1 | #!?usr/local/bin/python |
---|
2 | |
---|
3 | import gtk |
---|
4 | import ConfigParser |
---|
5 | import os.path |
---|
6 | import re |
---|
7 | import Creddy |
---|
8 | |
---|
9 | from policy import policy |
---|
10 | |
---|
11 | from principal_tree import principal_issued_tree, \ |
---|
12 | principal_assigned_tree, principal_attribute_tree, \ |
---|
13 | principal_rules_tree, principal_action_tree, action_principal_tree |
---|
14 | |
---|
15 | from new_credential import add_credential_dialog, add_principal_dialog, \ |
---|
16 | mark_action_dialog |
---|
17 | |
---|
18 | class window(gtk.Window): |
---|
19 | ''' |
---|
20 | The main GUI class. It presents the various TreeViews and menus to |
---|
21 | save/load/add, to add credentials, identities and actions and to change the |
---|
22 | policy translation variable. It keeps its current size and location in the |
---|
23 | .abac_policy_tool.cfg file in the user's home. |
---|
24 | ''' |
---|
25 | |
---|
26 | # Definition of the menus |
---|
27 | ui_def = ''' |
---|
28 | <ui> |
---|
29 | <menubar> |
---|
30 | <menu action="FileMenu"> |
---|
31 | <menuitem name="New" action="FileNew"/> |
---|
32 | <menuitem name="Load" action="FileLoad"/> |
---|
33 | <menuitem name="Append" action="FileAppend"/> |
---|
34 | <menuitem name="Save" action="FileSave"/> |
---|
35 | <menuitem name="Quit" action="FileQuit"/> |
---|
36 | </menu> |
---|
37 | <menu action="EditMenu"> |
---|
38 | <menuitem action="EditAddCred"/> |
---|
39 | <menuitem action="EditAddPrincipal"/> |
---|
40 | <menuitem action="EditMarkAction"/> |
---|
41 | </menu> |
---|
42 | <menu action="ViewMenu"> |
---|
43 | <menu action="Translation"> |
---|
44 | <menuitem name="ViewSet" action="ViewSet"/> |
---|
45 | <menuitem name="ViewRole description" action="ViewRole"/> |
---|
46 | <menuitem name="ViewNames" action="ViewName"/> |
---|
47 | <menuitem name="ViewRaw" action="ViewRaw"/> |
---|
48 | </menu> |
---|
49 | </menu> |
---|
50 | </menubar> |
---|
51 | </ui> |
---|
52 | ''' |
---|
53 | # Path to the configuration |
---|
54 | cfg_path = os.path.join(os.path.expanduser('~'), '.abac_policy_tool.cfg') |
---|
55 | |
---|
56 | @staticmethod |
---|
57 | def wrapit(widget): |
---|
58 | ''' |
---|
59 | Put widget into a ScrolledWindow with automatic scrollbars on both |
---|
60 | directions, and return the ScrolledWindow. |
---|
61 | ''' |
---|
62 | sw = gtk.ScrolledWindow() |
---|
63 | sw.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC) |
---|
64 | sw.add(widget) |
---|
65 | return sw |
---|
66 | |
---|
67 | def report_error(self, message): |
---|
68 | ''' |
---|
69 | Put a MessageDialog up with the given message. This is a member method |
---|
70 | so that it can be centered on the window. |
---|
71 | ''' |
---|
72 | md = gtk.MessageDialog(self, gtk.DIALOG_MODAL, |
---|
73 | gtk.MESSAGE_ERROR, gtk.BUTTONS_CLOSE, |
---|
74 | message) |
---|
75 | md.run() |
---|
76 | md.destroy() |
---|
77 | |
---|
78 | def __init__(self, policy): |
---|
79 | ''' |
---|
80 | Initialize all the GTK hooks for menus, put the various TreeViews up |
---|
81 | (connected to the policy) and read teh configuration for current |
---|
82 | position. |
---|
83 | ''' |
---|
84 | gtk.Window.__init__(self, gtk.WINDOW_TOPLEVEL) |
---|
85 | self.policy = policy |
---|
86 | self.set_title('ABAC Policy Tool') |
---|
87 | self.connect('destroy', self.quit) |
---|
88 | self.connect('show', self.shown) |
---|
89 | self.connect('configure-event', self.changed) |
---|
90 | self.pos = (0,0) |
---|
