]>
Commit | Line | Data |
---|---|---|
6c304bdf PZ |
1 | From 09153c6825e5b5157fba7600cefabb762d887891 Mon Sep 17 00:00:00 2001 |
2 | From: Robert Ancell <robert.ancell@ubuntu.com> | |
3 | Date: Thu, 6 Aug 2009 15:57:15 +0100 | |
4 | Subject: [PATCH 1/2] Add PolicyKit support to GDM settings D-Bus interface | |
5 | Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/395299 | |
6 | Upstream: http://bugzilla.gnome.org/show_bug.cgi?id=587750 | |
7 | ||
8 | diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/common/gdm-settings.c gdm-2.27.4.new/common/gdm-settings.c | |
9 | --- gdm-2.27.4/common/gdm-settings.c 2009-05-19 16:18:12.000000000 +0100 | |
10 | +++ gdm-2.27.4.new/common/gdm-settings.c 2009-08-07 09:25:34.000000000 +0100 | |
11 | @@ -36,6 +36,7 @@ | |
12 | #define DBUS_API_SUBJECT_TO_CHANGE | |
13 | #include <dbus/dbus-glib.h> | |
14 | #include <dbus/dbus-glib-lowlevel.h> | |
15 | +#include <polkit/polkit.h> | |
16 | ||
17 | #include "gdm-settings.h" | |
18 | #include "gdm-settings-glue.h" | |
19 | @@ -110,6 +111,90 @@ | |
20 | return res; | |
21 | } | |
22 | ||
23 | +static void | |
24 | +unlock_auth_cb (PolkitAuthority *authority, | |
25 | + GAsyncResult *result, | |
26 | + DBusGMethodInvocation *context) | |
27 | +{ | |
28 | + PolkitAuthorizationResult *auth_result; | |
29 | + GError *error = NULL; | |
30 | + | |
31 | + auth_result = polkit_authority_check_authorization_finish (authority, result, &error); | |
32 | + | |
33 | + if (!auth_result) | |
34 | + dbus_g_method_return_error (context, error); | |
35 | + else { | |
36 | + dbus_g_method_return (context, | |
37 | + polkit_authorization_result_get_is_authorized (auth_result)); | |
38 | + } | |
39 | + | |
40 | + if (auth_result) | |
41 | + g_object_unref (auth_result); | |
42 | + if (error) | |
43 | + g_error_free (error); | |
44 | +} | |
45 | + | |
46 | +gboolean | |
47 | +gdm_settings_unlock (GdmSettings *settings, | |
48 | + DBusGMethodInvocation *context) | |
49 | +{ | |
50 | + polkit_authority_check_authorization (polkit_authority_get (), | |
51 | + polkit_system_bus_name_new (dbus_g_method_get_sender (context)), | |
52 | + "org.gnome.displaymanager.settings.write", | |
53 | + NULL, | |
54 | + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, | |
55 | + NULL, | |
56 | + (GAsyncReadyCallback) unlock_auth_cb, | |
57 | + context); | |
58 | +} | |
59 | + | |
60 | +typedef struct | |
61 | +{ | |
62 | + GdmSettings *settings; | |
63 | + DBusGMethodInvocation *context; | |
64 | + gchar *key, *value; | |
65 | +} SetValueData; | |
66 | + | |
67 | +static void | |
68 | +set_value_auth_cb (PolkitAuthority *authority, | |
69 | + GAsyncResult *result, | |
70 | + SetValueData *data) | |
71 | +{ | |
72 | + PolkitAuthorizationResult *auth_result; | |
73 | + GError *error = NULL; | |
74 | + | |
75 | + auth_result = polkit_authority_check_authorization_finish (authority, result, &error); | |
76 | + | |
77 | + if (!auth_result) | |
78 | + dbus_g_method_return_error (data->context, error); | |
79 | + else { | |
80 | + if (polkit_authorization_result_get_is_authorized (auth_result)) { | |
81 | + gboolean result; | |
82 | + | |
83 | + result = gdm_settings_backend_set_value (data->settings->priv->backend, | |
84 | + data->key, | |
