summaryrefslogtreecommitdiffstats
path: root/perl-install/standalone/draksec
diff options
context:
space:
mode:
Diffstat (limited to 'perl-install/standalone/draksec')
-rwxr-xr-xperl-install/standalone/draksec367
1 files changed, 166 insertions, 201 deletions
diff --git a/perl-install/standalone/draksec b/perl-install/standalone/draksec
index a83d0c9c7..1e6c60d71 100755
--- a/perl-install/standalone/draksec
+++ b/perl-install/standalone/draksec
@@ -1,8 +1,9 @@
#!/usr/bin/perl
#*****************************************************************************
#
-# Copyright (c) 2002-2004 Christian Belisle
-# Thierry Vignaud <tvignaud@mandrakesoft.com>
+# Copyright (c) 2002-2008 Christian Belisle
+# Thierry Vignaud <thierry.vignaud.com>
+# Eugeni Dodonov <eugeni@andriva.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2, as
@@ -24,7 +25,9 @@ use lib qw(/usr/lib/libDrakX);
use common;
use standalone;
use vars qw($MODE %options);
-use ugtk2 qw(:helpers :wrappers :ask :create);
+use interactive;
+use mygtk3 qw(gtknew gtkset);
+use ugtk3 qw(:helpers :wrappers :ask :create);
use run_program;
use security::level;
use security::msec;
@@ -38,253 +41,215 @@ use security::l10n;
#/^-?-(\S+)$/ and $options{$1} = 1 foreach @ARGV;
-my ($w, %fields);
+my $_in = 'interactive'->vnew('su'); # enforce being root
+
+$ugtk3::wm_icon = "/usr/share/mcc/themes/default/draksec-mdk.png";
+my ($w);
############################ I18N ###################################
-my %inv_translations = map { translate($_) => $_ } N_("ALL"), N_("LOCAL"), N_("NONE"), N_("default"), N_("default"), N_("ignore"), N_("no"), N_("yes");
-my %translations = reverse %inv_translations;
+
+
+my %translations = (
+ 'ALL' => N("ALL"),
+ 'LOCAL' => N("LOCAL"),
+ 'NONE' => N("NONE"),
+ 'default' => N("Default"),
+ 'ignore' => N("Ignore"),
+ 'no' => N("No"),
+ 'yes' => N("Yes"),
+);
+my %inv_translations = reverse %translations;
sub to_i18n { map { $translations{$_} || $_ } @_ }
sub from_i18n { $inv_translations{$_[0]} || $_[0] }
-sub resize { gtkset_size_request($_[0], 50, -1) }
+sub resize { gtkset($_[0], width => 50) }
-%fields = security::l10n::fields();
-my %inv_fields = reverse %fields;
-
-# factorize this with rpmdrake and harddrake2
+# factorize this with drakrpm and harddrake2
sub wait_msg {
- my $mainw = ugtk2->new('wait', (modal => 1, if_(!$::isEmbedded, transient => $w->{rwindow})));
- $mainw->{window}->add(new Gtk2::WrappedLabel($_[0]));
+ my $mainw = ugtk3->new(N("Please wait"), (modal => 1, transient => $w->{real_window}));
+ $mainw->{window}->add(gtknew('WrappedLabel', text => $_[0]));
$mainw->{rwindow}->show_all;
- gtkset_mousecursor_wait($mainw->{rwindow}->window);
- gtkflush();
+ gtkset_mousecursor_wait($mainw->{rwindow}->get_window);
+ # ugly workaround for gtk+ not displaying subdialog contents:
+ Glib::Timeout->add(300, sub { Gtk3->main_quit; 0 });
+ Gtk3->main;
$mainw;
}
sub remove_wait_msg { $_[0]->destroy }
-sub basic_seclevel_explanations() {
- my $text = gtkset_markup(Gtk2::WrappedLabel->new,
-#-PO Do not alter the <span ..> and </span> tags
-#-PO Translate the security levels (Poor, Standard, High, Higher and Paranoid) in the same way, you translated these individuals words
- formatAlaTeX(N("Here, you can setup the security level and administrator of your machine.
