]>
Commit | Line | Data |
---|---|---|
6c304bdf PZ |
1 | From 09153c6825e5b5157fba7600cefabb762d887891 Mon Sep 17 00:00:00 2001 |
2 | From: Robert Ancell <robert.ancell@ubuntu.com> | |
3 | Date: Thu, 6 Aug 2009 15:57:15 +0100 | |
4 | Subject: [PATCH 1/2] Add PolicyKit support to GDM settings D-Bus interface | |
5 | Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/395299 | |
6 | Upstream: http://bugzilla.gnome.org/show_bug.cgi?id=587750 | |
7 | ||
0b2d3fda MB |
8 | diff -urN gdm-2.29.92/common/gdm-settings.c gdm-2.29.92.new//common/gdm-settings.c |
9 | --- gdm-2.29.92/common/gdm-settings.c 2010-03-08 22:53:57.000000000 +0100 | |
10 | +++ gdm-2.29.92.new//common/gdm-settings.c 2010-03-14 21:01:32.864403121 +0100 | |
6c304bdf PZ |
11 | @@ -36,6 +36,7 @@ |
12 | #define DBUS_API_SUBJECT_TO_CHANGE | |
13 | #include <dbus/dbus-glib.h> | |
14 | #include <dbus/dbus-glib-lowlevel.h> | |
15 | +#include <polkit/polkit.h> | |
16 | ||
17 | #include "gdm-settings.h" | |
18 | #include "gdm-settings-glue.h" | |
19 | @@ -110,6 +111,90 @@ | |
20 | return res; | |
21 | } | |
22 | ||
23 | +static void | |
24 | +unlock_auth_cb (PolkitAuthority *authority, | |
25 | + GAsyncResult *result, | |
26 | + DBusGMethodInvocation *context) | |
27 | +{ | |
28 | + PolkitAuthorizationResult *auth_result; | |
29 | + GError *error = NULL; | |
30 | + | |
31 | + auth_result = polkit_authority_check_authorization_finish (authority, result, &error); | |
32 | + | |
33 | + if (!auth_result) | |
34 | + dbus_g_method_return_error (context, error); | |
35 | + else { | |
36 | + dbus_g_method_return (context, | |
37 | + polkit_authorization_result_get_is_authorized (auth_result)); | |
38 | + } | |
39 | + | |
40 | + if (auth_result) | |
41 | + g_object_unref (auth_result); | |
42 | + if (error) | |
43 | + g_error_free (error); | |
44 | +} | |
45 | + | |
46 | +gboolean | |
47 | +gdm_settings_unlock (GdmSettings *settings, | |
48 | + DBusGMethodInvocation *context) | |
49 | +{ | |
50 | + polkit_authority_check_authorization (polkit_authority_get (), | |
51 | + polkit_system_bus_name_new (dbus_g_method_get_sender (context)), | |
52 | + "org.gnome.displaymanager.settings.write", | |
53 | + NULL, | |
54 | + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, | |
55 | + NULL, | |
56 | + (GAsyncReadyCallback) unlock_auth_cb, | |
57 | + context); | |
58 | +} | |
59 | + | |
60 | +typedef struct | |
61 | +{ | |
62 | + GdmSettings *settings; | |
63 | + DBusGMethodInvocation *context; | |
64 | + gchar *key, *value; | |
65 | +} SetValueData; | |
66 | + | |
67 | +static void | |
68 | +set_value_auth_cb (PolkitAuthority *authority, | |
69 | + GAsyncResult *result, | |
70 | + SetValueData *data) | |
71 | +{ | |
72 | + PolkitAuthorizationResult *auth_result; | |
73 | + GError *error = NULL; | |
74 | + | |
75 | + auth_result = polkit_authority_check_authorization_finish (authority, result, &error); | |
76 | + | |
77 | + if (!auth_result) | |
78 | + dbus_g_method_return_error (data->context, error); | |
79 | + else { | |
80 | + if (polkit_authorization_result_get_is_authorized (auth_result)) { | |
81 | + gboolean result; | |
82 | + | |
83 | + result = gdm_settings_backend_set_value (data->settings->priv->backend, | |
84 | + data->key, | |
85 | + data->value, | |
86 | + &error); | |
87 | + if (result) | |
