From eae0589a5d1a157f042fc734aa2189ee7105f385 Mon Sep 17 00:00:00 2001
From: Pascal Rigaux <pixel@mandriva.com>
Date: Mon, 21 Jan 2002 20:31:49 +0000
Subject: cleanup, update, enhance security level choice

---
 perl-install/any.pm                       | 51 ++++++++++++++++++++++++
 perl-install/install_steps_interactive.pm | 15 +++----
 perl-install/standalone/draksec           | 66 ++++---------------------------
 3 files changed, 63 insertions(+), 69 deletions(-)

diff --git a/perl-install/any.pm b/perl-install/any.pm
index 1b31a59b5..775aa8938 100644
--- a/perl-install/any.pm
+++ b/perl-install/any.pm
@@ -942,4 +942,55 @@ sub ddcxinfos {
     @l;
 }
 
+sub config_libsafe {
+    my ($prefix, $libsafe) = @_;
+    my %t = getVarsFromSh("$prefix/etc/sysconfig/system");
+    if (@_ > 1) {
+	$t{LIBSAFE} = bool2yesno($libsafe);
+	setVarsInSh("$prefix/etc/sysconfig/system", \%t);
+    }
+    text2bool($t{LIBSAFE});
+}
+
+sub choose_security_level {
+    my ($in, $security, $libsafe) = @_;
+
+    my %l = (
+      0 => _("Welcome To Crackers"),
+      1 => _("Poor"),
+      2 => _("Low"),
+      3 => _("Medium"),
+      4 => _("High"),
+      5 => _("Paranoid"),
+    );
+    my %help = (
+      0 => _("This level is to be used with care. It makes your system more easy to use,
+but very sensitive: it must not be used for a machine connected to others
+or to the Internet. There is no password access."),
+      1 => _("Password are now enabled, but use as a networked computer is still not recommended."),
+      2 => _("Few improvements for this security level, the main one is that there are
+more security warnings and checks."),
+      3 => _("This is the standard security recommended for a computer that will be used
+to connect to the Internet as a client. There are now security checks. "),
+      4 => _("With this security level, the use of this system as a server becomes possible.
+The security is now high enough to use the system as a server which accept
+connections from many clients. "),
+      5 => _("We take level 4 features, but now the system is entirely closed.
+Security features are at their maximum."),
+    );
+    delete @l{0,1};
+    delete @l{5} if !$::expert;
+
+    $in->ask_from('', _("Choose security level") . "\n\n" .
+		  join('', map { "$l{$_}: $help{$_}\n\n" } keys %l),
+		  [
+		   { label => _("Security level"), val => $security, list => [ sort keys %l ], format => sub { $l{$_} } },
+		   if_($in->do_pkgs->is_installed('libsafe') && arch() =~ /^i.86/,
+		       { label => _("Use libsafe for servers"), val => $libsafe, type => 'bool', text =>
+			 _("A library which defends against buffer overflow and format string attacks.") }
+		      )
+		  ]
+		 );
+}
+
 1;
diff --git a/perl-install/install_steps_interactive.pm b/perl-install/install_steps_interactive.pm
index b174ac857..f4f68f592 100644
--- a/perl-install/install_steps_interactive.pm
+++ b/perl-install/install_steps_interactive.pm
@@ -1236,16 +1236,11 @@ try to force installation even if that destroys the first partition?"));
 
 sub miscellaneous {
     my ($o, $clicked) = @_;
-    my %l = (
-	2 => _("Low"),
-	3 => _("Medium"),
-	4 => _("High"),
-    );
-    if ($::expert || $clicked) {
-	$ENV{SECURE_LEVEL} = $o->{security} = 
-	  $o->ask_from_listf('', _("Choose security level"), sub { $l{$_[0]} }, [ ikeys %l ], $o->{security})
-	    or return;
-    }
+
+    any::choose_security_level($o, \$o->{security}, \$o->{libsafe}) or return;
+
+    any::config_libsafe($o->{prefix}, $o->{libsafe});
+    
     install_steps::miscellaneous($o);
 }
 
diff --git a/perl-install/standalone/draksec b/perl-install/standalone/draksec
index aef9cd80d..9cf75788f 100755
--- a/perl-install/standalone/draksec
+++ b/perl-install/standalone/draksec
@@ -18,75 +18,23 @@ $::isEmbedded = ($::XID, $::CCPID) = "@ARGV" =~ /--embedded (\w+) (\w+)/;
 
 my $in = 'interactive'->vnew('su', 'security');
 