-
+sub new_nonedit_combo {
+ my ($string_list, $o_default_value) = @_;
+ gtknew('ComboBox', text => to_i18n($o_default_value), list => [ to_i18n(@$string_list) ]);
+}
-The Security Administrator is the one who will receive security alerts if the
-'Security Alerts' option is set. It can be a username or an email.
+#my $msec = security::msec->new;
+$w = ugtk3->new(N("Security Level and Checks"));
+my $window = $w->{window};
-The Security Level menu allows you to select one of the six preconfigured security levels
-provided with msec. These levels range from poor security and ease of use, to
-paranoid config, suitable for very sensitive server applications:
+############################ MAIN WINDOW ###################################
+# Set different options to Gtk3::Window
+unless ($::isEmbedded) {
+ $w->{rwindow}->set_position('center');
+ $w->{rwindow}->set_title("DrakSec");
+ $window->set_size_request(598, 520);
+}
+# Connect the signals
+$window->signal_connect('delete_event', sub { $window->destroy });
+$window->signal_connect('destroy', sub { ugtk3->exit });
-<span foreground=\"royalblue3\">Poor</span>: This is a totally unsafe but very
-easy to use security level. It should only be used for machines not connected to
-any network and that are not accessible to everybody.
+$window->add(my $vbox = gtkshow(gtknew('VBox')));
+my $common_opts = { col_spacings => 10, row_spacings => 5, mcc => 1 };
-<span foreground=\"royalblue3\">Standard</span>: This is the standard security
-recommended for a computer that will be used to connect to the Internet as a
-client.
+######################## AUTH ###################################
+my %progs;
+my $auth_string = N("Configure authentication required to access %s tools", N("Mageia"));
-<span foreground=\"royalblue3\">High</span>: There are already some
-restrictions, and more automatic checks are run every night.
+my %auth = (
+ default => N("Default"),
+ no_passwd => N("No password"),
+ root_passwd => N("Administrator password"),
+ user_passwd => N("User password"),
+);
+my $polkit_rules_file = "/etc/polkit-1/rules.d/51-draksec.rules";
+my %overrides = map { if (/case '([^']+)': return polkit\.Result\.(YES|AUTH_ADMIN_KEEP|AUTH_SELF_KEEP)/) { ($1, $2) } } cat_($polkit_rules_file);
-<span foreground=\"royalblue3\">Higher</span>: The security is now high enough
-to use the system as a server which can accept connections from many clients. If
-your machine is only a client on the Internet, you should choose a lower level.
+sub default_auth_value {
+ my ($prog) = @_;
-<span foreground=\"royalblue3\">Paranoid</span>: This is similar to the previous
-level, but the system is entirely closed and security features are at their
-maximum")));
- create_scrolled_window($text, [ 'never', 'automatic' ]);
+ return $auth{no_passwd} if $overrides{$prog} eq 'YES';
+ return $auth{root_passwd} if $overrides{$prog} eq 'AUTH_ADMIN_KEEP';
+ return $auth{user_passwd} if $overrides{$prog} eq 'AUTH_SELF_KEEP';
+ return $auth{default};
}
-sub new_nonedit_combo {
- my ($string_list, $o_default_value) = @_;
- my $w = new Gtk2::OptionMenu();
- $w->set_popdown_strings(to_i18n(@$string_list)) unless is_empty_array_ref $string_list;
- $w->entry->set_text(to_i18n($o_default_value)) if $o_default_value;
- $w;
+sub set_auth_value {
+ my ($prog, $auth) = @_;
+ if ($auth eq 'no_passwd') {
+ $overrides{$prog} = 'YES';
+ } elsif ($auth eq 'root_passwd') {
+ $overrides{$prog} = 'AUTH_ADMIN_KEEP';
+ } elsif ($auth eq 'user_passwd') {
+ $overrides{$prog} = 'AUTH_SELF_KEEP';
+ } else {
+ delete $overrides{$prog};
+ }
}
-sub set_help_tip {
- my ($entry, $default, $opt) = @_;
- my $help = $security::help::help{$opt};
- gtkset_tip(new Gtk2::Tooltips, $entry, formatAlaTeX($help) . "\n" . N("(default value: %s)", to_i18n($default)));
+sub write_rules() {
+ my $contents = '';
+ keys %overrides;
+ while (my ($k, $v) = each %overrides) {
+ $contents .= "case '$k': return polkit.Result.$v;\n" if $k && $v;
+ }
+
+ if ($contents) {
+ output($polkit_rules_file, <<EOF);
+// This file is written by draksec. Do not edit.