88 | + dbus_g_method_return (data->context); | |
89 | + else | |
90 | + dbus_g_method_return_error (data->context, error); | |
91 | + } | |
92 | + else { | |
93 | + error = g_error_new (DBUS_GERROR_REMOTE_EXCEPTION, 0, "Not authorized"); | |
94 | + dbus_g_method_return_error (data->context, error); | |
95 | + } | |
96 | + } | |
97 | + | |
98 | + if (auth_result) | |
99 | + g_object_unref (auth_result); | |
100 | + if (error) | |
101 | + g_error_free (error); | |
102 | + g_free (data->key); | |
103 | + g_free (data->value); | |
104 | + g_free (data); | |
105 | +} | |
106 | + | |
107 | /* | |
108 | dbus-send --system --print-reply --dest=org.gnome.DisplayManager /org/gnome/DisplayManager/Settings org.gnome.DisplayManager.Settings.SetValue string:"xdmcp/Enable" string:"false" | |
109 | */ | |
110 | @@ -118,26 +203,30 @@ | |
111 | gdm_settings_set_value (GdmSettings *settings, | |
112 | const char *key, | |
113 | const char *value, | |
114 | - GError **error) | |
115 | + DBusGMethodInvocation *context) | |
116 | { | |
117 | - GError *local_error; | |
118 | - gboolean res; | |
119 | - | |
120 | + SetValueData *data; | |
121 | + | |
122 | g_return_val_if_fail (GDM_IS_SETTINGS (settings), FALSE); | |
123 | g_return_val_if_fail (key != NULL, FALSE); | |
124 | ||
125 | g_debug ("Setting value %s", key); | |
126 | - | |
127 | - local_error = NULL; | |
128 | - res = gdm_settings_backend_set_value (settings->priv->backend, | |
129 | - key, | |
130 | - value, | |
131 | - &local_error); | |
132 | - if (! res) { | |
133 | - g_propagate_error (error, local_error); | |
134 | - } | |
135 | - | |
136 | - return res; | |
137 | + | |
138 | + /* Authorize with PolicyKit */ | |
139 | + data = g_malloc (sizeof(SetValueData)); | |
140 | + data->settings = settings; | |
141 | + data->context = context; | |
142 | + data->key = g_strdup(key); | |
143 | + data->value = g_strdup(value); | |
144 | + polkit_authority_check_authorization (polkit_authority_get (), | |
145 | + polkit_system_bus_name_new (dbus_g_method_get_sender (context)), | |
146 | + "org.gnome.displaymanager.settings.write", | |
147 | + NULL, | |
148 | + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, | |
149 | + NULL, | |
150 | + (GAsyncReadyCallback) set_value_auth_cb, | |
151 | + data); | |
152 | + return TRUE; | |
153 | } | |
154 | ||
155 | static gboolean | |
0b2d3fda MB |
156 | diff -urN gdm-2.29.92/common/gdm-settings.h gdm-2.29.92.new//common/gdm-settings.h |
157 | --- gdm-2.29.92/common/gdm-settings.h 2010-03-08 22:53:57.000000000 +0100 | |
158 | +++ gdm-2.29.92.new//common/gdm-settings.h 2010-03-14 21:01:32.864403121 +0100 | |
6c304bdf PZ |
159 | @@ -23,6 +23,7 @@ |
160 | #define __GDM_SETTINGS_H | |
161 | ||
162 | #include <glib-object.h> | |
163 | +#include <dbus/dbus-glib.h> | |
164 | ||
165 | G_BEGIN_DECLS | |
166 | ||
167 | @@ -70,10 +71,12 @@ | |
168 | const char *key, | |
169 | char **value, | |
170 | GError **error); | |
171 | +gboolean gdm_settings_unlock (GdmSettings *settings, | |
172 | + DBusGMethodInvocation *context); | |
173 | gboolean gdm_settings_set_value (GdmSettings *settings, | |
174 | const char *key, | |
175 | const char *value, | |
176 | - GError **error); | |
177 | + DBusGMethodInvocation *context); | |
178 | ||
179 | G_END_DECLS | |
180 | ||
0b2d3fda MB |
