Convert to polkit from usermode consolehelper for gaining root privileges

polkit is better integrated into various environments, both console and GUI and offers better access rules and prevents the internal need to run su which is prone to errors and doesn't offer an environment agnostic prompt to the user. In this case the current package policy (in rpm spec) has been migrated here and is as follows: drakclock requires no authentication to run (just a console login) drakfont requires authentication as the current user. drakups, drakauth, draklog and drakxservices require authentication as and administrator.
author: Colin Guthrie <colin@mageia.org> 2013-09-04 20:15:38 +0100
committer: Colin Guthrie <colin@mageia.org> 2013-09-06 15:29:45 +0100
commit: c9ecd03156418390fa28b12825beb90626709c95 (patch)
tree: 4971c41238f93ab3297d431aaf9e2fe9fe999278
parent: b7fa02336d4bfe8b9391d08ad0b6554a68a673e3 (diff)
download: drakx-c9ecd03156418390fa28b12825beb90626709c95.tar
drakx-c9ecd03156418390fa28b12825beb90626709c95.tar.gz
drakx-c9ecd03156418390fa28b12825beb90626709c95.tar.bz2
drakx-c9ecd03156418390fa28b12825beb90626709c95.tar.xz
drakx-c9ecd03156418390fa28b12825beb90626709c95.zip
15 files changed, 177 insertions, 2 deletions
diff --git a/perl-install/Makefile.drakxtools b/perl-install/Makefile.drakxtools
index a5a9394e2..92b2951e4 100644
--- a/perl-install/Makefile.drakxtools
+++ b/perl-install/Makefile.drakxtools
@@ -16,10 +16,12 @@ DATADIR = $(PREFIX)/usr/share
 ICONSDIR= $(DATADIR)/icons
 BINDEST = $(PREFIX)/usr/bin
 SBINDEST = $(PREFIX)/usr/sbin
+LIBEXECDEST = $(PREFIX)/usr/libexec
 ETCDEST = $(PREFIX)/etc/gtk
 LIBDEST = $(LIBDIR)/$(NAME)
 PIXDIR = $(DATADIR)/$(NAME)/pixmaps
 INITDIR =  $(PREFIX)/etc/rc.d/init.d
+POLKITPOLICYDEST = $(PREFIX)/usr/share/polkit-1/actions
 .PHONY: $(DIRS)
 
 all: ../tools/rpcinfo-flushed $(DIRS)
@@ -30,7 +32,7 @@ $(DIRS):
 
 install:
 	perl -pi -e "s/\"VER\"(; # version)/\"$(VERSION)\"\1/" standalone.pm
-	mkdir -p $(BINDEST) $(ETCDEST) $(SBINDEST) $(DATADIR)/{applications,harddrake,pixmaps,icons/{large,mini},autostart} $(PIXDIR) $(INITDIR) $(MENUDIR)
+	mkdir -p $(BINDEST) $(ETCDEST) $(SBINDEST) $(DATADIR)/{applications,harddrake,pixmaps,icons/{large,mini},autostart} $(PIXDIR) $(INITDIR) $(MENUDIR) $(LIBEXECDEST) $(POLKITPOLICYDEST)
 	install -d $(INLIBDEST_DIRS:%=$(LIBDEST)/%)
 	install $(STANDALONEPMS) standalone/convert $(SBINDEST)
 	install -s ../tools/rpcinfo-flushed ../tools/serial_probe/serial_probe $(SBINDEST)
@@ -42,6 +44,11 @@ install:
 	mv -f $(SBINDEST)/display_help $(BINDEST)
 	mv -f $(SBINDEST)/display_release_notes.pl $(BINDEST)
 	mv -f $(SBINDEST)/localedrake $(BINDEST)
+	# All the things handled by polkit
+	mv -f $(SBINDEST)/drak{auth,boot,clock,font,ups,xservices} $(LIBEXECDEST)
+	mv -f $(SBINDEST)/logdrake $(LIBEXECDEST)/draklog
+	install polkit/wrappers/* $(BINDEST)
+	install polkit/policy/* $(POLKITPOLICYDEST)
 
 	install -m 644 *.pm $(LIBDEST)
 	for i in $(PMS_DIRS); do install -d $(LIBDEST)/$$i ; install -m 644 $$i/*.pm $(LIBDEST)/$$i/;done
@@ -78,7 +85,7 @@ install:
 	ln -s {drakclock,$(SBINDEST)/clock.pl}
 	ln -s {harddrake2,$(SBINDEST)/drakhardware}
 	ln -s {localedrake,$(BINDEST)/draklocale}
-	ln -s {logdrake,$(SBINDEST)/draklog}
+	ln -s {draklog,$(BINDEST)/logdrake}
 	ln -s {scannerdrake,$(SBINDEST)/drakscanner}
 
