1 From 09153c6825e5b5157fba7600cefabb762d887891 Mon Sep 17 00:00:00 2001
2 From: Robert Ancell <robert.ancell@ubuntu.com>
3 Date: Thu, 6 Aug 2009 15:57:15 +0100
4 Subject: [PATCH 1/2] Add PolicyKit support to GDM settings D-Bus interface
5 Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/395299
6 Upstream: http://bugzilla.gnome.org/show_bug.cgi?id=587750
8 diff -urN gdm-2.29.92/common/gdm-settings.c gdm-2.29.92.new//common/gdm-settings.c
9 --- gdm-2.29.92/common/gdm-settings.c 2010-03-08 22:53:57.000000000 +0100
10 +++ gdm-2.29.92.new//common/gdm-settings.c 2010-03-14 21:01:32.864403121 +0100
12 #define DBUS_API_SUBJECT_TO_CHANGE
13 #include <dbus/dbus-glib.h>
14 #include <dbus/dbus-glib-lowlevel.h>
15 +#include <polkit/polkit.h>
17 #include "gdm-settings.h"
18 #include "gdm-settings-glue.h"
24 +unlock_auth_cb (PolkitAuthority *authority,
25 + GAsyncResult *result,
26 + DBusGMethodInvocation *context)
28 + PolkitAuthorizationResult *auth_result;
29 + GError *error = NULL;
31 + auth_result = polkit_authority_check_authorization_finish (authority, result, &error);
34 + dbus_g_method_return_error (context, error);
36 + dbus_g_method_return (context,
37 + polkit_authorization_result_get_is_authorized (auth_result));
41 + g_object_unref (auth_result);
43 + g_error_free (error);
47 +gdm_settings_unlock (GdmSettings *settings,
48 + DBusGMethodInvocation *context)
50 + polkit_authority_check_authorization (polkit_authority_get (),
51 + polkit_system_bus_name_new (dbus_g_method_get_sender (context)),
52 + "org.gnome.displaymanager.settings.write",
54 + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
56 + (GAsyncReadyCallback) unlock_auth_cb,
62 + GdmSettings *settings;
63 + DBusGMethodInvocation *context;
68 +set_value_auth_cb (PolkitAuthority *authority,
69 + GAsyncResult *result,
72 + PolkitAuthorizationResult *auth_result;
73 + GError *error = NULL;
75 + auth_result = polkit_authority_check_authorization_finish (authority, result, &error);
78 + dbus_g_method_return_error (data->context, error);
80 + if (polkit_authorization_result_get_is_authorized (auth_result)) {
83 + result = gdm_settings_backend_set_value (data->settings->priv->backend,
88 + dbus_g_method_return (data->context);
90 + dbus_g_method_return_error (data->context, error);
93 + error = g_error_new (DBUS_GERROR_REMOTE_EXCEPTION, 0, "Not authorized");
94 + dbus_g_method_return_error (data->context, error);
99 + g_object_unref (auth_result);
101 + g_error_free (error);
102 + g_free (data->key);
103 + g_free (data->value);
108 dbus-send --system --print-reply --dest=org.gnome.DisplayManager /org/gnome/DisplayManager/Settings org.gnome.DisplayManager.Settings.SetValue string:"xdmcp/Enable" string:"false"
110 @@ -118,26 +203,30 @@
111 gdm_settings_set_value (GdmSettings *settings,
115 + DBusGMethodInvocation *context)
117 - GError *local_error;
120 + SetValueData *data;
122 g_return_val_if_fail (GDM_IS_SETTINGS (settings), FALSE);
123 g_return_val_if_fail (key != NULL, FALSE);
125 g_debug ("Setting value %s", key);
127 - local_error = NULL;
128 - res = gdm_settings_backend_set_value (settings->priv->backend,
133 - g_propagate_error (error, local_error);
138 + /* Authorize with PolicyKit */
139 + data = g_malloc (sizeof(SetValueData));
140 + data->settings = settings;
141 + data->context = context;
142 + data->key = g_strdup(key);
143 + data->value = g_strdup(value);
144 + polkit_authority_check_authorization (polkit_authority_get (),
145 + polkit_system_bus_name_new (dbus_g_method_get_sender (context)),
146 + "org.gnome.displaymanager.settings.write",
148 + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
150 + (GAsyncReadyCallback) set_value_auth_cb,
156 diff -urN gdm-2.29.92/common/gdm-settings.h gdm-2.29.92.new//common/gdm-settings.h
157 --- gdm-2.29.92/common/gdm-settings.h 2010-03-08 22:53:57.000000000 +0100
158 +++ gdm-2.29.92.new//common/gdm-settings.h 2010-03-14 21:01:32.864403121 +0100
160 #define __GDM_SETTINGS_H
162 #include <glib-object.h>
163 +#include <dbus/dbus-glib.h>
171 +gboolean gdm_settings_unlock (GdmSettings *settings,
172 + DBusGMethodInvocation *context);
173 gboolean gdm_settings_set_value (GdmSettings *settings,
177 + DBusGMethodInvocation *context);
181 diff -urN gdm-2.29.92/common/gdm-settings.xml gdm-2.29.92.new//common/gdm-settings.xml
182 --- gdm-2.29.92/common/gdm-settings.xml 2010-03-08 22:53:57.000000000 +0100
183 +++ gdm-2.29.92.new//common/gdm-settings.xml 2010-03-14 21:01:32.864403121 +0100
