[packages/gdm.git] / gdm-polkit.patch

From 09153c6825e5b5157fba7600cefabb762d887891 Mon Sep 17 00:00:00 2001
From: Robert Ancell <robert.ancell@ubuntu.com>
Date: Thu, 6 Aug 2009 15:57:15 +0100
Subject: [PATCH 1/2] Add PolicyKit support to GDM settings D-Bus interface
Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/395299
Upstream: http://bugzilla.gnome.org/show_bug.cgi?id=587750

diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/common/gdm-settings.c gdm-2.27.4.new/common/gdm-settings.c
--- gdm-2.27.4/common/gdm-settings.c	2009-05-19 16:18:12.000000000 +0100
+++ gdm-2.27.4.new/common/gdm-settings.c	2009-08-07 09:25:34.000000000 +0100
@@ -36,6 +36,7 @@
 #define DBUS_API_SUBJECT_TO_CHANGE
 #include <dbus/dbus-glib.h>
 #include <dbus/dbus-glib-lowlevel.h>
+#include <polkit/polkit.h>
 
 #include "gdm-settings.h"
 #include "gdm-settings-glue.h"
@@ -110,6 +111,90 @@
         return res;
 }
 
+static void
+unlock_auth_cb (PolkitAuthority *authority,
+                GAsyncResult *result,
+                DBusGMethodInvocation *context)
+{
+        PolkitAuthorizationResult *auth_result;
+        GError  *error = NULL;
+
+        auth_result = polkit_authority_check_authorization_finish (authority, result, &error);
+
+        if (!auth_result)
+                dbus_g_method_return_error (context, error);
+        else {
+                dbus_g_method_return (context,
+                                      polkit_authorization_result_get_is_authorized (auth_result));
+        }
+    
+        if (auth_result)
+                g_object_unref (auth_result);
+        if (error)
+                g_error_free (error);
+}
+
+gboolean
+gdm_settings_unlock (GdmSettings *settings,
+                     DBusGMethodInvocation *context)
+{
+        polkit_authority_check_authorization (polkit_authority_get (),
+                                              polkit_system_bus_name_new (dbus_g_method_get_sender (context)),
+                                              "org.gnome.displaymanager.settings.write",
+                                              NULL,
+                                              POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
+                                              NULL,
+                                              (GAsyncReadyCallback) unlock_auth_cb,
+                                              context);
+}
+
+typedef struct
+{
+        GdmSettings *settings;
+        DBusGMethodInvocation *context;
+        gchar *key, *value;
+} SetValueData;
+
+static void
+set_value_auth_cb (PolkitAuthority *authority,
+                   GAsyncResult *result,
+                   SetValueData *data)
+{
+        PolkitAuthorizationResult *auth_result;
+        GError  *error = NULL;
+
+        auth_result = polkit_authority_check_authorization_finish (authority, result, &error);
+
+        if (!auth_result)
+                dbus_g_method_return_error (data->context, error);
+        else {
+                if (polkit_authorization_result_get_is_authorized (auth_result)) {
+                        gboolean result;
+                    
+                        result = gdm_settings_backend_set_value (data->settings->priv->backend,
+                                                                 data->key,
+                                                                 data->value,
+                                                                 &error);
+                        if (result)
+                                dbus_g_method_return (data->context);
+                        else
+                                dbus_g_method_return_error (data->context, error);
+                }
+                else {
+                        error = g_error_new (DBUS_GERROR_REMOTE_EXCEPTION, 0, "Not authorized");
+                        dbus_g_method_return_error (data->context, error);
+                }
+        }
+    
+        if (auth_result)
+                g_object_unref (auth_result);
+        if (error)
+                g_error_free (error);
+        g_free (data->key);
+        g_free (data->value);
+        g_free (data);
+}
+
 /*
 dbus-send --system --print-reply --dest=org.gnome.DisplayManager /org/gnome/DisplayManager/Settings org.gnome.DisplayManager.Settings.SetValue string:"xdmcp/Enable" string:"false"
 */
@@ -118,26 +203,30 @@
 gdm_settings_set_value (GdmSettings *settings,
                         const char  *key,
                         const char  *value,
-                        GError     **error)
+                        DBusGMethodInvocation *context)
 {
-        GError  *local_error;
-        gboolean res;
-
+        SetValueData *data;
+    
         g_return_val_if_fail (GDM_IS_SETTINGS (settings), FALSE);
         g_return_val_if_fail (key != NULL, FALSE);
 
