alterator-ports-access-0.0.3/ 0000755 0000000 0000000 00000000000 12030010152 0016071 5 ustar 00root root 0000000 0000000 alterator-ports-access-0.0.3/Makefile 0000644 0000000 0000000 00000000712 12030010152 0017531 0 ustar 00root root 0000000 0000000 NAME=ports-access
DESCRIPTION="Control access to ports"
all:
clean: clean-po
install: install-module
include /usr/share/alterator/build/module.mak
install: install-tools
install-tools:
$(INSTALL) -Dpm 755 alterator-ports-access $(bindir)/alterator-ports-access
$(INSTALL) -Dpm 755 rc.serial $(sysconfdir)/rc.d/rc.serial
$(INSTALL) -d $(RPM_BUILD_ROOT)/lib/udev/
$(INSTALL) -Dpm 755 udev-test-helper $(RPM_BUILD_ROOT)/lib/udev/alterator-ports-access
alterator-ports-access-0.0.3/alterator-ports-access 0000755 0000000 0000000 00000013223 12030010152 0022421 0 ustar 00root root 0000000 0000000 #!/bin/sh
# This file is covered by the GNU General Public License.
# Copyright (C) 2012 Andrew V. Stepanov
# Set serial ports access settigs
# This file is part of alterator-ports-access package
# Turn on libshell verbose mode
verbose=1
# Require libshell
. shell-error
. shell-quote
. shell-config
. shell-var
# Config file
readonly CONFIG="/etc/alterator-ports-access.conf"
readonly USB_UDEV_RULE="/etc/udev/rules.d/40-alterator-ports-access.rules"
# Don't control serial ports
serial_control_off() {
# Read present serial ports in system
local ports=( $(udevadm info --path=/devices/platform/serial8250 --export-db --export | sed -n -e '/DEVPATH.*ttyS/ { /serial8250/d; s/^.*\///p }') )
# Enable all serial ports
for port in "${ports[@]}"; do
verbose "Enable $port"
setserial "/dev/$port" "uart" "16550A"
done
}
# Apply rules for serial ports
serial_control_on() {
# Include config file
(
. "$CONFIG"
rule=""
for port in "${SERIAL_ENABLED[@]}"; do
verbose "Enable port $port"
setserial "/dev/$port" "uart" "16550A"
done
for port in "${SERIAL_DISABLED[@]}"; do
verbose "Disable port $port"
setserial "/dev/$port" "uart" "none"
done
)
}
# Turn off USB control
usb_control_off() {
cat << 'EOF' > "$USB_UDEV_RULE"
# This file is covered by the GNU General Public License,
# Copyright (C) 2012 Andrew V. Stepanov
# Part of alterator-ports-access
# Do not edit manually
# For more information see kernel/Documentation/usb/authorization.txt
ACTION!="add|change", GOTO="ctrl_end"
SUBSYSTEM!="usb", GOTO="ctrl_end"
ATTR{authorized_default}=="?*", ATTR{authorized_default}="1"
ATTR{authorized}=="?*", ATTR{authorized}="1"
LABEL="ctrl_end"
EOF
}
# Turn on USB control
usb_control_on() {
tmpcfg="$(mktemp --tmpdir "alterator.XXXXXXX")"
cat << 'EOF' > "$tmpcfg"
# This file is covered by the GNU General Public License,
# Copyright (C) 2012 Andrew V. Stepanov
# Part of alterator-ports-access
# Do not edit manually
# For more information see kernel/Documentation/usb/authorization.txt
ACTION!="add|change", GOTO="ctrl_end"
SUBSYSTEM!="usb", GOTO="ctrl_end"
# Always authorize USB hubs
ATTR{authorized}=="?*", ATTR{bDeviceClass}=="09", ATTR{authorized}="1", GOTO="ctrl_end"
EOF
# Include config file
(
. "$CONFIG"
for i in "${USB_WHITE_LIST[@]}"; do
rule="ATTR{authorized}==\"?*\", "
add=
vendor="$(echo "$i" | cut -d ';' -f1)"
prodid="$(echo "$i" | cut -d ';' -f2)"
serial="$(echo "$i" | cut -d ';' -f3)"
if [ -n "$vendor" ]; then
vendor="$(quote_shell "$vendor")"
rule="$rule ATTR{idVendor}==\"$vendor\","
add="yes"
fi
if [ -n "$prodid" ]; then
prodid="$(quote_shell "$prodid")"
rule="$rule ATTR{idProduct}==\"$prodid\","
add="yes"
fi
if [ -n "$serial" ]; then
serial="$(quote_shell "$serial")"
rule="$rule ATTR{serial}==\"$serial\","
add="yes"
fi
rule="$rule ATTR{authorized}=\"1\", GOTO=\"ctrl_end\""
if shell_var_is_yes "$add"; then
echo "$rule" >> "$tmpcfg"
fi
done
# HID
if shell_var_is_yes "$USB_ALLOW_HID"; then
cat << 'EOF' >> "$tmpcfg"
