ACC SHELL
/**
* Copyright 2004, Novell, Inc. All rights reserved.
*
* File: firewall/summary.ycp
* Package: Firewall configuration
* Summary: Firewall configuration summary
* Authors: Lukas Ocilka <locilka@suse.cz>
*
* $Id: summary.ycp 53819 2008-12-02 14:04:46Z locilka $
*
* Summary functions.
*/
{
textdomain "firewall";
import "SuSEFirewall";
import "SuSEFirewallServices";
import "SuSEFirewallUI";
import "SuSEFirewallExpertRules";
import "Mode";
import "String";
include "firewall/subdialogs.ycp";
include "firewall/uifunctions.ycp";
boolean show_details = false;
map protocol_type_names = $[
// TRANSLATORS: Summary item label
"TCP" : _("TCP Ports"),
// TRANSLATORS: Summary item label
"UDP" : _("UDP Ports"),
// TRANSLATORS: Summary item label
"RPC" : _("RPC Services"),
// TRANSLATORS: Summary item label
"IP" : _("IP Protocols"),
// TRANSLATORS: Summary item label
"BRD" : _("Broadcast Ports"),
];
string li_start = "<li>";
string li_end = "</li>";
string ul_start = "<ul>";
string ul_end = "</ul>";
// Function initializes spacial behaviour for commandline
void SummaryInitCommandLine () {
li_start = " * ";
li_end = "";
ul_start = "";
ul_end = "";
}
string SummaryZoneHeader (string zone_id) {
if (SuSEFirewallUI::simple_text_output) {
return String::UnderlinedHeader(SuSEFirewall::GetZoneFullName(zone_id),0);
} else {
return "\n<h2>" + String::EscapeTags (SuSEFirewall::GetZoneFullName(zone_id)) + "</h2>\n";
}
}
string SummaryCheckSpecInterface (string spec_interface, string zone) {
string ret_val = "";
if (spec_interface == "any") {
if (zone == "EXT") {
ret_val = " '" + spec_interface + "' " +
//(NetworkService::IsManaged() ?
// // TRANSLATORS: an informative text, text presented in HTML - newlines are not needed
// _("All network interfaces handled by NetworkManager and all other unassigned interfaces will be assigned to this zone.")
// :
// TRANSLATORS: an informative text, text presented in HTML - newlines are not needed
_("Any unassigned interface will be assigned to this zone.");
//);
} else {
ret_val = " '" + spec_interface + "' "
// TRANSLATORS: informative text
+ _("Currently supported only in external zone.");
}
} else {
// TRANSLATORS: informative text
ret_val = " '" + spec_interface + "' " + _("Unknown network interface.");
}
return ret_val;
}
string SummaryInterfacesInZone (string zone_id) {
string ret_summary = "";
list <map <string, string> > interfaces = SuSEFirewall::GetAllKnownInterfaces();
map <string, string> interface_id_to_name = $[];
foreach (map <string, string> interface, interfaces, {
interface_id_to_name[interface["id"]:""] = interface["name"]:"";
});
list <string> interfaces_in_zone = SuSEFirewall::GetInterfacesInZone(zone_id);
list <string> special_interfaces = SuSEFirewall::GetSpecialInterfacesInZone(zone_id);
if (size(interfaces_in_zone)>0 || size(special_interfaces)>0) {
ret_summary = ret_summary +
(SuSEFirewallUI::simple_text_output ?
// TRANSLATORS: Summary item label
String::UnderlinedHeader(_("Interfaces"),4)
:
// TRANSLATORS: Summary item label
("<h3>" + _("Interfaces") + "</h3>")
) + "\n";
ret_summary = ret_summary + ul_start;
foreach (string interface_id, interfaces_in_zone, {
ret_summary = ret_summary +
li_start + " " +
(interface_id_to_name[interface_id]:"" != "" ?