85 | + data->value, | |
86 | + &error); | |
87 | + if (result) | |
88 | + dbus_g_method_return (data->context); | |
89 | + else | |
90 | + dbus_g_method_return_error (data->context, error); | |
91 | + } | |
92 | + else { | |
93 | + error = g_error_new (DBUS_GERROR_REMOTE_EXCEPTION, 0, "Not authorized"); | |
94 | + dbus_g_method_return_error (data->context, error); | |
95 | + } | |
96 | + } | |
97 | + | |
98 | + if (auth_result) | |
99 | + g_object_unref (auth_result); | |
100 | + if (error) | |
101 | + g_error_free (error); | |
102 | + g_free (data->key); | |
103 | + g_free (data->value); | |
104 | + g_free (data); | |
105 | +} | |
106 | + | |
107 | /* | |
108 | dbus-send --system --print-reply --dest=org.gnome.DisplayManager /org/gnome/DisplayManager/Settings org.gnome.DisplayManager.Settings.SetValue string:"xdmcp/Enable" string:"false" | |
109 | */ | |
110 | @@ -118,26 +203,30 @@ | |
111 | gdm_settings_set_value (GdmSettings *settings, | |
112 | const char *key, | |
113 | const char *value, | |
114 | - GError **error) | |
115 | + DBusGMethodInvocation *context) | |
116 | { | |
117 | - GError *local_error; | |
118 | - gboolean res; | |
119 | - | |
120 | + SetValueData *data; | |
121 | + | |
122 | g_return_val_if_fail (GDM_IS_SETTINGS (settings), FALSE); | |
123 | g_return_val_if_fail (key != NULL, FALSE); | |
124 | ||
125 | g_debug ("Setting value %s", key); | |
126 | - | |
127 | - local_error = NULL; | |
128 | - res = gdm_settings_backend_set_value (settings->priv->backend, | |
129 | - key, | |
130 | - value, | |
131 | - &local_error); | |
132 | - if (! res) { | |
133 | - g_propagate_error (error, local_error); | |
134 | - } | |
135 | - | |
136 | - return res; | |
137 | + | |
138 | + /* Authorize with PolicyKit */ | |
139 | + data = g_malloc (sizeof(SetValueData)); | |
140 | + data->settings = settings; | |
141 | + data->context = context; | |
142 | + data->key = g_strdup(key); | |
143 | + data->value = g_strdup(value); | |
144 | + polkit_authority_check_authorization (polkit_authority_get (), | |
145 | + polkit_system_bus_name_new (dbus_g_method_get_sender (context)), | |
146 | + "org.gnome.displaymanager.settings.write", | |
147 | + NULL, | |
148 | + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, | |
149 | + NULL, | |
150 | + (GAsyncReadyCallback) set_value_auth_cb, | |
151 | + data); | |
152 | + return TRUE; | |
153 | } | |
154 | ||
155 | static gboolean | |
156 | diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/common/gdm-settings.h gdm-2.27.4.new/common/gdm-settings.h | |
157 | --- gdm-2.27.4/common/gdm-settings.h 2009-05-19 16:18:12.000000000 +0100 | |
158 | +++ gdm-2.27.4.new/common/gdm-settings.h 2009-08-07 09:25:34.000000000 +0100 | |
159 | @@ -23,6 +23,7 @@ | |
160 | #define __GDM_SETTINGS_H | |
161 | ||
162 | #include <glib-object.h> | |
163 | +#include <dbus/dbus-glib.h> | |
164 | ||
165 | G_BEGIN_DECLS | |
166 | ||
167 | @@ -70,10 +71,12 @@ | |
168 | const char *key, | |
169 | char **value, | |
170 | GError **error); | |
171 | +gboolean gdm_settings_unlock (GdmSettings *settings, | |
172 | + DBusGMethodInvocation *context); | |
173 | gboolean gdm_settings_set_value (GdmSettings *settings, | |
174 | const char *key, | |
175 | const char *value, | |