91 | self.size = (500, 500) |
---|
92 | # These are the TreeViews that will change when policy changes |
---|
93 | self.pages = [ ] |
---|
94 | # These are the TreeViews that change when policy translation changes |
---|
95 | self.translated = [ ] |
---|
96 | |
---|
97 | self.read_config() |
---|
98 | |
---|
99 | # Hook up thr TreeViews |
---|
100 | nb = gtk.Notebook() |
---|
101 | p = action_principal_tree(policy) |
---|
102 | nb.append_page(self.wrapit(p), |
---|
103 | gtk.Label("Principals by action permitted")) |
---|
104 | self.pages.append(p) |
---|
105 | self.translated.append(p) |
---|
106 | |
---|
107 | p = principal_action_tree(policy) |
---|
108 | nb.append_page(self.wrapit(p), |
---|
109 | gtk.Label("Actions perimtted to principals")) |
---|
110 | self.pages.append(p) |
---|
111 | self.translated.append(p) |
---|
112 | |
---|
113 | p = principal_issued_tree(policy) |
---|
114 | nb.append_page(self.wrapit(p), gtk.Label("Attributes Directly Issued")) |
---|
115 | self.pages.append(p) |
---|
116 | |
---|
117 | p = principal_rules_tree(policy) |
---|
118 | nb.append_page(self.wrapit(p), gtk.Label("Rules declared")) |
---|
119 | self.pages.append(p) |
---|
120 | self.translated.append(p) |
---|
121 | |
---|
122 | p = principal_assigned_tree(policy) |
---|
123 | nb.append_page(self.wrapit(p), gtk.Label("Attributes Directly Held")) |
---|
124 | self.pages.append(p) |
---|
125 | |
---|
126 | p = principal_attribute_tree(policy) |
---|
127 | nb.append_page(self.wrapit(p), gtk.Label("All Attributes")) |
---|
128 | self.pages.append(p) |
---|
129 | self.translated.append(p) |
---|
130 | |
---|
131 | # Make the Menus real |
---|
132 | ui = gtk.UIManager() |
---|
133 | ag = gtk.ActionGroup('action') |
---|
134 | ag.add_actions(( |
---|
135 | ('FileMenu', None, 'File'), |
---|
136 | ('FileNew', gtk.STOCK_NEW, None, None, None, self.new), |
---|
137 | ('FileSave', gtk.STOCK_SAVE, None, None, None, self.save), |
---|
138 | ('FileQuit', gtk.STOCK_QUIT, None, None, None, self.quit), |
---|
139 | ('EditMenu', None, 'Edit'), |
---|
140 | ('EditAddCred', None, "Add Credential", None, None, self.add_cred), |
---|
141 | ('EditAddPrincipal', None, "Add Principal", None, None, |
---|
142 | self.add_principal), |
---|
143 | ('EditMarkAction', None, "Mark Action", None, None, |
---|
144 | self.mark_action), |
---|
145 | ('ViewMenu', None, 'View'), |
---|
146 | ('Translation', None, 'Translate Credentials'), |
---|
147 | )) |
---|
148 | # load and append call the same method with different user data - |
---|
149 | # whether to clear current policy or not. |
---|
150 | ag.add_actions(( |
---|
151 | ('FileLoad', gtk.STOCK_OPEN, None, None, None, self.load), |
---|
152 | ), True) |
---|
153 | ag.add_actions(( |
---|
154 | ('FileAppend', gtk.STOCK_ADD, None, None, None, self.load), |
---|
155 | ), False) |
---|
156 | ag.add_radio_actions([ |
---|
157 | ('ViewSet', None, 'Set based descriptions', None, None, 0), |
---|
158 | ('ViewRole', None, 'Role based descriptions', None, None, 1), |
---|
159 | ('ViewName', None, 'ABAC with symbolic names', None, None, 2), |
---|
160 | ('ViewRaw', None, 'Raw ABAC', None, None, 3),], |
---|
161 | 2, self.translation_change) |
---|
162 | |
---|
163 | ui.insert_action_group(ag, -1) |
---|
164 | ui.add_ui_from_string(window.ui_def) |
---|
165 | |
---|
166 | # Put it all together and show it. |
---|
167 | mb = ui.get_widget('ui/menubar') |
---|
168 | vb = gtk.VBox() |
---|
169 | vb.pack_start(mb, False, False, 0) |
---|
170 | vb.pack_start(nb, True, True, 0) |
