polkit: Fix support for several third party net management commands (mga#11286)

10 files changed, 115 insertions, 9 deletions

diff --git a/NEWS b/NEWS
index 46ca9b1..f2c36b6 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,4 @@
+- polkit: fix support for several third party net management commands (mga#11286)
 - do not do costly urpmi check before forking net_monitor
 
 1.28
diff --git a/bin/net_applet b/bin/net_applet
index a722c28..7f36960 100755
--- a/bin/net_applet
+++ b/bin/net_applet
@@ -192,7 +192,7 @@ my %actions = (
         launch => sub {
 	    require run_program;
 	    $net->{PROFILE} = $_[0];
-	    run_program::raw({ detach => 1 }, common::wrap_command_for_root('/sbin/set-netprofile', $net->{PROFILE}));
+	    run_program::raw({ detach => 1 }, (if_($>, '/usr/bin/pkexec'), '/usr/sbin/set-netprofile', $net->{PROFILE}));
         }
     },
     'chooseVPN' => {
diff --git a/lib/network/tools.pm b/lib/network/tools.pm
index cd7b69d..951b445 100644
--- a/lib/network/tools.pm
+++ b/lib/network/tools.pm
@@ -20,22 +20,22 @@ sub passwd_by_login {
 }
 
 sub run_interface_command {
-    my ($command, $intf, $detach) = @_;
+    my ($action, $intf, $detach) = @_;
     my @command =
       !$> || system("/usr/sbin/usernetctl $intf report") == 0 ?
-	($command, $intf, if_(!$::isInstall, "daemon")) :
-	common::wrap_command_for_root($command, $intf);
+	('/usr/sbin/if' . $action, $intf, if_(!$::isInstall, "daemon")) :
+	('/usr/bin/pkexec', '/usr/sbin/if' . $action, $intf);
     run_program::raw({ detach => $detach, root => $::prefix }, @command);
 }
 
 sub start_interface {
     my ($intf, $detach) = @_;
-    run_interface_command('/sbin/ifup', $intf, $detach);
+    run_interface_command('up', $intf, $detach);
 }
 
 sub stop_interface {
     my ($intf, $detach) = @_;
-    run_interface_command('/sbin/ifdown', $intf, $detach);
+    run_interface_command('down', $intf, $detach);
 }
 
 sub start_net_interface {
diff --git a/lib/network/vpn.pm b/lib/network/vpn.pm
index 21142c8..147ecc8 100644
--- a/lib/network/vpn.pm
+++ b/lib/network/vpn.pm
@@ -113,8 +113,7 @@ sub get_config_path {
 
 sub _run {
     my ($connection, $action, @args) = @_;
-    my @command = ('vpn-' . $action, $connection->get_type, $connection->get_name, @args);
-    @command = common::wrap_command_for_root(@command) if $>;
+    my @command = (if_($>, '/usr/bin/pkexec'), '/usr/sbin/vpn-' . $action, $connection->get_type, $connection->get_name, @args);
     require run_program;
     run_program::rooted($::prefix, , @command);
 }
diff --git a/polkit/Makefile b/polkit/Makefile
index dc7c4ba..631426e 100644
--- a/polkit/Makefile
+++ b/polkit/Makefile
@@ -5,7 +5,8 @@ POLKITPOLICYDEST = $(DESTDIR)/usr/share/polkit-1/actions
 
 POLICY_IN := $(wildcard *.policy.in)
 POLICY = $(POLICY_IN:.policy.in=.policy)
-WRAPPERS = $(patsubst org.mageia.%.policy,%,$(POLICY))
+MGAPOLICY_IN := $(wildcard org.mageia.*.policy.in)
+WRAPPERS = $(patsubst org.mageia.%.policy.in,%,$(MGAPOLICY_IN))
 
 all: $(WRAPPERS) $(POLICY)
 
diff --git a/polkit/com.redhat.initscripts.ifdown.policy.in b/polkit/com.redhat.initscripts.ifdown.policy.in
new file mode 100644
index 0000000..1413004
--- /dev/null
+++ b/polkit/com.redhat.initscripts.ifdown.policy.in
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="com.redhat.initscripts.ifdown.pkexec.run">
+    <_description>Take Network Interface Down</_description>
+    <_message>Authentication is required to take down a network interface</_message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/ifdown</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/com.redhat.initscripts.ifup.policy.in b/polkit/com.redhat.initscripts.ifup.policy.in
new file mode 100644
index 0000000..73ac819
--- /dev/null
+++ b/polkit/com.redhat.initscripts.ifup.policy.in
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="com.redhat.initscripts.ifup.pkexec.run">
+    <_description>Bring Network Interface Up</_description>
+    <_message>Authentication is required to bring up a network interface</_message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/ifup</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/com.redhat.initscripts.vpn-start.policy.in b/polkit/com.redhat.initscripts.vpn-start.policy.in
new file mode 100644
index 0000000..317b78e
--- /dev/null
+++ b/polkit/com.redhat.initscripts.vpn-start.policy.in
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="com.redhat.initscripts.vpn-start.pkexec.run">
+    <_description>Start Virtual Private Network</_description>
+    <_message>Authentication is required start the Virtual Private Network</_message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/vpn-start</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/com.redhat.initscripts.vpn-stop.policy.in b/polkit/com.redhat.initscripts.vpn-stop.policy.in
new file mode 100644
index 0000000..debfe21
--- /dev/null
+++ b/polkit/com.redhat.initscripts.vpn-stop.policy.in
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="com.redhat.initscripts.vpn-stop.pkexec.run">
+    <_description>Stop Virtual Private Network</_description>
+    <_message>Authentication is required stop the Virtual Private Network</_message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/vpn-stop</annotate>
+ </action>
+</policyconfig>
diff --git a/polkit/org.mageia-x.set-netprofile.policy.in b/polkit/org.mageia-x.set-netprofile.policy.in
new file mode 100644
index 0000000..df91115
--- /dev/null
+++ b/polkit/org.mageia-x.set-netprofile.policy.in
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia-x.set-netprofile.pkexec.run">
+    <_description>Set Network Profile</_description>
+    <_message>Authentication is required to set the network profile</_message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/set-netprofile</annotate>
+ </action>
+</policyconfig>