         g_debug ("Setting value %s", key);
-
-        local_error = NULL;
-        res = gdm_settings_backend_set_value (settings->priv->backend,
-                                              key,
-                                              value,
-                                              &local_error);
-        if (! res) {
-                g_propagate_error (error, local_error);
-        }
-
-        return res;
+    
+        /* Authorize with PolicyKit */
+        data = g_malloc (sizeof(SetValueData));
+        data->settings = settings;
+        data->context = context;
+        data->key = g_strdup(key);
+        data->value = g_strdup(value);    
+        polkit_authority_check_authorization (polkit_authority_get (),
+                                              polkit_system_bus_name_new (dbus_g_method_get_sender (context)),
+                                              "org.gnome.displaymanager.settings.write",
+                                              NULL,
+                                              POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
+                                              NULL,
+                                              (GAsyncReadyCallback) set_value_auth_cb,
+                                              data);
+        return TRUE;
 }
 
 static gboolean
diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/common/gdm-settings.h gdm-2.27.4.new/common/gdm-settings.h
--- gdm-2.27.4/common/gdm-settings.h	2009-05-19 16:18:12.000000000 +0100
+++ gdm-2.27.4.new/common/gdm-settings.h	2009-08-07 09:25:34.000000000 +0100
@@ -23,6 +23,7 @@
 #define __GDM_SETTINGS_H
 
 #include <glib-object.h>
+#include <dbus/dbus-glib.h>
 
 G_BEGIN_DECLS
 
@@ -70,10 +71,12 @@
                                                                  const char  *key,
                                                                  char       **value,
                                                                  GError     **error);
+gboolean            gdm_settings_unlock                         (GdmSettings *settings,
+                                                                 DBusGMethodInvocation *context);
 gboolean            gdm_settings_set_value                      (GdmSettings *settings,
                                                                  const char  *key,
                                                                  const char  *value,
-                                                                 GError     **error);
+                                                                 DBusGMethodInvocation *context);
 
 G_END_DECLS
 
diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/common/gdm-settings.xml gdm-2.27.4.new/common/gdm-settings.xml
--- gdm-2.27.4/common/gdm-settings.xml	2009-05-19 16:18:12.000000000 +0100
+++ gdm-2.27.4.new/common/gdm-settings.xml	2009-08-07 09:25:34.000000000 +0100
@@ -5,7 +5,12 @@
       <arg name="key" direction="in" type="s"/>
       <arg name="value" direction="out" type="s"/>
     </method>
+    <method name="Unlock">
+      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
+      <arg name="is_unlocked" direction="out" type="b"/>
+    </method>
     <method name="SetValue">
+      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
       <arg name="key" direction="in" type="s"/>
       <arg name="value" direction="in" type="s"/>
     </method>
diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/configure.ac gdm-2.27.4.new/configure.ac
--- gdm-2.27.4/configure.ac	2009-08-07 09:25:33.000000000 +0100
+++ gdm-2.27.4.new/configure.ac	2009-08-07 09:25:34.000000000 +0100
@@ -40,6 +40,7 @@
 dnl ---------------------------------------------------------------------------
 
 DBUS_GLIB_REQUIRED_VERSION=0.74
+POLKIT_GOBJECT_REQUIRED_VERSION=0.92
 GLIB_REQUIRED_VERSION=2.15.4
 GTK_REQUIRED_VERSION=2.10.0
 PANGO_REQUIRED_VERSION=1.3.0
@@ -59,6 +60,7 @@
 