---|
171 | |
---|
172 | self.add(vb) |
---|
173 | self.show_all() |
---|
174 | |
---|
175 | def quit(self, widget=None, data=None): |
---|
176 | ''' |
---|
177 | Called from File->Quit in the menu. Save location/size and exit |
---|
178 | ''' |
---|
179 | self.save_config() |
---|
180 | gtk.main_quit() |
---|
181 | |
---|
182 | def save(self, widget=None, data=None): |
---|
183 | ''' |
---|
184 | Save the current state to a file. Wrangle the FileChooserDialog to |
---|
185 | pick the file and write to it. |
---|
186 | ''' |
---|
187 | d = gtk.FileChooserDialog('Save file as', self, |
---|
188 | gtk.FILE_CHOOSER_ACTION_SAVE, ( |
---|
189 | gtk.STOCK_CANCEL, gtk.RESPONSE_CANCEL, |
---|
190 | gtk.STOCK_OK, gtk.RESPONSE_OK)) |
---|
191 | fil = gtk.FileFilter() |
---|
192 | fil.set_name('Zip files') |
---|
193 | fil.add_pattern('*.zip') |
---|
194 | d.set_select_multiple(False) |
---|
195 | d.set_current_folder('.') |
---|
196 | d.set_do_overwrite_confirmation(True) |
---|
197 | d.add_filter(fil) |
---|
198 | # If the policy has been saved, start at that file. |
---|
199 | if self.policy.filename is not None: |
---|
200 | d.set_filename(self.policy.filename) |
---|
201 | # Display the chooser |
---|
202 | rv = d.run() |
---|
203 | d.hide() |
---|
204 | # Write if the user wants to do it. |
---|
205 | if rv == gtk.RESPONSE_OK: |
---|
206 | self.policy.write_zip(d.get_filename()) |
---|
207 | d.destroy() |
---|
208 | |
---|
209 | def new(self, widget=None, data=None): |
---|
210 | ''' |
---|
211 | Called when the user asks for a blank policy. Put up a confirmation |
---|
212 | and clear if confirmed. |
---|
213 | ''' |
---|
214 | d = gtk.MessageDialog(self, gtk.DIALOG_MODAL, |
---|
215 | gtk.MESSAGE_ERROR, gtk.BUTTONS_OK_CANCEL, |
---|
216 | "Clear this policy?") |
---|
217 | rv = d.run() |
---|
218 | if rv == gtk.RESPONSE_OK: |
---|
219 | self.policy.clear() |
---|
220 | # After clearing, tell the TreeViews |
---|
221 | for p in self.pages: |
---|
222 | p.recalc() |
---|
223 | d.destroy() |
---|
224 | |
---|
225 | def load(self, widget=None, data=None): |
---|
226 | ''' |
---|
227 | Called to either load or append to the loaded policy. data is the |
---|
228 | clearit parameter to the load call. Other than that, just put up a |
---|
229 | requester and do the thing. |
---|
230 | ''' |
---|
231 | d = gtk.FileChooserDialog('Load file', self, |
---|
232 | gtk.FILE_CHOOSER_ACTION_OPEN, ( |
---|
233 | gtk.STOCK_CANCEL, gtk.RESPONSE_CANCEL, |
---|
234 | gtk.STOCK_OK, gtk.RESPONSE_OK)) |
---|
235 | fil = gtk.FileFilter() |
---|
236 | fil.set_name('Zip files') |
---|
237 | fil.add_pattern('*.zip') |
---|
238 | d.set_select_multiple(False) |
---|
239 | d.set_current_folder('.') |
---|
240 | d.set_do_overwrite_confirmation(True) |
---|
241 | d.add_filter(fil) |
---|
242 | if self.policy.filename is not None: |
---|
243 | d.set_filename(self.policy.filename) |
---|
244 | rv = d.run() |
---|
245 | d.hide() |
---|
246 | if rv == gtk.RESPONSE_OK: |
---|
247 | self.policy.read_zip(d.get_filename(), data) |
---|
248 | # Tell the TreeViews to update. |
---|
249 | for p in self.pages: |
---|
250 | p.recalc() |
---|
251 | d.destroy() |
---|
252 | |
---|
253 | def add_principal(self, widget=None, data=None): |
---|
254 | ''' |
---|
255 | Called to add a principal with a user-supplied mnemonic name to the |
---|
256 | current policy. Do not allow duplicate mnemonic names. |
---|
257 | ''' |
---|
258 | while True: |
---|
259 | # Ask for a name |
---|
260 | d = add_principal_dialog(self) |
