Convert to polkit from usermode consolehelper for gaining root privileges

polkit is better integrated into various environments, both console and GUI
and offers better access rules and prevents the internal need to run
su which is prone to errors and doesn't offer an environment agnostic
prompt to the user.

Under the old scheme, the binaries relating to the three main tools
covered in this package behaved differently. Keyboard and Mouse are
allowed to be run without any password prompts, whereas X11 prompts for
the *user* password. This is only true when run as their 'old' names of
keyboarddrake, mousedrake and XFdrake respectively. If they are called
via their 'new' names of drakkeyboard, drakmouse and drakx11, they would
prompt for the root password.

This change also standardises that behaviour. The tools now follow the
scheme specified for their old names, regardless of how they are called.

mga#11125

8 files changed, 86 insertions, 2 deletions

diff --git a/Makefile b/Makefile
index 276a9df..2f3f8a3 100644
--- a/Makefile
+++ b/Makefile
@@ -4,6 +4,8 @@ DESTDIR=
 libdir=/usr/lib
 bindir=/usr/bin
 sbindir=/usr/sbin
+libexecdir=/usr/libexec
+polkitpolicydir=/usr/share/polkit-1/actions
 desktopdir=/usr/share/applications
 autostartdir=/usr/share/autostart
 xinitdir=/etc/X11/xinit.d
@@ -11,7 +13,7 @@ iconsdir=/usr/lib/libDrakX/icons
 pixmapsdir=/usr/share/libDrakX/pixmaps
 
 BIN_TOOLS= 
-SBIN_TOOLS= keyboarddrake mousedrake XFdrake drakx-update-background display_driver_helper
+SBIN_TOOLS= drakx-update-background display_driver_helper
 INLIBDEST_DIRS = lib/xf86misc
 
 all: $(INLIBDEST_DIRS)
@@ -24,7 +26,7 @@ check:
 	@for p in tools/*; do head -n1 $$p | grep perl || continue; perl -cw $$p || exit 1; done
 
 install:
-	install -d $(DESTDIR){$(libdir),$(bindir),$(sbindir),$(desktopdir),$(autostartdir),$(xinitdir),$(iconsdir),$(pixmapsdir)}
+	install -d $(DESTDIR){$(libdir),$(bindir),$(sbindir),$(desktopdir),$(autostartdir),$(xinitdir),$(iconsdir),$(pixmapsdir),$(libexecdir),$(polkitpolicydir)}
 
 	install -d $(INLIBDEST_DIRS:%=$(DESTDIR)$(libdir)/libDrakX//%)
 	cp -a lib/*.pm $(DESTDIR)$(libdir)/libDrakX/
@@ -36,6 +38,15 @@ install:
 	  [[ -n "$(BIN_TOOLS)" ]] && install -m755 $(BIN_TOOLS) $(DESTDIR)$(bindir); \
 	  [[ -n "$(SBIN_TOOLS)" ]] && install -m755 $(SBIN_TOOLS) $(DESTDIR)$(sbindir); \
 	)
+	install -m755 tools/keyboarddrake $(DESTDIR)$(libexecdir)/drakkeyboard
+	install -m755 tools/mousedrake $(DESTDIR)$(libexecdir)/drakmouse
+	install -m755 tools/XFdrake $(DESTDIR)$(libexecdir)/drakx11
+	install polkit/wrappers/* $(DESTDIR)$(bindir)
+	install polkit/policy/* $(DESTDIR)$(polkitpolicydir)
+	# Some compatibility name wrappers
+	ln -s drakkeyboard $(DESTDIR)$(bindir)/keyboarddrake
+	ln -s drakmouse $(DESTDIR)$(bindir)/mousedrake
+	ln -s drakx11 $(DESTDIR)$(bindir)/XFdrake
 	#install -m644 $(wildcard data/*.desktop) $(DESTDIR)$(desktopdir)
 	#install -m644 $(wildcard data/icons/*.png) $(DESTDIR)$(iconsdir)
 	install -m644 $(wildcard data/pixmaps/*.png) $(DESTDIR)$(pixmapsdir)
diff --git a/NEWS b/NEWS
index 78846c0..062b48e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,4 @@
+- use polkit for authorisation (mga#11125)
 - remove / and /usr separation (no longer needed since usrmove)
 
 Version 0.109 - 8 May 2013
diff --git a/polkit/policy/org.mageia.drakkeyboard.policy b/polkit/policy/org.mageia.drakkeyboard.policy
new file mode 100644
index 0000000..e3cd5bd
--- /dev/null
+++ b/polkit/policy/org.mageia.drakkeyboard.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakkeyboard.pkexec.run">
+    <description>Run Mageia Keyboard Configuration</description>
+    <message>Authentication is required to run Mageia Keyboard Configuration</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>yes</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakkeyboard</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/policy/org.mageia.drakmouse.policy b/polkit/policy/org.mageia.drakmouse.policy
new file mode 100644
index 0000000..157e2d2
--- /dev/null
+++ b/polkit/policy/org.mageia.drakmouse.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakmouse.pkexec.run">
+    <description>Run Mageia Mouse Configuration</description>
+    <message>Authentication is required to run Mageia Mouse Configuration</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>yes</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakmouse</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/policy/org.mageia.drakx11.policy b/polkit/policy/org.mageia.drakx11.policy
new file mode 100644
index 0000000..efa8441
--- /dev/null
+++ b/polkit/policy/org.mageia.drakx11.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakx11.pkexec.run">
+    <description>Run Mageia Graphics Configuration</description>
+    <message>Authentication is required to run Mageia Graphics Configuration</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_self_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakx11</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/wrappers/drakkeyboard b/polkit/wrappers/drakkeyboard
new file mode 100755
index 0000000..f46e0ce
--- /dev/null
+++ b/polkit/wrappers/drakkeyboard
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakkeyboard $*
diff --git a/polkit/wrappers/drakmouse b/polkit/wrappers/drakmouse
new file mode 100755
index 0000000..6d66e3a
--- /dev/null
+++ b/polkit/wrappers/drakmouse
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakmouse $*
diff --git a/polkit/wrappers/drakx11 b/polkit/wrappers/drakx11
new file mode 100755
index 0000000..601654b
--- /dev/null
+++ b/polkit/wrappers/drakx11
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakx11 $*