Convert to polkit from usermode consolehelper for gaining root privileges

polkit is better integrated into various environments, both console and GUI
and offers better access rules and prevents the internal need to run
su which is prone to errors and doesn't offer an environment agnostic
prompt to the user.

As pkexec does not like being run from a forked process, the forking
in the wrapper when running under X has been dropped.

mga#11125

7 files changed, 57 insertions, 12 deletions

diff --git a/Makefile b/Makefile
index fc4172f7..d65304ca 100644
--- a/Makefile
+++ b/Makefile
@@ -25,15 +25,17 @@ clean:
 install: all
 	$(MAKE) -C po $@
 	find -name '*.p[lm]' -o -name control-center -o -name drakconf | xargs perl -pi -e 's/\s*use\s+(diagnostics|vars|strict).*//g'
-	install -d $(DESTDIR)/usr/{bin/,share/icons}
-	install -d $(DESTDIR)/usr/sbin
+	install -d $(DESTDIR)/usr/{bin,sbin,libexec,share/icons,share/polkit-1/actions}
 	install -d $(mcc_dir)/themes/default/
 	install -m644 control-center.rc $(mcc_dir)/themes/default/gtkrc
-	install -m755 $(NAME) $(DESTDIR)/usr/sbin/$(NAME).real
+	install -m755 $(NAME) $(DESTDIR)/usr/libexec/
+	install -m644 polkit/org.mageia.control-centre.policy $(DESTDIR)/usr/share/polkit-1/actions
 	install -m755 wrapper $(DESTDIR)/usr/bin/$(NAME)
 	install -m755 menus_launcher.pl $(DESTDIR)/usr/sbin/
 	install -m755 print_launcher.pl $(DESTDIR)/usr/sbin/
-	install -m755 drakxconf $(DESTDIR)/usr/sbin/
+	install -m755 drakxconf $(DESTDIR)/usr/libexec/
+	install -m644 polkit/org.mageia.control-centre-gui.policy $(DESTDIR)/usr/share/polkit-1/actions
+	install -m755 polkit/drakxconf $(DESTDIR)/usr/bin
 	install -m755 drakconsole $(DESTDIR)/usr/sbin/
 	install -m755 mdkwebadmin.pl $(DESTDIR)/usr/bin/
 	for d in $(SUBDIRS); do ( cd $$d ; make $@ ) ; done
diff --git a/NEWS b/NEWS
index 5a1917f2..5ababac2 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,4 @@
+- use polkit for authorisation (mga#11125)
 - further delay event for slow machines (mga#10289)
 
 Version 12.39 - 18 June 2013 Thierry Vignaud
diff --git a/drakxconf b/drakxconf
index fae4fc7c..3d2bfee2 100755
--- a/drakxconf
+++ b/drakxconf
@@ -17,7 +17,7 @@ delete $ENV{DISPLAY};
 /-h/ and die "usage: drakxconf\n";
 /-version/ and die 'version: $Id: drakxconf 254567 2009-03-23 09:22:59Z tv $\n';
 
-my $in = 'interactive'->vnew('su', 'default');
+my $in = 'interactive'->vnew;
 
 my @l = map {
     my $path;
diff --git a/polkit/drakxconf b/polkit/drakxconf
new file mode 100755
index 00000000..db38e46a
--- /dev/null
+++ b/polkit/drakxconf
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakxconf
diff --git a/polkit/org.mageia.control-centre-gui.policy b/polkit/org.mageia.control-centre-gui.policy
new file mode 100644
index 00000000..2e25fe17
--- /dev/null
+++ b/polkit/org.mageia.control-centre-gui.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia Control Centre GUI</vendor>
+ <vendor_url>http://mageia.org/control-centre-gui</vendor_url>
+
+ <action id="org.mageia.control-centre-gui.pkexec.run">
+    <description>Run Mageia Control Centre GUI</description>
+    <message>Authentication is required to run Mageia Control Centre GUI</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakconf</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/org.mageia.control-centre.policy b/polkit/org.mageia.control-centre.policy
new file mode 100644
index 00000000..bdc43663
--- /dev/null
+++ b/polkit/org.mageia.control-centre.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia Control Centre</vendor>
+ <vendor_url>http://mageia.org/control-centre</vendor_url>
+
+ <action id="org.mageia.control-centre.pkexec.run">
+    <description>Run Mageia Control Centre</description>
+    <message>Authentication is required to run Mageia Control Centre</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakxconf</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/wrapper b/wrapper
index 8fda9f2f..56627542 100644
--- a/wrapper
+++ b/wrapper
@@ -27,12 +27,8 @@
 use lib qw(/usr/lib/libDrakX);
 use common;
 
-if (!check_for_xserver()) {
-    exec ("/usr/sbin/drakxconf @ARGV; reset");
+if (check_for_xserver()) {
+    exec ("/usr/bin/pkexec", "/usr/libexec/drakconf", @ARGV);
 } else {
-    unless (my $pid = fork) {
-     print "cannot fork\n" unless defined $pid;
-     exec ("/usr/sbin/drakconf.real", @ARGV);
-    }
-
+    exec ("/usr/bin/pkexec", "/usr/libexec/drakxconf", @ARGV);
 }