1 files changed, 52 insertions, 59 deletions
diff --git a/perl-install/security/level.pm b/perl-install/security/level.pm
index fabc9f150..bb3d9ddf2 100644
--- a/perl-install/security/level.pm
+++ b/perl-install/security/level.pm
@@ -2,86 +2,79 @@ package security::level;
 
 use strict;
 use common;
+use run_program;
+# perl_checker: require interactive
 
-my %level_list = (
-                  0 => N("Welcome To Crackers"),
-                  1 => N("Poor"),
-                  2 => N("Standard"),
-                  3 => N("High"),
-                  4 => N("Higher"),
-                  5 => N("Paranoid"),
-                  );
-
-my @sec_levels = map { $level_list{$_} } (0..5); # enforce order
-
-
-sub get_common_list {
-    map { $level_list{$_} } (2, 3, 4);
+sub level_list() {
+    (
+     0 => N("Disable msec"),
+     1 => N("Standard"),
+     2 => N("Secure"),
+    );
 }
 
-sub get_full_list {
-    
-}
+sub to_string { +{ level_list() }->{$_[0]} }
+sub from_string { +{ reverse level_list() }->{$_[0]} || 2 }
 
-sub get {
-    cat_("$::prefix/etc/profile")           =~ /export SECURE_LEVEL=(\d+)/ && $1 || #- 8.0 msec
-    cat_("$::prefix/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ && $1 || #- 8.1 msec
-      ${{ getVarsFromSh("$::prefix/etc/sysconfig/msec") }}{SECURE_LEVEL}  || #- 8.2 msec
-	$ENV{SECURE_LEVEL};
+sub rawlevel_list() {
+    (
+     0 => 'none',
+     1 => 'standard',
+     2 => 'secure',
+    );
 }
 
+sub to_lowlevel_string { +{ rawlevel_list() }->{$_[0]} }
+sub from_lowlevel_string { +{ reverse rawlevel_list() }->{$_[0]} || 2 }
+
+sub get_string() { to_string(get() || 2) }
+sub get_common_list() { map { to_string($_) } (1, 2, 3, 4, 5) }
 
-sub get_string {
-    return $sec_levels[get()] || 2
+sub get() {
+    my $level = ${{ getVarsFromSh("$::prefix/etc/security/msec/security.conf") }}{BASE_LEVEL} || #- 2009.1 msec
+    "standard";
+    from_lowlevel_string($level);
 }
 
 sub set {
-    my %sec_levels = reverse %level_list;
-    my $run_level = $sec_levels{$_[0]};
-    print "set level: $_[0] -> $run_level\n";
-    print $::prefix, "/usr/sbin/msec ", $run_level || 3, "\n";
-    require run_program;
-    run_program::rooted($::prefix, "/usr/sbin/msec", $run_level || 3);
+    my ($security) = @_;
+    my @levelnames = ('none', 'standard', 'secure');
+    # use Standard level if specified level is out of range
+    $security = 1 if $security > $#levelnames;
+    run_program::rooted($::prefix, 'msec', '-q', '-f', $levelnames[$security]);
+    run_program::rooted($::prefix, 'msecperms', '-q', '-e', $levelnames[$security]);
 }
 
 sub level_choose {
-    my ($in, $security, $libsafe, $email) = @_;
+    my ($in, $security, $email) = @_; # perl_checker: $in = interactive->new
 
-    my %l = (
-      0 => N("Welcome To Crackers"),
-      1 => N("Poor"),
-      2 => N("Standard"),
-      3 => N("High"),
-      4 => N("Higher"),
-      5 => N("Paranoid"),
-    );
     my %help = (
-      0 => N("This level is to be used with care. It makes your system more easy to use,
-but very sensitive. It must not be used for a machine connected to others
-or to the Internet. There is no password access."),
-      1 => N("Passwords are now enabled, but use as a networked computer is still not recommended."),
-      2 => N("This is the standard security recommended for a computer that will be used to connect to the Internet as a client."),
-      3 => N("There are already some restrictions, and more automatic checks are run every night."),
-      4 => N("With this security level, the use of this system as a server becomes possible.
+      0 => N("This level is to be used with care, as it disables all additional security
+provided by msec. Use it only when you want to take care of all aspects of system security
+on your own."),
+      1 => N("This is the standard security recommended for a computer that will be used to connect to the Internet as a client."),
+      2 => N("With this security level, the use of this system as a server becomes possible.
 The security is now high enough to use the system as a server which can accept
 connections from many clients. Note: if your machine is only a client on the Internet, you should choose a lower level."),
-      5 => N("This is similar to the previous level, but the system is entirely closed and security features are at their maximum."),
     );
-    delete @l{0,1};
-    delete $l{5} if !$::expert;
 
-    $in->ask_from(
-            N("DrakSec Basic Options"),
-            N("Please choose the desired security level") . "\n\n" .
-            join('', map { "$l{$_}: " . formatAlaTeX($help{$_}) . "\n\n" } ikeys %l),
-            [
-              { label => N("Security level"), val => $security, list => [ sort keys %l ], format => sub { $l{$_[0]} } },
-                if_($in->do_pkgs->is_installed('libsafe') && arch() =~ /^i.86/,
-                { label => N("Use libsafe for servers"), val => $libsafe, type => 'bool', text =>
-                  N("A library which defends against buffer overflow and format string attacks.") }),
-                { label => N("Security Administrator (login or email)"), val => $email, },
+    my @l = 1 .. 2;
+
+    $in->ask_from_({ title => $::isInstall ? N("Security") : N("DrakSec Basic Options"),
+             interactive_help_id => 'securityLevel',
+           }, [
+              { label => N("Please choose the desired security level"), title => 1 },
+              { val => $security, list => \@l, 
+                format => sub {
+                    #-PO: this string is used to properly format "<security level>: <level description>"
+                    N("%s: %s", to_string($_[0]), formatAlaTeX($help{$_[0]}));
+                },
+                type => 'list', gtk => { use_boxradio => 1 } },
+                { label => N("Security Administrator:"), title => 1 },
+                { label => N("Login or email:"), val => $email, },
             ],
     );
 }
 
+
 1;