# Un block device. Necessary step. Suppose device is already deactivated, so we need to look up his properties.
ATTR{authorized}=="?*", ATTR{authorized}="1"
# Allow HID
ATTR{authorized}=="?*", PROGRAM="alterator-ports-access", ATTR{authorized}="1", GOTO="ctrl_end"
EOF
fi
)
cat << 'EOF' >> "$tmpcfg"
# Block all other USB devices
ATTR{authorized}=="?*", ATTR{authorized}="0"
LABEL="ctrl_end"
EOF
if [ -f "$USB_UDEV_RULE" ]; then
rm -f "$USB_UDEV_RULE"
fi
mv -f "$tmpcfg" "$USB_UDEV_RULE"
}
# ENTRY POINT
# http://wiki.bash-hackers.org/howto/getopts_tutorial
while getopts ":seuh" opt; do
case $opt in
u)
verbose "Update USB ports configuration"
USB="yes"
;;
s)
verbose "Update serial ports configuration"
SERIAL="yes"
;;
e)
verbose "Disable USB control, enable all USB devices"
USB_CTRL_OFF="yes"
;;
h)
verbose "Use: $PROG [-s] [-u] [-e]"
verbose "-s update serial ports status"
verbose "-e disable USB control without touch config, enable all USB devices"
verbose "-u update USB ports status"
verbose "Config file: $CONFIG"
exit
;;
\?)
fatal "Invalid option: -$OPTARG"
;;
esac
done
# Test correct invocation
if [ -z "$USB" -a -z "$SERIAL" -a -z "$USB_CTRL_OFF" ]; then
message "Use: $PROG -h for help."
exit
fi
# Config file exist
if ! [ -f "$CONFIG" -a -r "$CONFIG" ]; then
fatal "Can't find configuration file $CONFIG"
fi
# Include config file
. "$CONFIG"
# Configure USB ports
if shell_var_is_yes "$USB"; then
verbose "Configure USB ports"
if shell_var_is_yes "$USB_CONTROL"; then
verbose "USB control is on"
usb_control_on
else
verbose "USB control is off"
usb_control_off
fi
# Apply new udev rules
verbose "Apply authorized_default"
udevadm trigger --verbose --subsystem-match="usb" --attr-match="authorized_default"
verbose "Apply authorized"
udevadm trigger --verbose --subsystem-match="usb" --attr-match="authorized"
fi
# Configure serial ports
if shell_var_is_yes "$SERIAL"; then
verbose "Configure serial ports"
if shell_var_is_yes "$SERIAL_CONTROL"; then
verbose "Serial control is on"
serial_control_on
else
verbose "Serial control is off"
serial_control_off
fi
fi
if shell_var_is_yes "$USB_CTRL_OFF"; then
for i in $(find /sys -name authorized); do
[ -n "${e##*usb*}" ] && continue
echo 1 > "$i"
done
fi
# vim: autoindent tabstop=2 shiftwidth=2 expandtab softtabstop=2 filetype=sh
alterator-ports-access-0.0.3/applications/ 0000755 0000000 0000000 00000000000 12030010152 0020557 5 ustar 00root root 0000000 0000000 alterator-ports-access-0.0.3/applications/ports-access.desktop 0000644 0000000 0000000 00000000414 12030010152 0024557 0 ustar 00root root 0000000 0000000 [Desktop Entry]
Encoding=UTF-8
Type=Application
Categories=X-Alterator-System
Icon=sysinfo
Terminal=false
Name=Ports access control
X-Alterator-URI=/portsctrl
X-Alterator-Weight=20
X-Alterator-Help=ports-access
Name[ru]=Контроль доступа к портам
alterator-ports-access-0.0.3/backend3/ 0000755 0000000 0000000 00000000000 12030010152 0017543 5 ustar 00root root 0000000 0000000 alterator-ports-access-0.0.3/backend3/portsctrl 0000755 0000000 0000000 00000030265 12030010152 0021533 0 ustar 00root root 0000000 0000000 #!/bin/sh
# Turn of auto expansion
set -f
po_domain="alterator-ports-access"
alterator_api_version=1
. alterator-sh-functions
. shell-config
. shell-quote
. shell-var
# CONFIG
CONFIG="/etc/alterator-ports-access.conf"
# APPLY CHANGES
apply_changes() {
echo "[backend-portsctrl] apply_changes." 1>&2
alterator-ports-access -u -s
}
# LIST YES/NO
list_yes_no() {
write_enum_item "yes" "`_ 'Yes'`"
write_enum_item "no" "`_ 'No'`"
}
# LIST CONFIGURED SERIAL PORTS
list_serial() {
# Create subshell & include config file
(
if [ -f "$CONFIG" -a -r "$CONFIG" ]; then
. "$CONFIG"
fi
# Read present serial ports in system
local ports=( $(udevadm info --path=/devices/platform/serial8250 --export-db --export | sed -n -e '/DEVPATH.*ttyS/ { /serial8250/d; s/^.*\///p }') )
for port in "${ports[@]}"; do
printed=
for enabled in "${SERIAL_ENABLED[@]}"; do
if [ "$port" = "$enabled" ]; then
printf "(\"%s\" label_serial_port \"%s\" label_serial_enabled \"%s\")\n" "$port" "$port" "`_ 'Yes'`" >&3
printed="yes"
break
fi
done
for enabled in "${SERIAL_DISABLED[@]}"; do
if [ "$port" = "$enabled" -a -z "$printed" ]; then
