summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorColin Guthrie <colin@mageia.org>2013-09-04 20:15:38 +0100
committerColin Guthrie <colin@mageia.org>2013-09-06 15:29:45 +0100
commitc9ecd03156418390fa28b12825beb90626709c95 (patch)
tree4971c41238f93ab3297d431aaf9e2fe9fe999278
parentb7fa02336d4bfe8b9391d08ad0b6554a68a673e3 (diff)
downloaddrakx-c9ecd03156418390fa28b12825beb90626709c95.tar
drakx-c9ecd03156418390fa28b12825beb90626709c95.tar.gz
drakx-c9ecd03156418390fa28b12825beb90626709c95.tar.bz2
drakx-c9ecd03156418390fa28b12825beb90626709c95.tar.xz
drakx-c9ecd03156418390fa28b12825beb90626709c95.zip
Convert to polkit from usermode consolehelper for gaining root privileges
polkit is better integrated into various environments, both console and GUI and offers better access rules and prevents the internal need to run su which is prone to errors and doesn't offer an environment agnostic prompt to the user. In this case the current package policy (in rpm spec) has been migrated here and is as follows: drakclock requires no authentication to run (just a console login) drakfont requires authentication as the current user. drakups, drakauth, draklog and drakxservices require authentication as and administrator.
-rw-r--r--perl-install/Makefile.drakxtools11
-rw-r--r--perl-install/polkit/policy/org.mageia.drakauth.policy22
-rw-r--r--perl-install/polkit/policy/org.mageia.drakboot.policy22
-rw-r--r--perl-install/polkit/policy/org.mageia.drakclock.policy22
-rw-r--r--perl-install/polkit/policy/org.mageia.drakfont.policy22
-rw-r--r--perl-install/polkit/policy/org.mageia.draklog.policy22
-rw-r--r--perl-install/polkit/policy/org.mageia.drakups.policy22
-rw-r--r--perl-install/polkit/policy/org.mageia.drakxservices.policy22
-rwxr-xr-xperl-install/polkit/wrappers/drakauth2
-rwxr-xr-xperl-install/polkit/wrappers/drakboot2
-rwxr-xr-xperl-install/polkit/wrappers/drakclock2
-rwxr-xr-xperl-install/polkit/wrappers/drakfont2
-rwxr-xr-xperl-install/polkit/wrappers/draklog2
-rwxr-xr-xperl-install/polkit/wrappers/drakups2
-rwxr-xr-xperl-install/polkit/wrappers/drakxservices2
15 files changed, 177 insertions, 2 deletions
diff --git a/perl-install/Makefile.drakxtools b/perl-install/Makefile.drakxtools
index a5a9394e2..92b2951e4 100644
--- a/perl-install/Makefile.drakxtools
+++ b/perl-install/Makefile.drakxtools
@@ -16,10 +16,12 @@ DATADIR = $(PREFIX)/usr/share
ICONSDIR= $(DATADIR)/icons
BINDEST = $(PREFIX)/usr/bin
SBINDEST = $(PREFIX)/usr/sbin
+LIBEXECDEST = $(PREFIX)/usr/libexec
ETCDEST = $(PREFIX)/etc/gtk
LIBDEST = $(LIBDIR)/$(NAME)
PIXDIR = $(DATADIR)/$(NAME)/pixmaps
INITDIR = $(PREFIX)/etc/rc.d/init.d
+POLKITPOLICYDEST = $(PREFIX)/usr/share/polkit-1/actions
.PHONY: $(DIRS)
all: ../tools/rpcinfo-flushed $(DIRS)
@@ -30,7 +32,7 @@ $(DIRS):
install:
perl -pi -e "s/\"VER\"(; # version)/\"$(VERSION)\"\1/" standalone.pm
- mkdir -p $(BINDEST) $(ETCDEST) $(SBINDEST) $(DATADIR)/{applications,harddrake,pixmaps,icons/{large,mini},autostart} $(PIXDIR) $(INITDIR) $(MENUDIR)
+ mkdir -p $(BINDEST) $(ETCDEST) $(SBINDEST) $(DATADIR)/{applications,harddrake,pixmaps,icons/{large,mini},autostart} $(PIXDIR) $(INITDIR) $(MENUDIR) $(LIBEXECDEST) $(POLKITPOLICYDEST)
install -d $(INLIBDEST_DIRS:%=$(LIBDEST)/%)
install $(STANDALONEPMS) standalone/convert $(SBINDEST)
install -s ../tools/rpcinfo-flushed ../tools/serial_probe/serial_probe $(SBINDEST)
@@ -42,6 +44,11 @@ install:
mv -f $(SBINDEST)/display_help $(BINDEST)
mv -f $(SBINDEST)/display_release_notes.pl $(BINDEST)
mv -f $(SBINDEST)/localedrake $(BINDEST)
+ # All the things handled by polkit
+ mv -f $(SBINDEST)/drak{auth,boot,clock,font,ups,xservices} $(LIBEXECDEST)
+ mv -f $(SBINDEST)/logdrake $(LIBEXECDEST)/draklog
+ install polkit/wrappers/* $(BINDEST)
+ install polkit/policy/* $(POLKITPOLICYDEST)
install -m 644 *.pm $(LIBDEST)
for i in $(PMS_DIRS); do install -d $(LIBDEST)/$$i ; install -m 644 $$i/*.pm $(LIBDEST)/$$i/;done
@@ -78,7 +85,7 @@ install:
ln -s {drakclock,$(SBINDEST)/clock.pl}
ln -s {harddrake2,$(SBINDEST)/drakhardware}
ln -s {localedrake,$(BINDEST)/draklocale}
- ln -s {logdrake,$(SBINDEST)/draklog}
+ ln -s {draklog,$(BINDEST)/logdrake}
ln -s {scannerdrake,$(SBINDEST)/drakscanner}
check:
diff --git a/perl-install/polkit/policy/org.mageia.drakauth.policy b/perl-install/polkit/policy/org.mageia.drakauth.policy
new file mode 100644
index 000000000..905be635e
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakauth.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakauth.pkexec.run">
+ <description>Run Mageia Authentication Configuration</description>
+ <message>Authentication is required to run Mageia Authentication Configuration</message>
+ <icon_name>drakconf</icon_name>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakauth</annotate>
+ <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.drakboot.policy b/perl-install/polkit/policy/org.mageia.drakboot.policy
new file mode 100644
index 000000000..e41372f73
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakboot.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakboot.pkexec.run">
