diff options
| author | Colin Guthrie <colin@mageia.org> | 2013-11-21 21:12:37 +0000 |
|---|---|---|
| committer | Colin Guthrie <colin@mageia.org> | 2013-11-21 21:24:53 +0000 |
| commit | 3b641cb27c28bdf42865ee15f7ccd2b6c9e9d3d1 (patch) | |
| tree | efa80eca1b88a28fdb4e52deee5717e934a6f983 /perl-install/standalone/draksec | |
| parent | 7828203e308e62a47eac337a193d0fa1680b97d9 (diff) | |
| download | drakx-3b641cb27c28bdf42865ee15f7ccd2b6c9e9d3d1.tar drakx-3b641cb27c28bdf42865ee15f7ccd2b6c9e9d3d1.tar.gz drakx-3b641cb27c28bdf42865ee15f7ccd2b6c9e9d3d1.tar.bz2 drakx-3b641cb27c28bdf42865ee15f7ccd2b6c9e9d3d1.tar.xz drakx-3b641cb27c28bdf42865ee15f7ccd2b6c9e9d3d1.zip | |
polkit: Add support to draksec for writing polkit policy override rules.
This allows draksec to override things properly under polkit.
Diffstat (limited to 'perl-install/standalone/draksec')
| -rwxr-xr-x | perl-install/standalone/draksec | 52 |
1 files changed, 37 insertions, 15 deletions
diff --git a/perl-install/standalone/draksec b/perl-install/standalone/draksec index b5fd5d5ca..a4716da9b 100755 --- a/perl-install/standalone/draksec +++ b/perl-install/standalone/draksec @@ -110,33 +110,54 @@ my %progs; my $auth_string = N("Configure authentication required to access %s tools", N("Mageia")); my %auth = ( + default => N("Default"), no_passwd => N("No password"), root_passwd => N("Root password"), user_passwd => N("User password"), ); +my $polkit_rules_file = "/etc/polkit-1/rules.d/51-draksec.rules"; +my %overrides = map { if ( /case '([^']+)': return polkit\.Result\.(YES|AUTH_ADMIN_KEEP|AUTH_SELF_KEEP)/ ) { ($1, $2) } } cat_($polkit_rules_file); + + sub default_auth_value { my ($prog) = @_; - my $link = readlink("/etc/pam.d/$prog"); - if ($link =~ /mageia-console-auth/) { - return $auth{no_passwd}; - } elsif ($link =~ /mageia-simple-auth/) { - my ($user) = cat_("/etc/security/console.apps/$prog") =~ /USER=(.*)/; - return $auth{root_passwd} if $user eq 'root'; - return $auth{user_passwd} if $user eq '<user>'; - } + + return $auth{no_passwd} if $overrides{$prog} eq 'YES'; + return $auth{root_passwd} if $overrides{$prog} eq 'AUTH_ADMIN_KEEP'; + return $auth{user_passwd} if $overrides{$prog} eq 'AUTH_SELF_KEEP'; + return $auth{default}; } sub set_auth_value { my ($prog, $auth) = @_; if ($auth eq 'no_passwd') { - symlinkf('../../etc/pam.d/mageia-console-auth', "/etc/pam.d/$prog"); + $overrides{$prog} = 'YES'; + } elsif ($auth eq 'root_passwd') { + $overrides{$prog} = 'AUTH_ADMIN_KEEP'; + } elsif ($auth eq 'user_passwd') { + $overrides{$prog} = 'AUTH_SELF_KEEP'; + } else { + delete $overrides{$prog}; + } +} + +sub write_rules() { + my $contents = ''; + keys %overrides; + while(my($k, $v) = each %overrides) { + $contents .= "case '$k': return polkit.Result.$v;\n" if ($k && $v); + } + + if ($contents) { + output($polkit_rules_file, <<EOF); +// This file is written by draksec. Do not edit. +var drakToolAuth = function(tool){switch (tool){ +$contents +}return polkit.Result.NOT_HANDLED;}; +EOF } else { - symlinkf('../../etc/pam.d/mageia-simple-auth', "/etc/pam.d/$prog"); - my $value = $auth eq 'user_passwd' ? '<user>' : 'root'; - substInFile { - s/^USER=.*/USER=$value/; - } "/etc/security/console.apps/$prog"; + rm_rf($polkit_rules_file); } } @@ -188,7 +209,7 @@ gtkpack_($vbox, [ gtkshow(gtknew('Label_Left', line_wrap => 1, text => $descr{$_} || $_)), $progs{$_} = new_nonedit_combo([ - @auth{qw(user_passwd root_passwd no_passwd)} + @auth{qw(default user_passwd root_passwd no_passwd)} ], default_auth_value($_) #$msec->get_check_value($opt) @@ -217,6 +238,7 @@ gtkpack_($vbox, set_auth_value($key, $rev_auth{$value}); } + write_rules(); remove_wait_msg($w); ugtk2->exit(0); } |