gdm-polkit.patch

   1 From 09153c6825e5b5157fba7600cefabb762d887891 Mon Sep 17 00:00:00 2001
   2 From: Robert Ancell <robert.ancell@ubuntu.com>
   3 Date: Thu, 6 Aug 2009 15:57:15 +0100
   4 Subject: [PATCH 1/2] Add PolicyKit support to GDM settings D-Bus interface
   5 Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/395299
   6 Upstream: http://bugzilla.gnome.org/show_bug.cgi?id=587750
   7
   8 diff -urN gdm-2.29.92/common/gdm-settings.c gdm-2.29.92.new//common/gdm-settings.c
   9 --- gdm-2.29.92/common/gdm-settings.c   2010-03-08 22:53:57.000000000 +0100
  10 +++ gdm-2.29.92.new//common/gdm-settings.c      2010-03-14 21:01:32.864403121 +0100
  11 @@ -36,6 +36,7 @@
  12  #define DBUS_API_SUBJECT_TO_CHANGE
  13  #include <dbus/dbus-glib.h>
  14  #include <dbus/dbus-glib-lowlevel.h>
  15 +#include <polkit/polkit.h>
  16
  17  #include "gdm-settings.h"
  18  #include "gdm-settings-glue.h"
  19 @@ -110,6 +111,90 @@
  20          return res;
  21  }
  22
  23 +static void
  24 +unlock_auth_cb (PolkitAuthority *authority,
  25 +                GAsyncResult *result,
  26 +                DBusGMethodInvocation *context)
  27 +{
  28 +        PolkitAuthorizationResult *auth_result;
  29 +        GError  *error = NULL;
  30 +
  31 +        auth_result = polkit_authority_check_authorization_finish (authority, result, &error);
  32 +
  33 +        if (!auth_result)
  34 +                dbus_g_method_return_error (context, error);
  35 +        else {
  36 +                dbus_g_method_return (context,
  37 +                                      polkit_authorization_result_get_is_authorized (auth_result));
  38 +        }
  39 +
  40 +        if (auth_result)
  41 +                g_object_unref (auth_result);
  42 +        if (error)
  43 +                g_error_free (error);
  44 +}
  45 +
  46 +gboolean
  47 +gdm_settings_unlock (GdmSettings *settings,
  48 +                     DBusGMethodInvocation *context)
  49 +{
  50 +        polkit_authority_check_authorization (polkit_authority_get (),
  51 +                                              polkit_system_bus_name_new (dbus_g_method_get_sender (context)),
  52 +                                              "org.gnome.displaymanager.settings.write",
  53 +                                              NULL,
  54 +                                              POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
  55 +                                              NULL,
  56 +                                              (GAsyncReadyCallback) unlock_auth_cb,
  57 +                                              context);
  58 +}
  59 +
  60 +typedef struct
  61 +{
  62 +        GdmSettings *settings;
  63 +        DBusGMethodInvocation *context;
  64 +        gchar *key, *value;
  65 +} SetValueData;
  66 +
  67 +static void
  68 +set_value_auth_cb (PolkitAuthority *authority,
  69 +                   GAsyncResult *result,
  70 +                   SetValueData *data)
  71 +{
  72 +        PolkitAuthorizationResult *auth_result;
  73 +        GError  *error = NULL;
  74 +
  75 +        auth_result = polkit_authority_check_authorization_finish (authority, result, &error);
  76 +
  77 +        if (!auth_result)
  78 +                dbus_g_method_return_error (data->context, error);
  79 +        else {
  80 +                if (polkit_authorization_result_get_is_authorized (auth_result)) {
  81 +                        gboolean result;
  82 +
  83 +                        result = gdm_settings_backend_set_value (data->settings->priv->backend,
  84 +                                                                 data->key,
  85 +                                                                 data->value,
  86 +                                                                 &error);
  87 +                        if (result)
  88 +                                dbus_g_method_return (data->context);
  89 +                        else
  90 +                                dbus_g_method_return_error (data->context, error);
  91 +                }
  92 +                else {
  93 +                        error = g_error_new (DBUS_GERROR_REMOTE_EXCEPTION, 0, "Not authorized");
  94 +                        dbus_g_method_return_error (data->context, error);
  95 +                }
  96 +        }
  97 +
  98 +        if (auth_result)
  99 +                g_object_unref (auth_result);
 100 +        if (error)
 101 +                g_error_free (error);
 102 +        g_free (data->key);
 103 +        g_free (data->value);
 104 +        g_free (data);
 105 +}
 106 +
 107  /*
 108  dbus-send --system --print-reply --dest=org.gnome.DisplayManager /org/gnome/DisplayManager/Settings org.gnome.DisplayManager.Settings.SetValue string:"xdmcp/Enable" string:"false"
 109  */
 110 @@ -118,26 +203,30 @@
 111  gdm_settings_set_value (GdmSettings *settings,
