summaryrefslogtreecommitdiffstats
path: root/perl-install/standalone/draksec
diff options
context:
space:
mode:
Diffstat (limited to 'perl-install/standalone/draksec')
-rwxr-xr-xperl-install/standalone/draksec387
1 files changed, 190 insertions, 197 deletions
diff --git a/perl-install/standalone/draksec b/perl-install/standalone/draksec
index ed5b2508e..1e6c60d71 100755
--- a/perl-install/standalone/draksec
+++ b/perl-install/standalone/draksec
@@ -1,7 +1,9 @@
#!/usr/bin/perl
#*****************************************************************************
#
-# Copyright (c) 2002 Christian Belisle (cbelisle@mandrakesoft.com)
+# Copyright (c) 2002-2008 Christian Belisle
+# Thierry Vignaud <thierry.vignaud.com>
+# Eugeni Dodonov <eugeni@andriva.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2, as
@@ -23,240 +25,231 @@ use lib qw(/usr/lib/libDrakX);
use common;
use standalone;
use vars qw($MODE %options);
-use ugtk2 qw(:helpers :wrappers :ask :create);
+use interactive;
+use mygtk3 qw(gtknew gtkset);
+use ugtk3 qw(:helpers :wrappers :ask :create);
use run_program;
use security::level;
use security::msec;
+use security::help;
+use security::l10n;
-$MODE = 'basic';
-$0 =~ /draksec-firewall$/ and $MODE = 'firewall';
-$0 =~ /draksec-perms$/ and $MODE = 'perms';
+#$MODE = 'basic';
+#$0 =~ /draksec-firewall$/ and $MODE = 'firewall';
+#$0 =~ /draksec-perms$/ and $MODE = 'perms';
-/^-?-(\S+)$/ and $options{$1} = 1 foreach @ARGV;
+#/^-?-(\S+)$/ and $options{$1} = 1 foreach @ARGV;
-my $w;
+my $_in = 'interactive'->vnew('su'); # enforce being root
-# factorize this with rpmdrake and harddrake2
+$ugtk3::wm_icon = "/usr/share/mcc/themes/default/draksec-mdk.png";
+my ($w);
+
+############################ I18N ###################################
+
+
+my %translations = (
+ 'ALL' => N("ALL"),
+ 'LOCAL' => N("LOCAL"),
+ 'NONE' => N("NONE"),
+ 'default' => N("Default"),
+ 'ignore' => N("Ignore"),
+ 'no' => N("No"),
+ 'yes' => N("Yes"),
+);
+my %inv_translations = reverse %translations;
+
+sub to_i18n { map { $translations{$_} || $_ } @_ }
+sub from_i18n { $inv_translations{$_[0]} || $_[0] }
+sub resize { gtkset($_[0], width => 50) }
+
+# factorize this with drakrpm and harddrake2
sub wait_msg {
- my $mainw = ugtk2->new('wait', ( modal => 1, transient => $w->{rwindow}));
- my $label = new Gtk2::Label($_[0]);
- $mainw->{window}->add($label);
- $mainw->{window}->show_all;
- $mainw->{window}->realize;
- $label->signal_connect(expose_event => sub { $mainw->{displayed} = 1 });
- $mainw->sync until $mainw->{displayed};
- $mainw->show;
- gtkset_mousecursor_wait($mainw->{rwindow}->window);
- $mainw->flush;
+ my $mainw = ugtk3->new(N("Please wait"), (modal => 1, transient => $w->{real_window}));
+ $mainw->{window}->add(gtknew('WrappedLabel', text => $_[0]));
+ $mainw->{rwindow}->show_all;
+ gtkset_mousecursor_wait($mainw->{rwindow}->get_window);
+ # ugly workaround for gtk+ not displaying subdialog contents:
+ Glib::Timeout->add(300, sub { Gtk3->main_quit; 0 });
+ Gtk3->main;
$mainw;
}
sub remove_wait_msg { $_[0]->destroy }
-sub basic_seclevel_explanations {
- my $text = new Gtk2::TextView;
- $text->set_editable(0);
- gtktext_insert($text,
- formatAlaTeX(N("Standard: This is the standard security recommended for a computer that will be used to connect
- to the Internet as a client.
-
-High: There are already some restrictions, and more automatic checks are run every night.
+sub new_nonedit_combo {
+ my ($string_list, $o_default_value) = @_;
+ gtknew('ComboBox', text => to_i18n($o_default_value), list => [ to_i18n(@$string_list) ]);
+}
-Higher: The security is now high enough to use the system as a server which can accept
- connections from many clients. If your machine is only a client on the Internet, you
- should choose a lower level.