 PKG_CHECK_MODULES(COMMON,
         dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
+        polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION
         gobject-2.0 >= $GLIB_REQUIRED_VERSION
         gio-2.0 >= $GLIB_REQUIRED_VERSION
 )
@@ -67,6 +69,7 @@
 
 PKG_CHECK_MODULES(DAEMON,
         dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
+        polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION
         gobject-2.0 >= $GLIB_REQUIRED_VERSION
 	hal
 )
diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/data/gdm.conf.in gdm-2.27.4.new/data/gdm.conf.in
--- gdm-2.27.4/data/gdm.conf.in	2009-07-17 20:38:19.000000000 +0100
+++ gdm-2.27.4.new/data/gdm.conf.in	2009-08-07 09:25:34.000000000 +0100
@@ -34,8 +34,6 @@
     <deny send_destination="org.gnome.DisplayManager"
           send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/>
     <deny send_destination="org.gnome.DisplayManager"
-          send_interface="org.gnome.DisplayManager.Settings"/>
-    <deny send_destination="org.gnome.DisplayManager"
           send_interface="org.gnome.DisplayManager.Slave"/>
     <deny send_destination="org.gnome.DisplayManager"
           send_interface="org.gnome.DisplayManager.Session"/>
@@ -44,6 +42,10 @@
     <allow send_destination="org.gnome.DisplayManager"
            send_interface="org.freedesktop.DBus.Introspectable"/>
 
+    <!-- Controlled by PolicyKit -->
+    <allow send_destination="org.gnome.DisplayManager"
+           send_interface="org.gnome.DisplayManager.Settings"/>
+
     <allow send_destination="org.gnome.DisplayManager"
            send_interface="org.gnome.DisplayManager.Display"
            send_member="GetId"/>
diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/data/gdm.policy.in gdm-2.27.4.new/data/gdm.policy.in
--- gdm-2.27.4/data/gdm.policy.in	1970-01-01 01:00:00.000000000 +0100
+++ gdm-2.27.4.new/data/gdm.policy.in	2009-08-07 09:25:34.000000000 +0100
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+<policyconfig>
+  <vendor>The GNOME Project</vendor>
+  <vendor_url>http://www.gnome.org/</vendor_url>
+  <icon_name>gdm</icon_name>
+
+  <action id="org.gnome.displaymanager.settings.write">
+    <description>Change login screen configuration</description>
+    <message>Privileges are required to change the login screen configuration.</message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+  </action>
+</policyconfig>
diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/data/Makefile.am gdm-2.27.4.new/data/Makefile.am
--- gdm-2.27.4/data/Makefile.am	2009-05-19 16:18:12.000000000 +0100
+++ gdm-2.27.4.new/data/Makefile.am	2009-08-07 09:25:34.000000000 +0100
@@ -44,6 +44,8 @@
 schemas_in_files = gdm.schemas.in
 schemas_DATA = $(schemas_in_files:.schemas.in=.schemas)
 
+@INTLTOOL_POLICY_RULE@
+
 gdm.schemas.in: $(srcdir)/gdm.schemas.in.in
 	sed	-e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \
 		-e 's,[@]GDM_CUSTOM_CONF[@],$(GDM_CUSTOM_CONF),g' \
@@ -73,10 +75,17 @@
 		-e 's,[@]sbindir[@],$(sbindir),g' \
 		<$(srcdir)/gdm.schemas.in.in >gdm.schemas.in
 