printf "(\"%s\" label_serial_port \"%s\" label_serial_enabled \"%s\")\n" "$port" "$port" "`_ 'No'`" >&3
printed="yes"
break
fi
done
# Port not listed in config is enabled
if [ -z "$printed" ]; then
printf "(\"%s\" label_serial_port \"%s\" label_serial_enabled \"%s\")\n" "$port" "$port" "`_ 'Yes'`" >&3
fi
done
)
}
# LIST USB WHITE LIST
list_usb_rules() {
if ! [ -f "$CONFIG" -a -r "$CONFIG" ]; then
echo "[backend-portsctrl] whitelist empty, no config file ($CONFIG)" 1>&2
return
fi
# Create subshell & include config file
(
. "$CONFIG"
local j=0
local vendor= prodid= serial= info=
for i in "${USB_WHITE_LIST[@]}"; do
vendor="$(echo "$i" | cut -d ';' -f1)"
prodid="$(echo "$i" | cut -d ';' -f2)"
serial="$(echo "$i" | cut -d ';' -f3)"
info="$(echo "$i" | cut -d ';' -f4)"
printf "(\"%s\" label_usb_rule_number \"%s\" label_usb_vendor \"%s\" label_usb_prodid \"%s\" label_usb_serial \"%s\" label_usb_info \"%s\")\n" "$j" "$j" "$vendor" "$prodid" "$serial" "$info" >&3
j=$((j+1))
done
)
}
# LIST PRESENT USB DEVICES
list_prsnt_devices() {
# Force scan, temporary disable USB control
if shell_var_is_yes "$in_force"; then
echo "[backend-portsctrl] temporary disable USB control" 1>&2
alterator-ports-access -e
fi
for i in $(find /sys -name authorized); do
local dir="$(dirname "$i")"
local devclass="$(cat "$dir/bDeviceClass")"
# Ignore USB hubs
[ "$devclass" = "09" ] && continue
[ -z "$devclass" ] && continue
local idProduct="$(cat "$dir/idProduct")"
local idVendor="$(cat "$dir/idVendor")"
local serial="$(cat "$dir/serial" 2>/dev/null)"
[ -z "$devclass" ] && continue
[ -z "$idVendor" ] && continue
if [ -n "$serial" ]; then
serial_msg="$serial"
else
serial_msg="`_ 'None'`"
fi
local db="/usr/share/misc/usb.ids"
local manufacturer= product=
if [ -e "$db" ]; then
manufacturer="$(sed -n -e "/^$idVendor/ s/....[[:space:]]\+//p" "$db")"
product="$(sed -n -e "/^$idVendor/,/^[^[:space:]]/{ s/^[[:space:]]\+$idProduct[[:space:]]\+//p }" "$db")"
fi
[ -z "$manufacturer" ] && manufacturer="$(cat "$dir/manufacturer" 2>/dev/null)"
[ -z "$product" ] && product="$(cat "$dir/product" 2>/dev/null)"
[ -z "${manufacturer##*unauthorized*}" ] && continue
[ -z "${product##*unauthorized*}" ] && continue
printf "(\"%s\" label_prsnt_usb_vendor \"%s\" label_prsnt_usb_product \"%s\" label_prsnt_usb_idvendor \"%s\" label_prsnt_usb_idproduct \"%s\" label_prsnt_usb_serial \"%s\")\n" \
"$idVendor:$idProduct:$serial:$manufacturer $product" "$manufacturer" "$product" "$idVendor" "$idProduct" "$serial_msg" >&3
done
# Renew USB control
if shell_var_is_yes "$in_force"; then
echo "[backend-portsctrl] renew USB control" 1>&2
alterator-ports-access -u
fi
}
# READ SERIAL PORT STATUS
print_serial () {
if [ -z "$in_port" ]; then
write_error "Serial port name doesn't specified."
return 1
fi
# Check config file exists
if ! [ -f "$CONFIG" -a -r "$CONFIG" ]; then
write_string_param "label_serial_selected" "$in_port"
write_string_param "list_serial_enabled" "`_ 'Yes'`"
return
fi
# Create subshell & include config file
(
. "$CONFIG"
write_string_param "label_serial_selected" "$in_port"
for i in "${SERIAL_DISABLED[@]}"; do
if [ "$in_port" = "$i" ]; then
write_string_param "list_serial_enabled" "`_ 'No'`"
return
fi
done
write_string_param "list_serial_enabled" "`_ 'Yes'`"
)
}
# READ CONTROL STATUS FOR USB & SERIAL
print_status () {
# Check config file exists
if ! [ -f "$CONFIG" -a -r "$CONFIG" ]; then
write_bool_param "serial_ctrl_on" 0
write_bool_param "usb_ctrl_on" 0
return
fi
# Create subshell & include config file
(
. "$CONFIG"
if shell_var_is_yes "$SERIAL_CONTROL"; then
write_bool_param "serial_ctrl_on" 1
else
write_bool_param "serial_ctrl_on" 0
fi
if shell_var_is_yes "$USB_CONTROL"; then
write_bool_param "usb_ctrl_on" 1
else
write_bool_param "usb_ctrl_on" 0
fi
if shell_var_is_yes "$USB_ALLOW_HID"; then
write_bool_param "usb_hid" 1
else
write_bool_param "usb_hid" 0
fi
)
}
# CHECK CONFIG EVAILABLE
check_config () {
if ! [ -f "$CONFIG" -a -r "$CONFIG" ]; then
# Create config
if ! touch "$CONFIG"; then
write_error "Can't create config file: ($CONFIG)"
return 1
else
echo "[backend-portsctrl] new config file created ($CONFIG)" 1>&2
fi
fi
}
# TURN ON/OFF CONTROL
control_ports() {
# Check correct invocation
if [ -z "$in_proto" -o -z "$in_enabled" ]; then
write_error "Bad call."
