summaryrefslogtreecommitdiffstats
path: root/perl-install/standalone/draksec
diff options
context:
space:
mode:
authorColin Guthrie <colin@mageia.org>2013-11-21 21:12:37 +0000
committerColin Guthrie <colin@mageia.org>2013-11-21 21:24:53 +0000
commit3b641cb27c28bdf42865ee15f7ccd2b6c9e9d3d1 (patch)
treeefa80eca1b88a28fdb4e52deee5717e934a6f983 /perl-install/standalone/draksec
parent7828203e308e62a47eac337a193d0fa1680b97d9 (diff)
downloaddrakx-3b641cb27c28bdf42865ee15f7ccd2b6c9e9d3d1.tar
drakx-3b641cb27c28bdf42865ee15f7ccd2b6c9e9d3d1.tar.gz
drakx-3b641cb27c28bdf42865ee15f7ccd2b6c9e9d3d1.tar.bz2
drakx-3b641cb27c28bdf42865ee15f7ccd2b6c9e9d3d1.tar.xz
drakx-3b641cb27c28bdf42865ee15f7ccd2b6c9e9d3d1.zip
polkit: Add support to draksec for writing polkit policy override rules.
This allows draksec to override things properly under polkit.
Diffstat (limited to 'perl-install/standalone/draksec')
-rwxr-xr-xperl-install/standalone/draksec52
1 files changed, 37 insertions, 15 deletions
diff --git a/perl-install/standalone/draksec b/perl-install/standalone/draksec
index b5fd5d5ca..a4716da9b 100755
--- a/perl-install/standalone/draksec
+++ b/perl-install/standalone/draksec
@@ -110,33 +110,54 @@ my %progs;
my $auth_string = N("Configure authentication required to access %s tools", N("Mageia"));
my %auth = (
+ default => N("Default"),
no_passwd => N("No password"),
root_passwd => N("Root password"),
user_passwd => N("User password"),
);
+my $polkit_rules_file = "/etc/polkit-1/rules.d/51-draksec.rules";
+my %overrides = map { if ( /case '([^']+)': return polkit\.Result\.(YES|AUTH_ADMIN_KEEP|AUTH_SELF_KEEP)/ ) { ($1, $2) } } cat_($polkit_rules_file);
+
+
sub default_auth_value {
my ($prog) = @_;
- my $link = readlink("/etc/pam.d/$prog");
- if ($link =~ /mageia-console-auth/) {
- return $auth{no_passwd};
- } elsif ($link =~ /mageia-simple-auth/) {
- my ($user) = cat_("/etc/security/console.apps/$prog") =~ /USER=(.*)/;
- return $auth{root_passwd} if $user eq 'root';
- return $auth{user_passwd} if $user eq '<user>';
- }
+
+ return $auth{no_passwd} if $overrides{$prog} eq 'YES';
+ return $auth{root_passwd} if $overrides{$prog} eq 'AUTH_ADMIN_KEEP';
+ return $auth{user_passwd} if $overrides{$prog} eq 'AUTH_SELF_KEEP';
+ return $auth{default};
}
sub set_auth_value {
my ($prog, $auth) = @_;
if ($auth eq 'no_passwd') {
- symlinkf('../../etc/pam.d/mageia-console-auth', "/etc/pam.d/$prog");
+ $overrides{$prog} = 'YES';
+ } elsif ($auth eq 'root_passwd') {
+ $overrides{$prog} = 'AUTH_ADMIN_KEEP';
+ } elsif ($auth eq 'user_passwd') {
+ $overrides{$prog} = 'AUTH_SELF_KEEP';
+ } else {
+ delete $overrides{$prog};
+ }
+}
+
+sub write_rules() {
+ my $contents = '';
+ keys %overrides;
+ while(my($k, $v) = each %overrides) {
+ $contents .= "case '$k': return polkit.Result.$v;\n" if ($k && $v);
+ }
+
+ if ($contents) {
+ output($polkit_rules_file, <<EOF);
+// This file is written by draksec. Do not edit.
+var drakToolAuth = function(tool){switch (tool){
+$contents
+}return polkit.Result.NOT_HANDLED;};
+EOF
} else {
- symlinkf('../../etc/pam.d/mageia-simple-auth', "/etc/pam.d/$prog");
- my $value = $auth eq 'user_passwd' ? '<user>' : 'root';
- substInFile {
- s/^USER=.*/USER=$value/;
- } "/etc/security/console.apps/$prog";
+ rm_rf($polkit_rules_file);
}
}
@@ -188,7 +209,7 @@ gtkpack_($vbox,
[
gtkshow(gtknew('Label_Left', line_wrap => 1, text => $descr{$_} || $_)),
$progs{$_} = new_nonedit_combo([
- @auth{qw(user_passwd root_passwd no_passwd)}
+ @auth{qw(default user_passwd root_passwd no_passwd)}
],
default_auth_value($_)
#$msec->get_check_value($opt)
@@ -217,6 +238,7 @@ gtkpack_($vbox,
set_auth_value($key, $rev_auth{$value});
}
+ write_rules();
remove_wait_msg($w);
ugtk2->exit(0);
}