+polkitdir = $(datadir)/polkit-1/actions
+polkit_in_files = gdm.policy.in
+polkit_DATA = $(polkit_in_files:.policy.in=.policy)
+check:
+	$(POLKIT_POLICY_FILE_VALIDATE) $(polkit_DATA)
+
 EXTRA_DIST =			\
 	$(schemas_in_files)	\
 	$(schemas_DATA)		\
 	$(dbusconf_in_files)	\
+	$(polkit_in_files)	\
 	gdm.schemas.in.in	\
 	gdm.conf-custom.in 	\
 	Xsession.in 		\
@@ -99,7 +108,8 @@
 	$(NULL)
 
 DISTCLEANFILES =			\
-	$(dbusconf_DATA)			\
+	$(dbusconf_DATA)		\
+	$(polkit_DATA)	 		\
 	gdm.schemas			\
 	$(NULL)
 
--- gdm-2.27.4/common/Makefile.am~	2009-05-19 17:18:12.000000000 +0200
+++ gdm-2.27.4/common/Makefile.am	2009-08-20 12:17:16.150977333 +0200
@@ -110,6 +110,7 @@
 	$(NULL)
 
 libgdmcommon_la_LIBADD =		\
+	$(COMMON_LIBS)			\
 	$(NULL)
 