+var drakToolAuth = function(tool){switch (tool){
+$contents
+}return polkit.Result.NOT_HANDLED;};
+EOF
+ } else {
+ rm_rf($polkit_rules_file) if -f $polkit_rules_file;
+ }
+
+ system('systemctl', 'try-restart', 'polkit.service');
}
-my $msec = new security::msec;
-$w = ugtk2->new('draksec');
-my $window = $w->{window};
+my %descr = (
+
+ drakrpm => N("Software Management"),
+ 'drakrpm-update' => N("%s Update", N("Mageia")),
+ 'drakrpm-editmedia' => N("Software Media Manager"),
+ drak3d => N("Configure 3D Desktop effects"),
+ drakx11 => N("Graphical Server Configuration"),
+ drakmouse => N("Mouse Configuration"),
+ drakkeyboard => N("Keyboard Configuration"),
+ drakups => N("UPS Configuration"),
+ drakconnect => N("Network Configuration"),
+ drakhosts => N("Hosts definitions"),
+ draknetcenter => N("Network Center"),
+ drakroam => N("Wireless Network Roaming"),
+ drakvpn => N("VPN"),
+ drakproxy => N("Proxy Configuration"),
+ drakgw => N("Connection Sharing"),
+ drakauth => N("Authentication"),
+ drakbackup => N("Backups"),
+ drakfont => N("Import fonts"),
+ draklog => N("Logs"),
+ drakxservices => N("Services"),
+ drakuser => N("Users"),
+ drakclock => N("Date, Clock & Time Zone Settings"),
+ drakboot => N("Boot Configuration"),
+ isodumper => N("Isodumper"),
+);
-############################ MAIN WINDOW ###################################
-# Set different options to Gtk2::Window
-unless ($::isEmbedded) {
- $w->{rwindow}->set_position('center');
- $w->{rwindow}->set_title("DrakSec");
- $window->set_size_request(598, 520);
-}
-
-# Connect the signals
-$window->signal_connect('delete_event', sub { $window->destroy });
-$window->signal_connect('destroy', sub { ugtk2->exit });
-
-$window->add(my $vbox = gtkshow(new Gtk2::VBox(0, 0)));
-
-# Create the notebook (for bookmarks at the top)
-my $notebook = create_notebook();
-
-my $common_opts = { col_spacings => 10, row_spacings => 5 };
-
-######################## BASIC OPTIONS PAGE ################################
-my ($seclevel_entry, $secadmin_entry);
-
-$notebook->append_page(gtkshow(gtkpack_(new Gtk2::VBox(0, 0),
- 1, basic_seclevel_explanations(),
- 0, create_packtable($common_opts,
- [
- do {
- my @sec_levels = security::level::get_common_list();
- my $current_level = security::level::get_string();
-
- push(@sec_levels, $current_level) unless member($current_level, @sec_levels);
- $seclevel_entry = new_nonedit_combo(\@sec_levels, $current_level);
-
- new Gtk2::Label(N("Security Level:")), $seclevel_entry;
- }
- ],
- [ new Gtk2::Label(N("Security Alerts:")),
- my $secadmin_check = gtksignal_connect(Gtk2::CheckButton->new, toggled => sub {
- $secadmin_entry->set_sensitive($_[0]->get_active);
- }) ],
- [ new Gtk2::Label(N("Security Administrator:")),
- $secadmin_entry = Gtk2::Entry->new_with_text($msec->get_check_value("MAIL_USER")) ]))),
- new Gtk2::Label(N("Basic options")));
-
-if ($msec->get_check_value("MAIL_WARN") eq "yes") {