return 1
fi
local status=
if [ "$in_enabled" = "#t" ]; then
status="yes"
else
status="no"
fi
# Check config file exists
check_config
# Update config
local proto="$(echo "$in_proto" | tr '[:lower:]' '[:upper:]')"
shell_config_set "$CONFIG" "${proto}_CONTROL" "\"$(quote_shell "$status")\""
# Apply changes
apply_changes
}
# NEW SERIAL PORT PARAMETERS
write_serial_options() {
# Check correct invocation
if [ -z "$in_port" -o -z "$in_enabled" ]; then
write_error "Bad call."
return 1
fi
# Check config file exists
check_config
# Create subshell & include config file
(
. "$CONFIG"
# Remove any occurrence
shell_config_set "$CONFIG" 'SERIAL_DISABLED' "($(for i in "${SERIAL_DISABLED[@]}"; do [ "$in_port" = "$i" ] && continue; echo -n "\"$(quote_shell "$i")\" "; done))"
shell_config_set "$CONFIG" 'SERIAL_ENABLED' "($(for i in "${SERIAL_ENABLED[@]}"; do [ "$in_port" = "$i" ] && continue; echo -n "\"$(quote_shell "$i")\" "; done))"
# Re-read config
. "$CONFIG"
# Add port to some list
if shell_var_is_yes "$in_enabled"; then
shell_config_set "$CONFIG" 'SERIAL_ENABLED' "($(for i in "${SERIAL_ENABLED[@]}" "$in_port"; do echo -n "\"$(quote_shell "$i")\" "; done))"
elif shell_var_is_no "$in_enabled"; then
shell_config_set "$CONFIG" 'SERIAL_DISABLED' "($(for i in "${SERIAL_DISABLED[@]}" "$in_port"; do echo -n "\"$(quote_shell "$i")\" "; done))"
fi
)
# Apply changes
apply_changes
}
# REMOVE ENTRY FROM WHITE LIST
usb_rm_rule() {
# Check correct invocation
if [ -z "$in_rule_num" ]; then
write_error "Bad call."
return 1
fi
# Check config file exists
check_config
# Create subshell & include config file
(
. "$CONFIG"
USB_WHITE_LIST[$in_rule_num]=
shell_config_set "$CONFIG" 'USB_WHITE_LIST' "($(for i in "${USB_WHITE_LIST[@]}"; do test -z "$i" && continue; echo -n "\"$(quote_shell "$i")\" "; done))"
)
# Apply changes
apply_changes
}
# ADD NEW ENTRY TO WHITE LIST
usb_add_new_rule() {
# Check correct invocation
if [ -z "$in_vendor" -a -z "$in_productid" -a -z "$in_serial" ]; then
write_error "Bad call."
return 1
fi
# Check config file exists
check_config
# Create subshell & include config file
(
. "$CONFIG"
# Test for existing rule
for i in "${USB_WHITE_LIST[@]}"; do
vendor="$(echo "$i" | cut -d ';' -f1)"
prodid="$(echo "$i" | cut -d ';' -f2)"
serial="$(echo "$i" | cut -d ';' -f3)"
info="$(echo "$i" | cut -d ';' -f4)"
if [ "$vendor" = "$in_vendor" -a "$prodid" = "$in_productid" -a "$serial" = "$in_serial" -a "$info" = "$in_info" ]; then
return
fi
done
shell_config_set "$CONFIG" 'USB_WHITE_LIST' "($(for i in "${USB_WHITE_LIST[@]}" "$in_vendor;$in_productid;$in_serial;$in_info"; do echo -n "\"$(quote_shell "$i")\" "; done))"
)
# Apply changes
apply_changes
}
# Control USB HID devices
usb_hid() {
# Check config file exists
check_config
# Update config
if [ "$in_allow_hid" = "#t" ] ; then
allow="yes"
else
allow="no"
fi
shell_config_set "$CONFIG" "USB_ALLOW_HID" "\"$allow\""
# Apply changes
apply_changes
}
# Add present USB device to whitelist
usb_add_prsnt() {
# Check correct invocation
if [ -z "$in_vendor_product" ]; then
write_error "Bad call."