---|
261 | rv = d.run() |
---|
262 | d.hide() |
---|
263 | if rv == gtk.RESPONSE_OK: |
---|
264 | # Build the certificate |
---|
265 | name = d.pname.get_text() |
---|
266 | if name not in self.policy.principal_names(): |
---|
267 | try: |
---|
268 | cid = Creddy.ID(name, 5 * 3600 * 24 * 365) |
---|
269 | except RuntimeError, e: |
---|
270 | # Note this retries on failure |
---|
271 | self.report_error('Cannot create principal: %s' % e) |
---|
272 | continue |
---|
273 | # Identity to policy |
---|
274 | self.policy.add_identity(cid) |
---|
275 | # Update the trees |
---|
276 | for p in self.pages: |
---|
277 | p.recalc() |
---|
278 | # clean up the dialog |
---|
279 | d.destroy() |
---|
280 | return |
---|
281 | else: |
---|
282 | # Duplicate, retry |
---|
283 | d.destroy() |
---|
284 | self.report_error('Cannot overwrite name: %s' % name) |
---|
285 | else: |
---|
286 | # Cancel leave this function |
---|
287 | d.destroy() |
---|
288 | return |
---|
289 | |
---|
290 | def add_cred(self, widget=None, data=None): |
---|
291 | ''' |
---|
292 | Create a new credential and add it to the policy. Most of the work is |
---|
293 | parsing the data out of teh add credential dialog which may be |
---|
294 | reporting a request for one of three kinds of credential. |
---|
295 | ''' |
---|
296 | # Ask the user what they want |
---|
297 | d = add_credential_dialog(self, self.policy) |
---|
298 | rv = d.run() |
---|
299 | d.hide() |
---|
300 | if rv == gtk.RESPONSE_OK: |
---|
301 | # The name and issuer are always teh same |
---|
302 | iname = d.issuer.get_active_text() |
---|
303 | issuer = self.policy.issuers[self.policy.name_to_keyid(iname)] |
---|
304 | role = re.sub('\.', '_', d.role.get_text()) |
---|
305 | cred = None |
---|
306 | try: |
---|
307 | # Base credential |
---|
308 | cred = Creddy.Attribute(issuer, role, 5 * 365 * 3600 * 24) |
---|
309 | except RuntimeError, e: |
---|
310 | print e |
---|
311 | pass |
---|
312 | |
---|
313 | if cred is None: |
---|
314 | self.report_error("Missing or invalid role") |
---|
315 | d.destroy() |
---|
316 | return |
---|
317 | |
---|
318 | mode = d.mechanism.get_active_text() |
---|
319 | # Principal is always in the results |
---|
320 | p = d.subject_principal.get_text() |
---|
321 | p = self.policy.name_to_keyid(p) |
---|
322 | # Collect the dependent components |
---|
323 | if p is None: |
---|
324 | self.report_error("Missing or invalid subject principal") |
---|
325 | d.destroy() |
---|
326 | return |
---|
327 | if mode == 'Direct delegation' or mode == 'Delegation to role': |
---|
328 | r = d.subject_role.get_text() |
---|
329 | if r is None or r == '': |
---|
330 | self.report_error("Missing or invalid subject role") |
---|
331 | d.destroy() |
---|
332 | return |
---|
333 | if mode == 'Delegation to role': |
---|
334 | l = d.subject_link.get_text() |
---|
335 | if l is None or l == '': |
---|
336 | self.report_error("Missing or invalid subject linking role") |
---|
337 | d.destroy() |
---|
338 | return |
---|
339 | # Build that sucker |
---|
340 | if mode == 'Direct assignment': cred.principal(p) |
---|
341 | elif mode == 'Direct delegation': cred.role(p, r) |
---|
342 | else: cred.linking_role(p, l, r) |
---|
343 | |
---|
344 | try: |
---|
345 | # Actual creation |
---|
346 | cred.bake() |
---|
347 | except: |
---|
348 | self.report_error("Could not create credential?!") |
---|
349 | d.destroy() |
---|
350 | return |
---|
351 | # Add to policy |
---|
352 | self.policy.add_credential(cred) |
---|
353 | # Update the TreeViews |