- $secadmin_check->set_active(1);
-} else {
- $secadmin_entry->set_sensitive(0);
- }
-
-######################### NETWORK & SYSTEM OPTIONS #########################
-my @yesno_choices = qw(yes no default ignore);
-my @alllocal_choices = qw(ALL LOCAL NONE default);
-my @all_choices = (@yesno_choices, @alllocal_choices);
-my %options_values;
-my $help_msg = N("The following options can be set to customize your\nsystem security. If you need an explanation, look at the help tooltip.\n");
-
-foreach ([ 'network', N("Network Options") ], [ 'system', N("System Options") ]) {
- my ($domain, $label) = @$_;
- my %values;
- $notebook->append_page(gtkshow(create_scrolled_window(gtkpack_(new Gtk2::VBox(0, 0),
- 0, Gtk2::Label->new($help_msg),
- 1, create_packtable($common_opts,
- map {
- my $i = $_;
-
- my $entry;
- my $opt = $inv_fields{$i} || $i;
- my $default = $msec->get_function_default($opt);
- if (member($default, @all_choices)) {
- $values{$i} = new_nonedit_combo(member($default, @yesno_choices) ? \@yesno_choices : if_(member($default, @alllocal_choices), \@alllocal_choices));
- $entry = $values{$i}->entry;
- } else {
- $values{$i} = new Gtk2::Entry();
- $entry = $values{$i};
- }
- $entry->set_text(to_i18n($msec->get_function_value($opt)));
- set_help_tip($entry, $default, $opt);
- [ Gtk2::WrappedLabel->new($i), resize($values{$i}) ];
- } sort map { $fields{$_} || $_ } $msec->list_functions($domain))),
- [ 'never', 'automatic' ],
- )
- ),
- Gtk2::WrappedLabel->new($label));
- $options_values{$domain} = \%values;
-}
-######################## PERIODIC CHECKS ###################################
-my %security_checks_value;
-
-$notebook->append_page(gtkshow(create_scrolled_window(gtkpack_(new Gtk2::VBox(0, 0),
- 0, Gtk2::Label->new($help_msg),
- 1, create_packtable($common_opts,
- map {
- my $i = $_;
- my $opt = $inv_fields{$i} || $i;
- $security_checks_value{$i} = new_nonedit_combo([ 'yes', 'no', 'default' ], $msec->get_check_value($opt));
- my $entry = $security_checks_value{$i}->entry;
- set_help_tip($entry, $msec->get_check_default($opt), $opt);
- [ gtkshow(Gtk2::WrappedLabel->new($i)), resize($security_checks_value{$i}) ];
- } sort map { $fields{$_} || $_ } $msec->list_checks)))),
- new Gtk2::Label(N("Periodic Checks")));
####################### OK CANCEL BUTTONS ##################################
gtkpack_($vbox,
- 1, gtkshow($notebook),
+ 0, gtkshow(gtknew('VBox', spacing => 5, children => [
+ if_(!$::isEmbedded, 0, Gtk3::Banner->new('/usr/share/mcc/themes/default/drakperm-mdk.png', N("Permissions"))),
+ 0, gtknew('Label', text => $auth_string, alignment => [ 0.5, 0 ])
+ ])),
+ 1, gtkshow(create_scrolled_window(
+ gtknew('VBox', children => [
+ map {
+ my ($title, $progs) = @$_;
+ (0, gtknew('Expander', use_markup => 1, text => mygtk3::title1_to_markup($title), child => create_packtable(
+ $common_opts,
+ map {
+ [
+ gtkshow(gtknew('Label_Left', line_wrap => 1, text => $descr{$_} || $_)),
+ $progs{$_} = new_nonedit_combo([