 libgdmcommon_la_LDFLAGS = 	\
Commit	Line	Data
6c304bdf PZ	1	From 09153c6825e5b5157fba7600cefabb762d887891 Mon Sep 17 00:00:00 2001
	2	From: Robert Ancell <robert.ancell@ubuntu.com>
	3	Date: Thu, 6 Aug 2009 15:57:15 +0100
	4	Subject: [PATCH 1/2] Add PolicyKit support to GDM settings D-Bus interface
	5	Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/395299
	6	Upstream: http://bugzilla.gnome.org/show_bug.cgi?id=587750
	7
	8	diff -Nur -x '.orig' -x '~' gdm-2.27.4/common/gdm-settings.c gdm-2.27.4.new/common/gdm-settings.c
	9	--- gdm-2.27.4/common/gdm-settings.c 2009-05-19 16:18:12.000000000 +0100
	10	+++ gdm-2.27.4.new/common/gdm-settings.c 2009-08-07 09:25:34.000000000 +0100
	11	@@ -36,6 +36,7 @@
	12	#define DBUS_API_SUBJECT_TO_CHANGE
	13	#include <dbus/dbus-glib.h>
	14	#include <dbus/dbus-glib-lowlevel.h>
	15	+#include <polkit/polkit.h>
	16
	17	#include "gdm-settings.h"
	18	#include "gdm-settings-glue.h"
	19	@@ -110,6 +111,90 @@
	20	return res;
	21	}
	22
	23	+static void
	24	+unlock_auth_cb (PolkitAuthority *authority,
	25	+ GAsyncResult *result,
	26	+ DBusGMethodInvocation *context)
	27	+{
	28	+ PolkitAuthorizationResult *auth_result;
	29	+ GError *error = NULL;
	30	+
	31	+ auth_result = polkit_authority_check_authorization_finish (authority, result, &error);
	32	+
	33	+ if (!auth_result)
	34	+ dbus_g_method_return_error (context, error);
	35	+ else {
	36	+ dbus_g_method_return (context,
	37	+ polkit_authorization_result_get_is_authorized (auth_result));
	38	+ }
	39	+
	40	+ if (auth_result)
	41	+ g_object_unref (auth_result);
	42	+ if (error)
	43	+ g_error_free (error);
	44	+}
	45	+
	46	+gboolean
	47	+gdm_settings_unlock (GdmSettings *settings,
	48	+ DBusGMethodInvocation *context)
	49	+{
	50	+ polkit_authority_check_authorization (polkit_authority_get (),
	51	+ polkit_system_bus_name_new (dbus_g_method_get_sender (context)),
	52	+ "org.gnome.displaymanager.settings.write",
	53	+ NULL,
	54	+ POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
	55	+ NULL,
	56	+ (GAsyncReadyCallback) unlock_auth_cb,
	57	+ context);
	58	+}
	59	+
	60	+typedef struct
	61	+{
	62	+ GdmSettings *settings;
	63	+ DBusGMethodInvocation *context;
	64	+ gchar key, value;
65	+} SetValueData;
66	+
67	+static void
68	+set_value_auth_cb (PolkitAuthority *authority,
69	+ GAsyncResult *result,
70	+ SetValueData *data)
71	+{
72	+ PolkitAuthorizationResult *auth_result;
73	+ GError *error = NULL;
74	+
75	+ auth_result = polkit_authority_check_authorization_finish (authority, result, &error);
76	+
77	+ if (!auth_result)
78	+ dbus_g_method_return_error (data->context, error);
79	+ else {
80	+ if (polkit_authorization_result_get_is_authorized (auth_result)) {
81	+ gboolean result;
82	+
83	+ result = gdm_settings_backend_set_value (data->settings->priv->backend,
84	+ data->key,
85	+ data->value,
86	+ &error);
87	+ if (result)
88	+ dbus_g_method_return (data->context);
89	+ else
90	+ dbus_g_method_return_error (data->context, error);
91	+ }
92	+ else {
93	+ error = g_error_new (DBUS_GERROR_REMOTE_EXCEPTION, 0, "Not authorized");
94	+ dbus_g_method_return_error (data->context, error);
95	+ }
96	+ }
97	+
98	+ if (auth_result)
99	+ g_object_unref (auth_result);
100	+ if (error)
101	+ g_error_free (error);
102	+ g_free (data->key);
103	+ g_free (data->value);
104	+ g_free (data);
105	+}
106	+
107	/*
108	dbus-send --system --print-reply --dest=org.gnome.DisplayManager /org/gnome/DisplayManager/Settings org.gnome.DisplayManager.Settings.SetValue string:"xdmcp/Enable" string:"false"
109	*/
110	@@ -118,26 +203,30 @@
111	gdm_settings_set_value (GdmSettings *settings,
112	const char *key,
113	const char *value,
114	- GError **error)