181 | diff -urN gdm-2.29.92/common/gdm-settings.xml gdm-2.29.92.new//common/gdm-settings.xml |
182 | --- gdm-2.29.92/common/gdm-settings.xml 2010-03-08 22:53:57.000000000 +0100 | |
183 | +++ gdm-2.29.92.new//common/gdm-settings.xml 2010-03-14 21:01:32.864403121 +0100 | |
6c304bdf PZ |
184 | @@ -5,7 +5,12 @@ |
185 | <arg name="key" direction="in" type="s"/> | |
186 | <arg name="value" direction="out" type="s"/> | |
187 | </method> | |
188 | + <method name="Unlock"> | |
189 | + <annotation name="org.freedesktop.DBus.GLib.Async" value=""/> | |
190 | + <arg name="is_unlocked" direction="out" type="b"/> | |
191 | + </method> | |
192 | <method name="SetValue"> | |
193 | + <annotation name="org.freedesktop.DBus.GLib.Async" value=""/> | |
194 | <arg name="key" direction="in" type="s"/> | |
195 | <arg name="value" direction="in" type="s"/> | |
196 | </method> | |
0b2d3fda MB |
197 | diff -urN gdm-2.29.92/common/Makefile.am gdm-2.29.92.new//common/Makefile.am |
198 | --- gdm-2.29.92/common/Makefile.am 2010-03-08 22:53:57.000000000 +0100 | |
199 | +++ gdm-2.29.92.new//common/Makefile.am 2010-03-14 21:01:32.867730975 +0100 | |
200 | @@ -110,6 +110,7 @@ | |
201 | $(NULL) | |
202 | ||
203 | libgdmcommon_la_LIBADD = \ | |
204 | + $(COMMON_LIBS) \ | |
205 | $(NULL) | |
206 | ||
207 | libgdmcommon_la_LDFLAGS = \ | |
208 | diff -urN gdm-2.29.92/configure.ac gdm-2.29.92.new//configure.ac | |
209 | --- gdm-2.29.92/configure.ac 2010-03-08 23:09:47.000000000 +0100 | |
210 | +++ gdm-2.29.92.new//configure.ac 2010-03-14 21:03:28.747726327 +0100 | |
6c304bdf PZ |
211 | @@ -40,6 +40,7 @@ |
212 | dnl --------------------------------------------------------------------------- | |
213 | ||
214 | DBUS_GLIB_REQUIRED_VERSION=0.74 | |
215 | +POLKIT_GOBJECT_REQUIRED_VERSION=0.92 | |
0b2d3fda MB |
216 | GLIB_REQUIRED_VERSION=2.22.0 |
217 | GTK_REQUIRED_VERSION=2.12.0 | |
6c304bdf | 218 | PANGO_REQUIRED_VERSION=1.3.0 |
0b2d3fda | 219 | @@ -60,6 +61,7 @@ |
6c304bdf PZ |
220 | |
221 | PKG_CHECK_MODULES(COMMON, | |
222 | dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION | |
223 | + polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION | |
224 | gobject-2.0 >= $GLIB_REQUIRED_VERSION | |
225 | gio-2.0 >= $GLIB_REQUIRED_VERSION | |
226 | ) | |
0b2d3fda | 227 | @@ -68,6 +70,7 @@ |
6c304bdf PZ |
228 | |
229 | PKG_CHECK_MODULES(DAEMON, | |
230 | dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION | |
231 | + polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION | |
232 | gobject-2.0 >= $GLIB_REQUIRED_VERSION | |
0b2d3fda | 233 | gio-2.0 >= $GLIB_REQUIRED_VERSION |
6c304bdf | 234 | ) |
0b2d3fda MB |
235 | diff -urN gdm-2.29.92/data/gdm.conf.in gdm-2.29.92.new//data/gdm.conf.in |
236 | --- gdm-2.29.92/data/gdm.conf.in 2010-03-08 22:53:57.000000000 +0100 | |
237 | +++ gdm-2.29.92.new//data/gdm.conf.in 2010-03-14 21:01:32.867730975 +0100 | |
6c304bdf PZ |
238 | @@ -34,8 +34,6 @@ |
239 | <deny send_destination="org.gnome.DisplayManager" | |
240 | send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/> | |
241 | <deny send_destination="org.gnome.DisplayManager" | |
242 | - send_interface="org.gnome.DisplayManager.Settings"/> | |
243 | - <deny send_destination="org.gnome.DisplayManager" | |
244 | send_interface="org.gnome.DisplayManager.Slave"/> | |
245 | <deny send_destination="org.gnome.DisplayManager" | |