+ @auth{qw(default user_passwd root_passwd no_passwd)}
+ ],
+ default_auth_value($_)
+ #$msec->get_check_value($opt)
+ )
+ ];
+ } split(' ', $progs)
+ )));
+ } (
+ [ N("Software Management"), 'drakrpm drakrpm-update drakrpm-editmedia' ],
+ [ N("Hardware"), 'drak3d drakx11 drakmouse drakkeyboard drakups' ],
+ [ N("Network"), 'drakconnect drakhosts draknetcenter drakroam drakvpn drakproxy drakgw' ],
+ [ N("System"), 'drakauth drakfont draklog drakxservices drakuser drakclock isodumper' ],
+ [ N("Boot"), 'drakboot' ],
+ )
+ ]))),
+
0, create_okcancel(my $oc =
{
- cancel_clicked => sub { ugtk2->exit(0) },
+ cancel_clicked => sub { ugtk3->exit(0) },
ok_clicked => sub {
- my $seclevel_value = $seclevel_entry->entry->get_text;
- my $secadmin_check_value = $secadmin_check->get_active;
- my $secadmin_value = $secadmin_entry->get_text;
- my $w;
-
- log::explanations("Configuring msec");
-
- if ($seclevel_value ne security::level::get_string()) {
- $w = wait_msg(N("Please wait, setting security level..."));
- log::explanations(qq(Setting security level to "$seclevel_value"));
- security::level::set(security::level::from_string($seclevel_value));
- remove_wait_msg($w);
+ log::explanations("Setting up right delegation");
+ my %rev_auth = reverse %auth;
+ foreach my $key (keys %progs) {
+ my $value = $progs{$key}->get_text;
+ set_auth_value($key, $rev_auth{$value});
}
- $w = wait_msg(N("Please wait, setting security options..."));
- log::explanations(qq(Setting security administrator option to ") . bool2yesno($secadmin_check_value) . '"');
- $msec->set_check('MAIL_WARN', bool2yesno($secadmin_check_value));
-
- if ($secadmin_value ne $msec->get_check_value('MAIL_USER') && $secadmin_check_value) {
- log::explanations(qq(Setting security administrator contact to "$secadmin_value"));
- $msec->set_check('MAIL_USER', $secadmin_value);
- }
-
- log::explanations("Setting security periodic checks");
- foreach my $key (keys %security_checks_value) {
- $msec->set_check($inv_fields{$key} || $key, from_i18n($security_checks_value{$key}->entry->get_text));
- }
- $msec->apply_checks;
-
- foreach my $domain (keys %options_values) {
- log::explanations("Setting msec functions related to $domain");
- foreach my $key (keys %{$options_values{$domain}}) {
- my $opt = $options_values{$domain}{$key};
- $msec->set_function($inv_fields{$key} || $key, from_i18n($opt->get_text));
- }
- }
- $msec->apply_functions;
- log::explanations("Applying msec changes");
- run_program::rooted($::prefix, "/usr/sbin/msec");
-
+ write_rules();
remove_wait_msg($w);
-
- ugtk2->exit(0);
+ ugtk3->exit(0);
}
},
- undef, undef, '',
- [ N("Help"), sub { unless (fork()) { exec("drakhelp --id draksec") } } ],
+ undef, undef, ''
),
);
-$oc->{cancel}->can_default(1);
+
+$oc->{cancel}->set_can_default(1);
$oc->{cancel}->grab_default;
$w->main;
-ugtk2->exit(0);
+ugtk3->exit(0);
generated by cgit v1.2.1 (git 2.21.0) at 2025-10-23 08:57:29 +0000