---|
354 | for p in self.pages: |
---|
355 | p.recalc() |
---|
356 | d.destroy() |
---|
357 | |
---|
358 | def mark_action(self, widget=None, data=None): |
---|
359 | ''' |
---|
360 | Mark an action. Collect the user's request and propagate it. |
---|
361 | ''' |
---|
362 | d = mark_action_dialog(self, self.policy) |
---|
363 | rv = d.run() |
---|
364 | d.hide() |
---|
365 | if rv == gtk.RESPONSE_OK: |
---|
366 | action = d.get_value() |
---|
367 | if action is not None: |
---|
368 | self.policy.add_action(action) |
---|
369 | # Tell the TreeViews |
---|
370 | for p in self.pages: |
---|
371 | p.recalc() |
---|
372 | d.destroy() |
---|
373 | |
---|
374 | |
---|
375 | def shown(self, w): |
---|
376 | ''' |
---|
377 | Handles an event where the window appears. Move to the saved position |
---|
378 | and size. |
---|
379 | ''' |
---|
380 | self.move(*self.pos) |
---|
381 | self.resize(*self.size) |
---|
382 | |
---|
383 | def changed(self, w, e): |
---|
384 | ''' |
---|
385 | Handles an event where the window changes (resizes or moves). Remember |
---|
386 | the size and position. |
---|
387 | ''' |
---|
388 | self.pos = self.get_position() |
---|
389 | self.size = self.get_size() |
---|
390 | |
---|
391 | def translation_change(self, ra, c, user=None): |
---|
392 | ''' |
---|
393 | Called from any of the menu items that request a translation change. |
---|
394 | They're radio buttons, so each one unsets the last. Translate the |
---|
395 | radio value into the right policy string, set the translation value and |
---|
396 | update the TreeViews that depend on translation. |
---|
397 | ''' |
---|
398 | cv = c.get_current_value() |
---|
399 | if cv == 0: self.policy.translate = 'sets' |
---|
400 | elif cv == 1: self.policy.translate = 'roles' |
---|
401 | elif cv == 2: self.policy.translate = 'keyids' |
---|
402 | elif cv == 3: self.policy.translate = 'none' |
---|
403 | else: print >>sys.stderr, 'Unknown translation type!?' |
---|
404 | |
---|
405 | for p in self.translated: |
---|
406 | p.recalc() |
---|
407 | |
---|
408 | def get_intpair(self, sect, opt): |
---|
409 | ''' |
---|
410 | Utility to pull a pair of integers from a configuration file. The size |
---|
411 | and position are thsi kind of data, so this is used a couple places. |
---|
412 | ''' |
---|
413 | if not self.cfg.has_section(sect): |
---|
414 | self.cfg.add_section(sect) |
---|
415 | |
---|
416 | if self.cfg.has_option(sect, opt): |
---|
417 | try: |
---|
418 | return [int(x) for x in self.cfg.get(sect, opt).split(',', 1)] |
---|
419 | except ValueError: |
---|
420 | return None |
---|
421 | else: |
---|
422 | return None |
---|
423 | |
---|
424 | def read_config(self): |
---|
425 | ''' |
---|
426 | Get the saved size and position from the config file, if any |
---|
427 | ''' |
---|
428 | self.cfg = ConfigParser.SafeConfigParser() |
---|
429 | self.cfg.read(window.cfg_path) |
---|
430 | |
---|
431 | self.pos = self.get_intpair('geom', 'pos') or ( 0, 0) |
---|
432 | self.size = self.get_intpair('geom', 'size') or ( 500, 500) |
---|
433 | |
---|
434 | |
---|
435 | def save_config(self): |
---|
436 | ''' |
---|
437 | Save the current postion to the default config file. |
---|
438 | ''' |
---|
439 | self.cfg.set('geom', 'pos', '%d,%d' % self.pos) |
---|
440 | self.cfg.set('geom', 'size', '%d,%d' % self.size) |
---|
441 | try: |
---|
442 | f = open(window.cfg_path, 'w') |
---|
443 | self.cfg.write(f) |
---|
444 | f.close() |
---|
445 | except EnvironmentError, e: |
---|
446 | pass |
---|