24 10:07:13 +02:00
|
|
|
self.view.get_selection().select_path((0,))
|
2016-08-04 20:34:03 +02:00
|
|
|
except ValueError as e:
|
2012-04-13 17:04:45 +02:00
|
|
|
self.error(e.args[0])
|