Начата работа с профилями безопасности. Рализован вывод списка профилей и добавление профиля

This commit is contained in:
Sergey Kalinin 2018-06-24 13:16:09 +03:00
parent 7b78146d81
commit 72cae7dc26
2 changed files with 165 additions and 6 deletions

View File

@ -171,7 +171,7 @@ proc InsertClusterItems {tree id} {
$tree insert $parent end -id "sessions::$id" -text "Сеансы" -values "sessions-all"
$tree insert $parent end -id "locks::$id" -text "Блокировки" -values "blocks-all"
$tree insert $parent end -id "connections::$id" -text "Соединения" -values "connections-all"
$tree insert $parent end -id "profiles::$id" -text "Профили безопасности" -values "secureprofiles-all"
$tree insert $parent end -id "profiles::$id" -text "Профили безопасности" -values $id
}
proc InsertBaseItems {tree id} {
@ -203,6 +203,26 @@ proc InsertWorkServerItems {tree id} {
}
}
proc InsertProfileItems {tree id} {
set parent "profile::$id"
set lst {
{dir "Виртуальные каталоги"}
{com "Разрешённые COM-классы"}
{addin "Внешние компоненты"}
{module "Внешние отчёты и обработки"}
{app "Разрешённые приложения"}
{inet "Ресурсы интернет"}
}
foreach i $lst {
append item [lindex $i 0] "::$id"
if { [$tree exists $item] == 0 } {
$tree insert $parent end -id $item -text [lindex $i 1] -values "$id"
}
unset item
}
}
proc GetInfobases {cluster host} {
global active_cluster cluster_user cluster_pwd auth
if {$cluster_user ne "" && $cluster_pwd ne ""} {
@ -406,7 +426,7 @@ proc Run::servers {tree host values} {
}
set lst [RunCommand infobase::$values "server list --cluster=$active_cluster $auth $host"]
puts ">>>>>>>$lst<<<<"
if {$lst eq ""} {return}
foreach l $lst {
foreach i $l {
@ -429,10 +449,11 @@ proc Run::servers {tree host values} {
$tree insert "servers::$values" end -id "work_server::$id" \
-text "[lindex $server($x) 1]" -values "$id"
}
InsertWorkServerItems $tree $id
}
#Run::List $tree $host $values server
InsertWorkServerItems $tree $id
}
#Run::List $tree $host $values server
}
proc Run::work_server {tree host values} {
global active_cluster work_list_row_count cluster_user cluster_pwd
if {$cluster_user ne "" && $cluster_pwd ne ""} {
@ -446,8 +467,40 @@ proc Run::work_server {tree host values} {
InsertItemsWorkList $l
}
}
proc Run::profile {tree host values} {
return
}
proc Run::profiles {tree host values} {
Run::List $tree $host $values profile
global active_cluster work_list_row_count cluster_user cluster_pwd
if {$cluster_user ne "" && $cluster_pwd ne ""} {
set auth "--cluster-user=$cluster_user --cluster-pwd=$cluster_pwd"
} else {
set auth ""
}
.frm_work.tree_work delete [ .frm_work.tree_work children {}]
set lst [RunCommand "" "profile list --cluster=$active_cluster $auth $host"]
foreach l $lst {
foreach i $l {
set profile_list [split $i ":"]
#InsertItemsWorkList $server_list
if {[string trim [lindex $profile_list 0]] eq "name"} {
set profile_name [string trim [lindex $profile_list 1]]
lappend profiles($profile_name) $profile_name
}
}
#puts $l
InsertItemsWorkList $l
}
foreach x [array names profiles] {
set id [lindex $profiles($x) 0]
if { [$tree exists "profile::$id"] == 0 } {
$tree insert "profiles::$values" end -id "profile::$id" \
-text $id -values "$id"
}
InsertProfileItems $tree $id
}
}
proc Run::processes {tree host values} {
Run::List $tree $host $values process
@ -1087,6 +1140,89 @@ proc Add::rule {tree host values} {
}
return $frm
}
proc Add::profiles {tree host values} {
Add::profile $tree $host $values
}
proc Add::profile {tree host values} {
global default active_cluster server agent_user agent_pwd cluster_user cluster_pwd auth
global config priv crypto right_extension right_extension_definition_roles \
all_modules_extension modules_available_for_extension modules_not_available_for_extension
if {$cluster_user ne "" && $cluster_pwd ne ""} {
set auth "--cluster-user=$cluster_user --cluster-pwd=$cluster_pwd"
} else {
set auth ""
}
set var_list {config priv crypto right_extension all_modules_extension }
foreach v $var_list {set $v "off"; puts $v}
