]>
Commit | Line | Data |
---|---|---|
6c304bdf PZ |
1 | From 09153c6825e5b5157fba7600cefabb762d887891 Mon Sep 17 00:00:00 2001 |
2 | From: Robert Ancell <robert.ancell@ubuntu.com> | |
3 | Date: Thu, 6 Aug 2009 15:57:15 +0100 | |
4 | Subject: [PATCH 1/2] Add PolicyKit support to GDM settings D-Bus interface | |
5 | Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/395299 | |
6 | Upstream: http://bugzilla.gnome.org/show_bug.cgi?id=587750 | |
7 | ||
e12d42d7 ŁK |
8 | --- gdm-3.1.90/data/Makefile.am.wiget 2011-08-31 02:04:37.000000000 +0200 |
9 | +++ gdm-3.1.90/data/Makefile.am 2011-09-05 21:46:13.070224232 +0200 | |
10 | @@ -45,6 +45,8 @@ schemasdir = $(pkgdatadir) | |
11 | schemas_in_files = gdm.schemas.in | |
12 | schemas_DATA = $(schemas_in_files:.schemas.in=.schemas) | |
13 | ||
14 | +@INTLTOOL_POLICY_RULE@ | |
15 | + | |
16 | gdm.schemas.in: $(srcdir)/gdm.schemas.in.in | |
17 | sed -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \ | |
18 | -e 's,[@]GDM_CUSTOM_CONF[@],$(GDM_CUSTOM_CONF),g' \ | |
19 | @@ -84,11 +86,18 @@ localealias_DATA = locale.alias | |
20 | sessiondir = $(datadir)/gnome-session/sessions | |
21 | session_DATA = gdm-fallback.session gdm-shell.session | |
22 | ||
23 | +polkitdir = $(datadir)/polkit-1/actions | |
24 | +polkit_in_files = gdm.policy.in | |
25 | +polkit_DATA = $(polkit_in_files:.policy.in=.policy) | |
26 | +check: | |
27 | + $(POLKIT_POLICY_FILE_VALIDATE) $(polkit_DATA) | |
28 | + | |
29 | EXTRA_DIST = \ | |
30 | $(schemas_in_files) \ | |
31 | $(schemas_DATA) \ | |
32 | $(dbusconf_in_files) \ | |
33 | $(localealias_DATA) \ | |
34 | + $(polkit_in_files) \ | |
35 | gdm.schemas.in.in \ | |
36 | gdm.conf-custom.in \ | |
37 | Xsession.in \ | |
38 | @@ -118,6 +127,7 @@ CLEANFILES = \ | |
39 | ||
40 | DISTCLEANFILES = \ | |
41 | $(dbusconf_DATA) \ | |
42 | + $(polkit_DATA) \ | |
43 | gdm-shell.session \ | |
44 | gdm.schemas \ | |
45 | dconf-override-db \ | |
46 | --- gdm-3.1.90/data/gdm.conf.in.wiget 2011-08-09 22:08:42.000000000 +0200 | |
47 | +++ gdm-3.1.90/data/gdm.conf.in 2011-09-05 21:44:39.831640332 +0200 | |
48 | @@ -34,8 +34,6 @@ | |
49 | <deny send_destination="org.gnome.DisplayManager" | |
50 | send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/> | |
51 | <deny send_destination="org.gnome.DisplayManager" | |
52 | - send_interface="org.gnome.DisplayManager.Settings"/> | |
53 | - <deny send_destination="org.gnome.DisplayManager" | |
54 | send_interface="org.gnome.DisplayManager.Slave"/> | |
55 | <deny send_destination="org.gnome.DisplayManager" | |
56 | send_interface="org.gnome.DisplayManager.Session"/> | |
57 | @@ -44,6 +42,10 @@ | |
58 | <allow send_destination="org.gnome.DisplayManager" | |
59 | send_interface="org.freedesktop.DBus.Introspectable"/> | |
60 | ||
61 | + <!-- Controlled by PolicyKit --> | |
62 | + <allow send_destination="org.gnome.DisplayManager" | |
63 | + send_interface="org.gnome.DisplayManager.Settings"/> | |
64 | + | |
65 | <allow send_destination="org.gnome.DisplayManager" | |
66 | send_interface="org.gnome.DisplayManager.Display" | |
67 | send_member="GetId"/> | |
68 | --- gdm-3.1.90/data/gdm.policy.in.wiget 2011-09-05 21:44:39.831640332 +0200 | |