+ <description>Run Mageia Boot Configuration</description>
+ <message>Authentication is required to run Mageia Boot Configuration</message>
+ <icon_name>drakconf</icon_name>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakboot</annotate>
+ <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.drakclock.policy b/perl-install/polkit/policy/org.mageia.drakclock.policy
new file mode 100644
index 000000000..627f8745b
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakclock.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakclock.pkexec.run">
+ <description>Run Mageia Date and Time Configuration</description>
+ <message>Authentication is required to run Mageia Date and Time Configuration</message>
+ <icon_name>drakconf</icon_name>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakclock</annotate>
+ <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.drakfont.policy b/perl-install/polkit/policy/org.mageia.drakfont.policy
new file mode 100644
index 000000000..c4837cca5
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakfont.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakfont.pkexec.run">
+ <description>Run Mageia Font Configuration</description>
+ <message>Authentication is required to run Mageia Font Configuration</message>
+ <icon_name>drakconf</icon_name>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>auth_self_keep</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakfont</annotate>
+ <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.draklog.policy b/perl-install/polkit/policy/org.mageia.draklog.policy
new file mode 100644
index 000000000..85842378f
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.draklog.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.draklog.pkexec.run">
+ <description>Run Mageia Log Viewer</description>
+ <message>Authentication is required to run Mageia Log Viewer</message>
+ <icon_name>drakconf</icon_name>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/draklog</annotate>
+ <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.drakups.policy b/perl-install/polkit/policy/org.mageia.drakups.policy
new file mode 100644
index 000000000..2af273084
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakups.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakups.pkexec.run">
+ <description>Run Mageia UPS Configuration</description>
+ <message>Authentication is required to run Mageia UPS Configuration</message>
+ <icon_name>drakconf</icon_name>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakups</annotate>
+ <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.drakxservices.policy b/perl-install/polkit/policy/org.mageia.drakxservices.policy
new file mode 100644
index 000000000..daa9a7267
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakxservices.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakxservices.pkexec.run">
+ <description>Run Mageia Service Configuration</description>
+ <message>Authentication is required to run Mageia Service Configuration</message>
+ <icon_name>drakconf</icon_name>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakxservices</annotate>
+ <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/wrappers/drakauth b/perl-install/polkit/wrappers/drakauth
new file mode 100755
index 000000000..b6bcf029d
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakauth
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakauth $*
diff --git a/perl-install/polkit/wrappers/drakboot b/perl-install/polkit/wrappers/drakboot
new file mode 100755
index 000000000..477ed03af
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakboot
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakboot $*
diff --git a/perl-install/polkit/wrappers/drakclock b/perl-install/polkit/wrappers/drakclock
new file mode 100755
index 000000000..1c10aa7b3
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakclock
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakclock $*
diff --git a/perl-install/polkit/wrappers/drakfont b/perl-install/polkit/wrappers/drakfont
new file mode 100755
index 000000000..664865f0a
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakfont
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakfont $*
diff --git a/perl-install/polkit/wrappers/draklog b/perl-install/polkit/wrappers/draklog
new file mode 100755
index 000000000..b552273dd
--- /dev/null
+++ b/perl-install/polkit/wrappers/draklog
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/draklog $*
diff --git a/perl-install/polkit/wrappers/drakups b/perl-install/polkit/wrappers/drakups
new file mode 100755
index 000000000..e2c892b64
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakups
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakups $*
diff --git a/perl-install/polkit/wrappers/drakxservices b/perl-install/polkit/wrappers/drakxservices
new file mode 100755
index 000000000..f4bb18b41
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakxservices
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakxservices $*