1 From 09153c6825e5b5157fba7600cefabb762d887891 Mon Sep 17 00:00:00 2001
2 From: Robert Ancell <robert.ancell@ubuntu.com>
3 Date: Thu, 6 Aug 2009 15:57:15 +0100
4 Subject: [PATCH 1/2] Add PolicyKit support to GDM settings D-Bus interface
5 Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/395299
6 Upstream: http://bugzilla.gnome.org/show_bug.cgi?id=587750
8 --- gdm-3.1.90/data/Makefile.am.wiget 2011-08-31 02:04:37.000000000 +0200
9 +++ gdm-3.1.90/data/Makefile.am 2011-09-05 21:46:13.070224232 +0200
10 @@ -45,6 +45,8 @@ schemasdir = $(pkgdatadir)
11 schemas_in_files = gdm.schemas.in
12 schemas_DATA = $(schemas_in_files:.schemas.in=.schemas)
14 +@INTLTOOL_POLICY_RULE@
16 gdm.schemas.in: $(srcdir)/gdm.schemas.in.in
17 sed -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \
18 -e 's,[@]GDM_CUSTOM_CONF[@],$(GDM_CUSTOM_CONF),g' \
19 @@ -84,11 +86,18 @@ localealias_DATA = locale.alias
20 sessiondir = $(datadir)/gnome-session/sessions
21 session_DATA = gdm-fallback.session gdm-shell.session
23 +polkitdir = $(datadir)/polkit-1/actions
24 +polkit_in_files = gdm.policy.in
25 +polkit_DATA = $(polkit_in_files:.policy.in=.policy)
27 + $(POLKIT_POLICY_FILE_VALIDATE) $(polkit_DATA)
32 $(dbusconf_in_files) \
34 + $(polkit_in_files) \
38 @@ -118,6 +127,7 @@ CLEANFILES = \
46 --- gdm-3.1.90/data/gdm.conf.in.wiget 2011-08-09 22:08:42.000000000 +0200
47 +++ gdm-3.1.90/data/gdm.conf.in 2011-09-05 21:44:39.831640332 +0200
49 <deny send_destination="org.gnome.DisplayManager"
50 send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/>
51 <deny send_destination="org.gnome.DisplayManager"
52 - send_interface="org.gnome.DisplayManager.Settings"/>
53 - <deny send_destination="org.gnome.DisplayManager"
54 send_interface="org.gnome.DisplayManager.Slave"/>
55 <deny send_destination="org.gnome.DisplayManager"
56 send_interface="org.gnome.DisplayManager.Session"/>
58 <allow send_destination="org.gnome.DisplayManager"
59 send_interface="org.freedesktop.DBus.Introspectable"/>
61 + <!-- Controlled by PolicyKit -->
62 + <allow send_destination="org.gnome.DisplayManager"
63 + send_interface="org.gnome.DisplayManager.Settings"/>
65 <allow send_destination="org.gnome.DisplayManager"
66 send_interface="org.gnome.DisplayManager.Display"
68 --- gdm-3.1.90/data/gdm.policy.in.wiget 2011-09-05 21:44:39.831640332 +0200
69 +++ gdm-3.1.90/data/gdm.policy.in 2011-09-05 21:44:39.831640332 +0200
71 +<?xml version="1.0" encoding="UTF-8"?>
72 +<!DOCTYPE policyconfig PUBLIC
73 + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
74 + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
76 + <vendor>The GNOME Project</vendor>
77 + <vendor_url>http://www.gnome.org/</vendor_url>
78 + <icon_name>gdm</icon_name>
80 + <action id="org.gnome.displaymanager.settings.write">
81 + <description>Change login screen configuration</description>
82 + <message>Privileges are required to change the login screen configuration.</message>
84 + <allow_inactive>no</allow_inactive>
85 + <allow_active>auth_admin_keep</allow_active>
89 --- gdm-3.1.90/common/Makefile.am.wiget 2011-08-09 22:08:42.000000000 +0200
90 +++ gdm-3.1.90/common/Makefile.am 2011-09-05 21:44:39.831640332 +0200
91 @@ -99,6 +99,7 @@ libgdmcommon_la_CFLAGS = \
94 libgdmcommon_la_LIBADD = \
98 libgdmcommon_la_LDFLAGS = \
99 --- gdm-3.1.90/common/gdm-settings.c.wiget 2011-08-09 22:08:42.000000000 +0200
100 +++ gdm-3.1.90/common/gdm-settings.c 2011-09-05 21:44:39.831640332 +0200
102 #define DBUS_API_SUBJECT_TO_CHANGE
103 #include <dbus/dbus-glib.h>
104 #include <dbus/dbus-glib-lowlevel.h>
105 +#include <polkit/polkit.h>
107 #include "gdm-settings.h"
108 #include "gdm-settings-glue.h"
109 @@ -108,6 +109,90 @@ gdm_settings_get_value (GdmSettings *set
114 +unlock_auth_cb (PolkitAuthority *authority,
115 + GAsyncResult *result,
116 + DBusGMethodInvocation *context)
118 + PolkitAuthorizationResult *auth_result;
119 + GError *error = NULL;
121 + auth_result = polkit_authority_check_authorization_finish (authority, result, &error);
124 + dbus_g_method_return_error (context, error);
126 + dbus_g_method_return (context,
127 + polkit_authorization_result_get_is_authorized (auth_result));
131 + g_object_unref (auth_result);
133 + g_error_free (error);
137 +gdm_settings_unlock (GdmSettings *settings,
138 + DBusGMethodInvocation *context)
140 + polkit_authority_check_authorization (polkit_authority_get (),
141 + polkit_system_bus_name_new (dbus_g_method_get_sender (context)),
142 + "org.gnome.displaymanager.settings.write",
144 + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
146 + (GAsyncReadyCallback) unlock_auth_cb,
152 + GdmSettings *settings;
153 + DBusGMethodInvocation *context;
154 + gchar *key, *value;
158 +set_value_auth_cb (PolkitAuthority *authority,
159 + GAsyncResult *result,
160 + SetValueData *data)
162 + PolkitAuthorizationResult *auth_result;
163 + GError *error = NULL;
165 + auth_result = polkit_authority_check_authorization_finish (authority, result, &error);
168 + dbus_g_method_return_error (data->context, error);
170 + if (polkit_authorization_result_get_is_authorized (auth_result)) {
173 + result = gdm_settings_backend_set_value (data->settings->priv->backend,
178 + dbus_g_method_return (data->context);
180 + dbus_g_method_return_error (data->context, error);
183 + error = g_error_new (DBUS_GERROR_REMOTE_EXCEPTION, 0, "Not authorized");
184 + dbus_g_method_return_error (data->context, error);
189 + g_object_unref (auth_result);
191 + g_error_free (error);
192 + g_free (data->key);
193 + g_free (data->value);
198 dbus-send --system --print-reply --dest=org.gnome.DisplayManager /org/gnome/DisplayManager/Settings org.gnome.DisplayManager.Settings.SetValue string:"xdmcp/Enable" string:"false"
200 @@ -116,26 +201,30 @@ gboolean
201 gdm_settings_set_value (GdmSettings *settings,
205 + DBusGMethodInvocation *context)
207 - GError *local_error;
210 + SetValueData *data;
212 g_return_val_if_fail (GDM_IS_SETTINGS (settings), FALSE);
213 g_return_val_if_fail (key != NULL, FALSE);
215 g_debug ("Setting value %s", key);
217 - local_error = NULL;
218 - res = gdm_settings_backend_set_value (settings->priv->backend,
223 - g_propagate_error (error, local_error);
228 + /* Authorize with PolicyKit */
229 + data = g_malloc (sizeof(SetValueData));
230 + data->settings = settings;
231 + data->context = context;
232 + data->key = g_strdup(key);
233 + data->value = g_strdup(value);
234 + polkit_authority_check_authorization (polkit_authority_get (),
235 + polkit_system_bus_name_new (dbus_g_method_get_sender (context)),
236 + "org.gnome.displaymanager.settings.write",
238 + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
240 + (GAsyncReadyCallback) set_value_auth_cb,
246 --- gdm-3.1.90/common/gdm-settings.xml.wiget 2011-04-25 17:55:04.000000000 +0200
247 +++ gdm-3.1.90/common/gdm-settings.xml 2011-09-05 21:44:39.831640332 +0200
249 <arg name="key" direction="in" type="s"/>
250 <arg name="value" direction="out" type="s"/>
252 + <method name="Unlock">
253 + <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
254 + <arg name="is_unlocked" direction="out" type="b"/>
256 <method name="SetValue">
257 + <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
258 <arg name="key" direction="in" type="s"/>
259 <arg name="value" direction="in" type="s"/>
261 --- gdm-3.1.90/common/gdm-settings.h.wiget 2011-04-25 17:55:04.000000000 +0200
262 +++ gdm-3.1.90/common/gdm-settings.h 2011-09-05 21:44:39.831640332 +0200
264 #define __GDM_SETTINGS_H
266 #include <glib-object.h>
267 +#include <dbus/dbus-glib.h>
271 @@ -70,10 +71,12 @@ gboolean gdm_settings_get_val
275 +gboolean gdm_settings_unlock (GdmSettings *settings,
276 + DBusGMethodInvocation *context);
277 gboolean gdm_settings_set_value (GdmSettings *settings,
281 + DBusGMethodInvocation *context);
285 --- gdm-3.1.90/configure.ac.wiget 2011-08-30 20:24:43.000000000 +0200
286 +++ gdm-3.1.90/configure.ac 2011-09-05 21:45:16.999745584 +0200
287 @@ -56,6 +56,7 @@ dnl - Dependencies
288 dnl ---------------------------------------------------------------------------
290 DBUS_GLIB_REQUIRED_VERSION=0.74
291 +POLKIT_GOBJECT_REQUIRED_VERSION=0.92
292 GLIB_REQUIRED_VERSION=2.29.3
293 GTK_REQUIRED_VERSION=2.91.1
294 PANGO_REQUIRED_VERSION=1.3.0
295 @@ -78,6 +79,7 @@ AC_SUBST(GTHREAD_LIBS)
297 PKG_CHECK_MODULES(COMMON,
298 dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
299 + polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION
300 gobject-2.0 >= $GLIB_REQUIRED_VERSION
301 gio-2.0 >= $GLIB_REQUIRED_VERSION
303 @@ -86,6 +88,7 @@ AC_SUBST(COMMON_LIBS)
305 PKG_CHECK_MODULES(DAEMON,
306 dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
307 + polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION
308 gobject-2.0 >= $GLIB_REQUIRED_VERSION
309 gio-2.0 >= $GLIB_REQUIRED_VERSION
310 accountsservice >= $ACCOUNTS_SERVICE_REQUIRED_VERSION