69 | +++ gdm-3.1.90/data/gdm.policy.in 2011-09-05 21:44:39.831640332 +0200 | |
70 | @@ -0,0 +1,18 @@ | |
71 | +<?xml version="1.0" encoding="UTF-8"?> | |
72 | +<!DOCTYPE policyconfig PUBLIC | |
73 | + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" | |
74 | + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> | |
75 | +<policyconfig> | |
76 | + <vendor>The GNOME Project</vendor> | |
77 | + <vendor_url>http://www.gnome.org/</vendor_url> | |
78 | + <icon_name>gdm</icon_name> | |
79 | + | |
80 | + <action id="org.gnome.displaymanager.settings.write"> | |
81 | + <description>Change login screen configuration</description> | |
82 | + <message>Privileges are required to change the login screen configuration.</message> | |
83 | + <defaults> | |
84 | + <allow_inactive>no</allow_inactive> | |
85 | + <allow_active>auth_admin_keep</allow_active> | |
86 | + </defaults> | |
87 | + </action> | |
88 | +</policyconfig> | |
89 | --- gdm-3.1.90/common/Makefile.am.wiget 2011-08-09 22:08:42.000000000 +0200 | |
90 | +++ gdm-3.1.90/common/Makefile.am 2011-09-05 21:44:39.831640332 +0200 | |
91 | @@ -99,6 +99,7 @@ libgdmcommon_la_CFLAGS = \ | |
92 | $(NULL) | |
93 | ||
94 | libgdmcommon_la_LIBADD = \ | |
95 | + $(COMMON_LIBS) \ | |
96 | $(NULL) | |
97 | ||
98 | libgdmcommon_la_LDFLAGS = \ | |
99 | --- gdm-3.1.90/common/gdm-settings.c.wiget 2011-08-09 22:08:42.000000000 +0200 | |
100 | +++ gdm-3.1.90/common/gdm-settings.c 2011-09-05 21:44:39.831640332 +0200 | |
6c304bdf PZ |
101 | @@ -36,6 +36,7 @@ |
102 | #define DBUS_API_SUBJECT_TO_CHANGE | |
103 | #include <dbus/dbus-glib.h> | |
104 | #include <dbus/dbus-glib-lowlevel.h> | |
105 | +#include <polkit/polkit.h> | |
106 | ||
107 | #include "gdm-settings.h" | |
108 | #include "gdm-settings-glue.h" | |
e12d42d7 | 109 | @@ -108,6 +109,90 @@ gdm_settings_get_value (GdmSettings *set |
6c304bdf PZ |
110 | return res; |
111 | } | |
112 | ||
113 | +static void | |
114 | +unlock_auth_cb (PolkitAuthority *authority, | |
115 | + GAsyncResult *result, | |
116 | + DBusGMethodInvocation *context) | |
117 | +{ | |
118 | + PolkitAuthorizationResult *auth_result; | |
119 | + GError *error = NULL; | |
120 | + | |
121 | + auth_result = polkit_authority_check_authorization_finish (authority, result, &error); | |
122 | + | |
123 | + if (!auth_result) | |
124 | + dbus_g_method_return_error (context, error); | |
125 | + else { | |
126 | + dbus_g_method_return (context, | |
127 | + polkit_authorization_result_get_is_authorized (auth_result)); | |
128 | + } | |
129 | + | |
130 | + if (auth_result) | |
131 | + g_object_unref (auth_result); | |
132 | + if (error) | |
133 | + g_error_free (error); | |
134 | +} | |
135 | + | |
136 | +gboolean | |
137 | +gdm_settings_unlock (GdmSettings *settings, | |
138 | + DBusGMethodInvocation *context) | |
139 | +{ | |
140 | + polkit_authority_check_authorization (polkit_authority_get (), | |
141 | + polkit_system_bus_name_new (dbus_g_method_get_sender (context)), | |
142 | + "org.gnome.displaymanager.settings.write", | |
143 | + NULL, | |
144 | + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, | |
145 | + NULL, | |
146 | + (GAsyncReadyCallback) unlock_auth_cb, | |
147 | + context); | |
