[Iscs-developers] ISCS/spm/src spmmainform.cpp,1.58,1.59 spmmainform.h,1.42,1.43 subrangeoptions.cpp
Status: Beta
Brought to you by:
jsulliva
From: <jsu...@us...> - 2003-11-25 01:35:27
|
Update of /cvsroot/iscs/ISCS/spm/src In directory sc8-pr-cvs1:/tmp/cvs-serv5576/spm/src Modified Files: spmmainform.cpp spmmainform.h subrangeoptions.cpp Log Message: Fully debugged Accessor and update code to this point Fixed problems with checks for DENY policies not including DENY policies for ancestors Fixed several issues when Accessors change PEPs Index: spmmainform.cpp =================================================================== RCS file: /cvsroot/iscs/ISCS/spm/src/spmmainform.cpp,v retrieving revision 1.58 retrieving revision 1.59 diff -C2 -d -r1.58 -r1.59 *** spmmainform.cpp 23 Nov 2003 10:05:34 -0000 1.58 --- spmmainform.cpp 25 Nov 2003 01:35:23 -0000 1.59 *************** *** 261,264 **** --- 261,279 ---- //================================================== + void SPMMainForm::actualRangeFWChanges( const QString & PEP, const QString & TypeAction, const QString & AG, const QString & ActualRange, bool Deny ) + { + QString S, Range, AR = ActualRange; + while( ! AR.isEmpty() ){ // Make the needed firewall changes + Range = AR.left(AR.find(";")); + AR = AR.remove(0, AR.find(";") + 1 ); + S = PEP + TypeAction + AG + "|" + Range + "|"; + so->FWChanges << S; + if (Deny) { + so->FWChanges << S + "d"; + } + } + } + //================================================== + QString SPMMainForm::buildAncestorWhere(const QString & Child, const QString & ChildType) { *************** *** 1046,1051 **** PBar->show(); QStringList::Iterator it = so->DbChanges.begin(); ! DiagTextEdit = new QTextEdit(so->DbChanges.join("\n")); ! DiagTextEdit->show(); while ( it != so->DbChanges.end()) { retry = false; --- 1061,1066 ---- PBar->show(); QStringList::Iterator it = so->DbChanges.begin(); ! // DiagTextEdit = new QTextEdit(so->DbChanges.join("\n")); ! // DiagTextEdit->show(); while ( it != so->DbChanges.end()) { retry = false; *************** *** 1565,1569 **** // get Access Groups ! so->Sql = "select count(dn) from access_groups, accessors_x509, security_policies where policytype='deny' and security_policies.accessgroup=access_groups.accessgroup and keystring1=dn and keystring2=ca and tablename='accessors_x509';"; if ( ! so->sqlExec("access_groups or accessors_x509") ) { File->remove(); --- 1580,1589 ---- // get Access Groups ! if ( so->DbVendor == "QPSQL7" ){ // PostgreSQL and those who use || for concatenation ! so->Sql = "select count(dn) from access_groups, accessors_x509, security_policies where policytype='deny' and keystring1=dn and keystring2=ca and (security_policies.accessgroup=access_groups.accessgroup or (access_groups.accessgroup=security_policies.accessgroup or access_groups.accessgroup like (security_policies.accessgroup||'/%'))) and tablename='accessors_x509';"; ! } ! else { // MySQL and those who use concat() for concatenation ! so->Sql = "select count(dn) from access_groups, accessors_x509, security_policies where policytype='deny' and keystring1=dn and keystring2=ca and (security_policies.accessgroup=access_groups.accessgroup or (access_groups.accessgroup=security_policies.accessgroup or access_groups.accessgroup like concat(security_policies.accessgroup,'/%'))) and tablename='accessors_x509';"; ! } if ( ! so->sqlExec("access_groups or accessors_x509") ) { File->remove(); *************** *** 1579,1583 **** return true; } ! so->Sql = "select dn, ca, access_groups.accessgroup from access_groups, accessors_x509, security_policies where policytype='deny' and security_policies.accessgroup=access_groups.accessgroup and keystring1=dn and keystring2=ca and