115	+ DBusGMethodInvocation *context)
116	{
117	- GError *local_error;
118	- gboolean res;
119	-
120	+ SetValueData *data;
121	+
122	g_return_val_if_fail (GDM_IS_SETTINGS (settings), FALSE);
123	g_return_val_if_fail (key != NULL, FALSE);
124
125	g_debug ("Setting value %s", key);
126	-
127	- local_error = NULL;
128	- res = gdm_settings_backend_set_value (settings->priv->backend,
129	- key,
130	- value,
131	- &local_error);
132	- if (! res) {
133	- g_propagate_error (error, local_error);
134	- }
135	-
136	- return res;
137	+
138	+ /* Authorize with PolicyKit */
139	+ data = g_malloc (sizeof(SetValueData));
140	+ data->settings = settings;
141	+ data->context = context;
142	+ data->key = g_strdup(key);
143	+ data->value = g_strdup(value);
144	+ polkit_authority_check_authorization (polkit_authority_get (),
145	+ polkit_system_bus_name_new (dbus_g_method_get_sender (context)),
146	+ "org.gnome.displaymanager.settings.write",
147	+ NULL,
148	+ POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
149	+ NULL,
150	+ (GAsyncReadyCallback) set_value_auth_cb,
151	+ data);
152	+ return TRUE;
153	}
154
155	static gboolean
156	diff -Nur -x '.orig' -x '~' gdm-2.27.4/common/gdm-settings.h gdm-2.27.4.new/common/gdm-settings.h
157	--- gdm-2.27.4/common/gdm-settings.h 2009-05-19 16:18:12.000000000 +0100
158	+++ gdm-2.27.4.new/common/gdm-settings.h 2009-08-07 09:25:34.000000000 +0100
159	@@ -23,6 +23,7 @@
160	#define __GDM_SETTINGS_H
161
162	#include <glib-object.h>
163	+#include <dbus/dbus-glib.h>
164
165	G_BEGIN_DECLS
166
167	@@ -70,10 +71,12 @@
168	const char *key,
169	char **value,
170	GError **error);
171	+gboolean gdm_settings_unlock (GdmSettings *settings,
172	+ DBusGMethodInvocation *context);
173	gboolean gdm_settings_set_value (GdmSettings *settings,
174	const char *key,
175	const char *value,
176	- GError **error);
177	+ DBusGMethodInvocation *context);
178
179	G_END_DECLS
180
181	diff -Nur -x '.orig' -x '~' gdm-2.27.4/common/gdm-settings.xml gdm-2.27.4.new/common/gdm-settings.xml
182	--- gdm-2.27.4/common/gdm-settings.xml 2009-05-19 16:18:12.000000000 +0100
183	+++ gdm-2.27.4.new/common/gdm-settings.xml 2009-08-07 09:25:34.000000000 +0100
184	@@ -5,7 +5,12 @@
185	<arg name="key" direction="in" type="s"/>
186	<arg name="value" direction="out" type="s"/>
187	</method>
188	+ <method name="Unlock">
189	+ <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
190	+ <arg name="is_unlocked" direction="out" type="b"/>
191	+ </method>
192	<method name="SetValue">
193	+ <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
194	<arg name="key" direction="in" type="s"/>
195	<arg name="value" direction="in" type="s"/>
196	</method>
197	diff -Nur -x '.orig' -x '~' gdm-2.27.4/configure.ac gdm-2.27.4.new/configure.ac
198	--- gdm-2.27.4/configure.ac 2009-08-07 09:25:33.000000000 +0100
199	+++ gdm-2.27.4.new/configure.ac 2009-08-07 09:25:34.000000000 +0100
200	@@ -40,6 +40,7 @@
201	dnl ---------------------------------------------------------------------------
202
203	DBUS_GLIB_REQUIRED_VERSION=0.74
204	+POLKIT_GOBJECT_REQUIRED_VERSION=0.92
205	GLIB_REQUIRED_VERSION=2.15.4
206	GTK_REQUIRED_VERSION=2.10.0
207	PANGO_REQUIRED_VERSION=1.3.0
208	@@ -59,6 +60,7 @@
209
210	PKG_CHECK_MODULES(COMMON,
211	dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
212	+ polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION
213	gobject-2.0 >= $GLIB_REQUIRED_VERSION
214	gio-2.0 >= $GLIB_REQUIRED_VERSION
215	)
216	@@ -67,6 +69,7 @@
217
218	PKG_CHECK_MODULES(DAEMON,
219	dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
220	+ polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION
221	gobject-2.0 >= $GLIB_REQUIRED_VERSION
222	hal
223	)