set var_list {right_extension_definition_roles modules_available_for_extension modules_not_available_for_extension}
foreach v $var_list {set $v 0; puts $v}
unset var_list
puts ">>>$right_extension_definition_roles"
set frm [AddToplevel "Профиль безопасности" security_grey_64]
label $frm.lbl_name -text "Имя профиля"
entry $frm.ent_name
label $frm.lbl_descr -text "Описание"
entry $frm.ent_descr
label $frm.lbl_config -justify left -anchor nw -text "Использование профиля из конфигурации"
checkbutton $frm.check_config -variable config -onvalue yes -offvalue no
label $frm.lbl_priv -justify left -anchor nw -text "Привилегированный режим"
checkbutton $frm.check_priv -variable priv -onvalue yes -offvalue no
label $frm.lbl_crypto -justify left -anchor nw -text "Разрешено использование криптографии"
checkbutton $frm.check_crypto -variable crypto -onvalue yes -offvalue no
label $frm.lbl_right_extension -justify left -anchor nw -text "Любое расширение прав доступа"
checkbutton $frm.check_right_extension -variable right_extension -onvalue yes -offvalue no
label $frm.lbl_right_extension_definition_roles -justify left -anchor nw -text "Роли, ограничивающие расширение прав доступа"
ttk::combobox $frm.cb_right_extension_definition_roles -textvariable right_extension_definition_roles
label $frm.lbl_all_modules_extension -justify left -anchor nw -text "Расширение всех модулей"
checkbutton $frm.check_all_modules_extension -variable all_modules_extension -onvalue yes -offvalue no
label $frm.lbl_modules_available_for_extension -text "Доступные для расширения модули"
ttk::combobox $frm.cb_modules_available_for_extension -textvariable modules_available_for_extension
label $frm.lbl_modules_not_available_for_extension -text "Недоступные для расширения модули"
ttk::combobox $frm.cb_modules_not_available_for_extension -textvariable modules_not_available_for_extension
grid $frm.lbl_name -row 0 -column 0 -sticky nw -padx 5 -pady 5
grid $frm.ent_name -row 0 -column 1 -sticky nsew -padx 5 -pady 5
grid $frm.lbl_descr -row 1 -column 0 -sticky nw -padx 5 -pady 5
grid $frm.ent_descr -row 1 -column 1 -sticky nsew -padx 5 -pady 5
grid $frm.lbl_config -row 2 -column 0 -sticky nw -padx 5 -pady 5
grid $frm.check_config -row 2 -column 1 -sticky nw -padx 5 -pady 5
grid $frm.lbl_priv -row 3 -column 0 -sticky nw -padx 5 -pady 5
grid $frm.check_priv -row 3 -column 1 -sticky nw -padx 5 -pady 5
grid $frm.lbl_crypto -row 4 -column 0 -sticky nw -padx 5 -pady 5
grid $frm.check_crypto -row 4 -column 1 -sticky nw -padx 5 -pady 5
grid $frm.lbl_right_extension -row 5 -column 0 -sticky nw -padx 5 -pady 5
grid $frm.check_right_extension -row 5 -column 1 -sticky nw -padx 5 -pady 5
grid $frm.lbl_right_extension_definition_roles -row 6 -column 0 -sticky nw -padx 5 -pady 5
grid $frm.cb_right_extension_definition_roles -row 6 -column 1 -sticky nsew -padx 5 -pady 5
grid $frm.lbl_all_modules_extension -row 7 -column 0 -sticky nw -padx 5 -pady 5
grid $frm.check_all_modules_extension -row 7 -column 1 -sticky nw -padx 5 -pady 5
grid $frm.lbl_modules_available_for_extension -row 8 -column 0 -sticky nw -padx 5 -pady 5
grid $frm.cb_modules_available_for_extension -row 8 -column 1 -sticky nsew -padx 5 -pady 5
grid $frm.lbl_modules_not_available_for_extension -row 9 -column 0 -sticky nw -padx 5 -pady 5
grid $frm.cb_modules_not_available_for_extension -row 9 -column 1 -sticky nsew -padx 5 -pady 5
.add.frm_btn.btn_ok configure -command {
RunCommand "" "profile update \
--cluster=$active_cluster $auth \
--name=[.add.frm.ent_name get] \
--descr=[.add.frm.ent_descr get] \
--config=$config \
--priv=$priv \
--crypto=$crypto \
--right-extension=$right_extension \
--right-extension-definition-roles=$right_extension_definition_roles \
--all-modules-extension=$all_modules_extension \
--modules-available-for-extension=$modules_available_for_extension \
--modules-not-available-for-extension=$modules_not_available_for_extension \
$host"
Run::profiles $tree $host $server
destroy .add
}
return $frm
}
proc Edit {} {
global active_cluster host
@ -1772,3 +1908,4 @@ proc Del::server {tree host values} {
}
}