tablename='accessors_x509' order by dn, ca;"; if ( ! so->sqlExec("access_groups, security_policies or accessors_x509") ) { File2->close(); --- 1599,1608 ---- return true; } ! if ( so->DbVendor == "QPSQL7" ){ // PostgreSQL and those who use || for concatenation ! so->Sql = "select dn, ca, access_groups.accessgroup from access_groups, accessors_x509, security_policies where policytype='deny' and keystring1=dn and keystring2=ca and (security_policies.accessgroup=access_groups.accessgroup or (access_groups.accessgroup=security_policies.accessgroup or access_groups.accessgroup like (security_policies.accessgroup||'/%'))) and tablename='accessors_x509' order by dn, ca;"; ! } ! else { // MySQL and those who use concat() for concatenation ! so->Sql = "select dn, ca, access_groups.accessgroup from access_groups, accessors_x509, security_policies where policytype='deny' and keystring1=dn and keystring2=ca and (security_policies.accessgroup=access_groups.accessgroup or (access_groups.accessgroup=security_policies.accessgroup or access_groups.accessgroup like concat(security_policies.accessgroup,'/%'))) and tablename='accessors_x509' order by dn, ca;"; ! } if ( ! so->sqlExec("access_groups, security_policies or accessors_x509") ) { File2->close(); *************** *** 3828,3837 **** */ ! bool SPMMainForm::changeAllAccChainJumps( const QString & Range, bool Add ) { bool Deny; ! QString AR, S, Acc; ! QString Action = Add ? "i1" : "d"; ! so->Sql = "select count(accessgroup) from access_groups, accessors_ip where range='" + Range + "' and range=keystring1 and tablename='accessors_ip';"; if ( ! so->sqlExec("accessors_ip or access_groups") ) { return false; --- 3853,3860 ---- */ ! bool SPMMainForm::changeAllAccChainJumps( const QString & NewRange, const QString & OldRange, const QString & NewAR, const QString & OldAR, const QString & NewPEP, const QString & OldPEP ) { bool Deny; ! so->Sql = "select count(accessgroup) from access_groups, accessors_ip where range='" + NewRange + "' and range=keystring1 and tablename='accessors_ip';"; if ( ! so->sqlExec("accessors_ip or access_groups") ) { return false; *************** *** 3841,3864 **** return true; } ! so->Sql = "select accessgroup, actualrange, bestmatch, pep from access_groups, accessors_ip where range='" + Range + "' and range=keystring1 and tablename='accessors_ip';"; if ( ! so->sqlExec("accessors_ip or access_groups") ) { return false; } ! AR = so->SQEdit->value(1).toString(); // get the actualrange ! // Ascertain if there are any deny policies for this Access Group ! so->Sql = "select count(accessgroup) from security_policies where accessgroup='" + so->SQEdit->value(0).toString() + "' and policytype='deny';"; ! if ( ! so->sqlExec2("security_policies") ) { ! return false; ! } ! so->SQEdit2->next(); ! Deny = ( so->SQEdit2->value(0).toInt() > 0 ); // Remember if there are any deny policies for this Access Group ! while( ! AR.isEmpty() ){ // Make the needed firewall changes ! Acc = AR.left(AR.find(";")); ! AR = AR.remove(0, AR.find(";") + 1 ); ! S = so->SQEdit->value(3).toString() + ";a;" + Action + ";" + so->SQEdit->value(0).toString() + "|" + Acc + "|"; ! so->FWChanges << S; ! if (Deny) { ! so->FWChanges << S + "d"; } } return true; --- 3864,3881 ---- return true; } ! so->Sql = "select accessgroup from access_groups where keystring1='" + NewRange + "' and tablename='accessors_ip';"; if ( ! so->sqlExec("accessors_ip or access_groups") ) { return false; } ! while (so->SQEdit->next()) { ! // Ascertain if there are any deny policies for this Access Group ! so->Sql = "select count(accessgroup) from security_policies where policytype='deny' and (" + buildAncestorWhere(so->SQEdit->value(0).toString(), "accessgroup") + ");"; ! if ( ! so->sqlExec2("security_policies") ) { ! return false; } + so->SQEdit2->next(); + Deny = ( so->SQEdit2->value(0).toInt() > 0 ); // Remember if there are any deny policies for this Access Group + actualRangeFWChanges( OldPEP, ";a;d;", so->SQEdit->value(0).toString(), OldAR, Deny ); + actualRangeFWChanges( NewPEP, ";a;i1;", so->SQEdit->value(0).toString(), NewAR, Deny ); } return true; *************** *** 3900,3906 **** bool Breaker2, Continued; // control for the inmost while loop iterating over the Access Group SQL cursor bool Success = true; // controls the do while loop to allow retry of failed deletions - bool Deny; int BM, Choice; // remembers if this Accessor uses BestMatch ! QString S, AR, Range, TableName, Accessor, Where; // holds the Accessor name as found in AccListView QTable * AccTable; QListViewItem * LVI; --- 3917,3922 ---- bool Breaker2, Continued; // control for the inmost while loop iterating over the Access Group SQL cursor bool Success = true; // controls the do while loop to allow retry of failed deletions int BM, Choice; // remembers if this Accessor uses BestMatch ! QString S, AR, TableName, Accessor, Where; // holds the Accessor name as found in AccListView QTable * AccTable; QListViewItem * LVI; *************** *** 4012,4016 **** AR = so->SQEdit->value(1).toString(); // get the actualrange // Ascertain if there are any deny policies for this Access Group ! so->Sql = "select count(accessgroup) from security_policies where accessgroup='" + so->SQEdit->value(0).toString() + "' and policytype='deny';"; if ( ! so->sqlExec2("security_policies") ) { Choice = multiErrResultsTrans(showMultiErrMsg(tr("Could not obtain the list of\nAccess Groups to which this Accessor belongs."))); --- 4028,4032 ---- AR = so->SQEdit->value(1).toString(); // get the actualrange // Ascertain if there are any deny policies for this Access Group ! so->Sql = "select count(accessgroup) from security_policies where policytype='deny' and (" + buildAncestorWhere(so->SQEdit->value(0).toString(), "accessgroup") + ");"; if ( ! so->sqlExec2("security_policies") ) { Choice = multiErrResultsTrans(showMultiErrMsg(tr("Could not obtain the list of\nAccess Groups to which this Accessor belongs."))); *************** *** 4027,4040 **** } so->SQEdit2->next(); ! Deny = ( so->SQEdit2->value(0).toInt() > 0 ); // Remember if there are any deny policies for this Access Group ! while( ! AR.isEmpty() ){ // Make the needed firewall changes ! Range = AR.left(AR.find(";")); ! AR = AR.remove(0, AR.find(";") + 1 ); ! S = so->SQEdit->value(3).toString() + ";a;d;" + so->SQEdit->value(0).toString() + "|" + Range + "|"; ! so->FWChanges << S; ! if (Deny) { ! so->FWChanges << S + "d"; ! } ! } } } // end of loop through Access Group cursor --- 4043,4048 ---- } so->SQEdit2->next(); ! // Make the firewall rule changes ! actualRangeFWChanges(so->SQEdit->value(3).toString(), ";a;d;", so->SQEdit->value(0).toString(), AR, ( so->SQEdit2->value(0).toInt() > 0 ) ); } } // end of loop through Access Group cursor *************** *** 4450,4453 **** --- 4458,4462 ---- QValueList<int> Rows; QStringList SubRangeAdds, SubRangeDels, SuperRangeAdds, SuperRangeDels, NewRows; + QStringList::iterator it; for ( int i = 0; i < IPAccTable->numRows(); i++ ) { *************** *** 4462,4475 **** so->MultiSelect = ( Rows.count() > 1 ); if ( so->MultiSelect ) { ! IPAccForm->CancelAllPushButton->setEnabled(true); ! IPAccForm->CancelRestPushButton->setEnabled(true); ! // IPAccForm->CancelAllPushButton->show(); ! // IPAccForm->CancelRestPushButton->show(); } else { ! IPAccForm->CancelAllPushButton->setEnabled(false); ! IPAccForm->CancelRestPushButton->setEnabled(false); ! // IPAccForm->CancelAllPushButton->hide(); ! // IPAccForm->CancelRestPushButton->hide(); } if ( ! so->DbEdit->transaction() ) { --- 4471,4484 ---- so->MultiSelect = ( Rows.count() > 1 ); if ( so->MultiSelect ) { ! IPAccForm->OkPushButton->hide(); ! IPAccForm->CancelPushButton->hide(); ! IPAccForm->OkPushButton->show(); ! IPAccForm->CancelPushButton->show(); // We need to do this to compensate for a problem with Qt placing the newly shown QPushButtons in front of the already showing QPushButtons ! IPAccForm->CancelAllPushButton->show(); ! IPAccForm->CancelRestPushButton->show(); } else { ! IPAccForm->CancelAllPushButton->hide(); ! IPAccForm->CancelRestPushButton->hide(); } if ( ! so->DbEdit->transaction() ) { *************** *** 4614,4617 **** --- 4623,4665 ---- } } + // find the protecting PEP + Low = NewRange.left(NewRange.find("-")); + High = NewRange.mid(NewRange.find("-") + 1); + NewPEP = findAccPEP(Low, High); + if ( NewPEP.isEmpty() ) { + Choice = multiErrResultsTrans(showMultiErrMsg(tr("Could not find the protecting PEP for %1").arg(NewRange)) ); + if ( Choice == 3 || Choice == -1 ) { // Cancel All or Error + Rows.clear(); + return; + } + if ( Choice == 2 ) { // Cancel Rest + Rows.remove(Row); + while( rit != Rows.end() ){ + Row = *rit; + ++rit; + Rows.remove(Row); + } + break; + } + if ( Choice == 1 ) { //Retry + --rit; + continue; + } + if ( Choice == 0 ) { // Cancel this one + Rows.remove(Row); + continue; + } + } + if ( NewPEP == "ALL" ) { + Choice = QMessageBox::information(this, tr("SPM - Unprotected Accessor"), tr("%1 address is not on any\nprotected network, i.e., it is not behind a PEP.\nIf that is not what you intended,\nplease retry and choose a different IP address\nor Cancel, go to the PEP tab and\ncreate the protected network first.").arg(NewRange), QMessageBox::Ok | QMessageBox::Default, QMessageBox::Retry, QMessageBox::Cancel); + if ( Choice == QMessageBox::Retry ) { + --rit; + continue; + } + if ( Choice == QMessageBox::Cancel ) { + Rows.remove(Row); + continue; + } + } // We check for a toggle of BM from enabled to disabled first because we need the old data to properly handle that change *************** *** 4626,4637 **** if ( NewRange != OldRange ) { - Low = NewRange.left(NewRange.find("-")); - High = NewRange.mid(NewRange.find("-") + 1); - NewPEP = findAccPEP(Low, High); - if ( NewPEP.isEmpty() ) { - QMessageBox::warning(this, tr("SPM - Failed IP Accessor Edit"), tr("Could not find the protecting PEP for %1\nAll edits will be backed out").arg(NewRange) ); - multiErrResultsTrans(3); - return; - } // find the new set of Super and Sub Ranges if ( ! SubRangeForm->findSuperSubRanges(NewRange, "accessors_ip", " and range!='" + OldRange + "'") ) { --- 4674,4677 ---- *************** *** 4652,4656 **** return; } ! if (OldBM) { // We do not need to concern ourselves with the SuperRanges unless BestMatch was enabled if ( ! SubRangeForm->calcSuperRangeDiffs(OldRange, SuperRangeAdds, SuperRangeDels, "best_match_acc_ip") ) { QMessageBox::warning(this, tr("SPM - Failed IP Accessor Edit"), tr("Could not process the Sub and\nSuper Ranges for %1\nAll edits will be backed out").arg(OldRange) ); --- 4692,4696 ---- return; } ! if (OldBM && NewBM) { // We do not need to concern ourselves with the SuperRanges unless BestMatch was and is enabled if ( ! SubRangeForm->calcSuperRangeDiffs(OldRange, SuperRangeAdds, SuperRangeDels, "best_match_acc_ip") ) { QMessageBox::warning(this, tr("SPM - Failed IP Accessor Edit"), tr("Could not process the Sub and\nSuper Ranges for %1\nAll edits will be backed out").arg(OldRange) ); *************** *** 4661,4665 **** // Adjust any Sub or Super Ranges for the edited Range ! for ( QStringList::iterator it = SubRangeDels.begin(); it != SubRangeDels.end(); ++it ) { so->Sql = "delete from best_match_acc_ip where superrange='" + OldRange + "' and subrange='" + *it + "';"; if ( ! so->sqlExec("best_match_acc_ip") ) { --- 4701,4705 ---- // Adjust any Sub or Super Ranges for the edited Range ! for ( it = SubRangeDels.begin(); it != SubRangeDels.end(); ++it ) { so->Sql = "delete from best_match_acc_ip where superrange='" + OldRange + "' and subrange='" + *it + "';"; if ( ! so->sqlExec("best_match_acc_ip") ) { *************** *** 4670,4675 **** so->TransChanges << so->Sql; } ! if (OldBM) { // We do not need to concern ourselves with the SuperRanges unless BestMatch was enabled ! for ( QStringList::iterator it = SuperRangeDels.begin(); it != SuperRangeDels.end(); ++it ) { so->Sql = "delete from best_match_acc_ip where subrange='" + OldRange + "' and superrange='" + *it + "';"; if ( ! so->sqlExec("best_match_acc_ip") ) { --- 4710,4715 ---- so->TransChanges << so->Sql; } ! if (OldBM && NewBM) { // We do not need to concern ourselves with the SuperRanges unless BestMatch was enabled and is still enabled ! for ( it = SuperRangeDels.begin(); it != SuperRangeDels.end(); ++it ) { so->Sql = "delete from best_match_acc_ip where subrange='" + OldRange + "' and superrange='" + *it + "';"; if ( ! so->sqlExec("best_match_acc_ip") ) { *************** *** 4680,4684 **** so->TransChanges << so->Sql; } ! for ( QStringList::iterator it = SuperRangeAdds.begin(); it != SuperRangeAdds.end(); ++it ) { so->Sql = "insert into best_match_acc_ip (subrange, superrange) values ('"+ NewRange + "', '" + *it + "');"; if ( ! so->sqlExec("best_match_acc_ip") ) { --- 4720,4724 ---- so->TransChanges << so->Sql; } ! for ( it = SuperRangeAdds.begin(); it != SuperRangeAdds.end(); ++it ) { so->Sql = "insert into best_match_acc_ip (subrange, superrange) values ('"+ NewRange + "', '" + *it + "');"; if ( ! so->sqlExec("best_match_acc_ip") ) { *************** *** 4690,4694 **** } } ! for ( QStringList::iterator it = SubRangeAdds.begin(); it != SubRangeAdds.end(); ++it ) { so->Sql = "insert into best_match_acc_ip (superrange, subrange) values ('"+ NewRange + "', '" + *it + "');"; if ( ! so->sqlExec("best_match_acc_ip") ) { --- 4730,4734 ---- } } ! for ( it = SubRangeAdds.begin(); it != SubRangeAdds.end(); ++it ) { so->Sql = "insert into best_match_acc_ip (superrange, subrange) values ('"+ NewRange + "', '" + *it + "');"; if ( ! so->sqlExec("best_match_acc_ip") ) { *************** *** 4705,4713 **** Update += ", pep='" + NewPEP + "'"; Where += " and pep='" + OldPEP + "'"; - if ( ! changeAllAccChainJumps(OldRange, false) ) { // since we are changing PEPs, we must delete all the old rules off the old PEP - QMessageBox::warning(this, tr("SPM - Failed IP Accessor Edit"), tr("Could not remove firewall rules for %1\nAll edits will be backed out").arg(OldRange) ); - multiErrResultsTrans(3); - return; - } } if ( OldCBM != NewCBM ) { --- 4745,4748 ---- *************** *** 4789,4793 **** } else { // we have changed PEPs so we need to add all the jumps to the new PEP (we deleted the old ones earlier) ! if ( ! changeAllAccChainJumps(NewRange, true) ) { QMessageBox::warning(this, tr("SPM - Failed IP Accessor Edit"), tr("Could not make firewall changes for %1\nAll edits will be backed out").arg(OldRange) ); multiErrResultsTrans(3); --- 4824,4828 ---- } else { // we have changed PEPs so we need to add all the jumps to the new PEP (we deleted the old ones earlier) ! if ( ! changeAllAccChainJumps(NewRange, OldRange, NewAR, OldAR, NewPEP, OldPEP) ) { QMessageBox::warning(this, tr("SPM - Failed IP Accessor Edit"), tr("Could not make firewall changes for %1\nAll edits will be backed out").arg(OldRange) ); multiErrResultsTrans(3); *************** *** 4804,4810 **** // Now we need to address any affected Super or Sub Ranges ! if ( OldBM == 1 && OldBM == NewBM ) { // i.e., this was and still is a Best Match enabled Accessor QStringList HoldSubs, HoldSupers; ! for (QStringList::iterator it = SubRangeAdds.begin(); it != SubRangeAdds.end(); ++it) { // Remove all entries for this SubRange since it is now subsumed in the new range so->Sql = "select count(subrange) from best_match_acc_ip where subrange='" + *it + "';"; --- 4839,4845 ---- // Now we need to address any affected Super or Sub Ranges ! if ( OldBM && NewBM ) { // i.e., this was and still is a Best Match enabled Accessor QStringList HoldSubs, HoldSupers; ! for (it = SubRangeAdds.begin(); it != SubRangeAdds.end(); ++it) { // Remove all entries for this SubRange since it is now subsumed in the new range so->Sql = "select count(subrange) from best_match_acc_ip where subrange='" + *it + "';"; *************** *** 4835,4839 **** HoldSubs = so->SubRanges; HoldSupers = so->SuperRanges; ! for (QStringList::iterator it = SubRangeDels.begin(); it != SubRangeDels.end(); ++it) { if ( ! ( SubRangeForm->findSuperRanges(*it, "accessors_ip") && SubRangeForm->cullSuperRangeList("best_match_acc_ip") ) ) { QMessageBox::warning(this, tr("SPM - Failed IP Accessor Edit"), tr("Could not fix the affected SuperRanges\nfor %1\nAll edits will be backed out").arg(OldRange) ); --- 4870,4874 ---- HoldSubs = so->SubRanges; HoldSupers = so->SuperRanges; ! for (it = SubRangeDels.begin(); it != SubRangeDels.end(); ++it) { if ( ! ( SubRangeForm->findSuperRanges(*it, "accessors_ip") && SubRangeForm->cullSuperRangeList("best_match_acc_ip") ) ) { QMessageBox::warning(this, tr("SPM - Failed IP Accessor Edit"), tr("Could not fix the affected SuperRanges\nfor %1\nAll edits will be backed out").arg(OldRange) ); *************** *** 4853,4894 **** so->SubRanges = HoldSubs; so->SuperRanges = HoldSupers; ! for (QStringList::iterator it = so->SuperRanges.begin(); it != so->SuperRanges.end(); ++it) { ! so->Sql = "select actualrange, containsbestmatch from accessors_ip where range='" + *it + "';"; ! if ( ! so->sqlExec("accessors_ip") ) { ! QMessageBox::warning(this, tr("SPM - Failed IP Accessor Edit"), tr("Could not fix the affected SuperRanges\nfor %1\nAll edits will be backed out").arg(OldRange) ); ! multiErrResultsTrans(3); ! return; ! } ! so->SQEdit->next(); ! OldAR = so->SQEdit->value(0).toString(); ! OldCBM = so->SQEdit->value(1).toInt(); ! if ( ! ( SubRangeForm->redoActualRange(*it, NewAR, "best_match_acc_ip") && SubRangeForm->accActualRangeFWChanges(*it, NewAR) ) ) { QMessageBox::warning(this, tr("SPM - Failed IP Accessor Edit"), tr("Could not fix the affected SuperRanges\nfor %1\nAll edits will be backed out").arg(OldRange) ); multiErrResultsTrans(3); return; } ! Where = ""; ! if ( NewAR != OldAR ) { ! Update = "actualrange='" + NewAR + "'"; ! Where = "actualrange='" + OldAR + "'"; ! } ! if ( NewCBM != OldCBM ) { ! so->addDbComma(Update); ! Update += "containsbestmatch=" + QString::number(NewCBM); ! if ( ! Where.isEmpty() ) { ! Where += " and "; ! } ! Where += "containsbestmatch=" + QString::number(OldCBM); ! } ! if (Where.isEmpty()) { ! continue; ! } ! so->Sql = "update accessors_ip set " + Update + " where range='" + *it + "' and " + Where + ";"; ! if ( ! so->sqlExec("accessors_ip") ) { QMessageBox::warning(this, tr("SPM - Failed IP Accessor Edit"), tr("Could not fix the affected SuperRanges\nfor %1\nAll edits will be backed out").arg(OldRange) ); multiErrResultsTrans(3); return; } - so->TransChanges << so->Sql; } --- 4888,4905 ---- so->SubRanges = HoldSubs; so->SuperRanges = HoldSupers; ! for (it = so->SuperRanges.begin(); it != so->SuperRanges.end(); ++it) { ! if ( ! redoSuperRangeActualRange(*it) ) { QMessageBox::warning(this, tr("SPM - Failed IP Accessor Edit"), tr("Could not fix the affected SuperRanges\nfor %1\nAll edits will be backed out").arg(OldRange) ); multiErrResultsTrans(3); return; } ! } ! // We must not forget about the SuperRanges which are no longer SuperRanges as they are not included in the SuperRange list cycled through in the previous loop ! for (it = SuperRangeDels.begin(); it != SuperRangeDels.end(); ++it) { ! if ( ! redoSuperRangeActualRange(*it) ) { QMessageBox::warning(this, tr("SPM - Failed IP Accessor Edit"), tr("Could not fix the affected SuperRanges\nfor %1\nAll edits will be backed out").arg(OldRange) ); multiErrResultsTrans(3); return; } } *************** *** 4898,4902 **** if ( OldBM == 0 && NewBM == 1 ) { // toggled BestMatch from disabled to enabled ! if ( ! ( SubRangeForm->prepLists(OldRange, "best_match_acc_ip") && SubRangeForm->enableBM(NewRange, "accessors_ip", "best_match_acc_ip") ) ) { QMessageBox::warning(this, tr("SPM - Failed IP Accessor Edit"), tr("Could not change Best Match setting for %1\nAll edits will be backed out").arg(OldRange) ); multiErrResultsTrans(3); --- 4909,4913 ---- if ( OldBM == 0 && NewBM == 1 ) { // toggled BestMatch from disabled to enabled ! if ( ! ( SubRangeForm->prepLists(NewRange, "best_match_acc_ip") && SubRangeForm->enableBM(NewRange, "accessors_ip", "best_match_acc_ip") ) ) { QMessageBox::warning(this, tr("SPM - Failed IP Accessor Edit"), tr("Could not change Best Match setting for %1\nAll edits will be backed out").arg(OldRange) ); multiErrResultsTrans(3); *************** *** 4943,4947 **** // Change AGListView and IPAccTable rit = Rows.begin(); ! QStringList::iterator it = NewRows.begin(); while( rit != Rows.end() ){ OldRange = IPAccTable->text(*rit, 0) + "-" + IPAccTable->text(*rit, 1); --- 4954,4958 ---- // Change AGListView and IPAccTable rit = Rows.begin(); ! it = NewRows.begin(); while( rit != Rows.end() ){ OldRange = IPAccTable->text(*rit, 0) + "-" + IPAccTable->text(*rit, 1); *************** *** 6044,6055 **** unsigned long int LowBinary, HighBinary; QCheckListItem * CLI; - // QSqlField SQF1(QString::null, QVariant::UInt), SQF2(QString::null, QVariant::UInt); AccTabWidget->setCurrentPage(0); clearIPAccForm(); ! IPAccForm->CancelAllPushButton->setEnabled(false); ! IPAccForm->CancelRestPushButton->setEnabled(false); ! // IPAccForm->CancelAllPushButton->hide(); ! // IPAccForm->CancelRestPushButton->hide(); do { --- 6055,6063 ---- unsigned long int LowBinary, HighBinary; QCheckListItem * CLI; AccTabWidget->setCurrentPage(0); clearIPAccForm(); ! IPAccForm->CancelAllPushButton->hide(); ! IPAccForm->CancelRestPushButton->hide(); do { *************** *** 6453,6456 **** --- 6461,6503 ---- remAccFromAG(LVIList); } + } + //====================================================== + + bool SPMMainForm::redoSuperRangeActualRange( const QString & SR ) + { + QString OldAR, NewAR, Where, Update; + int OldCBM, NewCBM; + so->Sql = "select actualrange, containsbestmatch from accessors_ip where range='" + SR + "';"; + if ( ! so->sqlExec("accessors_ip") ) { + return false; + } + so->SQEdit->next(); + OldAR = so->SQEdit->value(0).toString(); + OldCBM = so->SQEdit->value(1).toInt(); + if ( ! ( SubRangeForm->redoActualRange(SR, NewAR, "best_match_acc_ip") && SubRangeForm->accActualRangeFWChanges(SR, NewAR) ) ) { + return false; + } + Where = ""; + if ( NewAR != OldAR ) { + Update = "actualrange='" + NewAR + "'"; + Where = "actualrange='" + OldAR + "'"; + } + if ( NewCBM != OldCBM ) { + so->addDbComma(Update); + Update += "containsbestmatch=" + QString::number(NewCBM); + if ( ! Where.isEmpty() ) { + Where += " and "; + } + Where += "containsbestmatch=" + QString::number(OldCBM); + } + if (Where.isEmpty()) { + return true; + } + so->Sql = "update accessors_ip set " + Update + " where range='" + SR + "' and " + Where + ";"; + if ( ! so->sqlExec("accessors_ip") ) { + return false; + } + so->TransChanges << so->Sql; // This function is always within a transaction opened in a previous function + return true; } //====================================================== Index: spmmainform.h =================================================================== RCS file: /cvsroot/iscs/ISCS/spm/src/spmmainform.h,v retrieving revision 1.42 retrieving revision 1.43 diff -C2 -d -r1.42 -r1.43 *** spmmainform.h 23 Nov 2003 10:05:34 -0000 1.42 --- spmmainform.h 25 Nov 2003 01:35:24 -0000 1.43 *************** *** 122,125 **** --- 122,126 ---- virtual void clearQTable( QTable * t ); virtual QString absLVName( QListViewItem * Item ); + virtual void actualRangeFWChanges( const QString & PEP, const QString & TypeAction, const QString & AG, const QString & ActualRange, bool Deny ); virtual void addAcc2AG( const QStringList & Accs, const QPtrList<QListViewItem> & AGs ); virtual bool addFile2TStream(QString AbsPathName); *************** *** 132,136 **** virtual void cancelNewIPAcc(); virtual void cancelNewX509Acc(); ! virtual bool changeAllAccChainJumps( const QString & Range, bool Add ); virtual void clearLVIChildren( QListViewItem * LVI ); virtual bool createDNList(); --- 133,137 ---- virtual void cancelNewIPAcc(); virtual void cancelNewX509Acc(); ! virtual bool changeAllAccChainJumps( const QString & NewRange, const QString & OldRange, const QString & NewAR, const QString & OldAR, const QString & NewPEP, const QString & OldPEP ); virtual void clearLVIChildren( QListViewItem * LVI ); virtual bool createDNList(); *************** *** 167,170 **** --- 168,172 ---- virtual bool openWriteOverLocalFile(QFile * F); virtual bool prepAGDialog(); + virtual bool redoSuperRangeActualRange( const QString & SR ); virtual void refreshX509AccFormCCombo(); virtual void remAccFromAG( QPtrList<QListViewItem> & Accs ); Index: subrangeoptions.cpp =================================================================== RCS file: /cvsroot/iscs/ISCS/spm/src/subrangeoptions.cpp,v retrieving revision 1.16 retrieving revision 1.17 diff -C2 -d -r1.16 -r1.17 *** subrangeoptions.cpp 22 Nov 2003 07:29:36 -0000 1.16 --- subrangeoptions.cpp 25 Nov 2003 01:35:24 -0000 1.17 *************** *** 259,264 **** // record the changes for ( itAG = AGs.begin(); itAG != AGs.end(); ++itAG ) { ! so->Sql = "select count(accessgroup) from security_policies where accessgroup='" + *itAG + "' and policytype='deny';"; ! if ( ! so->sqlExec("security_policies") ) { return false; } --- 259,269 ---- // record the changes for ( itAG = AGs.begin(); itAG != AGs.end(); ++itAG ) { ! if ( so->DbVendor == "QPSQL7" ){ // PostgreSQL and those who use || for concatenation ! so->Sql = "select count(access_groups.accessgroup) from access_groups, security_policies where policytype='deny' and (access_groups.accessgroup=security_policies.accessgroup or access_groups.accessgroup like (security_policies.accessgroup||'/%'));"; ! } ! else { // MySQL and those who use concat() for concatenation ! so->Sql = "select count(access_groups.accessgroup) from access_groups, security_policies where policytype='deny' and (access_groups.accessgroup=security_policies.accessgroup or access_groups.accessgroup like concat(security_policies.accessgroup,'/%'));"; ! } ! if ( ! so->sqlExec("access_groups or security_policies") ) { return false; } *************** *** 780,784 **** Low = so->dotDec2Bin( Range.left(dash) ); High = so->dotDec2Bin( Range.mid(dash + 1) ); - so->SubRanges.clear(); so->SuperRanges.clear(); --- 785,788 ---- |