224	diff -Nur -x '.orig' -x '~' gdm-2.27.4/data/gdm.conf.in gdm-2.27.4.new/data/gdm.conf.in
225	--- gdm-2.27.4/data/gdm.conf.in 2009-07-17 20:38:19.000000000 +0100
226	+++ gdm-2.27.4.new/data/gdm.conf.in 2009-08-07 09:25:34.000000000 +0100
227	@@ -34,8 +34,6 @@
228	<deny send_destination="org.gnome.DisplayManager"
229	send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/>
230	<deny send_destination="org.gnome.DisplayManager"
231	- send_interface="org.gnome.DisplayManager.Settings"/>
232	- <deny send_destination="org.gnome.DisplayManager"
233	send_interface="org.gnome.DisplayManager.Slave"/>
234	<deny send_destination="org.gnome.DisplayManager"
235	send_interface="org.gnome.DisplayManager.Session"/>
236	@@ -44,6 +42,10 @@
237	<allow send_destination="org.gnome.DisplayManager"
238	send_interface="org.freedesktop.DBus.Introspectable"/>
239
240	+ <!-- Controlled by PolicyKit -->
241	+ <allow send_destination="org.gnome.DisplayManager"
242	+ send_interface="org.gnome.DisplayManager.Settings"/>
243	+
244	<allow send_destination="org.gnome.DisplayManager"
245	send_interface="org.gnome.DisplayManager.Display"
246	send_member="GetId"/>
247	diff -Nur -x '.orig' -x '~' gdm-2.27.4/data/gdm.policy.in gdm-2.27.4.new/data/gdm.policy.in
248	--- gdm-2.27.4/data/gdm.policy.in 1970-01-01 01:00:00.000000000 +0100
249	+++ gdm-2.27.4.new/data/gdm.policy.in 2009-08-07 09:25:34.000000000 +0100
250	@@ -0,0 +1,18 @@
251	+<?xml version="1.0" encoding="UTF-8"?>
252	+<!DOCTYPE policyconfig PUBLIC
253	+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
254	+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
255	+<policyconfig>
256	+ <vendor>The GNOME Project</vendor>
257	+ <vendor_url>http://www.gnome.org/</vendor_url>
258	+ <icon_name>gdm</icon_name>
259	+
260	+ <action id="org.gnome.displaymanager.settings.write">
261	+ <description>Change login screen configuration</description>
262	+ <message>Privileges are required to change the login screen configuration.</message>
263	+ <defaults>
264	+ <allow_inactive>no</allow_inactive>
265	+ <allow_active>auth_admin_keep</allow_active>
266	+ </defaults>
267	+ </action>
268	+</policyconfig>
269	diff -Nur -x '.orig' -x '~' gdm-2.27.4/data/Makefile.am gdm-2.27.4.new/data/Makefile.am
270	--- gdm-2.27.4/data/Makefile.am 2009-05-19 16:18:12.000000000 +0100
271	+++ gdm-2.27.4.new/data/Makefile.am 2009-08-07 09:25:34.000000000 +0100
272	@@ -44,6 +44,8 @@
273	schemas_in_files = gdm.schemas.in
274	schemas_DATA = $(schemas_in_files:.schemas.in=.schemas)
275
276	+@INTLTOOL_POLICY_RULE@
277	+
278	gdm.schemas.in: $(srcdir)/gdm.schemas.in.in
279	sed -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \
280	-e 's,[@]GDM_CUSTOM_CONF[@],$(GDM_CUSTOM_CONF),g' \
281	@@ -73,10 +75,17 @@
282	-e 's,[@]sbindir[@],$(sbindir),g' \
283	<$(srcdir)/gdm.schemas.in.in >gdm.schemas.in
284
285	+polkitdir = $(datadir)/polkit-1/actions
286	+polkit_in_files = gdm.policy.in
287	+polkit_DATA = $(polkit_in_files:.policy.in=.policy)
288	+check:
289	+ $(POLKIT_POLICY_FILE_VALIDATE) $(polkit_DATA)
290	+
291	EXTRA_DIST = \
292	$(schemas_in_files) \
293	$(schemas_DATA) \
294	$(dbusconf_in_files) \
295	+ $(polkit_in_files) \
296	gdm.schemas.in.in \
297	gdm.conf-custom.in \
298	Xsession.in \
299	@@ -99,7 +108,8 @@
300	$(NULL)
301
302	DISTCLEANFILES = \
303	- $(dbusconf_DATA) \
304	+ $(dbusconf_DATA) \
305	+ $(polkit_DATA) \
306	gdm.schemas \
307	$(NULL)
308
309	--- gdm-2.27.4/common/Makefile.am~ 2009-05-19 17:18:12.000000000 +0200
310	+++ gdm-2.27.4/common/Makefile.am 2009-08-20 12:17:16.150977333 +0200
311	@@ -110,6 +110,7 @@
312	$(NULL)
313
314	libgdmcommon_la_LIBADD = \
315	+ $(COMMON_LIBS) \
316	$(NULL)
317
318	libgdmcommon_la_LDFLAGS = \