String::EscapeTags (interface_id_to_name[interface_id]:"") + " / "
:
""
) + String::EscapeTags (interface_id) + li_end + "\n";
});
foreach (string spec_interface, special_interfaces, {
ret_summary = ret_summary +
li_start + SummaryCheckSpecInterface(spec_interface,zone_id) + li_end + "\n";
});
ret_summary = ret_summary + ul_end;
} else {
// TRANSLATORS: informative text
ret_summary = li_start + _("No interfaces assigned to this zone.") + li_end + "\n";
}
return ret_summary;
}
/**
* Returns HTML-formatted information about ports contained in a service
* defined by parameter service_id.
*
* @param string service_id
* @return string detailed information
*/
string ShowServiceDetails (string service_id) {
list <string> tcp_ports = SuSEFirewallServices::GetNeededTCPPorts (service_id);
list <string> udp_ports = SuSEFirewallServices::GetNeededUDPPorts (service_id);
list <string> rpc_ports = SuSEFirewallServices::GetNeededRPCPorts (service_id);
list <string> ip_protocols = SuSEFirewallServices::GetNeededIPProtocols (service_id);
list <string> broadcast_ports = SuSEFirewallServices::GetNeededBroadcastPorts (service_id);
string ret = "";
// TCP ports
if (size (tcp_ports) > 0) {
// "ssh" -> "ssh (22)"
tcp_ports = maplist (string tcp_port, tcp_ports, {
return UserReadablePortName (tcp_port, "TCP");
});
ret = ret +
li_start + protocol_type_names["TCP"]:"" + ": " + mergestring (tcp_ports, ", ") + li_end + "\n";
}
// UDP Ports
if (size (udp_ports) > 0) {
udp_ports = maplist (string udp_port, udp_ports, {
return UserReadablePortName (udp_port, "UDP");
});
ret = ret +
li_start + protocol_type_names["UDP"]:"" + ": " + mergestring (udp_ports, ", ") + li_end + "\n";
}
// RPC Services
if (size (rpc_ports) > 0) {
ret = ret +
li_start + protocol_type_names["RPC"]:"" + ": " + mergestring (rpc_ports, ", ") + li_end + "\n";
}
// IP Protocols
if (size (ip_protocols) > 0) {
ret = ret +
li_start + protocol_type_names["IP"]:"" + ": " + mergestring (ip_protocols, ", ") + li_end + "\n";
}
// Broadcast (UDP)
if (size (broadcast_ports) > 0) {
broadcast_ports = maplist (string broadcast_port, broadcast_ports, {
return String::EscapeTags (UserReadablePortName (broadcast_port, "UDP"));
});
ret = ret +
li_start + protocol_type_names["BRD"]:"" + ": " + String::EscapeTags (mergestring (broadcast_ports, ", ")) + li_end + "\n";
}
if (ret == "")
return "";
return "\n" + ul_start + ret + ul_end + "\n";
}
string SummaryOpenServicesInZone (string zone_id, boolean show_details) {
string ret_val = "";
list <string> interfaces_in_zone = SuSEFirewall::GetInterfacesInZone(zone_id);
list <string> special_interfaces = SuSEFirewall::GetSpecialInterfacesInZone(zone_id);
// any interface must be assigned
if (size(interfaces_in_zone)>0 || size(special_interfaces)>0) {
ret_val = (SuSEFirewallUI::simple_text_output ?
// TRANSLATORS: CommandLine summary header
String::UnderlinedHeader(_("Open Services, Ports, and Protocols"),4)
:
// TRANSLATORS: UI summary header
("<h3>" + _("Open Services, Ports, and Protocols") + "</h3>")
) + "\n";
// internal zone and unprotected
if (zone_id == "INT" && !SuSEFirewall::GetProtectFromInternalZone()) {
// TRANSLATORS: informative text
ret_val = ret_val + ul_start + li_start + _("Internal zone is unprotected. All ports are open.") + li_end + ul_end + "\n";
} else {
string open_services = "";
map <string, string> translations_to_service_ids = $[];
foreach (string service_id, string service_name, SuSEFirewallServices::GetSupportedServices(), {
translations_to_service_ids[service_name] = service_id;
});
// Allowed known services
foreach (string service_name, string service_id, translations_to_service_ids, {
if (SuSEFirewall::IsServiceSupportedInZone (service_id, zone_id)) {
open_services = open_services +
li_start +
String::EscapeTags (service_name) + (show_details ? ":":"") +
li_end +
(show_details ? ShowServiceDetails (service_id):"") +
"\n";
}
});
// Additional (unknown) ports, services, protocols...