 check:
diff --git a/perl-install/polkit/policy/org.mageia.drakauth.policy b/perl-install/polkit/policy/org.mageia.drakauth.policy
new file mode 100644
index 000000000..905be635e
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakauth.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakauth.pkexec.run">
+    <description>Run Mageia Authentication Configuration</description>
+    <message>Authentication is required to run Mageia Authentication Configuration</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakauth</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.drakboot.policy b/perl-install/polkit/policy/org.mageia.drakboot.policy
new file mode 100644
index 000000000..e41372f73
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakboot.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakboot.pkexec.run">
+    <description>Run Mageia Boot Configuration</description>
+    <message>Authentication is required to run Mageia Boot Configuration</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakboot</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.drakclock.policy b/perl-install/polkit/policy/org.mageia.drakclock.policy
new file mode 100644
index 000000000..627f8745b
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakclock.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakclock.pkexec.run">
+    <description>Run Mageia Date and Time Configuration</description>
+    <message>Authentication is required to run Mageia Date and Time Configuration</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>yes</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakclock</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.drakfont.policy b/perl-install/polkit/policy/org.mageia.drakfont.policy
new file mode 100644
index 000000000..c4837cca5
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakfont.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakfont.pkexec.run">
+    <description>Run Mageia Font Configuration</description>
+    <message>Authentication is required to run Mageia Font Configuration</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_self_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakfont</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.draklog.policy b/perl-install/polkit/policy/org.mageia.draklog.policy
new file mode 100644
index 000000000..85842378f
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.draklog.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.draklog.pkexec.run">
+    <description>Run Mageia Log Viewer</description>
+    <message>Authentication is required to run Mageia Log Viewer</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/draklog</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.drakups.policy b/perl-install/polkit/policy/org.mageia.drakups.policy
new file mode 100644
index 000000000..2af273084
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakups.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakups.pkexec.run">
+    <description>Run Mageia UPS Configuration</description>
+    <message>Authentication is required to run Mageia UPS Configuration</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakups</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.drakxservices.policy b/perl-install/polkit/policy/org.mageia.drakxservices.policy
new file mode 100644
index 000000000..daa9a7267
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakxservices.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakxservices.pkexec.run">
+    <description>Run Mageia Service Configuration</description>
+    <message>Authentication is required to run Mageia Service Configuration</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakxservices</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/wrappers/drakauth b/perl-install/polkit/wrappers/drakauth
new file mode 100755
index 000000000..b6bcf029d
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakauth
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakauth $*
diff --git a/perl-install/polkit/wrappers/drakboot b/perl-install/polkit/wrappers/drakboot
new file mode 100755
index 000000000..477ed03af
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakboot
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakboot $*
diff --git a/perl-install/polkit/wrappers/drakclock b/perl-install/polkit/wrappers/drakclock
new file mode 100755
index 000000000..1c10aa7b3
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakclock
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakclock $*
diff --git a/perl-install/polkit/wrappers/drakfont b/perl-install/polkit/wrappers/drakfont
new file mode 100755
index 000000000..664865f0a
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakfont
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakfont $*
diff --git a/perl-install/polkit/wrappers/draklog b/perl-install/polkit/wrappers/draklog
new file mode 100755
index 000000000..b552273dd
--- /dev/null
+++ b/perl-install/polkit/wrappers/draklog
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/draklog $*
diff --git a/perl-install/polkit/wrappers/drakups b/perl-install/polkit/wrappers/drakups
new file mode 100755
index 000000000..e2c892b64
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakups
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakups $*
diff --git a/perl-install/polkit/wrappers/drakxservices b/perl-install/polkit/wrappers/drakxservices
new file mode 100755
index 000000000..f4bb18b41
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakxservices
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakxservices $*
author	Colin Guthrie <colin@mageia.org>	2013-09-04 20:15:38 +0100
committer	Colin Guthrie <colin@mageia.org>	2013-09-06 15:29:45 +0100
commit	c9ecd03156418390fa28b12825beb90626709c95 (patch)
tree	4971c41238f93ab3297d431aaf9e2fe9fe999278
parent	b7fa02336d4bfe8b9391d08ad0b6554a68a673e3 (diff)
download	drakx-c9ecd03156418390fa28b12825beb90626709c95.tar drakx-c9ecd03156418390fa28b12825beb90626709c95.tar.gz drakx-c9ecd03156418390fa28b12825beb90626709c95.tar.bz2 drakx-c9ecd03156418390fa28b12825beb90626709c95.tar.xz drakx-c9ecd03156418390fa28b12825beb90626709c95.zip