diff options
| author | Till Kamppeter <tkamppeter@mandriva.com> | 2001-09-17 15:18:24 +0000 |
|---|---|---|
| committer | Till Kamppeter <tkamppeter@mandriva.com> | 2001-09-17 15:18:24 +0000 |
| commit | fd08f5da3ac309d5733dca24be6ab2ba57e6dcc3 (patch) | |
| tree | 3b26b2418448904825b17571bfe1a64604e3fcbf | |
| parent | 5d84b8b96d48ecfb62c8d3b665b4cb6d1db8ea2f (diff) | |
| download | drakx-fd08f5da3ac309d5733dca24be6ab2ba57e6dcc3.tar drakx-fd08f5da3ac309d5733dca24be6ab2ba57e6dcc3.tar.gz drakx-fd08f5da3ac309d5733dca24be6ab2ba57e6dcc3.tar.bz2 drakx-fd08f5da3ac309d5733dca24be6ab2ba57e6dcc3.tar.xz drakx-fd08f5da3ac309d5733dca24be6ab2ba57e6dcc3.zip | |
Added handling of high and paranoid security levels.
| -rw-r--r-- | perl-install/printer.pm | 62 | ||||
| -rw-r--r-- | perl-install/printerdrake.pm | 65 |
2 files changed, 126 insertions, 1 deletions
diff --git a/perl-install/printer.pm b/perl-install/printer.pm index 09391ee77..eb0122dc0 100644 --- a/perl-install/printer.pm +++ b/perl-install/printer.pm @@ -188,6 +188,68 @@ sub network_status { return 1; } +sub get_security_level { + # Get security level by reading /etc/profile (only after install). + # This is a preliminary solution until msec puts the security level + # definition into the correct file. + $file = "/etc/profile"; + if (-f $file) { + local *F; + open F, "< $file" || return 0; + while (<F>) { + if ($_ =~ /^\s*SECURE_LEVEL=([0-5])\s*$/) { + close F; + return $1; + } + } + close F; + } + return 0; +} + + +sub spooler_in_security_level { + # Was the current spooler already added to the current security level? + my ($spooler, $level) = @_; + my $sp; + if (($spooler eq "lpr") || ($spooler eq "lprng")) { + $sp = "lpd"; + } else { + $sp = $spooler; + } + $file = "$prefix/etc/security/msec/server.$level"; + if (-f $file) { + local *F; + open F, "< $file" || return 0; + while (<F>) { + if ($_ =~ /^\s*$sp\s*$/) { + close F; + return 1; + } + } + close F; + } + return 0; +} + +sub add_spooler_to_security_level { + my ($spooler, $level) = @_; + my $sp; + if (($spooler eq "lpr") || ($spooler eq "lprng")) { + $sp = "lpd"; + } else { + $sp = $spooler; + } + $file = "$prefix/etc/security/msec/server.$level"; + if (-f $file) { + local *F; + open F, ">> $file" || return 0; + print F "$sp\n"; + close F; + } + return 1; +} + sub files_exist { my @files = @_; for (@files) { diff --git a/perl-install/printerdrake.pm b/perl-install/printerdrake.pm index 602919ac7..d19790a87 100644 --- a/perl-install/printerdrake.pm +++ b/perl-install/printerdrake.pm @@ -1465,6 +1465,64 @@ can set up local printers usable from your local machine. How do 1; } +sub security_check { + # Check the security mode and when in "high" or "paranoid" mode ask the + # user whether he really wants to configure printing. + my ($printer, $in, $spooler) = @_; + $in->set_help('securityCheck') if $::isInstall; + + # Get security level + my $security = undef; + if ($::isInstall) { + $security = $in->{'security'}; + } else { + $security = printer::get_security_level(); + } + + # Exit silently if the spooler is PDQ + if ($spooler eq "pdq") {return 1;} + + # Exit silently in medium or lower security levels + if ((!$security) || ($security < 4)) {return 1;} + + # Exit silently if the current spooler is already activated for the current + # security level + if (printer::spooler_in_security_level($spooler, $security)) {return 1;} + + # Tell user in which security mode he is and ask him whether he really + # wants to activate the spooler in the given security mode. Stop the + # operation of installing the spooler if he disagrees. + my $securitystr = ($security == 4 ? _("high") : _("paranoid")); + if ($in->ask_yesorno(_("Installing a printing system in the %s security level", $securitystr), + _("You are about to install the printing system %s on +a system running in the %s security level. + +This printing system runs a daemon (background process) +which waits for print jobs and handles them. This daemon +is also accessable by remote machines through the network +and so it is a possible point for attacks. Therefore only +a few selected daemons are started by default in this +security level. + +Do you reeally want to configure printing on this +machine?", + $printer::shortspooler_inv{$spooler}, + $securitystr))) { + print "##### secyes\n"; + printer::add_spooler_to_security_level($spooler, $security); + my $service; + if (($spooler eq "lpr") || ($spooler eq "lprng")) { + $service = "lpd"; + } else { + $service = $spooler; + } + printer::start_service_on_boot($service); + return 1; + } else { + return 0; + } +} + sub start_spooler_on_boot { # Checks whether the spooler will be started at boot time and if not, # ask the user whether he wants to start the spooler at boot time. @@ -1481,7 +1539,7 @@ system is a potential point for attacks. Do you want to have the automatic starting of the printing system turned on again?", - $printer::shortspooler_inv{$printer->{SPOOLER}})), 1) { + $printer::shortspooler_inv{$printer->{SPOOLER}}))) { printer::start_service_on_boot($service); } } @@ -1492,6 +1550,11 @@ sub install_spooler { # installs the default spooler and start its daemon my ($printer, $in) = @_; if (!$::testing) { + # If the user refuses to install the spooler in high or paranoid + # security level, exit. + if (!security_check($printer, $in, $printer->{SPOOLER})) { + return 0; + } if ($printer->{SPOOLER} eq "cups") { { my $w = $in->wait_message('', _("Checking installed software...")); |