185 <arg name="key" direction="in" type="s"/>
186 <arg name="value" direction="out" type="s"/>
188 + <method name="Unlock">
189 + <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
190 + <arg name="is_unlocked" direction="out" type="b"/>
192 <method name="SetValue">
193 + <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
194 <arg name="key" direction="in" type="s"/>
195 <arg name="value" direction="in" type="s"/>
197 diff -urN gdm-2.29.92/common/Makefile.am gdm-2.29.92.new//common/Makefile.am
198 --- gdm-2.29.92/common/Makefile.am 2010-03-08 22:53:57.000000000 +0100
199 +++ gdm-2.29.92.new//common/Makefile.am 2010-03-14 21:01:32.867730975 +0100
203 libgdmcommon_la_LIBADD = \
207 libgdmcommon_la_LDFLAGS = \
208 diff -urN gdm-2.29.92/configure.ac gdm-2.29.92.new//configure.ac
209 --- gdm-2.29.92/configure.ac 2010-03-08 23:09:47.000000000 +0100
210 +++ gdm-2.29.92.new//configure.ac 2010-03-14 21:03:28.747726327 +0100
212 dnl ---------------------------------------------------------------------------
214 DBUS_GLIB_REQUIRED_VERSION=0.74
215 +POLKIT_GOBJECT_REQUIRED_VERSION=0.92
216 GLIB_REQUIRED_VERSION=2.22.0
217 GTK_REQUIRED_VERSION=2.12.0
218 PANGO_REQUIRED_VERSION=1.3.0
221 PKG_CHECK_MODULES(COMMON,
222 dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
223 + polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION
224 gobject-2.0 >= $GLIB_REQUIRED_VERSION
225 gio-2.0 >= $GLIB_REQUIRED_VERSION
229 PKG_CHECK_MODULES(DAEMON,
230 dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
231 + polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION
232 gobject-2.0 >= $GLIB_REQUIRED_VERSION
233 gio-2.0 >= $GLIB_REQUIRED_VERSION
235 diff -urN gdm-2.29.92/data/gdm.conf.in gdm-2.29.92.new//data/gdm.conf.in
236 --- gdm-2.29.92/data/gdm.conf.in 2010-03-08 22:53:57.000000000 +0100
237 +++ gdm-2.29.92.new//data/gdm.conf.in 2010-03-14 21:01:32.867730975 +0100
239 <deny send_destination="org.gnome.DisplayManager"
240 send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/>
241 <deny send_destination="org.gnome.DisplayManager"
242 - send_interface="org.gnome.DisplayManager.Settings"/>
243 - <deny send_destination="org.gnome.DisplayManager"
244 send_interface="org.gnome.DisplayManager.Slave"/>
245 <deny send_destination="org.gnome.DisplayManager"
246 send_interface="org.gnome.DisplayManager.Session"/>
248 <allow send_destination="org.gnome.DisplayManager"
249 send_interface="org.freedesktop.DBus.Introspectable"/>
251 + <!-- Controlled by PolicyKit -->
252 + <allow send_destination="org.gnome.DisplayManager"
253 + send_interface="org.gnome.DisplayManager.Settings"/>
255 <allow send_destination="org.gnome.DisplayManager"
256 send_interface="org.gnome.DisplayManager.Display"
257 send_member="GetId"/>
258 diff -urN gdm-2.29.92/data/gdm.policy.in gdm-2.29.92.new//data/gdm.policy.in
259 --- gdm-2.29.92/data/gdm.policy.in 1970-01-01 01:00:00.000000000 +0100
260 +++ gdm-2.29.92.new//data/gdm.policy.in 2010-03-14 21:01:32.867730975 +0100
262 +<?xml version="1.0" encoding="UTF-8"?>
263 +<!DOCTYPE policyconfig PUBLIC
264 + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
265 + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
267 + <vendor>The GNOME Project</vendor>
268 + <vendor_url>http://www.gnome.org/</vendor_url>
269 + <icon_name>gdm</icon_name>
271 + <action id="org.gnome.displaymanager.settings.write">
272 + <description>Change login screen configuration</description>
273 + <message>Privileges are required to change the login screen configuration.</message>
275 + <allow_inactive>no</allow_inactive>
276 + <allow_active>auth_admin_keep</allow_active>
280 diff -urN gdm-2.29.92/data/Makefile.am gdm-2.29.92.new//data/Makefile.am
281 --- gdm-2.29.92/data/Makefile.am 2010-03-08 22:53:57.000000000 +0100
282 +++ gdm-2.29.92.new//data/Makefile.am 2010-03-14 21:06:01.074377153 +0100
284 schemas_in_files = gdm.schemas.in
285 schemas_DATA = $(schemas_in_files:.schemas.in=.schemas)
287 +@INTLTOOL_POLICY_RULE@
289 gdm.schemas.in: $(srcdir)/gdm.schemas.in.in
290 sed -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \
291 -e 's,[@]GDM_CUSTOM_CONF[@],$(GDM_CUSTOM_CONF),g' \
293 localealiasdir = $(datadir)/gdm
294 localealias_DATA = locale.alias
296 +polkitdir = $(datadir)/polkit-1/actions
297 +polkit_in_files = gdm.policy.in
298 +polkit_DATA = $(polkit_in_files:.policy.in=.policy)
300 + $(POLKIT_POLICY_FILE_VALIDATE) $(polkit_DATA)
303 $(schemas_in_files) \
305 $(dbusconf_in_files) \
306 $(localealias_DATA) \
307 + $(polkit_in_files) \