return 1
fi
vendor="$(echo "$in_vendor_product" | cut -d ':' -f1)"
product="$(echo "$in_vendor_product" | cut -d ':' -f2)"
serial="$(echo "$in_vendor_product" | cut -d ':' -f3)"
info="$(echo "$in_vendor_product" | cut -d ':' -f4)"
[ -z "$vendor" ] && return
[ -z "$product" ] && return
in_vendor="$vendor" in_productid="$product" in_info="$info" in_serial="$serial" usb_add_new_rule
}
# MAIN LOOP
on_message() {
case "$in_action" in
read)
case "$in__objects" in
serial_port)
# READ SERIAL PORT STATUS
echo "[backend-portsctrl] read serial port settings" 1>&2
print_serial
;;
status)
# READ CONTROL STATUS FOR USB & SERIAL
echo "[backend-portsctrl] read status" 1>&2
print_status
;;
*)
# UNDEFINED READ REQUEST
echo "[backend-portsctrl] undefined read request: $in__objects" 1>&2
;;
esac
;;
write)
case "$in__objects" in
ctrl)
# TURN ON/OFF CONTROL
echo "[backend-portsctrl] write ports ctrl" 1>&2
control_ports
;;
serial)
# NEW SERIAL PORT PARAMETERS
echo "[backend-portsctrl] write serial port options" 1>&2
write_serial_options
;;
usb_rm)
# REMOVE ENTRY FROM WHITE LIST
echo "[backend-portsctrl] remove rule from whitelist" 1>&2
usb_rm_rule
;;
usb_add)
# ADD NEW ENTRY TO WHITE LIST
echo "[backend-portsctrl] add rule to whitelist" 1>&2
usb_add_new_rule
;;
usb_add_prsnt)
# ADD PRESENT USB DEVICE TO WHITE LIST
echo "[backend-portsctrl] add present USB device to whitelist" 1>&2
usb_add_prsnt
;;
usb_hid)
# CONTROL USB HID
echo "[backend-portsctrl] control USB HID" 1>&2
usb_hid
;;
*)
# UNDEFINED WRITE REQUEST
echo "[backend-portsctrl] undefined write request: $in__objects" 1>&2
;;
esac
;;
list)
case "$in__objects" in
list_serial)
# LIST SERIAL PORTS
echo "[backend-portsctrl] list serial ports" 1>&2
list_serial
;;
list_usb_rules)
# LIST USB WHITE LIST
echo "[backend-portsctrl] list whitelist" 1>&2
list_usb_rules
;;
list_serial_enabled)
# BOOL LIST: ON/OFF SERIAL PORT
echo "[backend-portsctrl] yes/no list for serial port" 1>&2
list_yes_no
;;
list_prsnt_devices)
# LIST PRESENT USB DEVICES
echo "[backend-portsctrl] list present devices" 1>&2
list_prsnt_devices
;;
*)
# UNDEFINED LIST REQUEST
echo "[backend-portsctrl] undefined list request: $in__objects" 1>&2
;;
esac
;;
*)
# UNDEFINED ACTION
:
;;
esac
}
message_loop
# vim: autoindent tabstop=2 shiftwidth=2 expandtab softtabstop=2 filetype=sh
alterator-ports-access-0.0.3/help/ 0000755 0000000 0000000 00000000000 12030010152 0017021 5 ustar 00root root 0000000 0000000 alterator-ports-access-0.0.3/help/en_US/ 0000755 0000000 0000000 00000000000 12030010152 0020032 5 ustar 00root root 0000000 0000000 alterator-ports-access-0.0.3/help/en_US/ports-access.html 0000644 0000000 0000000 00000002365 12030010152 0023334 0 ustar 00root root 0000000 0000000
Help - ALT Linux Console
Ports access control module
Serial ports access control
In this section displayed current configuration serial ports.
To grant or restrict access to specific serial port do next steps:
- Select desired serial port.
- Grant or restrict access to selected port.
- Press button Save serial port settings to confirm changes
- Unsure that serial ports control is on. See status section.
USB ports access control
Whitelist table displays allowed USB devices.
To remove rule from whitelist select desired rule in whitelist and press Delete selected rule button.
To grant access to specific USB device provide one (or all) Vendor code, Product ID, Serial number and press Add new rule button.
Status
This section allow disable or enable control for Serial ports or USB devices.
alterator-ports-access-0.0.3/help/ru_RU/ 0000755 0000000 0000000 00000000000 12030010152 0020055 5 ustar 00root root 0000000 0000000 alterator-ports-access-0.0.3/help/ru_RU/ports-access.html 0000644 0000000 0000000 00000004345 12030010152 0023357 0 ustar 00root root 0000000 0000000
Help - ALT Linux Console
Модуль контроля доступа к портам
Контроль последовательных портов
В этом разделе модуля показаны текущие настройки последовательных портов. Для
задания доступа к определённым портам, выполните следующие шаги:
- выберите желаемый порт;
- разрешите или запретите доступ к выбранному порту;
- используя кнопку Сохранить настройки последовательного порта сохраните настройки;
- посмотрите в раздел Статус, что бы убедиться в корректной работе настроек.
Контроль USB-портов
В таблице СПИСОК РАЗРЕШЕННЫХ УСТРОЙСТВ перечислены разрешеные USB
устройства. Для удаления правила из списка, выберите желаемое правило и
нажмите кнопку Удалить выбранное правило. Для помещения в список нового
правила на определенное USB устройство, укажите один (или все) из
индентификаторов: ID производителя, ID продукта, Серийный номер и нажмите
кнопку Добавить новое правило.
Статус
В этом разделе можно включить или отключить контроль за последовательными портами и USB устройствами.
alterator-ports-access-0.0.3/po/ 0000755 0000000 0000000 00000000000 12030010152 0016507 5 ustar 00root root 0000000 0000000 alterator-ports-access-0.0.3/po/alterator-ports-access.pot 0000644 0000000 0000000 00000006347 12030010152 0023646 0 ustar 00root root 0000000 0000000 # SOME DESCRIPTIVE TITLE.