View File

@ -461,3 +461,25 @@ image create photo administrator_grey_64 -data {
N20hJbui9z9hKspOzhtNboxLDDBSvSAxV0TNbGIjr9BqrILLzFEAosSeCmFlsoxxk98Y1jMLqopV
Pc0kSbCSJppYSiONVZDKzDHDNDnuMsUkd7SlRz0E+8H/VYKZPhwAAAAASUVORK5CYII=
}
image create photo security_grey_64 -data {
iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAA
CxMAAAsTAQCanBgAAAAHdElNRQfiBhgICCh+yumzAAAD+UlEQVRo3sWZXWgUVxTHf9mui9ggS2hE
QhrsF9igQdYoaUBJtDS21FhpY4sgmFDB+2ChRbAl5GkJWhAqvhxEsPhmxYIVwRhSGqykQdJaNH6g
QZdtCKI2LCGEZQmhL5LurDOz587O6H2aOffM//w59845555bRYBhkrzPezRSTzUwyyS3+YMhydlj
VVkb34ZhGwmXqQIDiAxESMC08gMbyyhd42sZiYCASfA9XxFTqC5wnENSCJWAeY1faLVw1gg75Glo
BMxKfmO15Wa5S7s8CoWAqeZ31nlMzgNxj7m/2SSz5dA1a3rSxfwkR2inVpbIEmpp5wiTz+ms42QI
HjC7+KlENM13nJL5Er04PRympkT3czlbEQGzjPvUOUSjfCpTHtp1/EyLQzTFOzJXyRLsLzE/zFYv
8yBTbGXYIapjfwUeMDEe0lAkyLBepsv4rIY/WVUkyPKGLAT1QJvDPOwrZx5kmn0OQQNtwZdgh+Nt
UIY0AUCGGPRBsSKw2YmsDkLig6InYOI0Fr3m0ee5AfJFb40mHswD9Y6kOy55tQPyjBe9JqgPRsAZ
VLJWmSDrg6Qm4Cw65qwIzPkgWeeC/9MO4WvHeMnjpROIB//ULCdJDFggJzMvkIBZxS46SJEskuX4
i8uclUzEBMwa0nS6LFySLWzhsLlAn4xHRMDESXPQ94sYn/CxOUpfFARq+NU/qi8ifksruTAIrHS8
dVr4dbMvkq4gMcu5WVINBB9Z1nr9J95xIB2aeWggbekB8zZ3KokRLqH5XZmw8UBvqOYhTq+FB8wK
/vHLYIFGgdflsdYDu0M3Dwl265egSwU5wzG66OIYukzQpVwCk+SJYgfc5kN5VveYBi456kevjVj7
fBPHzQMtCvMFdspi2SVZdlJQbMQW3RI0Kdx5Ue45ytB7XFR81aQj8JYC6rpCokJ2I1CngHpVIVEh
uxGoVkB9oJCokIPWhCmz1/Hn7CUVXlGqa7CdMD2L5ns4oYyGKgKq9hoJ9iw+71FGTmUofhBZDZ7R
EbgVGYFbOgKjkREYVRGQDBORmJ+QjPY3PB8JgfP6dHw6EgKn1QRkvKTb5z6Wujx5j2H3E5NXJOxX
QDabFIBJ0azQ7rc9F1xWRPdZzgBfKLLHoHTYnowOcJ1lZZPLl8qGzQGvqVe8Jsb+3TDDRyFtv2/k
kjUBGLu2YTVrQjB/Rg4FbdF0c6Vi81foDtwjkjzbuVqR+ats929wlilIZIYOzgU2f46Oct0j3a3Z
Qfqtz0oFeuVoeTXtvWETYnlvaOSGRtHi6tZ8Rp/qzHCDtKiXzfLy2rTRTWdxg84xclzgRxm2Qayy
31kmTjOtrOVNVrAUyPOYB9xkhDGZt0X7D6zc881zDmwYAAAAAElFTkSuQmCC
}