+#my $msec = security::msec->new;
+$w = ugtk3->new(N("Security Level and Checks"));
+my $window = $w->{window};
-Paranoid: This is similar to the previous level, but the system is entirely closed and security
- features are at their maximum
-Security Administrator:
- If the 'Security Alerts' option is set, security alerts will be sent to this user (username or
- email)")));
-
- gtkpack_(gtkshow(new Gtk2::HBox(0, 0)), 1, $text);
+############################ MAIN WINDOW ###################################
+# Set different options to Gtk3::Window
+unless ($::isEmbedded) {
+ $w->{rwindow}->set_position('center');
+ $w->{rwindow}->set_title("DrakSec");
+ $window->set_size_request(598, 520);
}
-sub basic_seclevel_option {
- my ($seclevel_entry, $_msec) = @_;
- my @sec_levels = security::level::get_common_list();
- my $current_level = security::level::get_string();
+# Connect the signals
+$window->signal_connect('delete_event', sub { $window->destroy });
+$window->signal_connect('destroy', sub { ugtk3->exit });
- push(@sec_levels, $current_level) unless member($current_level, @sec_levels);
+$window->add(my $vbox = gtkshow(gtknew('VBox')));
- $$seclevel_entry->entry->set_editable(0);
- $$seclevel_entry->set_popdown_strings(@sec_levels);
- $$seclevel_entry->entry->set_text($current_level);
+my $common_opts = { col_spacings => 10, row_spacings => 5, mcc => 1 };
- new Gtk2::Label(N("Security Level:")), $$seclevel_entry;
-}
+######################## AUTH ###################################
+my %progs;
-sub new_editable_combo {
- my $w = new Gtk2::Combo();
- $w->entry->set_editable(0);
- $w;
-}
+my $auth_string = N("Configure authentication required to access %s tools", N("Mageia"));
-sub set_default_tip {
- my ($entry, $default) = @_;
- gtkset_tip(new Gtk2::Tooltips, $entry, N(" (default value: %s)", $default));
-}
+my %auth = (
+ default => N("Default"),
+ no_passwd => N("No password"),
+ root_passwd => N("Administrator password"),
+ user_passwd => N("User password"),
+);
-my $msec = new security::msec;
-$w = ugtk2->new('draksec');
-my $window = $w->{window};
+my $polkit_rules_file = "/etc/polkit-1/rules.d/51-draksec.rules";
+my %overrides = map { if (/case '([^']+)': return polkit\.Result\.(YES|AUTH_ADMIN_KEEP|AUTH_SELF_KEEP)/) { ($1, $2) } } cat_($polkit_rules_file);
-############################ MAIN WINDOW ###################################
-# Set different options to Gtk2::Window
-unless ($::isEmbedded) {
-# $w->{rwindow}->set_policy(1, 1, 1);
- $w->{rwindow}->set_position('center');
- $w->{rwindow}->set_title("DrakSec");
- $window->set_size_request(598, 590);
+
+sub default_auth_value {
+ my ($prog) = @_;
+
+ return $auth{no_passwd} if $overrides{$prog} eq 'YES';
+ return $auth{root_passwd} if $overrides{$prog} eq 'AUTH_ADMIN_KEEP';
+ return $auth{user_passwd} if $overrides{$prog} eq 'AUTH_SELF_KEEP';
+ return $auth{default};
}
-# Connect the signals
-$window->signal_connect('delete_event', sub { $window->destroy() });
-$window->signal_connect('destroy', sub { ugtk2->exit() });
-
-$window->add(my $vbox = gtkshow(new Gtk2::VBox(0, 0)));
-
-# Create the notebook (for bookmarks at the top)
-my $notebook = create_notebook();
-$notebook->set_tab_pos('top');
-
-my $common_opts = { col_spacings => 10, row_spacings => 5 };
-
-######################## BASIC OPTIONS PAGE ################################
-my $seclevel_entry = new Gtk2::Combo();
-
-$notebook->append_page(gtkpack(new Gtk2::VBox(0, 0),
- basic_seclevel_explanations($msec),
- create_packtable($common_opts,
- [ basic_seclevel_option(\$seclevel_entry, $msec) ],
- [ new Gtk2::Label(N("Security Alerts:")),
- my $secadmin_check = new Gtk2::CheckButton ],
- [ new Gtk2::Label(N("Security Administrator:")),
- my $secadmin_entry = new Gtk2::Entry ])),
- new Gtk2::Label(N("Basic")));
-
-$secadmin_entry->set_text($msec->get_check_value("MAIL_USER"));
-$secadmin_check->set_active(1) if $msec->get_check_value("MAIL_WARN") eq "yes";
-