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR , YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2012-09-19 18:20+0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME \n"
"Language-Team: LANGUAGE \n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=CHARSET\n"
"Content-Transfer-Encoding: 8bit\n"
#: standard input:1
msgid "Ports access control"
msgstr ""
#: standard input:1
msgid "Serial ports access control"
msgstr ""
#: standard input:2
msgid "Port"
msgstr ""
#: standard input:3
msgid "Enabled"
msgstr ""
#: standard input:4
msgid "Serial port settings"
msgstr ""
#: standard input:5 input:20
msgid "Value"
msgstr ""
#: standard input:6
msgid "Serial port:"
msgstr ""
#: standard input:8
msgid "Enabled:"
msgstr ""
#: standard input:9
msgid "Save serial port settings"
msgstr ""
#: standard input:10
msgid "USB ports access control"
msgstr ""
#: standard input:11
msgid "Allow any human interface devices (keyboard, mouse, joystick):"
msgstr ""
#: standard input:12
msgid "White list"
msgstr ""
#: standard input:13
msgid "Rule N"
msgstr ""
#: standard input:14 input:27
msgid "Vendor"
msgstr ""
#: standard input:15
msgid "ProdID"
msgstr ""
#: standard input:16 input:29
msgid "Serial"
msgstr ""
#: standard input:17
msgid "Rule info"
msgstr ""
#: standard input:18
msgid "Delete selected entry from white list"
msgstr ""
#: standard input:19
msgid "Rule parts"
msgstr ""
#: standard input:21
msgid "Vendor code:"
msgstr ""
#: standard input:22
msgid "Product ID:"
msgstr ""
#: standard input:23
msgid "Serial number:"
msgstr ""
#: standard input:24
msgid "Useful device info:"
msgstr ""
#: standard input:25
msgid "Add new entry to white list"
msgstr ""
#: standard input:26
msgid "Present USB devices in system"
msgstr ""
#: standard input:28
msgid "Product"
msgstr ""
#: standard input:30
msgid "Vendor ID"
msgstr ""
#: standard input:31
msgid "Product ID"
msgstr ""
#: standard input:32
msgid "Scan attached USB devices"
msgstr ""
#: standard input:33
msgid "Add selected device to white list"
msgstr ""
#: standard input:34
msgid "Status"
msgstr ""
#: standard input:35
msgid "Turn on serial control"
msgstr ""
#: standard input:36
msgid "Turn off serial control"
msgstr ""
#: standard input:37
msgid "Turn on USB control"
msgstr ""
#: standard input:38
msgid "Turn off USB control"
msgstr ""
#: ui/portsctrl/ajax.scm:27
msgid "please choose from the list above"
msgstr ""
#: ui/portsctrl/ajax.scm:100
msgid "Serial ports control activated"
msgstr ""
#: ui/portsctrl/ajax.scm:100
msgid "Serial ports control deactivated"
msgstr ""
#: ui/portsctrl/ajax.scm:101
msgid "USB ports control activated"
msgstr ""
#: ui/portsctrl/ajax.scm:101
msgid "USB ports control deactivated"
msgstr ""
#: backend3/portsctrl:27 backend3/portsctrl:51 backend3/portsctrl:67
#: backend3/portsctrl:182 backend3/portsctrl:200
msgid "Yes"
msgstr ""
#: backend3/portsctrl:28 backend3/portsctrl:59 backend3/portsctrl:195
msgid "No"
msgstr ""
#: backend3/portsctrl:139
msgid "None"
msgstr ""
alterator-ports-access-0.0.3/po/ru.po 0000644 0000000 0000000 00000011517 12030010152 0017502 0 ustar 00root root 0000000 0000000 # Alterator passwd-policy module Russian translation.
# Copyright (C) 2012 Andrew V. Stepanov
# This file is distributed under the same license as
# the alterator-passwd-policy package.
#
msgid ""
msgstr ""
"Project-Id-Version: 8.0\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2012-09-19 18:20+0400\n"
"PO-Revision-Date: 2008-10-29 19:36+0300\n"
"Last-Translator: Andrew V. Stepanov \n"
"Language-Team: Russian \n"
"Language: ru\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#: standard input:1
msgid "Ports access control"
msgstr "Контроль портов"
#: standard input:1
msgid "Serial ports access control"
msgstr "Контроль последовательных портов"
#: standard input:2
msgid "Port"
msgstr "Порт"
#: standard input:3
msgid "Enabled"
msgstr "Включен"
#: standard input:4
msgid "Serial port settings"
msgstr "Настройки последовательного порта"
#: standard input:5 input:20
msgid "Value"
msgstr "Значение"
#: standard input:6
msgid "Serial port:"
msgstr "Последовательный порт:"
#: standard input:8
msgid "Enabled:"
msgstr "Разрешен:"
#: standard input:9
msgid "Save serial port settings"
msgstr "Сохранить настройки последовательного порта"
#: standard input:10
msgid "USB ports access control"
msgstr "Контроль USB-портов"
#: standard input:11