 112                          const char  *key,
 113                          const char  *value,
 114 -                        GError     **error)
 115 +                        DBusGMethodInvocation *context)
 116  {
 117 -        GError  *local_error;
 118 -        gboolean res;
 119 -
 120 +        SetValueData *data;
 121 +
 122          g_return_val_if_fail (GDM_IS_SETTINGS (settings), FALSE);
 123          g_return_val_if_fail (key != NULL, FALSE);
 124
 125          g_debug ("Setting value %s", key);
 126 -
 127 -        local_error = NULL;
 128 -        res = gdm_settings_backend_set_value (settings->priv->backend,
 129 -                                              key,
 130 -                                              value,
 131 -                                              &local_error);
 132 -        if (! res) {
 133 -                g_propagate_error (error, local_error);
 134 -        }
 135 -
 136 -        return res;
 137 +
 138 +        /* Authorize with PolicyKit */
 139 +        data = g_malloc (sizeof(SetValueData));
 140 +        data->settings = settings;
 141 +        data->context = context;
 142 +        data->key = g_strdup(key);
 143 +        data->value = g_strdup(value);
 144 +        polkit_authority_check_authorization (polkit_authority_get (),
 145 +                                              polkit_system_bus_name_new (dbus_g_method_get_sender (context)),
 146 +                                              "org.gnome.displaymanager.settings.write",
 147 +                                              NULL,
 148 +                                              POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
 149 +                                              NULL,
 150 +                                              (GAsyncReadyCallback) set_value_auth_cb,
 151 +                                              data);
 152 +        return TRUE;
 153  }
 154
 155  static gboolean
 156 diff -urN gdm-2.29.92/common/gdm-settings.h gdm-2.29.92.new//common/gdm-settings.h
 157 --- gdm-2.29.92/common/gdm-settings.h   2010-03-08 22:53:57.000000000 +0100
 158 +++ gdm-2.29.92.new//common/gdm-settings.h      2010-03-14 21:01:32.864403121 +0100
 159 @@ -23,6 +23,7 @@
 160  #define __GDM_SETTINGS_H
 161
 162  #include <glib-object.h>
 163 +#include <dbus/dbus-glib.h>
 164
 165  G_BEGIN_DECLS
 166
 167 @@ -70,10 +71,12 @@
 168                                                                   const char  *key,
 169                                                                   char       **value,
 170                                                                   GError     **error);
 171 +gboolean            gdm_settings_unlock                         (GdmSettings *settings,
 172 +                                                                 DBusGMethodInvocation *context);
 173  gboolean            gdm_settings_set_value                      (GdmSettings *settings,
 174                                                                   const char  *key,
 175                                                                   const char  *value,
 176 -                                                                 GError     **error);
 177 +                                                                 DBusGMethodInvocation *context);
 178
 179  G_END_DECLS
 180
 181 diff -urN gdm-2.29.92/common/gdm-settings.xml gdm-2.29.92.new//common/gdm-settings.xml
 182 --- gdm-2.29.92/common/gdm-settings.xml 2010-03-08 22:53:57.000000000 +0100
 183 +++ gdm-2.29.92.new//common/gdm-settings.xml    2010-03-14 21:01:32.864403121 +0100
 184 @@ -5,7 +5,12 @@
 185        <arg name="key" direction="in" type="s"/>
 186        <arg name="value" direction="out" type="s"/>
 187      </method>
 188 +    <method name="Unlock">
 189 +      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
 190 +      <arg name="is_unlocked" direction="out" type="b"/>
 191 +    </method>
 192      <method name="SetValue">
 193 +      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
 194        <arg name="key" direction="in" type="s"/>
 195        <arg name="value" direction="in" type="s"/>
 196      </method>
 197 diff -urN gdm-2.29.92/common/Makefile.am gdm-2.29.92.new//common/Makefile.am
 198 --- gdm-2.29.92/common/Makefile.am      2010-03-08 22:53:57.000000000 +0100
 199 +++ gdm-2.29.92.new//common/Makefile.am 2010-03-14 21:01:32.867730975 +0100
 200 @@ -110,6 +110,7 @@
 201         $(NULL)
 202
 203  libgdmcommon_la_LIBADD =               \
 204 +       $(COMMON_LIBS)                  \
 205         $(NULL)
 206
 207  libgdmcommon_la_LDFLAGS =      \
 208 diff -urN gdm-2.29.92/configure.ac gdm-2.29.92.new//configure.ac
 209 --- gdm-2.29.92/configure.ac    2010-03-08 23:09:47.000000000 +0100
 210 +++ gdm-2.29.92.new//configure.ac       2010-03-14 21:03:28.747726327 +0100