176 | - GError **error); | |
177 | + DBusGMethodInvocation *context); | |
178 | ||
179 | G_END_DECLS | |
180 | ||
181 | diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/common/gdm-settings.xml gdm-2.27.4.new/common/gdm-settings.xml | |
182 | --- gdm-2.27.4/common/gdm-settings.xml 2009-05-19 16:18:12.000000000 +0100 | |
183 | +++ gdm-2.27.4.new/common/gdm-settings.xml 2009-08-07 09:25:34.000000000 +0100 | |
184 | @@ -5,7 +5,12 @@ | |
185 | <arg name="key" direction="in" type="s"/> | |
186 | <arg name="value" direction="out" type="s"/> | |
187 | </method> | |
188 | + <method name="Unlock"> | |
189 | + <annotation name="org.freedesktop.DBus.GLib.Async" value=""/> | |
190 | + <arg name="is_unlocked" direction="out" type="b"/> | |
191 | + </method> | |
192 | <method name="SetValue"> | |
193 | + <annotation name="org.freedesktop.DBus.GLib.Async" value=""/> | |
194 | <arg name="key" direction="in" type="s"/> | |
195 | <arg name="value" direction="in" type="s"/> | |
196 | </method> | |
197 | diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/configure.ac gdm-2.27.4.new/configure.ac | |
198 | --- gdm-2.27.4/configure.ac 2009-08-07 09:25:33.000000000 +0100 | |
199 | +++ gdm-2.27.4.new/configure.ac 2009-08-07 09:25:34.000000000 +0100 | |
200 | @@ -40,6 +40,7 @@ | |
201 | dnl --------------------------------------------------------------------------- | |
202 | ||
203 | DBUS_GLIB_REQUIRED_VERSION=0.74 | |
204 | +POLKIT_GOBJECT_REQUIRED_VERSION=0.92 | |
205 | GLIB_REQUIRED_VERSION=2.15.4 | |
206 | GTK_REQUIRED_VERSION=2.10.0 | |
207 | PANGO_REQUIRED_VERSION=1.3.0 | |
208 | @@ -59,6 +60,7 @@ | |
209 | ||
210 | PKG_CHECK_MODULES(COMMON, | |
211 | dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION | |
212 | + polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION | |
213 | gobject-2.0 >= $GLIB_REQUIRED_VERSION | |
214 | gio-2.0 >= $GLIB_REQUIRED_VERSION | |
215 | ) | |
216 | @@ -67,6 +69,7 @@ | |
217 | ||
218 | PKG_CHECK_MODULES(DAEMON, | |
219 | dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION | |
220 | + polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION | |
221 | gobject-2.0 >= $GLIB_REQUIRED_VERSION | |
222 | hal | |
223 | ) | |
224 | diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/data/gdm.conf.in gdm-2.27.4.new/data/gdm.conf.in | |
225 | --- gdm-2.27.4/data/gdm.conf.in 2009-07-17 20:38:19.000000000 +0100 | |
226 | +++ gdm-2.27.4.new/data/gdm.conf.in 2009-08-07 09:25:34.000000000 +0100 | |
227 | @@ -34,8 +34,6 @@ | |
228 | <deny send_destination="org.gnome.DisplayManager" | |
229 | send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/> | |
230 | <deny send_destination="org.gnome.DisplayManager" | |
231 | - send_interface="org.gnome.DisplayManager.Settings"/> | |
232 | - <deny send_destination="org.gnome.DisplayManager" | |
233 | send_interface="org.gnome.DisplayManager.Slave"/> | |
234 | <deny send_destination="org.gnome.DisplayManager" | |
235 | send_interface="org.gnome.DisplayManager.Session"/> | |
236 | @@ -44,6 +42,10 @@ | |
237 | <allow send_destination="org.gnome.DisplayManager" | |
238 | send_interface="org.freedesktop.DBus.Introspectable"/> | |
239 | ||
240 | + <!-- Controlled by PolicyKit --> | |
241 | + <allow send_destination="org.gnome.DisplayManager" | |