msgid "Allow any human interface devices (keyboard, mouse, joystick):"
msgstr ""
#: standard input:12
msgid "White list"
msgstr "Список разрешенных устройств"
#: standard input:13
msgid "Rule N"
msgstr "Правило №"
#: standard input:14 input:27
msgid "Vendor"
msgstr "ID производителя"
#: standard input:15
msgid "ProdID"
msgstr "ID продукта"
#: standard input:16 input:29
msgid "Serial"
msgstr "Серийный №"
#: standard input:17
msgid "Rule info"
msgstr "Информация"
#: standard input:18
msgid "Delete selected entry from white list"
msgstr "Удалить выбранное правило"
#: standard input:19
msgid "Rule parts"
msgstr "Части правила"
#: standard input:21
msgid "Vendor code:"
msgstr "ID производителя:"
#: standard input:22
msgid "Product ID:"
msgstr "ID продукта:"
#: standard input:23
msgid "Serial number:"
msgstr "Серийный номер:"
#: standard input:24
msgid "Useful device info:"
msgstr "Полезная информация об устройстве:"
#: standard input:25
msgid "Add new entry to white list"
msgstr "Добавить новое правило"
#: standard input:26
msgid "Present USB devices in system"
msgstr "Подключенные USB устройства"
#: standard input:28
msgid "Product"
msgstr "Устройство"
#: standard input:30
msgid "Vendor ID"
msgstr "ID производителя"
#: standard input:31
msgid "Product ID"
msgstr "ID продукта"
#: standard input:32
msgid "Scan attached USB devices"
msgstr "Сканировать USB устройства"
#: standard input:33
msgid "Add selected device to white list"
msgstr "Разрешить выбранное устройство"
#: standard input:34
msgid "Status"
msgstr "Статус"
#: standard input:35
msgid "Turn on serial control"
msgstr "Включить контроль последовательных портов"
#: standard input:36
msgid "Turn off serial control"
msgstr "Выключить контроль последовательных портов"
#: standard input:37
msgid "Turn on USB control"
msgstr "Включить контроль USB-портов"
#: standard input:38
msgid "Turn off USB control"
msgstr "Выключить контроль USB-портов"
#: ui/portsctrl/ajax.scm:27
msgid "please choose from the list above"
msgstr "пожалуйста выберете из списка выше"
#: ui/portsctrl/ajax.scm:100
msgid "Serial ports control activated"
msgstr "Контроль последовательных портов активирован"
#: ui/portsctrl/ajax.scm:100
msgid "Serial ports control deactivated"
msgstr "Контроль последовательных портов выключен"
#: ui/portsctrl/ajax.scm:101
msgid "USB ports control activated"
msgstr "Контроль USB-портов активирован"
#: ui/portsctrl/ajax.scm:101
msgid "USB ports control deactivated"
msgstr "Контроль USB-портов выключен"
#: backend3/portsctrl:27 backend3/portsctrl:51 backend3/portsctrl:67
#: backend3/portsctrl:182 backend3/portsctrl:200
msgid "Yes"
msgstr "Да"
#: backend3/portsctrl:28 backend3/portsctrl:59 backend3/portsctrl:195
msgid "No"
msgstr "Нет"
#: backend3/portsctrl:139
msgid "None"
msgstr "Нет"
alterator-ports-access-0.0.3/rc.serial 0000644 0000000 0000000 00000000642 12030010152 0017700 0 ustar 00root root 0000000 0000000 #!/bin/sh
# This file is covered by the GNU General Public License.
# Copyright (C) 2012 Andrew V. Stepanov
# Set serial ports access settigs
# This file is part of alterator-ports-access package
readonly RUN_PROG="/usr/bin/alterator-ports-access"
if [ -f "$RUN_PROG" -a -x "$RUN_PROG" ]; then
"$RUN_PROG" -s
fi
# vim: autoindent tabstop=2 shiftwidth=2 expandtab softtabstop=2 filetype=sh
alterator-ports-access-0.0.3/udev-test-helper 0000644 0000000 0000000 00000000644 12030010152 0021215 0 ustar 00root root 0000000 0000000 #!/bin/sh
# USB HID devices has class ID == 03
# Test correct invocation
[ "$DEVTYPE" != "usb_device" ] && exit 1
[ "$SUBSYSTEM" != "usb" ] && exit 1
[ -z "$DEVPATH" ] && exit 1
dpath="/sys/$DEVPATH"
for i in $(find "$dpath" -name "bInterfaceClass"); do
class="$(cat "$i")"
[ "$class" = "03" ] && exit 0
done
# Not HID device
exit 1
# vim: autoindent tabstop=2 shiftwidth=2 expandtab softtabstop=2 filetype=sh
alterator-ports-access-0.0.3/ui/ 0000755 0000000 0000000 00000000000 12030010152 0016506 5 ustar 00root root 0000000 0000000 alterator-ports-access-0.0.3/ui/portsctrl/ 0000755 0000000 0000000 00000000000 12030010152 0020542 5 ustar 00root root 0000000 0000000 alterator-ports-access-0.0.3/ui/portsctrl/ajax.scm 0000644 0000000 0000000 00000016137 12030010152 0022201 0 ustar 00root root 0000000 0000000 (define-module (ui portsctrl ajax)
:use-module (alterator ajax)
:use-module (alterator woo)
:use-module (alterator card-index)
:export (init))
; Debug string (paste in for your needs).
