From c9ecd03156418390fa28b12825beb90626709c95 Mon Sep 17 00:00:00 2001
From: Colin Guthrie <colin@mageia.org>
Date: Wed, 4 Sep 2013 20:15:38 +0100
Subject: Convert to polkit from usermode consolehelper for gaining root
 privileges

polkit is better integrated into various environments, both console and GUI
and offers better access rules and prevents the internal need to run
su which is prone to errors and doesn't offer an environment agnostic
prompt to the user.

In this case the current package policy (in rpm spec) has been migrated
here and is as follows:

drakclock requires no authentication to run (just a console login)

drakfont requires authentication as the current user.

drakups, drakauth, draklog and drakxservices require authentication as and
administrator.
---
 perl-install/Makefile.drakxtools                   | 11 +++++++++--
 .../polkit/policy/org.mageia.drakauth.policy       | 22 ++++++++++++++++++++++
 .../polkit/policy/org.mageia.drakboot.policy       | 22 ++++++++++++++++++++++
 .../polkit/policy/org.mageia.drakclock.policy      | 22 ++++++++++++++++++++++
 .../polkit/policy/org.mageia.drakfont.policy       | 22 ++++++++++++++++++++++
 .../polkit/policy/org.mageia.draklog.policy        | 22 ++++++++++++++++++++++
 .../polkit/policy/org.mageia.drakups.policy        | 22 ++++++++++++++++++++++
 .../polkit/policy/org.mageia.drakxservices.policy  | 22 ++++++++++++++++++++++
 perl-install/polkit/wrappers/drakauth              |  2 ++
 perl-install/polkit/wrappers/drakboot              |  2 ++
 perl-install/polkit/wrappers/drakclock             |  2 ++
 perl-install/polkit/wrappers/drakfont              |  2 ++
 perl-install/polkit/wrappers/draklog               |  2 ++
 perl-install/polkit/wrappers/drakups               |  2 ++
 perl-install/polkit/wrappers/drakxservices         |  2 ++
 15 files changed, 177 insertions(+), 2 deletions(-)
 create mode 100644 perl-install/polkit/policy/org.mageia.drakauth.policy
 create mode 100644 perl-install/polkit/policy/org.mageia.drakboot.policy
 create mode 100644 perl-install/polkit/policy/org.mageia.drakclock.policy
 create mode 100644 perl-install/polkit/policy/org.mageia.drakfont.policy
 create mode 100644 perl-install/polkit/policy/org.mageia.draklog.policy
 create mode 100644 perl-install/polkit/policy/org.mageia.drakups.policy
 create mode 100644 perl-install/polkit/policy/org.mageia.drakxservices.policy
 create mode 100755 perl-install/polkit/wrappers/drakauth
 create mode 100755 perl-install/polkit/wrappers/drakboot
 create mode 100755 perl-install/polkit/wrappers/drakclock
 create mode 100755 perl-install/polkit/wrappers/drakfont
 create mode 100755 perl-install/polkit/wrappers/draklog
 create mode 100755 perl-install/polkit/wrappers/drakups
 create mode 100755 perl-install/polkit/wrappers/drakxservices

(limited to 'perl-install')

diff --git a/perl-install/Makefile.drakxtools b/perl-install/Makefile.drakxtools
index a5a9394e2..92b2951e4 100644
--- a/perl-install/Makefile.drakxtools
+++ b/perl-install/Makefile.drakxtools
@@ -16,10 +16,12 @@ DATADIR = $(PREFIX)/usr/share
 ICONSDIR= $(DATADIR)/icons
 BINDEST = $(PREFIX)/usr/bin
 SBINDEST = $(PREFIX)/usr/sbin
+LIBEXECDEST = $(PREFIX)/usr/libexec
 ETCDEST = $(PREFIX)/etc/gtk
 LIBDEST = $(LIBDIR)/$(NAME)
 PIXDIR = $(DATADIR)/$(NAME)/pixmaps
 INITDIR =  $(PREFIX)/etc/rc.d/init.d
+POLKITPOLICYDEST = $(PREFIX)/usr/share/polkit-1/actions
 .PHONY: $(DIRS)
 
 all: ../tools/rpcinfo-flushed $(DIRS)
@@ -30,7 +32,7 @@ $(DIRS):
 
 install:
 	perl -pi -e "s/\"VER\"(; # version)/\"$(VERSION)\"\1/" standalone.pm
-	mkdir -p $(BINDEST) $(ETCDEST) $(SBINDEST) $(DATADIR)/{applications,harddrake,pixmaps,icons/{large,mini},autostart} $(PIXDIR) $(INITDIR) $(MENUDIR)
+	mkdir -p $(BINDEST) $(ETCDEST) $(SBINDEST) $(DATADIR)/{applications,harddrake,pixmaps,icons/{large,mini},autostart} $(PIXDIR) $(INITDIR) $(MENUDIR) $(LIBEXECDEST) $(POLKITPOLICYDEST)
 	install -d $(INLIBDEST_DIRS:%=$(LIBDEST)/%)
 	install $(STANDALONEPMS) standalone/convert $(SBINDEST)
 	install -s ../tools/rpcinfo-flushed ../tools/serial_probe/serial_probe $(SBINDEST)
@@ -42,6 +44,11 @@ install:
 	mv -f $(SBINDEST)/display_help $(BINDEST)
 	mv -f $(SBINDEST)/display_release_notes.pl $(BINDEST)
 	mv -f $(SBINDEST)/localedrake $(BINDEST)
+	# All the things handled by polkit
+	mv -f $(SBINDEST)/drak{auth,boot,clock,font,ups,xservices} $(LIBEXECDEST)
+	mv -f $(SBINDEST)/logdrake $(LIBEXECDEST)/draklog
+	install polkit/wrappers/* $(BINDEST)
+	install polkit/policy/* $(POLKITPOLICYDEST)
 