foreach (string protocol, ["TCP", "UDP", "RPC", "IP"], {
string additional_services = mergestring(SuSEFirewall::GetAdditionalServices(protocol, zone_id), ", ");
if (additional_services == "") return;
open_services = open_services +
li_start + protocol_type_names[protocol]:"" + ": " + String::EscapeTags (additional_services) + li_end + "\n";
});
ret_val = ret_val + ul_start + (open_services != "" ?
open_services
:
// TRANSLATORS: informative text
(li_start + _("Zone has no open ports.") + li_end)
) + ul_end + "\n";
}
}
return ret_val;
}
string SummaryCustomRules (string zone, boolean show_details) {
// FATE #303304: YaST Firewall module shall show custom rules on Summary page
list <map <string, string> > custom_rules = SuSEFirewallExpertRules::GetListOfAcceptRules (zone);
if (custom_rules == nil) {
y2error ("Wrong custom rules for %1", zone);
return "";
} else if (size (custom_rules) == 0) {
y2milestone ("No custom rules defined");
return "";
}
// Example:
// All requests from network 80.44.11.0/24 to UDP port 53 originating on port 53
// $[ "network" : "80.44.11.0/24", "protocol" : "udp", "dport" : "53", "sport" : "53" ]
//
// Possible keys for parameters are "network", "protocol", "dport" and "sport".
// Mandatory are "network" and "protocol".
string rules = "<h3>" + _("Custom Rules") + "</h3>";
rules = rules + ul_start;
if (! show_details) {
rules = rules + li_start + sformat (_("%1 custom rules are defined"), size (custom_rules)) + li_end;
} else {
foreach (map <string, string> one_rule, custom_rules, {
string proto = one_rule["protocol"]:"tcp";
string one_rule_s = li_start + sformat (
_("Network: <i>%1</i>, Protocol: <i>%2</i>, Destination port: <i>%3</i>, Source port: <i>%4</i>"),
String::EscapeTags (one_rule["network"]:_("All")),
String::EscapeTags (SuSEFirewall::GetProtocolTranslatedName (one_rule["protocol"]:_("All"))),
(one_rule["dport"]:"" != "" ? String::EscapeTags (UserReadablePortName (one_rule["dport"]:"", proto)) : _("All")),
(one_rule["sport"]:"" != "" ? String::EscapeTags (UserReadablePortName (one_rule["sport"]:"", proto)) : _("All"))
) + li_end;
rules = rules + one_rule_s;
});
}
rules = rules + ul_end;
return rules;
}
string SummaryZoneBody (string zone_id, boolean show_details) {
return
ul_start + "\n" +
SummaryInterfacesInZone (zone_id) +
SummaryOpenServicesInZone (zone_id, show_details) +
SummaryCustomRules (zone_id, show_details) +
ul_end + "\n";
}
string SummaryFirewallStart () {
// TRANSLATORS: Summary header item
string ret_message = "\n" + (SuSEFirewallUI::simple_text_output ?