-######################### NETWORK & SYSTEM OPTIONS #########################
-my @yesno_choices = qw(yes no default ignore);
-my @alllocal_choices = qw(ALL LOCAL NONE default);
-my @all_choices = (@yesno_choices, @alllocal_choices);
-my %options_values;
-
-foreach ([ 'network', N("Network Options") ], [ 'system', N("System Options") ]) {
- my ($domain, $label) = @$_;
- my %values;
- $notebook->append_page(gtkshow(create_scrolled_window(gtkpack(new Gtk2::VBox(0, 0),
- new Gtk2::Label(N("The following options can be set to customize your\nsystem security. If you need explanations, click on Help.\n")),
- create_packtable($common_opts,
- map {
- my $i = $_;
-
- my $entry;
- my $default = $msec->get_function_default($i);
- if (member($default, @all_choices)) {
- $values{$i} = new_editable_combo();
- $entry = $values{$i}->entry;
- if (member($default, @yesno_choices)) {
- $values{$i}->set_popdown_strings(@yesno_choices);
- } elsif (member($default, @alllocal_choices)) {
- $values{$i}->set_popdown_strings(@alllocal_choices);
- }
- } else {
- $values{$i} = new Gtk2::Entry();
- $entry = $values{$i};
- }
- $entry->set_text($msec->get_function_value($i));
- set_default_tip($entry, $default);
- [ new Gtk2::Label($i), $values{$i} ];
- } $msec->get_functions($domain))))),
- new Gtk2::Label($label));
- $options_values{$domain} = \%values;
+sub set_auth_value {
+ my ($prog, $auth) = @_;
+ if ($auth eq 'no_passwd') {
+ $overrides{$prog} = 'YES';
+ } elsif ($auth eq 'root_passwd') {
+ $overrides{$prog} = 'AUTH_ADMIN_KEEP';
+ } elsif ($auth eq 'user_passwd') {
+ $overrides{$prog} = 'AUTH_SELF_KEEP';
+ } else {
+ delete $overrides{$prog};
+ }
}
-######################## PERIODIC CHECKS ###################################
-my %security_checks_value;
-
-$notebook->append_page(gtkshow(create_scrolled_window(gtkpack(new Gtk2::VBox(0, 0),
- new Gtk2::Label(N("The following options can be set to customize your\nsystem security. If you need explanations, click on Help.\n")),
- create_packtable($common_opts,
- map {
- unless (member(qw(MAIL_WARN MAIL_USER), $_)) {
- my $i = $_;
- $security_checks_value{$i} = new_editable_combo();
- my $entry = $security_checks_value{$i}->entry;
- set_default_tip($entry, $msec->get_check_default);
- $security_checks_value{$i}->set_popdown_strings(qw(yes no default));
- $entry->set_text($msec->get_check_value($i));
- [ gtkshow(new Gtk2::Label(translate($i))), $security_checks_value{$i} ];
- } else { undef }
- } ($msec->get_default_checks))))),
- new Gtk2::Label(N("Periodic Checks")));
+sub write_rules() {
+ my $contents = '';
+ keys %overrides;
+ while (my ($k, $v) = each %overrides) {
+ $contents .= "case '$k': return polkit.Result.$v;\n" if $k && $v;
+ }
+
+ if ($contents) {
+ output($polkit_rules_file, <<EOF);
+// This file is written by draksec. Do not edit.
+var drakToolAuth = function(tool){switch (tool){
+$contents
+}return polkit.Result.NOT_HANDLED;};
+EOF
+ } else {
+ rm_rf($polkit_rules_file) if -f $polkit_rules_file;
+ }
+
+ system('systemctl', 'try-restart', 'polkit.service');
+}
+my %descr = (
+
+ drakrpm => N("Software Management"),
+ 'drakrpm-update' => N("%s Update", N("Mageia")),
+ 'drakrpm-editmedia' => N("Software Media Manager"),
+ drak3d => N("Configure 3D Desktop effects"),
+ drakx11 => N("Graphical Server Configuration"),
+ drakmouse => N("Mouse Configuration"),
+ drakkeyboard => N("Keyboard Configuration"),
+ drakups => N("UPS Configuration"),
+ drakconnect => N("Network Configuration"),
+ drakhosts => N("Hosts definitions"),
+ draknetcenter => N("Network Center"),
+ drakroam => N("Wireless Network Roaming"),
+ drakvpn => N("VPN"),
+ drakproxy => N("Proxy Configuration"),
+ drakgw => N("Connection Sharing"),
+ drakauth => N("Authentication"),
+ drakbackup => N("Backups"),
+ drakfont => N("Import fonts"),
+ draklog => N("Logs"),
+ drakxservices => N("Services"),
+ drakuser => N("Users"),
+ drakclock => N("Date, Clock & Time Zone Settings"),