 	install -m 644 *.pm $(LIBDEST)
 	for i in $(PMS_DIRS); do install -d $(LIBDEST)/$$i ; install -m 644 $$i/*.pm $(LIBDEST)/$$i/;done
@@ -78,7 +85,7 @@ install:
 	ln -s {drakclock,$(SBINDEST)/clock.pl}
 	ln -s {harddrake2,$(SBINDEST)/drakhardware}
 	ln -s {localedrake,$(BINDEST)/draklocale}
-	ln -s {logdrake,$(SBINDEST)/draklog}
+	ln -s {draklog,$(BINDEST)/logdrake}
 	ln -s {scannerdrake,$(SBINDEST)/drakscanner}
 
 check:
diff --git a/perl-install/polkit/policy/org.mageia.drakauth.policy b/perl-install/polkit/policy/org.mageia.drakauth.policy
new file mode 100644
index 000000000..905be635e
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakauth.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakauth.pkexec.run">
+    <description>Run Mageia Authentication Configuration</description>
+    <message>Authentication is required to run Mageia Authentication Configuration</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakauth</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.drakboot.policy b/perl-install/polkit/policy/org.mageia.drakboot.policy
new file mode 100644
index 000000000..e41372f73
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakboot.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakboot.pkexec.run">
+    <description>Run Mageia Boot Configuration</description>
+    <message>Authentication is required to run Mageia Boot Configuration</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakboot</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.drakclock.policy b/perl-install/polkit/policy/org.mageia.drakclock.policy
new file mode 100644
index 000000000..627f8745b
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakclock.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakclock.pkexec.run">
+    <description>Run Mageia Date and Time Configuration</description>
+    <message>Authentication is required to run Mageia Date and Time Configuration</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>yes</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakclock</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.drakfont.policy b/perl-install/polkit/policy/org.mageia.drakfont.policy
new file mode 100644
index 000000000..c4837cca5
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakfont.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakfont.pkexec.run">
+    <description>Run Mageia Font Configuration</description>
+    <message>Authentication is required to run Mageia Font Configuration</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_self_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakfont</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.draklog.policy b/perl-install/polkit/policy/org.mageia.draklog.policy
new file mode 100644
index 000000000..85842378f
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.draklog.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.draklog.pkexec.run">
+    <description>Run Mageia Log Viewer</description>
+    <message>Authentication is required to run Mageia Log Viewer</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/draklog</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.drakups.policy b/perl-install/polkit/policy/org.mageia.drakups.policy
new file mode 100644
index 000000000..2af273084
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakups.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakups.pkexec.run">
+    <description>Run Mageia UPS Configuration</description>
+    <message>Authentication is required to run Mageia UPS Configuration</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakups</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/policy/org.mageia.drakxservices.policy b/perl-install/polkit/policy/org.mageia.drakxservices.policy
new file mode 100644
index 000000000..daa9a7267
--- /dev/null
+++ b/perl-install/polkit/policy/org.mageia.drakxservices.policy
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+
+ <action id="org.mageia.drakxservices.pkexec.run">
+    <description>Run Mageia Service Configuration</description>
+    <message>Authentication is required to run Mageia Service Configuration</message>
+    <icon_name>drakconf</icon_name>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/drakxservices</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
diff --git a/perl-install/polkit/wrappers/drakauth b/perl-install/polkit/wrappers/drakauth
new file mode 100755
index 000000000..b6bcf029d
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakauth
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakauth $*
diff --git a/perl-install/polkit/wrappers/drakboot b/perl-install/polkit/wrappers/drakboot
new file mode 100755
index 000000000..477ed03af
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakboot
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakboot $*
diff --git a/perl-install/polkit/wrappers/drakclock b/perl-install/polkit/wrappers/drakclock
new file mode 100755
index 000000000..1c10aa7b3
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakclock
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakclock $*
diff --git a/perl-install/polkit/wrappers/drakfont b/perl-install/polkit/wrappers/drakfont
new file mode 100755
index 000000000..664865f0a
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakfont
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakfont $*
diff --git a/perl-install/polkit/wrappers/draklog b/perl-install/polkit/wrappers/draklog
new file mode 100755
index 000000000..b552273dd
--- /dev/null
+++ b/perl-install/polkit/wrappers/draklog
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/draklog $*
diff --git a/perl-install/polkit/wrappers/drakups b/perl-install/polkit/wrappers/drakups
new file mode 100755
index 000000000..e2c892b64
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakups
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakups $*
diff --git a/perl-install/polkit/wrappers/drakxservices b/perl-install/polkit/wrappers/drakxservices
new file mode 100755
index 000000000..f4bb18b41
--- /dev/null
+++ b/perl-install/polkit/wrappers/drakxservices
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/pkexec /usr/libexec/drakxservices $*
-- 
cgit v1.2.1