246 | send_interface="org.gnome.DisplayManager.Session"/> | |
247 | @@ -44,6 +42,10 @@ | |
248 | <allow send_destination="org.gnome.DisplayManager" | |
249 | send_interface="org.freedesktop.DBus.Introspectable"/> | |
250 | ||
251 | + <!-- Controlled by PolicyKit --> | |
252 | + <allow send_destination="org.gnome.DisplayManager" | |
253 | + send_interface="org.gnome.DisplayManager.Settings"/> | |
254 | + | |
255 | <allow send_destination="org.gnome.DisplayManager" | |
256 | send_interface="org.gnome.DisplayManager.Display" | |
257 | send_member="GetId"/> | |
0b2d3fda MB |
258 | diff -urN gdm-2.29.92/data/gdm.policy.in gdm-2.29.92.new//data/gdm.policy.in |
259 | --- gdm-2.29.92/data/gdm.policy.in 1970-01-01 01:00:00.000000000 +0100 | |
260 | +++ gdm-2.29.92.new//data/gdm.policy.in 2010-03-14 21:01:32.867730975 +0100 | |
6c304bdf PZ |
261 | @@ -0,0 +1,18 @@ |
262 | +<?xml version="1.0" encoding="UTF-8"?> | |
263 | +<!DOCTYPE policyconfig PUBLIC | |
264 | + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" | |
265 | + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> | |
266 | +<policyconfig> | |
267 | + <vendor>The GNOME Project</vendor> | |
268 | + <vendor_url>http://www.gnome.org/</vendor_url> | |
269 | + <icon_name>gdm</icon_name> | |
270 | + | |
271 | + <action id="org.gnome.displaymanager.settings.write"> | |
272 | + <description>Change login screen configuration</description> | |
273 | + <message>Privileges are required to change the login screen configuration.</message> | |
274 | + <defaults> | |
275 | + <allow_inactive>no</allow_inactive> | |
276 | + <allow_active>auth_admin_keep</allow_active> | |
277 | + </defaults> | |
278 | + </action> | |
279 | +</policyconfig> | |
0b2d3fda MB |
280 | diff -urN gdm-2.29.92/data/Makefile.am gdm-2.29.92.new//data/Makefile.am |
281 | --- gdm-2.29.92/data/Makefile.am 2010-03-08 22:53:57.000000000 +0100 | |
282 | +++ gdm-2.29.92.new//data/Makefile.am 2010-03-14 21:06:01.074377153 +0100 | |
283 | @@ -46,6 +46,8 @@ | |
6c304bdf PZ |
284 | schemas_in_files = gdm.schemas.in |
285 | schemas_DATA = $(schemas_in_files:.schemas.in=.schemas) | |
286 | ||
287 | +@INTLTOOL_POLICY_RULE@ | |
288 | + | |
289 | gdm.schemas.in: $(srcdir)/gdm.schemas.in.in | |
290 | sed -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \ | |
291 | -e 's,[@]GDM_CUSTOM_CONF[@],$(GDM_CUSTOM_CONF),g' \ | |
0b2d3fda MB |
292 | @@ -78,11 +80,18 @@ |
293 | localealiasdir = $(datadir)/gdm | |
294 | localealias_DATA = locale.alias | |
6c304bdf PZ |
295 | |
296 | +polkitdir = $(datadir)/polkit-1/actions | |
297 | +polkit_in_files = gdm.policy.in | |
298 | +polkit_DATA = $(polkit_in_files:.policy.in=.policy) | |
299 | +check: | |
300 | + $(POLKIT_POLICY_FILE_VALIDATE) $(polkit_DATA) | |
301 | + | |
302 | EXTRA_DIST = \ | |
303 | $(schemas_in_files) \ | |
304 | $(schemas_DATA) \ | |
305 | $(dbusconf_in_files) \ | |
0b2d3fda | 306 | $(localealias_DATA) \ |
6c304bdf PZ |
307 | + $(polkit_in_files) \ |
308 | gdm.schemas.in.in \ | |
309 | gdm.conf-custom.in \ | |
310 | Xsession.in \ | |
0b2d3fda | 311 | @@ -105,7 +114,8 @@ |
6c304bdf PZ |
312 | $(NULL) |
313 | ||
314 | DISTCLEANFILES = \ | |
315 | - $(dbusconf_DATA) \ | |
316 | + $(dbusconf_DATA) \ | |
0b2d3fda | 317 | + $(polkit_DATA) \ |
6c304bdf PZ |
318 | gdm.schemas \ |
319 | $(NULL) | |
320 |