1 From 09153c6825e5b5157fba7600cefabb762d887891 Mon Sep 17 00:00:00 2001
2 From: Robert Ancell <robert.ancell@ubuntu.com>
3 Date: Thu, 6 Aug 2009 15:57:15 +0100
4 Subject: [PATCH 1/2] Add PolicyKit support to GDM settings D-Bus interface
5 Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/395299
6 Upstream: http://bugzilla.gnome.org/show_bug.cgi?id=587750
8 diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/common/gdm-settings.c gdm-2.27.4.new/common/gdm-settings.c
9 --- gdm-2.27.4/common/gdm-settings.c 2009-05-19 16:18:12.000000000 +0100
10 +++ gdm-2.27.4.new/common/gdm-settings.c 2009-08-07 09:25:34.000000000 +0100
12 #define DBUS_API_SUBJECT_TO_CHANGE
13 #include <dbus/dbus-glib.h>
14 #include <dbus/dbus-glib-lowlevel.h>
15 +#include <polkit/polkit.h>
17 #include "gdm-settings.h"
18 #include "gdm-settings-glue.h"
24 +unlock_auth_cb (PolkitAuthority *authority,
25 + GAsyncResult *result,
26 + DBusGMethodInvocation *context)
28 + PolkitAuthorizationResult *auth_result;
29 + GError *error = NULL;
31 + auth_result = polkit_authority_check_authorization_finish (authority, result, &error);
34 + dbus_g_method_return_error (context, error);
36 + dbus_g_method_return (context,
37 + polkit_authorization_result_get_is_authorized (auth_result));
41 + g_object_unref (auth_result);
43 + g_error_free (error);
47 +gdm_settings_unlock (GdmSettings *settings,
48 + DBusGMethodInvocation *context)
50 + polkit_authority_check_authorization (polkit_authority_get (),
51 + polkit_system_bus_name_new (dbus_g_method_get_sender (context)),
52 + "org.gnome.displaymanager.settings.write",
54 + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
56 + (GAsyncReadyCallback) unlock_auth_cb,
62 + GdmSettings *settings;
63 + DBusGMethodInvocation *context;
68 +set_value_auth_cb (PolkitAuthority *authority,
69 + GAsyncResult *result,
72 + PolkitAuthorizationResult *auth_result;
73 + GError *error = NULL;
75 + auth_result = polkit_authority_check_authorization_finish (authority, result, &error);
78 + dbus_g_method_return_error (data->context, error);
80 + if (polkit_authorization_result_get_is_authorized (auth_result)) {
83 + result = gdm_settings_backend_set_value (data->settings->priv->backend,
88 + dbus_g_method_return (data->context);
90 + dbus_g_method_return_error (data->context, error);
93 + error = g_error_new (DBUS_GERROR_REMOTE_EXCEPTION, 0, "Not authorized");
94 + dbus_g_method_return_error (data->context, error);
99 + g_object_unref (auth_result);
101 + g_error_free (error);
102 + g_free (data->key);
103 + g_free (data->value);
108 dbus-send --system --print-reply --dest=org.gnome.DisplayManager /org/gnome/DisplayManager/Settings org.gnome.DisplayManager.Settings.SetValue string:"xdmcp/Enable" string:"false"
110 @@ -118,26 +203,30 @@
111 gdm_settings_set_value (GdmSettings *settings,
115 + DBusGMethodInvocation *context)
117 - GError *local_error;
120 + SetValueData *data;
122 g_return_val_if_fail (GDM_IS_SETTINGS (settings), FALSE);
123 g_return_val_if_fail (key != NULL, FALSE);
125 g_debug ("Setting value %s", key);
127 - local_error = NULL;
128 - res = gdm_settings_backend_set_value (settings->priv->backend,
133 - g_propagate_error (error, local_error);
138 + /* Authorize with PolicyKit */
139 + data = g_malloc (sizeof(SetValueData));
140 + data->settings = settings;
141 + data->context = context;
142 + data->key = g_strdup(key);
143 + data->value = g_strdup(value);
144 + polkit_authority_check_authorization (polkit_authority_get (),
145 + polkit_system_bus_name_new (dbus_g_method_get_sender (context)),
146 + "org.gnome.displaymanager.settings.write",
148 + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
150 + (GAsyncReadyCallback) set_value_auth_cb,
156 diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/common/gdm-settings.h gdm-2.27.4.new/common/gdm-settings.h
157 --- gdm-2.27.4/common/gdm-settings.h 2009-05-19 16:18:12.000000000 +0100
158 +++ gdm-2.27.4.new/common/gdm-settings.h 2009-08-07 09:25:34.000000000 +0100
160 #define __GDM_SETTINGS_H
162 #include <glib-object.h>
163 +#include <dbus/dbus-glib.h>
171 +gboolean gdm_settings_unlock (GdmSettings *settings,
172 + DBusGMethodInvocation *context);
173 gboolean gdm_settings_set_value (GdmSettings *settings,
177 + DBusGMethodInvocation *context);
181 diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/common/gdm-settings.xml gdm-2.27.4.new/common/gdm-settings.xml
182 --- gdm-2.27.4/common/gdm-settings.xml 2009-05-19 16:18:12.000000000 +0100
183 +++ gdm-2.27.4.new/common/gdm-settings.xml 2009-08-07 09:25:34.000000000 +0100