 211 @@ -40,6 +40,7 @@
 212  dnl ---------------------------------------------------------------------------
 213
 214  DBUS_GLIB_REQUIRED_VERSION=0.74
 215 +POLKIT_GOBJECT_REQUIRED_VERSION=0.92
 216  GLIB_REQUIRED_VERSION=2.22.0
 217  GTK_REQUIRED_VERSION=2.12.0
 218  PANGO_REQUIRED_VERSION=1.3.0
 219 @@ -60,6 +61,7 @@
 220
 221  PKG_CHECK_MODULES(COMMON,
 222          dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
 223 +        polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION
 224          gobject-2.0 >= $GLIB_REQUIRED_VERSION
 225          gio-2.0 >= $GLIB_REQUIRED_VERSION
 226  )
 227 @@ -68,6 +70,7 @@
 228
 229  PKG_CHECK_MODULES(DAEMON,
 230          dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
 231 +        polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION
 232          gobject-2.0 >= $GLIB_REQUIRED_VERSION
 233          gio-2.0 >= $GLIB_REQUIRED_VERSION
 234  )
 235 diff -urN gdm-2.29.92/data/gdm.conf.in gdm-2.29.92.new//data/gdm.conf.in
 236 --- gdm-2.29.92/data/gdm.conf.in        2010-03-08 22:53:57.000000000 +0100
 237 +++ gdm-2.29.92.new//data/gdm.conf.in   2010-03-14 21:01:32.867730975 +0100
 238 @@ -34,8 +34,6 @@
 239      <deny send_destination="org.gnome.DisplayManager"
 240            send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/>
 241      <deny send_destination="org.gnome.DisplayManager"
 242 -          send_interface="org.gnome.DisplayManager.Settings"/>
 243 -    <deny send_destination="org.gnome.DisplayManager"
 244            send_interface="org.gnome.DisplayManager.Slave"/>
 245      <deny send_destination="org.gnome.DisplayManager"
 246            send_interface="org.gnome.DisplayManager.Session"/>
 247 @@ -44,6 +42,10 @@
 248      <allow send_destination="org.gnome.DisplayManager"
 249             send_interface="org.freedesktop.DBus.Introspectable"/>
 250
 251 +    <!-- Controlled by PolicyKit -->
 252 +    <allow send_destination="org.gnome.DisplayManager"
 253 +           send_interface="org.gnome.DisplayManager.Settings"/>
 254 +
 255      <allow send_destination="org.gnome.DisplayManager"
 256             send_interface="org.gnome.DisplayManager.Display"
 257             send_member="GetId"/>
 258 diff -urN gdm-2.29.92/data/gdm.policy.in gdm-2.29.92.new//data/gdm.policy.in
 259 --- gdm-2.29.92/data/gdm.policy.in      1970-01-01 01:00:00.000000000 +0100
 260 +++ gdm-2.29.92.new//data/gdm.policy.in 2010-03-14 21:01:32.867730975 +0100
 261 @@ -0,0 +1,18 @@
 262 +<?xml version="1.0" encoding="UTF-8"?>
 263 +<!DOCTYPE policyconfig PUBLIC
 264 + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
 265 + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
 266 +<policyconfig>
 267 +  <vendor>The GNOME Project</vendor>
 268 +  <vendor_url>http://www.gnome.org/</vendor_url>
 269 +  <icon_name>gdm</icon_name>
 270 +
 271 +  <action id="org.gnome.displaymanager.settings.write">
 272 +    <description>Change login screen configuration</description>
 273 +    <message>Privileges are required to change the login screen configuration.</message>
 274 +    <defaults>
 275 +      <allow_inactive>no</allow_inactive>
 276 +      <allow_active>auth_admin_keep</allow_active>
 277 +    </defaults>
 278 +  </action>
 279 +</policyconfig>
 280 diff -urN gdm-2.29.92/data/Makefile.am gdm-2.29.92.new//data/Makefile.am
 281 --- gdm-2.29.92/data/Makefile.am        2010-03-08 22:53:57.000000000 +0100
 282 +++ gdm-2.29.92.new//data/Makefile.am   2010-03-14 21:06:01.074377153 +0100
 283 @@ -46,6 +46,8 @@
 284  schemas_in_files = gdm.schemas.in
 285  schemas_DATA = $(schemas_in_files:.schemas.in=.schemas)
 286
 287 +@INTLTOOL_POLICY_RULE@
 288 +
 289  gdm.schemas.in: $(srcdir)/gdm.schemas.in.in
 290         sed     -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \
 291                 -e 's,[@]GDM_CUSTOM_CONF[@],$(GDM_CUSTOM_CONF),g' \
 292 @@ -78,11 +80,18 @@
 293  localealiasdir = $(datadir)/gdm
 294  localealias_DATA = locale.alias
 295
 296 +polkitdir = $(datadir)/polkit-1/actions
 297 +polkit_in_files = gdm.policy.in
 298 +polkit_DATA = $(polkit_in_files:.policy.in=.policy)
 299 +check:
 300 +       $(POLKIT_POLICY_FILE_VALIDATE) $(polkit_DATA)
 301 +
 302  EXTRA_DIST =                   \
 303         $(schemas_in_files)     \
 304         $(schemas_DATA)         \
 305         $(dbusconf_in_files)    \
 306         $(localealias_DATA)     \
 307 +       $(polkit_in_files)      \
 308         gdm.schemas.in.in       \
 309         gdm.conf-custom.in      \
 310         Xsession.in             \
 311 @@ -105,7 +114,8 @@
 312         $(NULL)
 313
 314  DISTCLEANFILES =                       \
 315 -       $(dbusconf_DATA)                        \
 316 +       $(dbusconf_DATA)                \
 317 +       $(polkit_DATA)                  \
 318         gdm.schemas                     \
 319         $(NULL)
 320