+ drakboot => N("Boot Configuration"),
+ isodumper => N("Isodumper"),
+);
-####################### OK CANCEL BUTTONS ##################################
-my $bok = gtksignal_connect(new Gtk2::Button(N("Ok")),
- 'clicked' => sub {
- my $seclevel_value = $seclevel_entry->entry->get_text();
- my $secadmin_check_value = $secadmin_check->get_active();
- my $secadmin_value = $secadmin_entry->get_text();
- my $w;
-
- standalone::explanations("Configuring msec");
-
- if ($seclevel_value ne security::level::get_string()) {
- $w = wait_msg(N("Please wait, setting security level..."));
- standalone::explanations("Setting security level");
- security::level::set($seclevel_value);
- remove_wait_msg($w);
- }
- $w = wait_msg(N("Please wait, setting security options..."));
- standalone::explanations("Setting security administrator option");
- $msec->config_check('MAIL_WARN', $secadmin_check_value == 1 ? 'yes' : 'no');
- if ($secadmin_value ne $msec->get_check_value('MAIL_USER') && $secadmin_check_value) {
- standalone::explanations("Setting security administrator contact");
- $msec->config_check('MAIL_USER', $secadmin_value);
- }
- standalone::explanations("Setting security periodic checks");
- foreach my $key (keys %security_checks_value) {
- if ($security_checks_value{$key}->entry->get_text() ne $msec->get_check_value($key)) {
- $msec->config_check($key, $security_checks_value{$key}->entry->get_text());
- }
- }
- foreach my $domain (keys %options_values) {
- standalone::explanations("Setting msec functions related to $domain");
- foreach my $key (keys %{$options_values{$domain}}) {
- my $opt = $options_values{$domain}{$key};
- $msec->config_function($key, $opt =~ /Combo/ ? $opt->entry->get_text() : $opt->get_text());
- }
- }
- standalone::explanations("Applying msec changes");
- run_program::rooted($::prefix, "/usr/sbin/msec");
+####################### OK CANCEL BUTTONS ##################################
+gtkpack_($vbox,
+ 0, gtkshow(gtknew('VBox', spacing => 5, children => [
+ if_(!$::isEmbedded, 0, Gtk3::Banner->new('/usr/share/mcc/themes/default/drakperm-mdk.png', N("Permissions"))),
+ 0, gtknew('Label', text => $auth_string, alignment => [ 0.5, 0 ])
+ ])),
+ 1, gtkshow(create_scrolled_window(
+ gtknew('VBox', children => [
+ map {
+ my ($title, $progs) = @$_;
+ (0, gtknew('Expander', use_markup => 1, text => mygtk3::title1_to_markup($title), child => create_packtable(
+ $common_opts,
+ map {
+ [
+ gtkshow(gtknew('Label_Left', line_wrap => 1, text => $descr{$_} || $_)),
+ $progs{$_} = new_nonedit_combo([
+ @auth{qw(default user_passwd root_passwd no_passwd)}
+ ],
+ default_auth_value($_)
+ #$msec->get_check_value($opt)
+ )
+ ];
+ } split(' ', $progs)
+ )));
+ } (
+ [ N("Software Management"), 'drakrpm drakrpm-update drakrpm-editmedia' ],
+ [ N("Hardware"), 'drak3d drakx11 drakmouse drakkeyboard drakups' ],
+ [ N("Network"), 'drakconnect drakhosts draknetcenter drakroam drakvpn drakproxy drakgw' ],
+ [ N("System"), 'drakauth drakfont draklog drakxservices drakuser drakclock isodumper' ],
+ [ N("Boot"), 'drakboot' ],
+ )
+ ]))),
+
+ 0, create_okcancel(my $oc =
+ {
+ cancel_clicked => sub { ugtk3->exit(0) },
+ ok_clicked => sub {
+ log::explanations("Setting up right delegation");
+ my %rev_auth = reverse %auth;
+ foreach my $key (keys %progs) {
+ my $value = $progs{$key}->get_text;
+ set_auth_value($key, $rev_auth{$value});
+ }
+ write_rules();
remove_wait_msg($w);
+ ugtk3->exit(0);
+ }
+ },
+ undef, undef, ''
+ ),
+ );
- ugtk2->exit(0);
- });
-
-my $bcancel = gtksignal_connect(new Gtk2::Button(N("Cancel")),
- 'clicked' => sub { ugtk2->exit(0) });
-gtkpack_($vbox,
- 1, gtkshow($notebook),
- 0, gtkadd(gtkadd(gtkshow(new Gtk2::HBox(0, 0)),
- $bok),
- $bcancel));
-$bcancel->can_default(1);
-$bcancel->grab_default();
+$oc->{cancel}->set_can_default(1);
+$oc->{cancel}->grab_default;
$w->main;
-ugtk2->exit(0);
+ugtk3->exit(0);
generated by cgit v1.2.1 (git 2.21.0) at 2025-11-11 17:10:12 +0000