148 | +} | |
149 | + | |
150 | +typedef struct | |
151 | +{ | |
152 | + GdmSettings *settings; | |
153 | + DBusGMethodInvocation *context; | |
154 | + gchar *key, *value; | |
155 | +} SetValueData; | |
156 | + | |
157 | +static void | |
158 | +set_value_auth_cb (PolkitAuthority *authority, | |
159 | + GAsyncResult *result, | |
160 | + SetValueData *data) | |
161 | +{ | |
162 | + PolkitAuthorizationResult *auth_result; | |
163 | + GError *error = NULL; | |
164 | + | |
165 | + auth_result = polkit_authority_check_authorization_finish (authority, result, &error); | |
166 | + | |
167 | + if (!auth_result) | |
168 | + dbus_g_method_return_error (data->context, error); | |
169 | + else { | |
170 | + if (polkit_authorization_result_get_is_authorized (auth_result)) { | |
171 | + gboolean result; | |
172 | + | |
173 | + result = gdm_settings_backend_set_value (data->settings->priv->backend, | |
174 | + data->key, | |
175 | + data->value, | |
176 | + &error); | |
177 | + if (result) | |
178 | + dbus_g_method_return (data->context); | |
179 | + else | |
180 | + dbus_g_method_return_error (data->context, error); | |
181 | + } | |
182 | + else { | |
183 | + error = g_error_new (DBUS_GERROR_REMOTE_EXCEPTION, 0, "Not authorized"); | |
184 | + dbus_g_method_return_error (data->context, error); | |
185 | + } | |
186 | + } | |
187 | + | |
188 | + if (auth_result) | |
189 | + g_object_unref (auth_result); | |
190 | + if (error) | |
191 | + g_error_free (error); | |
192 | + g_free (data->key); | |
193 | + g_free (data->value); | |
194 | + g_free (data); | |
195 | +} | |
196 | + | |
197 | /* | |
198 | dbus-send --system --print-reply --dest=org.gnome.DisplayManager /org/gnome/DisplayManager/Settings org.gnome.DisplayManager.Settings.SetValue string:"xdmcp/Enable" string:"false" | |
199 | */ | |
e12d42d7 | 200 | @@ -116,26 +201,30 @@ gboolean |
6c304bdf PZ |
201 | gdm_settings_set_value (GdmSettings *settings, |
202 | const char *key, | |
203 | const char *value, | |
204 | - GError **error) | |
205 | + DBusGMethodInvocation *context) | |
206 | { | |
207 | - GError *local_error; | |
208 | - gboolean res; | |
209 | - | |
210 | + SetValueData *data; | |
211 | + | |
212 | g_return_val_if_fail (GDM_IS_SETTINGS (settings), FALSE); | |
213 | g_return_val_if_fail (key != NULL, FALSE); | |
214 | ||
215 | g_debug ("Setting value %s", key); | |
216 | - | |
217 | - local_error = NULL; | |
218 | - res = gdm_settings_backend_set_value (settings->priv->backend, | |
219 | - key, | |
220 | - value, | |
221 | - &local_error); | |
222 | - if (! res) { | |
223 | - g_propagate_error (error, local_error); | |
224 | - } | |
225 | - | |
226 | - return res; | |
227 | + | |
228 | + /* Authorize with PolicyKit */ | |
229 | + data = g_malloc (sizeof(SetValueData)); | |
230 | + data->settings = settings; | |
231 | + data->context = context; | |
232 | + data->key = g_strdup(key); | |
233 | + data->value = g_strdup(value); | |
234 | + polkit_authority_check_authorization (polkit_authority_get (), | |
235 | + polkit_system_bus_name_new (dbus_g_method_get_sender (context)), | |
236 | + "org.gnome.displaymanager.settings.write", | |
237 | + NULL, | |
238 | + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, | |
239 | + NULL, | |
240 | + (GAsyncReadyCallback) set_value_auth_cb, | |
241 | + data); | |
242 | + return TRUE; | |
243 | } | |
244 | ||
245 | static gboolean | |
e12d42d7 ŁK |
246 | --- gdm-3.1.90/common/gdm-settings.xml.wiget 2011-04-25 17:55:04.000000000 +0200 |
247 | +++ gdm-3.1.90/common/gdm-settings.xml 2011-09-05 21:44:39.831640332 +0200 | |
248 | @@ -5,7 +5,12 @@ | |
249 | <arg name="key" direction="in" type="s"/> | |
250 | <arg name="value" direction="out" type="s"/> | |
251 | </method> | |
252 | + <method name="Unlock"> | |
253 | + <annotation name="org.freedesktop.DBus.GLib.Async" value=""/> | |
254 | + <arg name="is_unlocked" direction="out" type="b"/> | |
255 | + </method> | |
256 | <method name="SetValue"> | |
257 | + <annotation name="org.freedesktop.DBus.GLib.Async" value=""/> | |
258 | <arg name="key" direction="in" type="s"/> | |
259 | <arg name="value" direction="in" type="s"/> | |
260 | </method> | |
261 | --- gdm-3.1.90/common/gdm-settings.h.wiget 2011-04-25 17:55:04.000000000 +0200 | |
262 | +++ gdm-3.1.90/common/gdm-settings.h 2011-09-05 21:44:39.831640332 +0200 | |
6c304bdf PZ |
263 | @@ -23,6 +23,7 @@ |
264 | #define __GDM_SETTINGS_H | |
265 | ||
266 | #include <glib-object.h> | |
267 | +#include <dbus/dbus-glib.h> | |
268 | ||
269 | G_BEGIN_DECLS | |
270 | ||
e12d42d7 | 271 | @@ -70,10 +71,12 @@ gboolean gdm_settings_get_val |
6c304bdf PZ |
272 | const char *key, |
273 | char **value, | |
274 | GError **error); | |
275 | +gboolean gdm_settings_unlock (GdmSettings *settings, | |
276 | + DBusGMethodInvocation *context); | |
277 | gboolean gdm_settings_set_value (GdmSettings *settings, | |
278 | const char *key, | |
279 | const char *value, | |
280 | - GError **error); | |
281 | + DBusGMethodInvocation *context); | |
282 | ||
283 | G_END_DECLS | |
284 | ||
e12d42d7 ŁK |
285 | --- gdm-3.1.90/configure.ac.wiget 2011-08-30 20:24:43.000000000 +0200 |
286 | +++ gdm-3.1.90/configure.ac 2011-09-05 21:45:16.999745584 +0200 | |
287 | @@ -56,6 +56,7 @@ dnl - Dependencies | |
6c304bdf PZ |
288 | dnl --------------------------------------------------------------------------- |
289 | ||
290 | DBUS_GLIB_REQUIRED_VERSION=0.74 | |
291 | +POLKIT_GOBJECT_REQUIRED_VERSION=0.92 | |
e12d42d7 | 292 | GLIB_REQUIRED_VERSION=2.29.3 |
de273fad | 293 | GTK_REQUIRED_VERSION=2.91.1 |
6c304bdf | 294 | PANGO_REQUIRED_VERSION=1.3.0 |
e12d42d7 | 295 | @@ -78,6 +79,7 @@ AC_SUBST(GTHREAD_LIBS) |
6c304bdf PZ |
296 | |
297 | PKG_CHECK_MODULES(COMMON, | |
298 | dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION | |
299 | + polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION | |
300 | gobject-2.0 >= $GLIB_REQUIRED_VERSION | |
301 | gio-2.0 >= $GLIB_REQUIRED_VERSION | |
302 | ) | |
e12d42d7 | 303 | @@ -86,6 +88,7 @@ AC_SUBST(COMMON_LIBS) |
6c304bdf PZ |
304 | |
305 | PKG_CHECK_MODULES(DAEMON, | |
306 | dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION | |
307 | + polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION | |
308 | gobject-2.0 >= $GLIB_REQUIRED_VERSION | |
0b2d3fda | 309 | gio-2.0 >= $GLIB_REQUIRED_VERSION |
e12d42d7 | 310 | accountsservice >= $ACCOUNTS_SERVICE_REQUIRED_VERSION |