-my %m = reverse (my %l = (
-  0 => _("Welcome To Crackers"),
-  1 => _("Poor"),
-  2 => _("Low"),
-  3 => _("Medium"),
-  4 => _("High"),
-  5 => _("Paranoid"),
-));
-my %help = (
-  0 => _("This level is to be used with care. It makes your system more easy to use,
-but very sensitive: it must not be used for a machine connected to others
-or to the Internet. There is no password access."),
-  1 => _("Password are now enabled, but use as a networked computer is still not recommended."),
-  2 => _("Few improvements for this security level, the main one is that there are
-more security warnings and checks."),
-  3 => _("This is the standard security recommended for a computer that will be used
-to connect to the Internet as a client. There are now security checks. "),
-  4 => _("With this security level, the use of this system as a server becomes possible.
-The security is now high enough to use the system as a server which accept
-connections from many clients. "),
-  5 => _("We take level 4 features, but now the system is entirely closed.
-Security features are at their maximum."),
-);
-
-delete @l{0,1,5} unless $::expert;
-delete @help{0,1,5} unless $::expert;
-
 begin:
 $::isEmbedded and kill USR2, $::CCPID;
 
 
-#$in->ask_from('',
-#	      _("Choose security level")  . "\n\n" . join('', map { "$l{$_}: $help{$_}\n\n" } keys %l),
-#	      { label => _($st->{$f}{text}), val => \$def_choice, list => [ 'replay', 'manual' ] },
-#	      { label => _($st->{$f}{text}), val => \$def_choice, list => [ 'replay', 'manual' ] }
-#	     )
+my $security =
+  cat_("/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ ? $1 :
+  $ENV{SECURE_LEVEL} || 2;
+my $libsafe = any::config_libsafe('');
 
-my $libsafe;
-my $secure_level;
-if (-e "$prefix/etc/profile.d/msec.sh") {
-    local $_ = cat_("$prefix/etc/profile.d/msec.sh");
-    /export SECURE_LEVEL=(\d+)/ and $secure_level = $1;
-}
-$secure_level ||= $ENV{SECURE_LEVEL};
-$secure_level ||= 2;
-$secure_level = $l{$secure_level};
+if (any::choose_security_level($in, \$security, \$libsafe)) {
 
-my %h = getVarsFromSh("$prefix/etc/sysconfig/system");
-$libsafe = $h{LIBSAFE} =~ /yes/i;
+    any::config_libsafe('', $libsafe);
 
-if ($in->ask_from('', _("Choose security level") . "\n\n" .
-		       join('', map { "$l{$_}: $help{$_}\n\n" } keys %l),
-		       [
-			{ label => _("Security level"), val => \$secure_level, list => [ (values %l) ] },
-		        if_(pkgs_interactive::is_installed('libsafe') && arch() =~ /^i.86/,
-			    { label => _("Use libsafe for servers"), val => \$libsafe, type => 'bool', text =>
-			      _("A library which defends against buffer overflow and format string attacks.") }
-			   )
-		       ]
-		      )) {
     my $w = $in->wait_message('', _("Setting security level"));
     $in->suspend;
-
     $ENV{LILO_PASSWORD} = ''; # make it non interactive
-    system "/usr/sbin/msec", $m{$secure_level};
-    my %t = getVarsFromSh("$prefix/etc/sysconfig/system");
-
-    $t{LIBSAFE} = bool2yesno($libsafe);
-    setVarsInSh("$prefix/etc/sysconfig/system", \%t);
+    system "/usr/sbin/msec", $security;
     $in->resume;
 }
 
-- 
cgit v1.2.1