;(format #t "XXX: ~S\n" rdp_profile_name)
; Select some USB rule
(define (usb-rule-selected)
(form-update-activity "btn_usb_rule_remove" #t))
; Select present USB device
(define (usb-prsnt-dev-selected)
(form-update-activity "btn_prsnt_dev_add" #t))
; Update widgets status
(define (widgets-update)
(format #t "[ajax,portsctrl] Update widgets status\n")
(form-update-activity "btn_serial_save" #f)
(form-update-activity "btn_usb_rule_remove" #f)
(form-update-activity "btn_prsnt_dev_add" #f)
(form-update-value "label_serial_selected" (_ "please choose from the list above" "alterator-ports-access")))
; Reset all values
(define (widgets-reset)
(format #t "[ajax,portsctrl] Reset all widgets\n")
(for-each (lambda(p) (form-update-value p ""))
'("label_usb_control"
"label_serial_control"
"label_serial_selected"
"list_serial_enabled"
"input_usb_vendor"
"input_usb_productid"
"input_usb_info"
"input_usb_serial")))
; Allow USB hid
(define (allow-usb-hid)
(catch/message
(lambda()
(woo-write "/portsctrl/usb_hid"
'allow_hid (form-value "bool_allow_hid")))))
; Force scan USB device
(define (prsnt-scan)
(format #t "[ajax,portsctrl] Force scan present devices\n")
(form-update-enum "list_prsnt_devices"
(woo-list "/portsctrl/list_prsnt_devices"
'force "yes"
'language (form-value "language")))
(form-update-activity "btn_prsnt_dev_add" #f)
(form-bind "list_prsnt_devices" "change" usb-prsnt-dev-selected))
; Read current settings
(define (read-current-status)
(format #t "[ajax,portsctrl] Read current status\n")
(and
; Reset widgets
(widgets-reset)
; Fill lists
(for-each
(lambda(lst)
(form-update-enum lst
(woo-list
(string-append "/portsctrl/" lst)
'language (form-value "language"))))
'("list_serial" "list_usb_rules" "list_serial_enabled" "list_prsnt_devices"))
; Rebind actions on lists
(form-bind "list_serial" "change" serial-edit)
(form-bind "list_usb_rules" "change" usb-rule-selected)
(form-bind "list_prsnt_devices" "change" usb-prsnt-dev-selected)
; Read current settings
(let* ((settings
(woo-read-first "/portsctrl/status"
'language (form-value "language")))
(usb-ctrl-on (woo-get-option settings 'usb_ctrl_on #f))
(usb-hid (woo-get-option settings 'usb_hid #f))
(serial-ctrl-on (woo-get-option settings 'serial_ctrl_on #f)))
(form-update-value "label_serial_control" (if serial-ctrl-on (_ "Serial ports control activated" "alterator-ports-access") (_ "Serial ports control deactivated" "alterator-ports-access")))
(form-update-value "label_usb_control" (if usb-ctrl-on (_ "USB ports control activated" "alterator-ports-access") (_ "USB ports control deactivated" "alterator-ports-access")))
(form-update-value "bool_allow_hid" usb-hid)
(form-update-visibility "btn_serial_off" serial-ctrl-on)
(form-update-visibility "btn_serial_on" (not serial-ctrl-on))
(form-update-visibility "btn_usb_off" usb-ctrl-on)
(form-update-visibility "btn_usb_on" (not usb-ctrl-on)))
; Update widgets status
(widgets-update)))
; Change control
(define (control proto enabled)
(format #t "[ajax,portsctrl] change control for ~S to ~S\n" proto enabled)
(catch/message
(lambda()
(woo-write "/portsctrl/ctrl"
'proto proto
'enabled enabled
'language (form-value "language"))))
(read-current-status))
; Turn ON serial control
(define (serial-ctrl-on)
(control "serial" #t))
; Turn OFF serial control
(define (serial-ctrl-off)
(control "serial" #f))
; Turn ON USB control
(define (usb-ctrl-on)
(control "usb" #t))
; Turn OFF USB control
(define (usb-ctrl-off)
(control "usb" #f))
; Save serial port settings
(define (serial-save)
(format #t "[ajax,portsctrl] Save serial port settings\n")
(catch/message
(lambda()
(woo-write "/portsctrl/serial"
'port (form-value "list_serial")
'enabled (form-value "list_serial_enabled")
'language (form-value "language"))))
(read-current-status))
; Remove selected entry from USB whitelist
(define (usb-rule-remove)
(format #t "[ajax,portsctrl] Remove selected rule from whitelist\n")
(catch/message
(lambda()
(woo-write "/portsctrl/usb_rm"
'rule_num (f-get-ci-value "list_usb_rules")
'language (form-value "language"))))
(read-current-status))
; Add new USB rule to white list
(define (usb-rule-new)
(format #t "[ajax,portsctrl] Add new entry to USB whitelist\n")
(catch/message
(lambda()
(woo-write "/portsctrl/usb_add"
'vendor (form-value "input_usb_vendor")
'productid (form-value "input_usb_productid")
'serial (form-value "input_usb_serial")
'info (form-value "input_usb_info")
'language (form-value "language"))))
(read-current-status))
; Add present USB device to white list
(define (prsnt-dev-add)
(format #t "[ajax,portsctrl] Add present USB device to whitelist\n")
(catch/message
(lambda()
(woo-write "/portsctrl/usb_add_prsnt"
'vendor_product (f-get-ci-value "list_prsnt_devices")
'language (form-value "language"))))
(read-current-status))
; Edit serial port setting
(define (serial-edit)
(format #t "[ajax,portsctrl] Edit serial port settings\n")
(let* ((port (f-get-ci-value "list_serial")))
(and
(string? port)
; Read current port settings
(let* ((settings
(woo-read-first "/portsctrl/serial_port"
'port port
'language (form-value "language"))))
(form-update-value-list '("label_serial_selected" "list_serial_enabled") settings))
(form-update-activity "btn_serial_save" #t))))
; Initialization routine
(define (init)
(format #t "[ajax,portsctrl] Run initialization routine\n")
; Interconnect button with action
(form-bind "btn_serial_save" "click" serial-save)
(form-bind "btn_usb_rule_remove" "click" usb-rule-remove)
(form-bind "btn_usb_new_rule" "click" usb-rule-new)
(form-bind "btn_prsnt_dev_add" "click" prsnt-dev-add)
(form-bind "btn_prsnt_scan" "click" prsnt-scan)
(form-bind "bool_allow_hid" "change" allow-usb-hid)
(form-bind "btn_serial_on" "click" serial-ctrl-on)
(form-bind "btn_serial_off" "click" serial-ctrl-off)
(form-bind "btn_usb_on" "click" usb-ctrl-on)
(form-bind "btn_usb_off" "click" usb-ctrl-off)
; Interface initialization
(read-current-status))
; vim: ft=lisp expandtab
alterator-ports-access-0.0.3/ui/portsctrl/index.html 0000644 0000000 0000000 00000017660 12030010152 0022551 0 ustar 00root root 0000000 0000000