185 <arg name="key" direction="in" type="s"/>
186 <arg name="value" direction="out" type="s"/>
188 + <method name="Unlock">
189 + <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
190 + <arg name="is_unlocked" direction="out" type="b"/>
192 <method name="SetValue">
193 + <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
194 <arg name="key" direction="in" type="s"/>
195 <arg name="value" direction="in" type="s"/>
197 diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/configure.ac gdm-2.27.4.new/configure.ac
198 --- gdm-2.27.4/configure.ac 2009-08-07 09:25:33.000000000 +0100
199 +++ gdm-2.27.4.new/configure.ac 2009-08-07 09:25:34.000000000 +0100
201 dnl ---------------------------------------------------------------------------
203 DBUS_GLIB_REQUIRED_VERSION=0.74
204 +POLKIT_GOBJECT_REQUIRED_VERSION=0.92
205 GLIB_REQUIRED_VERSION=2.15.4
206 GTK_REQUIRED_VERSION=2.10.0
207 PANGO_REQUIRED_VERSION=1.3.0
210 PKG_CHECK_MODULES(COMMON,
211 dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
212 + polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION
213 gobject-2.0 >= $GLIB_REQUIRED_VERSION
214 gio-2.0 >= $GLIB_REQUIRED_VERSION
218 PKG_CHECK_MODULES(DAEMON,
219 dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
220 + polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION
221 gobject-2.0 >= $GLIB_REQUIRED_VERSION
224 diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/data/gdm.conf.in gdm-2.27.4.new/data/gdm.conf.in
225 --- gdm-2.27.4/data/gdm.conf.in 2009-07-17 20:38:19.000000000 +0100
226 +++ gdm-2.27.4.new/data/gdm.conf.in 2009-08-07 09:25:34.000000000 +0100
228 <deny send_destination="org.gnome.DisplayManager"
229 send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/>
230 <deny send_destination="org.gnome.DisplayManager"
231 - send_interface="org.gnome.DisplayManager.Settings"/>
232 - <deny send_destination="org.gnome.DisplayManager"
233 send_interface="org.gnome.DisplayManager.Slave"/>
234 <deny send_destination="org.gnome.DisplayManager"
235 send_interface="org.gnome.DisplayManager.Session"/>
237 <allow send_destination="org.gnome.DisplayManager"
238 send_interface="org.freedesktop.DBus.Introspectable"/>
240 + <!-- Controlled by PolicyKit -->
241 + <allow send_destination="org.gnome.DisplayManager"
242 + send_interface="org.gnome.DisplayManager.Settings"/>
244 <allow send_destination="org.gnome.DisplayManager"
245 send_interface="org.gnome.DisplayManager.Display"
246 send_member="GetId"/>
247 diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/data/gdm.policy.in gdm-2.27.4.new/data/gdm.policy.in
248 --- gdm-2.27.4/data/gdm.policy.in 1970-01-01 01:00:00.000000000 +0100
249 +++ gdm-2.27.4.new/data/gdm.policy.in 2009-08-07 09:25:34.000000000 +0100
251 +<?xml version="1.0" encoding="UTF-8"?>
252 +<!DOCTYPE policyconfig PUBLIC
253 + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
254 + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
256 + <vendor>The GNOME Project</vendor>
257 + <vendor_url>http://www.gnome.org/</vendor_url>
258 + <icon_name>gdm</icon_name>
260 + <action id="org.gnome.displaymanager.settings.write">
261 + <description>Change login screen configuration</description>
262 + <message>Privileges are required to change the login screen configuration.</message>
264 + <allow_inactive>no</allow_inactive>
265 + <allow_active>auth_admin_keep</allow_active>
269 diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/data/Makefile.am gdm-2.27.4.new/data/Makefile.am
270 --- gdm-2.27.4/data/Makefile.am 2009-05-19 16:18:12.000000000 +0100
271 +++ gdm-2.27.4.new/data/Makefile.am 2009-08-07 09:25:34.000000000 +0100
273 schemas_in_files = gdm.schemas.in
274 schemas_DATA = $(schemas_in_files:.schemas.in=.schemas)
276 +@INTLTOOL_POLICY_RULE@
278 gdm.schemas.in: $(srcdir)/gdm.schemas.in.in
279 sed -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \
280 -e 's,[@]GDM_CUSTOM_CONF[@],$(GDM_CUSTOM_CONF),g' \
282 -e 's,[@]sbindir[@],$(sbindir),g' \
283 <$(srcdir)/gdm.schemas.in.in >gdm.schemas.in
285 +polkitdir = $(datadir)/polkit-1/actions
286 +polkit_in_files = gdm.policy.in
287 +polkit_DATA = $(polkit_in_files:.policy.in=.policy)
289 + $(POLKIT_POLICY_FILE_VALIDATE) $(polkit_DATA)
292 $(schemas_in_files) \
294 $(dbusconf_in_files) \
295 + $(polkit_in_files) \
309 --- gdm-2.27.4/common/Makefile.am~ 2009-05-19 17:18:12.000000000 +0200
310 +++ gdm-2.27.4/common/Makefile.am 2009-08-20 12:17:16.150977333 +0200
314 libgdmcommon_la_LIBADD = \
318 libgdmcommon_la_LDFLAGS = \