242 | + send_interface="org.gnome.DisplayManager.Settings"/> | |
243 | + | |
244 | <allow send_destination="org.gnome.DisplayManager" | |
245 | send_interface="org.gnome.DisplayManager.Display" | |
246 | send_member="GetId"/> | |
247 | diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/data/gdm.policy.in gdm-2.27.4.new/data/gdm.policy.in | |
248 | --- gdm-2.27.4/data/gdm.policy.in 1970-01-01 01:00:00.000000000 +0100 | |
249 | +++ gdm-2.27.4.new/data/gdm.policy.in 2009-08-07 09:25:34.000000000 +0100 | |
250 | @@ -0,0 +1,18 @@ | |
251 | +<?xml version="1.0" encoding="UTF-8"?> | |
252 | +<!DOCTYPE policyconfig PUBLIC | |
253 | + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" | |
254 | + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> | |
255 | +<policyconfig> | |
256 | + <vendor>The GNOME Project</vendor> | |
257 | + <vendor_url>http://www.gnome.org/</vendor_url> | |
258 | + <icon_name>gdm</icon_name> | |
259 | + | |
260 | + <action id="org.gnome.displaymanager.settings.write"> | |
261 | + <description>Change login screen configuration</description> | |
262 | + <message>Privileges are required to change the login screen configuration.</message> | |
263 | + <defaults> | |
264 | + <allow_inactive>no</allow_inactive> | |
265 | + <allow_active>auth_admin_keep</allow_active> | |
266 | + </defaults> | |
267 | + </action> | |
268 | +</policyconfig> | |
269 | diff -Nur -x '*.orig' -x '*~' gdm-2.27.4/data/Makefile.am gdm-2.27.4.new/data/Makefile.am | |
270 | --- gdm-2.27.4/data/Makefile.am 2009-05-19 16:18:12.000000000 +0100 | |
271 | +++ gdm-2.27.4.new/data/Makefile.am 2009-08-07 09:25:34.000000000 +0100 | |
272 | @@ -44,6 +44,8 @@ | |
273 | schemas_in_files = gdm.schemas.in | |
274 | schemas_DATA = $(schemas_in_files:.schemas.in=.schemas) | |
275 | ||
276 | +@INTLTOOL_POLICY_RULE@ | |
277 | + | |
278 | gdm.schemas.in: $(srcdir)/gdm.schemas.in.in | |
279 | sed -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \ | |
280 | -e 's,[@]GDM_CUSTOM_CONF[@],$(GDM_CUSTOM_CONF),g' \ | |
281 | @@ -73,10 +75,17 @@ | |
282 | -e 's,[@]sbindir[@],$(sbindir),g' \ | |
283 | <$(srcdir)/gdm.schemas.in.in >gdm.schemas.in | |
284 | ||
285 | +polkitdir = $(datadir)/polkit-1/actions | |
286 | +polkit_in_files = gdm.policy.in | |
287 | +polkit_DATA = $(polkit_in_files:.policy.in=.policy) | |
288 | +check: | |
289 | + $(POLKIT_POLICY_FILE_VALIDATE) $(polkit_DATA) | |
290 | + | |
291 | EXTRA_DIST = \ | |
292 | $(schemas_in_files) \ | |
293 | $(schemas_DATA) \ | |
294 | $(dbusconf_in_files) \ | |
295 | + $(polkit_in_files) \ | |
296 | gdm.schemas.in.in \ | |
297 | gdm.conf-custom.in \ | |
298 | Xsession.in \ | |
299 | @@ -99,7 +108,8 @@ | |
300 | $(NULL) | |
301 | ||
302 | DISTCLEANFILES = \ | |
303 | - $(dbusconf_DATA) \ | |
304 | + $(dbusconf_DATA) \ | |
305 | + $(polkit_DATA) \ | |
306 | gdm.schemas \ | |
307 | $(NULL) | |
308 | ||
309 | --- gdm-2.27.4/common/Makefile.am~ 2009-05-19 17:18:12.000000000 +0200 | |
310 | +++ gdm-2.27.4/common/Makefile.am 2009-08-20 12:17:16.150977333 +0200 | |
311 | @@ -110,6 +110,7 @@ | |
312 | $(NULL) | |
313 | ||
314 | libgdmcommon_la_LIBADD = \ | |
315 | + $(COMMON_LIBS) \ | |
316 | $(NULL) | |
317 | ||
318 | libgdmcommon_la_LDFLAGS = \ |