// TRANSLATORS: CommandLine Summary header
String::UnderlinedHeader(_("Firewall Starting"),0)
:
// TRANSLATORS: UI Summary header
("<h2>" + _("Firewall Starting") + "</h2>")
) + "\n";
ret_message = ret_message + ul_start;
// Firewall is enabled/disabled in the boot process
if (SuSEFirewall::GetEnableService()) {
// TRANSLATORS: Summary text item
ret_message = ret_message + li_start + _("<b>Enable</b> firewall automatic starting") + li_end + "\n\n";
} else {
// TRANSLATORS: Summary text item
ret_message = ret_message + li_start + _("<b>Disable</b> firewall automatic starting") + li_end + "\n\n";
}
// Firewall should be running/stopped
if (SuSEFirewall::GetStartService()) {
// Is running and will be running again
if (SuSEFirewall::IsStarted()) {
// TRANSLATORS: Summary text item
ret_message = ret_message + li_start + _("Firewall starts after the configuration gets written") + li_end + "\n";
// Is stopped and will be running
} else {
// TRANSLATORS: Summary text item
ret_message = ret_message + li_start + _("Firewall <b>starts</b> after the configuration gets written") + li_end + "\n";
}
} else {
// Is running and will be stopped
if (SuSEFirewall::IsStarted()) {
// TRANSLATORS: Summary text item
ret_message = ret_message + li_start + _("Firewall <b>will be stopped</b> after the configuration is written") + li_end + "\n";
// Is not running and will not be running
} else {
// TRANSLATORS: Summary text item
ret_message = ret_message + li_start + _("Firewall will not start after the configuration is written") + li_end + "\n";
}
}
ret_message = ret_message + ul_end + "\n\n";
return ret_message;
}
string SummaryUnassignedInterfaces () {
string ret_message = "\n" + (SuSEFirewallUI::simple_text_output ?
// TRANSLATORS: Summary text item
String::UnderlinedHeader(_("Unassigned Interfaces"),0)
:
// TRANSLATORS: Summary text item
("<h2>" + _("Unassigned Interfaces") + "</h2>")
) + "\n";
list <string> special_strings = [];
foreach (string zone, SuSEFirewall::GetKnownFirewallZones(), {
special_strings = (list<string>)
union(special_strings, SuSEFirewall::GetSpecialInterfacesInZone(zone));
});
if (contains(special_strings, "any") || contains(special_strings, "auto")) {
y2milestone("Special strings 'any' or 'auto' presented, skipping...");
return "";
}
integer interfaces_unassigned = 0;
ret_message = ret_message + ul_start +
// TRANSLATORS: Warning plain text in summary
_("No network traffic is permitted through these interfaces.");
foreach (map <string, string> interface, SuSEFirewall::GetAllKnownInterfaces(), {
if (interface["zone"]:nil==nil) {
ret_message = ret_message + li_start + " " +
((interface["name"]:nil == nil || interface["name"]:nil == "") ?
interface["id"]:""
:
sformat ("%1 / %2", interface["name"]:"", interface["id"]:"")
)
+ li_end + "\n";
interfaces_unassigned = interfaces_unassigned + 1;
}
});
ret_message = ret_message + ul_end + "\n";
// no need to return the headline when all interfaces are assigned
if (interfaces_unassigned == 0) return "";
return ret_message;
}
string InitBoxSummary (list <string> for_zones) {
show_details = SuSEFirewallUI::GetShowSummaryDetails();
y2milestone ("Regenerating summary dialog, details: %1", show_details);
// just as first init
UI::ChangeWidget (`id ("show_details"), `Value, show_details);
string summary =
SummaryFirewallStart() +
"<hr />" +
SummaryUnassignedInterfaces();
if (size(for_zones)==0) for_zones = SuSEFirewall::GetKnownFirewallZones();
foreach (string zone_id, SuSEFirewall::GetKnownFirewallZones(), {
if (contains(for_zones,zone_id)) {
summary = summary
+ SummaryZoneHeader (zone_id)
+ SummaryZoneBody (zone_id, show_details);
}
});
if (Mode::normal() && !Mode::commandline()) {
UI::ChangeWidget(`id("box_summary_richtext"), `Value, summary);
}
return summary;
}
/* EOF */
}
ACC SHELL 2018